From d28fbaf1cc2da77fd9b80414d7c28106cc99f5a1 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Mon, 8 Apr 2024 17:15:00 -0400 Subject: [PATCH 01/45] build: build all images + run tests using them (#1069) TODO Add patches Figure out why cache misses for Git clone (or something else) --- Dockerfile | 188 ++------- Earthfile | 108 +----- docker-bake.hcl | 98 ----- images/Earthfile | 52 --- images/barbican/Dockerfile | 27 ++ images/base/Earthfile | 7 - images/build.sh | 43 --- images/builder/Earthfile | 7 - images/cinder/Dockerfile | 35 ++ images/cinder/Earthfile | 23 -- images/cloud-archive-base/Earthfile | 23 -- .../cluster-api-provider-openstack/Dockerfile | 32 ++ .../cluster-api-provider-openstack/Earthfile | 18 - .../0001-chore-bump-k8s-api-for-cve.patch | 185 +++------ images/curl/Earthfile | 5 - images/designate/Dockerfile | 33 ++ images/designate/Earthfile | 21 - images/glance/Dockerfile | 39 ++ images/glance/Earthfile | 32 -- images/heat/Dockerfile | 33 ++ images/heat/Earthfile | 21 - images/helm/Earthfile | 11 - images/horizon/Dockerfile | 61 +++ images/horizon/Earthfile | 38 -- images/ironic/Dockerfile | 35 ++ images/ironic/Earthfile | 22 -- images/keystone/Dockerfile | 49 +++ images/keystone/Earthfile | 34 -- images/kubernetes-entrypoint/Dockerfile | 24 ++ images/kubernetes-entrypoint/Earthfile | 35 -- images/kubernetes/Earthfile | 9 - images/libvirtd/Dockerfile | 26 ++ images/libvirtd/Earthfile | 21 - images/libvirtd/keyrings/ceph.gpg | Bin 1143 -> 0 bytes images/magnum/Dockerfile | 45 +++ images/magnum/Earthfile | 23 -- ...flect-breaking-change-in-helm-v3-5-2.patch | 28 -- ...01-Fix-Trust-token-scope-for-drivers.patch | 0 images/manila/Dockerfile | 35 ++ images/manila/Earthfile | 21 - images/netoffload/Dockerfile | 29 ++ images/netoffload/Earthfile | 28 -- images/neutron/Dockerfile | 38 ++ images/neutron/Earthfile | 25 -- ...-netns-deletion-of-broken-namespaces.patch | 144 ------- ...vn-set-mtu-in-external_ids-correctly.patch | 38 ++ images/nova-ssh/Dockerfile | 26 ++ images/nova-ssh/Earthfile | 18 - images/nova/Dockerfile | 33 ++ images/nova/Earthfile | 25 -- ...-Stop-unconditionally-enabling-evmcs.patch | 66 ---- ...bling-hyperv-feature-reenlightenment.patch | 52 --- images/octavia/Dockerfile | 36 ++ images/octavia/Earthfile | 22 -- ...fy-endpoint-info.-for-neutron-client.patch | 37 -- images/openstack-runtime/Dockerfile | 23 ++ images/openstack-service/Earthfile | 99 ----- images/openstack-venv-builder/Dockerfile | 62 +++ images/openvswitch/Dockerfile | 25 ++ images/openvswitch/Earthfile | 17 - images/ovn/Dockerfile | 44 +++ images/ovn/Earthfile | 47 --- images/placement/Dockerfile | 26 ++ images/placement/Earthfile | 19 - images/python-base/Dockerfile | 26 ++ images/senlin/Dockerfile | 26 ++ images/senlin/Earthfile | 19 - images/staffeln/Dockerfile | 26 ++ images/staffeln/Earthfile | 20 - images/tempest/Dockerfile | 60 +++ images/tempest/Earthfile | 49 --- images/trivy/.trivyignore | 17 - images/trivy/Earthfile | 8 - .../ubuntu-cloud-archive/Dockerfile | 11 +- .../trusted.gpg.d/ubuntu-cloud-keyring.gpg | Bin 0 -> 1201 bytes .../pre.yml => images/ubuntu/Dockerfile | 6 +- molecule/keycloak/create.yml | 1 + molecule/keycloak/group_vars | 1 + molecule/keycloak/host_vars | 1 + molecule/keycloak/molecule.yml | 2 +- molecule/keycloak/prepare.yml | 7 +- patches/2023.2/magnum/.gitkeep | 0 roles/defaults/vars/main.yml | 364 +++++++++--------- zuul.d/container-images/barbican.yaml | 80 ++++ zuul.d/container-images/base.yaml | 65 ++++ zuul.d/container-images/cinder.yaml | 80 ++++ .../cluster-api-provider-openstack.yaml | 51 +++ zuul.d/container-images/designate.yaml | 80 ++++ zuul.d/container-images/glance.yaml | 80 ++++ zuul.d/container-images/heat.yaml | 80 ++++ zuul.d/container-images/horizon.yaml | 80 ++++ zuul.d/container-images/ironic.yaml | 80 ++++ zuul.d/container-images/keystone.yaml | 80 ++++ .../kubernetes-entrypoint.yaml | 51 +++ .../container-images/libvirt-tls-sidecar.yaml | 56 +++ zuul.d/container-images/libvirtd.yaml | 69 ++++ zuul.d/container-images/magnum.yaml | 80 ++++ zuul.d/container-images/manila.yaml | 80 ++++ zuul.d/container-images/netoffload.yaml | 51 +++ zuul.d/container-images/neutron.yaml | 80 ++++ zuul.d/container-images/nova-ssh.yaml | 70 ++++ zuul.d/container-images/nova.yaml | 80 ++++ zuul.d/container-images/octavia.yaml | 80 ++++ .../openstack-python-runtime.yaml | 70 ++++ .../container-images/openstack-runtime.yaml | 63 +++ .../openstack-venv-builder.yaml | 68 ++++ zuul.d/container-images/openvswitch.yaml | 51 +++ zuul.d/container-images/ovn.yaml | 68 ++++ zuul.d/container-images/placement.yaml | 80 ++++ zuul.d/container-images/python-base.yaml | 63 +++ zuul.d/container-images/senlin.yaml | 80 ++++ zuul.d/container-images/staffeln.yaml | 80 ++++ zuul.d/container-images/tempest.yaml | 80 ++++ .../ubuntu-cloud-archive.yaml | 58 +++ zuul.d/container-images/ubuntu.yaml | 51 +++ zuul.d/jobs.yaml | 40 +- zuul.d/playbooks/buildset-registry/run.yml | 159 -------- zuul.d/playbooks/molecule/pre.yml | 11 +- zuul.d/project.yaml | 130 ++++++- zuul.d/secrets.yaml | 27 +- 120 files changed, 3716 insertions(+), 2086 deletions(-) delete mode 100644 docker-bake.hcl delete mode 100644 images/Earthfile create mode 100644 images/barbican/Dockerfile delete mode 100644 images/base/Earthfile delete mode 100755 images/build.sh delete mode 100644 images/builder/Earthfile create mode 100644 images/cinder/Dockerfile delete mode 100644 images/cinder/Earthfile delete mode 100644 images/cloud-archive-base/Earthfile create mode 100644 images/cluster-api-provider-openstack/Dockerfile delete mode 100644 images/cluster-api-provider-openstack/Earthfile delete mode 100644 images/curl/Earthfile create mode 100644 images/designate/Dockerfile delete mode 100644 images/designate/Earthfile create mode 100644 images/glance/Dockerfile delete mode 100644 images/glance/Earthfile create mode 100644 images/heat/Dockerfile delete mode 100644 images/heat/Earthfile delete mode 100644 images/helm/Earthfile create mode 100644 images/horizon/Dockerfile delete mode 100644 images/horizon/Earthfile create mode 100644 images/ironic/Dockerfile delete mode 100644 images/ironic/Earthfile create mode 100644 images/keystone/Dockerfile delete mode 100644 images/keystone/Earthfile create mode 100644 images/kubernetes-entrypoint/Dockerfile delete mode 100644 images/kubernetes-entrypoint/Earthfile delete mode 100644 images/kubernetes/Earthfile create mode 100644 images/libvirtd/Dockerfile delete mode 100644 images/libvirtd/Earthfile delete mode 100644 images/libvirtd/keyrings/ceph.gpg create mode 100644 images/magnum/Dockerfile delete mode 100644 images/magnum/Earthfile delete mode 100644 images/magnum/patches/magnum/0000-update-chart-metadata-version-to-reflect-breaking-change-in-helm-v3-5-2.patch rename patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch => images/magnum/patches/magnum/0001-Fix-Trust-token-scope-for-drivers.patch (100%) create mode 100644 images/manila/Dockerfile delete mode 100644 images/manila/Earthfile create mode 100644 images/netoffload/Dockerfile delete mode 100644 images/netoffload/Earthfile create mode 100644 images/neutron/Dockerfile delete mode 100644 images/neutron/Earthfile delete mode 100644 images/neutron/patches/neutron/0000-fix-netns-deletion-of-broken-namespaces.patch create mode 100644 images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch create mode 100644 images/nova-ssh/Dockerfile delete mode 100644 images/nova-ssh/Earthfile create mode 100644 images/nova/Dockerfile delete mode 100644 images/nova/Earthfile delete mode 100644 images/nova/patches/nova/0000-libvirt-Stop-unconditionally-enabling-evmcs.patch delete mode 100644 images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch create mode 100644 images/octavia/Dockerfile delete mode 100644 images/octavia/Earthfile delete mode 100644 images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch create mode 100644 images/openstack-runtime/Dockerfile delete mode 100644 images/openstack-service/Earthfile create mode 100644 images/openstack-venv-builder/Dockerfile create mode 100644 images/openvswitch/Dockerfile delete mode 100644 images/openvswitch/Earthfile create mode 100644 images/ovn/Dockerfile delete mode 100644 images/ovn/Earthfile create mode 100644 images/placement/Dockerfile delete mode 100644 images/placement/Earthfile create mode 100644 images/python-base/Dockerfile create mode 100644 images/senlin/Dockerfile delete mode 100644 images/senlin/Earthfile create mode 100644 images/staffeln/Dockerfile delete mode 100644 images/staffeln/Earthfile create mode 100644 images/tempest/Dockerfile delete mode 100644 images/tempest/Earthfile delete mode 100644 images/trivy/.trivyignore delete mode 100644 images/trivy/Earthfile rename zuul.d/playbooks/buildset-registry/pre.yml => images/ubuntu-cloud-archive/Dockerfile (68%) create mode 100644 images/ubuntu-cloud-archive/trusted.gpg.d/ubuntu-cloud-keyring.gpg rename zuul.d/playbooks/molecule-keycloak/pre.yml => images/ubuntu/Dockerfile (84%) create mode 120000 molecule/keycloak/create.yml create mode 120000 molecule/keycloak/group_vars create mode 120000 molecule/keycloak/host_vars delete mode 100644 patches/2023.2/magnum/.gitkeep create mode 100644 zuul.d/container-images/barbican.yaml create mode 100644 zuul.d/container-images/base.yaml create mode 100644 zuul.d/container-images/cinder.yaml create mode 100644 zuul.d/container-images/cluster-api-provider-openstack.yaml create mode 100644 zuul.d/container-images/designate.yaml create mode 100644 zuul.d/container-images/glance.yaml create mode 100644 zuul.d/container-images/heat.yaml create mode 100644 zuul.d/container-images/horizon.yaml create mode 100644 zuul.d/container-images/ironic.yaml create mode 100644 zuul.d/container-images/keystone.yaml create mode 100644 zuul.d/container-images/kubernetes-entrypoint.yaml create mode 100644 zuul.d/container-images/libvirt-tls-sidecar.yaml create mode 100644 zuul.d/container-images/libvirtd.yaml create mode 100644 zuul.d/container-images/magnum.yaml create mode 100644 zuul.d/container-images/manila.yaml create mode 100644 zuul.d/container-images/netoffload.yaml create mode 100644 zuul.d/container-images/neutron.yaml create mode 100644 zuul.d/container-images/nova-ssh.yaml create mode 100644 zuul.d/container-images/nova.yaml create mode 100644 zuul.d/container-images/octavia.yaml create mode 100644 zuul.d/container-images/openstack-python-runtime.yaml create mode 100644 zuul.d/container-images/openstack-runtime.yaml create mode 100644 zuul.d/container-images/openstack-venv-builder.yaml create mode 100644 zuul.d/container-images/openvswitch.yaml create mode 100644 zuul.d/container-images/ovn.yaml create mode 100644 zuul.d/container-images/placement.yaml create mode 100644 zuul.d/container-images/python-base.yaml create mode 100644 zuul.d/container-images/senlin.yaml create mode 100644 zuul.d/container-images/staffeln.yaml create mode 100644 zuul.d/container-images/tempest.yaml create mode 100644 zuul.d/container-images/ubuntu-cloud-archive.yaml create mode 100644 zuul.d/container-images/ubuntu.yaml delete mode 100644 zuul.d/playbooks/buildset-registry/run.yml diff --git a/Dockerfile b/Dockerfile index 9c8e06b7d..4b74bee9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,161 +1,27 @@ -FROM ubuntu:jammy-20240227 AS ubuntu -LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere - -FROM ubuntu AS helm -ARG TARGETOS -ARG TARGETARCH -ARG HELM_VERSION=3.14.0 -ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz -RUN tar -xzf /helm.tar.gz -RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm - -FROM ubuntu AS ubuntu-cloud-archive -ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg -ARG RELEASE -RUN < /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "zed" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "2023.1" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "2023.2" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list; \ - elif [ "${RELEASE}" = "master" ]; then \ - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list; \ - else \ - echo "${RELEASE} is not supported on \${VERSION_CODENAME}"; \ - exit 1; \ - fi; \ -else - echo "Unsupported release"; \ - exit 1; \ -fi -EOF - -FROM alpine/git AS requirements -ARG BRANCH -ADD https://opendev.org/openstack/requirements.git#${BRANCH} /src -RUN < requirements.txt @@ -114,10 +90,14 @@ build.collections: SAVE IMAGE --cache-hint image: - ARG RELEASE=2023.1 - FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE} + FROM ubuntu:jammy ENV ANSIBLE_PIPELINING=True - DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client" + RUN \ + apt-get update -qq && \ + apt-get install -qq -y --no-install-recommends \ + rsync openssh-client && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* COPY +build.venv.runtime/venv /venv ENV PATH=/venv/bin:$PATH COPY +build.collections/ /usr/share/ansible @@ -125,60 +105,6 @@ image: ARG REGISTRY=ghcr.io/vexxhost/atmosphere SAVE IMAGE --push ${REGISTRY}:${tag} -images: - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY} - BUILD ./images/cinder+image --REGISTRY=${REGISTRY} - BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY} - BUILD ./images/designate+image --REGISTRY=${REGISTRY} - BUILD ./images/glance+image --REGISTRY=${REGISTRY} - BUILD ./images/heat+image --REGISTRY=${REGISTRY} - BUILD ./images/horizon+image --REGISTRY=${REGISTRY} - BUILD ./images/ironic+image --REGISTRY=${REGISTRY} - BUILD ./images/keystone+image --REGISTRY=${REGISTRY} - BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY} - BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY} - BUILD ./images/magnum+image --REGISTRY=${REGISTRY} - BUILD ./images/manila+image --REGISTRY=${REGISTRY} - BUILD ./images/netoffload+image --REGISTRY=${REGISTRY} - BUILD ./images/neutron+image --REGISTRY=${REGISTRY} - BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY} - BUILD ./images/nova+image --REGISTRY=${REGISTRY} - BUILD ./images/octavia+image --REGISTRY=${REGISTRY} - BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY} - BUILD ./images/ovn+images --REGISTRY=${REGISTRY} - BUILD ./images/placement+image --REGISTRY=${REGISTRY} - BUILD ./images/senlin+image --REGISTRY=${REGISTRY} - BUILD ./images/staffeln+image --REGISTRY=${REGISTRY} - BUILD ./images/tempest+image --REGISTRY=${REGISTRY} - -SCAN_IMAGE: - FUNCTION - ARG --required IMAGE - # TODO(mnaser): Include secret scanning when it's more reliable. - RUN \ - trivy image \ - --skip-db-update \ - --skip-java-db-update \ - --scanners vuln \ - --exit-code 1 \ - --ignore-unfixed \ - --timeout 10m \ - ${IMAGE} - -scan-image: - FROM ./images/trivy+image - ARG --required IMAGE - DO +SCAN_IMAGE --IMAGE ${IMAGE} - -scan-images: - FROM ./images/trivy+image - COPY roles/defaults/vars/main.yml /defaults.yml - # TODO(mnaser): Scan all images eventually - FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq) - BUILD +scan-image --IMAGE ${IMAGE} - END - pin-images: FROM +build.venv.dev COPY roles/defaults/vars/main.yml /defaults.yml diff --git a/docker-bake.hcl b/docker-bake.hcl deleted file mode 100644 index 7237361c9..000000000 --- a/docker-bake.hcl +++ /dev/null @@ -1,98 +0,0 @@ -variable "REGISTRY" { - default = "registry.atmosphere.dev/library" -} - -variable "CACHE_REGISTRY" { - default = "registry.atmosphere.dev/cache" -} - -variable "PUSH_TO_CACHE" { - default = false -} - -function "cache_from" { - params = [image] - result = ["type=registry,ref=${CACHE_REGISTRY}/${image}"] -} - -function "cache_to" { - params = [image] - result = PUSH_TO_CACHE ? [format("%s,%s", cache_from(image)[0], "mode=max,image-manifest=true,oci-mediatypes=true,compression=zstd")] : [] -} - -target "barbican" { - name = "barbican-${release.tgt}" - - context = "." - target = "barbican" - - cache-from = cache_from("barbican:${release.name}") - cache-to = cache_to("barbican:${release.name}") - - tags = [ - "${REGISTRY}/barbican:${release.name}", - "${REGISTRY}/barbican:${release.ref}" - ] - - matrix = { - release = [ - { - tgt = "bobcat", - name = "2023.2", - ref = "a00fcade4138ffc52cd9c84b5999297966f019b5" - } - ] - } - - args = { - RELEASE = release.name - BRANCH = format("stable/%s", release.name) - PROJECT = "barbican" - BARBICAN_GIT_REF = release.ref - } -} - -target "magnum" { - name = "magnum-${release.tgt}" - - context = "." - target = "magnum" - - cache-from = cache_from("magnum:${release.name}") - cache-to = cache_to("magnum:${release.name}") - - tags = [ - "${REGISTRY}/magnum:${release.name}", - "${REGISTRY}/magnum:${release.ref}" - ] - - matrix = { - release = [ - { - tgt = "zed", - name = "zed", - ref = "0ee979099a01ae2c8b1b5d6757897a8993e4e34c" - }, - { - tgt = "bobcat", - name = "2023.2", - ref = "5f921a72d22d7e96fb3584c4906a39de9a085a41" - } - ] - } - - args = { - RELEASE = release.name - BRANCH = format("stable/%s", release.name) - PROJECT = "magnum" - MAGNUM_GIT_REF = release.ref - } -} - - -group "default" { - targets = [ - "barbican", - "magnum" - ] -} diff --git a/images/Earthfile b/images/Earthfile deleted file mode 100644 index 32cab4a2f..000000000 --- a/images/Earthfile +++ /dev/null @@ -1,52 +0,0 @@ -VERSION 0.8 - -APT_INSTALL: - FUNCTION - ARG PACKAGES - RUN \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${PACKAGES} && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* - -DNF_INSTALL: - FUNCTION - ARG PACKAGES - RUN \ - dnf -y install \ - ${PACKAGES} \ - --setopt=install_weak_deps=False \ - --setopt=tsflags=nodocs && \ - dnf -y clean all && \ - rm -rf /var/cache/dnf - -CREATE_PROJECT_USER: - FUNCTION - ARG PROJECT - ARG SHELL=/usr/sbin/nologin - RUN \ - groupadd -g 42424 ${PROJECT} && \ - useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \ - mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \ - chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} - -fetch-gerrit-patch: - FROM ./base+image - DO +APT_INSTALL --PACKAGES "ca-certificates curl git jq" - ARG --required IMAGE - ARG PROJECT=${IMAGE} - ARG --required CHANGE - ARG PROJECT_REF=master - DO ./openstack-service+GIT_CHECKOUT \ - --PROJECT=${PROJECT} \ - --PROJECT_REF=${PROJECT_REF} - ARG REF=$(curl "https://review.opendev.org/changes/?q=${CHANGE}&o=CURRENT_REVISION" | tail -1 | jq -r '.[0].revisions[].ref') - COPY ${IMAGE}/patches/${PROJECT} /patches - RUN \ - git fetch https://review.opendev.org/openstack/${PROJECT} ${REF} && \ - git format-patch -1 --output-directory /gerrit FETCH_HEAD - ARG PATCH_ID=$(ls -1 /patches | wc -l | xargs printf "%04d") - RUN \ - cp /gerrit/0001-* \ - /patches/${PATCH_ID}-$(basename /gerrit/*.patch | sed 's/0001-//') - SAVE ARTIFACT /patches AS LOCAL ${IMAGE}/patches/${PROJECT} diff --git a/images/barbican/Dockerfile b/images/barbican/Dockerfile new file mode 100644 index 000000000..e12147859 --- /dev/null +++ b/images/barbican/Dockerfile @@ -0,0 +1,27 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG BARBICAN_GIT_REF=7d6749fcb1ad16a3350de82cd8e523d5b55306f8 +ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src/barbican +RUN git -C /src/barbican fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <" - exit 1 -fi - -docker buildx create --name=atmosphere --driver=docker-container || true - -if [ "$PUSH" = true ]; then - docker buildx bake --builder=atmosphere --provenance --sbom=true --push $TARGET - - # Sign all images - export COSIGN_PASSWORD="" - for IMAGE in $(docker buildx bake --print ${TARGET} | jq -r '.target[].tags | select(. != null)[]'); do - cosign sign -y --recursive --key cosign.key ${IMAGE} - done -else - docker buildx bake --builder=atmosphere --provenance --sbom=true $TARGET -fi diff --git a/images/builder/Earthfile b/images/builder/Earthfile deleted file mode 100644 index f4e92d3fa..000000000 --- a/images/builder/Earthfile +++ /dev/null @@ -1,7 +0,0 @@ -VERSION 0.7 - -image: - FROM ../base+image - DO ../+APT_INSTALL --PACKAGES "build-essential git python3-dev python3-pip python3-venv" - ARG POETRY_VERSION=1.4.2 - RUN pip3 install --no-cache-dir poetry==${POETRY_VERSION} diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile new file mode 100644 index 000000000..4c8f153ce --- /dev/null +++ b/images/cinder/Dockerfile @@ -0,0 +1,35 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG CINDER_GIT_REF=f74e2729554bee01b0a3e631a8001bb39e540433 +ADD --keep-git-dir=true https://opendev.org/openstack/cinder.git#${CINDER_GIT_REF} /src/cinder +RUN git -C /src/cinder fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "zed" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "2023.1" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "2023.2" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE IF [ "${RELEASE}" = "master" ] - RUN echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu $(lsb_release -sc)-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list - ELSE - RUN echo "${RELEASE} is not supported on $(lsb_release -sc)" - RUN exit 1 - END - END diff --git a/images/cluster-api-provider-openstack/Dockerfile b/images/cluster-api-provider-openstack/Dockerfile new file mode 100644 index 000000000..aa05489a9 --- /dev/null +++ b/images/cluster-api-provider-openstack/Dockerfile @@ -0,0 +1,32 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM alpine/git:2.43.0 AS src +ARG CAPO_VERSION=v0.9.0 +ADD https://github.com/kubernetes-sigs/cluster-api-provider-openstack.git#${CAPO_VERSION} /src +WORKDIR /src +COPY /patches /patches +RUN git apply /patches/*.patch + +FROM golang:1.20 AS builder +COPY --from=src --link /src /src +WORKDIR /src +ARG ARCH +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \ + go build -ldflags "-extldflags '-static'" -o manager ${package} + +FROM gcr.io/distroless/static:nonroot +COPY --from=builder /src/manager /manager +USER 65532 +ENTRYPOINT ["/manager"] diff --git a/images/cluster-api-provider-openstack/Earthfile b/images/cluster-api-provider-openstack/Earthfile deleted file mode 100644 index 111f465e0..000000000 --- a/images/cluster-api-provider-openstack/Earthfile +++ /dev/null @@ -1,18 +0,0 @@ -VERSION 0.7 - -ARG --global CAPO_VERSION=v0.8.0 -ARG --global EPOCH=2 - -clone: - FROM ../builder+image - GIT CLONE --branch ${CAPO_VERSION} https://github.com/kubernetes-sigs/cluster-api-provider-openstack /workspace/src - WORKDIR /workspace/src - COPY patches /workspace/patches - RUN git apply --verbose /workspace/patches/*.patch - SAVE ARTIFACT /workspace/src - -image: - FROM DOCKERFILE -f +clone/src/Dockerfile +clone/src/* - LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - SAVE IMAGE --push ${REGISTRY}/capi-openstack-controller:${CAPO_VERSION}-${EPOCH} diff --git a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch index 2812ac502..cd99927fe 100644 --- a/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch +++ b/images/cluster-api-provider-openstack/patches/0001-chore-bump-k8s-api-for-cve.patch @@ -1,158 +1,89 @@ -From 139a57e7b0d4c57033e281b061e459039a5e21d3 Mon Sep 17 00:00:00 2001 +From eed5b5cc2a6cf48c0c9e0245695d0ac143150186 Mon Sep 17 00:00:00 2001 From: Mohammed Naser -Date: Mon, 22 Jan 2024 16:22:52 -0500 -Subject: [PATCH 2/2] chore: bump k8s api for cve +Date: Tue, 12 Mar 2024 18:18:25 -0400 +Subject: [PATCH] chore: bump k8s api for cve --- - go.mod | 17 +++++++++-------- - go.sum | 36 +++++++++++++++++++----------------- - 2 files changed, 28 insertions(+), 25 deletions(-) + go.mod | 8 ++++---- + go.sum | 16 ++++++++-------- + 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod -index db4a954a..49d2f7cf 100644 +index 997f8354..d6c300cc 100644 --- a/go.mod +++ b/go.mod -@@ -15,8 +15,8 @@ require ( - github.com/onsi/gomega v1.27.8 - github.com/prometheus/client_golang v1.16.0 +@@ -15,7 +15,7 @@ require ( + github.com/onsi/gomega v1.30.0 + github.com/prometheus/client_golang v1.17.0 github.com/spf13/pflag v1.0.5 -- golang.org/x/crypto v0.11.0 -- golang.org/x/text v0.11.0 -+ golang.org/x/crypto v0.14.0 -+ golang.org/x/text v0.13.0 +- golang.org/x/crypto v0.15.0 ++ golang.org/x/crypto v0.17.0 + golang.org/x/text v0.14.0 gopkg.in/ini.v1 v1.67.0 - k8s.io/api v0.27.2 - k8s.io/apiextensions-apiserver v0.27.2 + k8s.io/api v0.28.4 @@ -24,7 +24,7 @@ require ( - k8s.io/client-go v0.27.2 - k8s.io/component-base v0.27.2 - k8s.io/klog/v2 v2.90.1 -- k8s.io/kubernetes v1.27.2 -+ k8s.io/kubernetes v1.27.8 - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 - sigs.k8s.io/cluster-api v1.5.1 - sigs.k8s.io/cluster-api/test v1.5.1 -@@ -113,15 +113,16 @@ require ( - go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.24.0 // indirect - golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect -- golang.org/x/net v0.13.0 // indirect -+ golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.10.0 // indirect -- golang.org/x/sys v0.10.0 // indirect -- golang.org/x/term v0.10.0 // indirect -+ golang.org/x/sys v0.13.0 // indirect -+ golang.org/x/term v0.13.0 // indirect + k8s.io/client-go v0.28.4 + k8s.io/component-base v0.28.4 + k8s.io/klog/v2 v2.100.1 +- k8s.io/kubernetes v1.28.3 ++ k8s.io/kubernetes v1.28.4 + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 + sigs.k8s.io/cluster-api v1.6.0 + sigs.k8s.io/cluster-api/test v1.6.0 +@@ -139,8 +139,8 @@ require ( + golang.org/x/net v0.18.0 // indirect + golang.org/x/oauth2 v0.14.0 // indirect + golang.org/x/sync v0.4.0 // indirect +- golang.org/x/sys v0.14.0 // indirect +- golang.org/x/term v0.14.0 // indirect ++ golang.org/x/sys v0.15.0 // indirect ++ golang.org/x/term v0.15.0 // indirect golang.org/x/time v0.3.0 // indirect -- golang.org/x/tools v0.9.3 // indirect -+ golang.org/x/tools v0.12.0 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/appengine v1.6.7 // indirect -- google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect -+ google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a // indirect -+ google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect - google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + golang.org/x/tools v0.14.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum -index 66bd8109..f18ece49 100644 +index e3d46fdc..f5767735 100644 --- a/go.sum +++ b/go.sum -@@ -516,8 +516,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y +@@ -460,8 +460,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= --golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= --golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= +-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= ++golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= ++golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -@@ -555,7 +555,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= --golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -596,8 +596,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= - golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= --golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= --golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -673,13 +673,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +@@ -609,13 +609,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= --golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= ++golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= --golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= --golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +-golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +-golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= ++golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= ++golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -690,8 +690,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= - golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= --golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= --golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -752,8 +752,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= --golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= --golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= -+golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= -+golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -@@ -825,8 +825,10 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D - google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= - google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= - google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= --google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= --google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a h1:HiYVD+FGJkTo+9zj1gqz0anapsa1JxjiSrN+BJKyUmE= -+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= - google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= - google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= - google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -@@ -914,8 +916,8 @@ k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= - k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= --k8s.io/kubernetes v1.27.2 h1:g4v9oY6u7vBUDEuq4FvC50Bbw2K7GZuvM00IIESWVf4= --k8s.io/kubernetes v1.27.2/go.mod h1:U8ZXeKBAPxeb4J4/HOaxjw1A9K6WfSH+fY2SS7CR6IM= -+k8s.io/kubernetes v1.27.8 h1:K848lTo/D0jvrxUlTvw4nNADixbhXLHgKNDP/KlFGy8= -+k8s.io/kubernetes v1.27.8/go.mod h1:PUXXrx0IhAi+kI9BMDqNJHUnLndVv9W0DkriqyjuJOs= - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 h1:xMMXJlJbsU8w3V5N2FLDQ8YgU8s1EoULdbQBcAeNJkY= - k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +@@ -841,8 +841,8 @@ k8s.io/kms v0.28.4 h1:PMgY/3CQTWP9eIKmNQiTgjLIZ0ns6O+voagzD2/4mSg= + k8s.io/kms v0.28.4/go.mod h1:HL4/lR/bhjAJPbqycKtfhWiKh1Sp21cpHOL8P4oo87w= + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +-k8s.io/kubernetes v1.28.3 h1:XTci6gzk+JR51UZuZQCFJ4CsyUkfivSjLI4O1P9z6LY= +-k8s.io/kubernetes v1.28.3/go.mod h1:NhAysZWvHtNcJFFHic87ofxQN7loylCQwg3ZvXVDbag= ++k8s.io/kubernetes v1.28.4 h1:aRNxs5jb8FVTtlnxeA4FSDBVKuFwA8Gw40/U2zReBYA= ++k8s.io/kubernetes v1.28.4/go.mod h1:BTzDCKYAlu6LL9ITbfjwgwIrJ30hlTgbv0eXDoA/WoA= + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -- 2.43.0 - diff --git a/images/curl/Earthfile b/images/curl/Earthfile deleted file mode 100644 index 06d3d8e1a..000000000 --- a/images/curl/Earthfile +++ /dev/null @@ -1,5 +0,0 @@ -VERSION 0.7 - -image: - FROM curlimages/curl:7.78.0 - WORKDIR /tmp diff --git a/images/designate/Dockerfile b/images/designate/Dockerfile new file mode 100644 index 000000000..e1610c8d2 --- /dev/null +++ b/images/designate/Dockerfile @@ -0,0 +1,33 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG DESIGNATE_GIT_REF=d247267823034c5e656f74e91b50475aa54d3fa6 +ADD --keep-git-dir=true https://opendev.org/openstack/designate.git#${DESIGNATE_GIT_REF} /src/designate +RUN git -C /src/designate fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < /etc/apt/sources.list.d/ceph.list - ELSE IF [ "$(lsb_release -sc)" = "jammy" ] - RUN echo "deb http://download.ceph.com/debian-reef/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/ceph.list - ELSE - RUN echo "${RELEASE} is not supported on $(lsb_release -sc)" - RUN exit 1 - END - DO ../+APT_INSTALL --PACKAGES="ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios" - DO ../+CREATE_PROJECT_USER --PROJECT=nova - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - SAVE IMAGE --push ${REGISTRY}/libvirtd:${RELEASE} - -image: - BUILD --platform linux/amd64 --platform linux/arm64 +platform-image diff --git a/images/libvirtd/keyrings/ceph.gpg b/images/libvirtd/keyrings/ceph.gpg deleted file mode 100644 index c5d8bd399481b290ab5da94b87bd860a33a998ee..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1143 zcmV--1c>{Y0u2OJ_=X7q5CF@nevbJ;Y5AM5al>VI3*qGa#K5Hwm2!_RG#_465sD38 zmXL=NLCNO`29zsUcXOrn|9+`WxR5h*eY-hs=XvlKgzqt0XNxo>!;HCEyQjioviTGX z^63AwMTc%);z$XmJLkgYyK`nM1CAhp7WF|reYxYAEUs_~4Q5B}26ndxL?Y|$Cver? z+Ak9m`0ngIQ{q$*^Y!*xlNj-t_r%K}ODaaT?*Dqdu%y^KW0` zS6ZrG;)BP!1)?WS`!>M&$0zQz>J5}1&X7`S)dDqhl(43rss_qx06btgIkE2bedIgK z;xG~&^jzqnT9NUuM4z@q&^f(3x^B&MdjnVbuzE8k)(4)w_9NhYi0H9|H7&%3I2aEb zh+q>nquudzb_uOvKITzY;vyJtM-HU~wRly1j%tlK+D;M`D%KzpMT}47p0{w%J|&ag z`%O4cbnWhhSU^G^3k166X92k`)Mx`N5%~SD@}t(xyk<&8q|`J0Q(hA}UIj{x-8%<| z0)_&zqylwwJA`^hL=$>tqdyAJt<5pl;fJECl3s| zLE5}_)s5UcL0JG10RRECDnn&(Xf9)KZ6GLeWo%_(b7dfFWqBzeJac7Zb#iHRc|c=j zaA+=LZ*4w_0yqQ{0RjLb1p-z0h6w^20|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f? z2@vQ?!oWrkIh0+}5CD%DJ;qE0XK&-rYVa)amGnqOoyNcMzwjac5aBU$X%%PBW>k6L z3D6G=<^q??a9MD*mjZ4qFl~`Thg{o{=i*$KoW(gzrFN}Hzst1V_~#iu>_a{YPUJt&wDrHV^U72%DSq=FIzI>(lJk(k^-4(U`{P77CyD0%bq>ih zZBB+Kwrh5L1y&6*F39>os1BoYq>c-<=+D;}#zj`0g9`;rl3rwz((Gm4pRg-QOdCnE z{s#VPSsvu@5RJh(cGcL-DgN-d^tmU(lfkmllZx7il#QTWeuJ+xp#6a@O21agV0i zaTeo!x%2r>B-Too>JJHr2)h%LYsHAn939f>LsAFu -Date: Fri, 31 Mar 2023 23:41:43 +1100 -Subject: [PATCH] Update chart.metadata.version to reflect breaking change in - helm v3.5.2 - -https: //github.com/helm/helm/issues/9342 -Change-Id: I1dbe7b0b85380e713ebb5dcdd7ecbfc6a438b852 -(cherry picked from commit ebee3263b6b3d3fa213ea8f837911b89785a4700) ---- - .../templates/kubernetes/fragments/install-helm-modules.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh -index 475e8dbf6c..a0b3f4bc75 100644 ---- a/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh -+++ b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh -@@ -72,8 +72,8 @@ else - cat << EOF > Chart.yaml - apiVersion: v1 - name: magnum --version: metachart --appVersion: metachart -+version: 1.0.0 -+appVersion: v1.0.0 - description: Magnum Helm Charts - EOF - sed -i '1i\dependencies:' requirements.yaml diff --git a/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch b/images/magnum/patches/magnum/0001-Fix-Trust-token-scope-for-drivers.patch similarity index 100% rename from patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch rename to images/magnum/patches/magnum/0001-Fix-Trust-token-scope-for-drivers.patch diff --git a/images/manila/Dockerfile b/images/manila/Dockerfile new file mode 100644 index 000000000..4a222e083 --- /dev/null +++ b/images/manila/Dockerfile @@ -0,0 +1,35 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG MANILA_GIT_REF=c0fc23a39f87629b59fae7bbf46f70e3e1b459cd +ADD --keep-git-dir=true https://opendev.org/openstack/manila.git#${MANILA_GIT_REF} /src/manila +RUN git -C /src/manila fetch --unshallow +COPY patches/manila /patches/manila +RUN git -C /src/manila apply --verbose /patches/manila/* +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < -Date: Fri, 22 Sep 2023 16:25:10 +0200 -Subject: [PATCH] fix netns deletion of broken namespaces - -normal network namespaces are bind-mounted to files under -/var/run/netns. If a process deleting a network namespace gets killed -during that operation there is the chance that the bind mount to the -netns has been removed, but the file under /var/run/netns still exists. - -When the neutron-ovn-metadata-agent tries to clean up such network -namespaces it first tires to validate that the network namespace is -empty. For the cases described above this fails, as this network -namespace no longer really exists, but is just a stray file laying -around. - -To fix this we treat network namespaces where we get an `OSError` with -errno 22 (Invalid Argument) as empty. The calls to pyroute2 to delete -the namespace will then clean up the file. - -Additionally we add a guard to teardown_datapath to continue even if -this fails. failing to remove a datapath is not critical and leaves in -the worst case a process and a network namespace running, however -previously it would have also prevented the creation of new datapaths -which is critical for VM startup. - -Closes-Bug: #2037102 -Change-Id: I7c43812fed5903f98a2e491076c24a8d926a59b4 -(cherry picked from commit 566fea3fed837b0130023303c770aade391d3d61) ---- - neutron/agent/linux/ip_lib.py | 17 ++++++++++++- - neutron/agent/ovn/metadata/agent.py | 5 +++- - neutron/tests/unit/agent/linux/test_ip_lib.py | 15 +++++++++++ - .../unit/agent/ovn/metadata/test_agent.py | 25 +++++++++++++++++++ - 4 files changed, 60 insertions(+), 2 deletions(-) - -diff --git a/neutron/agent/linux/ip_lib.py b/neutron/agent/linux/ip_lib.py -index 10bd33d9e1..5d2593da47 100644 ---- a/neutron/agent/linux/ip_lib.py -+++ b/neutron/agent/linux/ip_lib.py -@@ -259,7 +259,22 @@ class IPWrapper(SubProcessBase): - return ip - - def namespace_is_empty(self): -- return not self.get_devices() -+ try: -+ return not self.get_devices() -+ except OSError as e: -+ # This can happen if we previously got terminated in the middle of -+ # removing this namespace. In this case the bind mount of the -+ # namespace under /var/run/netns will be removed, but the namespace -+ # file is still there. As the bind mount is gone we can no longer -+ # access the namespace to validate that it is empty. But since it -+ # should have already been removed we are sure that the check has -+ # passed the last time and since the namespace is unuseable that -+ # can not have changed. -+ # Future calls to pyroute2 to remove that namespace will clean up -+ # the leftover file. -+ if e.errno == errno.EINVAL: -+ return True -+ raise e - - def garbage_collect_namespace(self): - """Conditionally destroy the namespace if it is empty.""" -diff --git a/neutron/agent/ovn/metadata/agent.py b/neutron/agent/ovn/metadata/agent.py -index 1745239701..861715d8e1 100644 ---- a/neutron/agent/ovn/metadata/agent.py -+++ b/neutron/agent/ovn/metadata/agent.py -@@ -430,7 +430,10 @@ class MetadataAgent(object): - ns.startswith(NS_PREFIX) and - ns not in metadata_namespaces] - for ns in unused_namespaces: -- self.teardown_datapath(self._get_datapath_name(ns)) -+ try: -+ self.teardown_datapath(self._get_datapath_name(ns)) -+ except Exception: -+ LOG.exception('Error unable to destroy namespace: %s', ns) - - # resync all network namespaces based on the associated datapaths, - # even those that are already running. This is to make sure -diff --git a/neutron/tests/unit/agent/linux/test_ip_lib.py b/neutron/tests/unit/agent/linux/test_ip_lib.py -index d1c74fb3f7..159cafdb8e 100644 ---- a/neutron/tests/unit/agent/linux/test_ip_lib.py -+++ b/neutron/tests/unit/agent/linux/test_ip_lib.py -@@ -357,6 +357,21 @@ class TestIpWrapper(base.BaseTestCase): - self.assertNotIn(mock.call().delete('ns'), - ip_ns_cmd_cls.mock_calls) - -+ def test_garbage_collect_namespace_existing_broken(self): -+ with mock.patch.object(ip_lib, 'IpNetnsCommand') as ip_ns_cmd_cls: -+ ip_ns_cmd_cls.return_value.exists.return_value = True -+ -+ ip = ip_lib.IPWrapper(namespace='ns') -+ -+ with mock.patch.object(ip, 'get_devices', -+ side_effect=OSError(errno.EINVAL, None) -+ ) as mock_get_devices: -+ self.assertTrue(ip.garbage_collect_namespace()) -+ -+ mock_get_devices.assert_called_once_with() -+ expected = [mock.call().delete('ns')] -+ ip_ns_cmd_cls.assert_has_calls(expected) -+ - @mock.patch.object(priv_lib, 'create_interface') - def test_add_vlan(self, create): - retval = ip_lib.IPWrapper().add_vlan('eth0.1', 'eth0', '1') -diff --git a/neutron/tests/unit/agent/ovn/metadata/test_agent.py b/neutron/tests/unit/agent/ovn/metadata/test_agent.py -index 6df7da702d..9bf9f0db52 100644 ---- a/neutron/tests/unit/agent/ovn/metadata/test_agent.py -+++ b/neutron/tests/unit/agent/ovn/metadata/test_agent.py -@@ -134,6 +134,31 @@ class TestMetadataAgent(base.BaseTestCase): - lnn.assert_called_once_with() - tdp.assert_called_once_with('3') - -+ def test_sync_teardown_namespace_does_not_crash_on_error(self): -+ """Test that sync tears down unneeded metadata namespaces. -+ Even if that fails it continues to provision other datapaths -+ """ -+ with mock.patch.object( -+ self.agent, 'provision_datapath') as pdp,\ -+ mock.patch.object( -+ ip_lib, 'list_network_namespaces', -+ return_value=['ovnmeta-1', 'ovnmeta-2', 'ovnmeta-3', -+ 'ns1', 'ns2']) as lnn,\ -+ mock.patch.object( -+ self.agent, 'teardown_datapath', -+ side_effect=Exception()) as tdp: -+ self.agent.sync() -+ -+ pdp.assert_has_calls( -+ [ -+ mock.call(p.datapath) -+ for p in self.ports -+ ], -+ any_order=True -+ ) -+ lnn.assert_called_once_with() -+ tdp.assert_called_once_with('3') -+ - def test_get_networks_datapaths(self): - """Test get_networks_datapaths returns only datapath objects for the - networks containing vif ports of type ''(blank) and 'external'. --- -2.34.1 diff --git a/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch new file mode 100644 index 000000000..260532499 --- /dev/null +++ b/images/neutron/patches/neutron/0001-fix-ovn-set-mtu-in-external_ids-correctly.patch @@ -0,0 +1,38 @@ +From f8ec437329510ef59c81084712dbfe49528ef56d Mon Sep 17 00:00:00 2001 +From: Mohammed Naser +Date: Thu, 28 Mar 2024 14:38:43 -0400 +Subject: [PATCH] fix(ovn): set mtu in external_ids correctly + +In the previous patch, we did account for the MTU showing up +in the external IDs however the code only sets it if it's using +a remote managed port binding. This code instead sets the binding +for all the inerface types instead. + +Related-Change-Id: I7ff300e9634e5e3fc68d70540392109fd8b9babc +Closes-Bug: 2053274 +Change-Id: I0653c83c5fb595847bb61182223db39b2f7e98c6 +--- + .../plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +index 3e7bc5c01f..6f9e90afde 100644 +--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py ++++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +@@ -480,11 +480,13 @@ class OVNClient(object): + # HA Chassis Group will bind the port to the highest + # priority Chassis + if port_type != ovn_const.LSP_TYPE_EXTERNAL: ++ port_net = self._plugin.get_network( ++ context, port['network_id']) ++ mtu = str(port_net['mtu']) + if (vnic_type == portbindings.VNIC_REMOTE_MANAGED and + ovn_const.VIF_DETAILS_PF_MAC_ADDRESS in binding_prof): + port_net = self._plugin.get_network( + context, port['network_id']) +- mtu = str(port_net['mtu']) + options.update({ + ovn_const.LSP_OPTIONS_VIF_PLUG_TYPE_KEY: 'representor', + ovn_const.LSP_OPTIONS_VIF_PLUG_MTU_REQUEST_KEY: mtu, +-- +2.34.1 diff --git a/images/nova-ssh/Dockerfile b/images/nova-ssh/Dockerfile new file mode 100644 index 000000000..84f6889a9 --- /dev/null +++ b/images/nova-ssh/Dockerfile @@ -0,0 +1,26 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-runtime:zed +RUN < -Date: Tue, 31 Oct 2023 22:52:50 -0400 -Subject: [PATCH] libvirt: Stop unconditionally enabling evmcs - -In I008841988547573878c4e06e82f0fa55084e51b5 we started enabling a -bunch of libvirt enlightenments for Windows unconditionally. Turns -out, the `evmcs` enlightenment only works on Intel hosts, and we broke -the ability to run Windows guests on AMD machines. Until we become -smarter about conditionally enabling evmcs (with something like traits -for host CPU features), just stop enabling it at all. - -Change-Id: I2ff4fdecd9dc69de283f0e52e07df1aeaf0a9048 -Closes-bug: 2009280 ---- - nova/tests/unit/virt/libvirt/test_driver.py | 5 ++++- - nova/virt/libvirt/driver.py | 1 - - ...p-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml | 8 ++++++++ - 3 files changed, 12 insertions(+), 2 deletions(-) - create mode 100644 releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml - -diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py -index d01b9c2677..ebba604ffa 100644 ---- a/nova/tests/unit/virt/libvirt/test_driver.py -+++ b/nova/tests/unit/virt/libvirt/test_driver.py -@@ -27972,7 +27972,10 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin): - self.assertTrue(hv.reenlightenment) - self.assertTrue(hv.tlbflush) - self.assertTrue(hv.ipi) -- self.assertTrue(hv.evmcs) -+ # NOTE(artom) evmcs only works on Intel hosts, so we can't enable it -+ # unconditionally. Until we become smarter about it, just don't enable -+ # it at all. See bug 2009280. -+ self.assertFalse(hv.evmcs) - - - class LibvirtVolumeUsageTestCase(test.NoDBTestCase): -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index d03dc5fd67..1b28e50355 100644 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -6234,7 +6234,6 @@ class LibvirtDriver(driver.ComputeDriver): - hv.reenlightenment = True - hv.tlbflush = True - hv.ipi = True -- hv.evmcs = True - - # NOTE(kosamara): Spoofing the vendor_id aims to allow the nvidia - # driver to work on windows VMs. At the moment, the nvidia driver -diff --git a/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml b/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml -new file mode 100644 -index 0000000000..31609f2a2d ---- /dev/null -+++ b/releasenotes/notes/libvirt-enlightenments-stop-unconditionally-enabling-evmcs-993a825641c4b9f3.yaml -@@ -0,0 +1,8 @@ -+--- -+fixes: -+ - | -+ Bug 2009280 has been fixed by no longer enabling the evmcs enlightenment in -+ the libvirt driver. evmcs only works on Intel CPUs, and domains with that -+ enlightenment cannot be started on AMD hosts. There is a possible future -+ feature to enable support for generating this enlightenment only when -+ running on Intel hosts. --- -2.34.1 - diff --git a/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch b/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch deleted file mode 100644 index 88ea6312a..000000000 --- a/images/nova/patches/nova/0001-libvirt-stop-enabling-hyperv-feature-reenlightenment.patch +++ /dev/null @@ -1,52 +0,0 @@ -From e618e78edc6293d248a5fa2eb63b3fa636250fca Mon Sep 17 00:00:00 2001 -From: songjie -Date: Mon, 25 Dec 2023 16:59:36 +0800 -Subject: [PATCH] libvirt: stop enabling hyperv feature reenlightenment -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The 'reenlightenment' hyperv enlightenment will cause -instances live-migration to fail (KVM currently doesn’t -fully support reenlightenment notifications, see -www.qemu.org/docs/master/system/i386/hyperv.html), -so don't enable it now. - -Change-Id: I6821819450bc96e4304125ea3b76a0e462e6e33f -Closes-Bug: #2046549 -Related-Bug: #2009280 ---- - nova/tests/unit/virt/libvirt/test_driver.py | 4 +++- - nova/virt/libvirt/driver.py | 1 - - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py -index 868e024370..2e1d089898 100644 ---- a/nova/tests/unit/virt/libvirt/test_driver.py -+++ b/nova/tests/unit/virt/libvirt/test_driver.py -@@ -28048,7 +28048,9 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin): - self.assertTrue(hv.synic) - self.assertTrue(hv.reset) - self.assertTrue(hv.frequencies) -- self.assertTrue(hv.reenlightenment) -+ # NOTE(jie) reenlightenment will cause instances live-migration -+ # failure, so don't enable it now. See bug 2046549. -+ self.assertFalse(hv.reenlightenment) - self.assertTrue(hv.tlbflush) - self.assertTrue(hv.ipi) - # NOTE(artom) evmcs only works on Intel hosts, so we can't enable it -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index 7f5f48c047..f8e3353110 100644 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -6262,7 +6262,6 @@ class LibvirtDriver(driver.ComputeDriver): - hv.synic = True - hv.reset = True - hv.frequencies = True -- hv.reenlightenment = True - hv.tlbflush = True - hv.ipi = True - --- -2.34.1 - diff --git a/images/octavia/Dockerfile b/images/octavia/Dockerfile new file mode 100644 index 000000000..bf8d7e7f5 --- /dev/null +++ b/images/octavia/Dockerfile @@ -0,0 +1,36 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG OCTAVIA_GIT_REF=000b577f3e9c9ff7cb893e9f6e635753017a78c6 +ADD --keep-git-dir=true https://opendev.org/openstack/octavia.git#${OCTAVIA_GIT_REF} /src/octavia +RUN git -C /src/octavia fetch --unshallow +ADD --keep-git-dir=true https://opendev.org/openstack/ovn-octavia-provider.git#stable/zed /src/ovn-octavia-provider +RUN git -C /src/ovn-octavia-provider fetch --unshallow +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < -Date: Tue, 16 Jan 2024 17:13:19 -0500 -Subject: [PATCH] fix: specify endpoint info. for neutron client - -Closes bug: #2049551 - -Change-Id: I80a266e500958415a70d462ddfe57e9e03e6ef13 ---- - octavia/common/clients.py | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/octavia/common/clients.py b/octavia/common/clients.py -index b13642bb..2abcc67b 100644 ---- a/octavia/common/clients.py -+++ b/octavia/common/clients.py -@@ -80,10 +80,16 @@ class NeutronAuth(object): - if not cls.neutron_client: - sess = ksession.get_session() - -- kwargs = {} -+ kwargs = { -+ 'region_name': CONF.neutron.region_name, -+ 'interface': CONF.neutron.valid_interfaces -+ } - if CONF.neutron.endpoint_override: - kwargs['network_endpoint_override'] = ( - CONF.neutron.endpoint_override) -+ if CONF.neutron.endpoint_override.startswith("https"): -+ kwargs['insecure'] = CONF.neutron.insecure -+ kwargs['cacert'] = CONF.neutron.cafile - - conn = openstack.connection.Connection( - session=sess, **kwargs) --- -2.34.1 - diff --git a/images/openstack-runtime/Dockerfile b/images/openstack-runtime/Dockerfile new file mode 100644 index 000000000..3cf9ae45f --- /dev/null +++ b/images/openstack-runtime/Dockerfile @@ -0,0 +1,23 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +ARG FROM=registry.atmosphere.dev/library/ubuntu-cloud-archive:zed +FROM ${FROM} +ONBUILD ARG PROJECT +ONBUILD ARG SHELL=/usr/sbin/nologin +ONBUILD RUN \ + groupadd -g 42424 ${PROJECT} && \ + useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \ + mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \ + chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} diff --git a/images/openstack-service/Earthfile b/images/openstack-service/Earthfile deleted file mode 100644 index ae4ab494d..000000000 --- a/images/openstack-service/Earthfile +++ /dev/null @@ -1,99 +0,0 @@ -VERSION 0.8 - -PIP_INSTALL: - FUNCTION - ARG PACKAGES - RUN --mount=type=cache,target=/root/.cache \ - /var/lib/openstack/bin/pip3 install \ - --constraint /upper-constraints.txt \ - ${PACKAGES} - -GIT_CHECKOUT: - FUNCTION - ARG PROJECT - ARG PROJECT_REPO=https://github.com/openstack/${PROJECT} - ARG PROJECT_REF - GIT CLONE --branch ${PROJECT_REF} ${PROJECT_REPO} /src - WORKDIR /src - RUN \ - git remote set-url origin ${PROJECT_REPO} && \ - git fetch --unshallow - COPY --if-exists patches/${PROJECT} /patches - IF [ -d /patches ] - RUN git apply --verbose /patches/*.patch - END - -BUILD_VENV: - FUNCTION - ARG PROJECT - ARG PROJECT_REPO=https://github.com/openstack/${PROJECT} - ARG PROJECT_REF - DO +GIT_CHECKOUT \ - --PROJECT=${PROJECT} \ - --PROJECT_REPO=${PROJECT_REPO} \ - --PROJECT_REF=${PROJECT_REF} - ARG EXTRAS="" - ARG PIP_PACKAGES="" - DO +PIP_INSTALL --PACKAGES "/src${EXTRAS} ${PIP_PACKAGES}" - SAVE ARTIFACT /var/lib/openstack venv - -requirements: - FROM ../base+image - ARG RELEASE - IF [ "${RELEASE}" = "master" ] - ARG BRANCH=master - ELSE - ARG BRANCH=stable/${RELEASE} - END - GIT CLONE --branch ${BRANCH} https://github.com/openstack/requirements /src - RUN \ - sed -i 's/cryptography===36.0.2/cryptography===42.0.4/' /src/upper-constraints.txt && \ - sed -i 's/cryptography===40.0.2/cryptography===42.0.4/' /src/upper-constraints.txt && \ - sed -i 's/cryptography===41.0.7/cryptography===42.0.4/' /src/upper-constraints.txt && \ - sed -i 's/Django===3.2.18/Django===3.2.24/' /src/upper-constraints.txt && \ - sed -i 's/Flask===2.2.3/Flask===2.2.5/' /src/upper-constraints.txt && \ - sed -i 's/Jinja2===3.1.2/Jinja2===3.1.3/' /src/upper-constraints.txt && \ - sed -i 's/paramiko===2.11.0/paramiko===3.4.0/' /src/upper-constraints.txt && \ - sed -i 's/paramiko===3.1.0/paramiko===3.4.0/' /src/upper-constraints.txt && \ - sed -i 's/pyOpenSSL===22.0.0/pyOpenSSL===24.0.0/' /src/upper-constraints.txt && \ - sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===24.0.0/' /src/upper-constraints.txt && \ - sed -i 's/requests===2.28.1/requests===2.31.0/' /src/upper-constraints.txt && \ - sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt && \ - sed -i 's/sqlparse===0.4.2/sqlparse===0.4.4/' /src/upper-constraints.txt && \ - sed -i 's/urllib3===1.26.12/urllib3===1.26.18/' /src/upper-constraints.txt && \ - sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt && \ - sed -i 's/Werkzeug===2.2.3/Werkzeug===2.3.8/' /src/upper-constraints.txt && \ - sed -i '/glance-store/d' /src/upper-constraints.txt && \ - sed -i '/horizon/d' /src/upper-constraints.txt - SAVE ARTIFACT /src/upper-constraints.txt - -builder: - ARG RELEASE - FROM ../cloud-archive-base+image --RELEASE=${RELEASE} - DO ../+APT_INSTALL --PACKAGES "\ - build-essential \ - curl \ - git \ - libldap2-dev \ - libpcre3-dev \ - libsasl2-dev \ - libssl-dev \ - lsb-release \ - openssh-client \ - python3 \ - python3-dev \ - python3-pip \ - python3-venv" - RUN --mount type=cache,target=/root/.cache \ - python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack - COPY \ - (+requirements/upper-constraints.txt --RELEASE=${RELEASE}) \ - /upper-constraints.txt - DO +PIP_INSTALL --PACKAGES "cryptography pymysql python-binary-memcached python-memcached uwsgi" - -image: - ARG --required RELEASE - FROM ../cloud-archive-base+image --RELEASE=${RELEASE} - ENV PATH=/var/lib/openstack/bin:$PATH - ARG --required PROJECT - DO ../+CREATE_PROJECT_USER --PROJECT=${PROJECT} diff --git a/images/openstack-venv-builder/Dockerfile b/images/openstack-venv-builder/Dockerfile new file mode 100644 index 000000000..2b154cf4d --- /dev/null +++ b/images/openstack-venv-builder/Dockerfile @@ -0,0 +1,62 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/ubuntu-cloud-archive:zed AS requirements +ADD https://releases.openstack.org/constraints/upper/zed /upper-constraints.txt +RUN < 23.0.1.dev6 therefore -# we ignore those old CVEs. -CVE-2012-3542 -CVE-2012-4413 -CVE-2013-2256 -CVE-2013-4179 -CVE-2014-3517 -CVE-2014-3608 -CVE-2014-3641 -CVE-2014-3708 -CVE-2015-0259 -CVE-2015-3221 -CVE-2015-3280 -CVE-2015-5251 -CVE-2015-5286 -CVE-2015-7713 diff --git a/images/trivy/Earthfile b/images/trivy/Earthfile deleted file mode 100644 index 8f6862546..000000000 --- a/images/trivy/Earthfile +++ /dev/null @@ -1,8 +0,0 @@ -VERSION 0.7 - -image: - FROM aquasec/trivy:0.48.3 - COPY .trivyignore /.trivyignore - # TODO(mnaser): Add automatic updates - RUN trivy image --download-db-only - RUN trivy image --download-java-db-only diff --git a/zuul.d/playbooks/buildset-registry/pre.yml b/images/ubuntu-cloud-archive/Dockerfile similarity index 68% rename from zuul.d/playbooks/buildset-registry/pre.yml rename to images/ubuntu-cloud-archive/Dockerfile index 81304bb42..43d3a1a47 100644 --- a/zuul.d/playbooks/buildset-registry/pre.yml +++ b/images/ubuntu-cloud-archive/Dockerfile @@ -12,9 +12,8 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Prepare host for building images - hosts: all - roles: - - ensure-docker - - run-buildset-registry - - use-buildset-registry +FROM registry.atmosphere.dev/library/ubuntu:zed +COPY trusted.gpg.d/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg +COPY <6743a04p4H8L#ar*?5jSEDDVt~VbVqPmmRddU&PZtyV)C6k<(@a}BvYB0^A z#lq<^%2jUxN;=`uqk%4%ZRy@n2<@-QY;fz5N;9rTI>y)2c4vV@%(&~KI6=^6k9$=i z_N5?xFW`4~&~%>-(49{zWXaz8byi@u5nd38#Vhsx9sNms$3_BZML|cry_$+8YoE^z zj;F(0UPl%cNpNF@xB!`*5H$QsldDRNqj9r|1Gt+TnTvMQRK9E&0AgWpZX#MFKBp4w zRgB-iDvZ`)INW*?aS^aWVg-p9y2|k|LySkck{$d_`5l-D;W>~f~|mwtCLNb2svGYt4p_b`t_2ukcCLydno@ffn~bb7H9@QK}P|ue3*zS zzmc4Paq(I@SKfXtyJSrCN!}{)V-y=LO*kmZ;Gh=1;%-~){i7D*F-Za<8=5%RSywa( zP=6*;>dX>fQVOo%!_30-ZO_4R6FiE*vr;m6%K{wc zm--`n^JCOtLGrpI<=L?8^sbkhK&cK&O{Mdfs0lZl%n_W<;?XD?)M*1x#!V&2mCS!g zX%s7;rK!{iG2D`$#>kmYmFlq4pyr76g@$6mL9?s-n&LA(8r3W<3;75L;zRFhA2TkYcZ0-4N31yJ;YJ3|4@B#w! z8`D2zycQ=IIPen^=#g5^%Ab8xSS_N$%n>L;l}2N9ecEpQL)|hdGN9YNvoKjl8{|X> zvxjw|c%F<~p=N{Eez`G8q84rDq1~qz8sWFDH;JC`v2;z0;Cx2KPp173qB2Zc6VSJ+ Pum%7FXK-f#umS)BeJLzU literal 0 HcmV?d00001 diff --git a/zuul.d/playbooks/molecule-keycloak/pre.yml b/images/ubuntu/Dockerfile similarity index 84% rename from zuul.d/playbooks/molecule-keycloak/pre.yml rename to images/ubuntu/Dockerfile index ab0c6e184..1ad0fc5d6 100644 --- a/zuul.d/playbooks/molecule-keycloak/pre.yml +++ b/images/ubuntu/Dockerfile @@ -12,7 +12,5 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Prepare host for Keycloak tests - hosts: all - roles: - - ensure-docker +FROM ubuntu:jammy-20240227 +LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere diff --git a/molecule/keycloak/create.yml b/molecule/keycloak/create.yml new file mode 120000 index 000000000..5e5dbdcb1 --- /dev/null +++ b/molecule/keycloak/create.yml @@ -0,0 +1 @@ +../aio/create.yml \ No newline at end of file diff --git a/molecule/keycloak/group_vars b/molecule/keycloak/group_vars new file mode 120000 index 000000000..6a6b2f1c2 --- /dev/null +++ b/molecule/keycloak/group_vars @@ -0,0 +1 @@ +../aio/group_vars \ No newline at end of file diff --git a/molecule/keycloak/host_vars b/molecule/keycloak/host_vars new file mode 120000 index 000000000..6dd61d6cd --- /dev/null +++ b/molecule/keycloak/host_vars @@ -0,0 +1 @@ +../aio/host_vars \ No newline at end of file diff --git a/molecule/keycloak/molecule.yml b/molecule/keycloak/molecule.yml index 6446c65aa..d1e43469d 120000 --- a/molecule/keycloak/molecule.yml +++ b/molecule/keycloak/molecule.yml @@ -1 +1 @@ -../shared/molecule.yml \ No newline at end of file +../aio/molecule.yml \ No newline at end of file diff --git a/molecule/keycloak/prepare.yml b/molecule/keycloak/prepare.yml index b94b2edf5..5edf407c2 100644 --- a/molecule/keycloak/prepare.yml +++ b/molecule/keycloak/prepare.yml @@ -12,8 +12,11 @@ # License for the specific language governing permissions and limitations # under the License. -- import_playbook: ../shared/prepare/base.yml -- import_playbook: ../shared/prepare/kubernetes.yml +- name: Install Kubernetes + ansible.builtin.import_playbook: vexxhost.atmosphere.kubernetes + +- name: Install CSI + ansible.builtin.import_playbook: vexxhost.atmosphere.csi - hosts: controllers become: true diff --git a/patches/2023.2/magnum/.gitkeep b/patches/2023.2/magnum/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index dfb9d58f8..0b3860eb6 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -13,189 +13,189 @@ # under the License. _atmosphere_images: - alertmanager: quay.io/prometheus/alertmanager:v0.26.0@sha256:361db356b33041437517f1cd298462055580585f26555c317df1a3caf2868552 - barbican_api: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9 - barbican_db_sync: registry.atmosphere.dev/library/barbican:2023.2@sha256:836d31f3d9b88d7da006478b9d0cd79390b5726042e31d27824599c7fe97acc9 - bootstrap: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ceph_config_helper: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c - ceph: quay.io/ceph/ceph:v16.2.11@sha256:1b9803c8984bef8b82f05e233e8fe8ed8f0bba8e5cc2c57f6efaccbeea682add - cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1@sha256:985743eeed2b62f68ee06e583f1d5a371e1c35af4b1980a1b2571d29174cce47 - cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1@sha256:af84513925d86d2de456b5d67dbccd2a34d93aa6fd4e1c8fe9f84182fef1b1b1 - cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0 - cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1@sha256:a926d60b6f23553ca5d11ac9cd66bcc692136e838613c8bc0d60c6c35a3cbcfc - cilium_node: quay.io/cilium/cilium:v1.14.8@sha256:7fca3ba4b04af066e8b086b5c1a52e30f52db01ffc642e7db0a439514aed3ada - cilium_operator: quay.io/cilium/operator-generic:v1.14.8@sha256:56d373c12483c09964a00a29246595917603a077a298aa90a98e4de32c86b7dc - cinder_api: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_backup_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_backup: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_db_sync: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_scheduler: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_storage_init: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_volume_usage_audit: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cinder_volume: ghcr.io/vexxhost/atmosphere/cinder:2023.2@sha256:33fa168ec380d7f7f9aa144df2c63004403575c547462ab83198b31ddbbef73e - cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0@sha256:211632c5b695212bce78e0d35da5eb7b7672a3b2ff598883f8c60ebb557a7185 - cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0@sha256:956876ee8825038b12133352686d86585afa2feb22ca3bf9e437659862db2d43 - cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0@sha256:2c4ee52a70e19a0d2b55783bc72d6a63fca84f5da76a9dd1aef2630491277e6f - cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0@sha256:d5d5df3695d8b8785ac4ef00497ce0b969ff7dc291cb1647581bd2265b85cf51 - csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0@sha256:0174bf20d7ad8e9f131a045802ef1c43b4592a2ebc18ba07972b1ce8858d9cb7 - csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0@sha256:adc2922c98c539f680c02af99042d968114746f973a49b529785d6b402134bbf - csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1@sha256:28a674af1df2325fea415e32a7f93f083fce1f9c474912c45f025427fdc0aa10 - csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0@sha256:92107bb668a9de58a09247596c337bc5b46a1d145685eb55ef489ae16952f5bd - csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0@sha256:35ec0c736ec8266bd4a46f9e942315f148f3139beed99879d0ad8b8e5074d641 - csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0@sha256:bd7dafbd0d4fe81f23f01c9a7432de067bdf085f70d61492f5ffddd9c5264358 - db_drop: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - db_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - dep_check: ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:latest@sha256:0c986164554331d5361f100a505695a45d9a7f63f8fb40f29a5ee026ce28b8b2 - designate_api: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_central: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_db_sync: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_mdns: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_producer: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_sink: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - designate_worker: ghcr.io/vexxhost/atmosphere/designate:2023.2@sha256:cddae1e127cb570e8db3e155559b89307cdb7a5b65ace986c12fe3610ea03d9a - glance_api: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_db_sync: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_metadefs_load: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_registry: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - glance_storage_init: ghcr.io/vexxhost/atmosphere/glance:2023.2@sha256:1b127d8bb8f5384050d0acabe623fa8fdb0bba7b6d31a43be68402916723fb1b - grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.25.2@sha256:cb4c638ffb1fa1eb49678e0f0423564b39254533f63f4ca6a6c24260472e0c4f - grafana: docker.io/grafana/grafana:10.3.3@sha256:f8f7d338b2ecd278599e7f1cfc84a0a7bd4f549312218a54696edb38d709100d - haproxy: docker.io/library/haproxy:2.5@sha256:489dcc4385fd45813f3e9252b2f1f440db5749e4845d560250ce5083cc45eeb0 - heat_api: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_cfn: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_cloudwatch: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_db_sync: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_engine_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_engine: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - heat_purge_deleted: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - horizon_db_sync: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494 - horizon: ghcr.io/vexxhost/atmosphere/horizon:2023.2@sha256:8b8cae26a00725c110bc597840925b66d942e2dd31335334dd8fb9ef3591f494 - ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1@sha256:e16123f3932f44a2bba8bc3cf1c109cea4495ee271d6d16ab99228b58766d3ab - ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5@sha256:4dc5e07c8ca4e23bddb3153737d7b8c556e5fb2f29c4558b7cd6e6df99c512c7 - ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:23a03c9c381fba54043d0f6148efeaf4c1ca2ed176e43455178b5c5ebf15ad70 # noqa: yaml[line-length] - keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19@sha256:4fe20cd5c200e301e1a790c9aca8c3fc651c8461afea9d37c56a462d3bfa48bb - keycloak: quay.io/keycloak/keycloak:22.0.1-0@sha256:5b872e841ea9e394d89bdf250146434532d9c2001404540d46621d60f87494e7 - keystone_api: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_credential_cleanup: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - keystone_credential_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_credential_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_db_sync: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_domain_manage: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - keystone_fernet_rotate: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - keystone_fernet_setup: ghcr.io/vexxhost/atmosphere/keystone:2023.2@sha256:edb33b454d1dd0514c5f72613dddec2505e6b103aa7d5e56cb5e9eade119a33a - ks_endpoints: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ks_service: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - ks_user: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17@sha256:d88d1c8f972e10ff4b4176f3185434e2832d3805c457fa9e8816f1da2fdf3b93 - kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17@sha256:c3e041c8c8c9ffd33d421c8c1de1f42da52b616bfcf61880498e9efc9ec88005 - kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4@sha256:10683d82b024a58cc248c468c2632f9d1b260500f7cd9bb8e73f751048d7d6d4 - kube_etcd: registry.k8s.io/etcd:3.5.6-0@sha256:b0fdb657c0bd10d8c96ed2ce762842384709a9fc54d532220d5252f1f99b4d1d - kube_proxy: registry.k8s.io/kube-proxy:v1.22.17@sha256:614ec43f14e16e077173afa61ee355f8a5d1cc5b1c5e8030766781dc5ccde171 - kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17@sha256:f85dda445b7c8da197b8e39b0ca2b125b1e97a4a365d45c04d2759aefe935974 - kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1@sha256:50502264dbee17136b48d19404ce40d6e57ef9d38aafd95ceb1d977cc92e9519 - kubectl: docker.io/bitnami/kubectl:1.27.3@sha256:876cebc2d9272d9eb42c2128c9a08c7e7715dbfe4f2eb2f0b3612df977fdd6b7 - libvirt: ghcr.io/vexxhost/atmosphere/libvirtd:zed@sha256:5f349c9842535c27edbf94be42e4b5c07aa0ff62358cec4b61b1357554e9cf9c - libvirt_tls_sidecar: ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest@sha256:32dab069c0c70e46a6bff5f0fd75ca646af4c4b46c83947c31804c30e8befec6 - libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest@sha256:1a0fdf89f80060bfdbb8cf45213295c5d9fb1f7ea7dbfe2b331f0649cc98df8e - local_path_provisioner_helper: docker.io/library/busybox:1.36.0@sha256:086417a48026173aaadca4ce43a1e4b385e8e62cc738ba79fc6637049674cac0 - local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24@sha256:b7dea5221f06f6feed7788db0ad6b024a433c8f55533bd6cc792dc2079ff9ad2 - loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine@sha256:bbd46452aae30a7cc7bc438f267af812c7a2b0f3b5bcd4cc55eb99669cea3f28 - loki: docker.io/grafana/loki:2.7.3@sha256:8e3abbd89173066721fa07bddfee1c1a7a8fe59bed5b00a2fa09d2b3cef8758c - magnum_api: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_conductor: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_db_sync: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff - magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest@sha256:caba380e193264f047651728cbc7905e87d7eee846d8576778b5e7d824ec609d - manila_api: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_data: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_db_sync: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_scheduler: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - manila_share: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c - memcached: docker.io/library/memcached:1.6.17@sha256:db45886d2d48f143be64f2d46407e224b0b61df3b0056b9d5b03e8bc6a7cd74e - netoffload: ghcr.io/vexxhost/atmosphere/netoffload:main@sha256:136b37811a4352ddb2d2aeeb52c1ee403cc043511ec59afda2c65f1a33a80e18 - neutron_bagpipe_bgp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_bgp_dragent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_coredns: docker.io/coredns/coredns:1.9.3@sha256:bdb36ee882c13135669cfc2bb91c808a33926ad1a411fee07bd2dc344bb8f782 - neutron_db_sync: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_dhcp: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_ironic_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_l2gw: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_l3: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_linuxbridge_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_netns_cleanup_cron: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_openvswitch_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_ovn_metadata: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_server: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_sriov_agent_init: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - neutron_sriov_agent: ghcr.io/vexxhost/atmosphere/neutron:zed@sha256:621cf622cebc031bf367018a5c8104eb8043d2f72da0b7ac85946f58df54adc7 - node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2@sha256:24b2abfb5956b6a2a9a0f4248232838d02235d65044078c43d8bdcf29344f141 - nova_api: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_archive_deleted_rows: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_cell_setup_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - nova_cell_setup: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_compute_ironic: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_compute_ssh: ghcr.io/vexxhost/atmosphere/nova-ssh:latest@sha256:5ba950e9bd6aa07adae0befeb94a9f31cc088cc396e4e02e81c30fe5fd90a8b8 - nova_compute: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_conductor: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_consoleauth: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_db_sync: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_novncproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_novncproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_placement: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_scheduler: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_service_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - nova_spiceproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - nova_spiceproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:81ed65286167fd9ea2d6ad1129bdd36a7d8919ed24be442544e161c55083800b - oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d - octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_health_manager_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:9a659c6a058f8c169affc5850a48870be179849f08e3586e3091e566cbc9543a - octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:13ce44f4277e69e3ea3e2341d42378c9470fb5618329e87ca6f58cdee9c84d15 - openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a - openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:f017715f72dc0a48c8cc8ff9a1da9cb2c17879065ffd6c377ffabd2cff28148a - ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:2eeeb70a7cd745e3fdbdd396f611cb2bd090228a6551b1b4b9b01d0ac6a8a121 - ovn_northd: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - ovn_ovsdb_nb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - ovn_ovsdb_sb: ghcr.io/vexxhost/atmosphere/ovn-central:23.03.0-69@sha256:171a020d3db924c25c3521844a309d5007316d07cd155111670ee291d6ffe39d - pause: registry.k8s.io/pause:3.9@sha256:7031c1b283388d2c2e09b57badb803c05ebed362dc88d84b480cc47f72a21097 - percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy@sha256:f04e4fea548bfc7cb0bfc73c75c7f2c64d299cf04125a07a8101a55f0f734fed - percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0@sha256:c674d63242f1af521edfbaffae2ae02fb8d010c0557a67a9c42d2b4a50db5243 - percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2@sha256:1f978ab8912e1b5fc66570529cb7e7a4ec6a38adbfce1ece78159b0fcfa7d47a - percona_version_service: docker.io/perconalab/version-service:main-3325140@sha256:b7928130fca1e35ce7feaeec326fef836229a8b4de2f6f6ea5b6d2c7a48cd071 - placement_db_sync: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3 - placement: ghcr.io/vexxhost/atmosphere/placement:2023.2@sha256:c5bf2b2db697db1966c2fee0c6358dc79b6bac3542c619db5fb8002d666b16d3 - prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2@sha256:9f0c16b8c95c908f761d45f95bc04da9dd6482adc8dc0d88dcbc24ceeb5879a1 - prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0@sha256:4898da9cc11961a56363e8b3f3437d0f45b46585b20c79e33e97fbe7232e05d2 - prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0@sha256:fa5a2de1a4744da66fb369bee81232f5ea52208bc643e409a60f66d699ac27b2 - prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0@sha256:eb6fe170738bf9181c51f5bc89f93adb26672ec49ffdcb22f55c24834003b45d - prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0@sha256:4cb2b9019f1757be8482419002cb7afe028fdba35d47958829e4cfeaf6246d80 - prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0@sha256:286573f63840f961a6861982f7b3e8007b9a93eed77ec4476810af3286cb7fd9 - prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0@sha256:e5146a7dd5153c035fd8060899e3504b25557756ef4a4d85860a409247404f97 - prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6@sha256:5e6fdb9b2c74ad2576dd835b389d00d18ccfee21b547d1a79efb881009664099 - prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.71.2@sha256:bbf3c671e65b0c115d2196bbe7fed0bcdc59f44b7c93868cd40d1c90cbd3806e - prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2@sha256:f74ff5b7ad0b8fb60c24b77eaeab025d659e46ec15f32430adb976544305c01f - prometheus: quay.io/prometheus/prometheus:v2.49.1@sha256:beb5e30ffba08d9ae8a7961b9a2145fc8af6296ff2a4f463df7cd722fcbfc789 - rabbit_init: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a - rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1@sha256:84ce21e9e2d6ceb8b93d9daf0b7cc1550b6ed86be5b3acd8b0816eddc1b87dc2 - rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2@sha256:563908dd8d6b6ce768e463a2d9d7a9b9b4adbcd258fed02c0a8746395cfa3f0d - rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management@sha256:350ab6d773e3af45183466488fe3259df36cd6ade437b4366a59e8052458cc3a - rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0@sha256:5052e8bdb26996c62315f0707c6fb291fd84492e360cca7351e2c3fdf659be43 - rook_ceph: docker.io/rook/ceph:v1.10.10@sha256:2a65f6678c3f4e368046ee10695dce2c265cc81cd6bfd6258fc670dd18fbad5b + alertmanager: quay.io/prometheus/alertmanager:v0.26.0 + barbican_api: registry.atmosphere.dev/library/barbican:zed + barbican_db_sync: registry.atmosphere.dev/library/barbican:zed + bootstrap: registry.atmosphere.dev/library/heat:zed + ceph_config_helper: registry.atmosphere.dev/library/libvirtd:zed + ceph: quay.io/ceph/ceph:v16.2.11 + cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1 + cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1 + cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1 + cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1 + cilium_node: quay.io/cilium/cilium:v1.14.8 + cilium_operator: quay.io/cilium/operator-generic:v1.14.8 + cinder_api: registry.atmosphere.dev/library/cinder:zed + cinder_backup_storage_init: registry.atmosphere.dev/library/cinder:zed + cinder_backup: registry.atmosphere.dev/library/cinder:zed + cinder_db_sync: registry.atmosphere.dev/library/cinder:zed + cinder_scheduler: registry.atmosphere.dev/library/cinder:zed + cinder_storage_init: registry.atmosphere.dev/library/cinder:zed + cinder_volume_usage_audit: registry.atmosphere.dev/library/cinder:zed + cinder_volume: registry.atmosphere.dev/library/cinder:zed + cluster_api_controller: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.0 + cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0 + cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0 + cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0 + csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0 + csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0 + csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1 + csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0 + csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0 + csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0 + db_drop: registry.atmosphere.dev/library/heat:zed + db_init: registry.atmosphere.dev/library/heat:zed + dep_check: registry.atmosphere.dev/library/kubernetes-entrypoint:zed + designate_api: registry.atmosphere.dev/library/designate:zed + designate_central: registry.atmosphere.dev/library/designate:zed + designate_db_sync: registry.atmosphere.dev/library/designate:zed + designate_mdns: registry.atmosphere.dev/library/designate:zed + designate_producer: registry.atmosphere.dev/library/designate:zed + designate_sink: registry.atmosphere.dev/library/designate:zed + designate_worker: registry.atmosphere.dev/library/designate:zed + glance_api: registry.atmosphere.dev/library/glance:zed + glance_db_sync: registry.atmosphere.dev/library/glance:zed + glance_metadefs_load: registry.atmosphere.dev/library/glance:zed + glance_registry: registry.atmosphere.dev/library/glance:zed + glance_storage_init: registry.atmosphere.dev/library/glance:zed + grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.25.2 + grafana: docker.io/grafana/grafana:10.3.3 + haproxy: docker.io/library/haproxy:2.5 + heat_api: registry.atmosphere.dev/library/heat:zed + heat_cfn: registry.atmosphere.dev/library/heat:zed + heat_cloudwatch: registry.atmosphere.dev/library/heat:zed + heat_db_sync: registry.atmosphere.dev/library/heat:zed + heat_engine_cleaner: registry.atmosphere.dev/library/heat:zed + heat_engine: registry.atmosphere.dev/library/heat:zed + heat_purge_deleted: registry.atmosphere.dev/library/heat:zed + horizon_db_sync: registry.atmosphere.dev/library/horizon:zed + horizon: registry.atmosphere.dev/library/horizon:zed + ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1 + ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5 + ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + keepalived: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19 + keycloak: quay.io/keycloak/keycloak:22.0.1-0 + keystone_api: registry.atmosphere.dev/library/keystone:zed + keystone_credential_cleanup: registry.atmosphere.dev/library/heat:zed + keystone_credential_rotate: registry.atmosphere.dev/library/keystone:zed + keystone_credential_setup: registry.atmosphere.dev/library/keystone:zed + keystone_db_sync: registry.atmosphere.dev/library/keystone:zed + keystone_domain_manage: registry.atmosphere.dev/library/heat:zed + keystone_fernet_rotate: registry.atmosphere.dev/library/keystone:zed + keystone_fernet_setup: registry.atmosphere.dev/library/keystone:zed + ks_endpoints: registry.atmosphere.dev/library/heat:zed + ks_service: registry.atmosphere.dev/library/heat:zed + ks_user: registry.atmosphere.dev/library/heat:zed + kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17 + kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17 + kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4 + kube_etcd: registry.k8s.io/etcd:3.5.6-0 + kube_proxy: registry.k8s.io/kube-proxy:v1.22.17 + kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17 + kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1 + kubectl: docker.io/bitnami/kubectl:1.27.3 + libvirt: registry.atmosphere.dev/library/libvirtd:zed + libvirt_tls_sidecar: registry.atmosphere.dev/library/libvirt-tls-sidecar:zed + libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest + local_path_provisioner_helper: docker.io/library/busybox:1.36.0 + local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24 + loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine + loki: docker.io/grafana/loki:2.7.3 + magnum_api: registry.atmosphere.dev/library/magnum:zed + magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:zed + magnum_conductor: registry.atmosphere.dev/library/magnum:zed + magnum_db_sync: registry.atmosphere.dev/library/magnum:zed + magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest + manila_api: registry.atmosphere.dev/library/manila:zed + manila_data: registry.atmosphere.dev/library/manila:zed + manila_db_sync: registry.atmosphere.dev/library/manila:zed + manila_scheduler: registry.atmosphere.dev/library/manila:zed + manila_share: registry.atmosphere.dev/library/manila:zed + memcached: docker.io/library/memcached:1.6.17 + netoffload: registry.atmosphere.dev/library/netoffload:zed + neutron_bagpipe_bgp: registry.atmosphere.dev/library/neutron:zed + neutron_bgp_dragent: registry.atmosphere.dev/library/neutron:zed + neutron_coredns: docker.io/coredns/coredns:1.9.3 + neutron_db_sync: registry.atmosphere.dev/library/neutron:zed + neutron_dhcp: registry.atmosphere.dev/library/neutron:zed + neutron_ironic_agent: registry.atmosphere.dev/library/neutron:zed + neutron_l2gw: registry.atmosphere.dev/library/neutron:zed + neutron_l3: registry.atmosphere.dev/library/neutron:zed + neutron_linuxbridge_agent: registry.atmosphere.dev/library/neutron:zed + neutron_metadata: registry.atmosphere.dev/library/neutron:zed + neutron_netns_cleanup_cron: registry.atmosphere.dev/library/neutron:zed + neutron_openvswitch_agent: registry.atmosphere.dev/library/neutron:zed + neutron_ovn_metadata: registry.atmosphere.dev/library/neutron:zed + neutron_server: registry.atmosphere.dev/library/neutron:zed + neutron_sriov_agent_init: registry.atmosphere.dev/library/neutron:zed + neutron_sriov_agent: registry.atmosphere.dev/library/neutron:zed + node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2 + nova_api: registry.atmosphere.dev/library/nova:zed + nova_archive_deleted_rows: registry.atmosphere.dev/library/nova:zed + nova_cell_setup_init: registry.atmosphere.dev/library/heat:zed + nova_cell_setup: registry.atmosphere.dev/library/nova:zed + nova_compute_ironic: registry.atmosphere.dev/library/nova:zed + nova_compute_ssh: registry.atmosphere.dev/library/nova-ssh:zed + nova_compute: registry.atmosphere.dev/library/nova:zed + nova_conductor: registry.atmosphere.dev/library/nova:zed + nova_consoleauth: registry.atmosphere.dev/library/nova:zed + nova_db_sync: registry.atmosphere.dev/library/nova:zed + nova_novncproxy_assets: registry.atmosphere.dev/library/nova:zed + nova_novncproxy: registry.atmosphere.dev/library/nova:zed + nova_placement: registry.atmosphere.dev/library/nova:zed + nova_scheduler: registry.atmosphere.dev/library/nova:zed + nova_service_cleaner: registry.atmosphere.dev/library/heat:zed + nova_spiceproxy_assets: registry.atmosphere.dev/library/nova:zed + nova_spiceproxy: registry.atmosphere.dev/library/nova:zed + oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 + octavia_api: registry.atmosphere.dev/library/octavia:zed + octavia_db_sync: registry.atmosphere.dev/library/octavia:zed + octavia_health_manager_init: registry.atmosphere.dev/library/heat:zed + octavia_health_manager: registry.atmosphere.dev/library/octavia:zed + octavia_housekeeping: registry.atmosphere.dev/library/octavia:zed + octavia_worker: registry.atmosphere.dev/library/octavia:zed + openvswitch_db_server: registry.atmosphere.dev/library/openvswitch:zed + openvswitch_vswitchd: registry.atmosphere.dev/library/openvswitch:zed + ovn_controller: registry.atmosphere.dev/library/ovn-host:zed + ovn_northd: registry.atmosphere.dev/library/ovn-central:zed + ovn_ovsdb_nb: registry.atmosphere.dev/library/ovn-central:zed + ovn_ovsdb_sb: registry.atmosphere.dev/library/ovn-central:zed + pause: registry.k8s.io/pause:3.9 + percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy + percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0 + percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2 + percona_version_service: docker.io/perconalab/version-service:main-3325140 + placement_db_sync: registry.atmosphere.dev/library/placement:zed + placement: registry.atmosphere.dev/library/placement:zed + prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2 + prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0 + prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0 + prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0 + prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0 + prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0 + prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0 + prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 + prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.71.2 + prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2 + prometheus: quay.io/prometheus/prometheus:v2.49.1 + rabbit_init: docker.io/library/rabbitmq:3.10.2-management + rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1 + rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2 + rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management + rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0 + rook_ceph: docker.io/rook/ceph:v1.10.10 secretgen_controller: ghcr.io/carvel-dev/secretgen-controller@sha256:59ec05ce5847bfd70c8e04f08b5195e918c8f6fbb947ffc91b456494a2958fd5 - senlin_api: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_conductor: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_db_sync: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_engine_cleaner: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_engine: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - senlin_health_manager: ghcr.io/vexxhost/atmosphere/senlin:2023.2@sha256:fe825c07a9e4fb17282b47f978c3d3254e990352d55e359f51dd3d7f198b4f55 - staffeln_db_sync: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - staffeln_conductor: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - staffeln_api: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:9e6e65c11c6722a6fb76d876fac408570f6dc5d78eb6112d9a90b4f6bb88242c - tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:fb60541043884a5f5850ad225a3ff989bf667edc034ab5767f15109afc00b5dc - vector: docker.io/timberio/vector:0.27.0-debian@sha256:29f23dab76fa306b67b10eac3e9decdb01c906f8aa3b00a2f5b2e8ae088b84e0 + senlin_api: registry.atmosphere.dev/library/senlin:zed + senlin_conductor: registry.atmosphere.dev/library/senlin:zed + senlin_db_sync: registry.atmosphere.dev/library/senlin:zed + senlin_engine_cleaner: registry.atmosphere.dev/library/senlin:zed + senlin_engine: registry.atmosphere.dev/library/senlin:zed + senlin_health_manager: registry.atmosphere.dev/library/senlin:zed + staffeln_db_sync: registry.atmosphere.dev/library/staffeln:zed + staffeln_conductor: registry.atmosphere.dev/library/staffeln:zed + staffeln_api: registry.atmosphere.dev/library/staffeln:zed + tempest_run_tests: registry.atmosphere.dev/library/tempest:zed + vector: docker.io/timberio/vector:0.27.0-debian atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True) }}' diff --git a/zuul.d/container-images/barbican.yaml b/zuul.d/container-images/barbican.yaml new file mode 100644 index 000000000..15c371c40 --- /dev/null +++ b/zuul.d/container-images/barbican.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-barbican + gate: + jobs: + - atmosphere-upload-container-image-barbican + promote: + jobs: + - atmosphere-promote-container-image-barbican + +- job: + name: atmosphere-build-container-image-barbican + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-barbican + container_images: + - context: images/barbican + repository: registry.atmosphere.dev/library/barbican + arch: + - linux/amd64 + build_args: + - PROJECT=barbican + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/barbican/.* + +- job: + name: atmosphere-upload-container-image-barbican + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-barbican + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/base.yaml b/zuul.d/container-images/base.yaml new file mode 100644 index 000000000..6e33526a9 --- /dev/null +++ b/zuul.d/container-images/base.yaml @@ -0,0 +1,65 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-buildset-registry + gate: + jobs: + - atmosphere-buildset-registry + +- job: + name: atmosphere-buildset-registry + parent: ci-buildset-registry + +- job: + name: atmosphere-build-container-image + parent: ci-build-container-image + abstract: true + dependencies: + - name: atmosphere-buildset-registry + soft: false + vars: &image_vars + container_command: docker + promote_container_image_method: intermediate-registry + buildset_registry_namespaces: + - ['docker.io', 'https://registry-1.docker.io'] + - ['quay.io', 'https://quay.io'] + - ['gcr.io', 'https://gcr.io'] + - ['registry.atmosphere.dev', 'https://registry.atmosphere.dev'] + +- job: + name: atmosphere-upload-container-image + parent: ci-upload-container-image + abstract: true + dependencies: + - name: atmosphere-buildset-registry + soft: false + secrets: + name: container_registry_credentials + secret: atmosphere-registry-credentials + pass-to-parent: true + vars: *image_vars + +- job: + name: atmosphere-promote-container-image + parent: ci-promote-container-image + secrets: + name: container_registry_credentials + secret: atmosphere-registry-credentials + pass-to-parent: true + nodeset: + nodes: [] + vars: *image_vars diff --git a/zuul.d/container-images/cinder.yaml b/zuul.d/container-images/cinder.yaml new file mode 100644 index 000000000..3878407f6 --- /dev/null +++ b/zuul.d/container-images/cinder.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-cinder + gate: + jobs: + - atmosphere-upload-container-image-cinder + promote: + jobs: + - atmosphere-promote-container-image-cinder + +- job: + name: atmosphere-build-container-image-cinder + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-cinder + container_images: + - context: images/cinder + repository: registry.atmosphere.dev/library/cinder + arch: + - linux/amd64 + build_args: + - PROJECT=cinder + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/cinder/.* + +- job: + name: atmosphere-upload-container-image-cinder + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-cinder + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/cluster-api-provider-openstack.yaml b/zuul.d/container-images/cluster-api-provider-openstack.yaml new file mode 100644 index 000000000..5788c886f --- /dev/null +++ b/zuul.d/container-images/cluster-api-provider-openstack.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-cluster-api-provider-openstack + gate: + jobs: + - atmosphere-upload-container-image-cluster-api-provider-openstack + promote: + jobs: + - atmosphere-promote-container-image-cluster-api-provider-openstack + +- job: + name: atmosphere-build-container-image-cluster-api-provider-openstack + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-cluster-api-provider-openstack + container_images: + - context: images/cluster-api-provider-openstack + repository: registry.atmosphere.dev/library/capi-openstack-controller + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/cluster-api-provider-openstack/.* + +- job: + name: atmosphere-upload-container-image-cluster-api-provider-openstack + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-cluster-api-provider-openstack + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/designate.yaml b/zuul.d/container-images/designate.yaml new file mode 100644 index 000000000..eeb2fd199 --- /dev/null +++ b/zuul.d/container-images/designate.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-designate + gate: + jobs: + - atmosphere-upload-container-image-designate + promote: + jobs: + - atmosphere-promote-container-image-designate + +- job: + name: atmosphere-build-container-image-designate + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-designate + container_images: + - context: images/designate + repository: registry.atmosphere.dev/library/designate + arch: + - linux/amd64 + build_args: + - PROJECT=designate + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/designate/.* + +- job: + name: atmosphere-upload-container-image-designate + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-designate + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/glance.yaml b/zuul.d/container-images/glance.yaml new file mode 100644 index 000000000..e2ec62c7e --- /dev/null +++ b/zuul.d/container-images/glance.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-glance + gate: + jobs: + - atmosphere-upload-container-image-glance + promote: + jobs: + - atmosphere-promote-container-image-glance + +- job: + name: atmosphere-build-container-image-glance + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-glance + container_images: + - context: images/glance + repository: registry.atmosphere.dev/library/glance + arch: + - linux/amd64 + build_args: + - PROJECT=glance + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/glance/.* + +- job: + name: atmosphere-upload-container-image-glance + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-glance + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/heat.yaml b/zuul.d/container-images/heat.yaml new file mode 100644 index 000000000..549035691 --- /dev/null +++ b/zuul.d/container-images/heat.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-heat + gate: + jobs: + - atmosphere-upload-container-image-heat + promote: + jobs: + - atmosphere-promote-container-image-heat + +- job: + name: atmosphere-build-container-image-heat + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-heat + container_images: + - context: images/heat + repository: registry.atmosphere.dev/library/heat + arch: + - linux/amd64 + build_args: + - PROJECT=heat + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/heat/.* + +- job: + name: atmosphere-upload-container-image-heat + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-heat + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/horizon.yaml b/zuul.d/container-images/horizon.yaml new file mode 100644 index 000000000..096d510cd --- /dev/null +++ b/zuul.d/container-images/horizon.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-horizon + gate: + jobs: + - atmosphere-upload-container-image-horizon + promote: + jobs: + - atmosphere-promote-container-image-horizon + +- job: + name: atmosphere-build-container-image-horizon + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-horizon + container_images: + - context: images/horizon + repository: registry.atmosphere.dev/library/horizon + arch: + - linux/amd64 + build_args: + - PROJECT=horizon + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/horizon/.* + +- job: + name: atmosphere-upload-container-image-horizon + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-horizon + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ironic.yaml b/zuul.d/container-images/ironic.yaml new file mode 100644 index 000000000..872780787 --- /dev/null +++ b/zuul.d/container-images/ironic.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ironic + gate: + jobs: + - atmosphere-upload-container-image-ironic + promote: + jobs: + - atmosphere-promote-container-image-ironic + +- job: + name: atmosphere-build-container-image-ironic + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ironic + container_images: + - context: images/ironic + repository: registry.atmosphere.dev/library/ironic + arch: + - linux/amd64 + build_args: + - PROJECT=ironic + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/ironic/.* + +- job: + name: atmosphere-upload-container-image-ironic + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ironic + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/keystone.yaml b/zuul.d/container-images/keystone.yaml new file mode 100644 index 000000000..2c832231a --- /dev/null +++ b/zuul.d/container-images/keystone.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-keystone + gate: + jobs: + - atmosphere-upload-container-image-keystone + promote: + jobs: + - atmosphere-promote-container-image-keystone + +- job: + name: atmosphere-build-container-image-keystone + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-keystone + container_images: + - context: images/keystone + repository: registry.atmosphere.dev/library/keystone + arch: + - linux/amd64 + build_args: + - PROJECT=keystone + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/keystone/.* + +- job: + name: atmosphere-upload-container-image-keystone + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-keystone + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/kubernetes-entrypoint.yaml b/zuul.d/container-images/kubernetes-entrypoint.yaml new file mode 100644 index 000000000..40ec23a63 --- /dev/null +++ b/zuul.d/container-images/kubernetes-entrypoint.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-kubernetes-entrypoint + gate: + jobs: + - atmosphere-upload-container-image-kubernetes-entrypoint + promote: + jobs: + - atmosphere-promote-container-image-kubernetes-entrypoint + +- job: + name: atmosphere-build-container-image-kubernetes-entrypoint + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-kubernetes-entrypoint + container_images: + - context: images/kubernetes-entrypoint + repository: registry.atmosphere.dev/library/kubernetes-entrypoint + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/kubernetes-entrypoint/.* + +- job: + name: atmosphere-upload-container-image-kubernetes-entrypoint + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-kubernetes-entrypoint + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/libvirt-tls-sidecar.yaml b/zuul.d/container-images/libvirt-tls-sidecar.yaml new file mode 100644 index 000000000..a3e475762 --- /dev/null +++ b/zuul.d/container-images/libvirt-tls-sidecar.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-libvirt-tls-sidecar + gate: + jobs: + - atmosphere-upload-container-image-libvirt-tls-sidecar + promote: + jobs: + - atmosphere-promote-container-image-libvirt-tls-sidecar + +- job: + name: atmosphere-build-container-image-libvirt-tls-sidecar + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-libvirt-tls-sidecar + container_images: + - context: . + target: libvirt-tls-sidecar + repository: registry.atmosphere.dev/library/libvirt-tls-sidecar + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - go.mod + - go.sum + - cmd/.* + - internal/.* + - Dockerfile + +- job: + name: atmosphere-upload-container-image-libvirt-tls-sidecar + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-libvirt-tls-sidecar + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/libvirtd.yaml b/zuul.d/container-images/libvirtd.yaml new file mode 100644 index 000000000..6713e4ba9 --- /dev/null +++ b/zuul.d/container-images/libvirtd.yaml @@ -0,0 +1,69 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-libvirtd + gate: + jobs: + - atmosphere-upload-container-image-libvirtd + promote: + jobs: + - atmosphere-promote-container-image-libvirtd + +- job: + name: atmosphere-build-container-image-libvirtd + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-openstack-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-libvirtd + container_images: + - context: images/libvirtd + repository: registry.atmosphere.dev/library/libvirtd + arch: + - linux/amd64 + build_args: + - PROJECT=nova + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/openstack-runtime/.* + +- job: + name: atmosphere-upload-container-image-libvirtd + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-openstack-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-libvirtd + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/magnum.yaml b/zuul.d/container-images/magnum.yaml new file mode 100644 index 000000000..96eb257a3 --- /dev/null +++ b/zuul.d/container-images/magnum.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-magnum + gate: + jobs: + - atmosphere-upload-container-image-magnum + promote: + jobs: + - atmosphere-promote-container-image-magnum + +- job: + name: atmosphere-build-container-image-magnum + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-magnum + container_images: + - context: images/magnum + repository: registry.atmosphere.dev/library/magnum + arch: + - linux/amd64 + build_args: + - PROJECT=magnum + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/magnum/.* + +- job: + name: atmosphere-upload-container-image-magnum + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-magnum + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/manila.yaml b/zuul.d/container-images/manila.yaml new file mode 100644 index 000000000..11bca9364 --- /dev/null +++ b/zuul.d/container-images/manila.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-manila + gate: + jobs: + - atmosphere-upload-container-image-manila + promote: + jobs: + - atmosphere-promote-container-image-manila + +- job: + name: atmosphere-build-container-image-manila + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-manila + container_images: + - context: images/manila + repository: registry.atmosphere.dev/library/manila + arch: + - linux/amd64 + build_args: + - PROJECT=manila + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/manila/.* + +- job: + name: atmosphere-upload-container-image-manila + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-manila + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/netoffload.yaml b/zuul.d/container-images/netoffload.yaml new file mode 100644 index 000000000..0d8fde1c2 --- /dev/null +++ b/zuul.d/container-images/netoffload.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-netoffload + gate: + jobs: + - atmosphere-upload-container-image-netoffload + promote: + jobs: + - atmosphere-promote-container-image-netoffload + +- job: + name: atmosphere-build-container-image-netoffload + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-netoffload + container_images: + - context: images/netoffload + repository: registry.atmosphere.dev/library/netoffload + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/netoffload/.* + +- job: + name: atmosphere-upload-container-image-netoffload + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-netoffload + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/neutron.yaml b/zuul.d/container-images/neutron.yaml new file mode 100644 index 000000000..2c46f2adb --- /dev/null +++ b/zuul.d/container-images/neutron.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-neutron + gate: + jobs: + - atmosphere-upload-container-image-neutron + promote: + jobs: + - atmosphere-promote-container-image-neutron + +- job: + name: atmosphere-build-container-image-neutron + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-neutron + container_images: + - context: images/neutron + repository: registry.atmosphere.dev/library/neutron + arch: + - linux/amd64 + build_args: + - PROJECT=neutron + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/neutron/.* + +- job: + name: atmosphere-upload-container-image-neutron + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-neutron + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/nova-ssh.yaml b/zuul.d/container-images/nova-ssh.yaml new file mode 100644 index 000000000..68a40c7f2 --- /dev/null +++ b/zuul.d/container-images/nova-ssh.yaml @@ -0,0 +1,70 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-nova-ssh + gate: + jobs: + - atmosphere-upload-container-image-nova-ssh + promote: + jobs: + - atmosphere-promote-container-image-nova-ssh + +- job: + name: atmosphere-build-container-image-nova-ssh + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-openstack-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-nova-ssh + container_images: + - context: images/nova-ssh + repository: registry.atmosphere.dev/library/nova-ssh + arch: + - linux/amd64 + build_args: + - PROJECT=nova + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/openstack-runtime/.* + - images/nova-ssh/.* + +- job: + name: atmosphere-upload-container-image-nova-ssh + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-openstack-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-nova-ssh + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/nova.yaml b/zuul.d/container-images/nova.yaml new file mode 100644 index 000000000..b78c251d8 --- /dev/null +++ b/zuul.d/container-images/nova.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-nova + gate: + jobs: + - atmosphere-upload-container-image-nova + promote: + jobs: + - atmosphere-promote-container-image-nova + +- job: + name: atmosphere-build-container-image-nova + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-nova + container_images: + - context: images/nova + repository: registry.atmosphere.dev/library/nova + arch: + - linux/amd64 + build_args: + - PROJECT=nova + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/nova/.* + +- job: + name: atmosphere-upload-container-image-nova + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-nova + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/octavia.yaml b/zuul.d/container-images/octavia.yaml new file mode 100644 index 000000000..1fc3a46bf --- /dev/null +++ b/zuul.d/container-images/octavia.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-octavia + gate: + jobs: + - atmosphere-upload-container-image-octavia + promote: + jobs: + - atmosphere-promote-container-image-octavia + +- job: + name: atmosphere-build-container-image-octavia + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-octavia + container_images: + - context: images/octavia + repository: registry.atmosphere.dev/library/octavia + arch: + - linux/amd64 + build_args: + - PROJECT=octavia + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/octavia/.* + +- job: + name: atmosphere-upload-container-image-octavia + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-octavia + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openstack-python-runtime.yaml b/zuul.d/container-images/openstack-python-runtime.yaml new file mode 100644 index 000000000..efb1efa3e --- /dev/null +++ b/zuul.d/container-images/openstack-python-runtime.yaml @@ -0,0 +1,70 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openstack-python-runtime + gate: + jobs: + - atmosphere-upload-container-image-openstack-python-runtime + promote: + jobs: + - atmosphere-promote-container-image-openstack-python-runtime + +- job: + name: atmosphere-build-container-image-openstack-python-runtime + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openstack-python-runtime + container_images: + - context: images/openstack-runtime + repository: registry.atmosphere.dev/library/openstack-python-runtime + arch: + - linux/amd64 + build_args: + - FROM=registry.atmosphere.dev/library/python-base:zed + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-runtime/.* + +- job: + name: atmosphere-upload-container-image-openstack-python-runtime + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openstack-python-runtime + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openstack-runtime.yaml b/zuul.d/container-images/openstack-runtime.yaml new file mode 100644 index 000000000..379074ae6 --- /dev/null +++ b/zuul.d/container-images/openstack-runtime.yaml @@ -0,0 +1,63 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openstack-runtime + gate: + jobs: + - atmosphere-upload-container-image-openstack-runtime + promote: + jobs: + - atmosphere-promote-container-image-openstack-runtime + +- job: + name: atmosphere-build-container-image-openstack-runtime + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openstack-runtime + container_images: + - context: images/openstack-runtime + repository: registry.atmosphere.dev/library/openstack-runtime + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/openstack-runtime/.* + +- job: + name: atmosphere-upload-container-image-openstack-runtime + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openstack-runtime + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openstack-venv-builder.yaml b/zuul.d/container-images/openstack-venv-builder.yaml new file mode 100644 index 000000000..376d68e38 --- /dev/null +++ b/zuul.d/container-images/openstack-venv-builder.yaml @@ -0,0 +1,68 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openstack-venv-builder + gate: + jobs: + - atmosphere-upload-container-image-openstack-venv-builder + promote: + jobs: + - atmosphere-promote-container-image-openstack-venv-builder + +- job: + name: atmosphere-build-container-image-openstack-venv-builder + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openstack-venv-builder + container_images: + - context: images/openstack-venv-builder + repository: registry.atmosphere.dev/library/openstack-venv-builder + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + +- job: + name: atmosphere-upload-container-image-openstack-venv-builder + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openstack-venv-builder + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/openvswitch.yaml b/zuul.d/container-images/openvswitch.yaml new file mode 100644 index 000000000..29383813f --- /dev/null +++ b/zuul.d/container-images/openvswitch.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-openvswitch + gate: + jobs: + - atmosphere-upload-container-image-openvswitch + promote: + jobs: + - atmosphere-promote-container-image-openvswitch + +- job: + name: atmosphere-build-container-image-openvswitch + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-openvswitch + container_images: + - context: images/openvswitch + repository: registry.atmosphere.dev/library/openvswitch + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/openvswitch/.* + +- job: + name: atmosphere-upload-container-image-openvswitch + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-openvswitch + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ovn.yaml b/zuul.d/container-images/ovn.yaml new file mode 100644 index 000000000..6650af8a8 --- /dev/null +++ b/zuul.d/container-images/ovn.yaml @@ -0,0 +1,68 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ovn + gate: + jobs: + - atmosphere-upload-container-image-ovn + promote: + jobs: + - atmosphere-promote-container-image-ovn + +- job: + name: atmosphere-build-container-image-ovn + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-openvswitch + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ovn + container_images: + - context: images/ovn + repository: registry.atmosphere.dev/library/ovn-central + arch: + - linux/amd64 + build_args: + - OVN_COMPONENT=central + tags: + - zed + - context: images/ovn + repository: registry.atmosphere.dev/library/ovn-host + arch: + - linux/amd64 + build_args: + - OVN_COMPONENT=host + tags: + - zed + files: &container_image_files + - images/openvswitch/.* + - images/ovn/.* + +- job: + name: atmosphere-upload-container-image-ovn + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-openvswitch + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ovn + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/placement.yaml b/zuul.d/container-images/placement.yaml new file mode 100644 index 000000000..f4fbd800b --- /dev/null +++ b/zuul.d/container-images/placement.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-placement + gate: + jobs: + - atmosphere-upload-container-image-placement + promote: + jobs: + - atmosphere-promote-container-image-placement + +- job: + name: atmosphere-build-container-image-placement + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-placement + container_images: + - context: images/placement + repository: registry.atmosphere.dev/library/placement + arch: + - linux/amd64 + build_args: + - PROJECT=placement + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/placement/.* + +- job: + name: atmosphere-upload-container-image-placement + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-placement + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/python-base.yaml b/zuul.d/container-images/python-base.yaml new file mode 100644 index 000000000..22fef491f --- /dev/null +++ b/zuul.d/container-images/python-base.yaml @@ -0,0 +1,63 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-python-base + gate: + jobs: + - atmosphere-upload-container-image-python-base + promote: + jobs: + - atmosphere-promote-container-image-python-base + +- job: + name: atmosphere-build-container-image-python-base + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-python-base + container_images: + - context: images/python-base + repository: registry.atmosphere.dev/library/python-base + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + +- job: + name: atmosphere-upload-container-image-python-base + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-python-base + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/senlin.yaml b/zuul.d/container-images/senlin.yaml new file mode 100644 index 000000000..fb77c5d4c --- /dev/null +++ b/zuul.d/container-images/senlin.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-senlin + gate: + jobs: + - atmosphere-upload-container-image-senlin + promote: + jobs: + - atmosphere-promote-container-image-senlin + +- job: + name: atmosphere-build-container-image-senlin + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-senlin + container_images: + - context: images/senlin + repository: registry.atmosphere.dev/library/senlin + arch: + - linux/amd64 + build_args: + - PROJECT=senlin + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/senlin/.* + +- job: + name: atmosphere-upload-container-image-senlin + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-senlin + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/staffeln.yaml b/zuul.d/container-images/staffeln.yaml new file mode 100644 index 000000000..5cf8deedf --- /dev/null +++ b/zuul.d/container-images/staffeln.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-staffeln + gate: + jobs: + - atmosphere-upload-container-image-staffeln + promote: + jobs: + - atmosphere-promote-container-image-staffeln + +- job: + name: atmosphere-build-container-image-staffeln + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-staffeln + container_images: + - context: images/staffeln + repository: registry.atmosphere.dev/library/staffeln + arch: + - linux/amd64 + build_args: + - PROJECT=staffeln + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/staffeln/.* + +- job: + name: atmosphere-upload-container-image-staffeln + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-staffeln + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/tempest.yaml b/zuul.d/container-images/tempest.yaml new file mode 100644 index 000000000..86cf038e1 --- /dev/null +++ b/zuul.d/container-images/tempest.yaml @@ -0,0 +1,80 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-tempest + gate: + jobs: + - atmosphere-upload-container-image-tempest + promote: + jobs: + - atmosphere-promote-container-image-tempest + +- job: + name: atmosphere-build-container-image-tempest + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + - name: atmosphere-build-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-build-container-image-python-base + soft: true + - name: atmosphere-build-container-image-openstack-venv-builder + soft: true + - name: atmosphere-build-container-image-openstack-python-runtime + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-tempest + container_images: + - context: images/tempest + repository: registry.atmosphere.dev/library/tempest + arch: + - linux/amd64 + build_args: + - PROJECT=tempest + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + - images/python-base/.* + - images/openstack-venv-builder/.* + - images/openstack-python-runtime/.* + - images/tempest/.* + +- job: + name: atmosphere-upload-container-image-tempest + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + - name: atmosphere-upload-container-image-ubuntu-cloud-archive + soft: true + - name: atmosphere-upload-container-image-python-base + soft: true + - name: atmosphere-upload-container-image-openstack-venv-builder + soft: true + - name: atmosphere-upload-container-image-openstack-python-runtime + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-tempest + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ubuntu-cloud-archive.yaml b/zuul.d/container-images/ubuntu-cloud-archive.yaml new file mode 100644 index 000000000..fc10eab4d --- /dev/null +++ b/zuul.d/container-images/ubuntu-cloud-archive.yaml @@ -0,0 +1,58 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ubuntu-cloud-archive + gate: + jobs: + - atmosphere-upload-container-image-ubuntu-cloud-archive + promote: + jobs: + - atmosphere-promote-container-image-ubuntu-cloud-archive + +- job: + name: atmosphere-build-container-image-ubuntu-cloud-archive + parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ubuntu-cloud-archive + container_images: + - context: images/ubuntu-cloud-archive + repository: registry.atmosphere.dev/library/ubuntu-cloud-archive + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + - images/ubuntu-cloud-archive/.* + +- job: + name: atmosphere-upload-container-image-ubuntu-cloud-archive + parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ubuntu-cloud-archive + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/container-images/ubuntu.yaml b/zuul.d/container-images/ubuntu.yaml new file mode 100644 index 000000000..466079ad3 --- /dev/null +++ b/zuul.d/container-images/ubuntu.yaml @@ -0,0 +1,51 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-build-container-image-ubuntu + gate: + jobs: + - atmosphere-upload-container-image-ubuntu + promote: + jobs: + - atmosphere-promote-container-image-ubuntu + +- job: + name: atmosphere-build-container-image-ubuntu + parent: atmosphere-build-container-image + vars: &container_image_vars + promote_container_image_job: atmosphere-upload-container-image-ubuntu + container_images: + - context: images/ubuntu + repository: registry.atmosphere.dev/library/ubuntu + arch: + - linux/amd64 + tags: + - zed + files: &container_image_files + - images/ubuntu/.* + +- job: + name: atmosphere-upload-container-image-ubuntu + parent: atmosphere-upload-container-image + vars: *container_image_vars + files: *container_image_files + +- job: + name: atmosphere-promote-container-image-ubuntu + parent: atmosphere-promote-container-image + vars: *container_image_vars + files: *container_image_files diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 9a3382883..0ba4adb06 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -12,20 +12,6 @@ # License for the specific language governing permissions and limitations # under the License. -- job: - name: atmosphere-buildset-registry - pre-run: zuul.d/playbooks/buildset-registry/pre.yml - run: zuul.d/playbooks/buildset-registry/run.yml - ansible-split-streams: true - -- job: - name: atmosphere-upload-images - parent: atmosphere-buildset-registry - run: zuul.d/playbooks/buildset-registry/run.yml - secrets: - - registry_credentials - - cosign_key - - job: name: atmosphere-molecule parent: tox @@ -33,15 +19,6 @@ pre-run: zuul.d/playbooks/molecule/pre.yml run: zuul.d/playbooks/molecule/run.yml post-run: zuul.d/playbooks/molecule/post.yml - dependencies: - - atmosphere-buildset-registry - -- job: - name: atmosphere-molecule-keycloak - parent: atmosphere-molecule - pre-run: zuul.d/playbooks/molecule-keycloak/pre.yml - vars: - tox_envlist: molecule-keycloak - job: name: atmosphere-molecule-csi @@ -64,11 +41,22 @@ name: atmosphere-molecule-aio parent: atmosphere-molecule abstract: true - timeout: 7200 pre-run: zuul.d/playbooks/molecule-aio/pre.yml post-run: zuul.d/playbooks/molecule-aio/post.yml roles: - zuul: openstack/openstack-helm-infra + +- job: + name: atmosphere-molecule-aio-keycloak + parent: atmosphere-molecule-aio + vars: + tox_envlist: molecule-keycloak + +- job: + name: atmosphere-molecule-aio-full + parent: atmosphere-molecule-aio + abstract: true + timeout: 7200 nodeset: nodes: - name: ubuntu-jammy @@ -76,13 +64,13 @@ - job: name: atmosphere-molecule-aio-openvswitch - parent: atmosphere-molecule-aio + parent: atmosphere-molecule-aio-full vars: tox_envlist: molecule-aio-openvswitch - job: name: atmosphere-molecule-aio-ovn - parent: atmosphere-molecule-aio + parent: atmosphere-molecule-aio-full # NOTE(mnaser): https://github.com/vexxhost/atmosphere/issues/662 voting: false vars: diff --git a/zuul.d/playbooks/buildset-registry/run.yml b/zuul.d/playbooks/buildset-registry/run.yml deleted file mode 100644 index 7f8118c21..000000000 --- a/zuul.d/playbooks/buildset-registry/run.yml +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright (c) 2024 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Build images - hosts: all - tasks: - # NOTE(mnaser): This can be removed once the following merges - # https://review.opendev.org/c/zuul/zuul-jobs/+/915025 - - name: Load "buildset_registry" fact - block: - - name: Check for results.json - stat: - path: "{{ zuul.executor.result_data_file }}" - register: result_json_stat - delegate_to: localhost - - name: Load information from zuul_return - no_log: true - set_fact: - buildset_registry: "{{ (lookup('file', zuul.executor.result_data_file) | from_json)['secret_data']['buildset_registry'] }}" - when: - - buildset_registry is not defined - - result_json_stat.stat.exists - - result_json_stat.stat.size > 0 - - "'buildset_registry' in (lookup('file', zuul.executor.result_data_file) | from_json).get('secret_data')" - - - name: Configure Buildkit certificates - when: buildset_registry is defined and buildset_registry.cert - become: true - block: - - name: Create a folder for the certificates - ansible.builtin.file: - path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}" - state: directory - - name: Copy the certificate - ansible.builtin.copy: - content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" - - name: Create a buildkitd.toml file - ansible.builtin.copy: - dest: /etc/buildkitd.toml - content: | - [registry."{{ buildset_registry.host }}:{{ buildset_registry.port }}"] - ca=["/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"] - - - name: Create builder - ansible.builtin.shell: docker buildx create --name=atmosphere --driver=docker-container {% if buildset_registry.cert %}--config /etc/buildkitd.toml{% endif %} - - - name: Point registry to Atmosphere if in post pipeline - when: zuul.pipeline == 'post' - no_log: true - ansible.builtin.set_fact: - buildset_registry: - host: registry.atmosphere.dev - port: 443 - username: "{{ registry_credentials.username }}" - password: "{{ registry_credentials.password }}" - - - name: Log into registry - docker_login: - registry: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}" - username: "{{ buildset_registry.username }}" - password: "{{ buildset_registry.password }}" - - - name: Build images - ansible.builtin.shell: | - docker buildx bake --builder=atmosphere --provenance --sbom=true --push - args: - chdir: "{{ zuul.project.src_dir }}" - environment: - REGISTRY: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}/library" - PUSH_TO_CACHE: "{{ zuul.pipeline == 'post' }}" - - - name: Get list of images built - ansible.builtin.shell: docker buildx bake --print - args: - chdir: "{{ zuul.project.src_dir }}" - environment: - REGISTRY: "{{ buildset_registry.host }}{% if buildset_registry.port != 443 %}:{{ buildset_registry.port }}{% endif %}/library" - register: images_built_json - - - name: Set fact with list of images - set_fact: - images_built: "{{ images_built_json.stdout | from_json | json_query('target.*.tags[?@] | []') }}" - - - name: Sign images - when: zuul.pipeline == 'post' - block: - - name: Download cosign binary - become: true - ansible.builtin.get_url: - url: https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 - dest: /usr/local/bin/cosign - mode: 0755 - - - name: Determine the digest for the images - ansible.builtin.shell: | - cosign triangulate --type=digest {{ item }} - loop: "{{ images_built }}" - register: cosign_digest - - - name: Copy the cosign public key - copy: - content: "{{ cosign_key.public }}" - dest: cosign.pub - - - name: Verify which images are signed - ignore_errors: true - ansible.builtin.shell: | - cosign verify --key cosign.pub --output json {{ item }} - loop: "{{ cosign_digest.results | map(attribute='stdout') | list | unique }}" - register: cosign_verify - - - name: Copy the cosign private key - copy: - content: "{{ cosign_key.private }}" - dest: cosign.key - - - name: Sign images - ansible.builtin.shell: | - cosign sign -y --recursive --key cosign.key {{ item }} - loop: "{{ cosign_verify.results | selectattr('failed', 'equalto', true) | map(attribute='item') | list }}" - - - name: Delete the cosign private key - file: - path: cosign.key - state: absent - - - name: Return Zuul artifacts for images - zuul_return: - data: - zuul: - artifacts: - - name: "{{ item }}" - url: "docker://{{ item }}" - metadata: - type: container_image - repository: "{{ item.split(':')[0] }}" - tag: "{{ item.split(':')[1] }}" - loop: "{{ images_built }}" - -- name: Yield to other jobs - hosts: localhost - tasks: - - name: Pause the job - zuul_return: - data: - zuul: - pause: true diff --git a/zuul.d/playbooks/molecule/pre.yml b/zuul.d/playbooks/molecule/pre.yml index f9f221336..a4bc6922b 100644 --- a/zuul.d/playbooks/molecule/pre.yml +++ b/zuul.d/playbooks/molecule/pre.yml @@ -59,8 +59,15 @@ - name: Replace the registry in image manifest ansible.builtin.replace: path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml" - regexp: "registry.atmosphere.dev/library/([^@]*)@sha256:[a-fA-F0-9]{64}" - replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/library/\1' + regexp: "{{ repo }}:{{ tag }}" + replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ repo }}:{{ tag }}' + loop: "{{ zuul.artifacts | default([]) }}" + loop_control: + loop_var: zj_zuul_artifact + when: "'metadata' in zj_zuul_artifact and zj_zuul_artifact.metadata.type | default('') == 'container_image'" + vars: + repo: "{{ zj_zuul_artifact.metadata.repository }}" + tag: "{{ zj_zuul_artifact.metadata.tag }}" # TODO(mnaser): Drop this when we move to PBR - name: Add current folder to Git's safe directories diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 55e21fa8d..51aba1ab9 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -13,14 +13,128 @@ # under the License. - project: + merge-mode: squash-merge check: jobs: - - atmosphere-buildset-registry - - atmosphere-molecule-aio-openvswitch - - atmosphere-molecule-aio-ovn - - atmosphere-molecule-csi-local-path-provisioner - - atmosphere-molecule-csi-rbd - - atmosphere-molecule-keycloak - post: + - atmosphere-molecule-aio-keycloak: + dependencies: &molecule_check_dependencies + - name: atmosphere-build-container-image-barbican + soft: true + - name: atmosphere-build-container-image-cinder + soft: true + - name: atmosphere-build-container-image-cluster-api-provider-openstack + soft: true + - name: atmosphere-build-container-image-designate + soft: true + - name: atmosphere-build-container-image-glance + soft: true + - name: atmosphere-build-container-image-heat + soft: true + - name: atmosphere-build-container-image-horizon + soft: true + - name: atmosphere-build-container-image-ironic + soft: true + - name: atmosphere-build-container-image-keystone + soft: true + - name: atmosphere-build-container-image-kubernetes-entrypoint + soft: true + - name: atmosphere-build-container-image-libvirt-tls-sidecar + soft: true + - name: atmosphere-build-container-image-libvirtd + soft: true + - name: atmosphere-build-container-image-magnum + soft: true + - name: atmosphere-build-container-image-manila + soft: true + - name: atmosphere-build-container-image-netoffload + soft: true + - name: atmosphere-build-container-image-neutron + soft: true + - name: atmosphere-build-container-image-nova + soft: true + - name: atmosphere-build-container-image-nova-ssh + soft: true + - name: atmosphere-build-container-image-octavia + soft: true + - name: atmosphere-build-container-image-openvswitch + soft: true + - name: atmosphere-build-container-image-ovn + soft: true + - name: atmosphere-build-container-image-placement + soft: true + - name: atmosphere-build-container-image-senlin + soft: true + - name: atmosphere-build-container-image-staffeln + soft: true + - name: atmosphere-build-container-image-tempest + soft: true + - atmosphere-molecule-aio-openvswitch: + dependencies: *molecule_check_dependencies + - atmosphere-molecule-aio-ovn: + dependencies: *molecule_check_dependencies + - atmosphere-molecule-csi-local-path-provisioner: + dependencies: *molecule_check_dependencies + - atmosphere-molecule-csi-rbd: + dependencies: *molecule_check_dependencies + gate: jobs: - - atmosphere-upload-images + - atmosphere-molecule-aio-keycloak: + dependencies: &molecule_gate_dependencies + - name: atmosphere-upload-container-image-barbican + soft: true + - name: atmosphere-upload-container-image-cinder + soft: true + - name: atmosphere-upload-container-image-cluster-api-provider-openstack + soft: true + - name: atmosphere-upload-container-image-designate + soft: true + - name: atmosphere-upload-container-image-glance + soft: true + - name: atmosphere-upload-container-image-heat + soft: true + - name: atmosphere-upload-container-image-horizon + soft: true + - name: atmosphere-upload-container-image-ironic + soft: true + - name: atmosphere-upload-container-image-keystone + soft: true + - name: atmosphere-upload-container-image-kubernetes-entrypoint + soft: true + - name: atmosphere-upload-container-image-libvirt-tls-sidecar + soft: true + - name: atmosphere-upload-container-image-libvirtd + soft: true + - name: atmosphere-upload-container-image-magnum + soft: true + - name: atmosphere-upload-container-image-manila + soft: true + - name: atmosphere-upload-container-image-netoffload + soft: true + - name: atmosphere-upload-container-image-neutron + soft: true + - name: atmosphere-upload-container-image-nova + soft: true + - name: atmosphere-upload-container-image-nova-ssh + soft: true + - name: atmosphere-upload-container-image-octavia + soft: true + - name: atmosphere-upload-container-image-openvswitch + soft: true + - name: atmosphere-upload-container-image-ovn + soft: true + - name: atmosphere-upload-container-image-placement + soft: true + - name: atmosphere-upload-container-image-senlin + soft: true + - name: atmosphere-upload-container-image-staffeln + soft: true + - name: atmosphere-upload-container-image-tempest + soft: true + - atmosphere-molecule-aio-openvswitch: + dependencies: *molecule_gate_dependencies + - atmosphere-molecule-aio-ovn: + dependencies: *molecule_gate_dependencies + - atmosphere-molecule-csi-local-path-provisioner: + dependencies: *molecule_gate_dependencies + - atmosphere-molecule-csi-rbd: + dependencies: *molecule_gate_dependencies diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml index 9cbc36264..5208efbb5 100644 --- a/zuul.d/secrets.yaml +++ b/zuul.d/secrets.yaml @@ -13,20 +13,21 @@ # under the License. - secret: - name: registry_credentials + name: atmosphere-registry-credentials data: - username: robot$zuul - password: !encrypted/pkcs1-oaep - - OOykjodZE21qsYYLpzplp+PV0QbsKQ1B3+kI7bY97VQI/d5RlewqlNABc10eQnyYFSDvq - z2gSigSHxaVcV5qKJLTNVDgzSBHBj349OaTh6dXsxplvoArehfYMMZGuNmFlucoeN8K6w - yLRViN7tCS39CAYdjeNX1X7mQ7gBC61jUQ++JB+R5MhXmALJxzPfQRl9jsYmjx9ZXjEwE - tjKLSyQifQU20eXbhZOUW2nr+ItTikS3AOSo6Ja6jCI1c9lj6mJtUOorGsuxfdhEigPws - Qnz539imGcyqySSxvbJvgoEYxhE3dHFV5cJkomoHHHwLH0wbjAgBQtCMX3CvpxNX8sBfJ - MxvUkxY8VWt3CtJkdq+/eaCovCRn6GN5enI5tlUJgpAyV+PO6PvkTan6yC8lHMM5pD4jX - Hdo6gt6m9WyA5VxUHdoYYMaDO/rvCxxrUevzPn8do5I96madr9S9lFARqw74mgXG5I6pZ - M7zDXnorUFyv9dUIB2rOZrp7o0OC2thujjDTKXb4qfmfXGOwlkNmtCLo6BaDo9pSdRN8p - k0YnUAItZ64qUR7paEUKGy4rzsZjDYvIj7DrCFvLL2CXcyjPGcmcblpSHe5vJ15CFVH8X - o39FIIhSmehvrYJziGYUgf4JY1B6ktBtFc9l78WeoJRHNce+viSSkBj1fhbUaI= + registry.atmosphere.dev: + username: robot$zuul + password: !encrypted/pkcs1-oaep + - OOykjodZE21qsYYLpzplp+PV0QbsKQ1B3+kI7bY97VQI/d5RlewqlNABc10eQnyYFSDvq + z2gSigSHxaVcV5qKJLTNVDgzSBHBj349OaTh6dXsxplvoArehfYMMZGuNmFlucoeN8K6w + yLRViN7tCS39CAYdjeNX1X7mQ7gBC61jUQ++JB+R5MhXmALJxzPfQRl9jsYmjx9ZXjEwE + tjKLSyQifQU20eXbhZOUW2nr+ItTikS3AOSo6Ja6jCI1c9lj6mJtUOorGsuxfdhEigPws + Qnz539imGcyqySSxvbJvgoEYxhE3dHFV5cJkomoHHHwLH0wbjAgBQtCMX3CvpxNX8sBfJ + MxvUkxY8VWt3CtJkdq+/eaCovCRn6GN5enI5tlUJgpAyV+PO6PvkTan6yC8lHMM5pD4jX + Hdo6gt6m9WyA5VxUHdoYYMaDO/rvCxxrUevzPn8do5I96madr9S9lFARqw74mgXG5I6pZ + M7zDXnorUFyv9dUIB2rOZrp7o0OC2thujjDTKXb4qfmfXGOwlkNmtCLo6BaDo9pSdRN8p + k0YnUAItZ64qUR7paEUKGy4rzsZjDYvIj7DrCFvLL2CXcyjPGcmcblpSHe5vJ15CFVH8X + o39FIIhSmehvrYJziGYUgf4JY1B6ktBtFc9l78WeoJRHNce+viSSkBj1fhbUaI= - secret: name: cosign_key From 602ef25a9f416a5c6b84043aa4725b0454741b75 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Mon, 8 Apr 2024 20:02:36 -0400 Subject: [PATCH 02/45] ci: fix promotion jobs (#1072) build: build all images + run tests using them (#1069) ci: fix image promotion --- zuul.d/container-images/barbican.yaml | 1 + zuul.d/container-images/cinder.yaml | 1 + zuul.d/container-images/cluster-api-provider-openstack.yaml | 1 + zuul.d/container-images/designate.yaml | 1 + zuul.d/container-images/glance.yaml | 1 + zuul.d/container-images/heat.yaml | 1 + zuul.d/container-images/horizon.yaml | 1 + zuul.d/container-images/ironic.yaml | 1 + zuul.d/container-images/keystone.yaml | 1 + zuul.d/container-images/kubernetes-entrypoint.yaml | 1 + zuul.d/container-images/libvirt-tls-sidecar.yaml | 1 + zuul.d/container-images/libvirtd.yaml | 1 + zuul.d/container-images/magnum.yaml | 1 + zuul.d/container-images/manila.yaml | 1 + zuul.d/container-images/netoffload.yaml | 1 + zuul.d/container-images/neutron.yaml | 1 + zuul.d/container-images/nova-ssh.yaml | 1 + zuul.d/container-images/nova.yaml | 1 + zuul.d/container-images/octavia.yaml | 1 + zuul.d/container-images/openstack-python-runtime.yaml | 1 + zuul.d/container-images/openstack-runtime.yaml | 1 + zuul.d/container-images/openstack-venv-builder.yaml | 1 + zuul.d/container-images/openvswitch.yaml | 1 + zuul.d/container-images/ovn.yaml | 2 ++ zuul.d/container-images/placement.yaml | 1 + zuul.d/container-images/python-base.yaml | 1 + zuul.d/container-images/senlin.yaml | 1 + zuul.d/container-images/staffeln.yaml | 1 + zuul.d/container-images/tempest.yaml | 1 + zuul.d/container-images/ubuntu-cloud-archive.yaml | 1 + zuul.d/container-images/ubuntu.yaml | 1 + 31 files changed, 32 insertions(+) diff --git a/zuul.d/container-images/barbican.yaml b/zuul.d/container-images/barbican.yaml index 15c371c40..6e38ff604 100644 --- a/zuul.d/container-images/barbican.yaml +++ b/zuul.d/container-images/barbican.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-barbican container_images: - context: images/barbican + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/barbican arch: - linux/amd64 diff --git a/zuul.d/container-images/cinder.yaml b/zuul.d/container-images/cinder.yaml index 3878407f6..66e83a6f3 100644 --- a/zuul.d/container-images/cinder.yaml +++ b/zuul.d/container-images/cinder.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-cinder container_images: - context: images/cinder + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/cinder arch: - linux/amd64 diff --git a/zuul.d/container-images/cluster-api-provider-openstack.yaml b/zuul.d/container-images/cluster-api-provider-openstack.yaml index 5788c886f..25a858b4e 100644 --- a/zuul.d/container-images/cluster-api-provider-openstack.yaml +++ b/zuul.d/container-images/cluster-api-provider-openstack.yaml @@ -30,6 +30,7 @@ promote_container_image_job: atmosphere-upload-container-image-cluster-api-provider-openstack container_images: - context: images/cluster-api-provider-openstack + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/capi-openstack-controller arch: - linux/amd64 diff --git a/zuul.d/container-images/designate.yaml b/zuul.d/container-images/designate.yaml index eeb2fd199..ed9719a8e 100644 --- a/zuul.d/container-images/designate.yaml +++ b/zuul.d/container-images/designate.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-designate container_images: - context: images/designate + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/designate arch: - linux/amd64 diff --git a/zuul.d/container-images/glance.yaml b/zuul.d/container-images/glance.yaml index e2ec62c7e..a9aa580b6 100644 --- a/zuul.d/container-images/glance.yaml +++ b/zuul.d/container-images/glance.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-glance container_images: - context: images/glance + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/glance arch: - linux/amd64 diff --git a/zuul.d/container-images/heat.yaml b/zuul.d/container-images/heat.yaml index 549035691..2492adc81 100644 --- a/zuul.d/container-images/heat.yaml +++ b/zuul.d/container-images/heat.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-heat container_images: - context: images/heat + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/heat arch: - linux/amd64 diff --git a/zuul.d/container-images/horizon.yaml b/zuul.d/container-images/horizon.yaml index 096d510cd..389e82818 100644 --- a/zuul.d/container-images/horizon.yaml +++ b/zuul.d/container-images/horizon.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-horizon container_images: - context: images/horizon + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/horizon arch: - linux/amd64 diff --git a/zuul.d/container-images/ironic.yaml b/zuul.d/container-images/ironic.yaml index 872780787..462d12d6e 100644 --- a/zuul.d/container-images/ironic.yaml +++ b/zuul.d/container-images/ironic.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-ironic container_images: - context: images/ironic + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/ironic arch: - linux/amd64 diff --git a/zuul.d/container-images/keystone.yaml b/zuul.d/container-images/keystone.yaml index 2c832231a..84d58a5be 100644 --- a/zuul.d/container-images/keystone.yaml +++ b/zuul.d/container-images/keystone.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-keystone container_images: - context: images/keystone + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/keystone arch: - linux/amd64 diff --git a/zuul.d/container-images/kubernetes-entrypoint.yaml b/zuul.d/container-images/kubernetes-entrypoint.yaml index 40ec23a63..3c6a60b1f 100644 --- a/zuul.d/container-images/kubernetes-entrypoint.yaml +++ b/zuul.d/container-images/kubernetes-entrypoint.yaml @@ -30,6 +30,7 @@ promote_container_image_job: atmosphere-upload-container-image-kubernetes-entrypoint container_images: - context: images/kubernetes-entrypoint + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/kubernetes-entrypoint arch: - linux/amd64 diff --git a/zuul.d/container-images/libvirt-tls-sidecar.yaml b/zuul.d/container-images/libvirt-tls-sidecar.yaml index a3e475762..e34c211d6 100644 --- a/zuul.d/container-images/libvirt-tls-sidecar.yaml +++ b/zuul.d/container-images/libvirt-tls-sidecar.yaml @@ -31,6 +31,7 @@ container_images: - context: . target: libvirt-tls-sidecar + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/libvirt-tls-sidecar arch: - linux/amd64 diff --git a/zuul.d/container-images/libvirtd.yaml b/zuul.d/container-images/libvirtd.yaml index 6713e4ba9..77b6ecc66 100644 --- a/zuul.d/container-images/libvirtd.yaml +++ b/zuul.d/container-images/libvirtd.yaml @@ -37,6 +37,7 @@ promote_container_image_job: atmosphere-upload-container-image-libvirtd container_images: - context: images/libvirtd + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/libvirtd arch: - linux/amd64 diff --git a/zuul.d/container-images/magnum.yaml b/zuul.d/container-images/magnum.yaml index 96eb257a3..55e009d43 100644 --- a/zuul.d/container-images/magnum.yaml +++ b/zuul.d/container-images/magnum.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-magnum container_images: - context: images/magnum + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/magnum arch: - linux/amd64 diff --git a/zuul.d/container-images/manila.yaml b/zuul.d/container-images/manila.yaml index 11bca9364..7655da237 100644 --- a/zuul.d/container-images/manila.yaml +++ b/zuul.d/container-images/manila.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-manila container_images: - context: images/manila + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/manila arch: - linux/amd64 diff --git a/zuul.d/container-images/netoffload.yaml b/zuul.d/container-images/netoffload.yaml index 0d8fde1c2..714ea2725 100644 --- a/zuul.d/container-images/netoffload.yaml +++ b/zuul.d/container-images/netoffload.yaml @@ -30,6 +30,7 @@ promote_container_image_job: atmosphere-upload-container-image-netoffload container_images: - context: images/netoffload + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/netoffload arch: - linux/amd64 diff --git a/zuul.d/container-images/neutron.yaml b/zuul.d/container-images/neutron.yaml index 2c46f2adb..475895255 100644 --- a/zuul.d/container-images/neutron.yaml +++ b/zuul.d/container-images/neutron.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-neutron container_images: - context: images/neutron + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/neutron arch: - linux/amd64 diff --git a/zuul.d/container-images/nova-ssh.yaml b/zuul.d/container-images/nova-ssh.yaml index 68a40c7f2..8c60c07e3 100644 --- a/zuul.d/container-images/nova-ssh.yaml +++ b/zuul.d/container-images/nova-ssh.yaml @@ -37,6 +37,7 @@ promote_container_image_job: atmosphere-upload-container-image-nova-ssh container_images: - context: images/nova-ssh + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/nova-ssh arch: - linux/amd64 diff --git a/zuul.d/container-images/nova.yaml b/zuul.d/container-images/nova.yaml index b78c251d8..d16d032b5 100644 --- a/zuul.d/container-images/nova.yaml +++ b/zuul.d/container-images/nova.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-nova container_images: - context: images/nova + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/nova arch: - linux/amd64 diff --git a/zuul.d/container-images/octavia.yaml b/zuul.d/container-images/octavia.yaml index 1fc3a46bf..0b79b4fb1 100644 --- a/zuul.d/container-images/octavia.yaml +++ b/zuul.d/container-images/octavia.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-octavia container_images: - context: images/octavia + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/octavia arch: - linux/amd64 diff --git a/zuul.d/container-images/openstack-python-runtime.yaml b/zuul.d/container-images/openstack-python-runtime.yaml index efb1efa3e..3ef111045 100644 --- a/zuul.d/container-images/openstack-python-runtime.yaml +++ b/zuul.d/container-images/openstack-python-runtime.yaml @@ -37,6 +37,7 @@ promote_container_image_job: atmosphere-upload-container-image-openstack-python-runtime container_images: - context: images/openstack-runtime + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/openstack-python-runtime arch: - linux/amd64 diff --git a/zuul.d/container-images/openstack-runtime.yaml b/zuul.d/container-images/openstack-runtime.yaml index 379074ae6..039c88094 100644 --- a/zuul.d/container-images/openstack-runtime.yaml +++ b/zuul.d/container-images/openstack-runtime.yaml @@ -35,6 +35,7 @@ promote_container_image_job: atmosphere-upload-container-image-openstack-runtime container_images: - context: images/openstack-runtime + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/openstack-runtime arch: - linux/amd64 diff --git a/zuul.d/container-images/openstack-venv-builder.yaml b/zuul.d/container-images/openstack-venv-builder.yaml index 376d68e38..73767b591 100644 --- a/zuul.d/container-images/openstack-venv-builder.yaml +++ b/zuul.d/container-images/openstack-venv-builder.yaml @@ -37,6 +37,7 @@ promote_container_image_job: atmosphere-upload-container-image-openstack-venv-builder container_images: - context: images/openstack-venv-builder + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/openstack-venv-builder arch: - linux/amd64 diff --git a/zuul.d/container-images/openvswitch.yaml b/zuul.d/container-images/openvswitch.yaml index 29383813f..542616b0e 100644 --- a/zuul.d/container-images/openvswitch.yaml +++ b/zuul.d/container-images/openvswitch.yaml @@ -30,6 +30,7 @@ promote_container_image_job: atmosphere-upload-container-image-openvswitch container_images: - context: images/openvswitch + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/openvswitch arch: - linux/amd64 diff --git a/zuul.d/container-images/ovn.yaml b/zuul.d/container-images/ovn.yaml index 6650af8a8..66242ad69 100644 --- a/zuul.d/container-images/ovn.yaml +++ b/zuul.d/container-images/ovn.yaml @@ -33,6 +33,7 @@ promote_container_image_job: atmosphere-upload-container-image-ovn container_images: - context: images/ovn + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/ovn-central arch: - linux/amd64 @@ -41,6 +42,7 @@ tags: - zed - context: images/ovn + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/ovn-host arch: - linux/amd64 diff --git a/zuul.d/container-images/placement.yaml b/zuul.d/container-images/placement.yaml index f4fbd800b..765e9500f 100644 --- a/zuul.d/container-images/placement.yaml +++ b/zuul.d/container-images/placement.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-placement container_images: - context: images/placement + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/placement arch: - linux/amd64 diff --git a/zuul.d/container-images/python-base.yaml b/zuul.d/container-images/python-base.yaml index 22fef491f..e88a9c602 100644 --- a/zuul.d/container-images/python-base.yaml +++ b/zuul.d/container-images/python-base.yaml @@ -35,6 +35,7 @@ promote_container_image_job: atmosphere-upload-container-image-python-base container_images: - context: images/python-base + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/python-base arch: - linux/amd64 diff --git a/zuul.d/container-images/senlin.yaml b/zuul.d/container-images/senlin.yaml index fb77c5d4c..cb3592eb9 100644 --- a/zuul.d/container-images/senlin.yaml +++ b/zuul.d/container-images/senlin.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-senlin container_images: - context: images/senlin + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/senlin arch: - linux/amd64 diff --git a/zuul.d/container-images/staffeln.yaml b/zuul.d/container-images/staffeln.yaml index 5cf8deedf..e765381e8 100644 --- a/zuul.d/container-images/staffeln.yaml +++ b/zuul.d/container-images/staffeln.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-staffeln container_images: - context: images/staffeln + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/staffeln arch: - linux/amd64 diff --git a/zuul.d/container-images/tempest.yaml b/zuul.d/container-images/tempest.yaml index 86cf038e1..8d321a503 100644 --- a/zuul.d/container-images/tempest.yaml +++ b/zuul.d/container-images/tempest.yaml @@ -41,6 +41,7 @@ promote_container_image_job: atmosphere-upload-container-image-tempest container_images: - context: images/tempest + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/tempest arch: - linux/amd64 diff --git a/zuul.d/container-images/ubuntu-cloud-archive.yaml b/zuul.d/container-images/ubuntu-cloud-archive.yaml index fc10eab4d..a643e3ab8 100644 --- a/zuul.d/container-images/ubuntu-cloud-archive.yaml +++ b/zuul.d/container-images/ubuntu-cloud-archive.yaml @@ -33,6 +33,7 @@ promote_container_image_job: atmosphere-upload-container-image-ubuntu-cloud-archive container_images: - context: images/ubuntu-cloud-archive + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/ubuntu-cloud-archive arch: - linux/amd64 diff --git a/zuul.d/container-images/ubuntu.yaml b/zuul.d/container-images/ubuntu.yaml index 466079ad3..6fb76d303 100644 --- a/zuul.d/container-images/ubuntu.yaml +++ b/zuul.d/container-images/ubuntu.yaml @@ -30,6 +30,7 @@ promote_container_image_job: atmosphere-upload-container-image-ubuntu container_images: - context: images/ubuntu + registry: registry.atmosphere.dev repository: registry.atmosphere.dev/library/ubuntu arch: - linux/amd64 From 1db55c4aa2c8fb2dcbc7cdfcfbae85fe38b16bcb Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Wed, 10 Apr 2024 19:06:14 -0400 Subject: [PATCH 03/45] [stable/zed] Drop `conventional-commit` requirement (#1082) Signed-off-by: Mohammed Naser Co-authored-by: Mohammed Naser --- .github/workflows/check-pr-title.yml | 33 ---------------------------- 1 file changed, 33 deletions(-) delete mode 100644 .github/workflows/check-pr-title.yml diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml deleted file mode 100644 index 6741d3abd..000000000 --- a/.github/workflows/check-pr-title.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: check-pr-title -on: - pull_request_target: - types: - - opened - - reopened - - edited - - synchronize - -jobs: - conventional-commit: - runs-on: ubuntu-latest - permissions: - statuses: write - pull-requests: write - steps: - - uses: aslafy-z/conventional-pr-title-action@v3 - id: pr-title-lint - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 - if: failure() - with: - header: commitlint-pr-title - message: ${{ steps.pr-title-lint.outputs.error }} - recreate: true - - - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 - if: success() - with: - header: commitlint-pr-title - delete: true From a0bbcb73982f095b75c58f45a1bf8e05dc0f30c0 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Wed, 10 Apr 2024 20:27:45 -0400 Subject: [PATCH 04/45] [stable/zed] fix(ipmi-exporter): Ignore additional sensor IDs (BP/Entity Presence) (#1077) This is an automated cherry-pick of #1076 /assign mnaser --- roles/ipmi_exporter/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/ipmi_exporter/defaults/main.yml b/roles/ipmi_exporter/defaults/main.yml index 0e9d2be07..d9abdec1d 100644 --- a/roles/ipmi_exporter/defaults/main.yml +++ b/roles/ipmi_exporter/defaults/main.yml @@ -27,7 +27,11 @@ ipmi_exporter_config: - 51 # BP2 Presence (Dell PowerEdge servers) - 52 - 54 + - 57 # Entity Presence (Dell PowerEdge servers) + - 59 # Entity Presence (Dell PowerEdge servers) - 82 + - 89 # BP Presence (Dell PowerEdge servers) + - 90 # BP Presence (Dell PowerEdge servers) - 164 - 168 - 178 # TPM Presence (Dell PowerEdge servers) From 841686ad0a4b6e1ab857e5a8265a2b3daad79e2d Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Thu, 11 Apr 2024 14:31:47 -0400 Subject: [PATCH 05/45] [stable/zed] Implement collection release process (#1085) build: build all images + run tests using them (#1069) ci: fix promotion jobs (#1072) [stable/zed] Drop conventional-commit requirement (#1082) [stable/zed] fix(ipmi-exporter): Ignore additional sensor IDs (BP/Entity Presence) (#1077) Implement collection release process (#1083) --- Earthfile | 12 ---- build/pin-images.py | 4 +- tox.ini | 8 +++ zuul.d/jobs.yaml | 12 ++++ zuul.d/playbooks/build-collection/pre.yml | 37 ++++++++++++ zuul.d/playbooks/build-collection/publish.yml | 60 +++++++++++++++++++ zuul.d/playbooks/build-collection/run.yml | 32 ++++++++++ zuul.d/project.yaml | 5 ++ zuul.d/secrets.yaml | 16 +++++ 9 files changed, 173 insertions(+), 13 deletions(-) create mode 100644 zuul.d/playbooks/build-collection/pre.yml create mode 100644 zuul.d/playbooks/build-collection/publish.yml create mode 100644 zuul.d/playbooks/build-collection/run.yml diff --git a/Earthfile b/Earthfile index 3de16b352..24a1027c0 100644 --- a/Earthfile +++ b/Earthfile @@ -69,10 +69,6 @@ build.venv: RUN pip install -r requirements.txt SAVE IMAGE --cache-hint -build.venv.dev: - FROM +build.venv --only main,dev - SAVE ARTIFACT /venv - build.venv.runtime: FROM +build.venv --only main SAVE ARTIFACT /venv @@ -105,14 +101,6 @@ image: ARG REGISTRY=ghcr.io/vexxhost/atmosphere SAVE IMAGE --push ${REGISTRY}:${tag} -pin-images: - FROM +build.venv.dev - COPY roles/defaults/vars/main.yml /defaults.yml - COPY build/pin-images.py /usr/local/bin/pin-images - ARG REGISTRY=ghcr.io/vexxhost/atmosphere - RUN --no-cache /usr/local/bin/pin-images --registry ${REGISTRY} /defaults.yml /pinned.yml - SAVE ARTIFACT /pinned.yml AS LOCAL roles/defaults/vars/main.yml - gh: FROM alpine:3 RUN apk add --no-cache github-cli diff --git a/build/pin-images.py b/build/pin-images.py index 644d0a211..d35ca6519 100755 --- a/build/pin-images.py +++ b/build/pin-images.py @@ -126,7 +126,9 @@ def main(): parser.add_argument( "src", help="Path for default values file", type=argparse.FileType("r") ) - parser.add_argument("dst", help="Path for output file", type=argparse.FileType("w")) + parser.add_argument( + "dst", help="Path for output file", type=argparse.FileType("r+") + ) parser.add_argument( "-r", "--registry", diff --git a/tox.ini b/tox.ini index 0727620e6..684a26566 100644 --- a/tox.ini +++ b/tox.ini @@ -22,6 +22,14 @@ passenv = commands = {posargs} +[testenv:pin-digests] +deps = + oslo_config + oslo_log + ruyaml +commands = + python3 {toxinidir}/build/pin-images.py roles/defaults/vars/main.yml roles/defaults/vars/main.yml + [testenv:molecule-keycloak] commands = molecule test -s keycloak diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 0ba4adb06..31fcd3ee8 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -12,6 +12,18 @@ # License for the specific language governing permissions and limitations # under the License. +- job: + name: atmosphere-build-collection + pre-run: zuul.d/playbooks/build-collection/pre.yml + run: zuul.d/playbooks/build-collection/run.yml + +- job: + name: atmosphere-publish-collection + parent: atmosphere-build-collection + post-run: zuul.d/playbooks/build-collection/publish.yml + secrets: + - ansible_galaxy_info + - job: name: atmosphere-molecule parent: tox diff --git a/zuul.d/playbooks/build-collection/pre.yml b/zuul.d/playbooks/build-collection/pre.yml new file mode 100644 index 000000000..5b3ea59e8 --- /dev/null +++ b/zuul.d/playbooks/build-collection/pre.yml @@ -0,0 +1,37 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- hosts: all + roles: + - ensure-python + - ensure-pip + - ensure-tox + +- name: Install Ansible + hosts: all + vars: + ansible_venv_path: '{{ ansible_user_dir }}/.local/ansible' + ensure_ansible_version: '' + tasks: + - name: Create local venv + command: '{{ ensure_pip_virtualenv_command }} {{ ansible_venv_path }}' + + - name: Install Ansible to local venv + command: '{{ ansible_venv_path }}/bin/pip install ansible{{ ensure_ansible_version }}' + + - name: Export installed ansible paths + set_fact: + ansible_executable: '{{ ansible_venv_path }}/bin/ansible' + ansible_galaxy_executable: '{{ ansible_venv_path }}/bin/ansible-galaxy' + cacheable: true diff --git a/zuul.d/playbooks/build-collection/publish.yml b/zuul.d/playbooks/build-collection/publish.yml new file mode 100644 index 000000000..0c2f8eb8b --- /dev/null +++ b/zuul.d/playbooks/build-collection/publish.yml @@ -0,0 +1,60 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- hosts: all + tasks: + - name: Find tarballs in the source directory. + find: + file_type: file + paths: "{{ zuul.project.src_dir }}" + patterns: "*.tar.gz" + register: result + + - name: Display stat for tarballs and wheels. + stat: + path: "{{ item.path }}" + with_items: "{{ result.files }}" + + - name: Publish content to Ansible Galaxy + block: + - name: Create ansible.cfg configuration file tempfile + tempfile: + state: file + suffix: .cfg + register: _ansiblecfg_tmp + + - name: Create ansible.cfg configuration file + copy: + dest: "{{ _ansiblecfg_tmp.path }}" + mode: 0600 + content: | + [galaxy] + server_list = release_galaxy + + [galaxy_server.release_galaxy] + url = {{ ansible_galaxy_info.url }} + token = {{ ansible_galaxy_info.token }} + + - name: Publish collection to Ansible Galaxy / Automation Hub + environment: + ANSIBLE_CONFIG: "{{ _ansiblecfg_tmp.path }}" + ansible.builtin.shell: | + {{ ansible_galaxy_executable }} collection publish -vvv {{ item.path }} + args: + chdir: "{{ zuul.project.src_dir }}" + loop: "{{ result.files }}" + + always: + - name: Shred ansible-galaxy credentials + command: "shred {{ _ansiblecfg_tmp.path }}" diff --git a/zuul.d/playbooks/build-collection/run.yml b/zuul.d/playbooks/build-collection/run.yml new file mode 100644 index 000000000..056023133 --- /dev/null +++ b/zuul.d/playbooks/build-collection/run.yml @@ -0,0 +1,32 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Build collection + hosts: all + tasks: + - name: Pin all image digests + ansible.builtin.include_role: + name: tox + vars: + tox_envlist: pin-digests + + - name: Print out the new image manifest file + ansible.builtin.command: | + cat {{ zuul.project.src_dir }}/roles/defaults/vars/main.yml + + - name: Build Ansible collection + ansible.builtin.shell: | + {{ ansible_galaxy_executable }} collection build -vvv . + args: + chdir: '{{ zuul.project.src_dir }}' diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 51aba1ab9..708999698 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -16,6 +16,7 @@ merge-mode: squash-merge check: jobs: + - atmosphere-build-collection - atmosphere-molecule-aio-keycloak: dependencies: &molecule_check_dependencies - name: atmosphere-build-container-image-barbican @@ -78,6 +79,7 @@ dependencies: *molecule_check_dependencies gate: jobs: + - atmosphere-build-collection - atmosphere-molecule-aio-keycloak: dependencies: &molecule_gate_dependencies - name: atmosphere-upload-container-image-barbican @@ -138,3 +140,6 @@ dependencies: *molecule_gate_dependencies - atmosphere-molecule-csi-rbd: dependencies: *molecule_gate_dependencies + release: + jobs: + - atmosphere-publish-collection diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml index 5208efbb5..0c59229ed 100644 --- a/zuul.d/secrets.yaml +++ b/zuul.d/secrets.yaml @@ -29,6 +29,22 @@ k0YnUAItZ64qUR7paEUKGy4rzsZjDYvIj7DrCFvLL2CXcyjPGcmcblpSHe5vJ15CFVH8X o39FIIhSmehvrYJziGYUgf4JY1B6ktBtFc9l78WeoJRHNce+viSSkBj1fhbUaI= +- secret: + name: ansible_galaxy_info + data: + url: https://galaxy.ansible.com + token: !encrypted/pkcs1-oaep + - GlYV1vSho2Q5FmS2awPcOVKuatGFm7rjrlUl9LpOdqbQa49ZxxEPAJtOcQWm77NYCDsFa + BhD3XBdH8QGgGqy0PqRgw48/kDw+3eVrXsBnaAUO583ElbMumcZdevYxHPRibR3FESinU + zDmc4VIAGJRkE5D0QYyp6jtJhhcaKUnBKNz3qvyTW4Lh03PHIuUR2UcaopJbfJiU+xMcE + gHZj9UZ7HwIE//q10euv/mxDwyICkdcU9UuWrNm16WdzIVtpwygJTaQNRo7pFN3POgmps + aNILKXp7Hfp0J6Hx1Hc7GmpJ9EmyYaNyktvOSf4jqpZCJvQ5CRWKHJC+jryHYBxOoT524 + hU3Hoc32DOnytb1EZwzwu4iJbRMe1xEHWqBf9wpf3sV6B5Pvc7/IHTnU91/dlawOh5eOp + 8wq45eO5w0c+PcITu9OUhWULKhEJcPunGNr0e96wdfK7L4khiPopHUTSbFF4dOhfF1GfV + GgFTakyVg9jKYKre0aLGW2Gah3gzXuX2IQ9XGXebsnFLdtQL5ac7ET0hKDR8tZBGrwKj6 + c8bL2vzVKjOOD+sSnv4h7l+p8igtjczyVV83pn6dJ/v1GCMCFzGdOhaKJ2DIO1KtKK4jV + c80+tpz0x/Cr/4Ld4rJU4mqqC8Y3Kk6AC2cNzsiYh1iPlpw+D/yoE0Lgugjjzc= + - secret: name: cosign_key data: From a130817f621c94b86958f1b1a4aa023fdb9cbe85 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Thu, 11 Apr 2024 16:40:51 -0400 Subject: [PATCH 06/45] Release 1.11.0 (#1088) --- .release-please-manifest.json | 2 +- galaxy.yml | 2 +- pyproject.toml | 2 +- roles/defaults/defaults/main.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index e4394aed9..cf198b9b3 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "1.10.4" + ".": "1.11.0" } diff --git a/galaxy.yml b/galaxy.yml index 5b75cb9f2..1da75fa43 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: vexxhost name: atmosphere -version: 1.10.4 +version: 1.11.0 readme: README.md authors: - Mohammed Naser diff --git a/pyproject.toml b/pyproject.toml index 431d953be..0bebbf420 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "atmosphere" -version = "1.10.4" +version = "1.11.0" description = "" authors = ["Mohammed Naser "] readme = "README.md" diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml index 97011b9c0..b40c227f7 100644 --- a/roles/defaults/defaults/main.yml +++ b/roles/defaults/defaults/main.yml @@ -12,7 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. -atmosphere_version: 1.10.4 # x-release-please-version +atmosphere_version: 1.11.0 # x-release-please-version # Ingress atmosphere_ingress_class_name: atmosphere From fd7309cba2a705948a91154ec6aa9aeb016b2cb8 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Thu, 11 Apr 2024 22:52:16 -0400 Subject: [PATCH 07/45] [stable/zed] fix image job dependencies (#1091) build: build all images + run tests using them (#1069) ci: fix promotion jobs (#1072) [stable/zed] Drop conventional-commit requirement (#1082) [stable/zed] fix(ipmi-exporter): Ignore additional sensor IDs (BP/Entity Presence) (#1077) [stable/zed] Implement collection release process (#1085) Release 1.11.0 (#1088) Fix dependency for certain images --- zuul.d/container-images/libvirt-tls-sidecar.yaml | 11 +++++++++-- zuul.d/container-images/netoffload.yaml | 7 +++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/zuul.d/container-images/libvirt-tls-sidecar.yaml b/zuul.d/container-images/libvirt-tls-sidecar.yaml index e34c211d6..734bc5b9d 100644 --- a/zuul.d/container-images/libvirt-tls-sidecar.yaml +++ b/zuul.d/container-images/libvirt-tls-sidecar.yaml @@ -26,6 +26,9 @@ - job: name: atmosphere-build-container-image-libvirt-tls-sidecar parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true vars: &container_image_vars promote_container_image_job: atmosphere-upload-container-image-libvirt-tls-sidecar container_images: @@ -38,15 +41,19 @@ tags: - zed files: &container_image_files - - go.mod - - go.sum + - images/ubuntu/.* - cmd/.* - internal/.* - Dockerfile + - go.mod + - go.sum - job: name: atmosphere-upload-container-image-libvirt-tls-sidecar parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true vars: *container_image_vars files: *container_image_files diff --git a/zuul.d/container-images/netoffload.yaml b/zuul.d/container-images/netoffload.yaml index 714ea2725..58cba3990 100644 --- a/zuul.d/container-images/netoffload.yaml +++ b/zuul.d/container-images/netoffload.yaml @@ -26,6 +26,9 @@ - job: name: atmosphere-build-container-image-netoffload parent: atmosphere-build-container-image + dependencies: + - name: atmosphere-build-container-image-ubuntu + soft: true vars: &container_image_vars promote_container_image_job: atmosphere-upload-container-image-netoffload container_images: @@ -37,11 +40,15 @@ tags: - zed files: &container_image_files + - images/ubuntu/.* - images/netoffload/.* - job: name: atmosphere-upload-container-image-netoffload parent: atmosphere-upload-container-image + dependencies: + - name: atmosphere-upload-container-image-ubuntu + soft: true vars: *container_image_vars files: *container_image_files From 52306ad53b7926d462f5a9c0eb9efd866ac2de39 Mon Sep 17 00:00:00 2001 From: Giovanni Tirloni Date: Fri, 12 Apr 2024 15:35:05 -0300 Subject: [PATCH 08/45] [stable/zed] Upgrade monitoring stack (#1093) Resolves #1075 Reviewed-by: Mohammed Naser --- charts/kube-prometheus-stack/.editorconfig | 5 + charts/kube-prometheus-stack/.helmignore | 1 + charts/kube-prometheus-stack/Chart.lock | 10 +- charts/kube-prometheus-stack/Chart.yaml | 8 +- charts/kube-prometheus-stack/README.md | 38 + .../crds/crds/crd-alertmanagerconfigs.yaml | 10 +- .../charts/crds/crds/crd-alertmanagers.yaml | 498 +++- .../charts/crds/crds/crd-podmonitors.yaml | 32 +- .../charts/crds/crds/crd-probes.yaml | 26 +- .../crds/crds/crd-prometheusagents.yaml | 838 +++++- .../charts/crds/crds/crd-prometheuses.yaml | 864 +++++- .../charts/crds/crds/crd-prometheusrules.yaml | 4 +- .../charts/crds/crds/crd-scrapeconfigs.yaml | 2476 ++++++++++++++--- .../charts/crds/crds/crd-servicemonitors.yaml | 38 +- .../charts/crds/crds/crd-thanosrulers.yaml | 695 ++++- .../charts/grafana/Chart.yaml | 4 +- .../charts/grafana/README.md | 5 +- .../charts/grafana/templates/_pod.tpl | 2 +- .../grafana/templates/serviceaccount.yaml | 4 +- .../charts/grafana/values.yaml | 16 +- .../charts/kube-state-metrics/Chart.yaml | 4 +- .../templates/deployment.yaml | 6 +- .../charts/kube-state-metrics/values.yaml | 15 +- .../prometheus-node-exporter/Chart.yaml | 2 +- .../templates/daemonset.yaml | 19 +- .../prometheus-node-exporter/values.yaml | 8 +- .../templates/alertmanager/alertmanager.yaml | 1 + .../alertmanager/servicemonitor.yaml | 7 +- .../templates/exporters/core-dns/service.yaml | 2 +- .../exporters/core-dns/servicemonitor.yaml | 8 +- .../kube-controller-manager/endpoints.yaml | 2 +- .../kube-controller-manager/service.yaml | 2 +- .../servicemonitor.yaml | 8 +- .../exporters/kube-dns/servicemonitor.yaml | 6 +- .../exporters/kube-etcd/endpoints.yaml | 2 +- .../exporters/kube-etcd/service.yaml | 2 +- .../exporters/kube-etcd/servicemonitor.yaml | 8 +- .../exporters/kube-proxy/endpoints.yaml | 2 +- .../exporters/kube-proxy/service.yaml | 2 +- .../exporters/kube-proxy/servicemonitor.yaml | 8 +- .../exporters/kube-scheduler/endpoints.yaml | 2 +- .../exporters/kube-scheduler/service.yaml | 2 +- .../kube-scheduler/servicemonitor.yaml | 8 +- .../alertmanager-overview.yaml | 2 +- .../grafana/dashboards-1.14/apiserver.yaml | 4 +- .../dashboards-1.14/cluster-total.yaml | 4 +- .../dashboards-1.14/controller-manager.yaml | 4 +- .../dashboards-1.14/grafana-overview.yaml | 2 +- .../grafana/dashboards-1.14/k8s-coredns.yaml | 10 +- .../k8s-resources-cluster.yaml | 4 +- .../k8s-resources-multicluster.yaml | 4 +- .../k8s-resources-namespace.yaml | 4 +- .../dashboards-1.14/k8s-resources-node.yaml | 4 +- .../dashboards-1.14/k8s-resources-pod.yaml | 4 +- .../k8s-resources-windows-cluster.yaml | 2 +- .../k8s-resources-windows-namespace.yaml | 2 +- .../k8s-resources-workload.yaml | 4 +- .../k8s-resources-workloads-namespace.yaml | 4 +- .../grafana/dashboards-1.14/kubelet.yaml | 4 +- .../dashboards-1.14/namespace-by-pod.yaml | 4 +- .../namespace-by-workload.yaml | 4 +- .../node-cluster-rsrc-use.yaml | 4 +- .../dashboards-1.14/node-rsrc-use.yaml | 4 +- .../grafana/dashboards-1.14/nodes-darwin.yaml | 6 +- .../grafana/dashboards-1.14/nodes.yaml | 6 +- .../persistentvolumesusage.yaml | 4 +- .../grafana/dashboards-1.14/pod-total.yaml | 4 +- .../prometheus-remote-write.yaml | 2 +- .../grafana/dashboards-1.14/prometheus.yaml | 4 +- .../grafana/dashboards-1.14/proxy.yaml | 4 +- .../grafana/dashboards-1.14/scheduler.yaml | 4 +- .../dashboards-1.14/workload-total.yaml | 4 +- .../deployment/deployment.yaml | 5 + .../prometheus-operator/deployment.yaml | 17 +- .../prometheus-operator/serviceaccount.yaml | 1 + .../templates/prometheus/_rules.tpl | 14 +- .../templates/prometheus/clusterrole.yaml | 7 + .../rules-1.14/alertmanager.rules.yaml | 2 +- .../rules-1.14/config-reloaders.yaml | 2 +- .../prometheus/rules-1.14/general.rules.yaml | 2 +- ...les.container_cpu_usage_seconds_total.yaml | 2 +- .../k8s.rules.container_memory_cache.yaml | 2 +- .../k8s.rules.container_memory_rss.yaml | 2 +- .../k8s.rules.container_memory_swap.yaml | 2 +- ...es.container_memory_working_set_bytes.yaml | 2 +- .../k8s.rules.container_resource.yaml | 2 +- .../rules-1.14/k8s.rules.pod_owner.yaml | 2 +- .../kube-apiserver-availability.rules.yaml | 2 +- .../kube-apiserver-burnrate.rules.yaml | 2 +- .../kube-apiserver-histogram.rules.yaml | 2 +- .../rules-1.14/kube-apiserver-slos.yaml | 2 +- .../kube-prometheus-general.rules.yaml | 2 +- .../kube-prometheus-node-recording.rules.yaml | 2 +- .../rules-1.14/kube-scheduler.rules.yaml | 2 +- .../rules-1.14/kube-state-metrics.yaml | 2 +- .../prometheus/rules-1.14/kubelet.rules.yaml | 2 +- .../rules-1.14/kubernetes-apps.yaml | 2 +- .../rules-1.14/kubernetes-resources.yaml | 2 +- .../rules-1.14/kubernetes-storage.yaml | 2 +- .../kubernetes-system-apiserver.yaml | 2 +- .../kubernetes-system-controller-manager.yaml | 2 +- .../rules-1.14/kubernetes-system-kubelet.yaml | 2 +- .../kubernetes-system-scheduler.yaml | 2 +- .../rules-1.14/kubernetes-system.yaml | 2 +- .../rules-1.14/node-exporter.rules.yaml | 2 +- .../prometheus/rules-1.14/node-exporter.yaml | 2 +- .../prometheus/rules-1.14/node-network.yaml | 2 +- .../prometheus/rules-1.14/node.rules.yaml | 2 +- .../rules-1.14/prometheus-operator.yaml | 2 +- .../prometheus/rules-1.14/prometheus.yaml | 2 +- .../templates/prometheus/secret.yaml | 10 +- .../templates/prometheus/service.yaml | 2 +- .../templates/prometheus/serviceaccount.yaml | 1 + .../templates/prometheus/servicemonitor.yaml | 7 +- charts/kube-prometheus-stack/values.yaml | 139 +- charts/loki/Chart.lock | 8 +- charts/loki/Chart.yaml | 8 +- charts/loki/Makefile | 7 + charts/loki/README.md | 6 +- .../charts/grafana-agent-operator/Chart.yaml | 10 +- .../charts/grafana-agent-operator/README.md | 13 +- .../grafana-agent-operator/README.md.gotmpl | 2 +- .../monitoring.coreos.com_podmonitors.yaml | 101 +- .../crds/monitoring.coreos.com_probes.yaml | 94 +- ...monitoring.coreos.com_servicemonitors.yaml | 113 +- .../monitoring.grafana.com_grafanaagents.yaml | 2140 +++++++++----- .../monitoring.grafana.com_integrations.yaml | 927 +++--- .../monitoring.grafana.com_logsinstances.yaml | 113 +- ...nitoring.grafana.com_metricsinstances.yaml | 210 +- .../crds/monitoring.grafana.com_podlogs.yaml | 112 +- .../templates/operator-clusterrole.yaml | 7 + .../templates/operator-deployment.yaml | 11 + .../templates/operator-serviceaccount.yaml | 1 + .../charts/grafana-agent-operator/values.yaml | 15 +- charts/loki/charts/minio/Chart.yaml | 4 +- .../charts/minio/templates/_helper_policy.tpl | 10 + .../charts/minio/templates/deployment.yaml | 12 +- .../post-install-create-bucket-job.yaml | 9 + .../post-install-create-policy-job.yaml | 9 + .../post-install-create-user-job.yaml | 9 + .../minio/templates/servicemonitor.yaml | 58 +- .../charts/minio/templates/statefulset.yaml | 6 + charts/loki/charts/minio/values.yaml | 60 +- .../loki/docs/examples/enterprise/README.md | 17 +- .../enterprise/enterprise-secrets.yaml | 2 +- .../enterprise/overrides-enterprise-gcs.yaml | 8 +- charts/loki/reference.md.gotmpl | 6 +- charts/loki/src/.yamllint.yaml | 4 + charts/loki/src/alerts.yaml | 52 - charts/loki/src/alerts.yaml.tpl | 78 + charts/loki/src/dashboards/loki-chunks.json | 2 +- charts/loki/src/dashboards/loki-logs.json | 22 +- charts/loki/src/helm-test/Dockerfile | 6 +- charts/loki/src/helm-test/default.nix | 2 +- charts/loki/src/rules.yaml.tpl | 36 +- charts/loki/templates/_helpers.tpl | 321 ++- .../loki/templates/backend/clusterrole.yaml | 20 + .../templates/backend/clusterrolebinding.yaml | 24 + charts/loki/templates/backend/hpa.yaml | 50 + .../backend/poddisruptionbudget-backend.yaml | 3 +- .../backend/query-scheduler-discovery.yaml | 27 + .../backend/service-backend-headless.yaml | 19 +- .../templates/backend/service-backend.yaml | 19 +- .../backend/statefulset-backend.yaml | 125 +- .../loki/templates/ciliumnetworkpolicy.yaml | 238 ++ charts/loki/templates/config.yaml | 21 + charts/loki/templates/configmap.yaml | 11 - .../templates/gateway/configmap-gateway.yaml | 1 + .../templates/gateway/deployment-gateway.yaml | 21 + charts/loki/templates/gateway/hpa.yaml | 5 + .../templates/gateway/ingress-gateway.yaml | 8 +- .../gateway/poddisruptionbudget-gateway.yaml | 8 +- .../templates/gateway/secret-gateway.yaml | 1 + .../templates/gateway/service-gateway.yaml | 15 +- charts/loki/templates/ingress.yaml | 8 +- .../loki/templates/loki-canary/_helpers.tpl | 4 +- .../loki/templates/loki-canary/daemonset.yaml | 18 +- .../loki/templates/loki-canary/service.yaml | 14 + .../templates/loki-canary/serviceaccount.yaml | 3 +- .../monitoring/_helpers-monitoring.tpl | 18 +- .../monitoring/dashboards/configmap-1.yaml | 3 +- .../monitoring/dashboards/configmap-2.yaml | 3 +- .../templates/monitoring/grafana-agent.yaml | 10 + .../templates/monitoring/logs-instance.yaml | 1 + .../templates/monitoring/loki-alerts.yaml | 2 +- .../loki/templates/monitoring/pod-logs.yaml | 12 +- .../templates/monitoring/servicemonitor.yaml | 9 +- charts/loki/templates/networkpolicy.yaml | 17 +- charts/loki/templates/podsecuritypolicy.yaml | 5 + .../provisioner/job-provisioner.yaml | 28 +- .../provisioner/role-provisioner.yaml | 1 + .../provisioner/rolebinding-provisioner.yaml | 3 +- .../serviceaccount-provisioner.yaml | 2 +- .../loki/templates/read/deployment-read.yaml | 32 +- charts/loki/templates/read/hpa.yaml | 55 + .../read/poddisruptionbudget-read.yaml | 3 +- .../templates/read/service-read-headless.yaml | 19 +- charts/loki/templates/read/service-read.yaml | 19 +- .../loki/templates/read/statefulset-read.yaml | 35 +- charts/loki/templates/role.yaml | 11 +- charts/loki/templates/rolebinding.yaml | 3 +- charts/loki/templates/runtime-configmap.yaml | 3 +- charts/loki/templates/secret-license.yaml | 1 + charts/loki/templates/service-memberlist.yaml | 1 + charts/loki/templates/serviceaccount.yaml | 1 + charts/loki/templates/single-binary/hpa.yaml | 51 + charts/loki/templates/single-binary/pdb.yaml | 4 +- .../single-binary/service-headless.yaml | 17 +- .../loki/templates/single-binary/service.yaml | 18 +- .../templates/single-binary/statefulset.yaml | 32 +- .../deployment-table-manager.yaml | 20 +- .../table-manager/service-table-manager.yaml | 20 +- charts/loki/templates/tests/test-canary.yaml | 1 + .../tokengen/clusterrole-tokengen.yaml | 2 +- .../tokengen/clusterrolebinding-tokengen.yaml | 2 +- .../loki/templates/tokengen/job-tokengen.yaml | 16 +- .../tokengen/serviceaccount-tokengen.yaml | 2 +- charts/loki/templates/write/hpa.yaml | 51 + .../write/poddisruptionbudget-write.yaml | 3 +- .../write/service-write-headless.yaml | 19 +- .../loki/templates/write/service-write.yaml | 19 +- .../templates/write/statefulset-write.yaml | 60 +- charts/loki/values.yaml | 531 +++- charts/vector/Chart.yaml | 8 +- charts/vector/README.md | 17 +- charts/vector/ci/aggregator-all-values.yaml | 4 + .../vector/docs/Migrate_from_vector-agent.md | 2 +- charts/vector/templates/_pod.tpl | 39 +- charts/vector/templates/configmap.yaml | 2 +- charts/vector/templates/daemonset.yaml | 3 + charts/vector/templates/deployment.yaml | 3 + charts/vector/templates/extra-manifests.yaml | 4 + charts/vector/templates/hpa.yaml | 2 + charts/vector/templates/podmonitor.yaml | 10 + charts/vector/templates/service-headless.yaml | 6 + charts/vector/templates/statefulset.yaml | 7 + charts/vector/values.yaml | 78 +- roles/defaults/vars/main.yml | 20 +- vendir.lock.yml | 12 +- vendir.yml | 6 +- 240 files changed, 10000 insertions(+), 2767 deletions(-) create mode 100644 charts/kube-prometheus-stack/.editorconfig create mode 100644 charts/loki/Makefile create mode 100644 charts/loki/src/.yamllint.yaml delete mode 100644 charts/loki/src/alerts.yaml create mode 100644 charts/loki/src/alerts.yaml.tpl create mode 100644 charts/loki/templates/backend/clusterrole.yaml create mode 100644 charts/loki/templates/backend/clusterrolebinding.yaml create mode 100644 charts/loki/templates/backend/hpa.yaml create mode 100644 charts/loki/templates/backend/query-scheduler-discovery.yaml create mode 100644 charts/loki/templates/ciliumnetworkpolicy.yaml create mode 100644 charts/loki/templates/config.yaml delete mode 100644 charts/loki/templates/configmap.yaml create mode 100644 charts/loki/templates/read/hpa.yaml create mode 100644 charts/loki/templates/single-binary/hpa.yaml create mode 100644 charts/loki/templates/write/hpa.yaml create mode 100644 charts/vector/templates/extra-manifests.yaml diff --git a/charts/kube-prometheus-stack/.editorconfig b/charts/kube-prometheus-stack/.editorconfig new file mode 100644 index 000000000..f5ee2f461 --- /dev/null +++ b/charts/kube-prometheus-stack/.editorconfig @@ -0,0 +1,5 @@ +root = true + +[files/dashboards/*.json] +indent_size = 2 +indent_style = space \ No newline at end of file diff --git a/charts/kube-prometheus-stack/.helmignore b/charts/kube-prometheus-stack/.helmignore index 1937f42c7..9bdbec92b 100644 --- a/charts/kube-prometheus-stack/.helmignore +++ b/charts/kube-prometheus-stack/.helmignore @@ -26,3 +26,4 @@ ci/ kube-prometheus-*.tgz unittests/ +files/dashboards/ diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index 43788fa68..1cfc76228 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -4,15 +4,15 @@ dependencies: version: 0.0.0 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 5.16.0 + version: 5.18.1 - name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 4.30.2 + version: 4.32.0 - name: grafana repository: https://grafana.github.io/helm-charts - version: 7.3.1 + version: 7.3.7 - name: prometheus-windows-exporter repository: https://prometheus-community.github.io/helm-charts version: 0.3.1 -digest: sha256:1c7cb74fde9c43f6d2529e9b6001621c72649a8cb1cf00e02e20e24f291c436d -generated: "2024-02-22T12:16:23.259801305Z" +digest: sha256:e76569873a8180bd8cd6fa3c763df5254d31ad3850fc19b4e1177cf284ee475b +generated: "2024-04-06T20:24:42.162947923Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 345050320..85e9d8964 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -7,7 +7,7 @@ annotations: url: https://github.com/prometheus-operator/kube-prometheus artifacthub.io/operator: "true" apiVersion: v2 -appVersion: v0.71.2 +appVersion: v0.73.0 dependencies: - condition: crds.enabled name: crds @@ -16,11 +16,11 @@ dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 5.16.* + version: 5.18.* - condition: nodeExporter.enabled name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 4.30.* + version: 4.32.* - condition: grafana.enabled name: grafana repository: https://grafana.github.io/helm-charts @@ -62,4 +62,4 @@ sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus type: application -version: 56.9.0 +version: 58.0.0 diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index 1b9ad7cd8..89c97d0da 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -82,6 +82,44 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. +### From 57.x to 58.x + +This version upgrades Prometheus-Operator to v0.73.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 56.x to 57.x + +This version upgrades Prometheus-Operator to v0.72.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + ### From 55.x to 56.x This version upgrades Prometheus-Operator to v0.71.0, Prometheus to 2.49.1 diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml index ce64b9bc3..88812b96b 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -166,7 +166,7 @@ spec: by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March') - pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$) type: string type: array times: @@ -1196,6 +1196,10 @@ spec: sendResolved: description: Whether to notify about resolved alerts. type: boolean + summary: + description: Message summary template. It requires Alertmanager + >= 0.27.0. + type: string text: description: Message body template. type: string diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml index 5feaee175..bbe74c2bb 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -310,7 +310,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -360,6 +361,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -470,7 +509,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -516,6 +556,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -619,7 +696,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -669,6 +747,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -779,7 +895,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -825,6 +942,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -1011,9 +1165,10 @@ spec: type: object x-kubernetes-map-type: atomic alertmanagerConfiguration: - description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the - configuration of Alertmanager. If defined, it takes precedence over - the `configSecret` field. This field may change in future releases.' + description: "alertmanagerConfiguration specifies the configuration + of Alertmanager. \n If defined, it takes precedence over the `configSecret` + field. \n This is an *experimental feature*, it may change in any + upcoming release in a breaking way." properties: global: description: Defines the global parameters of the Alertmanager @@ -1910,6 +2065,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -2008,6 +2175,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -2912,6 +3091,15 @@ spec: - name type: object type: array + enableFeatures: + description: "Enable access to Alertmanager feature flags. By default, + no features are enabled. Enabling features which are disabled by + default is entirely outside the scope of what the maintainers will + support and by doing so, you accept that this behaviour may break + at any time without notice. \n It requires Alertmanager >= 0.27.0." + items: + type: string + type: array externalUrl: description: The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary @@ -3268,6 +3456,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -3366,6 +3566,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -4786,30 +4998,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4888,6 +5076,27 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update + the volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the + claim is created. An empty string value means that + no VolumeAttributesClass will be applied to the + claim but it''s not allowed to reset this field + to empty string once it is set. If unspecified and + the PersistentVolumeClaim is unbound, the default + VolumeAttributesClass will be set by the persistentvolume + controller if it exists. If the resource referred + to by volumeAttributesClass does not exist, this + PersistentVolumeClaim will be set to a Pending state, + as reflected by the modifyVolumeStatus field, until + such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is @@ -5054,30 +5263,6 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5154,6 +5339,26 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used to + set the VolumeAttributesClass used by this claim. If + specified, the CSI driver will create or update the + volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the claim + is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed to + reset this field to empty string once it is set. If + unspecified and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will be set by the + persistentvolume controller if it exists. If the resource + referred to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to a Pending + state, as reflected by the modifyVolumeStatus field, + until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied @@ -5301,6 +5506,42 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName is the current + name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied + to this PersistentVolumeClaim This is an alpha field + and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents the status + object of ControllerModifyVolume operation. When this + is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status of the ControllerModifyVolume + operation. It can be in any of following states: + - Pending Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as the specified VolumeAttributesClass not existing. + - InProgress InProgress indicates that the volume + is being modified. - Infeasible Infeasible indicates + that the request has been rejected as invalid by + the CSI driver. To resolve the error, a valid VolumeAttributesClass + needs to be specified. Note: New statuses can be + added in the future. Consumers should check for + unknown statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string @@ -6126,31 +6367,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6233,6 +6449,28 @@ spec: StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this + claim. If specified, the CSI driver will create + or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This + has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed + to reset this field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected by the + modifyVolumeStatus field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem @@ -6607,6 +6845,102 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access + the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name and + a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into the + pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates + are deduplicated. The ordering of certificates within + the file is arbitrary, and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles that + match this label selector. Only has effect + if signerName is set. Mutually-exclusive with + name. If unset, interpreted as "match nothing". If + set but empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named ClusterTrustBundle + is allowed not to exist. If using signerName, + then the combination of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles that + match this signer name. Mutually-exclusive with + name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml index 4b4a8c3b2..b9dd4145c 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -50,6 +50,12 @@ spec: permission on the `Nodes` objects. type: boolean type: object + bodySizeLimit: + description: "When defined, bodySizeLimit specifies a job level limit + on the size of uncompressed response body that will be accepted + by Prometheus. \n It requires Prometheus >= v2.28.0." + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string jobLabel: description: "The label to use to retrieve the job name from. `jobLabel` selects the label from the associated Kubernetes `Pod` object which @@ -660,6 +666,28 @@ spec: of scraped samples that will be accepted.' format: int64 type: integer + scrapeClass: + description: The scrape class to apply. + minLength: 1 + type: string + scrapeProtocols: + description: "`scrapeProtocols` defines the protocols to negotiate + during a scrape. It tells clients the protocols supported by Prometheus + in order of preference (from most to least preferred). \n If unset, + Prometheus uses its default value. \n It requires Prometheus >= + v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol used by Prometheus + for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + type: string + type: array + x-kubernetes-list-type: set selector: description: Label selector to select the Kubernetes `Pod` objects. properties: diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml index 54b141804..fb8fbdc7d 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -362,6 +362,28 @@ spec: samples that will be accepted. format: int64 type: integer + scrapeClass: + description: The scrape class to apply. + minLength: 1 + type: string + scrapeProtocols: + description: "`scrapeProtocols` defines the protocols to negotiate + during a scrape. It tells clients the protocols supported by Prometheus + in order of preference (from most to least preferred). \n If unset, + Prometheus uses its default value. \n It requires Prometheus >= + v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol used by Prometheus + for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + type: string + type: array + x-kubernetes-list-type: set scrapeTimeout: description: Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml index d573b95d1..6926a2ff1 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -357,7 +357,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -407,6 +408,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -517,7 +556,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -563,6 +603,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -666,7 +743,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -716,6 +794,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -826,7 +942,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -872,6 +989,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -1503,6 +1657,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -1601,6 +1767,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -2583,9 +2761,9 @@ spec: limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and - less than than `spec.enforcedSampleLimit`. \n It is meant to be - used by admins to keep the overall number of samples/series under - a desired limit." + less than `spec.enforcedSampleLimit`. \n It is meant to be used + by admins to keep the overall number of samples/series under a desired + limit." format: int64 type: integer enforcedTargetLimit: @@ -3010,6 +3188,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -3108,6 +3298,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -4201,17 +4403,17 @@ spec: type: object x-kubernetes-map-type: atomic podMonitorSelector: - description: "*Experimental* PodMonitors to be selected for target - discovery. An empty label selector matches all objects. A null label - selector matches no objects. \n If `spec.serviceMonitorSelector`, - `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` - are null, the Prometheus configuration is unmanaged. The Prometheus - operator will ensure that the Prometheus configuration's Secret - exists, but it is the responsibility of the user to provide the - raw gzipped Prometheus configuration under the `prometheus.yaml.gz` - key. This behavior is *deprecated* and will be removed in the next - major version of the custom resource definition. It is recommended - to use `spec.additionalScrapeConfigs` instead." + description: "PodMonitors to be selected for target discovery. An + empty label selector matches all objects. A null label selector + matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the + Prometheus configuration is unmanaged. The Prometheus operator will + ensure that the Prometheus configuration's Secret exists, but it + is the responsibility of the user to provide the raw gzipped Prometheus + configuration under the `prometheus.yaml.gz` key. This behavior + is *deprecated* and will be removed in the next major version of + the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` + instead." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -4270,9 +4472,9 @@ spec: description: Priority class assigned to the Pods. type: string probeNamespaceSelector: - description: '*Experimental* Namespaces to match for Probe discovery. - An empty label selector matches all namespaces. A null label selector - matches the current namespace only.' + description: Namespaces to match for Probe discovery. An empty label + selector matches all namespaces. A null label selector matches the + current namespace only. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -4317,9 +4519,9 @@ spec: type: object x-kubernetes-map-type: atomic probeSelector: - description: "*Experimental* Probes to be selected for target discovery. - An empty label selector matches all objects. A null label selector - matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + description: "Probes to be selected for target discovery. An empty + label selector matches all objects. A null label selector matches + no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it @@ -4684,6 +4886,7 @@ spec: batchSendDeadline: description: BatchSendDeadline is the maximum time a sample will wait in buffer. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string capacity: description: Capacity is the number of samples to buffer @@ -4691,6 +4894,7 @@ spec: type: integer maxBackoff: description: MaxBackoff is the maximum retry delay. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string maxRetries: description: MaxRetries is the maximum number of times to @@ -4707,16 +4911,23 @@ spec: minBackoff: description: MinBackoff is the initial retry delay. Gets doubled for every retry. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string minShards: description: MinShards is the minimum number of shards, i.e. amount of concurrency. type: integer retryOnRateLimit: - description: Retry upon receiving a 429 status code from - the remote-write storage. This is experimental feature - and might change in the future. + description: "Retry upon receiving a 429 status code from + the remote-write storage. \n This is an *experimental + feature*, it may change in any upcoming release in a breaking + way." type: boolean + sampleAgeLimit: + description: SampleAgeLimit drops samples older than the + limit. It requires Prometheus >= v2.50.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string type: object remoteTimeout: description: Timeout for requests to the remote write endpoint. @@ -5077,10 +5288,247 @@ spec: 2.45.0 and newer. format: int64 type: integer + scrapeClasses: + description: "List of scrape classes to expose to scraping objects + such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. + \n This is an *experimental feature*, it may change in any upcoming + release in a breaking way." + items: + properties: + default: + description: "Default indicates that the scrape applies to all + scrape objects that don't configure an explicit scrape class + name. \n Only one scrape class can be set as default." + type: boolean + name: + description: Name of the scrape class. + minLength: 1 + type: string + relabelings: + description: "Relabelings configures the relabeling rules to + apply to all scrape targets. \n The Operator automatically + adds relabelings for a few standard Kubernetes fields like + `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. + Then the Operator adds the scrape class relabelings defined + here. Then the Operator adds the target-specific relabelings + defined in the scrape object. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + items: + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + Separator and matched against the configured regular + expression. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." + type: string + type: object + type: array + tlsConfig: + description: TLSConfig section for scrapes. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map scrapeConfigNamespaceSelector: - description: Namespaces to match for ScrapeConfig discovery. An empty + description: "Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches - the current current namespace only. + the current namespace only. \n Note that the ScrapeConfig custom + resource definition is currently at Alpha level." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -5125,17 +5573,18 @@ spec: type: object x-kubernetes-map-type: atomic scrapeConfigSelector: - description: "*Experimental* ScrapeConfigs to be selected for target - discovery. An empty label selector matches all objects. A null label - selector matches no objects. \n If `spec.serviceMonitorSelector`, - `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` - are null, the Prometheus configuration is unmanaged. The Prometheus - operator will ensure that the Prometheus configuration's Secret - exists, but it is the responsibility of the user to provide the - raw gzipped Prometheus configuration under the `prometheus.yaml.gz` - key. This behavior is *deprecated* and will be removed in the next - major version of the custom resource definition. It is recommended - to use `spec.additionalScrapeConfigs` instead." + description: "ScrapeConfigs to be selected for target discovery. An + empty label selector matches all objects. A null label selector + matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the + Prometheus configuration is unmanaged. The Prometheus operator will + ensure that the Prometheus configuration's Secret exists, but it + is the responsibility of the user to provide the raw gzipped Prometheus + configuration under the `prometheus.yaml.gz` key. This behavior + is *deprecated* and will be removed in the next major version of + the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` + instead. \n Note that the ScrapeConfig custom resource definition + is currently at Alpha level." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -5184,6 +5633,23 @@ spec: description: "Interval between consecutive scrapes. \n Default: \"30s\"" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scrapeProtocols: + description: "The protocols to negotiate during a scrape. It tells + clients the protocols supported by Prometheus in order of preference + (from most to least preferred). \n If unset, Prometheus uses its + default value. \n It requires Prometheus >= v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol used by Prometheus + for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + type: string + type: array + x-kubernetes-list-type: set scrapeTimeout: description: Number of seconds to wait until a scrape request times out. @@ -5472,13 +5938,13 @@ spec: type: object x-kubernetes-map-type: atomic shards: - description: "EXPERIMENTAL: Number of shards to distribute targets - onto. `spec.replicas` multiplied by `spec.shards` is the total number - of Pods created. \n Note that scaling down shards will not reshard - data onto remaining instances, it must be manually moved. Increasing - shards will not reshard data either but it will continue to be available - from the same instances. To query globally, use Thanos sidecar and - Thanos querier or remote write data to a central location. \n Sharding + description: "Number of shards to distribute targets onto. `spec.replicas` + multiplied by `spec.shards` is the total number of Pods created. + \n Note that scaling down shards will not reshard data onto remaining + instances, it must be manually moved. Increasing shards will not + reshard data either but it will continue to be available from the + same instances. To query globally, use Thanos sidecar and Thanos + querier or remote write data to a central location. \n Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. \n Default: 1" @@ -5662,30 +6128,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5764,6 +6206,27 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update + the volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the + claim is created. An empty string value means that + no VolumeAttributesClass will be applied to the + claim but it''s not allowed to reset this field + to empty string once it is set. If unspecified and + the PersistentVolumeClaim is unbound, the default + VolumeAttributesClass will be set by the persistentvolume + controller if it exists. If the resource referred + to by volumeAttributesClass does not exist, this + PersistentVolumeClaim will be set to a Pending state, + as reflected by the modifyVolumeStatus field, until + such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is @@ -5930,30 +6393,6 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6030,6 +6469,26 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used to + set the VolumeAttributesClass used by this claim. If + specified, the CSI driver will create or update the + volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the claim + is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed to + reset this field to empty string once it is set. If + unspecified and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will be set by the + persistentvolume controller if it exists. If the resource + referred to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to a Pending + state, as reflected by the modifyVolumeStatus field, + until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied @@ -6177,6 +6636,42 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName is the current + name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied + to this PersistentVolumeClaim This is an alpha field + and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents the status + object of ControllerModifyVolume operation. When this + is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status of the ControllerModifyVolume + operation. It can be in any of following states: + - Pending Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as the specified VolumeAttributesClass not existing. + - InProgress InProgress indicates that the volume + is being modified. - Infeasible Infeasible indicates + that the request has been rejected as invalid by + the CSI driver. To resolve the error, a valid VolumeAttributesClass + needs to be specified. Note: New statuses can be + added in the future. Consumers should check for + unknown statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string @@ -6407,9 +6902,9 @@ spec: type: object type: array tracingConfig: - description: 'EXPERIMENTAL: TracingConfig configures tracing in Prometheus. - This is an experimental feature, it may change in any upcoming release - in a breaking way.' + description: "TracingConfig configures tracing in Prometheus. \n This + is an *experimental feature*, it may change in any upcoming release + in a breaking way." properties: clientType: description: Client used to export the traces. Supported values @@ -7191,31 +7686,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7298,6 +7768,28 @@ spec: StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this + claim. If specified, the CSI driver will create + or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This + has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed + to reset this field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected by the + modifyVolumeStatus field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem @@ -7672,6 +8164,102 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access + the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name and + a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into the + pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates + are deduplicated. The ordering of certificates within + the file is arbitrary, and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles that + match this label selector. Only has effect + if signerName is set. Mutually-exclusive with + name. If unset, interpreted as "match nothing". If + set but empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named ClusterTrustBundle + is allowed not to exist. If using signerName, + then the combination of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles that + match this signer name. Mutually-exclusive with + name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml index 4b9dc337e..927fa2e9a 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -411,7 +411,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -461,6 +462,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -571,7 +610,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -617,6 +657,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -720,7 +797,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -770,6 +848,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -880,7 +996,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -926,6 +1043,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -1904,6 +2058,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -2002,6 +2168,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -2995,9 +3173,9 @@ spec: limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and - less than than `spec.enforcedSampleLimit`. \n It is meant to be - used by admins to keep the overall number of samples/series under - a desired limit." + less than `spec.enforcedSampleLimit`. \n It is meant to be used + by admins to keep the overall number of samples/series under a desired + limit." format: int64 type: integer enforcedTargetLimit: @@ -3441,6 +3619,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -3539,6 +3729,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -4632,17 +4834,17 @@ spec: type: object x-kubernetes-map-type: atomic podMonitorSelector: - description: "*Experimental* PodMonitors to be selected for target - discovery. An empty label selector matches all objects. A null label - selector matches no objects. \n If `spec.serviceMonitorSelector`, - `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` - are null, the Prometheus configuration is unmanaged. The Prometheus - operator will ensure that the Prometheus configuration's Secret - exists, but it is the responsibility of the user to provide the - raw gzipped Prometheus configuration under the `prometheus.yaml.gz` - key. This behavior is *deprecated* and will be removed in the next - major version of the custom resource definition. It is recommended - to use `spec.additionalScrapeConfigs` instead." + description: "PodMonitors to be selected for target discovery. An + empty label selector matches all objects. A null label selector + matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the + Prometheus configuration is unmanaged. The Prometheus operator will + ensure that the Prometheus configuration's Secret exists, but it + is the responsibility of the user to provide the raw gzipped Prometheus + configuration under the `prometheus.yaml.gz` key. This behavior + is *deprecated* and will be removed in the next major version of + the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` + instead." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -4701,9 +4903,9 @@ spec: description: Priority class assigned to the Pods. type: string probeNamespaceSelector: - description: '*Experimental* Namespaces to match for Probe discovery. - An empty label selector matches all namespaces. A null label selector - matches the current namespace only.' + description: Namespaces to match for Probe discovery. An empty label + selector matches all namespaces. A null label selector matches the + current namespace only. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -4748,9 +4950,9 @@ spec: type: object x-kubernetes-map-type: atomic probeSelector: - description: "*Experimental* Probes to be selected for target discovery. - An empty label selector matches all objects. A null label selector - matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + description: "Probes to be selected for target discovery. An empty + label selector matches all objects. A null label selector matches + no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it @@ -5538,6 +5740,7 @@ spec: batchSendDeadline: description: BatchSendDeadline is the maximum time a sample will wait in buffer. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string capacity: description: Capacity is the number of samples to buffer @@ -5545,6 +5748,7 @@ spec: type: integer maxBackoff: description: MaxBackoff is the maximum retry delay. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string maxRetries: description: MaxRetries is the maximum number of times to @@ -5561,16 +5765,23 @@ spec: minBackoff: description: MinBackoff is the initial retry delay. Gets doubled for every retry. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string minShards: description: MinShards is the minimum number of shards, i.e. amount of concurrency. type: integer retryOnRateLimit: - description: Retry upon receiving a 429 status code from - the remote-write storage. This is experimental feature - and might change in the future. + description: "Retry upon receiving a 429 status code from + the remote-write storage. \n This is an *experimental + feature*, it may change in any upcoming release in a breaking + way." type: boolean + sampleAgeLimit: + description: SampleAgeLimit drops samples older than the + limit. It requires Prometheus >= v2.50.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string type: object remoteTimeout: description: Timeout for requests to the remote write endpoint. @@ -6057,10 +6268,247 @@ spec: 2.45.0 and newer. format: int64 type: integer + scrapeClasses: + description: "List of scrape classes to expose to scraping objects + such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. + \n This is an *experimental feature*, it may change in any upcoming + release in a breaking way." + items: + properties: + default: + description: "Default indicates that the scrape applies to all + scrape objects that don't configure an explicit scrape class + name. \n Only one scrape class can be set as default." + type: boolean + name: + description: Name of the scrape class. + minLength: 1 + type: string + relabelings: + description: "Relabelings configures the relabeling rules to + apply to all scrape targets. \n The Operator automatically + adds relabelings for a few standard Kubernetes fields like + `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. + Then the Operator adds the scrape class relabelings defined + here. Then the Operator adds the target-specific relabelings + defined in the scrape object. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + items: + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + Separator and matched against the configured regular + expression. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." + type: string + type: object + type: array + tlsConfig: + description: TLSConfig section for scrapes. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map scrapeConfigNamespaceSelector: - description: Namespaces to match for ScrapeConfig discovery. An empty + description: "Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches - the current current namespace only. + the current namespace only. \n Note that the ScrapeConfig custom + resource definition is currently at Alpha level." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -6105,17 +6553,18 @@ spec: type: object x-kubernetes-map-type: atomic scrapeConfigSelector: - description: "*Experimental* ScrapeConfigs to be selected for target - discovery. An empty label selector matches all objects. A null label - selector matches no objects. \n If `spec.serviceMonitorSelector`, - `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` - are null, the Prometheus configuration is unmanaged. The Prometheus - operator will ensure that the Prometheus configuration's Secret - exists, but it is the responsibility of the user to provide the - raw gzipped Prometheus configuration under the `prometheus.yaml.gz` - key. This behavior is *deprecated* and will be removed in the next - major version of the custom resource definition. It is recommended - to use `spec.additionalScrapeConfigs` instead." + description: "ScrapeConfigs to be selected for target discovery. An + empty label selector matches all objects. A null label selector + matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the + Prometheus configuration is unmanaged. The Prometheus operator will + ensure that the Prometheus configuration's Secret exists, but it + is the responsibility of the user to provide the raw gzipped Prometheus + configuration under the `prometheus.yaml.gz` key. This behavior + is *deprecated* and will be removed in the next major version of + the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` + instead. \n Note that the ScrapeConfig custom resource definition + is currently at Alpha level." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -6164,6 +6613,23 @@ spec: description: "Interval between consecutive scrapes. \n Default: \"30s\"" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scrapeProtocols: + description: "The protocols to negotiate during a scrape. It tells + clients the protocols supported by Prometheus in order of preference + (from most to least preferred). \n If unset, Prometheus uses its + default value. \n It requires Prometheus >= v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol used by Prometheus + for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + type: string + type: array + x-kubernetes-list-type: set scrapeTimeout: description: Number of seconds to wait until a scrape request times out. @@ -6456,13 +6922,13 @@ spec: digest can be specified as part of the image name.' type: string shards: - description: "EXPERIMENTAL: Number of shards to distribute targets - onto. `spec.replicas` multiplied by `spec.shards` is the total number - of Pods created. \n Note that scaling down shards will not reshard - data onto remaining instances, it must be manually moved. Increasing - shards will not reshard data either but it will continue to be available - from the same instances. To query globally, use Thanos sidecar and - Thanos querier or remote write data to a central location. \n Sharding + description: "Number of shards to distribute targets onto. `spec.replicas` + multiplied by `spec.shards` is the total number of Pods created. + \n Note that scaling down shards will not reshard data onto remaining + instances, it must be manually moved. Increasing shards will not + reshard data either but it will continue to be available from the + same instances. To query globally, use Thanos sidecar and Thanos + querier or remote write data to a central location. \n Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. \n Default: 1" @@ -6646,30 +7112,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6748,6 +7190,27 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update + the volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the + claim is created. An empty string value means that + no VolumeAttributesClass will be applied to the + claim but it''s not allowed to reset this field + to empty string once it is set. If unspecified and + the PersistentVolumeClaim is unbound, the default + VolumeAttributesClass will be set by the persistentvolume + controller if it exists. If the resource referred + to by volumeAttributesClass does not exist, this + PersistentVolumeClaim will be set to a Pending state, + as reflected by the modifyVolumeStatus field, until + such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is @@ -6914,30 +7377,6 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7014,6 +7453,26 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used to + set the VolumeAttributesClass used by this claim. If + specified, the CSI driver will create or update the + volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the claim + is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed to + reset this field to empty string once it is set. If + unspecified and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will be set by the + persistentvolume controller if it exists. If the resource + referred to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to a Pending + state, as reflected by the modifyVolumeStatus field, + until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied @@ -7161,6 +7620,42 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName is the current + name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied + to this PersistentVolumeClaim This is an alpha field + and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents the status + object of ControllerModifyVolume operation. When this + is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status of the ControllerModifyVolume + operation. It can be in any of following states: + - Pending Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as the specified VolumeAttributesClass not existing. + - InProgress InProgress indicates that the volume + is being modified. - Infeasible Infeasible indicates + that the request has been rejected as invalid by + the CSI driver. To resolve the error, a valid VolumeAttributesClass + needs to be specified. Note: New statuses can be + added in the future. Consumers should check for + unknown statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string @@ -7178,9 +7673,7 @@ spec: format: int64 type: integer thanos: - description: "Defines the configuration of the optional Thanos sidecar. - \n This section is experimental, it may change significantly without - deprecation notice in any release." + description: Defines the configuration of the optional Thanos sidecar. properties: additionalArgs: description: AdditionalArgs allows setting additional arguments @@ -7500,10 +7993,10 @@ spec: type: string tracingConfig: description: "Defines the tracing configuration for the Thanos - sidecar. \n More info: https://thanos.io/tip/thanos/tracing.md/ - \n This is an experimental feature, it may change in any upcoming - release in a breaking way. \n tracingConfigFile takes precedence - over this field." + sidecar. \n `tracingConfigFile` takes precedence over this field. + \n More info: https://thanos.io/tip/thanos/tracing.md/ \n This + is an *experimental feature*, it may change in any upcoming + release in a breaking way." properties: key: description: The key of the secret to select from. Must be @@ -7523,10 +8016,10 @@ spec: x-kubernetes-map-type: atomic tracingConfigFile: description: "Defines the tracing configuration file for the Thanos - sidecar. \n More info: https://thanos.io/tip/thanos/tracing.md/ - \n This is an experimental feature, it may change in any upcoming - release in a breaking way. \n This field takes precedence over - tracingConfig." + sidecar. \n This field takes precedence over `tracingConfig`. + \n More info: https://thanos.io/tip/thanos/tracing.md/ \n This + is an *experimental feature*, it may change in any upcoming + release in a breaking way." type: string version: description: "Version of Thanos being deployed. The operator uses @@ -7796,9 +8289,9 @@ spec: type: object type: array tracingConfig: - description: 'EXPERIMENTAL: TracingConfig configures tracing in Prometheus. - This is an experimental feature, it may change in any upcoming release - in a breaking way.' + description: "TracingConfig configures tracing in Prometheus. \n This + is an *experimental feature*, it may change in any upcoming release + in a breaking way." properties: clientType: description: Client used to export the traces. Supported values @@ -7982,9 +8475,9 @@ spec: description: "Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. \n An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of - the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). \n Out - of order ingestion is an experimental feature. \n It requires - Prometheus >= v2.39.0." + the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). \n This + is an *experimental feature*, it may change in any upcoming + release in a breaking way. \n It requires Prometheus >= v2.39.0." pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object @@ -8594,31 +9087,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8701,6 +9169,28 @@ spec: StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this + claim. If specified, the CSI driver will create + or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This + has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed + to reset this field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected by the + modifyVolumeStatus field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem @@ -9075,6 +9565,102 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access + the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name and + a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into the + pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates + are deduplicated. The ordering of certificates within + the file is arbitrary, and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles that + match this label selector. Only has effect + if signerName is set. Mutually-exclusive with + name. If unset, interpreted as "match nothing". If + set but empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named ClusterTrustBundle + is allowed not to exist. If using signerName, + then the combination of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles that + match this signer name. Mutually-exclusive with + name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml index fb2270cda..a58be373e 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml index 9abe8f85e..4eff248cf 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -604,225 +604,1919 @@ spec: - server type: object type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: DNSSDConfig allows specifying a set of DNS domain names - which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - type: string - minItems: 1 - type: array - port: - description: The port number used if the query type is not SRV - Ignored for SRV records - type: integer - refreshInterval: - description: RefreshInterval configures the time after which - the provided names are refreshed. If not set, Prometheus uses - its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: The type of DNS query to perform. One of SRV, A, - AAAA or MX. If not set, Prometheus uses its default value. - enum: - - SRV - - A - - AAAA - - MX - type: string - required: - - names - type: object - type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: - description: EC2SDConfig allow retrieving scrape targets from AWS - EC2 instances. The private IP address is used by default, but - may be changed to the public IP address with relabeling. The IAM - credentials used must have the ec2:DescribeInstances permission - to discover scrape targets See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + description: DigitalOceanSDConfig allow retrieving scrape targets + from DigitalOcean's Droplets API. This service discovery uses + the public IPv4 address by default, by that can be changed with + relabeling See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the DigitalOcean API. Cannot be set at the same time + as `oauth2`. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: "`noProxy` is a comma-separated string that can + contain IPs, CIDR notation, domain names that should be excluded + from proxying. IP and domain names can contain port numbers. + \n It requires Prometheus >= v2.43.0." + type: string + oauth2: + description: Optional OAuth 2.0 configuration. Cannot be set + at the same time as `authorization`. + properties: + clientId: + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean required: - - key + - clientId + - clientSecret + - tokenUrl type: object - x-kubernetes-map-type: atomic - filters: - description: 'Filters can be used optionally to filter the instance - list by other criteria. Available filter criteria can be found - here: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html' - items: - description: EC2Filter is the configuration for filtering - EC2 instances. + port: + description: The port to scrape metrics from. + type: integer + proxyConnectHeader: + additionalProperties: + description: SecretKeySelector selects a key of a Secret. properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - values: - items: - type: string - type: array + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean required: - - name - - values + - key type: object - type: array - port: - description: The port to scrape metrics from. If using the public - IP address, this must instead be specified in the relabeling - rule. - type: integer + x-kubernetes-map-type: atomic + description: "ProxyConnectHeader optionally specifies headers + to send to proxies during CONNECT requests. \n It requires + Prometheus >= v2.43.0." + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined + by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + If unset, Prometheus uses its default value. \n It requires + Prometheus >= v2.43.0." + type: boolean + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use. + \n It requires Prometheus >= v2.43.0." + pattern: ^http(s)?://.+$ + type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. - type: string - secretKey: - description: SecretKey is the AWS API secret. + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: DNSSDConfig allows specifying a set of DNS domain names + which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + type: string + minItems: 1 + type: array + port: + description: The port number used if the query type is not SRV + Ignored for SRV records + type: integer + refreshInterval: + description: RefreshInterval configures the time after which + the provided names are refreshed. If not set, Prometheus uses + its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: "The type of DNS query to perform. One of SRV, + A, AAAA, MX or NS. If not set, Prometheus uses its default + value. \n When set to NS, It requires Prometheus >= 2.49.0." + enum: + - SRV + - A + - AAAA + - MX + - NS + type: string + required: + - names + type: object + type: array + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. + items: + description: Docker SD configurations allow retrieving scrape targets + from Docker Engine hosts. This SD discovers "containers" and will + create a target for each network IP and port the container is + configured to expose. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + properties: + authorization: + description: Authorization header configuration to authenticate + against the Docker API. Cannot be set at the same time as + `oauth2`. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: '`password` specifies a key of a Secret containing + the password for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a Secret containing + the username for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + filters: + description: Optional filters to limit the discovery process + to a subset of the available resources. + items: + description: DockerFilter is the configuration to limit the + discovery process to a subset of available resources. + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + host: + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. + type: string + noProxy: + description: "`noProxy` is a comma-separated string that can + contain IPs, CIDR notation, domain names that should be excluded + from proxying. IP and domain names can contain port numbers. + \n It requires Prometheus >= v2.43.0." + type: string + oauth2: + description: Optional OAuth 2.0 configuration. Cannot be set + at the same time as `authorization`. + properties: + clientId: + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: The port to scrape metrics from. + type: integer + proxyConnectHeader: + additionalProperties: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + description: "ProxyConnectHeader optionally specifies headers + to send to proxies during CONNECT requests. \n It requires + Prometheus >= v2.43.0." + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined + by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + If unset, Prometheus uses its default value. \n It requires + Prometheus >= v2.43.0." + type: boolean + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use. + \n It requires Prometheus >= v2.43.0." + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: Time after which the container is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: EC2SDConfig allow retrieving scrape targets from AWS + EC2 instances. The private IP address is used by default, but + may be changed to the public IP address with relabeling. The IAM + credentials used must have the ec2:DescribeInstances permission + to discover scrape targets See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + filters: + description: 'Filters can be used optionally to filter the instance + list by other criteria. Available filter criteria can be found + here: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html' + items: + description: EC2Filter is the configuration for filtering + EC2 instances. + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + port: + description: The port to scrape metrics from. If using the public + IP address, this must instead be specified in the relabeling + rule. + type: integer + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + enableCompression: + description: "When false, Prometheus will request uncompressed response + from the scraped target. \n It requires Prometheus >= v2.49.0. \n + If unset, Prometheus uses true by default." + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: Eureka SD configurations allow retrieving scrape targets + using the Eureka REST API. Prometheus will periodically check + the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: '`password` specifies a key of a Secret containing + the password for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a Secret containing + the username for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: "`noProxy` is a comma-separated string that can + contain IPs, CIDR notation, domain names that should be excluded + from proxying. IP and domain names can contain port numbers. + \n It requires Prometheus >= v2.43.0." + type: string + oauth2: + description: Optional OAuth 2.0 configuration. Cannot be set + at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + description: "ProxyConnectHeader optionally specifies headers + to send to proxies during CONNECT requests. \n It requires + Prometheus >= v2.43.0." + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined + by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + If unset, Prometheus uses its default value. \n It requires + Prometheus >= v2.43.0." + type: boolean + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use. + \n It requires Prometheus >= v2.43.0." + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: Refresh interval to re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: The URL to connect to the Eureka server. + minLength: 1 + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - server + type: object + type: array + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: FileSDConfig defines a Prometheus file service discovery + configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: 'List of files to be used for file discovery. Recommendation: + use absolute paths. While relative paths work, the prometheus-operator + project makes no guarantees about the working directory where + the configuration file is stored. Files must be mounted using + Prometheus.ConfigMaps or Prometheus.Secrets.' + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: "GCESDConfig configures scrape targets from GCP GCE + instances. The private IP address is used by default, but may + be changed to the public IP address with relabeling. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config + \n The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS + environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + \n A pre-requisite for using GCESDConfig is that a Secret containing + valid Google Cloud credentials is mounted into the Prometheus + or PrometheusAgent pod via the `.spec.secrets` field and that + the GOOGLE_APPLICATION_CREDENTIALS environment variable is set + to /etc/prometheus/secrets//." + properties: + filter: + description: 'Filter can be used optionally to filter the instance + list by other criteria Syntax of this filter is described + in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list' + type: string + port: + description: The port to scrape metrics from. If using the public + IP address, this must instead be specified in the relabeling + rule. + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery + configurations. + items: + description: HetznerSDConfig allow retrieving scrape targets from + Hetzner Cloud API and Robot API. This service discovery uses the + public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + properties: + authorization: + description: Authorization header configuration, required when + role is hcloud. Role robot does not support bearer token authentication. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request, + required when role is robot. Role hcloud does not support + basic auth. + properties: + password: + description: '`password` specifies a key of a Secret containing + the password for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a Secret containing + the username for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: "`noProxy` is a comma-separated string that can + contain IPs, CIDR notation, domain names that should be excluded + from proxying. IP and domain names can contain port numbers. + \n It requires Prometheus >= v2.43.0." + type: string + oauth2: + description: Optional OAuth 2.0 configuration. Cannot be used + at the same time as `basic_auth` or `authorization`. + properties: + clientId: + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: The port to scrape metrics from. + type: integer + proxyConnectHeader: + additionalProperties: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + description: "ProxyConnectHeader optionally specifies headers + to send to proxies during CONNECT requests. \n It requires + Prometheus >= v2.43.0." + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined + by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + If unset, Prometheus uses its default value. \n It requires + Prometheus >= v2.43.0." + type: boolean + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use. + \n It requires Prometheus >= v2.43.0." + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the servers are refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot + type: string + tlsConfig: + description: TLS configuration to use on every scrape request. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - role + type: object + type: array + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery + configurations. + items: + description: HTTPSDConfig defines a prometheus HTTP service discovery + configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + properties: + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: 'BasicAuth information to authenticate against + the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: '`password` specifies a key of a Secret containing + the password for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a Secret containing + the username for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + noProxy: + description: "`noProxy` is a comma-separated string that can + contain IPs, CIDR notation, domain names that should be excluded + from proxying. IP and domain names can contain port numbers. + \n It requires Prometheus >= v2.43.0." + type: string + proxyConnectHeader: + additionalProperties: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + description: "ProxyConnectHeader optionally specifies headers + to send to proxies during CONNECT requests. \n It requires + Prometheus >= v2.43.0." + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined + by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + If unset, Prometheus uses its default value. \n It requires + Prometheus >= v2.43.0." + type: boolean + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use. + \n It requires Prometheus >= v2.43.0." + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-query the endpoint to update the + target list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string type: object - x-kubernetes-map-type: atomic - type: object - type: array - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: FileSDConfig defines a Prometheus file service discovery - configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: 'List of files to be used for file discovery. Recommendation: - use absolute paths. While relative paths work, the prometheus-operator - project makes no guarantees about the working directory where - the configuration file is stored. Files must be mounted using - Prometheus.ConfigMaps or Prometheus.Secrets.' - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: "GCESDConfig configures scrape targets from GCP GCE - instances. The private IP address is used by default, but may - be changed to the public IP address with relabeling. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - \n The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS - environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - \n A pre-requisite for using GCESDConfig is that a Secret containing - valid Google Cloud credentials is mounted into the Prometheus - or PrometheusAgent pod via the `.spec.secrets` field and that - the GOOGLE_APPLICATION_CREDENTIALS environment variable is set - to /etc/prometheus/secrets//." - properties: - filter: - description: 'Filter can be used optionally to filter the instance - list by other criteria Syntax of this filter is described - in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list' - type: string - port: - description: The port to scrape metrics from. If using the public - IP address, this must instead be specified in the relabeling - rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. + url: + description: URL from which the targets are fetched. minLength: 1 + pattern: ^http(s)?://.+$ type: string required: - - project - - zone + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery - configurations. + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer + kubernetesSDConfigs: + description: KubernetesSDConfigs defines a list of Kubernetes service + discovery configurations. items: - description: HTTPSDConfig defines a prometheus HTTP service discovery - configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + description: KubernetesSDConfig allows retrieving scrape targets + from Kubernetes' REST API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config properties: + apiServer: + description: The API server address consisting of a hostname + or IP address followed by an optional port number. If left + empty, Prometheus is assumed to run inside of the cluster. + It will discover API servers automatically and use the pod's + CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + type: string + attachMetadata: + description: Optional metadata to attach to discovered targets. + It requires Prometheus >= v2.35.0 for `pod` role and Prometheus + >= v2.37.0 for `endpoints` and `endpointslice` roles. + properties: + node: + description: Attaches node metadata to discovered targets. + When set to true, Prometheus must have the `get` permission + on the `Nodes` objects. Only valid for Pod, Endpoint and + Endpointslice roles. + type: boolean + type: object authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: Authorization header to use on every scrape request. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -843,20 +2537,139 @@ spec: required: - key type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. The value - is case-insensitive. \n \"Basic\" is not a supported value. - \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: 'BasicAuth information to authenticate against - the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: '`password` specifies a key of a Secret containing - the password for authentication.' + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: '`password` specifies a key of a Secret containing + the password for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a Secret containing + the username for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + namespaces: + description: Optional namespace discovery. If omitted, Prometheus + discovers targets across all namespaces. + properties: + names: + description: List of namespaces where to watch for resources. + If empty and `ownNamespace` isn't true, Prometheus watches + for resources in all namespaces. + items: + type: string + type: array + ownNamespace: + description: Includes the namespace in which the Prometheus + pod exists to the list of watched namesapces. + type: boolean + type: object + noProxy: + description: "`noProxy` is a comma-separated string that can + contain IPs, CIDR notation, domain names that should be excluded + from proxying. IP and domain names can contain port numbers. + \n It requires Prometheus >= v2.43.0." + type: string + oauth2: + description: Optional OAuth 2.0 configuration. Cannot be set + at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select from. Must @@ -874,33 +2687,28 @@ spec: - key type: object x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a Secret containing - the username for authentication.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' type: object - x-kubernetes-map-type: atomic + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl type: object - noProxy: - description: "`noProxy` is a comma-separated string that can - contain IPs, CIDR notation, domain names that should be excluded - from proxying. IP and domain names can contain port numbers. - \n It requires Prometheus >= v2.43.0." - type: string proxyConnectHeader: additionalProperties: description: SecretKeySelector selects a key of a Secret. @@ -937,14 +2745,57 @@ spec: \n It requires Prometheus >= v2.43.0." pattern: ^http(s)?://.+$ type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-query the endpoint to update the - target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + role: + description: Role of the Kubernetes entities that should be + discovered. + enum: + - Node + - node + - Service + - service + - Pod + - pod + - Endpoints + - endpoints + - EndpointSlice + - endpointslice + - Ingress + - ingress type: string + selectors: + description: Selector to select objects. + items: + description: K8SSelectorConfig is Kubernetes Selector Config + properties: + field: + type: string + label: + type: string + role: + description: Role is role of the service in Kubernetes. + enum: + - Node + - node + - Service + - service + - Pod + - pod + - Endpoints + - endpoints + - EndpointSlice + - endpointslice + - Ingress + - ingress + type: string + required: + - role + type: object + type: array + x-kubernetes-list-map-keys: + - role + x-kubernetes-list-type: map tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -1062,50 +2913,19 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string required: - - url + - role type: object type: array - keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by - relabeling that will be kept in memory. 0 means no limit. \n It - requires Prometheus >= v2.47.0." - format: int64 - type: integer - kubernetesSDConfigs: - description: KubernetesSDConfigs defines a list of Kubernetes service - discovery configurations. + kumaSDConfigs: + description: KumaSDConfigs defines a list of Kuma service discovery + configurations. items: - description: KubernetesSDConfig allows retrieving scrape targets - from Kubernetes' REST API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config + description: KumaSDConfig allow retrieving scrape targets from Kuma's + control plane. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config properties: - apiServer: - description: The API server address consisting of a hostname - or IP address followed by an optional port number. If left - empty, Prometheus is assumed to run inside of the cluster. - It will discover API servers automatically and use the pod's - CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - type: string - attachMetadata: - description: Optional metadata to attach to discovered targets. - It requires Prometheus >= v2.35.0 for `pod` role and Prometheus - >= v2.37.0 for `endpoints` and `endpointslice` roles. - properties: - node: - description: Attaches node metadata to discovered targets. - When set to true, Prometheus must have the `get` permission - on the `Nodes` objects. Only valid for Pod, Endpoint and - Endpointslice roles. - type: boolean - type: object authorization: description: Authorization header to use on every scrape request. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -1135,7 +2955,6 @@ spec: type: object basicAuth: description: BasicAuth information to use on every scrape request. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: description: '`password` specifies a key of a Secret containing @@ -1178,29 +2997,22 @@ spec: type: object x-kubernetes-map-type: atomic type: object + clientID: + description: Client id is used by Kuma Control Plane to compute + Monitoring Assignment for specific Prometheus backend. + type: string enableHTTP2: description: Whether to enable HTTP2. type: boolean + fetchTimeout: + description: The time after which the monitoring assignments + are refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - namespaces: - description: Optional namespace discovery. If omitted, Prometheus - discovers targets across all namespaces. - properties: - names: - description: List of namespaces where to watch for resources. - If empty and `ownNamespace` isn't true, Prometheus watches - for resources in all namespaces. - items: - type: string - type: array - ownNamespace: - description: Includes the namespace in which the Prometheus - pod exists to the list of watched namesapces. - type: boolean - type: object noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded @@ -1334,57 +3146,16 @@ spec: \n It requires Prometheus >= v2.43.0." pattern: ^http(s)?://.+$ type: string - role: - description: Role of the Kubernetes entities that should be - discovered. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress + refreshInterval: + description: The time to wait between polling update requests. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: Address of the Kuma Control Plane's MADS xDS server. + minLength: 1 type: string - selectors: - description: Selector to select objects. - items: - description: K8SSelectorConfig is Kubernetes Selector Config - properties: - field: - type: string - label: - type: string - role: - description: Role is role of the service in Kubernetes. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress - type: string - required: - - role - type: object - type: array - x-kubernetes-list-map-keys: - - role - x-kubernetes-list-type: map tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -1503,7 +3274,7 @@ spec: type: string type: object required: - - role + - server type: object type: array labelLimit: @@ -1984,10 +3755,31 @@ spec: - HTTP - HTTPS type: string + scrapeClass: + description: The scrape class to apply. + minLength: 1 + type: string scrapeInterval: description: ScrapeInterval is the interval between consecutive scrapes. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scrapeProtocols: + description: "The protocols to negotiate during a scrape. It tells + clients the protocols supported by Prometheus in order of preference + (from most to least preferred). \n If unset, Prometheus uses its + default value. \n It requires Prometheus >= v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol used by Prometheus + for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + type: string + type: array + x-kubernetes-list-type: set scrapeTimeout: description: ScrapeTimeout is the number of seconds to wait until a scrape request times out. diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml index c59e60cdd..98ea1c2f4 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -50,6 +50,12 @@ spec: permission on the `Nodes` objects. type: boolean type: object + bodySizeLimit: + description: "When defined, bodySizeLimit specifies a job level limit + on the size of uncompressed response body that will be accepted + by Prometheus. \n It requires Prometheus >= v2.28.0." + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string endpoints: description: List of endpoints part of this ServiceMonitor. items: @@ -477,9 +483,9 @@ spec: anyOf: - type: integer - type: string - description: "Name or number of the target port of the `Pod` - object behind the Service, the port must be specified with - container port property. \n Deprecated: use `port` instead." + description: Name or number of the target port of the `Pod` + object behind the Service. The port must be specified with + the container's port property. x-kubernetes-int-or-string: true tlsConfig: description: TLS configuration to use when scraping the target. @@ -676,6 +682,28 @@ spec: of scraped samples that will be accepted.' format: int64 type: integer + scrapeClass: + description: The scrape class to apply. + minLength: 1 + type: string + scrapeProtocols: + description: "`scrapeProtocols` defines the protocols to negotiate + during a scrape. It tells clients the protocols supported by Prometheus + in order of preference (from most to least preferred). \n If unset, + Prometheus uses its default value. \n It requires Prometheus >= + v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol used by Prometheus + for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + type: string + type: array + x-kubernetes-list-type: set selector: description: Label selector to select the Kubernetes `Endpoints` objects. properties: diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml index e408cd2b5..0efed2bfc 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.71.2 + operator.prometheus.io/version: 0.73.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -329,7 +329,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -379,6 +380,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -489,7 +528,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -535,6 +575,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -638,7 +715,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -688,6 +766,44 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -798,7 +914,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -844,6 +961,43 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `LabelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys cannot be set + when LabelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -1278,6 +1432,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -1376,6 +1542,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -2798,6 +2976,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -2896,6 +3086,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -4466,30 +4668,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4568,6 +4746,27 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update + the volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the + claim is created. An empty string value means that + no VolumeAttributesClass will be applied to the + claim but it''s not allowed to reset this field + to empty string once it is set. If unspecified and + the PersistentVolumeClaim is unbound, the default + VolumeAttributesClass will be set by the persistentvolume + controller if it exists. If the resource referred + to by volumeAttributesClass does not exist, this + PersistentVolumeClaim will be set to a Pending state, + as reflected by the modifyVolumeStatus field, until + such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is @@ -4734,30 +4933,6 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4834,6 +5009,26 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used to + set the VolumeAttributesClass used by this claim. If + specified, the CSI driver will create or update the + volume with the attributes defined in the corresponding + VolumeAttributesClass. This has a different purpose + than storageClassName, it can be changed after the claim + is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed to + reset this field to empty string once it is set. If + unspecified and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will be set by the + persistentvolume controller if it exists. If the resource + referred to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to a Pending + state, as reflected by the modifyVolumeStatus field, + until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied @@ -4981,6 +5176,42 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName is the current + name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied + to this PersistentVolumeClaim This is an alpha field + and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents the status + object of ControllerModifyVolume operation. When this + is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status of the ControllerModifyVolume + operation. It can be in any of following states: + - Pending Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as the specified VolumeAttributesClass not existing. + - InProgress InProgress indicates that the volume + is being modified. - Infeasible Infeasible indicates + that the request has been rejected as invalid by + the CSI driver. To resolve the error, a valid VolumeAttributesClass + needs to be specified. Note: New statuses can be + added in the future. Consumers should check for + unknown statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string @@ -5200,9 +5431,9 @@ spec: type: object type: array tracingConfig: - description: TracingConfig configures tracing in Thanos. This is an - experimental feature, it may change in any upcoming release in a - breaking way. + description: "TracingConfig configures tracing in Thanos. \n `tracingConfigFile` + takes precedence over this field. \n This is an *experimental feature*, + it may change in any upcoming release in a breaking way." properties: key: description: The key of the secret to select from. Must be a @@ -5220,9 +5451,10 @@ spec: type: object x-kubernetes-map-type: atomic tracingConfigFile: - description: TracingConfig specifies the path of the tracing configuration - file. When used alongside with TracingConfig, TracingConfigFile - takes precedence. + description: "TracingConfig specifies the path of the tracing configuration + file. \n This field takes precedence over `tracingConfig`. \n This + is an *experimental feature*, it may change in any upcoming release + in a breaking way." type: string version: description: Version of Thanos to be deployed. @@ -5825,31 +6057,6 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5932,6 +6139,28 @@ spec: StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this + claim. If specified, the CSI driver will create + or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This + has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed + to reset this field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected by the + modifyVolumeStatus field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem @@ -6306,6 +6535,102 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access + the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name and + a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into the + pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates + are deduplicated. The ordering of certificates within + the file is arbitrary, and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles that + match this label selector. Only has effect + if signerName is set. Mutually-exclusive with + name. If unset, interpreted as "match nothing". If + set but empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named ClusterTrustBundle + is allowed not to exist. If using signerName, + then the combination of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles that + match this signer name. Mutually-exclusive with + name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -6830,6 +7155,206 @@ spec: - name type: object type: array + web: + description: Defines the configuration of the ThanosRuler web server. + properties: + httpConfig: + description: Defines HTTP parameters for web server. + properties: + headers: + description: List of headers that can be added to HTTP responses. + properties: + contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. + type: string + strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. + type: boolean + type: object + tlsConfig: + description: Defines the TLS parameters for HTTPS. + properties: + cert: + description: Contains the TLS certificate for the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cipherSuites: + description: 'List of supported cipher suites for TLS versions + up to TLS 1.2. If empty, Go default cipher suites are used. + Available cipher suites are documented in the go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants' + items: + type: string + type: array + client_ca: + description: Contains the CA certificate for client certificate + authentication to the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: 'Server policy for client authentication. Maps + to ClientAuth Policies. For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType' + type: string + curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE + handshake, in preference order. Available curves are documented + in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' + items: + type: string + type: array + keySecret: + description: Secret containing the TLS key for the server. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: Maximum TLS version that is acceptable. Defaults + to TLS13. + type: string + minVersion: + description: Minimum TLS version that is acceptable. Defaults + to TLS12. + type: string + preferServerCipherSuites: + description: Controls whether the server selects the client's + most preferred cipher suite, or the server's most preferred + cipher suite. If true then the server's preference, as expressed + in the order of elements in cipherSuites, is used. + type: boolean + required: + - cert + - keySecret + type: object + type: object type: object status: description: 'Most recent observed status of the ThanosRuler cluster. diff --git a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml index 2edba6b79..d95d7c2a2 100644 --- a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml @@ -6,7 +6,7 @@ annotations: - name: Upstream Project url: https://github.com/grafana/grafana apiVersion: v2 -appVersion: 10.3.3 +appVersion: 10.4.0 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 @@ -30,4 +30,4 @@ sources: - https://github.com/grafana/grafana - https://github.com/grafana/helm-charts type: application -version: 7.3.1 +version: 7.3.7 diff --git a/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kube-prometheus-stack/charts/grafana/README.md index 6f645c564..0ff07f297 100644 --- a/charts/kube-prometheus-stack/charts/grafana/README.md +++ b/charts/kube-prometheus-stack/charts/grafana/README.md @@ -137,6 +137,7 @@ need to instead set `global.imageRegistry`. | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | | `extraVolumes` | Additional Grafana server volumes | `[]` | +| `automountServiceAccountToken` | Mounted the service account token on the grafana pod. Mandatory, if sidecars are enabled | `true` | | `createConfigmap` | Enable creating the grafana configmap | `true` | | `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | @@ -161,7 +162,7 @@ need to instead set `global.imageRegistry`. | `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.registry` | Sidecar image registry | `quay.io` | | `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.24.6` | +| `sidecar.image.tag` | Sidecar image tag | `1.26.0` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | @@ -223,7 +224,7 @@ need to instead set `global.imageRegistry`. | `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | | `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | | `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | -| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | +| `serviceAccount.automountServiceAccountToken` | Automount the service account token on all pods where is service account is used | `false` | | `serviceAccount.annotations` | ServiceAccount annotations | | | `serviceAccount.create` | Create service account | `true` | | `serviceAccount.labels` | ServiceAccount labels | `{}` | diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl index 80fb46609..ed22993c9 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl @@ -5,7 +5,7 @@ schedulerName: "{{ . }}" {{- end }} serviceAccountName: {{ include "grafana.serviceAccountName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 2 }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml index 784e71ba6..ffca0717a 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml @@ -1,7 +1,7 @@ {{- if .Values.serviceAccount.create }} -{{- $root := . -}} apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.autoMount | default .Values.serviceAccount.automountServiceAccountToken }} metadata: labels: {{- include "grafana.labels" . | nindent 4 }} @@ -10,7 +10,7 @@ metadata: {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: - {{- tpl (toYaml . | nindent 4) $root }} + {{- tpl (toYaml . | nindent 4) $ }} {{- end }} name: {{ include "grafana.serviceAccountName" . }} namespace: {{ include "grafana.namespace" . }} diff --git a/charts/kube-prometheus-stack/charts/grafana/values.yaml b/charts/kube-prometheus-stack/charts/grafana/values.yaml index ab853e09c..81fcda59a 100644 --- a/charts/kube-prometheus-stack/charts/grafana/values.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/values.yaml @@ -38,16 +38,22 @@ serviceAccount: nameTest: ## ServiceAccount labels. labels: {} -## Service account annotations. Can be templated. -# annotations: -# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - autoMount: true + ## Service account annotations. Can be templated. + # annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + + ## autoMount is deprecated in favor of automountServiceAccountToken + # autoMount: false + automountServiceAccountToken: false replicas: 1 ## Create a headless service for the deployment headlessService: false +## Should the service account be auto mounted on the pod +automountServiceAccountToken: true + ## Create HorizontalPodAutoscaler object for deployment type # autoscaling: @@ -833,7 +839,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 1.25.2 + tag: 1.26.1 sha: "" imagePullPolicy: IfNotPresent resources: {} diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml index 8ae62ebb6..1f8618d07 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml @@ -4,7 +4,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: 2.10.1 +appVersion: 2.12.0 description: Install kube-state-metrics to generate and expose cluster-level metrics home: https://github.com/kubernetes/kube-state-metrics/ keywords: @@ -23,4 +23,4 @@ name: kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics/ type: application -version: 5.16.0 +version: 5.18.1 diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml index 373f7dcc5..64e76703b 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml @@ -115,10 +115,10 @@ spec: {{- if .Values.selfMonitor.telemetryPort }} - --telemetry-port={{ $telemetryPort }} {{- end }} + {{- end }} {{- if .Values.customResourceState.enabled }} - --custom-resource-state-config-file=/etc/customresourcestate/config.yaml {{- end }} - {{- end }} {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }} volumeMounts: {{- if .Values.kubeconfig.enabled }} @@ -149,7 +149,7 @@ spec: livenessProbe: failureThreshold: {{ .Values.livenessProbe.failureThreshold }} httpGet: - {{- if .Values.kubeRBACProxy.enabled }} + {{- if .Values.hostNetwork }} host: 127.0.0.1 {{- end }} httpHeaders: @@ -167,7 +167,7 @@ spec: readinessProbe: failureThreshold: {{ .Values.readinessProbe.failureThreshold }} httpGet: - {{- if .Values.kubeRBACProxy.enabled }} + {{- if .Values.hostNetwork }} host: 127.0.0.1 {{- end }} httpHeaders: diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml index 7f312961d..443f309a2 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml @@ -37,7 +37,10 @@ autosharding: replicas: 1 -# Change the deployment strategy when autosharding is disabled +# Change the deployment strategy when autosharding is disabled. +# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# The default is "RollingUpdate" as per Kubernetes defaults. +# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data. # updateStrategy: Recreate # Number of old history to retain to allow rollback @@ -96,7 +99,7 @@ kubeRBACProxy: image: registry: quay.io repository: brancz/kube-rbac-proxy - tag: v0.14.0 + tag: v0.16.0 sha: "" pullPolicy: IfNotPresent @@ -108,7 +111,12 @@ kubeRBACProxy: ## Specify security settings for a Container ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - containerSecurityContext: {} + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -245,6 +253,7 @@ securityContext: ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml index 6d754a613..38e456b45 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml @@ -22,4 +22,4 @@ name: prometheus-node-exporter sources: - https://github.com/prometheus/node_exporter/ type: application -version: 4.30.2 +version: 4.32.0 diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml index 152ec7dc1..23896a230 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -176,14 +176,8 @@ spec: mountPath: {{ .mountPath }} {{- end }} {{- range .Values.sidecars }} - {{- $overwrites := dict - "volumeMounts" (concat (include "prometheus-node-exporter.sidecarVolumeMounts" $ | fromYamlArray) (.volumeMounts | default list) | default list) - }} - {{- $defaults := dict - "image" (include "prometheus-node-exporter.image" $) - "securityContext" $.Values.containerSecurityContext - "imagePullPolicy" $.Values.image.pullPolicy - }} + {{- $overwrites := dict "volumeMounts" (concat (include "prometheus-node-exporter.sidecarVolumeMounts" $ | fromYamlArray) (.volumeMounts | default list) | default list) }} + {{- $defaults := dict "image" (include "prometheus-node-exporter.image" $) "securityContext" $.Values.containerSecurityContext "imagePullPolicy" $.Values.image.pullPolicy }} - {{- toYaml (merge $overwrites . $defaults) | nindent 10 }} {{- end }} {{- if .Values.kubeRBACProxy.enabled }} @@ -194,7 +188,7 @@ spec: {{- end }} - --secure-listen-address=:{{ .Values.service.port}} - --upstream=http://127.0.0.1:{{ $servicePort }}/ - - --proxy-endpoints-port=8888 + - --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort }} - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml volumeMounts: - name: kube-rbac-proxy-config @@ -211,12 +205,15 @@ spec: {{- if .Values.kubeRBACProxy.enableHostPort }} hostPort: {{ .Values.service.port }} {{- end }} - - containerPort: 8888 + - containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }} + {{- if .Values.kubeRBACProxy.enableProxyEndpointsHostPort }} + hostPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }} + {{- end }} name: "http-healthz" readinessProbe: httpGet: scheme: HTTPS - port: 8888 + port: {{ .Values.kubeRBACProxy.proxyEndpointsPort }} path: healthz initialDelaySeconds: 5 timeoutSeconds: 5 diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml index ed4607da3..615fc6cea 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml @@ -45,7 +45,7 @@ kubeRBACProxy: image: registry: quay.io repository: brancz/kube-rbac-proxy - tag: v0.15.0 + tag: v0.16.0 sha: "" pullPolicy: IfNotPresent @@ -66,6 +66,12 @@ kubeRBACProxy: # Configure a hostPort. If true, hostPort will be enabled in the container and set to service.port. enableHostPort: false + # Configure Proxy Endpoints Port + # This is the port being probed for readiness + proxyEndpointsPort: 8888 + # Configure a hostPort. If true, hostPort will be enabled in the container and set to proxyEndpointsPort. + enableProxyEndpointsHostPort: false + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml index 52b49fc72..7bd16476f 100644 --- a/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml @@ -31,6 +31,7 @@ spec: replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }} listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.alertmanager.alertmanagerSpec.automountServiceAccountToken }} {{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}" {{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} diff --git a/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml index 99387cabb..f2d924f8b 100644 --- a/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml @@ -52,7 +52,12 @@ spec: {{- if .Values.alertmanager.serviceMonitor.proxyUrl }} proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}} {{- end }} - scheme: http + {{- if .Values.alertmanager.serviceMonitor.scheme }} + scheme: {{ .Values.alertmanager.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.tlsConfig }} + tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} path: "/metrics" {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }} diff --git a/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml b/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml index 2eaefc4d4..b8618f755 100644 --- a/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml @@ -11,7 +11,7 @@ metadata: spec: clusterIP: None ports: - - name: http-metrics + - name: {{ .Values.coreDns.serviceMonitor.port }} port: {{ .Values.coreDns.service.port }} protocol: TCP targetPort: {{ .Values.coreDns.service.targetPort }} diff --git a/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml index 2bc54df5f..9f057d4d4 100644 --- a/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml @@ -15,17 +15,21 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - jobLabel: jobLabel + jobLabel: {{ .Values.coreDns.serviceMonitor.jobLabel }} {{- include "servicemonitor.scrapeLimits" .Values.coreDns.serviceMonitor | nindent 2 }} selector: + {{- if .Values.coreDns.serviceMonitor.selector }} + {{ tpl (toYaml .Values.coreDns.serviceMonitor.selector | nindent 4) . }} + {{- else }} matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-coredns release: {{ $.Release.Name | quote }} + {{- end }} namespaceSelector: matchNames: - "kube-system" endpoints: - - port: http-metrics + - port: {{ .Values.coreDns.serviceMonitor.port }} {{- if .Values.coreDns.serviceMonitor.interval}} interval: {{ .Values.coreDns.serviceMonitor.interval }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml index 43094d6a6..6a6afa641 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml @@ -14,7 +14,7 @@ subsets: - ip: {{ . }} {{- end }} ports: - - name: http-metrics + - name: {{ .Values.kubeControllerManager.serviceMonitor.port }} {{- $kubeControllerManagerDefaultInsecurePort := 10252 }} {{- $kubeControllerManagerDefaultSecurePort := 10257 }} port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml index 894c983e1..43b1a976d 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml @@ -11,7 +11,7 @@ metadata: spec: clusterIP: None ports: - - name: http-metrics + - name: {{ .Values.kubeControllerManager.serviceMonitor.port }} {{- $kubeControllerManagerDefaultInsecurePort := 10252 }} {{- $kubeControllerManagerDefaultSecurePort := 10257 }} port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml index 0f64844cb..d4813f0b5 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -15,17 +15,21 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - jobLabel: jobLabel + jobLabel: {{ .Values.kubeControllerManager.serviceMonitor.jobLabel }} {{- include "servicemonitor.scrapeLimits" .Values.kubeControllerManager.serviceMonitor | nindent 2 }} selector: + {{- if .Values.kubeControllerManager.serviceMonitor.selector }} + {{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.selector | nindent 4) . }} + {{- else }} matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager release: {{ $.Release.Name | quote }} + {{- end }} namespaceSelector: matchNames: - "kube-system" endpoints: - - port: http-metrics + - port: {{ .Values.kubeControllerManager.serviceMonitor.port }} {{- if .Values.kubeControllerManager.serviceMonitor.interval }} interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml index 260ad1ed3..52190775b 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml @@ -15,12 +15,16 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - jobLabel: jobLabel + jobLabel: {{ .Values.kubeDns.serviceMonitor.jobLabel }} {{- include "servicemonitor.scrapeLimits" .Values.kubeDns.serviceMonitor | nindent 2 }} selector: + {{- if .Values.kubeDns.serviceMonitor.selector }} + {{ tpl (toYaml .Values.kubeDns.serviceMonitor.selector | nindent 4) . }} + {{- else }} matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-kube-dns release: {{ $.Release.Name | quote }} + {{- end }} namespaceSelector: matchNames: - "kube-system" diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml index babbd3efc..e36644757 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml @@ -14,7 +14,7 @@ subsets: - ip: {{ . }} {{- end }} ports: - - name: http-metrics + - name: {{ .Values.kubeEtcd.serviceMonitor.port }} port: {{ .Values.kubeEtcd.service.port }} protocol: TCP {{- end }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml index eb519e623..d07d4f35e 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml @@ -11,7 +11,7 @@ metadata: spec: clusterIP: None ports: - - name: http-metrics + - name: {{ .Values.kubeEtcd.serviceMonitor.port }} port: {{ .Values.kubeEtcd.service.port }} protocol: TCP targetPort: {{ .Values.kubeEtcd.service.targetPort }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml index f5048531a..f76e971a6 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml @@ -15,17 +15,21 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - jobLabel: jobLabel + jobLabel: {{ .Values.kubeEtcd.serviceMonitor.jobLabel }} {{- include "servicemonitor.scrapeLimits" .Values.kubeEtcd.serviceMonitor | nindent 4 }} selector: + {{- if .Values.kubeEtcd.serviceMonitor.selector }} + {{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.selector | nindent 4) . }} + {{- else }} matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd release: {{ $.Release.Name | quote }} + {{- end }} namespaceSelector: matchNames: - "kube-system" endpoints: - - port: http-metrics + - port: {{ .Values.kubeEtcd.serviceMonitor.port }} {{- if .Values.kubeEtcd.serviceMonitor.interval }} interval: {{ .Values.kubeEtcd.serviceMonitor.interval }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml index 8e7c0618c..8613e6242 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml @@ -14,7 +14,7 @@ subsets: - ip: {{ . }} {{- end }} ports: - - name: http-metrics + - name: {{ .Values.kubeProxy.serviceMonitor.port }} port: {{ .Values.kubeProxy.service.port }} protocol: TCP {{- end }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml index 03aa62b13..8ccb2210d 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml @@ -11,7 +11,7 @@ metadata: spec: clusterIP: None ports: - - name: http-metrics + - name: {{ .Values.kubeProxy.serviceMonitor.port }} port: {{ .Values.kubeProxy.service.port }} protocol: TCP targetPort: {{ .Values.kubeProxy.service.targetPort }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml index 0a01a7f8b..ab9bb8fa8 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml @@ -15,17 +15,21 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - jobLabel: jobLabel + jobLabel: {{ .Values.kubeProxy.serviceMonitor.jobLabel }} {{- include "servicemonitor.scrapeLimits" .Values.kubeProxy.serviceMonitor | nindent 2 }} selector: + {{- if .Values.kubeProxy.serviceMonitor.selector }} + {{ tpl (toYaml .Values.kubeProxy.serviceMonitor.selector | nindent 4) . }} + {{- else }} matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy release: {{ $.Release.Name | quote }} + {{- end }} namespaceSelector: matchNames: - "kube-system" endpoints: - - port: http-metrics + - port: {{ .Values.kubeProxy.serviceMonitor.port }} {{- if .Values.kubeProxy.serviceMonitor.interval }} interval: {{ .Values.kubeProxy.serviceMonitor.interval }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml index 3b93dc293..6236b42f1 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml @@ -14,7 +14,7 @@ subsets: - ip: {{ . }} {{- end }} ports: - - name: http-metrics + - name: {{ .Values.kubeScheduler.serviceMonitor.port }} {{- $kubeSchedulerDefaultInsecurePort := 10251 }} {{- $kubeSchedulerDefaultSecurePort := 10259 }} port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml index d9fb4575b..90b3a800a 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml @@ -11,7 +11,7 @@ metadata: spec: clusterIP: None ports: - - name: http-metrics + - name: {{ .Values.kubeScheduler.serviceMonitor.port }} {{- $kubeSchedulerDefaultInsecurePort := 10251 }} {{- $kubeSchedulerDefaultSecurePort := 10259 }} port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml index 6849340c4..73de91de1 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -15,17 +15,21 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - jobLabel: jobLabel + jobLabel: {{ .Values.kubeScheduler.serviceMonitor.jobLabel }} {{- include "servicemonitor.scrapeLimits" .Values.kubeScheduler.serviceMonitor | nindent 2 }} selector: + {{- if .Values.kubeScheduler.serviceMonitor.selector }} + {{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.selector | nindent 4) . }} + {{- else }} matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler release: {{ $.Release.Name | quote }} + {{- end }} namespaceSelector: matchNames: - "kube-system" endpoints: - - port: http-metrics + - port: {{ .Values.kubeScheduler.serviceMonitor.port }} {{- if .Values.kubeScheduler.serviceMonitor.interval }} interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml index a7d8ce39a..6e2489dc3 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml index 79ce3f3cd..76c83bf5b 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: apiserver.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"content":"The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.","datasource":null,"description":"The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.","gridPos":{"h":2,"w":24,"x":0,"y":0},"id":2,"mode":"markdown","span":12,"title":"Notice","type":"text"}],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":3,"description":"How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?","format":"percentunit","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":3,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":4,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Availability (30d) > 99.000%","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"avg"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":3,"description":"How much error budget is left looking at our 0.990% availability guarantees?","fill":10,"fillGradient":0,"gridPos":{},"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":8,"stack":false,"steppedLine":false,"targets":[{"expr":"100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)","format":"time_series","intervalFactor":2,"legendFormat":"errorbudget","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ErrorBudget (30d) > 99.000%","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"decimals":3,"format":"percentunit","label":null,"logBase":1,"max":null,"min":null,"show":true},{"decimals":3,"format":"percentunit","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":3,"description":"How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?","format":"percentunit","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":5,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":3,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Read Availability (30d)","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"avg"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"How many read requests (LIST,GET) per second do the apiservers get by code?","fill":10,"fillGradient":0,"gridPos":{},"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[{"alias":"/2../i","color":"#56A64B"},{"alias":"/3../i","color":"#F2CC0C"},{"alias":"/4../i","color":"#3274D9"},{"alias":"/5../i","color":"#E02F44"}],"spaceLength":10,"span":3,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{ code }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Read SLI - Requests","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"reqps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"reqps","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?","fill":1,"fillGradient":0,"gridPos":{},"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{ resource }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Read SLI - Errors","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"How many seconds is the 99th percentile for reading (LIST|GET) a given resource?","fill":1,"fillGradient":0,"gridPos":{},"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"cluster_quantile:apiserver_request_sli_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{ resource }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Read SLI - Duration","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":3,"description":"How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?","format":"percentunit","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":9,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":3,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Write Availability (30d)","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"avg"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?","fill":10,"fillGradient":0,"gridPos":{},"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[{"alias":"/2../i","color":"#56A64B"},{"alias":"/3../i","color":"#F2CC0C"},{"alias":"/4../i","color":"#3274D9"},{"alias":"/5../i","color":"#E02F44"}],"spaceLength":10,"span":3,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{ code }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Write SLI - Requests","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"reqps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"reqps","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?","fill":1,"fillGradient":0,"gridPos":{},"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{ resource }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Write SLI - Errors","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?","fill":1,"fillGradient":0,"gridPos":{},"id":12,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"cluster_quantile:apiserver_request_sli_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{ resource }}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Write SLI - Duration","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":13,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":false,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Add Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":14,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":false,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Depth","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":15,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Latency","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":16,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":17,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":18,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"apiserver\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"instance","options":[],"query":"label_values(up{job=\"apiserver\", cluster=\"$cluster\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / API server","uid":"09ec8aa1e996d6ffcd6817bbaff4db1b","version":0}`}} + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.","gridPos":{"h":2,"w":24,"x":0,"y":0},"id":1,"options":{"content":"The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only."},"pluginVersion":"v10.2.0","title":"Notice","type":"text"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?","fieldConfig":{"defaults":{"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":8,"x":0,"y":2},"id":2,"interval":"1m","pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}"}],"title":"Availability (30d) > 99.000%","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How much error budget is left looking at our 0.990% availability guarantees?","fieldConfig":{"defaults":{"custom":{"fillOpacity":100},"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":16,"x":8,"y":2},"id":3,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)","legendFormat":"errorbudget"}],"title":"ErrorBudget (30d) > 99.000%","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?","fieldConfig":{"defaults":{"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":0,"y":9},"id":4,"interval":"1m","pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}"}],"title":"Read Availability (30d)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many read requests (LIST,GET) per second do the apiservers get by code?","fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"stacking":{"mode":"normal"}},"unit":"reqps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/2../i"},"properties":[{"id":"color","value":"#56A64B"}]},{"matcher":{"id":"byRegexp","options":"/3../i"},"properties":[{"id":"color","value":"#F2CC0C"}]},{"matcher":{"id":"byRegexp","options":"/4../i"},"properties":[{"id":"color","value":"#3274D9"}]},{"matcher":{"id":"byRegexp","options":"/5../i"},"properties":[{"id":"color","value":"#E02F44"}]}]},"gridPos":{"h":7,"w":6,"x":6,"y":9},"id":5,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})","legendFormat":"{{ code }}"}],"title":"Read SLI - Requests","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?","fieldConfig":{"defaults":{"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":12,"y":9},"id":6,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})","legendFormat":"{{ resource }}"}],"title":"Read SLI - Errors","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many seconds is the 99th percentile for reading (LIST|GET) a given resource?","fieldConfig":{"defaults":{"unit":"s"}},"gridPos":{"h":7,"w":6,"x":18,"y":9},"id":7,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"cluster_quantile:apiserver_request_sli_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}","legendFormat":"{{ resource }}"}],"title":"Read SLI - Duration","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?","fieldConfig":{"defaults":{"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":0,"y":16},"id":8,"interval":"1m","pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}"}],"title":"Write Availability (30d)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?","fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"stacking":{"mode":"normal"}},"unit":"reqps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/2../i"},"properties":[{"id":"color","value":"#56A64B"}]},{"matcher":{"id":"byRegexp","options":"/3../i"},"properties":[{"id":"color","value":"#F2CC0C"}]},{"matcher":{"id":"byRegexp","options":"/4../i"},"properties":[{"id":"color","value":"#3274D9"}]},{"matcher":{"id":"byRegexp","options":"/5../i"},"properties":[{"id":"color","value":"#E02F44"}]}]},"gridPos":{"h":7,"w":6,"x":6,"y":16},"id":9,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})","legendFormat":"{{ code }}"}],"title":"Write SLI - Requests","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?","fieldConfig":{"defaults":{"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":12,"y":16},"id":10,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})","legendFormat":"{{ resource }}"}],"title":"Write SLI - Errors","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?","fieldConfig":{"defaults":{"unit":"s"}},"gridPos":{"h":7,"w":6,"x":18,"y":16},"id":11,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"cluster_quantile:apiserver_request_sli_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}","legendFormat":"{{ resource }}"}],"title":"Write SLI - Duration","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":23},"id":12,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":false},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)","legendFormat":"{{instance}} {{name}}"}],"title":"Work Queue Add Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":23},"id":13,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":false},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)","legendFormat":"{{instance}} {{name}}"}],"title":"Work Queue Depth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":30},"id":14,"interval":"1m","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name, le))","legendFormat":"{{instance}} {{name}}"}],"title":"Work Queue Latency","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":0,"y":37},"id":15,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":37},"id":16,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])","legendFormat":"{{instance}}"}],"title":"CPU usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":37},"id":17,"interval":"1m","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v10.2.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Goroutines","type":"timeseries"}],"refresh":"10s","schemaVersion":36,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"apiserver\"}, cluster)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"name":"instance","query":"label_values(up{job=\"apiserver\", cluster=\"$cluster\"}, instance)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / API server","uid":"09ec8aa1e996d6ffcd6817bbaff4db1b"}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml index 73584abcc..a800a69a6 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: cluster-total.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":1},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":1},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"columns":[{"text":"Time","value":"Time"},{"text":"Value #A","value":"Value #A"},{"text":"Value #B","value":"Value #B"},{"text":"Value #C","value":"Value #C"},{"text":"Value #D","value":"Value #D"},{"text":"Value #E","value":"Value #E"},{"text":"Value #F","value":"Value #F"},{"text":"Value #G","value":"Value #G"},{"text":"Value #H","value":"Value #H"},{"text":"namespace","value":"namespace"}],"datasource":"$datasource","fill":1,"fontSize":"90%","gridPos":{"h":9,"w":24,"x":0,"y":10},"id":5,"lines":true,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null as zero","renderer":"flot","scroll":true,"showHeader":true,"sort":{"col":0,"desc":false},"spaceLength":10,"span":24,"styles":[{"alias":"Time","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Current Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"pps"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"Drill down","linkUrl":"d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=${__value.text}","pattern":"namespace","thresholds":[],"type":"number","unit":"short"}],"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"A","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"B","step":10},{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"C","step":10},{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"D","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"E","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"F","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"G","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"H","step":10}],"timeFrom":null,"timeShift":null,"title":"Current Status","type":"table"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":10},"id":6,"panels":[{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":11},"id":7,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":11},"id":8,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Bandwidth","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":11},"id":9,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth History","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":12},"id":10,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":21},"id":11,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":30},"id":12,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":31},"id":13,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":40},"id":14,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":31},"id":15,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":50},"id":16,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":59},"id":17,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":59},"id":18,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[{"targetBlank":true,"title":"What is TCP Retransmit?","url":"https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/"}],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))","format":"time_series","intervalFactor":1,"legendFormat":"{{instance}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of TCP Retransmits out of all sent segments","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":59},"id":19,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[{"targetBlank":true,"title":"Why monitor SYN retransmits?","url":"https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365"}],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))","format":"time_series","intervalFactor":1,"legendFormat":"{{instance}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of TCP SYN Retransmits out of all retransmits","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Cluster","uid":"ff635a025bcfea7bc3dd4f508990a3e9","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":1},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":1},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"columns":[{"text":"Time","value":"Time"},{"text":"Value #A","value":"Value #A"},{"text":"Value #B","value":"Value #B"},{"text":"Value #C","value":"Value #C"},{"text":"Value #D","value":"Value #D"},{"text":"Value #E","value":"Value #E"},{"text":"Value #F","value":"Value #F"},{"text":"Value #G","value":"Value #G"},{"text":"Value #H","value":"Value #H"},{"text":"namespace","value":"namespace"}],"datasource":"$datasource","fill":1,"fontSize":"90%","gridPos":{"h":9,"w":24,"x":0,"y":10},"id":5,"lines":true,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null as zero","renderer":"flot","scroll":true,"showHeader":true,"sort":{"col":0,"desc":false},"spaceLength":10,"span":24,"styles":[{"alias":"Time","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Current Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"pps"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"Drill down","linkUrl":"d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"namespace","thresholds":[],"type":"number","unit":"short"}],"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"A","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"B","step":10},{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"C","step":10},{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"D","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"E","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"F","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"G","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"H","step":10}],"timeFrom":null,"timeShift":null,"title":"Current Status","type":"table"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":10},"id":6,"panels":[{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":11},"id":7,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":11},"id":8,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Bandwidth","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":11},"id":9,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth History","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":12},"id":10,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":21},"id":11,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":30},"id":12,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":31},"id":13,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":40},"id":14,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":31},"id":15,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":50},"id":16,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":59},"id":17,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))","format":"time_series","intervalFactor":1,"legendFormat":"{{namespace}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":59},"id":18,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[{"targetBlank":true,"title":"What is TCP Retransmit?","url":"https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/"}],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))","format":"time_series","intervalFactor":1,"legendFormat":"{{instance}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of TCP Retransmits out of all sent segments","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":24,"x":0,"y":59},"id":19,"legend":{"alignAsTable":true,"avg":true,"current":true,"hideEmpty":true,"hideZero":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":2,"links":[{"targetBlank":true,"title":"Why monitor SYN retransmits?","url":"https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365"}],"minSpan":24,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))","format":"time_series","intervalFactor":1,"legendFormat":"{{instance}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of TCP SYN Retransmits out of all retransmits","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Cluster","uid":"ff635a025bcfea7bc3dd4f508990a3e9","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml index 2a3f17b99..4ca127b3b 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: controller-manager.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":2,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":2,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(up{cluster=\"$cluster\", job=\"kube-controller-manager\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Up","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"min"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Add Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Depth","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Latency","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Kube API Request Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":8,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Post Request Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Get Request Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-controller-manager\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"instance","options":[],"query":"label_values(up{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Controller Manager","uid":"72e0e05bef5099e5f049b05fdc429ed4","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":2,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":2,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(up{cluster=\"$cluster\", job=\"kube-controller-manager\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Up","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"min"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Add Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Depth","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":5,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} {{name}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Work Queue Latency","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Kube API Request Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":7,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":8,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Post Request Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":8,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Get Request Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":11,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-controller-manager\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"instance","options":[],"query":"label_values(up{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Controller Manager","uid":"72e0e05bef5099e5f049b05fdc429ed4","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml index 4f5a84a10..285400a8e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml index 6f3254071..b9476e63e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml @@ -1,4 +1,8 @@ -{{- /* Added manually, can be changed in-place. */ -}} +{{- /* +Generated from 'k8s-coredns' from ../files/dashboards/k8s-coredns.json +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} apiVersion: v1 @@ -16,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-coredns.json: |- - {{`{"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"description":"A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.","editable":true,"gnetId":12539,"graphTooltip":0,"iteration":1603798405693,"links":[{"icon":"external link","tags":[],"targetBlank":true,"title":"CoreDNS.io","type":"link","url":"https://coredns.io"}],"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]}},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":8,"x":0,"y":0},"hiddenSeries":false,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"total","yaxis":2}],"spaceLength":10,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (proto)","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}","refId":"A","step":60}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Requests (total)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","logBase":1,"max":null,"min":0,"show":true},{"format":"pps","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":8,"x":8,"y":0},"hiddenSeries":false,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"total","yaxis":2},{"alias":"other","yaxis":2}],"spaceLength":10,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(rate(coredns_dns_request_type_count_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (type)","interval":"","intervalFactor":2,"legendFormat":"{{ type }}","refId":"A","step":60}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Requests (by qtype)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","logBase":1,"max":null,"min":0,"show":true},{"format":"pps","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":8,"x":16,"y":0},"hiddenSeries":false,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"total","yaxis":2}],"spaceLength":10,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (zone)","interval":"","intervalFactor":2,"legendFormat":"{{ zone }}","refId":"A","step":60}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Requests (by zone)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","logBase":1,"max":null,"min":0,"show":true},{"format":"pps","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":12,"x":0,"y":7},"hiddenSeries":false,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"total","yaxis":2}],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(coredns_dns_request_do_count_total{job=~\"$job\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{job=~\"$job\",instance=~\"$instance\"}[5m]))","interval":"","intervalFactor":2,"legendFormat":"DO","refId":"A","step":40},{"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",instance=~\"$instance\"}[5m]))","interval":"","intervalFactor":2,"legendFormat":"total","refId":"B","step":40}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Requests (DO bit)","tooltip":{"shared":true,"sort":2,"value_type":"cumulative"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","logBase":1,"max":null,"min":0,"show":true},{"format":"pps","logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":6,"x":12,"y":7},"hiddenSeries":false,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"tcp:90","yaxis":2},{"alias":"tcp:99 ","yaxis":2},{"alias":"tcp:50","yaxis":2}],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:99 ","refId":"A","step":60},{"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))","intervalFactor":2,"legendFormat":"{{ proto }}:90","refId":"B","step":60},{"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))","intervalFactor":2,"legendFormat":"{{ proto }}:50","refId":"C","step":60}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Requests (size, udp)","tooltip":{"shared":true,"sort":0,"value_type":"cumulative"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","logBase":1,"max":null,"min":0,"show":true},{"format":"short","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":6,"x":18,"y":7},"hiddenSeries":false,"id":12,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"tcp:90","yaxis":1},{"alias":"tcp:99 ","yaxis":1},{"alias":"tcp:50","yaxis":1}],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:99 ","refId":"A","step":60},{"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:90","refId":"B","step":60},{"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:50","refId":"C","step":60}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Requests (size,tcp)","tooltip":{"shared":true,"sort":0,"value_type":"cumulative"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","logBase":1,"max":null,"min":0,"show":true},{"format":"short","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":12,"x":0,"y":14},"hiddenSeries":false,"id":14,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(rate(coredns_dns_response_rcode_count_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (rcode)","interval":"","intervalFactor":2,"legendFormat":"{{ rcode }}","refId":"A","step":40}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Responses (by rcode)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","logBase":1,"max":null,"min":0,"show":true},{"format":"short","logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":12,"x":12,"y":14},"hiddenSeries":false,"id":32,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",instance=~\"$instance\"}[5m])) by (le, job))","format":"time_series","intervalFactor":2,"legendFormat":"99%","refId":"A","step":40},{"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",instance=~\"$instance\"}[5m])) by (le))","format":"time_series","intervalFactor":2,"legendFormat":"90%","refId":"B","step":40},{"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",instance=~\"$instance\"}[5m])) by (le))","format":"time_series","intervalFactor":2,"legendFormat":"50%","refId":"C","step":40}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Responses (duration)","tooltip":{"shared":true,"sort":0,"value_type":"cumulative"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","logBase":1,"max":null,"min":0,"show":true},{"format":"short","logBase":1,"max":null,"min":null,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":12,"x":0,"y":21},"hiddenSeries":false,"id":18,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"udp:50%","yaxis":1},{"alias":"tcp:50%","yaxis":2},{"alias":"tcp:90%","yaxis":2},{"alias":"tcp:99%","yaxis":2}],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:99%","refId":"A","step":40},{"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:90%","refId":"B","step":40},{"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ","hide":false,"intervalFactor":2,"legendFormat":"{{ proto }}:50%","metric":"","refId":"C","step":40}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Responses (size, udp)","tooltip":{"shared":true,"sort":0,"value_type":"cumulative"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","logBase":1,"max":null,"min":0,"show":true},{"format":"short","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":12,"x":12,"y":21},"hiddenSeries":false,"id":20,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"udp:50%","yaxis":1},{"alias":"tcp:50%","yaxis":1},{"alias":"tcp:90%","yaxis":1},{"alias":"tcp:99%","yaxis":1}],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:99%","refId":"A","step":40},{"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:90%","refId":"B","step":40},{"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:50%","metric":"","refId":"C","step":40}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Responses (size, tcp)","tooltip":{"shared":true,"sort":0,"value_type":"cumulative"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","logBase":1,"max":null,"min":0,"show":true},{"format":"short","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":12,"x":0,"y":28},"hiddenSeries":false,"id":22,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(coredns_cache_size{job=~\"$job\",instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{job=~\"$job\",instance=~\"$instance\"}) by (type)","interval":"","intervalFactor":2,"legendFormat":"{{ type }}","refId":"A","step":40}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Cache (size)","tooltip":{"shared":true,"sort":2,"value_type":"cumulative"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"decbytes","logBase":1,"max":null,"min":0,"show":true},{"format":"short","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","editable":true,"error":false,"fieldConfig":{"defaults":{"custom":{},"links":[]},"overrides":[]},"fill":1,"fillGradient":0,"grid":{},"gridPos":{"h":7,"w":12,"x":12,"y":28},"hiddenSeries":false,"id":24,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"connected","options":{"alertThreshold":true},"percentage":false,"pluginVersion":"7.2.0","pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"misses","yaxis":2}],"spaceLength":10,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(rate(coredns_cache_hits_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (type)","hide":false,"intervalFactor":2,"legendFormat":"hits:{{ type }}","refId":"A","step":40},{"expr":"sum(rate(coredns_cache_misses_total{job=~\"$job\",instance=~\"$instance\"}[5m])) by (type)","hide":false,"intervalFactor":2,"legendFormat":"misses","refId":"B","step":40}],"thresholds":[],"timeFrom":null,"timeRegions":[],"timeShift":null,"title":"Cache (hitrate)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","logBase":1,"max":null,"min":0,"show":true},{"format":"pps","logBase":1,"max":null,"min":0,"show":true}],"yaxis":{"align":false,"alignLevel":null}}],"refresh":"10s","schemaVersion":26,"style":"dark","tags":["dns","coredns"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"includeAll":false,"label":null,"multi":false,"name":"datasource","options":[],"query":"prometheus","queryValue":"","refresh":1,"regex":"","skipUrlSync":false,"type":"datasource"},{"allValue":".*","current":{"selected":false,"text":"coredns","value":"coredns"},"datasource":{"type":"prometheus","uid":"${datasource}"},"definition":"label_values(coredns_dns_requests_total, job)","hide":0,"includeAll":true,"label":"Job","multi":false,"name":"job","options":[],"query":{"query":"label_values(coredns_dns_requests_total, job)","refId":"StandardVariableQuery"},"refresh":1,"regex":"","skipUrlSync":false,"sort":1,"type":"query"},{"allValue":".*","current":{"selected":true,"text":"All","value":"$__all"},"datasource":"$datasource","definition":"label_values(coredns_dns_requests_total{job=~\"$job\"}, instance)","hide":0,"includeAll":true,"label":"Instance","multi":false,"name":"instance","options":[],"query":"label_values(coredns_dns_requests_total{job=~\"$job\"}, instance)","refresh":1,"regex":"","skipUrlSync":false,"sort":3,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-3h","to":"now"},"timepicker":{"refresh_intervals":["10s","30s","1m","5m","15m","30m","1h","2h","1d"]},"timezone":"`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"CoreDNS","uid":"vkQ0UHxik","version":3}`}} -{{- end }} + {{`{"annotations":{"list":[{"builtIn":1,"datasource":{"type":"datasource","uid":"grafana"},"enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"description":"A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.","editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"fiscalYearStartMonth":0,"gnetId":12539,"graphTooltip":0,"id":7,"links":[{"icon":"external link","tags":[],"targetBlank":true,"title":"CoreDNS.io","type":"link","url":"https://coredns.io"}],"liveNow":false,"panels":[{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":8,"x":0,"y":0},"id":2,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (proto)","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}","refId":"A","step":60}],"title":"Requests (total)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":8,"x":8,"y":0},"id":4,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_type_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type)","interval":"","intervalFactor":2,"legendFormat":"{{ type }}","refId":"A","step":60}],"title":"Requests (by qtype)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":8,"x":16,"y":0},"id":6,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (zone)","interval":"","intervalFactor":2,"legendFormat":"{{ zone }}","refId":"A","step":60}],"title":"Requests (by zone)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":8,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_do_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m]))","interval":"","intervalFactor":2,"legendFormat":"DO","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m]))","interval":"","intervalFactor":2,"legendFormat":"total","refId":"B","step":40}],"title":"Requests (DO bit)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[{"matcher":{"id":"byName","options":"tcp:90"},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:99 "},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:50"},"properties":[{"id":"unit","value":"short"}]}]},"gridPos":{"h":7,"w":6,"x":12,"y":7},"id":10,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:99 ","refId":"A","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))","intervalFactor":2,"legendFormat":"{{ proto }}:90","refId":"B","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))","intervalFactor":2,"legendFormat":"{{ proto }}:50","refId":"C","step":60}],"title":"Requests (size, udp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":6,"x":18,"y":7},"id":12,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:99 ","refId":"A","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:90","refId":"B","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))","format":"time_series","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:50","refId":"C","step":60}],"title":"Requests (size,tcp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":0,"y":14},"id":14,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_response_rcode_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (rcode)","interval":"","intervalFactor":2,"legendFormat":"{{ rcode }}","refId":"A","step":40}],"title":"Responses (by rcode)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"s","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":12,"y":14},"id":32,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (le, job))","format":"time_series","intervalFactor":2,"legendFormat":"99%","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (le))","format":"time_series","intervalFactor":2,"legendFormat":"90%","refId":"B","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (le))","format":"time_series","intervalFactor":2,"legendFormat":"50%","refId":"C","step":40}],"title":"Responses (duration)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[{"matcher":{"id":"byName","options":"tcp:50%"},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:90%"},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:99%"},"properties":[{"id":"unit","value":"short"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":21},"id":18,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:99%","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ","interval":"","intervalFactor":2,"legendFormat":"{{ proto }}:90%","refId":"B","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ","hide":false,"intervalFactor":2,"legendFormat":"{{ proto }}:50%","metric":"","refId":"C","step":40}],"title":"Responses (size, udp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":12,"y":21},"id":20,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:99%","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:90%","refId":"B","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:50%","metric":"","refId":"C","step":40}],"title":"Responses (size, tcp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"decbytes","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":0,"y":28},"id":22,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(coredns_cache_size{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}) by (type)","interval":"","intervalFactor":2,"legendFormat":"{{ type }}","refId":"A","step":40}],"title":"Cache (size)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":12,"y":28},"id":24,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_cache_hits_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type)","hide":false,"intervalFactor":2,"legendFormat":"hits:{{ type }}","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_cache_misses_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type)","hide":false,"intervalFactor":2,"legendFormat":"misses","refId":"B","step":40}],"title":"Cache (hitrate)","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["dns","coredns"],"templating":{"list":[{"current":{},"hide":0,"includeAll":false,"multi":false,"name":"datasource","options":[],"query":"prometheus","queryValue":"","refresh":1,"regex":"","skipUrlSync":false,"type":"datasource"},{"allValue":".*","current":{"selected":false,"text":"All","value":"$__all"},"datasource":{"type":"prometheus","uid":"$datasource"},"definition":"label_values(coredns_dns_requests_total, cluster)","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"Cluster","multi":false,"name":"cluster","options":[],"query":"label_values(coredns_dns_requests_total, cluster)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tagsQuery":"","type":"query","useTags":false},{"allValue":".*","current":{"selected":false,"text":"All","value":"$__all"},"datasource":{"type":"prometheus","uid":"${datasource}"},"definition":"label_values(coredns_dns_requests_total{cluster=~\"$cluster\"},job)","hide":0,"includeAll":true,"label":"Job","multi":false,"name":"job","options":[],"query":{"qryType":1,"query":"label_values(coredns_dns_requests_total{cluster=~\"$cluster\"},job)","refId":"PrometheusVariableQueryEditor-VariableQuery"},"refresh":2,"regex":"","skipUrlSync":false,"sort":1,"type":"query"},{"allValue":".*","current":{"selected":false,"text":"All","value":"$__all"},"datasource":{"type":"prometheus","uid":"$datasource"},"definition":"label_values(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\"}, instance)","hide":0,"includeAll":true,"label":"Instance","multi":false,"name":"instance","options":[],"query":"label_values(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\"}, instance)","refresh":2,"regex":"","skipUrlSync":false,"sort":3,"tagValuesQuery":"","tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-3h","to":"now"},"timepicker":{"refresh_intervals":["10s","30s","1m","5m","15m","30m","1h","2h","1d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"CoreDNS","uid":"vkQ0UHxik","version":3,"weekStart":""}`}} +{{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml index 6f914f4dd..48ccd4585 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-cluster.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":1,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"cluster:node_cpu:ratio_rate5m{cluster=\"$cluster\"}","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Requests Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Limits Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Requests Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Limits Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__data.fields.namespace}","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"Workloads","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to workloads","linkUrl":"/d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__data.fields.namespace}","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__value.text}","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"G"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__data.fields.namespace}","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"Workloads","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to workloads","linkUrl":"/d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__data.fields.namespace}","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__value.text}","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"G"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Requests by Namespace","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Requests","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__value.text}","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":14,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Namespace: Received","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":15,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Namespace: Transmitted","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Container Bandwidth by Namespace","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":16,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":17,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":18,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":19,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":20,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval])))","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS(Reads+Writes)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":21,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut(Read+Write)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":22,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"sort":{"col":4,"desc":true},"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"IOPS(Reads)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Reads + Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"iops"},{"alias":"Throughput(Read)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Read + Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=${__value.text}","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum by(namespace) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum by(namespace) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Storage IO","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster","uid":"efa86fd1d0c121a26444b636a3f509a8","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"cluster:node_cpu:ratio_rate5m{cluster=\"$cluster\"}","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__data.fields.namespace}{{ else }}$__cell_1{{ end }}{{`","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"Workloads","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to workloads","linkUrl":"/d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__data.fields.namespace}{{ else }}$__cell_1{{ end }}{{`","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"G"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__data.fields.namespace}{{ else }}$__cell_1{{ end }}{{`","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"Workloads","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to workloads","linkUrl":"/d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__data.fields.namespace}{{ else }}$__cell_1{{ end }}{{`","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"G"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Requests by Namespace","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Requests","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":11,"interval":"1m","legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":14,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Namespace: Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":15,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Namespace: Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Container Bandwidth by Namespace","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":16,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":17,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":18,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":19,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":20,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval])))","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS(Reads+Writes)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":21,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut(Read+Write)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":22,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"sort":{"col":4,"desc":true},"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"IOPS(Reads)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Reads + Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"iops"},{"alias":"Throughput(Read)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Read + Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum by(namespace) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum by(namespace) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Storage IO","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster","uid":"efa86fd1d0c121a26444b636a3f509a8","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml index 6d29f8d15..d9f398c8e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-multicluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-multicluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-multicluster.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":1,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"cluster:node_cpu:ratio_rate5m","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Requests Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Limits Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Requests Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Limits Commitment","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster)","format":"time_series","legendFormat":"{{cluster}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Cluster","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/efa86fd1d0c121a26444b636a3f509a8/k8s-resources-cluster?var-datasource=$datasource&var-cluster=${__value.text}","pattern":"cluster","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster)","format":"time_series","legendFormat":"{{cluster}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Cluster","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/efa86fd1d0c121a26444b636a3f509a8/k8s-resources-cluster?var-datasource=$datasource&var-cluster=${__value.text}","pattern":"cluster","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Requests by Cluster","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Requests","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Multi-Cluster","uid":"b59e6c9f2fcbe2e16d77fc492374cc4f","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"cluster:node_cpu:ratio_rate5m","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster)","format":"time_series","legendFormat":"{{cluster}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Cluster","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/efa86fd1d0c121a26444b636a3f509a8/k8s-resources-cluster?var-datasource=$datasource&var-cluster=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"cluster","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster)","format":"time_series","legendFormat":"{{cluster}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Cluster","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/efa86fd1d0c121a26444b636a3f509a8/k8s-resources-cluster?var-datasource=$datasource&var-cluster=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"cluster","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Requests by Cluster","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Requests","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Multi-Cluster","uid":"b59e6c9f2fcbe2e16d77fc492374cc4f","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml index 0c40d4d6f..5ccd4ba86 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-namespace.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":1,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation (from requests)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation (from limits)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation (from requests)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation (from limits)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Usage (RSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Cache)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Swap)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"G"},{"expr":"sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"H"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":14,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":15,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":16,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])))","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS(Reads+Writes)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":17,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut(Read+Write)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":18,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"sort":{"col":4,"desc":true},"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"IOPS(Reads)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Reads + Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"iops"},{"alias":"Throughput(Read)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Read + Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Storage IO","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Pods)","uid":"85a562078cdf77779eaa1add43ccec1e","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation (from requests)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation (from limits)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation (from requests)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":3,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation (from limits)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Usage (RSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Cache)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Swap)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"G"},{"expr":"sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"H"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":14,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":15,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":16,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])))","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS(Reads+Writes)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":17,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut(Read+Write)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":18,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"sort":{"col":4,"desc":true},"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"IOPS(Reads)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Reads + Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"iops"},{"alias":"Throughput(Read)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Read + Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Storage IO","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Pods)","uid":"85a562078cdf77779eaa1add43ccec1e","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml index b93c15ebf..ed9fbbc6d 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-node.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"max capacity","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"})","format":"time_series","legendFormat":"max capacity","legendLink":null},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"max capacity","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"})","format":"time_series","legendFormat":"max capacity","legendLink":null},{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Usage (RSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Cache)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Swap)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"G"},{"expr":"sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"H"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":true,"name":"node","options":[],"query":"label_values(kube_node_info{cluster=\"$cluster\"}, node)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Node (Pods)","uid":"200ac8fdbfbb74b39aff88118e4d1c2c","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"max capacity","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"})","format":"time_series","legendFormat":"max capacity","legendLink":null},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"max capacity","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"})","format":"time_series","legendFormat":"max capacity","legendLink":null},{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (w/o cache)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Usage (RSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Cache)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Swap)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"G"},{"expr":"sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"H"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":true,"name":"node","options":[],"query":"label_values(kube_node_info{cluster=\"$cluster\"}, node)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Node (Pods)","uid":"200ac8fdbfbb74b39aff88118e4d1c2c","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml index f4b839d53..52ed6f593 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-pod.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"requests","color":"#F2495C","fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"limits","color":"#FF9830","fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)","format":"time_series","legendFormat":"{{container}}","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","format":"time_series","legendFormat":"requests","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","format":"time_series","legendFormat":"limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":true,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(increase(container_cpu_cfs_throttled_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) /sum(increase(container_cpu_cfs_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)","format":"time_series","legendFormat":"{{container}}","legendLink":null}],"thresholds":[{"colorMode":"critical","fill":true,"line":true,"op":"gt","value":0.25,"yaxis":"left"}],"timeFrom":null,"timeShift":null,"title":"CPU Throttling","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Throttling","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Container","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"container","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"requests","color":"#F2495C","dashes":true,"fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"limits","color":"#FF9830","dashes":true,"fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)","format":"time_series","legendFormat":"{{container}}","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","format":"time_series","legendFormat":"requests","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","format":"time_series","legendFormat":"limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (WSS)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage (WSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Usage (RSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Cache)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Swap)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Container","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"container","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"G"},{"expr":"sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"H"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":12,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","format":"time_series","legendFormat":"Reads","legendLink":null},{"expr":"ceil(sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\",namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","format":"time_series","legendFormat":"Writes","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","format":"time_series","legendFormat":"Reads","legendLink":null},{"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","format":"time_series","legendFormat":"Writes","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution(Pod - Read & Writes)","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":14,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","format":"time_series","legendFormat":"{{container}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS(Reads+Writes)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":15,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"time_series","legendFormat":"{{container}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut(Read+Write)","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution(Containers)","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":16,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"sort":{"col":4,"desc":true},"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"IOPS(Reads)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Reads + Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"iops"},{"alias":"Throughput(Read)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Read + Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Container","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"container","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum by(container) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\",device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum by(container) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Storage IO","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"pod","options":[],"query":"label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, pod)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Pod","uid":"6581e46e4e5c7ba40a07646395ef7b23","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"requests","color":"#F2495C","fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"limits","color":"#FF9830","fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)","format":"time_series","legendFormat":"{{container}}","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","format":"time_series","legendFormat":"requests","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","format":"time_series","legendFormat":"limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":2,"legend":{"avg":false,"current":true,"max":true,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(increase(container_cpu_cfs_throttled_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) /sum(increase(container_cpu_cfs_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)","format":"time_series","legendFormat":"{{container}}","legendLink":null}],"thresholds":[{"colorMode":"critical","fill":true,"line":true,"op":"gt","value":0.25,"yaxis":"left"}],"timeFrom":null,"timeShift":null,"title":"CPU Throttling","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Throttling","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Container","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"container","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"requests","color":"#F2495C","dashes":true,"fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"limits","color":"#FF9830","dashes":true,"fill":0,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)","format":"time_series","legendFormat":"{{container}}","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","format":"time_series","legendFormat":"requests","legendLink":null},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","format":"time_series","legendFormat":"limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (WSS)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage (WSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Usage (RSS)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Cache)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Usage (Swap)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Container","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"container","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"F"},{"expr":"sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"G"},{"expr":"sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true,"legendFormat":"","refId":"H"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":12,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","format":"time_series","legendFormat":"Reads","legendLink":null},{"expr":"ceil(sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\",namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","format":"time_series","legendFormat":"Writes","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","format":"time_series","legendFormat":"Reads","legendLink":null},{"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","format":"time_series","legendFormat":"Writes","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution(Pod - Read & Writes)","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","decimals":null,"fill":10,"id":14,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"ceil(sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","format":"time_series","legendFormat":"{{container}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"IOPS(Reads+Writes)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":15,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"time_series","legendFormat":"{{container}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"ThroughPut(Read+Write)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution(Containers)","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":16,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"sort":{"col":4,"desc":true},"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"IOPS(Reads)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"iops"},{"alias":"IOPS(Reads + Writes)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":3,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"iops"},{"alias":"Throughput(Read)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Throughput(Read + Write)","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Container","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"container","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum by(container) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\",device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum by(container) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Storage IO","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage IO - Distribution","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"pod","options":[],"query":"label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, pod)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Pod","uid":"6581e46e4e5c7ba40a07646395ef7b23","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml index 8eec88319..d77170afd 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-windows-cluster.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - avg(rate(windows_cpu_time_total{cluster=\"$cluster\", job=\"windows-exporter\", mode=\"idle\"}[1m]))","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - sum(:windows_node_memory_MemFreeCached_bytes:sum{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?var-datasource=$datasource&var-namespace=${__value.text}","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (Private Working Set)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"decbytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?var-datasource=$datasource&var-namespace=${__value.text}","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Requests by Namespace","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Requests","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":null,"name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-6h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster(Windows)","uid":"4d08557fd9391b100730f2494bccac68","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"","rows":[{"collapse":false,"height":"100px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - avg(rate(windows_cpu_time_total{cluster=\"$cluster\", job=\"windows-exporter\", mode=\"idle\"}[1m]))","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"CPU Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"1 - sum(:windows_node_memory_MemFreeCached_bytes:sum{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Utilisation","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Requests Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"format":"percentunit","id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":2,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","format":"time_series","instant":true,"refId":"A"}],"thresholds":"70,80","timeFrom":null,"timeShift":null,"title":"Memory Limits Commitment","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"singlestat","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Headlines","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?var-datasource=$datasource&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","format":"time_series","legendFormat":"{{namespace}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage (Private Working Set)","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"decbytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Namespace","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?var-datasource=$datasource&var-namespace=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"namespace","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Requests by Namespace","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Requests","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":null,"name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-6h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster(Windows)","uid":"4d08557fd9391b100730f2494bccac68","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml index e1804e797..13a1fc3ab 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-windows-namespace.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?var-datasource=$datasource&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"decbytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?var-datasource=$datasource&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":null,"name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Namespace","multi":false,"name":"namespace","options":[],"query":"label_values(windows_pod_container_available{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-6h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace(Windows)","uid":"490b402361724ab1d4c45666c1fa9b6f","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?var-datasource=$datasource&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"decbytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"decbytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?var-datasource=$datasource&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":null,"name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Namespace","multi":false,"name":"namespace","options":[],"query":"label_values(windows_pod_container_available{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-6h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace(Windows)","uid":"490b402361724ab1d4c45666c1fa9b6f","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml index 9863d1180..0acf4bb8d 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-workload.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Pod: Received","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Pod: Transmitted","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Container Bandwidth by Pod","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload_type)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"workload","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}, workload)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Workload","uid":"a164a7f0339f99e89cea5cb47e9be617","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true,"legendFormat":"","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Pod: Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Pod: Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Container Bandwidth by Pod","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","legendFormat":"{{pod}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload_type)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"workload","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}, workload)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Workload","uid":"a164a7f0339f99e89cea5cb47e9be617","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml index 4fdf56f0f..70456d826 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: k8s-resources-workloads-namespace.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"time_series","legendFormat":"{{workload}} - {{workload_type}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Running Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=${__value.text}&var-type=${__data.fields.workload_type}","pattern":"workload","thresholds":[],"type":"number","unit":"short"},{"alias":"Workload Type","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"workload_type","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"time_series","legendFormat":"{{workload}} - {{workload_type}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Running Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=${__value.text}&var-type=${__data.fields.workload_type}","pattern":"workload","thresholds":[],"type":"number","unit":"short"},{"alias":"Workload Type","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"workload_type","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=${__value.text}&var-type=$type","pattern":"workload","thresholds":[],"type":"number","unit":"short"},{"alias":"Workload Type","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"workload_type","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Workload: Received","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Workload: Transmitted","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Container Bandwidth by Workload","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":false,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"regex":"","skipUrlSync":false,"sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Workloads)","uid":"a87fb0d919ec0ea5f6543124e16c42a5","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"10s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"time_series","legendFormat":"{{workload}} - {{workload_type}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Running Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"CPU Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"short"},{"alias":"CPU Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`&var-type=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__data.fields.workload_type}{{ else }}$__cell_2{{ end }}{{`","pattern":"workload","thresholds":[],"type":"number","unit":"short"},{"alias":"Workload Type","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"workload_type","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[{"alias":"quota - requests","color":"#F2495C","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false},{"alias":"quota - limits","color":"#FF9830","dashes":true,"fill":0,"hiddenSeries":true,"hideTooltip":true,"legend":true,"linewidth":2,"stack":false}],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"time_series","legendFormat":"{{workload}} - {{workload_type}}","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})","format":"time_series","legendFormat":"quota - requests","legendLink":null},{"expr":"scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})","format":"time_series","legendFormat":"quota - limits","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Running Pods","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":0,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"short"},{"alias":"Memory Usage","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Requests %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Memory Limits","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"bytes"},{"alias":"Memory Limits %","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"percentunit"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`&var-type=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__data.fields.workload_type}{{ else }}$__cell_2{{ end }}{{`","pattern":"workload","thresholds":[],"type":"number","unit":"short"},{"alias":"Workload Type","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"workload_type","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Quota","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory Quota","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Current Receive Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Transmit Bandwidth","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTargetBlank":false,"linkTooltip":"Drill down to pods","linkUrl":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`&var-type=$type","pattern":"workload","thresholds":[],"type":"number","unit":"short"},{"alias":"Workload Type","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"workload_type","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"B"},{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"C"},{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"D"},{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"E"},{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"legendFormat":"","refId":"F"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Network Usage","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Network Usage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Workload: Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Container Bandwidth by Workload: Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Container Bandwidth by Workload","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":11,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":12,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":13,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","legendFormat":"{{workload}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Rate of Packets Dropped","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{"text":"","value":""},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"regex":"","skipUrlSync":false,"sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Workloads)","uid":"a87fb0d919ec0ea5f6543124e16c42a5","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml index b423efd2c..38be48389 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: kubelet.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":0,"y":0},"id":2,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(kubelet_node_name{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"title":"Running Kubelets","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":4,"y":0},"id":3,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Running Pods","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":8,"y":0},"id":4,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Running Containers","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":12,"y":0},"id":5,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Actual Volume Count","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":16,"y":0},"id":6,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Desired Volume Count","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":20,"y":0},"id":7,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Config Error Count","transparent":false,"type":"stat"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":8,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (operation_type, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Operation Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":7},"id":9,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Operation Error Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":10,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Operation duration 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":21},"id":11,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} pod","refId":"A"},{"expr":"sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} worker","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Pod Start Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":21},"id":12,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} pod","refId":"A"},{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} worker","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Pod Start Duration","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":28},"id":13,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Storage Operation Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":28},"id":14,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Storage Operation Error Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":15,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Storage Operation Duration 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":16,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)","format":"time_series","intervalFactor":2,"legendFormat":"{{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Cgroup manager operation rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":17,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Cgroup manager 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Pod lifecycle event generator","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":18,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"PLEG relist rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":19,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"PLEG relist interval","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":56},"id":20,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"PLEG relist duration","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":63},"id":21,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"RPC Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":70},"id":22,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Request duration 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":8,"x":0,"y":77},"id":23,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":8,"x":8,"y":77},"id":24,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":8,"x":16,"y":77},"id":25,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"refresh":"10s","rows":[],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":"instance","multi":false,"name":"instance","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics\",cluster=\"$cluster\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Kubelet","uid":"3138fa155d5915769fbded898ac09fd9","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":0,"y":0},"id":2,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(kubelet_node_name{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"title":"Running Kubelets","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":4,"y":0},"id":3,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Running Pods","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":8,"y":0},"id":4,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Running Containers","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":12,"y":0},"id":5,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Actual Volume Count","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":16,"y":0},"id":6,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Desired Volume Count","transparent":false,"type":"stat"},{"datasource":"$datasource","fieldConfig":{"defaults":{"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[]},"unit":"none"}},"gridPos":{"h":7,"w":4,"x":20,"y":0},"id":7,"links":[],"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","reduceOptions":{"calcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"7","targets":[{"expr":"sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"title":"Config Error Count","transparent":false,"type":"stat"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":8,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (operation_type, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Operation Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":7},"id":9,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Operation Error Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":10,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Operation duration 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":21},"id":11,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} pod","refId":"A"},{"expr":"sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} worker","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Pod Start Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":21},"id":12,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} pod","refId":"A"},{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} worker","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Pod Start Duration","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":28},"id":13,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Storage Operation Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":28},"id":14,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Storage Operation Error Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":15,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Storage Operation Duration 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":16,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)","format":"time_series","intervalFactor":2,"legendFormat":"{{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Cgroup manager operation rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":17,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{operation_type}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Cgroup manager 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Pod lifecycle event generator","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":18,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"PLEG relist rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":19,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"PLEG relist interval","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":56},"id":20,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"PLEG relist duration","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":63},"id":21,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"RPC Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":24,"x":0,"y":70},"id":22,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}} {{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Request duration 99th quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":8,"x":0,"y":77},"id":23,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":8,"x":8,"y":77},"id":24,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{"h":7,"w":8,"x":16,"y":77},"id":25,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"refresh":"10s","rows":[],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":"instance","multi":false,"name":"instance","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics\",cluster=\"$cluster\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Kubelet","uid":"3138fa155d5915769fbded898ac09fd9","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml index fa889315b..ac97ab2b1 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: namespace-by-pod.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":0,"y":1},"height":9,"id":3,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":12,"y":1},"height":9,"id":4,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"columns":[{"text":"Time","value":"Time"},{"text":"Value #A","value":"Value #A"},{"text":"Value #B","value":"Value #B"},{"text":"Value #C","value":"Value #C"},{"text":"Value #D","value":"Value #D"},{"text":"Value #E","value":"Value #E"},{"text":"Value #F","value":"Value #F"},{"text":"pod","value":"pod"}],"datasource":"$datasource","fill":1,"fontSize":"100%","gridPos":{"h":9,"w":24,"x":0,"y":10},"id":5,"lines":true,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null as zero","renderer":"flot","scroll":true,"showHeader":true,"sort":{"col":0,"desc":false},"spaceLength":10,"span":24,"styles":[{"alias":"Time","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"Drill down","linkUrl":"d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=${__value.text}","pattern":"pod","thresholds":[],"type":"number","unit":"short"}],"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"A","step":10},{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"B","step":10},{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"C","step":10},{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"D","step":10},{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"E","step":10},{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"F","step":10}],"timeFrom":null,"timeShift":null,"title":"Current Status","type":"table"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":19},"id":6,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":20},"id":7,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":20},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":29},"id":9,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":30},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":30},"id":11,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":30},"id":12,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":40},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":40},"id":14,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Pods)","uid":"8b7a8b326d7a6f1f04244066368c67af","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":0,"y":1},"height":9,"id":3,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":12,"y":1},"height":9,"id":4,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"columns":[{"text":"Time","value":"Time"},{"text":"Value #A","value":"Value #A"},{"text":"Value #B","value":"Value #B"},{"text":"Value #C","value":"Value #C"},{"text":"Value #D","value":"Value #D"},{"text":"Value #E","value":"Value #E"},{"text":"Value #F","value":"Value #F"},{"text":"pod","value":"pod"}],"datasource":"$datasource","fill":1,"fontSize":"100%","gridPos":{"h":9,"w":24,"x":0,"y":10},"id":5,"lines":true,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null as zero","renderer":"flot","scroll":true,"showHeader":true,"sort":{"col":0,"desc":false},"spaceLength":10,"span":24,"styles":[{"alias":"Time","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Pod","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"Drill down","linkUrl":"d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"pod","thresholds":[],"type":"number","unit":"short"}],"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"A","step":10},{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"B","step":10},{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"C","step":10},{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"D","step":10},{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"E","step":10},{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"F","step":10}],"timeFrom":null,"timeShift":null,"title":"Current Status","type":"table"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":19},"id":6,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":20},"id":7,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":20},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":29},"id":9,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":30},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":30},"id":11,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":30},"id":12,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":40},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":40},"id":14,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Pods)","uid":"8b7a8b326d7a6f1f04244066368c67af","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml index 1ddaae571..793515a83 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: namespace-by-workload.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":1},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":1},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"columns":[{"text":"Time","value":"Time"},{"text":"Value #A","value":"Value #A"},{"text":"Value #B","value":"Value #B"},{"text":"Value #C","value":"Value #C"},{"text":"Value #D","value":"Value #D"},{"text":"Value #E","value":"Value #E"},{"text":"Value #F","value":"Value #F"},{"text":"Value #G","value":"Value #G"},{"text":"Value #H","value":"Value #H"},{"text":"workload","value":"workload"}],"datasource":"$datasource","fill":1,"fontSize":"90%","gridPos":{"h":9,"w":24,"x":0,"y":10},"id":5,"lines":true,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null as zero","renderer":"flot","scroll":true,"showHeader":true,"sort":{"col":0,"desc":false},"spaceLength":10,"span":24,"styles":[{"alias":"Time","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Current Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"pps"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"Drill down","linkUrl":"d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=${__value.text}","pattern":"workload","thresholds":[],"type":"number","unit":"short"}],"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"A","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"B","step":10},{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"C","step":10},{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"D","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"E","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"F","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"G","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"H","step":10}],"timeFrom":null,"timeShift":null,"title":"Current Status","type":"table"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":19},"id":6,"panels":[{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":20},"id":7,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":20},"id":8,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Bandwidth","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":29},"id":9,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth HIstory","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":38},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":38},"id":11,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":39},"id":12,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":40},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":40},"id":14,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":40},"id":15,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":41},"id":16,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":41},"id":17,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"regex":"","skipUrlSync":false,"sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Workload)","uid":"bbb2a765a623ae38130206c7d94a160f","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":1},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":1},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"columns":[{"text":"Time","value":"Time"},{"text":"Value #A","value":"Value #A"},{"text":"Value #B","value":"Value #B"},{"text":"Value #C","value":"Value #C"},{"text":"Value #D","value":"Value #D"},{"text":"Value #E","value":"Value #E"},{"text":"Value #F","value":"Value #F"},{"text":"Value #G","value":"Value #G"},{"text":"Value #H","value":"Value #H"},{"text":"workload","value":"workload"}],"datasource":"$datasource","fill":1,"fontSize":"90%","gridPos":{"h":9,"w":24,"x":0,"y":10},"id":5,"lines":true,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null as zero","renderer":"flot","scroll":true,"showHeader":true,"sort":{"col":0,"desc":false},"spaceLength":10,"span":24,"styles":[{"alias":"Time","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Time","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Current Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Current Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Received","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #C","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Average Bandwidth Transmitted","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #D","thresholds":[],"type":"number","unit":"Bps"},{"alias":"Rate of Received Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #E","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #F","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Received Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #G","thresholds":[],"type":"number","unit":"pps"},{"alias":"Rate of Transmitted Packets Dropped","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #H","thresholds":[],"type":"number","unit":"pps"},{"alias":"Workload","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":true,"linkTooltip":"Drill down","linkUrl":"d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=`}}{{ if .Values.grafana.sidecar.dashboards.enableNewTablePanelSyntax }}${__value.text}{{ else }}$__cell{{ end }}{{`","pattern":"workload","thresholds":[],"type":"number","unit":"short"}],"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"A","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"B","step":10},{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"C","step":10},{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"D","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"E","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"F","step":10},{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"G","step":10},{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":"","refId":"H","step":10}],"timeFrom":null,"timeShift":null,"title":"Current Status","type":"table"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":19},"id":6,"panels":[{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":20},"id":7,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":20},"id":8,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ workload }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Bandwidth","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":29},"id":9,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth HIstory","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":38},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":38},"id":11,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":39},"id":12,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":40},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":40},"id":14,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":40},"id":15,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":41},"id":16,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":41},"id":17,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{workload}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":false,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"regex":"","skipUrlSync":false,"sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Workload)","uid":"bbb2a765a623ae38130206c7d94a160f","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml index b7d7f3409..572c0a04e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml @@ -1,10 +1,10 @@ {{- /* -Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml index ce5553343..486f50219 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml @@ -1,10 +1,10 @@ {{- /* -Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml index 8a67a7f29..690f19a4e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml @@ -1,10 +1,10 @@ {{- /* -Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and .Values.nodeExporter.enabled .Values.nodeExporter.operatingSystems.darwin.enabled) }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.darwin.enabled) }} apiVersion: v1 kind: ConfigMap metadata: @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: nodes-darwin.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":1,"hideControls":false,"id":null,"links":[],"refresh":"30s","rows":[{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":2,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n","format":"time_series","intervalFactor":5,"legendFormat":"{{cpu}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":3,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"1m load average","refId":"A"},{"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"5m load average","refId":"B"},{"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"15m load average","refId":"C"},{"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})","format":"time_series","intervalFactor":2,"legendFormat":"logical cores","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Load Average","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":false,"steppedLine":false,"targets":[{"expr":"node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"Physical Memory","refId":"A"},{"expr":"(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n","format":"time_series","intervalFactor":2,"legendFormat":"Memory Used","refId":"B"},{"expr":"(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n","format":"time_series","intervalFactor":2,"legendFormat":"App Memory","refId":"C"},{"expr":"node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"Wired Memory","refId":"D"},{"expr":"node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"Compressed","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{},"id":5,"span":3,"targets":[{"expr":"(\n (\n avg(node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"}) -\n avg(node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"})\n ) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"})\n)\n*\n100\n","format":"time_series","intervalFactor":2,"legendFormat":""}],"title":"Memory Usage","transparent":false,"type":"gauge"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[{"alias":"/ read| written/","yaxis":1},{"alias":"/ io time/","yaxis":2}],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} read","refId":"A"},{"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} written","refId":"B"},{"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} io time","refId":"C"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Disk I/O","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"custom":{},"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.displayMode","value":"gradient-gauge"},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{},"id":7,"span":6,"targets":[{"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""},{"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge","options":{}},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"transparent":false,"type":"table"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Disk","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network received (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Received","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network transmitted (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Transmitted","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Network","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["node-exporter-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Instance","multi":false,"name":"instance","options":[],"query":"label_values(node_uname_info{job=\"node-exporter\", sysname=\"Darwin\"}, instance)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / MacOS","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":1,"hideControls":false,"id":null,"links":[],"refresh":"30s","rows":[{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":2,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\", cluster=\"$cluster\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\", cluster=\"$cluster\"})\n)\n","format":"time_series","intervalFactor":5,"legendFormat":"{{cpu}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":3,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"1m load average","refId":"A"},{"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"5m load average","refId":"B"},{"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"15m load average","refId":"C"},{"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", mode=\"idle\"})","format":"time_series","intervalFactor":2,"legendFormat":"logical cores","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Load Average","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":false,"steppedLine":false,"targets":[{"expr":"node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"Physical Memory","refId":"A"},{"expr":"(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} +\n node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} +\n node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}\n)\n","format":"time_series","intervalFactor":2,"legendFormat":"Memory Used","refId":"B"},{"expr":"(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}\n)\n","format":"time_series","intervalFactor":2,"legendFormat":"App Memory","refId":"C"},{"expr":"node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"Wired Memory","refId":"D"},{"expr":"node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"Compressed","refId":"E"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{},"id":5,"span":3,"targets":[{"expr":"(\n (\n avg(node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}) -\n avg(node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}) +\n avg(node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}) +\n avg(node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"})\n ) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"})\n)\n*\n100\n","format":"time_series","intervalFactor":2,"legendFormat":""}],"title":"Memory Usage","transparent":false,"type":"gauge"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[{"alias":"/ read| written/","yaxis":1},{"alias":"/ io time/","yaxis":2}],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} read","refId":"A"},{"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} written","refId":"B"},{"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} io time","refId":"C"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Disk I/O","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"custom":{},"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.displayMode","value":"gradient-gauge"},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{},"id":7,"span":6,"targets":[{"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""},{"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge","options":{}},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"transparent":false,"type":"table"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Disk","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network received (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Received","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network transmitted (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Transmitted","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Network","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["node-exporter-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"Cluster","multi":false,"name":"cluster","options":[],"query":"label_values(node_uname_info{job=\"node-exporter\", sysname=\"Darwin\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Instance","multi":false,"name":"instance","options":[],"query":"label_values(node_uname_info{job=\"node-exporter\", cluster=\"$cluster\", sysname=\"Darwin\"}, instance)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / MacOS","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml index d74881167..9b40b6e7e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml @@ -1,10 +1,10 @@ {{- /* -Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and .Values.nodeExporter.enabled .Values.nodeExporter.operatingSystems.linux.enabled) }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.linux.enabled) }} apiVersion: v1 kind: ConfigMap metadata: @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: nodes.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":1,"hideControls":false,"id":null,"links":[],"refresh":"30s","rows":[{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":2,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n","format":"time_series","intervalFactor":5,"legendFormat":"{{cpu}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":3,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"1m load average","refId":"A"},{"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"5m load average","refId":"B"},{"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"15m load average","refId":"C"},{"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})","format":"time_series","intervalFactor":2,"legendFormat":"logical cores","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Load Average","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n","format":"time_series","intervalFactor":2,"legendFormat":"memory used","refId":"A"},{"expr":"node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"memory buffers","refId":"B"},{"expr":"node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"memory cached","refId":"C"},{"expr":"node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"memory free","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{},"id":5,"span":3,"targets":[{"expr":"100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"}) /\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n","format":"time_series","intervalFactor":2,"legendFormat":""}],"title":"Memory Usage","transparent":false,"type":"gauge"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[{"alias":"/ read| written/","yaxis":1},{"alias":"/ io time/","yaxis":2}],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} read","refId":"A"},{"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} written","refId":"B"},{"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} io time","refId":"C"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Disk I/O","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"custom":{},"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.displayMode","value":"gradient-gauge"},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{},"id":7,"span":6,"targets":[{"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""},{"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge","options":{}},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"transparent":false,"type":"table"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Disk","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network received (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Received","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network transmitted (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Transmitted","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Network","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["node-exporter-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Instance","multi":false,"name":"instance","options":[],"query":"label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, instance)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / Nodes","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":1,"hideControls":false,"id":null,"links":[],"refresh":"30s","rows":[{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":2,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\", cluster=\"$cluster\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\", cluster=\"$cluster\"})\n)\n","format":"time_series","intervalFactor":5,"legendFormat":"{{cpu}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":1,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":3,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"1m load average","refId":"A"},{"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"5m load average","refId":"B"},{"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"15m load average","refId":"C"},{"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", mode=\"idle\"})","format":"time_series","intervalFactor":2,"legendFormat":"logical cores","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Load Average","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"CPU","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}\n)\n","format":"time_series","intervalFactor":2,"legendFormat":"memory used","refId":"A"},{"expr":"node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"memory buffers","refId":"B"},{"expr":"node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"memory cached","refId":"C"},{"expr":"node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","format":"time_series","intervalFactor":2,"legendFormat":"memory free","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{},"id":5,"span":3,"targets":[{"expr":"100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}) /\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"})\n* 100\n)\n","format":"time_series","intervalFactor":2,"legendFormat":""}],"title":"Memory Usage","transparent":false,"type":"gauge"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Memory","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":0,"fillGradient":0,"gridPos":{},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[{"alias":"/ read| written/","yaxis":1},{"alias":"/ io time/","yaxis":2}],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} read","refId":"A"},{"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} written","refId":"B"},{"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","format":"time_series","intervalFactor":1,"legendFormat":"{{device}} io time","refId":"C"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Disk I/O","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"percentunit","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"datasource":"$datasource","fieldConfig":{"defaults":{"custom":{},"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.displayMode","value":"gradient-gauge"},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{},"id":7,"span":6,"targets":[{"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""},{"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"intervalFactor":2,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge","options":{}},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"transparent":false,"type":"table"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Disk","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network received (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Received","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","description":"Network transmitted (bits/s)","fill":0,"fillGradient":0,"gridPos":{},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","format":"time_series","intervalFactor":1,"legendFormat":"{{device}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Transmitted","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Network","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["node-exporter-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"Cluster","multi":false,"name":"cluster","options":[],"query":"label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Instance","multi":false,"name":"instance","options":[],"query":"label_values(node_uname_info{job=\"node-exporter\", cluster=\"$cluster\", sysname!=\"Darwin\"}, instance)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / Nodes","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml index 96f985615..c18884985 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: persistentvolumesusage.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":2,"interval":"1m","legend":{"alignAsTable":true,"avg":true,"current":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n","format":"time_series","intervalFactor":1,"legendFormat":"Used Space","refId":"A"},{"expr":"sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n","format":"time_series","intervalFactor":1,"legendFormat":"Free Space","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Volume Space Usage","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(50, 172, 45, 0.97)","rgba(237, 129, 40, 0.89)","rgba(245, 54, 54, 0.9)"],"datasource":"$datasource","format":"percent","gauge":{"maxValue":100,"minValue":0,"show":true,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":3,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":3,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"80, 90","title":"Volume Space Usage","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":true,"current":true,"max":true,"min":true,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":true,"steppedLine":false,"targets":[{"expr":"sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n","format":"time_series","intervalFactor":1,"legendFormat":"Used inodes","refId":"A"},{"expr":"(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n","format":"time_series","intervalFactor":1,"legendFormat":" Free inodes","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Volume inodes Usage","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"none","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"none","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(50, 172, 45, 0.97)","rgba(237, 129, 40, 0.89)","rgba(245, 54, 54, 0.9)"],"datasource":"$datasource","format":"percent","gauge":{"maxValue":100,"minValue":0,"show":true,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":5,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":3,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"80, 90","title":"Volume inodes Usage","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(kubelet_volume_stats_capacity_bytes{job=\"kubelet\", metrics_path=\"/metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Namespace","multi":false,"name":"namespace","options":[],"query":"label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"PersistentVolumeClaim","multi":false,"name":"volume","options":[],"query":"label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-7d","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Persistent Volumes","uid":"919b92a8e8041bd567af9edab12c840c","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":2,"legend":{"alignAsTable":true,"avg":true,"current":true,"max":true,"min":true,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":true,"steppedLine":false,"targets":[{"expr":"(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n","format":"time_series","intervalFactor":1,"legendFormat":"Used Space","refId":"A"},{"expr":"sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n","format":"time_series","intervalFactor":1,"legendFormat":"Free Space","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Volume Space Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(50, 172, 45, 0.97)","rgba(237, 129, 40, 0.89)","rgba(245, 54, 54, 0.9)"],"datasource":"$datasource","format":"percent","gauge":{"maxValue":100,"minValue":0,"show":true,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":3,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":3,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"80, 90","title":"Volume Space Usage","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":true,"avg":true,"current":true,"max":true,"min":true,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":9,"stack":true,"steppedLine":false,"targets":[{"expr":"sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n","format":"time_series","intervalFactor":1,"legendFormat":"Used inodes","refId":"A"},{"expr":"(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n","format":"time_series","intervalFactor":1,"legendFormat":" Free inodes","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Volume inodes Usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"none","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"none","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["rgba(50, 172, 45, 0.97)","rgba(237, 129, 40, 0.89)","rgba(245, 54, 54, 0.9)"],"datasource":"$datasource","format":"percent","gauge":{"maxValue":100,"minValue":0,"show":true,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":5,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":3,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"80, 90","title":"Volume inodes Usage","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(kubelet_volume_stats_capacity_bytes{job=\"kubelet\", metrics_path=\"/metrics\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"Namespace","multi":false,"name":"namespace","options":[],"query":"label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, namespace)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":false,"label":"PersistentVolumeClaim","multi":false,"name":"volume","options":[],"query":"label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-7d","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Persistent Volumes","uid":"919b92a8e8041bd567af9edab12c840c","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml index 9be585538..3391e1ebb 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: pod-total.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":0,"y":1},"height":9,"id":3,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace: $pod","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":12,"y":1},"height":9,"id":4,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace: $pod","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":10},"id":5,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":11},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":11},"id":7,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":20},"id":8,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":21},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":21},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":21},"id":11,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":32},"id":12,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":32},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)","hide":0,"includeAll":false,"label":null,"multi":false,"name":"pod","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Pod","uid":"7a18067ce943a40ae25454675c19ff5c","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":0,"y":1},"height":9,"id":3,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace: $pod","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","decimals":0,"format":"time_series","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{"h":9,"w":12,"x":12,"y":1},"height":9,"id":4,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"minSpan":12,"nullPointMode":"connected","nullText":null,"options":{"fieldOptions":{"calcs":["last"],"defaults":{"max":10000000000,"min":0,"title":"$namespace: $pod","unit":"Bps"},"mappings":[],"override":{},"thresholds":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}],"values":false}},"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":12,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))","format":"time_series","instant":null,"intervalFactor":1,"legendFormat":"","refId":"A"}],"thresholds":"","timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","type":"gauge","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"current"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":10},"id":5,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":11},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":11},"id":7,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":20},"id":8,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":21},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":21},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":21},"id":11,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":0,"y":32},"id":12,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":10,"w":12,"x":12,"y":32},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)","hide":0,"includeAll":false,"label":null,"multi":false,"name":"pod","options":[],"query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Pod","uid":"7a18067ce943a40ae25454675c19ff5c","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml index cbf1f23cf..81236bcf3 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml index 36a710a0c..6eec76459 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: prometheus.json: |- - {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"60s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Count","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Uptime","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"s"},{"alias":"Cluster","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"cluster","thresholds":[],"type":"number","unit":"short"},{"alias":"Instance","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"instance","thresholds":[],"type":"number","unit":"short"},{"alias":"Job","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"job","thresholds":[],"type":"number","unit":"short"},{"alias":"Version","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"version","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"count by (cluster, job, instance, version) (prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"max by (cluster, job, instance) (time() - process_start_time_seconds{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":"","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Prometheus Stats","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Prometheus Stats","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(prometheus_target_sync_length_seconds_sum{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[5m])) by (cluster, job, scrape_job, instance) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}:{{scrape_job}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Target Sync","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ms","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by (cluster, job, instance) (prometheus_sd_discovered_targets{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"})","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Targets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Discovery","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(prometheus_target_interval_length_seconds_sum{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}} {{interval}} configured","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Scrape Interval Duration","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ms","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":4,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded body size limit: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_sample_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded sample limit: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"duplicate timestamp: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_bounds_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of bounds: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_order_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of order: {{cluster}} {{job}} {{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Scrape failures","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":4,"stack":true,"steppedLine":false,"targets":[{"expr":"rate(prometheus_tsdb_head_samples_appended_total{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Appended Samples","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Retrieval","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"prometheus_tsdb_head_series{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head series","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Head Series","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"prometheus_tsdb_head_chunks{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head chunks","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Head Chunks","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"rate(prometheus_engine_query_duration_seconds_count{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Query Rate","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}) * 1e3","format":"time_series","legendFormat":"{{slice}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Stage Duration","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ms","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Query","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["prometheus-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":".+","current":{"selected":true,"text":"All","value":"$__all"},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"cluster","multi":true,"name":"cluster","options":[],"query":"label_values(prometheus_build_info{job=\"prometheus-k8s\",namespace=\"monitoring\"}, cluster)","refresh":1,"regex":"","sort":2,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","current":{"selected":true,"text":"All","value":"$__all"},"datasource":"$datasource","hide":0,"includeAll":true,"label":"job","multi":true,"name":"job","options":[],"query":"label_values(prometheus_build_info{cluster=~\"$cluster\"}, job)","refresh":1,"regex":"","sort":2,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","current":{"selected":true,"text":"All","value":"$__all"},"datasource":"$datasource","hide":0,"includeAll":true,"label":"instance","multi":true,"name":"instance","options":[],"query":"label_values(prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\"}, instance)","refresh":1,"regex":"","sort":2,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Prometheus / Overview","uid":"","version":0}`}} + {{`{"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"links":[],"refresh":"60s","rows":[{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":1,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"styles":[{"alias":"Time","dateFormat":"YYYY-MM-DD HH:mm:ss","pattern":"Time","type":"hidden"},{"alias":"Count","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #A","thresholds":[],"type":"hidden","unit":"short"},{"alias":"Uptime","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"Value #B","thresholds":[],"type":"number","unit":"s"},{"alias":"Cluster","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"cluster","thresholds":[],"type":"number","unit":"short"},{"alias":"Instance","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"instance","thresholds":[],"type":"number","unit":"short"},{"alias":"Job","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"job","thresholds":[],"type":"number","unit":"short"},{"alias":"Version","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"link":false,"linkTargetBlank":false,"linkTooltip":"Drill down","linkUrl":"","pattern":"version","thresholds":[],"type":"number","unit":"short"},{"alias":"","colorMode":null,"colors":[],"dateFormat":"YYYY-MM-DD HH:mm:ss","decimals":2,"pattern":"/.*/","thresholds":[],"type":"string","unit":"short"}],"targets":[{"expr":"count by (cluster, job, instance, version) (prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":"","refId":"A"},{"expr":"max by (cluster, job, instance) (time() - process_start_time_seconds{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":"","refId":"B"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Prometheus Stats","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"transform":"table","type":"table","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Prometheus Stats","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":2,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(prometheus_target_sync_length_seconds_sum{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[5m])) by (cluster, job, scrape_job, instance) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}:{{scrape_job}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Target Sync","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ms","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":3,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by (cluster, job, instance) (prometheus_sd_discovered_targets{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"})","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Targets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Discovery","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"id":4,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(prometheus_target_interval_length_seconds_sum{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}} {{interval}} configured","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Scrape Interval Duration","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ms","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":5,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":4,"stack":true,"steppedLine":false,"targets":[{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded body size limit: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_sample_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded sample limit: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"duplicate timestamp: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_bounds_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of bounds: {{cluster}} {{job}} {{instance}}","legendLink":null},{"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_order_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of order: {{cluster}} {{job}} {{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Scrape failures","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":6,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":4,"stack":true,"steppedLine":false,"targets":[{"expr":"rate(prometheus_tsdb_head_samples_appended_total{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Appended Samples","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Retrieval","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":7,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"prometheus_tsdb_head_series{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head series","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Head Series","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":8,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"prometheus_tsdb_head_chunks{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head chunks","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Head Chunks","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Storage","titleSize":"h6"},{"collapse":false,"height":"250px","panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":9,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"rate(prometheus_engine_query_duration_seconds_count{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Query Rate","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":10,"id":10,"legend":{"avg":false,"current":false,"max":false,"min":false,"show":true,"total":false,"values":false},"lines":true,"linewidth":0,"links":[],"nullPointMode":"null as zero","percentage":false,"pointradius":5,"points":false,"renderer":"flot","seriesOverrides":[],"spaceLength":10,"span":6,"stack":true,"steppedLine":false,"targets":[{"expr":"max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}) * 1e3","format":"time_series","legendFormat":"{{slice}}","legendLink":null}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Stage Duration","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ms","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":false}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Query","titleSize":"h6"}],"schemaVersion":14,"style":"dark","tags":["prometheus-mixin"],"templating":{"list":[{"current":{"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":".+","current":{"selected":true,"text":"All","value":"$__all"},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"cluster","multi":true,"name":"cluster","options":[],"query":"label_values(prometheus_build_info{}, cluster)","refresh":1,"regex":"","sort":2,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","current":{"selected":true,"text":"All","value":"$__all"},"datasource":"$datasource","hide":0,"includeAll":true,"label":"job","multi":true,"name":"job","options":[],"query":"label_values(prometheus_build_info{cluster=~\"$cluster\"}, job)","refresh":1,"regex":"","sort":2,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","current":{"selected":true,"text":"All","value":"$__all"},"datasource":"$datasource","hide":0,"includeAll":true,"label":"instance","multi":true,"name":"instance","options":[],"query":"label_values(prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\"}, instance)","refresh":1,"regex":"","sort":2,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Prometheus / Overview","uid":"","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml index c927e3dd4..23cc916e5 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: proxy.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":2,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":2,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(up{cluster=\"$cluster\", job=\"kube-proxy\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Up","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"min"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"rate","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rules Sync Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rule Sync Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"rate","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Programming Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Programming Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Kube API Request Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":8,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Post Request Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Get Request Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":11,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":12,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-proxy\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"instance","options":[],"query":"label_values(up{job=\"kube-proxy\", cluster=\"$cluster\", job=\"kube-proxy\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Proxy","uid":"632e265de029684c40b21cb76bca4f94","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":2,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":2,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(up{cluster=\"$cluster\", job=\"kube-proxy\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Up","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"min"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":3,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"rate","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rules Sync Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rule Sync Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":5,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"rate","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Programming Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":6,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":6,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Network Programming Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":7,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Kube API Request Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":8,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Post Request Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":9,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Get Request Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":11,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":12,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-proxy\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"instance","options":[],"query":"label_values(up{job=\"kube-proxy\", cluster=\"$cluster\", job=\"kube-proxy\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Proxy","uid":"632e265de029684c40b21cb76bca4f94","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml index 181d55ff4..c8aedd50d 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: scheduler.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":2,"interval":"1m","legend":{"alignAsTable":true,"rightSide":true},"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":2,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(up{cluster=\"$cluster\", job=\"kube-scheduler\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Up","tooltip":{"shared":false},"type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"min"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":3,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} e2e","refId":"A"},{"expr":"sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} binding","refId":"B"},{"expr":"sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} scheduling algorithm","refId":"C"},{"expr":"sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} volume","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Scheduling Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} e2e","refId":"A"},{"expr":"histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} binding","refId":"B"},{"expr":"histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} scheduling algorithm","refId":"C"},{"expr":"histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} volume","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Scheduling latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":5,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Kube API Request Rate","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":6,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":8,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Post Request Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":7,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Get Request Latency 99th Quantile","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":8,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":9,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":10,"interval":"1m","legend":{"alignAsTable":true,"avg":false,"current":false,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":false,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-scheduler\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"instance","options":[],"query":"label_values(up{job=\"kube-scheduler\", cluster=\"$cluster\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Scheduler","uid":"2e6b6a3b4bddf1427b3a55aa1311c656","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"refresh":"10s","rows":[{"collapse":false,"collapsed":false,"panels":[{"cacheTimeout":null,"colorBackground":false,"colorValue":false,"colors":["#299c46","rgba(237, 129, 40, 0.89)","#d44a3a"],"datasource":"$datasource","format":"none","gauge":{"maxValue":100,"minValue":0,"show":false,"thresholdLabels":false,"thresholdMarkers":true},"gridPos":{},"id":2,"interval":null,"links":[],"mappingType":1,"mappingTypes":[{"name":"value to text","value":1},{"name":"range to text","value":2}],"maxDataPoints":100,"nullPointMode":"connected","nullText":null,"postfix":"","postfixFontSize":"50%","prefix":"","prefixFontSize":"50%","rangeMaps":[{"from":"null","text":"N/A","to":"null"}],"span":2,"sparkline":{"fillColor":"rgba(31, 118, 189, 0.18)","full":false,"lineColor":"rgb(31, 120, 193)","show":false},"tableColumn":"","targets":[{"expr":"sum(up{cluster=\"$cluster\", job=\"kube-scheduler\"})","format":"time_series","intervalFactor":2,"legendFormat":"","refId":"A"}],"thresholds":"","title":"Up","type":"singlestat","valueFontSize":"80%","valueMaps":[{"op":"=","text":"N/A","value":"null"}],"valueName":"min"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} e2e","refId":"A"},{"expr":"sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} binding","refId":"B"},{"expr":"sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} scheduling algorithm","refId":"C"},{"expr":"sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} volume","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Scheduling Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":5,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} e2e","refId":"A"},{"expr":"histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} binding","refId":"B"},{"expr":"histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} scheduling algorithm","refId":"C"},{"expr":"histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}} {{instance}} volume","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Scheduling latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":5,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"2xx","refId":"A"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"3xx","refId":"B"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"4xx","refId":"C"},{"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","format":"time_series","intervalFactor":2,"legendFormat":"5xx","refId":"D"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Kube API Request Rate","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"ops","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":6,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":8,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Post Request Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":7,"legend":{"alignAsTable":true,"avg":false,"current":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"total":false,"values":true},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":false,"steppedLine":false,"targets":[{"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))","format":"time_series","intervalFactor":2,"legendFormat":"{{verb}} {{url}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Get Request Latency 99th Quantile","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"s","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":8,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Memory","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":null,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"CPU usage","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"bytes","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":1,"fillGradient":0,"gridPos":{},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":1,"links":[],"nullPointMode":"null","percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":4,"stack":false,"steppedLine":false,"targets":[{"expr":"go_goroutines{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{instance}}","refId":"A"}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Goroutines","tooltip":{"shared":true,"sort":0,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true},{"format":"short","label":null,"logBase":1,"max":null,"min":null,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":false,"title":"Dashboard Row","titleSize":"h6","type":"row"}],"schemaVersion":14,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":"cluster","multi":false,"name":"cluster","options":[],"query":"label_values(up{job=\"kube-scheduler\"}, cluster)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"current":{},"datasource":"$datasource","hide":0,"includeAll":true,"label":null,"multi":false,"name":"instance","options":[],"query":"label_values(up{job=\"kube-scheduler\", cluster=\"$cluster\"}, instance)","refresh":2,"regex":"","sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Scheduler","uid":"2e6b6a3b4bddf1427b3a55aa1311c656","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml index a686afd23..f0f356ce9 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml +Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,5 +20,5 @@ metadata: {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: workload-total.json: |- - {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":1},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":1},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":10},"id":5,"panels":[{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":11},"id":6,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":11},"id":7,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Bandwidth","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":11},"id":8,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth HIstory","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":12},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":12},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":21},"id":11,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":22},"id":12,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":22},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":22},"id":14,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":23},"id":15,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":23},"id":16,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data Source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(kube_pod_info{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)","hide":0,"includeAll":false,"label":null,"multi":false,"name":"workload","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)","refresh":2,"regex":"","skipUrlSync":false,"sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Workload","uid":"728bf77cc1166d2f3133bf25846876cc","version":0}`}} + {{`{"__inputs":[],"__requires":[],"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"gnetId":null,"graphTooltip":0,"hideControls":false,"id":null,"links":[],"panels":[{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":2,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Current Bandwidth","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":1},"id":3,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":1},"id":4,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Current Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":10},"id":5,"panels":[{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":11},"id":6,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Received","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":true,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":11},"id":7,"legend":{"alignAsTable":true,"avg":false,"current":true,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":true,"show":true,"sideWidth":null,"sort":"current","sortDesc":true,"total":false,"values":true},"lines":false,"linewidth":1,"links":[],"minSpan":24,"nullPointMode":"null","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":24,"stack":false,"steppedLine":false,"targets":[{"expr":"sort_desc(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{ pod }}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Average Rate of Bytes Transmitted","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"series","name":null,"show":false,"values":["current"]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Average Bandwidth","titleSize":"h6","type":"row"},{"collapse":false,"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":11},"id":8,"panels":[],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Bandwidth HIstory","titleSize":"h6","type":"row"},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":12},"id":9,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Receive Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":12},"id":10,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Transmit Bandwidth","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"Bps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":21},"id":11,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":22},"id":12,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":22},"id":13,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Packets","titleSize":"h6","type":"row"},{"collapse":true,"collapsed":true,"gridPos":{"h":1,"w":24,"x":0,"y":22},"id":14,"panels":[{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":0,"y":23},"id":15,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Received Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]},{"aliasColors":{},"bars":false,"dashLength":10,"dashes":false,"datasource":"$datasource","fill":2,"fillGradient":0,"gridPos":{"h":9,"w":12,"x":12,"y":23},"id":16,"legend":{"alignAsTable":false,"avg":false,"current":false,"hideEmpty":true,"hideZero":true,"max":false,"min":false,"rightSide":false,"show":true,"sideWidth":null,"total":false,"values":false},"lines":true,"linewidth":2,"links":[],"minSpan":12,"nullPointMode":"connected","paceLength":10,"percentage":false,"pointradius":5,"points":false,"renderer":"flot","repeat":null,"seriesOverrides":[],"spaceLength":10,"span":12,"stack":true,"steppedLine":false,"targets":[{"expr":"sort_desc(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"time_series","intervalFactor":1,"legendFormat":"{{pod}}","refId":"A","step":10}],"thresholds":[],"timeFrom":null,"timeShift":null,"title":"Rate of Transmitted Packets Dropped","tooltip":{"shared":true,"sort":2,"value_type":"individual"},"type":"graph","xaxis":{"buckets":null,"mode":"time","name":null,"show":true,"values":[]},"yaxes":[{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true},{"format":"pps","label":null,"logBase":1,"max":null,"min":0,"show":true}]}],"repeat":null,"repeatIteration":null,"repeatRowId":null,"showTitle":true,"title":"Errors","titleSize":"h6","type":"row"}],"refresh":"10s","rows":[],"schemaVersion":18,"style":"dark","tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":null,"current":{},"datasource":"$datasource","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":false,"label":null,"multi":false,"name":"cluster","options":[],"query":"label_values(kube_pod_info{job=\"kube-state-metrics\"}, cluster)","refresh":2,"regex":"","sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":".+","auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"kube-system","value":"kube-system"},"datasource":"$datasource","definition":"label_values(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"namespace","options":[],"query":"label_values(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)","hide":0,"includeAll":false,"label":null,"multi":false,"name":"workload","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"","value":""},"datasource":"$datasource","definition":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)","hide":0,"includeAll":true,"label":null,"multi":false,"name":"type","options":[],"query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)","refresh":2,"regex":"","skipUrlSync":false,"sort":0,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"query","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":0,"includeAll":false,"label":null,"multi":false,"name":"resolution","options":[{"selected":false,"text":"30s","value":"30s"},{"selected":true,"text":"5m","value":"5m"},{"selected":false,"text":"1h","value":"1h"}],"query":"30s,5m,1h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false},{"allValue":null,"auto":false,"auto_count":30,"auto_min":"10s","current":{"text":"5m","value":"5m"},"datasource":"$datasource","hide":2,"includeAll":false,"label":null,"multi":false,"name":"interval","options":[{"selected":true,"text":"4h","value":"4h"}],"query":"4h","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tags":[],"tagsQuery":"","type":"interval","useTags":false}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Workload","uid":"728bf77cc1166d2f3133bf25846876cc","version":0}`}} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml index 7ce357bb9..054eac4a7 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml @@ -17,6 +17,10 @@ metadata: spec: replicas: {{ .Values.prometheusOperator.admissionWebhooks.deployment.replicas }} revisionHistoryLimit: {{ .Values.prometheusOperator.admissionWebhooks.deployment.revisionHistoryLimit }} + {{- with .Values.prometheusOperator.admissionWebhooks.deployment.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} selector: matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook @@ -119,6 +123,7 @@ spec: {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.securityContext | indent 8 }} {{- end }} serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}-webhook + automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.automountServiceAccountToken }} {{- if .Values.prometheusOperator.admissionWebhooks.deployment.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml index 5889bd234..e2b1ba92c 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml @@ -22,6 +22,10 @@ spec: matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-operator release: {{ $.Release.Name | quote }} + {{- with .Values.prometheusOperator.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} template: metadata: labels: @@ -151,17 +155,25 @@ spec: {{ toYaml .Values.prometheusOperator.resources | indent 12 }} securityContext: {{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }} -{{- if .Values.prometheusOperator.tls.enabled }} volumeMounts: + {{- if .Values.prometheusOperator.tls.enabled }} - name: tls-secret mountPath: /cert readOnly: true + {{- end }} + {{- with .Values.prometheusOperator.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} volumes: + {{- if .Values.prometheusOperator.tls.enabled }} - name: tls-secret secret: defaultMode: 420 secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission -{{- end }} + {{- end }} + {{- with .Values.prometheusOperator.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.prometheusOperator.dnsConfig }} dnsConfig: {{ toYaml . | indent 8 }} @@ -171,6 +183,7 @@ spec: {{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} {{- end }} serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.prometheusOperator.automountServiceAccountToken }} {{- if .Values.prometheusOperator.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml index 60ccf2fe5..4f84974f9 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml @@ -6,6 +6,7 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} +automountServiceAccountToken: {{ .Values.prometheusOperator.serviceAccount.automountServiceAccountToken }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: {{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl b/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl index 5fe564f3e..4a8213d08 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl +++ b/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl @@ -8,13 +8,13 @@ rules: - "config-reloaders" - "etcd" - "general.rules" - - "k8s.rules.container_cpu_usage_seconds_total" - - "k8s.rules.container_memory_cache" - - "k8s.rules.container_memory_rss" - - "k8s.rules.container_memory_swap" - - "k8s.rules.container_memory_working_set_bytes" - - "k8s.rules.container_resource" - - "k8s.rules.pod_owner" + - "k8s.rules.container-cpu-usage-seconds-total" + - "k8s.rules.container-memory-cache" + - "k8s.rules.container-memory-rss" + - "k8s.rules.container-memory-swap" + - "k8s.rules.container-memory-working-set-bytes" + - "k8s.rules.container-resource" + - "k8s.rules.pod-owner" - "kube-apiserver-availability.rules" - "kube-apiserver-burnrate.rules" - "kube-apiserver-histogram.rules" diff --git a/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml index 3585b5db1..249144d80 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml @@ -24,6 +24,13 @@ rules: verbs: ["get", "list", "watch"] - nonResourceURLs: ["/metrics", "/metrics/cadvisor"] verbs: ["get"] +{{/* fix(#3338): add required rules to use node-exporter with the RBAC proxy */}} +{{- if and .Values.nodeExporter.enabled (index .Values "prometheus-node-exporter").kubeRBACProxy.enabled }} +- apiGroups: [ "" ] + resources: + - services/{{ include "prometheus-node-exporter.fullname" (index .Subcharts "prometheus-node-exporter") }} + verbs: [ "get", "list", "watch" ] +{{- end }} {{- if .Values.prometheus.additionalRulesForClusterRole }} {{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml index b262424d4..96756df46 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/alertmanager-prometheusRule.yaml +Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/alertmanager-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml index 72ebc4cc6..378614dc9 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'config-reloaders' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheusOperator-prometheusRule.yaml +Generated from 'config-reloaders' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/prometheusOperator-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml index afdb1288d..62f556c99 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml +Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubePrometheus-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml index ab4de1cb2..d5e46270f 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s.rules.container-cpu-usage-seconds-total' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'k8s.rules.container-cpu-usage-seconds-total' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml index 73161d13b..0cf42477e 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s.rules.container-memory-cache' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'k8s.rules.container-memory-cache' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml index 291d034b3..2ba3d1071 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s.rules.container-memory-rss' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'k8s.rules.container-memory-rss' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml index 03091749d..d9dea9187 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s.rules.container-memory-swap' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'k8s.rules.container-memory-swap' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml index 00a82c1d9..0263d3edb 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s.rules.container-memory-working-set-bytes' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'k8s.rules.container-memory-working-set-bytes' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml index 4cdb7d87f..9634ea9df 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s.rules.container-resource' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'k8s.rules.container-resource' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml index e06356d4e..2eb793a47 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s.rules.pod-owner' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'k8s.rules.pod-owner' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml index ceec327e8..f83c5219e 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml index 369a0ae1b..3f2553d48 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-apiserver-burnrate.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kube-apiserver-burnrate.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml index e269cf33c..941f3db06 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-apiserver-histogram.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kube-apiserver-histogram.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml index 3f6a6a242..6d593e6e5 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml index b6e378508..8773d7d22 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml +Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubePrometheus-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml index 7d8e937d6..d15c520d2 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml +Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubePrometheus-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml index ef5639e07..a8f5e4cb9 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml index 93c6fe933..69fb05623 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubeStateMetrics-prometheusRule.yaml +Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubeStateMetrics-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml index 795dacd9a..33f4bff01 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml index 8582292a0..5d1ddf0c5 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml index 3eb2be423..f72feb148 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml index dfb99607d..0fc0ab1e6 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml index 3e2d9c69f..8e2e54908 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml index e24bcac0e..4347e2cdf 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml index b71e86607..c4b45878b 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml index 4fcae4542..e76e5674d 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml index 362580b72..3c99b59f3 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml index 6ca42338f..df5ba33e7 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/nodeExporter-prometheusRule.yaml +Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/nodeExporter-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml index 25b2b68c8..01387f444 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/nodeExporter-prometheusRule.yaml +Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/nodeExporter-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml index ecef04f22..04d197351 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml +Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubePrometheus-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml index 71c246d68..a44821f09 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml +Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/kubernetesControlPlane-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml index bd7d97c23..cc3ab25ab 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheusOperator-prometheusRule.yaml +Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/prometheusOperator-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml index 907f7b30e..0fa21077f 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheus-prometheusRule.yaml +Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/76f2e1ef95be0df752037baa040781c5219e1fb3/manifests/prometheus-prometheusRule.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus/secret.yaml b/charts/kube-prometheus-stack/templates/prometheus/secret.yaml index e88d69777..e4a1e73c7 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/secret.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/secret.yaml @@ -1,4 +1,5 @@ -{{- if .Values.prometheus.enabled }} +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.thanos .Values.prometheus.prometheusSpec.thanos.objectStorageConfig}} +{{- if and .Values.prometheus.prometheusSpec.thanos.objectStorageConfig.secret (not .Values.prometheus.prometheusSpec.thanos.objectStorageConfig.existingSecret) }} apiVersion: v1 kind: Secret metadata: @@ -9,9 +10,6 @@ metadata: app.kubernetes.io/component: prometheus {{ include "kube-prometheus-stack.labels" . | indent 4 }} data: - {{- with .Values.prometheus.prometheusSpec.thanos.objectStorageConfig }} - {{- if and .secret (not .existingSecret) }} - object-storage-configs.yaml: {{ toYaml .secret | b64enc | quote }} - {{- end }} - {{- end }} + object-storage-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.thanos.objectStorageConfig.secret | b64enc | quote }} +{{- end }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/service.yaml b/charts/kube-prometheus-stack/templates/prometheus/service.yaml index 0ef8c7abe..d61b9d6ef 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/service.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/service.yaml @@ -47,7 +47,7 @@ spec: {{- if semverCompare "> 1.20.0-0" $kubeTargetVersion }} appProtocol: http {{- end }} - port: 8080 + port: {{ .Values.prometheus.service.reloaderWebPort }} targetPort: reloader-web {{- if .Values.prometheus.thanosIngress.enabled }} - name: grpc diff --git a/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml index dde1632d6..e97b989bb 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml @@ -13,6 +13,7 @@ metadata: annotations: {{ toYaml .Values.prometheus.serviceAccount.annotations | indent 4 }} {{- end }} +automountServiceAccountToken: {{ .Values.prometheus.serviceAccount.automountServiceAccountToken }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: {{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml index e05f6c111..31cbc90b2 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml @@ -45,7 +45,12 @@ spec: {{- if .Values.prometheus.serviceMonitor.interval }} interval: {{ .Values.prometheus.serviceMonitor.interval }} {{- end }} - scheme: http + {{- if .Values.prometheus.serviceMonitor.scheme }} + scheme: {{ .Values.prometheus.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.tlsConfig }} + tlsConfig: {{- toYaml .Values.prometheus.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} path: "/metrics" {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} metricRelabelings: {{- tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 6) . }} diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index 6a7cb06e2..754377dfd 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -286,8 +286,6 @@ alertmanager: ## Configure pod disruption budgets for Alertmanager ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - ## This configuration is immutable once created and will require the PDB to be deleted to be changed - ## https://github.com/kubernetes/kubernetes/issues/45398 ## podDisruptionBudget: enabled: false @@ -557,13 +555,16 @@ alertmanager: ## type: ClusterIP - ## If true, create a serviceMonitor for alertmanager + ## Configuration for creating a ServiceMonitor for AlertManager ## serviceMonitor: + ## If true, a ServiceMonitor will be created for the AlertManager service. + ## + selfMonitor: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. ## interval: "" - selfMonitor: true ## Additional labels ## @@ -645,7 +646,7 @@ alertmanager: image: registry: quay.io repository: prometheus/alertmanager - tag: v0.26.0 + tag: v0.27.0 sha: "" ## If true then the user will be responsible to provide a secret with alertmanager configuration @@ -658,6 +659,10 @@ alertmanager: ## secrets: [] + ## If false then the user will opt out of automounting API credentials. + ## + automountServiceAccountToken: true + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. ## @@ -1017,6 +1022,10 @@ grafana: # finalizers: # - kubernetes.io/pvc-protection + serviceAccount: + create: true + autoMount: true + sidecar: dashboards: enabled: true @@ -1025,6 +1034,9 @@ grafana: # Allow discovery in all namespaces for dashboards searchNamespace: ALL + # Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels + enableNewTablePanelSyntax: false + ## Annotations for Grafana dashboard configmaps ## annotations: {} @@ -1475,6 +1487,15 @@ kubeControllerManager: ## proxyUrl: "" + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics + + jobLabel: jobLabel + selector: {} + # matchLabels: + # component: kube-controller-manager + ## Enable scraping kube-controller-manager over https. ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. ## If null or unset, the value is determined dynamically based on target Kubernetes version. @@ -1551,6 +1572,15 @@ coreDns: ## proxyUrl: "" + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics + + jobLabel: jobLabel + selector: {} + # matchLabels: + # k8s-app: kube-dns + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## @@ -1617,6 +1647,11 @@ kubeDns: ## proxyUrl: "" + jobLabel: jobLabel + selector: {} + # matchLabels: + # k8s-app: kube-dns + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## @@ -1728,6 +1763,15 @@ kubeEtcd: certFile: "" keyFile: "" + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics + + jobLabel: jobLabel + selector: {} + # matchLabels: + # component: etcd + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## @@ -1811,6 +1855,15 @@ kubeScheduler: ## https: null + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics + + jobLabel: jobLabel + selector: {} + # matchLabels: + # component: kube-scheduler + ## Skip TLS certificate validation when scraping insecureSkipVerify: null @@ -1890,6 +1943,15 @@ kubeProxy: ## proxyUrl: "" + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics + + jobLabel: jobLabel + selector: {} + # matchLabels: + # k8s-app: kube-proxy + ## Enable scraping kube-proxy over https. ## Requires proper certs (not self-signed) and delegated authentication/authorization checks ## @@ -2000,6 +2062,10 @@ nodeExporter: darwin: enabled: true + ## ForceDeployDashboard Create dashboard configmap even if nodeExporter deployment has been disabled + ## + forceDeployDashboards: false + ## Configuration for prometheus-node-exporter subchart ## prometheus-node-exporter: @@ -2089,6 +2155,10 @@ prometheusOperator: ## The default value is 10, 0 will garbage-collect old replicasets ## revisionHistoryLimit: 10 + ## Strategy of the deployment + ## + strategy: {} + ## Prometheus-Operator v0.39.0 and later support TLS natively. ## tls: @@ -2127,6 +2197,10 @@ prometheusOperator: ## replicas: 1 + ## Strategy of the deployment + ## + strategy: {} + # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} # maxUnavailable: 1 @@ -2326,6 +2400,10 @@ prometheusOperator: drop: - ALL + ## If false then the user will opt out of automounting API credentials. + ## + automountServiceAccountToken: true + patch: enabled: true image: @@ -2435,6 +2513,7 @@ prometheusOperator: serviceAccount: create: true name: "" + automountServiceAccountToken: true ## Configuration for Prometheus operator service ## @@ -2501,10 +2580,10 @@ prometheusOperator: ## Decrease log verbosity to errors only # logLevel: error - ## If true, the operator will create and maintain a service for scraping kubelets - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md - ## kubeletService: + ## If true, the operator will create and maintain a service for scraping kubelets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md + ## enabled: true namespace: kube-system ## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default @@ -2513,6 +2592,10 @@ prometheusOperator: ## Create a servicemonitor for the operator ## serviceMonitor: + ## If true, create a serviceMonitor for prometheus operator + ## + selfMonitor: true + ## Labels for ServiceMonitor additionalLabels: {} @@ -2542,7 +2625,6 @@ prometheusOperator: ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. scrapeTimeout: "" - selfMonitor: true ## Metric relabel configs to apply to samples before ingestion. ## @@ -2721,7 +2803,7 @@ prometheusOperator: thanosImage: registry: quay.io repository: thanos/thanos - tag: v0.34.0 + tag: v0.34.1 sha: "" ## Set a Label Selector to filter watched prometheus and prometheusAgent @@ -2739,6 +2821,18 @@ prometheusOperator: ## secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1" + ## If false then the user will opt out of automounting API credentials. + ## + automountServiceAccountToken: true + + ## Additional volumes + ## + extraVolumes: [] + + ## Additional volume mounts + ## + extraVolumeMounts: [] + ## Deploy a Prometheus instance ## prometheus: @@ -2784,6 +2878,7 @@ prometheus: create: true name: "" annotations: {} + automountServiceAccountToken: true # Service for thanos service discovery on sidecar # Enable this can make Thanos Query can use @@ -2893,6 +2988,10 @@ prometheus: ## To be used with a proxy extraContainer port targetPort: 9090 + ## Port for Prometheus Reloader to listen on + ## + reloaderWebPort: 8080 + ## List of IP addresses at which the Prometheus server service is available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## @@ -2975,8 +3074,6 @@ prometheus: ## Configure pod disruption budgets for Prometheus ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - ## This configuration is immutable once created and will require the PDB to be deleted to be changed - ## https://github.com/kubernetes/kubernetes/issues/45398 ## podDisruptionBudget: enabled: false @@ -3123,10 +3220,13 @@ prometheus: volumes: [] serviceMonitor: + ## If true, create a serviceMonitor for prometheus + ## + selfMonitor: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. ## interval: "" - selfMonitor: true ## Additional labels ## @@ -3250,7 +3350,7 @@ prometheus: image: registry: quay.io repository: prometheus/prometheus - tag: v2.49.1 + tag: v2.51.1 sha: "" ## Tolerations for use with node taints @@ -4072,8 +4172,6 @@ thanosRuler: ## Configure pod disruption budgets for ThanosRuler ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - ## This configuration is immutable once created and will require the PDB to be deleted to be changed - ## https://github.com/kubernetes/kubernetes/issues/45398 ## podDisruptionBudget: enabled: false @@ -4149,13 +4247,16 @@ thanosRuler: ## type: ClusterIP - ## If true, create a serviceMonitor for thanosRuler + ## Configuration for creating a ServiceMonitor for the ThanosRuler service ## serviceMonitor: + ## If true, create a serviceMonitor for thanosRuler + ## + selfMonitor: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. ## interval: "" - selfMonitor: true ## Additional labels ## @@ -4233,7 +4334,7 @@ thanosRuler: image: registry: quay.io repository: thanos/thanos - tag: v0.34.0 + tag: v0.34.1 sha: "" ## Namespaces to be selected for PrometheusRules discovery. diff --git a/charts/loki/Chart.lock b/charts/loki/Chart.lock index 547f0f0d7..e8c779c50 100644 --- a/charts/loki/Chart.lock +++ b/charts/loki/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: minio repository: https://charts.min.io/ - version: 4.0.12 + version: 4.0.15 - name: grafana-agent-operator repository: https://grafana.github.io/helm-charts - version: 0.2.3 -digest: sha256:74ef214ca08874662ab403a2e5eea39df26ad690962fa19f9ff69cf551550ff2 -generated: "2022-09-14T10:22:56.1397723-06:00" + version: 0.3.15 +digest: sha256:b7a42cd0e56544f6168a586fde03e26c801bb20cf69bc004a8f6000d93b98100 +generated: "2024-01-27T21:57:28.190462917+05:30" diff --git a/charts/loki/Chart.yaml b/charts/loki/Chart.yaml index cf8817b48..16de80cfe 100644 --- a/charts/loki/Chart.yaml +++ b/charts/loki/Chart.yaml @@ -1,16 +1,16 @@ apiVersion: v2 -appVersion: 2.7.3 +appVersion: 2.9.6 dependencies: - alias: minio condition: minio.enabled name: minio repository: https://charts.min.io/ - version: 4.0.12 + version: 4.0.15 - alias: grafana-agent-operator condition: monitoring.selfMonitoring.grafanaAgent.installOperator name: grafana-agent-operator repository: https://grafana.github.io/helm-charts - version: 0.2.3 + version: 0.3.15 description: Helm chart for Grafana Loki in simple, scalable mode home: https://grafana.github.io/helm-charts icon: https://grafana.com/docs/loki/latest/logo_and_name.png @@ -23,4 +23,4 @@ sources: - https://grafana.com/oss/loki/ - https://grafana.com/docs/loki/latest/ type: application -version: 4.6.1 +version: 5.47.2 diff --git a/charts/loki/Makefile b/charts/loki/Makefile new file mode 100644 index 000000000..4b56414df --- /dev/null +++ b/charts/loki/Makefile @@ -0,0 +1,7 @@ +.DEFAULT_GOAL := all +.PHONY: lint lint-yaml + +lint: lint-yaml + +lint-yaml: + yamllint -c $(CURDIR)/src/.yamllint.yaml $(CURDIR)/src diff --git a/charts/loki/README.md b/charts/loki/README.md index 6f908a7a4..942498d47 100644 --- a/charts/loki/README.md +++ b/charts/loki/README.md @@ -1,6 +1,6 @@ # loki -![Version: 4.6.1](https://img.shields.io/badge/Version-4.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.7.3](https://img.shields.io/badge/AppVersion-2.7.3-informational?style=flat-square) +![Version: 5.47.2](https://img.shields.io/badge/Version-5.47.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.6](https://img.shields.io/badge/AppVersion-2.9.6-informational?style=flat-square) Helm chart for Grafana Loki in simple, scalable mode @@ -14,7 +14,7 @@ Helm chart for Grafana Loki in simple, scalable mode | Repository | Name | Version | |------------|------|---------| -| https://charts.min.io/ | minio(minio) | 4.0.12 | -| https://grafana.github.io/helm-charts | grafana-agent-operator(grafana-agent-operator) | 0.2.3 | +| https://charts.min.io/ | minio(minio) | 4.0.15 | +| https://grafana.github.io/helm-charts | grafana-agent-operator(grafana-agent-operator) | 0.3.15 | Find more information in the Loki Helm Chart [documentation](https://grafana.com/docs/loki/next/installation/helm). diff --git a/charts/loki/charts/grafana-agent-operator/Chart.yaml b/charts/loki/charts/grafana-agent-operator/Chart.yaml index c302ca596..298225e99 100644 --- a/charts/loki/charts/grafana-agent-operator/Chart.yaml +++ b/charts/loki/charts/grafana-agent-operator/Chart.yaml @@ -1,13 +1,13 @@ apiVersion: v2 -appVersion: 0.25.1 +appVersion: 0.39.1 description: A Helm chart for Grafana Agent Operator -home: https://grafana.com/docs/agent/latest/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.25.1/docs/assets/logo_and_name.png +home: https://grafana.com/docs/agent/v0.39/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png maintainers: - email: grafana-agent-team@googlegroups.com name: Grafana Agent Team name: grafana-agent-operator sources: -- https://github.com/grafana/agent/tree/v0.25.1/pkg/operator +- https://github.com/grafana/agent/tree/v0.39.1/pkg/operator type: application -version: 0.2.3 +version: 0.3.15 diff --git a/charts/loki/charts/grafana-agent-operator/README.md b/charts/loki/charts/grafana-agent-operator/README.md index 5a0519338..9a321ce61 100644 --- a/charts/loki/charts/grafana-agent-operator/README.md +++ b/charts/loki/charts/grafana-agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.25.1](https://img.shields.io/badge/AppVersion-0.25.1-informational?style=flat-square) +![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.1](https://img.shields.io/badge/AppVersion-0.39.1-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -16,7 +16,7 @@ To learn how to deploy these resources, please see Grafana's [Agent Operator get ## CRDs -The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. ## Get Repo Info @@ -55,20 +55,23 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an |-----|------|---------|-------------| | affinity | object | `{}` | Pod affinity configuration | | annotations | object | `{}` | Annotations for the Deployment | +| containerSecurityContext | object | `{}` | Container security context (allowPrivilegeEscalation, etc.) | | extraArgs | list | `[]` | List of additional cli arguments to configure agent-operator (example: `--log.level`) | | fullnameOverride | string | `""` | Overrides the chart's computed fullname | +| hostAliases | list | `[]` | hostAliases to add | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.25.1"` | Image tag | +| image.tag | string | `"v0.39.1"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | | podAnnotations | object | `{}` | Annotations for the Deployment Pods | | podLabels | object | `{}` | Annotations for the Deployment Pods | | podSecurityContext | object | `{}` | Pod security context (runAsUser, etc.) | -| rbac | object | `{"create":true}` | Toggle to create ClusterRole and ClusterRoleBinding | +| rbac.create | bool | `true` | Toggle to create ClusterRole and ClusterRoleBinding | +| rbac.podSecurityPolicyName | string | `""` | Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used. | | resources | object | `{}` | Resource limits and requests config | | serviceAccount.create | bool | `true` | Toggle to create ServiceAccount | | serviceAccount.name | string | `nil` | Service account name | diff --git a/charts/loki/charts/grafana-agent-operator/README.md.gotmpl b/charts/loki/charts/grafana-agent-operator/README.md.gotmpl index 5b08d3205..3dce97a94 100644 --- a/charts/loki/charts/grafana-agent-operator/README.md.gotmpl +++ b/charts/loki/charts/grafana-agent-operator/README.md.gotmpl @@ -16,7 +16,7 @@ To learn how to deploy these resources, please see Grafana's [Agent Operator get ## CRDs -The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. ## Get Repo Info diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml index 825a2da9a..3e1fae0fc 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: podmonitors.monitoring.coreos.com spec: @@ -14,6 +14,8 @@ spec: kind: PodMonitor listKind: PodMonitorList plural: podmonitors + shortNames: + - pmon singular: podmonitor scope: Namespaced versions: @@ -38,6 +40,15 @@ spec: description: Specification of desired Pod selection for target discovery by Prometheus. properties: + attachMetadata: + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.35.0 and above. + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object jobLabel: description: The label to use to retrieve the job name from. type: string @@ -100,6 +111,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -128,6 +140,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -147,6 +160,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: Secret to mount to read bearer token for scraping @@ -168,6 +182,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean + filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean followRedirects: description: FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -181,7 +203,9 @@ spec: the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: description: MetricRelabelConfigs to apply to samples before @@ -195,15 +219,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -269,6 +309,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -288,6 +329,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -307,6 +349,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -334,7 +377,8 @@ spec: description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). type: string port: description: Name of the pod port this endpoint refers to. Mutually @@ -359,15 +403,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -407,10 +467,18 @@ spec: type: object type: array scheme: - description: HTTP scheme to use for scraping. + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: @@ -422,8 +490,8 @@ spec: description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -444,6 +512,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -463,10 +532,10 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -487,6 +556,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -506,6 +576,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -529,6 +600,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -590,6 +662,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic targetLimit: description: TargetLimit defines a limit on the number of scraped targets that will be accepted. @@ -604,9 +677,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml index 259f5a474..7ece55d2a 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: probes.monitoring.coreos.com spec: @@ -14,6 +14,8 @@ spec: kind: Probe listKind: ProbeList plural: probes + shortNames: + - prb singular: probe scope: Namespaced versions: @@ -60,6 +62,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -88,6 +91,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -107,6 +111,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: Secret to mount to read bearer token for scraping targets. @@ -127,9 +132,11 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic interval: description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: description: The job name assigned to scraped metrics by default. @@ -161,15 +168,31 @@ spec: action: default: replace description: Action to perform based on regex matching. Default - is 'replace' + is 'replace'. uppercase and lowercase actions require Prometheus + >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source label @@ -237,6 +260,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -255,6 +279,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -274,6 +299,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -299,13 +325,20 @@ spec: left empty. properties: path: + default: /probe description: Path to collect metrics from. Defaults to `/probe`. type: string proxyUrl: description: Optional ProxyURL. type: string scheme: - description: HTTP scheme to use for scraping. Defaults to `http`. + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https type: string url: description: Mandatory URL of the prober. @@ -320,6 +353,8 @@ spec: type: integer scrapeTimeout: description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape timeout is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: description: TargetLimit defines a limit on the number of scraped @@ -364,15 +399,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -456,6 +507,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object staticConfig: description: 'staticConfig defines the static list of targets @@ -480,15 +532,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -538,7 +606,8 @@ spec: description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -557,6 +626,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -575,9 +645,10 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file for the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -596,6 +667,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -614,6 +686,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -636,6 +709,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -646,9 +720,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml index 8f8f8aedd..5d661184c 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: servicemonitors.monitoring.coreos.com spec: @@ -14,6 +14,8 @@ spec: kind: ServiceMonitor listKind: ServiceMonitorList plural: servicemonitors + shortNames: + - smon singular: servicemonitor scope: Namespaced versions: @@ -38,6 +40,15 @@ spec: description: Specification of desired Service selection for target discovery by Prometheus. properties: + attachMetadata: + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.37.0 and above. + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object endpoints: description: A list of endpoints allowed as part of this ServiceMonitor. items: @@ -66,6 +77,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -94,6 +106,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -113,6 +126,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenFile: description: File to read bearer token for scraping targets. @@ -137,6 +151,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean + filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean followRedirects: description: FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -150,7 +172,9 @@ spec: the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: description: MetricRelabelConfigs to apply to samples before @@ -164,15 +188,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -238,6 +278,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -257,6 +298,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -276,6 +318,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -303,7 +346,8 @@ spec: description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). type: string port: description: Name of the service port this endpoint refers to. @@ -328,15 +372,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -376,10 +436,19 @@ spec: type: object type: array scheme: - description: HTTP scheme to use for scraping. + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape timeout is used unless + it is less than `Interval` in which the latter is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: @@ -393,8 +462,8 @@ spec: description: TLS configuration to use when scraping the endpoint properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -415,6 +484,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -434,14 +504,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -462,6 +532,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -481,6 +552,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -512,6 +584,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -519,10 +592,13 @@ spec: type: object type: array jobLabel: - description: "Chooses the label of the Kubernetes `Endpoints`. Its - value will be used for the `job`-label's value of the created metrics. - \n Default & fallback value: the name of the respective Kubernetes - `Endpoint`." + description: "JobLabel selects the label from the associated Kubernetes + service which will be used as the `job` label for all metrics. \n + For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: + bar`, then the `job=\"bar\"` label is added to all metrics. \n If + the value of this field is empty or if the label doesn't exist for + the given Service, the `job` label of the metrics defaults to the + name of the Kubernetes Service." type: string labelLimit: description: Per-scrape limit on number of labels that will be accepted @@ -610,6 +686,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic targetLabels: description: TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics. @@ -630,9 +707,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml index 69a5abcf4..fab68b18e 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: grafanaagents.monitoring.grafana.com spec: @@ -140,6 +140,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -240,10 +241,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate @@ -320,6 +323,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -327,9 +331,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -378,13 +380,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -476,6 +479,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -483,8 +487,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -529,13 +531,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -629,6 +632,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -636,9 +640,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -687,13 +689,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -785,6 +788,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -792,8 +796,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -838,13 +840,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -864,11 +867,11 @@ spec: type: object type: object apiServer: - description: APIServerConfig allows specifying a host and auth methods - to access the Kubernetes API server. If left empty, the Agent will - assume that it is running inside of the cluster and will discover - API servers automatically and use the pod's CA certificate and bearer - token file at /var/run/secrets/kubernetes.io/serviceaccount. + description: APIServerConfig lets you specify a host and auth methods + to access the Kubernetes API server. If left empty, the Agent assumes + that it is running inside of the cluster and will discover API servers + automatically and use the pod's CA certificate and bearer token + file at /var/run/secrets/kubernetes.io/serviceaccount. properties: authorization: description: Authorization section for accessing apiserver @@ -892,6 +895,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic credentialsFile: description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) @@ -924,6 +928,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -943,6 +948,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerToken: description: Bearer token for accessing apiserver. @@ -958,8 +964,8 @@ spec: description: TLS Config to use for accessing apiserver. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -980,6 +986,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -999,14 +1006,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for the - targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -1027,6 +1034,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -1046,6 +1054,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -1077,6 +1086,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -1085,29 +1095,38 @@ spec: - host type: object configMaps: - description: ConfigMaps is a liset of config maps in the same namespace + description: ConfigMaps is a list of config maps in the same namespace as the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The ConfigMaps are mounted into /etc/grafana-agent/extra-configmaps/. + Grafana Agent pod. The ConfigMaps are mounted into /var/lib/grafana-agent/extra-configmaps/. items: type: string type: array + configReloaderImage: + description: Image, when specified, overrides the image used to run + Config Reloader. Specify the image along with a tag. You still need + to set the version to ensure Grafana Agent Operator knows which + version of Grafana Agent is being configured. + type: string + configReloaderVersion: + description: Version of Config Reloader to be deployed. + type: string containers: - description: 'Containers allows injecting additional containers or - modifying operator generated containers. This can be used to allow - adding an authentication proxy to a Grafana Agent pod or to change - the behavior of an operator-generated container. Containers described - here modify an operator generated container if they share the same - name and modifications are done via a strategic merge patch. The - current container names are: `grafana-agent` and `config-reloader`. - Overriding containers is entirely outside the scope of what the - Grafana Agent team will support and by doing so, you accept that - this behavior may break at any time without notice.' + description: 'Containers lets you inject additional containers or + modify operator-generated containers. This can be used to add an + authentication proxy to a Grafana Agent pod or to change the behavior + of an operator-generated container. Containers described here modify + an operator-generated container if they share the same name and + if modifications are done via a strategic merge patch. The current + container names are: `grafana-agent` and `config-reloader`. Overriding + containers is entirely outside the scope of what the Grafana Agent + team supports and by doing so, you accept that this behavior may + break at any time without notice.' items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -1121,7 +1140,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -1179,6 +1198,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -1197,6 +1217,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -1222,6 +1243,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -1243,6 +1265,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1273,6 +1296,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -1289,10 +1313,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -1346,7 +1371,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -1442,7 +1469,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -1522,8 +1551,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -1555,7 +1582,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -1650,13 +1679,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -1724,8 +1753,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -1757,7 +1784,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -1846,10 +1875,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1870,10 +1941,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -1995,8 +2085,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2029,16 +2119,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -2084,8 +2170,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -2117,7 +2201,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -2317,21 +2403,31 @@ spec: - name type: object type: array + disableReporting: + default: false + description: disableReporting disables reporting of enabled feature + flags to Grafana. + type: boolean + disableSupportBundle: + default: false + description: disableSupportBundle disables the generation of support + bundles. + type: boolean enableConfigReadAPI: default: false description: enableConfigReadAPI enables the read API for viewing - currently running config port 8080 on the agent. + the currently running config port 8080 on the agent. type: boolean image: description: Image, when specified, overrides the image used to run - the Agent. It should be specified along with a tag. Version must - still be set to ensure the Grafana Agent Operator knows which version + Agent. Specify the image along with a tag. You still need to set + the version to ensure Grafana Agent Operator knows which version of Grafana Agent is being configured. type: string imagePullSecrets: description: 'ImagePullSecrets holds an optional list of references - to secrets within the same namespace to use for pulling the Grafana - Agent image from registries. More info: https://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod' + to Secrets within the same namespace used for pulling the Grafana + Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' items: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. @@ -2341,23 +2437,24 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod + description: 'InitContainers let you add initContainers to the pod definition. These can be used to, for example, fetch secrets for injection into the Grafana Agent configuration from external sources. - Any errors during the execution of an initContainer will lead to - a restart of the pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Errors during the execution of an initContainer cause the pod to + restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other than secret fetching is entirely outside the scope of what the Grafana Agent maintainers - will support and by doing so, you accept that this behavior may - break at any time without notice.' + support and by doing so, you accept that this behavior may break + at any time without notice.' items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -2371,7 +2468,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -2429,6 +2526,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -2447,6 +2545,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -2472,6 +2571,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -2493,6 +2593,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2523,6 +2624,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -2539,10 +2641,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -2596,7 +2699,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -2692,7 +2797,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -2772,8 +2879,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -2805,7 +2910,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -2900,13 +3007,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -2974,8 +3081,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -3007,7 +3112,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -3096,10 +3203,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3120,10 +3269,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -3245,8 +3413,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3279,16 +3447,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3334,8 +3498,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -3367,7 +3529,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -3569,8 +3733,7 @@ spec: type: array integrations: description: Integrations controls the integration subsystem of the - Agent and settings unique to integration-specific pods that are - deployed. + Agent and settings unique to deployed integration-specific pods. properties: namespaceSelector: description: "Label selector for namespaces to search when discovering @@ -3619,6 +3782,7 @@ spec: "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic selector: description: Label selector to find Integration resources to run. When nil, no integration resources will be defined. @@ -3664,6 +3828,7 @@ spec: "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object logFormat: description: LogFormat controls the logging format of the generated @@ -3678,8 +3843,8 @@ spec: settings unique to logging-specific pods that are deployed. properties: clients: - description: Global set of clients to use when a discovered LogsInstance - does not have any clients defined. + description: A global set of clients to use when a discovered + LogsInstance does not have any clients defined. items: description: LogsClientSpec defines the client integration for logs, indicating which Loki server to send logs to. @@ -3724,6 +3889,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -3744,6 +3910,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object batchSize: description: Maximum batch size (in bytes) of logs to accumulate @@ -3765,6 +3932,97 @@ spec: description: ExternalLabels are labels to add to any time series when sending data to Loki. type: object + oauth2: + description: Oauth2 for URL + properties: + clientId: + description: The secret or configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client + secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyUrl: description: ProxyURL to proxy requests through. Optional. type: string @@ -3783,8 +4041,8 @@ spec: when the protocol of the URL is https. properties: ca: - description: Struct containing the CA cert to use for - the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to use for @@ -3806,6 +4064,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3827,14 +4086,15 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file - for the targets. + description: Client certificate to present when doing + client-authentication. properties: configMap: description: ConfigMap containing data to use for @@ -3856,6 +4116,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3877,6 +4138,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -3909,6 +4171,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -3979,6 +4242,7 @@ spec: "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic instanceSelector: description: InstanceSelector determines which LogInstances should be selected for running. Each instance runs its own set of Prometheus @@ -4025,6 +4289,7 @@ spec: "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic logsExternalLabelName: description: LogsExternalLabelName is the name of the external label used to denote Grafana Agent cluster. Defaults to "cluster." @@ -4039,7 +4304,7 @@ spec: arbitraryFSAccessThroughSMs: description: ArbitraryFSAccessThroughSMs configures whether configuration based on a ServiceMonitor can access arbitrary files on the - file system of the Grafana Agent container e.g. bearer token + file system of the Grafana Agent container, e.g., bearer token files. properties: deny: @@ -4048,17 +4313,16 @@ spec: enforcedNamespaceLabel: description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each metric that is user-created. The label - value will always be the namespace of the object that is being - created. + value is always the namespace of the object that is being created. type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines global limit on the number - of scraped samples that will be accepted. This overrides any - SampleLimit set per ServiceMonitor and/or PodMonitor. It is - meant to be used by admins to enforce the SampleLimit to keep - the overall number of samples and series under the desired limit. - Note that if a SampleLimit from a ServiceMonitor or PodMonitor - is lower, that value will be used instead. + description: EnforcedSampleLimit defines a global limit on the + number of scraped samples that are accepted. This overrides + any SampleLimit set per ServiceMonitor and/or PodMonitor. It + is meant to be used by admins to enforce the SampleLimit to + keep the overall number of samples and series under the desired + limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor + is lower, that value is used instead. format: int64 type: integer enforcedTargetLimit: @@ -4067,8 +4331,8 @@ spec: per ServiceMonitor and/or PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall number of targets under the desired limit. Note that if a TargetLimit - from a ServiceMonitor or PodMonitor is higher, that value will - be used instead. + from a ServiceMonitor or PodMonitor is higher, that value is + used instead. format: int64 type: integer externalLabels: @@ -4078,14 +4342,14 @@ spec: when sending data over remote_write. type: object ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector - settings from the PodMonitor and ServiceMonitor configs, and - they will only discover endpoints within their current namespace. + description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector + settings from the PodMonitor and ServiceMonitor configs, so + that they only discover endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector are the set of labels to - determine which namespaces to watch for MetricsInstances. If - not provided, only checks own namespace. + description: InstanceNamespaceSelector is the set of labels that + determines which namespaces to watch for MetricsInstances. If + not provided, it only checks its own namespace. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -4128,6 +4392,7 @@ spec: "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic instanceSelector: description: InstanceSelector determines which MetricsInstances should be selected for running. Each instance runs its own set @@ -4175,23 +4440,25 @@ spec: "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic metricsExternalLabelName: description: MetricsExternalLabelName is the name of the external label used to denote Grafana Agent cluster. Defaults to "cluster." - External label will _not_ be added when value is set to the + The external label is _not_ added when the value is set to the empty string. type: string overrideHonorLabels: description: OverrideHonorLabels, if true, overrides all configured - honor_labels read from ServiceMonitor or PodMonitor to false. + honor_labels read from ServiceMonitor or PodMonitor and sets + them to false. type: boolean overrideHonorTimestamps: - description: OverrideHonorTimestamps allows to globally enforce - honoring timestamps in all scrape configs. + description: OverrideHonorTimestamps allows global enforcement + for honoring timestamps in all scrape configs. type: boolean remoteWrite: description: RemoteWrite controls default remote_write settings - for all instances. If an instance does not provide its own remoteWrite + for all instances. If an instance does not provide its own RemoteWrite settings, these will be used instead. items: description: RemoteWriteSpec defines the remote_write configuration @@ -4220,6 +4487,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -4240,6 +4508,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerToken: description: BearerToken used for remote_write. @@ -4273,6 +4542,97 @@ spec: if specified. The name is used in metrics and logging in order to differentiate queues. type: string + oauth2: + description: Oauth2 for URL + properties: + clientId: + description: The secret or configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client + secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyUrl: description: ProxyURL to proxy requests through. Optional. type: string @@ -4282,11 +4642,11 @@ spec: properties: batchSendDeadline: description: BatchSendDeadline is the maximum time a - sample will wait in buffer. + sample will wait in the buffer. type: string capacity: description: Capacity is the number of samples to buffer - per shard before we start dropping them. + per shard before samples start being dropped. type: integer maxBackoff: description: MaxBackoff is the maximum retry delay. @@ -4301,15 +4661,15 @@ spec: type: integer maxShards: description: MaxShards is the maximum number of shards, - i.e. amount of concurrency. + i.e., the amount of concurrency. type: integer minBackoff: description: MinBackoff is the initial retry delay. - Gets doubled for every retry. + MinBackoff is doubled for every retry. type: string minShards: description: MinShards is the minimum number of shards, - i.e. amount of concurrency. + i.e., the amount of concurrency. type: integer retryOnRateLimit: description: RetryOnRateLimit retries requests when @@ -4322,12 +4682,12 @@ spec: type: string sigv4: description: SigV4 configures SigV4-based authentication - to the remote_write endpoint. Will be used if SigV4 is - defined, even with an empty object. + to the remote_write endpoint. SigV4-based authentication + is used if SigV4 is defined, even with an empty object. properties: accessKey: description: AccessKey holds the secret of the AWS API - access key to use for signing. If not provided, The + access key to use for signing. If not provided, the environment variable AWS_ACCESS_KEY_ID is used. properties: key: @@ -4346,6 +4706,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic profile: description: Profile is the named AWS profile to use for authentication. @@ -4380,13 +4741,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object tlsConfig: description: TLSConfig to use for remote_write. properties: ca: - description: Struct containing the CA cert to use for - the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to use for @@ -4408,6 +4770,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -4429,14 +4792,15 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file - for the targets. + description: Client certificate to present when doing + client-authentication. properties: configMap: description: ConfigMap containing data to use for @@ -4458,6 +4822,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -4479,6 +4844,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -4511,6 +4877,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -4531,15 +4898,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -4585,9 +4968,9 @@ spec: type: array replicaExternalLabelName: description: ReplicaExternalLabelName is the name of the metrics - external label used to denote replica name. Defaults to __replica__. - External label will _not_ be added when value is set to the - empty string. + external label used to denote the replica name. Defaults to + __replica__. The external label is _not_ added when the value + is set to the empty string. type: string replicas: description: Replicas of each shard to deploy for metrics pods. @@ -4605,9 +4988,9 @@ spec: shards: description: Shards to distribute targets onto. Number of replicas multiplied by the number of shards is the total number of pods - created. Note that scaling down shards will not reshard data - onto remaining instances, it must be manually moved. Increasing - shards will not reshard data either but it will continue to + created. Note that scaling down shards does not reshard data + onto remaining instances; it must be manually moved. Increasing + shards does not reshard data either, but it will continue to be available from the same instances. Sharding is performed on the content of the __address__ target meta-label. format: int32 @@ -4661,6 +5044,27 @@ spec: resources: description: Resources holds requests and limits for individual pods. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4681,13 +5085,17 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + runtimeClassName: + description: RuntimeClassName is the runtime class assigned to pods. + type: string secrets: description: Secrets is a list of secrets in the same namespace as the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The secrets are mounted into /etc/grafana-agent/extra-secrets/. + Grafana Agent pod. The secrets are mounted into /var/lib/grafana-agent/extra-secrets/. items: type: string type: array @@ -4779,7 +5187,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4793,9 +5202,14 @@ spec: type: object supplementalGroups: description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. Note - that this field cannot be set when spec.os.name is windows. + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. items: format: int64 type: integer @@ -4838,14 +5252,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4864,38 +5275,37 @@ spec: description: Storage spec to specify how storage will be used. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default - in a future release, this option will become unnecessary. DisableMountSubPath - allows to remove any subPath usage in volume mounts.' + description: '*Deprecated: subPath usage will be removed in a + future release.*' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the Prometheus - StatefulSets. This is a beta field in k8s 1.21, for lower versions, + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: @@ -4931,21 +5341,24 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -4966,29 +5379,37 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both fields + of the dataSource field and as such if both fields are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Alpha) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5005,18 +5426,53 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5038,13 +5494,13 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -5090,9 +5546,10 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -5100,7 +5557,7 @@ spec: implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -5109,7 +5566,10 @@ spec: type: object type: object volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. + description: Defines the PVC spec to be used by the Prometheus + StatefulSets. The easiest way to use a volume that cannot be + automatically provisioned is to use a label selector alongside + manually created PersistentVolumes. properties: apiVersion: description: 'APIVersion defines the versioned schema of this @@ -5154,24 +5614,27 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the - contents of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always have - the same contents as the DataSourceRef field.' + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5189,28 +5652,36 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will be set - to the same value automatically if one of them is empty - and the other is non-empty. There are two important - differences between DataSource and DataSourceRef: * - While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well as - PersistentVolumeClaim objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed value - is specified. (Alpha) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5224,18 +5695,52 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5257,12 +5762,13 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes to consider for - binding. + description: selector is a label query over volumes to + consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -5306,9 +5812,10 @@ spec: contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume is @@ -5316,20 +5823,64 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: '*Deprecated: this field is never set.*' properties: accessModes: - description: 'AccessModes contains the actual access modes + description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -5337,19 +5888,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be larger - than the actual capacity when a volume expansion operation - is requested. For storage quota, the larger value from - allocatedResources and PVC.spec.resources is used. If - allocatedResources is not set, PVC.spec.resources alone - is used for quota calculation. If a volume expansion + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -5358,36 +5921,37 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: Represents the actual resources of the underlying - volume. + description: capacity represents the actual resources + of the underlying volume. type: object conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: - description: Last time we probed the condition. + description: lastProbeTime is the time we probed + the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: lastTransitionTime is the time the + condition transitioned from one status to another. format: date-time type: string message: - description: Human-readable message indicating details - about last transition. + description: message is the human-readable message + indicating details about last transition. type: string reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is - being resized. + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. type: string status: type: string @@ -5401,14 +5965,7 @@ spec: type: object type: array phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - resizeStatus: - description: ResizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. + description: phase represents the current phase of PersistentVolumeClaim. type: string type: object type: object @@ -5506,16 +6063,37 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. - For example, in a 3-zone cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - if MaxSkew is - 1, incoming pod can only be scheduled to zone3 to become 1/1/1; - scheduling it onto zone1(zone2) would make the ActualSkew(2-0) + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy @@ -5523,12 +6101,63 @@ spec: allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how to deal with a @@ -5558,10 +6187,10 @@ spec: description: Version of Grafana Agent to be deployed. type: string volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumEMounts specified will - be appended to other VolumeMounts in the Grafana Agent container - that are generated as a result of StorageSpec objects. + description: VolumeMounts lets you configure additional VolumeMounts + on the output StatefulSet definition. Specified VolumeMounts are + appended to other VolumeMounts generated as a result of StorageSpec + objects in the Grafana Agent container. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -5601,187 +6230,193 @@ spec: type: array volumes: description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. Volumes specified will be appended + the output StatefulSet definition. The volumes specified are appended to other volumes that are generated as a result of StorageSpec objects. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in the blob storage + description: diskName is the Name of the data disk in the + blob storage type: string diskURI: - description: The URI the data disk in the blob storage + description: diskURI is the URI of data disk in the blob + storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: - description: Share Name + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: - description: 'volume id used to identify the volume in cinder. + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -5793,25 +6428,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -5823,28 +6458,29 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: optional specify whether the ConfigMap or its + keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: - description: CSI (Container Storage Interface) represents ephemeral + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI driver that handles + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, @@ -5857,14 +6493,15 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object @@ -5872,7 +6509,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -5910,6 +6547,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 @@ -5953,37 +6591,38 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that is handled + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this @@ -6034,21 +6673,24 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -6069,31 +6711,40 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to - populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as such if both fields are + dataSource field and as such if both fields are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef - preserves all values, and generates an error if - a disallowed value is specified. (Alpha) Using - this field requires the AnyVolumeDataSource feature - gate to be enabled.' + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -6110,18 +6761,54 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6143,13 +6830,13 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -6198,9 +6885,11 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -6208,7 +6897,7 @@ spec: is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -6217,32 +6906,33 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource that is + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers + description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: @@ -6250,128 +6940,133 @@ spec: type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options if any.' + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified revision. + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details + description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean @@ -6380,7 +7075,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers @@ -6389,78 +7084,81 @@ spec: mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session CHAP authentication + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -6468,24 +7166,24 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -6493,86 +7191,87 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies a Portworx volume + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions on created - files by default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal values - for mode bits. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set. + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: configMap information about the configMap + data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected @@ -6587,27 +7286,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -6621,13 +7321,14 @@ spec: uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: - description: information about the downwardAPI data - to project + description: downwardAPI information about the downwardAPI + data to project properties: items: description: Items is a list of DownwardAPIVolume @@ -6654,6 +7355,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be @@ -6702,21 +7404,22 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: - description: information about the secret data to - project + description: secret information about the secret data + to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup @@ -6728,27 +7431,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -6762,16 +7466,17 @@ spec: uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: optional field specify whether the + Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: serviceAccountToken is information about + the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the @@ -6779,7 +7484,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate @@ -6791,7 +7496,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative to the + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -6802,35 +7507,35 @@ spec: type: array type: object quobyte: - description: Quobyte represents a Quobyte mount on the host + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -6838,41 +7543,42 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -6881,36 +7587,38 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO API Gateway. + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: @@ -6919,26 +7627,28 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: system is the name of the storage system as + configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -6946,24 +7656,24 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -6975,25 +7685,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -7001,29 +7711,30 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: optional field specify whether the Secret or + its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -7032,13 +7743,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: - description: VolumeName is the human-readable name of the + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS @@ -7049,24 +7761,26 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere volume vmdk + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -7079,9 +7793,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml index 18bd03709..e78616644 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: integrations.monitoring.grafana.com spec: @@ -21,10 +21,10 @@ spec: schema: openAPIV3Schema: description: "Integration runs a single Grafana Agent integration. Integrations - that generate telemetry must be configured to send that telemetry somewhere; + that generate telemetry must be configured to send that telemetry somewhere, such as autoscrape for exporter-based integrations. \n Integrations have access to the LogsInstances and MetricsInstances in the same GrafanaAgent - resource set, referenced by the / of the *Instance resource. + resource set, referenced by the / of the Instance resource. \n For example, if there is a default/production MetricsInstance, you can configure a supported integration's autoscrape block with: \n autoscrape: enable: true metrics_instance: default/production \n There is currently @@ -48,14 +48,14 @@ spec: properties: config: description: "The configuration for the named integration. Note that - integrations are deployed with the integrations-next feature flag, + Integrations are deployed with the integrations-next feature flag, which has different common settings: \n https://grafana.com/docs/agent/latest/configuration/integrations/integrations-next/" type: object x-kubernetes-preserve-unknown-fields: true configMaps: description: "An extra list of keys from ConfigMaps in the same namespace as the Integration which will be mounted into the Grafana Agent - pod running this integration. \n ConfigMaps will be mounted at /etc/grafana-agent/integrations/configMaps///." + pod running this Integration. \n ConfigMaps are mounted at /etc/grafana-agent/integrations/configMaps///." items: description: Selects a key from a ConfigMap. properties: @@ -73,6 +73,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: array name: description: Name of the integration to run (e.g., "node_exporter", @@ -81,7 +82,7 @@ spec: secrets: description: "An extra list of keys from Secrets in the same namespace as the Integration which will be mounted into the Grafana Agent - pod running this integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets///." + pod running this Integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets///." items: description: SecretKeySelector selects a key of a Secret. properties: @@ -99,14 +100,15 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: array type: - description: Type informs Grafana Agent Operator how to manage the - integration being configured. + description: Type informs Grafana Agent Operator about how to manage + the integration being configured. properties: allNodes: description: When true, the configured integration should be run - on every Node in the cluster. This is required for integrations + on every Node in the cluster. This is required for Integrations that generate Node-specific metrics like node_exporter, otherwise it must be false to avoid generating duplicate metrics. type: boolean @@ -114,16 +116,16 @@ spec: description: Whether this integration can only be defined once for a Grafana Agent process, such as statsd_exporter. It is invalid for a GrafanaAgent to discover multiple unique Integrations - with the same integration name (i.e., a single GrafanaAgent + with the same Integration name (i.e., a single GrafanaAgent cannot deploy two statsd_exporters). type: boolean type: object volumeMounts: description: "An extra list of VolumeMounts to be associated with the Grafana Agent pods running this integration. VolumeMount names - will be mutated to be unique across all used IntegrationSpecs. \n - Mount paths should include the namespace/name of the Integration - CR to avoid potentially colliding with other resources." + are mutated to be unique across all used IntegrationSpecs. \n Mount + paths should include the namespace/name of the Integration CR to + avoid potentially colliding with other resources." items: description: VolumeMount describes a mounting of a Volume within a container. @@ -163,191 +165,197 @@ spec: type: array volumes: description: "An extra list of Volumes to be associated with the Grafana - Agent pods running this integration. Volume names will be mutated - to be unique across all Integrations. Note that the specified volumes + Agent pods running this integration. Volume names are mutated to + be unique across all Integrations. Note that the specified volumes should be able to tolerate existing on multiple pods at once when - type is daemonset. \n Don't use volumes for loading secrets/configMaps - from the same namespace as the Integration; use the secrets and - configMaps fields instead." + type is daemonset. \n Don't use volumes for loading Secrets or ConfigMaps + from the same namespace as the Integration; use the Secrets and + ConfigMaps fields instead." items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in the blob storage + description: diskName is the Name of the data disk in the + blob storage type: string diskURI: - description: The URI the data disk in the blob storage + description: diskURI is the URI of data disk in the blob + storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: - description: Share Name + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: - description: 'volume id used to identify the volume in cinder. + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -359,25 +367,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -389,28 +397,29 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: optional specify whether the ConfigMap or its + keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: - description: CSI (Container Storage Interface) represents ephemeral + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI driver that handles + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, @@ -423,14 +432,15 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object @@ -438,7 +448,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -476,6 +486,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 @@ -519,37 +530,38 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that is handled + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this @@ -600,21 +612,24 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -635,31 +650,40 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to - populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as such if both fields are + dataSource field and as such if both fields are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef - preserves all values, and generates an error if - a disallowed value is specified. (Alpha) Using - this field requires the AnyVolumeDataSource feature - gate to be enabled.' + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -676,18 +700,54 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -709,13 +769,13 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -764,9 +824,11 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -774,7 +836,7 @@ spec: is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -783,32 +845,33 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource that is + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers + description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: @@ -816,128 +879,133 @@ spec: type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options if any.' + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified revision. + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details + description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean @@ -946,7 +1014,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers @@ -955,78 +1023,81 @@ spec: mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session CHAP authentication + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -1034,24 +1105,24 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -1059,86 +1130,87 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies a Portworx volume + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions on created - files by default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal values - for mode bits. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set. + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: configMap information about the configMap + data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected @@ -1153,27 +1225,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -1187,13 +1260,14 @@ spec: uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: - description: information about the downwardAPI data - to project + description: downwardAPI information about the downwardAPI + data to project properties: items: description: Items is a list of DownwardAPIVolume @@ -1220,6 +1294,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be @@ -1268,21 +1343,22 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: - description: information about the secret data to - project + description: secret information about the secret data + to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup @@ -1294,27 +1370,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -1328,16 +1405,17 @@ spec: uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: optional field specify whether the + Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: serviceAccountToken is information about + the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the @@ -1345,7 +1423,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate @@ -1357,7 +1435,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative to the + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -1368,35 +1446,35 @@ spec: type: array type: object quobyte: - description: Quobyte represents a Quobyte mount on the host + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -1404,41 +1482,42 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -1447,36 +1526,38 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO API Gateway. + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: @@ -1485,26 +1566,28 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: system is the name of the storage system as + configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -1512,24 +1595,24 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -1541,25 +1624,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -1567,29 +1650,30 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: optional field specify whether the Secret or + its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -1598,13 +1682,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: - description: VolumeName is the human-readable name of the + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS @@ -1615,24 +1700,26 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere volume vmdk + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -1649,9 +1736,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml index 0546c2a53..f36440ab0 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: logsinstances.monitoring.grafana.com spec: @@ -66,6 +66,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic clients: description: Clients controls where logs are written to for this instance. items: @@ -111,6 +112,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -130,6 +132,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object batchSize: description: Maximum batch size (in bytes) of logs to accumulate @@ -151,6 +154,92 @@ spec: description: ExternalLabels are labels to add to any time series when sending data to Loki. type: object + oauth2: + description: Oauth2 for URL + properties: + clientId: + description: The secret or configmap containing the OAuth2 + client id + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyUrl: description: ProxyURL to proxy requests through. Optional. type: string @@ -169,8 +258,8 @@ spec: the protocol of the URL is https. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -191,6 +280,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -210,14 +300,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -238,6 +328,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -257,6 +348,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -288,6 +380,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -346,6 +439,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic podLogsSelector: description: Determines which PodLogs should be selected for including in this instance. @@ -391,8 +485,9 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic targetConfig: - description: Configures how tailed targets will be watched. + description: Configures how tailed targets are watched. properties: syncPeriod: description: Period to resync directories being watched and files @@ -403,9 +498,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml index 648ae9606..015c0339c 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: metricsinstances.monitoring.grafana.com spec: @@ -40,17 +40,17 @@ spec: the Metrics instance. properties: additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs allows specifying a key of a + description: 'AdditionalScrapeConfigs lets you specify a key of a Secret containing additional Grafana Agent Prometheus scrape configurations. - SCrape configurations specified are appended to the configurations - generated by the Grafana Agent Operator. Job configurations specified - must have the form as specified in the official Prometheus documentation: + The specified scrape configurations are appended to the configurations + generated by Grafana Agent Operator. Specified job configurations + must have the form specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Grafana Agent. It is advised to review both - Grafana Agent and Prometheus release notes to ensure that no incompatible - scrape configs are going to break Grafana Agent after the upgrade.' + As scrape configs are appended, you must make sure the configuration + is still valid. Note that it''s possible that this feature will + break future upgrades of Grafana Agent. Review both Grafana Agent + and Prometheus release notes to ensure that no incompatible scrape + configs will break Grafana Agent after the upgrade.' properties: key: description: The key of the secret to select from. Must be a @@ -66,18 +66,19 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic maxWALTime: - description: MaxWALTime is the maximum amount of time series and asmples - may exist in the WAL before being forcibly deleted. + description: MaxWALTime is the maximum amount of time that series + and samples can exist in the WAL before being forcibly deleted. type: string minWALTime: - description: MinWALTime is the minimum amount of time series and samples - may exist in the WAL before being considered for deletion. + description: MinWALTime is the minimum amount of time that series + and samples can exist in the WAL before being considered for deletion. type: string podMonitorNamespaceSelector: description: PodMonitorNamespaceSelector are the set of labels to determine which namespaces to watch for PodMonitor discovery. If - nil, only checks own namespace. + nil, it only checks its own namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -120,9 +121,10 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic podMonitorSelector: - description: PodMonitorSelector determines which PodMonitors should - be selected for target discovery. Experimental. + description: PodMonitorSelector determines which PodMonitors to selected + for target discovery. Experimental. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -165,9 +167,10 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic probeNamespaceSelector: - description: ProbeNamespaceSelector are the set of labels to determine - which namespaces to watch for Probe discovery. If nil, only checks + description: ProbeNamespaceSelector is the set of labels that determines + which namespaces to watch for Probe discovery. If nil, it only checks own namespace. properties: matchExpressions: @@ -211,9 +214,10 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic probeSelector: - description: ProbeSelector determines which Probes should be selected - for target discovery. + description: ProbeSelector determines which Probes to select for target + discovery. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -256,6 +260,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic remoteFlushDeadline: description: RemoteFlushDeadline is the deadline for flushing data when an instance shuts down. @@ -288,6 +293,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -307,6 +313,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerToken: description: BearerToken used for remote_write. @@ -339,6 +346,92 @@ spec: if specified. The name is used in metrics and logging in order to differentiate queues. type: string + oauth2: + description: Oauth2 for URL + properties: + clientId: + description: The secret or configmap containing the OAuth2 + client id + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyUrl: description: ProxyURL to proxy requests through. Optional. type: string @@ -348,11 +441,11 @@ spec: properties: batchSendDeadline: description: BatchSendDeadline is the maximum time a sample - will wait in buffer. + will wait in the buffer. type: string capacity: description: Capacity is the number of samples to buffer - per shard before we start dropping them. + per shard before samples start being dropped. type: integer maxBackoff: description: MaxBackoff is the maximum retry delay. @@ -367,15 +460,15 @@ spec: type: integer maxShards: description: MaxShards is the maximum number of shards, - i.e. amount of concurrency. + i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. Gets - doubled for every retry. + description: MinBackoff is the initial retry delay. MinBackoff + is doubled for every retry. type: string minShards: description: MinShards is the minimum number of shards, - i.e. amount of concurrency. + i.e., the amount of concurrency. type: integer retryOnRateLimit: description: RetryOnRateLimit retries requests when encountering @@ -388,12 +481,12 @@ spec: type: string sigv4: description: SigV4 configures SigV4-based authentication to - the remote_write endpoint. Will be used if SigV4 is defined, - even with an empty object. + the remote_write endpoint. SigV4-based authentication is used + if SigV4 is defined, even with an empty object. properties: accessKey: description: AccessKey holds the secret of the AWS API access - key to use for signing. If not provided, The environment + key to use for signing. If not provided, the environment variable AWS_ACCESS_KEY_ID is used. properties: key: @@ -411,6 +504,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic profile: description: Profile is the named AWS profile to use for authentication. @@ -443,13 +537,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object tlsConfig: description: TLSConfig to use for remote_write. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -470,6 +565,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -489,14 +585,14 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -517,6 +613,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -536,6 +633,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -567,6 +665,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -586,15 +685,31 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source @@ -638,9 +753,9 @@ spec: type: object type: array serviceMonitorNamespaceSelector: - description: ServiceMonitorNamespaceSelector are the set of labels - to determine which namespaces to watch for ServiceMonitor discovery. - If nil, only checks own namespace. + description: ServiceMonitorNamespaceSelector is the set of labels + that determine which namespaces to watch for ServiceMonitor discovery. + If nil, it only checks its own namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -683,9 +798,10 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic serviceMonitorSelector: description: ServiceMonitorSelector determines which ServiceMonitors - should be selected for target discovery. + to select for target discovery. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -728,12 +844,12 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic walTruncateFrequency: - description: WALTruncateFrequency specifies how frequently the WAL - truncation process should run. Higher values causes the WAL to increase - and for old series to stay in the WAL for longer, but reduces the - chances of data loss when remote_write is failing for longer than - the given frequency. + description: WALTruncateFrequency specifies how frequently to run + the WAL truncation process. Higher values cause the WAL to increase + and for old series to stay in the WAL longer, but reduces the chance + of data loss when remote_write fails for longer than the given frequency. type: string writeStaleOnShutdown: description: WriteStaleOnShutdown writes staleness markers on shutdown @@ -743,9 +859,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml index 533e33632..ff6531f61 100644 --- a/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml +++ b/charts/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: podlogs.monitoring.grafana.com spec: @@ -56,7 +56,7 @@ spec: type: array type: object pipelineStages: - description: Pipeline stages for this pod. Pipeline stages allow for + description: Pipeline stages for this pod. Pipeline stages support transforming and filtering log lines. items: description: "PipelineStageSpec defines an individual pipeline stage. @@ -78,17 +78,17 @@ spec: logs. properties: dropCounterReason: - description: Every time a log line is dropped the metric - logentry_dropped_lines_total will be incremented. A "reason" + description: Every time a log line is dropped, the metric + logentry_dropped_lines_total is incremented. A "reason" label is added, and can be customized by providing a custom - value here. Defaults to "drop_stage." + value here. Defaults to "drop_stage". type: string expression: - description: "RE2 regular exprssion. \n If source is provided, - the regex will attempt to match the source. \n If no source - is provided, then the regex will attempt to attach the - log line. \n If the provided regex matches the log line - or a provided source, the line will be dropped." + description: "RE2 regular expression. \n If source is provided, + the regex attempts to match the source. \n If no source + is provided, then the regex attempts to attach the log + line. \n If the provided regex matches the log line or + a provided source, the line is dropped." type: string longerThan: description: LongerThan will drop a log line if it its content @@ -98,7 +98,7 @@ spec: olderThan: description: OlderThan will be parsed as a Go duration. If the log line's timestamp is older than the current - time minus the provided duration it will be dropped. + time minus the provided duration, it will be dropped. type: string source: description: Name from the extract data to parse. If empty, @@ -122,10 +122,10 @@ spec: description: "Set of the key/value pairs of JMESPath expressions. The key will be the key in the extracted data while the expression will be the value, evaluated as a JMESPath - from the source data. \n Literal JMESPath exprssions can - be done by wrapping a key in double quotes, which then - must be wrapped again in single quotes in YAML so they - get passed to the JMESPath parser." + from the source data. \n Literal JMESPath expressions + can be used by wrapping a key in double quotes, which + then must be wrapped again in single quotes in YAML so + they get passed to the JMESPath parser." type: object source: description: Name from the extracted data to parse as JSON. @@ -156,6 +156,25 @@ spec: of the label. If the value is not provided, it defaults to match the key." type: object + limit: + description: Limit is a rate-limiting stage that throttles logs + based on several options. + properties: + burst: + description: The cap in the quantity of burst lines that + Promtail will push to Loki. + type: integer + drop: + description: "When drop is true, log lines that exceed the + current rate limit are discarded. When drop is false, + log lines that exceed the current rate limit wait to enter + the back pressure mode. \n Defaults to false." + type: boolean + rate: + description: The rate limit in lines per second that Promtail + will push to Loki. + type: integer + type: object match: description: Match is a filtering stage that conditionally applies a set of stages or drop entries when a log entry matches a @@ -164,13 +183,13 @@ spec: action: description: Determines what action is taken when the selector matches the log line. Can be keep or drop. Defaults to - keep. When set to drop, entries will be dropped and no - later metrics will be recorded. Stages must be empty when - dropping metrics. + keep. When set to drop, entries are dropped and no later + metrics are recorded. Stages must be empty when dropping + metrics. type: string dropCounterReason: - description: Every time a log line is dropped the metric - logentry_dropped_lines_total will be incremented. A "reason" + description: Every time a log line is dropped, the metric + logentry_dropped_lines_total is incremented. A "reason" label is added, and can be customized by providing a custom value here. Defaults to "match_stage." type: string @@ -186,7 +205,7 @@ spec: type: string stages: description: "Nested set of pipeline stages to execute when - action: keep and the log line matches selector. \n An + action is keep and the log line matches selector. \n An example value for stages may be: \n stages: | - json: {} - labelAllow: [foo, bar] \n Note that stages is a string because SIG API Machinery does not support recursive types, @@ -223,7 +242,7 @@ spec: type: string type: array countEntryBytes: - description: "If true all log line bytes will be counted. + description: "If true all log line bytes are counted. Can only be set with matchAll: true and action: add. \n Only valid for type: counter." type: boolean @@ -231,7 +250,7 @@ spec: description: Sets the description for the created metric. type: string matchAll: - description: "If true all log lines will be counted without + description: "If true, all log lines are counted without attempting to match the source to the extracted map. Mutually exclusive with value. \n Only valid for type: counter." @@ -240,8 +259,8 @@ spec: description: "Label values on metrics are dynamic which can cause exported metrics to go stale. To prevent unbounded cardinality, any metrics not updated within MaxIdleDuration - will be removed. \n Must be greater or equal to 1s. - Defaults to 5m." + are removed. \n Must be greater or equal to 1s. Defaults + to 5m." type: string prefix: description: Sets the custom prefix name for the metric. @@ -257,14 +276,14 @@ spec: type: string value: description: Filters down source data and only changes - the metric if the targeted value exactly matches the - provided string. If not present, all data will match. + the metric if the targeted value matches the provided + string exactly. If not present, all data matches. type: string required: - action - type type: object - description: Metrics is an action stage that allows for defining + description: Metrics is an action stage that supports defining and updating metrics based on data from the extracted map. Created metrics are not pushed to Loki or Prometheus and are instead exposed via the /metrics endpoint of the Grafana Agent @@ -317,7 +336,7 @@ spec: containers to avoid out of order errors. type: boolean labels: - description: Name from extracted data or line labels. Requiried. + description: Name from extracted data or line labels. Required. Labels provided here are automatically removed from output labels. items: @@ -371,7 +390,7 @@ spec: If empty, defaults to using the log message. type: string template: - description: Go template string to use. Required. In additional + description: Go template string to use. Required. In addition to normal template functions, ToLower, ToUpper, Replace, Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are also available. @@ -386,14 +405,18 @@ spec: data map. If the field is missing, the default LogsClientSpec.tenantId will be used. properties: + label: + description: Name from labels whose value should be set + as tenant ID. Mutually exclusive with source and value. + type: string source: description: Name from extracted data to use as the tenant - ID. Mutually exclusive with value. + ID. Mutually exclusive with label and value. type: string value: description: Value to use for the template ID. Useful when this stage is used within a conditional pipeline such - as match. Mutually exclusive with source. + as match. Mutually exclusive with label and source. type: string type: object timestamp: @@ -450,15 +473,31 @@ spec: action: default: replace description: Action to perform based on regex matching. Default - is 'replace' + is 'replace'. uppercase and lowercase actions require Prometheus + >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: description: Modulus to take of the hash of the source label @@ -540,15 +579,10 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic required: - selector type: object type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml b/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml index aad0c89d3..08ad58c16 100644 --- a/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml +++ b/charts/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml @@ -52,4 +52,11 @@ rules: - daemonsets - deployments verbs: [get, list, watch, create, update, patch, delete] +{{- with .Values.rbac.podSecurityPolicyName }} +- apiGroups: [policy] + resources: + - podsecuritypolicies + verbs: [use] + resourceNames: [ {{ . }} ] +{{- end -}} {{- end -}} diff --git a/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml b/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml index d83087c17..e2c741ecb 100644 --- a/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml +++ b/charts/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml @@ -25,6 +25,9 @@ spec: {{ toYaml . | indent 8 }} {{- end }} spec: + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} serviceAccountName: {{ template "ga-operator.serviceAccountName" . }} {{- with .Values.podSecurityContext }} securityContext: @@ -34,6 +37,10 @@ spec: - name: {{ include "ga-operator.name" . }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 10 }} @@ -53,6 +60,10 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml b/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml index f8125e848..1f9b2077a 100644 --- a/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml +++ b/charts/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "ga-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "ga-operator.labels" . | indent 4 }} {{- end -}} diff --git a/charts/loki/charts/grafana-agent-operator/values.yaml b/charts/loki/charts/grafana-agent-operator/values.yaml index 3d69c6079..4df242776 100644 --- a/charts/loki/charts/grafana-agent-operator/values.yaml +++ b/charts/loki/charts/grafana-agent-operator/values.yaml @@ -16,9 +16,14 @@ podLabels: {} # -- Pod security context (runAsUser, etc.) podSecurityContext: {} -# -- Toggle to create ClusterRole and ClusterRoleBinding +# -- Container security context (allowPrivilegeEscalation, etc.) +containerSecurityContext: {} + rbac: + # -- Toggle to create ClusterRole and ClusterRoleBinding create: true + # -- Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used. + podSecurityPolicyName: '' serviceAccount: # -- Toggle to create ServiceAccount @@ -32,12 +37,18 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.25.1 + tag: v0.39.1 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets pullSecrets: [] +# -- hostAliases to add +hostAliases: [] +# - ip: 1.2.3.4 +# hostnames: +# - domain.tld + # -- If both are set, Agent Operator will create and maintain a service for scraping kubelets # https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets kubeletService: diff --git a/charts/loki/charts/minio/Chart.yaml b/charts/loki/charts/minio/Chart.yaml index 67824a404..a91734198 100644 --- a/charts/loki/charts/minio/Chart.yaml +++ b/charts/loki/charts/minio/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: RELEASE.2022-08-13T21-54-44Z +appVersion: RELEASE.2022-09-17T00-09-45Z description: Multi-Cloud Object Storage home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -15,4 +15,4 @@ maintainers: name: minio sources: - https://github.com/minio/minio -version: 4.0.12 +version: 4.0.15 diff --git a/charts/loki/charts/minio/templates/_helper_policy.tpl b/charts/loki/charts/minio/templates/_helper_policy.tpl index 83a2e153b..f2150530b 100644 --- a/charts/loki/charts/minio/templates/_helper_policy.tpl +++ b/charts/loki/charts/minio/templates/_helper_policy.tpl @@ -12,6 +12,16 @@ "Resource": [ "{{ $statement.resources | join "\",\n\"" }}" ]{{ end }} +{{- if $statement.conditions }} +{{- $condition_len := len $statement.conditions }} +{{- $condition_len := sub $condition_len 1 }} + , + "Condition": { + {{- range $k,$v := $statement.conditions }} + {{- range $operator,$object := $v }} + "{{ $operator }}": { {{ $object }} }{{- if lt $k $condition_len }},{{- end }} + {{- end }}{{- end }} + }{{- end }} }{{ if lt $i $statements_length }},{{end }} {{- end }} ] diff --git a/charts/loki/charts/minio/templates/deployment.yaml b/charts/loki/charts/minio/templates/deployment.yaml index 062d141f2..692f86efd 100644 --- a/charts/loki/charts/minio/templates/deployment.yaml +++ b/charts/loki/charts/minio/templates/deployment.yaml @@ -82,18 +82,19 @@ spec: - name: minio-user mountPath: "/tmp/credentials" readOnly: true - {{- if .Values.persistence.enabled }} - name: export mountPath: {{ .Values.mountPath }} - {{- if .Values.persistence.subPath }} + {{- if and .Values.persistence.enabled .Values.persistence.subPath }} subPath: "{{ .Values.persistence.subPath }}" {{- end }} - {{- end }} {{- if .Values.extraSecret }} - name: extra-secret mountPath: "/tmp/minio-config-env" {{- end }} {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} ports: - name: {{ $scheme }} containerPort: {{ .Values.minioAPIPort }} @@ -123,7 +124,7 @@ spec: value: {{ .Values.oidc.configUrl }} - name: MINIO_IDENTITY_OPENID_CLIENT_ID value: {{ .Values.oidc.clientId }} - - name: MINIO_IDENTITY_OPENID_CLIENTs_SECRET + - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET value: {{ .Values.oidc.clientSecret }} - name: MINIO_IDENTITY_OPENID_CLAIM_NAME value: {{ .Values.oidc.claimName }} @@ -192,4 +193,7 @@ spec: secret: secretName: {{ template "minio.secretName" . }} {{- include "minio.tlsKeysVolume" . | indent 8 }} + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml b/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml index 37d4f6bd9..643313d51 100644 --- a/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml +++ b/charts/loki/charts/minio/templates/post-install-create-bucket-job.yaml @@ -65,6 +65,12 @@ spec: - key: {{ .Values.tls.publicCrt }} path: CAs/public.crt {{ end }} + {{- if .Values.makeBucketJob.extraVolumes }} + {{- toYaml .Values.makeBucketJob.extraVolumes | nindent 8 }} + {{- end }} +{{ if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} +{{- end }} containers: - name: minio-mc image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" @@ -87,6 +93,9 @@ spec: - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{ end }} + {{- if .Values.makeBucketJob.extraVolumeMounts }} + {{- toYaml .Values.makeBucketJob.extraVolumeMounts | nindent 10 }} + {{- end }} resources: {{ toYaml .Values.makeBucketJob.resources | indent 10 }} {{- end }} diff --git a/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml b/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml index cf3c6602a..288bf751a 100644 --- a/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml +++ b/charts/loki/charts/minio/templates/post-install-create-policy-job.yaml @@ -65,6 +65,12 @@ spec: - key: {{ .Values.tls.publicCrt }} path: CAs/public.crt {{ end }} + {{- if .Values.makePolicyJob.extraVolumes }} + {{- toYaml .Values.makePolicyJob.extraVolumes | nindent 8 }} + {{- end }} +{{ if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} +{{- end }} containers: - name: minio-mc image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" @@ -87,6 +93,9 @@ spec: - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{ end }} + {{- if .Values.makePolicyJob.extraVolumeMounts }} + {{- toYaml .Values.makePolicyJob.extraVolumeMounts | nindent 10 }} + {{- end }} resources: {{ toYaml .Values.makePolicyJob.resources | indent 10 }} {{- end }} diff --git a/charts/loki/charts/minio/templates/post-install-create-user-job.yaml b/charts/loki/charts/minio/templates/post-install-create-user-job.yaml index 7d7f6dd9d..8ccc6c000 100644 --- a/charts/loki/charts/minio/templates/post-install-create-user-job.yaml +++ b/charts/loki/charts/minio/templates/post-install-create-user-job.yaml @@ -75,6 +75,12 @@ spec: - key: {{ .Values.tls.publicCrt }} path: CAs/public.crt {{ end }} + {{- if .Values.makeUserJob.extraVolumes }} + {{- toYaml .Values.makeUserJob.extraVolumes | nindent 8 }} + {{- end }} +{{ if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} +{{- end }} containers: - name: minio-mc image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" @@ -97,6 +103,9 @@ spec: - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{ end }} + {{- if .Values.makeUserJob.extraVolumeMounts }} + {{- toYaml .Values.makeUserJob.extraVolumeMounts | nindent 10 }} + {{- end }} resources: {{ toYaml .Values.makeUserJob.resources | indent 10 }} {{- end }} diff --git a/charts/loki/charts/minio/templates/servicemonitor.yaml b/charts/loki/charts/minio/templates/servicemonitor.yaml index d3fb6291c..fe14b1fba 100644 --- a/charts/loki/charts/minio/templates/servicemonitor.yaml +++ b/charts/loki/charts/minio/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.metrics.serviceMonitor.enabled }} +{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -35,7 +35,7 @@ spec: - port: http scheme: http {{- end }} - path: /minio/v2/metrics/cluster + path: /minio/v2/metrics/node {{- if .Values.metrics.serviceMonitor.interval }} interval: {{ .Values.metrics.serviceMonitor.interval }} {{- end }} @@ -59,3 +59,57 @@ spec: release: {{ .Release.Name }} monitoring: "true" {{- end }} +{{- if .Values.metrics.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Probe +metadata: + name: {{ template "minio.fullname" . }}-cluster + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{ else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + jobName: {{ template "minio.fullname" . }} + prober: + url: {{ template "minio.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} + path: /minio/v2/metrics/cluster + {{- if .Values.tls.enabled }} + scheme: https + tlsConfig: + ca: + secret: + name: {{ .Values.tls.certSecret }} + key: {{ .Values.tls.publicCrt }} + serverName: {{ template "minio.fullname" . }} + {{ else }} + scheme: http + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }} +{{ toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | indent 2 }} + {{- end }} + targets: + staticConfig: + static: + - {{ template "minio.fullname" . }}.{{ .Release.Namespace }} + {{- if not .Values.metrics.serviceMonitor.public }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + bearerTokenSecret: + name: {{ template "minio.fullname" . }}-prometheus + key: token + {{- end }} +{{- end }} diff --git a/charts/loki/charts/minio/templates/statefulset.yaml b/charts/loki/charts/minio/templates/statefulset.yaml index 6d695ddf5..490de918d 100644 --- a/charts/loki/charts/minio/templates/statefulset.yaml +++ b/charts/loki/charts/minio/templates/statefulset.yaml @@ -130,6 +130,9 @@ spec: mountPath: "/tmp/minio-config-env" {{- end }} {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} ports: - name: {{ $scheme }} containerPort: {{ .Values.minioAPIPort }} @@ -207,6 +210,9 @@ spec: secretName: {{ .Values.extraSecret }} {{- end }} {{- include "minio.tlsKeysVolume" . | indent 8 }} + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: {{- if gt $drivesPerNode 1 }} diff --git a/charts/loki/charts/minio/values.yaml b/charts/loki/charts/minio/values.yaml index 457d647a9..865edf02b 100644 --- a/charts/loki/charts/minio/values.yaml +++ b/charts/loki/charts/minio/values.yaml @@ -14,7 +14,7 @@ clusterDomain: cluster.local ## image: repository: quay.io/minio/minio - tag: RELEASE.2022-08-13T21-54-44Z + tag: RELEASE.2022-09-17T00-09-45Z pullPolicy: IfNotPresent imagePullSecrets: [] @@ -25,17 +25,17 @@ imagePullSecrets: [] ## mcImage: repository: quay.io/minio/mc - tag: RELEASE.2022-08-11T00-30-48Z + tag: RELEASE.2022-09-16T09-16-47Z pullPolicy: IfNotPresent ## minio mode, i.e. standalone or distributed or gateway. mode: distributed ## other supported values are "standalone", "gateway" ## Additional labels to include with deployment or statefulset -additionalLabels: [] +additionalLabels: {} ## Additional annotations to include with deployment or statefulset -additionalAnnotations: [] +additionalAnnotations: {} ## Typically the deployment/statefulset includes checksums of secrets/config, ## So that when these change on a subsequent helm install, the deployment/statefulset @@ -46,6 +46,12 @@ ignoreChartChecksums: false ## Additional arguments to pass to minio binary extraArgs: [] +## Additional volumes to minio container +extraVolumes: [] + +## Additional volumeMounts to minio container +extraVolumeMounts: [] + ## Internal port number for MinIO S3 API container ## Change service.port to change external port number minioAPIPort: "9000" @@ -295,10 +301,25 @@ policies: [] # - "s3:GetBucketLocation" # - "s3:ListBucket" # - "s3:ListBucketMultipartUploads" +## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only +# - name: conditionsexample +# statements: +# - resources: +# - 'arn:aws:s3:::example/*' +# actions: +# - 's3:*' +# conditions: +# - StringEquals: '"aws:username": "johndoe"' +# - IpAddress: | +# "aws:SourceIp": [ +# "10.0.0.0/8", +# "192.168.0.0/24" +# ] +# ## Additional Annotations for the Kubernetes Job makePolicyJob makePolicyJob: - podAnnotations: - annotations: + podAnnotations: {} + annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -310,6 +331,8 @@ makePolicyJob: nodeSelector: {} tolerations: [] affinity: {} + extraVolumes: [] + extraVolumeMounts: [] # Command to run after the main command on exit exitCommand: "" @@ -333,8 +356,8 @@ users: ## Additional Annotations for the Kubernetes Job makeUserJob makeUserJob: - podAnnotations: - annotations: + podAnnotations: {} + annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -346,6 +369,8 @@ makeUserJob: nodeSelector: {} tolerations: [] affinity: {} + extraVolumes: [] + extraVolumeMounts: [] # Command to run after the main command on exit exitCommand: "" @@ -375,8 +400,8 @@ buckets: ## Additional Annotations for the Kubernetes Job makeBucketJob makeBucketJob: - podAnnotations: - annotations: + podAnnotations: {} + annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -388,6 +413,8 @@ makeBucketJob: nodeSelector: {} tolerations: [] affinity: {} + extraVolumes: [] + extraVolumeMounts: [] # Command to run after the main command on exit exitCommand: "" @@ -398,8 +425,8 @@ customCommands: ## Additional Annotations for the Kubernetes Job customCommandJob customCommandJob: - podAnnotations: - annotations: + podAnnotations: {} + annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -464,10 +491,17 @@ serviceAccount: metrics: serviceMonitor: enabled: false + # scrape each node/pod individually for additional metrics + includeNode: false public: true additionalLabels: {} - annotations: {} + # for node metrics relabelConfigs: {} + # for cluster metrics + relabelConfigsCluster: {} + # metricRelabelings: + # - regex: (server|pod) + # action: labeldrop # namespace: monitoring # interval: 30s # scrapeTimeout: 10s diff --git a/charts/loki/docs/examples/enterprise/README.md b/charts/loki/docs/examples/enterprise/README.md index 42004f1e2..d28b48ed9 100644 --- a/charts/loki/docs/examples/enterprise/README.md +++ b/charts/loki/docs/examples/enterprise/README.md @@ -1,20 +1,20 @@ ## Introduction -This example gives you an example or getting started overrides value file for deploying Loki (Enterprise Licensed) using the Simple Scalable architecture in GKE and using GCS +This example gives you an example or getting started overrides value file for deploying Loki (Enterprise Licensed) using the Simple Scalable architecture in GKE and using GCS. ## Installation of Helm Chart -These instructions assume you have already have access to a Kubernetes cluster, GCS Bucket and GCP Service Account which has read/write permissions to that GCS Bucket. +These instructions assume you already have access to a Kubernetes cluster, GCS Bucket and GCP Service Account which has read/write permissions to that GCS Bucket. ### Populate Secret Values -Populate the examples/enterprise-secrets.yaml so that: -- The gcp_service_account.json secret has the contents of your GCP Service Account JSON key -- The gel-license.jwt secret has the contents of your Grafana Enterprise Logs license key given to your by Grafana Labs +Populate the [enterprise-secrets.yaml](./enterprise-secrets.yaml) so that: +- The `gcp_service_account.json` secret has the contents of your GCP Service Account JSON key. +- The `license.jwt` secret has the contents of your Grafana Enterprise Logs license key given to your by Grafana Labs. -Deploy the secrets file to your k8s cluster. +Deploy the secrets file to your k8s cluster with the command: `kubectl apply -f enterprise-secrets.yaml` ### Configure the Helm Chart -Open examples/overides-enterprise-gcs.yaml and replace `{YOUR_GCS_BUCKET}` with the name of your GCS bucket. If there are other things you'd like to configure, view the core [Values.yaml file](https://github.com/grafana/helm-charts/blob/main/charts/loki-simple-scalable/values.yaml) and override anything else you need to within the overrides-enterprise-gcs.yaml file. +Open [overrides-enterprise-gcs.yaml](./overrides-enterprise-gcs.yaml) and replace `{YOUR_GCS_BUCKET}` with the name of your GCS bucket. If there are other things you'd like to configure, view the core [Values.yaml file](https://github.com/grafana/helm-charts/blob/main/charts/loki-simple-scalable/values.yaml) and override anything else you need to within the overrides-enterprise-gcs.yaml file. ### Install the Helm chart @@ -25,5 +25,4 @@ Open examples/overides-enterprise-gcs.yaml and replace `{YOUR_GCS_BUCKET}` with `kubectl --namespace {KUBERNETES_NAMESPACE} logs $POD_NAME loki | grep Token` -Take note of this token, you will need it when connecting Grafana Enterprise Logs to Grafana - +Take note of this token, you will need it when connecting Grafana Enterprise Logs to Grafana. diff --git a/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml b/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml index 77266fa72..698e94b44 100644 --- a/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml +++ b/charts/loki/docs/examples/enterprise/enterprise-secrets.yaml @@ -9,4 +9,4 @@ stringData: GCP_SERVICE_ACCOUNT_JSON_HERE } - gel-license.jwt: LICENSE_HERE \ No newline at end of file + license.jwt: LICENSE_HERE diff --git a/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml b/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml index 348b8b788..01210d309 100644 --- a/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml +++ b/charts/loki/docs/examples/enterprise/overrides-enterprise-gcs.yaml @@ -14,7 +14,7 @@ enterprise: secret: secretName: gel-secrets items: - - key: gel-license.jwt + - key: license.jwt path: license.jwt - key: gcp_service_account.json path: gcp_service_account.json @@ -43,7 +43,7 @@ write: secret: secretName: gel-secrets items: - - key: gel-license.jwt + - key: license.jwt path: license.jwt - key: gcp_service_account.json path: gcp_service_account.json @@ -60,7 +60,7 @@ read: secret: secretName: gel-secrets items: - - key: gel-license.jwt + - key: license.jwt path: license.jwt - key: gcp_service_account.json path: gcp_service_account.json @@ -77,7 +77,7 @@ gateway: secret: secretName: gel-secrets items: - - key: gel-license.jwt + - key: license.jwt path: license.jwt - key: gcp_service_account.json path: gcp_service_account.json diff --git a/charts/loki/reference.md.gotmpl b/charts/loki/reference.md.gotmpl index 9636b1edf..0efc49276 100644 --- a/charts/loki/reference.md.gotmpl +++ b/charts/loki/reference.md.gotmpl @@ -1,8 +1,10 @@ --- title: Helm Chart Values -menuTitle: Helm Chart Values +menuTitle: Helm chart values description: Reference for Helm Chart values. -weight: 100 +aliases: + - ../../../installation/helm/reference/ +weight: 500 keywords: [] --- diff --git a/charts/loki/src/.yamllint.yaml b/charts/loki/src/.yamllint.yaml new file mode 100644 index 000000000..19e5933ac --- /dev/null +++ b/charts/loki/src/.yamllint.yaml @@ -0,0 +1,4 @@ +--- +rules: + quoted-strings: + required: true diff --git a/charts/loki/src/alerts.yaml b/charts/loki/src/alerts.yaml deleted file mode 100644 index b1e968776..000000000 --- a/charts/loki/src/alerts.yaml +++ /dev/null @@ -1,52 +0,0 @@ -groups: -- name: loki_alerts - rules: - - alert: LokiRequestErrors - annotations: - message: | - {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors. - expr: | - 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[2m])) by (namespace, job, route) - / - sum(rate(loki_request_duration_seconds_count[2m])) by (namespace, job, route) - > 10 - for: 15m - labels: - severity: critical - - alert: LokiRequestPanics - annotations: - message: | - {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}% increase of panics. - expr: | - sum(increase(loki_panic_total[10m])) by (namespace, job) > 0 - labels: - severity: critical - - alert: LokiRequestLatency - annotations: - message: | - {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency. - expr: | - namespace_job_route:loki_request_duration_seconds:99quantile{route!~"(?i).*tail.*"} > 1 - for: 15m - labels: - severity: critical - - alert: LokiTooManyCompactorsRunning - annotations: - message: | - {{ $labels.cluster }} {{ $labels.namespace }} has had {{ printf "%.0f" $value }} compactors running for more than 5m. Only one compactor should run at a time. - expr: | - sum(loki_boltdb_shipper_compactor_running) by (namespace, cluster) > 1 - for: 5m - labels: - severity: warning -- name: 'loki_canaries_alerts' - rules: - - alert: 'LokiCanaryLatency' - annotations: - message: | - {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency. - expr: | - histogram_quantile(0.99, sum(rate(loki_canary_response_latency_seconds_bucket[5m])) by (le, namespace, job)) > 5 - for: '15m' - labels: - severity: 'warning' diff --git a/charts/loki/src/alerts.yaml.tpl b/charts/loki/src/alerts.yaml.tpl new file mode 100644 index 000000000..144e263f7 --- /dev/null +++ b/charts/loki/src/alerts.yaml.tpl @@ -0,0 +1,78 @@ +--- +groups: + - name: "loki_alerts" + rules: +{{- if not (.Values.monitoring.rules.disabled.LokiRequestErrors | default false) }} + - alert: "LokiRequestErrors" + annotations: + message: | + {{`{{`}} $labels.job {{`}}`}} {{`{{`}} $labels.route {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}% errors. + expr: | + 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[2m])) by (namespace, job, route) + / + sum(rate(loki_request_duration_seconds_count[2m])) by (namespace, job, route) + > 10 + for: "15m" + labels: + severity: "critical" +{{- if .Values.monitoring.rules.additionalRuleLabels }} +{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }} +{{- end }} +{{- end }} +{{- if not (.Values.monitoring.rules.disabled.LokiRequestPanics | default false) }} + - alert: "LokiRequestPanics" + annotations: + message: | + {{`{{`}} $labels.job {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}% increase of panics. + expr: | + sum(increase(loki_panic_total[10m])) by (namespace, job) > 0 + labels: + severity: "critical" +{{- if .Values.monitoring.rules.additionalRuleLabels }} +{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }} +{{- end }} +{{- end }} +{{- if not (.Values.monitoring.rules.disabled.LokiRequestLatency | default false) }} + - alert: "LokiRequestLatency" + annotations: + message: | + {{`{{`}} $labels.job {{`}}`}} {{`{{`}} $labels.route {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}s 99th percentile latency. + expr: | + namespace_job_route:loki_request_duration_seconds:99quantile{route!~"(?i).*tail.*"} > 1 + for: "15m" + labels: + severity: "critical" +{{- if .Values.monitoring.rules.additionalRuleLabels }} +{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }} +{{- end }} +{{- end }} +{{- if not (.Values.monitoring.rules.disabled.LokiTooManyCompactorsRunning | default false) }} + - alert: "LokiTooManyCompactorsRunning" + annotations: + message: | + {{`{{`}} $labels.cluster {{`}}`}} {{`{{`}} $labels.namespace {{`}}`}} has had {{`{{`}} printf "%.0f" $value {{`}}`}} compactors running for more than 5m. Only one compactor should run at a time. + expr: | + sum(loki_boltdb_shipper_compactor_running) by (namespace, cluster) > 1 + for: "5m" + labels: + severity: "warning" +{{- if .Values.monitoring.rules.additionalRuleLabels }} +{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }} +{{- end }} +{{- end }} +{{- if not (.Values.monitoring.rules.disabled.LokiCanaryLatency | default false) }} + - name: "loki_canaries_alerts" + rules: + - alert: "LokiCanaryLatency" + annotations: + message: | + {{`{{`}} $labels.job {{`}}`}} is experiencing {{`{{`}} printf "%.2f" $value {{`}}`}}s 99th percentile latency. + expr: | + histogram_quantile(0.99, sum(rate(loki_canary_response_latency_seconds_bucket[5m])) by (le, namespace, job)) > 5 + for: "15m" + labels: + severity: "warning" +{{- if .Values.monitoring.rules.additionalRuleLabels }} +{{ toYaml .Values.monitoring.rules.additionalRuleLabels | indent 10 }} +{{- end }} +{{- end }} diff --git a/charts/loki/src/dashboards/loki-chunks.json b/charts/loki/src/dashboards/loki-chunks.json index 8f30328bf..bec1997c2 100644 --- a/charts/loki/src/dashboards/loki-chunks.json +++ b/charts/loki/src/dashboards/loki-chunks.json @@ -598,7 +598,7 @@ "steppedLine": false, "targets": [ { - "expr": "cortex_ingester_flush_queue_length{cluster=\"$cluster\", job=~\"$namespace/(loki|enterprise-logs)-write\"}", + "expr": "loki_ingester_flush_queue_length{cluster=\"$cluster\", job=~\"$namespace/(loki|enterprise-logs)-write\"} or cortex_ingester_flush_queue_length{cluster=\"$cluster\", job=~\"$namespace/(loki|enterprise-logs)-write\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", diff --git a/charts/loki/src/dashboards/loki-logs.json b/charts/loki/src/dashboards/loki-logs.json index c09d15493..0f113cf9b 100644 --- a/charts/loki/src/dashboards/loki-logs.json +++ b/charts/loki/src/dashboards/loki-logs.json @@ -78,7 +78,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -165,7 +165,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -251,7 +251,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -337,7 +337,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -423,7 +423,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -509,7 +509,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -596,7 +596,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -683,7 +683,7 @@ "sort": 0, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -772,7 +772,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(rate({cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\" } |logfmt| level=\"$level\" |= \"$filter\" [5m])) by (level)", + "expr": "sum(rate({cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\" } |logfmt| level=~\"$level\" |= \"$filter\" [5m])) by (level)", "intervalFactor": 3, "legendFormat": "{{level}}", "refId": "A" @@ -788,7 +788,7 @@ "sort": 2, "value_type": "individual" }, - "type": "graph", + "type": "timeseries", "xaxis": { "buckets": null, "mode": "time", @@ -837,7 +837,7 @@ }, "targets": [ { - "expr": "{cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\"} | logfmt | level=\"$level\" |= \"$filter\"", + "expr": "{cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$deployment.*\", pod=~\"$pod\", container=~\"$container\"} | logfmt | level=~\"$level\" |= \"$filter\"", "refId": "A" } ], diff --git a/charts/loki/src/helm-test/Dockerfile b/charts/loki/src/helm-test/Dockerfile index 5ffb228f7..cf4420a2a 100644 --- a/charts/loki/src/helm-test/Dockerfile +++ b/charts/loki/src/helm-test/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.18.5 as build +FROM golang:1.21.3 as build # build via Makefile target helm-test-image in root # Makefile. Building from this directory will not be @@ -7,7 +7,7 @@ COPY . /src/loki WORKDIR /src/loki RUN make clean && make BUILD_IN_CONTAINER=false helm-test -FROM alpine:3.16.2 -RUN apk add --update --no-cache ca-certificates=20220614-r0 +FROM alpine:3.18.5 +RUN apk add --update --no-cache ca-certificates=20230506-r0 COPY --from=build /src/loki/production/helm/loki/src/helm-test/helm-test /usr/bin/helm-test ENTRYPOINT [ "/usr/bin/helm-test" ] diff --git a/charts/loki/src/helm-test/default.nix b/charts/loki/src/helm-test/default.nix index 5ebfa3e4e..a129b2373 100644 --- a/charts/loki/src/helm-test/default.nix +++ b/charts/loki/src/helm-test/default.nix @@ -5,7 +5,7 @@ rec { version = "0.1.0"; src = ./../../../../..; - vendorSha256 = null; + vendorHash = null; buildPhase = '' runHook preBuild diff --git a/charts/loki/src/rules.yaml.tpl b/charts/loki/src/rules.yaml.tpl index 72bf907e9..840401dc8 100644 --- a/charts/loki/src/rules.yaml.tpl +++ b/charts/loki/src/rules.yaml.tpl @@ -6,81 +6,81 @@ groups: by (le, job)) record: job:loki_request_duration_seconds:99quantile labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job)) record: job:loki_request_duration_seconds:50quantile labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job) / sum(rate(loki_request_duration_seconds_count[1m])) by (job) record: job:loki_request_duration_seconds:avg labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job) record: job:loki_request_duration_seconds_bucket:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job) record: job:loki_request_duration_seconds_sum:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job) record: job:loki_request_duration_seconds_count:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)) record: job_route:loki_request_duration_seconds:99quantile labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)) record: job_route:loki_request_duration_seconds:50quantile labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route) / sum(rate(loki_request_duration_seconds_count[1m])) by (job, route) record: job_route:loki_request_duration_seconds:avg labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route) record: job_route:loki_request_duration_seconds_bucket:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route) record: job_route:loki_request_duration_seconds_sum:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job, route) record: job_route:loki_request_duration_seconds_count:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, namespace, job, route)) record: namespace_job_route:loki_request_duration_seconds:99quantile labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, namespace, job, route)) record: namespace_job_route:loki_request_duration_seconds:50quantile labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route) / sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route) record: namespace_job_route:loki_request_duration_seconds:avg labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, namespace, job, route) record: namespace_job_route:loki_request_duration_seconds_bucket:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route) record: namespace_job_route:loki_request_duration_seconds_sum:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" - expr: sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route) record: namespace_job_route:loki_request_duration_seconds_count:sum_rate labels: - cluster: "{{ include "loki.fullname" $ }}" + cluster: "{{ include "loki.clusterLabel" $ }}" diff --git a/charts/loki/templates/_helpers.tpl b/charts/loki/templates/_helpers.tpl index 2f837ade3..14fe80006 100644 --- a/charts/loki/templates/_helpers.tpl +++ b/charts/loki/templates/_helpers.tpl @@ -79,6 +79,26 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Cluster label for rules and alerts. +*/}} +{{- define "loki.clusterLabel" -}} +{{- if .Values.clusterLabelOverride }} +{{- .Values.clusterLabelOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := include "loki.name" . }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + {{/* Create a default storage config that uses filesystem storage This is required for CI, but Loki will not be queryable with this default applied, thus it is encouraged that users override this. @@ -135,11 +155,11 @@ Base template for building docker image reference {{- define "loki.baseImage" }} {{- $registry := .global.registry | default .service.registry | default "" -}} {{- $repository := .service.repository | default "" -}} -{{- $tag := .service.tag | default .defaultVersion | toString -}} +{{- $ref := ternary (printf ":%s" (.service.tag | default .defaultVersion | toString)) (printf "@%s" .service.digest) (empty .service.digest) -}} {{- if and $registry $repository -}} - {{- printf "%s/%s:%s" $registry $repository $tag -}} + {{- printf "%s/%s%s" $registry $repository $ref -}} {{- else -}} - {{- printf "%s%s:%s" $registry $repository $tag -}} + {{- printf "%s%s%s" $registry $repository $ref -}} {{- end -}} {{- end -}} @@ -205,6 +225,9 @@ s3: {{- with .accessKeyId }} access_key_id: {{ . }} {{- end }} + {{- with .signatureVersion }} + signature_version: {{ . }} + {{- end }} s3forcepathstyle: {{ .s3ForcePathStyle }} insecure: {{ .insecure }} {{- with .http_config}} @@ -222,7 +245,20 @@ s3: ca_file: {{ . }} {{- end}} {{- end }} + {{- with .backoff_config}} + backoff_config: + {{- with .min_period }} + min_period: {{ . }} + {{- end}} + {{- with .max_period }} + max_period: {{ . }} + {{- end}} + {{- with .max_retries }} + max_retries: {{ . }} + {{- end}} + {{- end }} {{- end -}} + {{- else if eq .Values.loki.storage.type "gcs" -}} {{- with .Values.loki.storage.gcs }} gcs: @@ -238,14 +274,54 @@ azure: {{- with .accountKey }} account_key: {{ . }} {{- end }} + {{- with .connectionString }} + connection_string: {{ . }} + {{- end }} container_name: {{ $.Values.loki.storage.bucketNames.chunks }} use_managed_identity: {{ .useManagedIdentity }} + use_federated_token: {{ .useFederatedToken }} {{- with .userAssignedId }} user_assigned_id: {{ . }} {{- end }} {{- with .requestTimeout }} request_timeout: {{ . }} {{- end }} + {{- with .endpointSuffix }} + endpoint_suffix: {{ . }} + {{- end }} +{{- end -}} +{{- else if eq .Values.loki.storage.type "swift" -}} +{{- with .Values.loki.storage.swift }} +swift: + {{- with .auth_version }} + auth_version: {{ . }} + {{- end }} + auth_url: {{ .auth_url }} + {{- with .internal }} + internal: {{ . }} + {{- end }} + username: {{ .username }} + user_domain_name: {{ .user_domain_name }} + {{- with .user_domain_id }} + user_domain_id: {{ . }} + {{- end }} + {{- with .user_id }} + user_id: {{ . }} + {{- end }} + password: {{ .password }} + {{- with .domain_id }} + domain_id: {{ . }} + {{- end }} + domain_name: {{ .domain_name }} + project_id: {{ .project_id }} + project_name: {{ .project_name }} + project_domain_id: {{ .project_domain_id }} + project_domain_name: {{ .project_domain_name }} + region_name: {{ .region_name }} + container_name: {{ .container_name }} + max_retries: {{ .max_retries | default 3 }} + connect_timeout: {{ .connect_timeout | default "10s" }} + request_timeout: {{ .request_timeout | default "5s" }} {{- end -}} {{- else -}} {{- with .Values.loki.storage.filesystem }} @@ -286,6 +362,9 @@ s3: {{- end }} s3forcepathstyle: {{ .s3ForcePathStyle }} insecure: {{ .insecure }} + {{- with .http_config }} + http_config: {{ toYaml . | nindent 6 }} + {{- end }} {{- end -}} {{- else if eq .Values.loki.storage.type "gcs" -}} {{- with .Values.loki.storage.gcs }} @@ -304,14 +383,54 @@ azure: {{- with .accountKey }} account_key: {{ . }} {{- end }} + {{- with .connectionString }} + connection_string: {{ . }} + {{- end }} container_name: {{ $.Values.loki.storage.bucketNames.ruler }} use_managed_identity: {{ .useManagedIdentity }} + use_federated_token: {{ .useFederatedToken }} {{- with .userAssignedId }} user_assigned_id: {{ . }} {{- end }} {{- with .requestTimeout }} request_timeout: {{ . }} {{- end }} + {{- with .endpointSuffix }} + endpoint_suffix: {{ . }} + {{- end }} +{{- end -}} +{{- else if eq .Values.loki.storage.type "swift" -}} +{{- with .Values.loki.storage.swift }} +swift: + {{- with .auth_version }} + auth_version: {{ . }} + {{- end }} + auth_url: {{ .auth_url }} + {{- with .internal }} + internal: {{ . }} + {{- end }} + username: {{ .username }} + user_domain_name: {{ .user_domain_name }} + {{- with .user_domain_id }} + user_domain_id: {{ . }} + {{- end }} + {{- with .user_id }} + user_id: {{ . }} + {{- end }} + password: {{ .password }} + {{- with .domain_id }} + domain_id: {{ . }} + {{- end }} + domain_name: {{ .domain_name }} + project_id: {{ .project_id }} + project_name: {{ .project_name }} + project_domain_id: {{ .project_domain_id }} + project_domain_name: {{ .project_domain_name }} + region_name: {{ .region_name }} + container_name: {{ .container_name }} + max_retries: {{ .max_retries | default 3 }} + connect_timeout: {{ .connect_timeout | default "10s" }} + request_timeout: {{ .request_timeout | default "5s" }} {{- end -}} {{- else }} type: "local" @@ -328,6 +447,29 @@ ruler: {{- end }} {{- end }} +{{/* +Calculate the config from structured and unstructred text input +*/}} +{{- define "loki.calculatedConfig" -}} +{{ tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . }} +{{- end }} + +{{/* +The volume to mount for loki configuration +*/}} +{{- define "loki.configVolume" -}} +{{- if eq .Values.loki.configStorageType "Secret" -}} +secret: + secretName: {{ tpl .Values.loki.externalConfigSecretName . }} +{{- else if eq .Values.loki.configStorageType "ConfigMap" -}} +configMap: + name: {{ tpl .Values.loki.externalConfigSecretName . }} + items: + - key: "config.yaml" + path: "config.yaml" +{{- end -}} +{{- end -}} + {{/* Memcached Docker image */}} @@ -420,16 +562,16 @@ Params: pathType: Prefix {{- end }} backend: - {{- if $ingressApiIsStable }} {{- $serviceName := include "loki.ingress.serviceName" (dict "ctx" $.ctx "svcName" $.svcName) }} + {{- if $ingressApiIsStable }} service: name: {{ $serviceName }} port: - number: 3100 + number: {{ $.ctx.Values.loki.server.http_listen_port }} {{- else }} serviceName: {{ $serviceName }} - servicePort: 3100 -{{- end -}} + servicePort: {{ $.ctx.Values.loki.server.http_listen_port }} + {{- end -}} {{- end -}} {{- end -}} @@ -441,9 +583,9 @@ Params: */}} {{- define "loki.ingress.serviceName" -}} {{- if (eq .svcName "singleBinary") }} -{{- printf "%s" (include "loki.fullname" .ctx) }} +{{- printf "%s" (include "loki.singleBinaryFullname" .ctx) }} {{- else }} -{{- printf "%s-%s" (include "loki.fullname" .ctx) .svcName }} +{{- printf "%s-%s" (include "loki.name" .ctx) .svcName }} {{- end -}} {{- end -}} @@ -456,18 +598,9 @@ Create the service endpoint including port for MinIO. {{- end -}} {{- end -}} -{{/* Return the appropriate apiVersion for PodDisruptionBudget. */}} -{{- define "loki.podDisruptionBudget.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1" -}} - {{- else -}} - {{- print "policy/v1beta1" -}} - {{- end -}} -{{- end -}} - {{/* Determine if deployment is using object storage */}} {{- define "loki.isUsingObjectStorage" -}} -{{- or (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "azure") -}} +{{- or (eq .Values.loki.storage.type "gcs") (eq .Values.loki.storage.type "s3") (eq .Values.loki.storage.type "azure") (eq .Values.loki.storage.type "swift") (eq .Values.loki.storage.type "alibabacloud") -}} {{- end -}} {{/* Configure the correct name for the memberlist service */}} @@ -478,9 +611,9 @@ Create the service endpoint including port for MinIO. {{/* Determine the public host for the Loki cluster */}} {{- define "loki.host" -}} {{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}} -{{- $url := printf "%s.%s.svc.%s." (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain }} +{{- $url := printf "%s.%s.svc.%s.:%s" (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain (.Values.gateway.service.port | toString) }} {{- if and $isSingleBinary (not .Values.gateway.enabled) }} - {{- $url = printf "%s.%s.svc.%s.:3100" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain }} + {{- $url = printf "%s.%s.svc.%s.:%s" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }} {{- end }} {{- printf "%s" $url -}} {{- end -}} @@ -529,9 +662,9 @@ http { uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; - client_max_body_size 4M; + client_max_body_size 4M; - proxy_read_timeout 600; ## 6 minutes + proxy_read_timeout 600; ## 10 minutes proxy_send_timeout 600; proxy_connect_timeout 600; @@ -553,14 +686,21 @@ http { sendfile on; tcp_nopush on; + {{- if .Values.gateway.nginxConfig.resolver }} + resolver {{ .Values.gateway.nginxConfig.resolver }}; + {{- else }} resolver {{ .Values.global.dnsService }}.{{ .Values.global.dnsNamespace }}.svc.{{ .Values.global.clusterDomain }}.; + {{- end }} {{- with .Values.gateway.nginxConfig.httpSnippet }} - {{ . | nindent 2 }} + {{- tpl . $ | nindent 2 }} {{- end }} server { listen 8080; + {{- if .Values.gateway.nginxConfig.enableIPv6 }} + listen [::]:8080; + {{- end }} {{- if .Values.gateway.basicAuth.enabled }} auth_basic "Loki"; @@ -586,9 +726,9 @@ http { {{- $writeHost = include "loki.singleBinaryFullname" .}} {{- end }} - {{- $writeUrl := printf "http://%s.%s.svc.%s:3100" $writeHost .Release.Namespace .Values.global.clusterDomain }} - {{- $readUrl := printf "http://%s.%s.svc.%s:3100" $readHost .Release.Namespace .Values.global.clusterDomain }} - {{- $backendUrl := printf "http://%s.%s.svc.%s:3100" $backendHost .Release.Namespace .Values.global.clusterDomain }} + {{- $writeUrl := printf "http://%s.%s.svc.%s:%s" $writeHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }} + {{- $readUrl := printf "http://%s.%s.svc.%s:%s" $readHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }} + {{- $backendUrl := printf "http://%s.%s.svc.%s:%s" $backendHost .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.http_listen_port | toString) }} {{- if .Values.gateway.nginxConfig.customWriteUrl }} {{- $writeUrl = .Values.gateway.nginxConfig.customWriteUrl }} @@ -600,74 +740,124 @@ http { {{- $backendUrl = .Values.gateway.nginxConfig.customBackendUrl }} {{- end }} + + # Distributor location = /api/prom/push { proxy_pass {{ $writeUrl }}$request_uri; } + location = /loki/api/v1/push { + proxy_pass {{ $writeUrl }}$request_uri; + } + location = /distributor/ring { + proxy_pass {{ $writeUrl }}$request_uri; + } - location = /api/prom/tail { - proxy_pass {{ $readUrl }}$request_uri; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + # Ingester + location = /flush { + proxy_pass {{ $writeUrl }}$request_uri; + } + location ^~ /ingester/ { + proxy_pass {{ $writeUrl }}$request_uri; + } + location = /ingester { + internal; # to suppress 301 } - location ~ /api/prom/.* { - proxy_pass {{ $readUrl }}$request_uri; + # Ring + location = /ring { + proxy_pass {{ $writeUrl }}$request_uri; } - location ~ /prometheus/api/v1/alerts.* { + # MemberListKV + location = /memberlist { + proxy_pass {{ $writeUrl }}$request_uri; + } + + + # Ruler + location = /ruler/ring { proxy_pass {{ $backendUrl }}$request_uri; } - location ~ /prometheus/api/v1/rules.* { + location = /api/prom/rules { proxy_pass {{ $backendUrl }}$request_uri; } - location ~ /ruler/.* { + location ^~ /api/prom/rules/ { proxy_pass {{ $backendUrl }}$request_uri; } - - location = /loki/api/v1/push { - proxy_pass {{ $writeUrl }}$request_uri; + location = /loki/api/v1/rules { + proxy_pass {{ $backendUrl }}$request_uri; } - - location = /loki/api/v1/tail { - proxy_pass {{ $readUrl }}$request_uri; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + location ^~ /loki/api/v1/rules/ { + proxy_pass {{ $backendUrl }}$request_uri; } - - location ~ /compactor/.* { + location = /prometheus/api/v1/alerts { proxy_pass {{ $backendUrl }}$request_uri; } - - location ~ /distributor/.* { - proxy_pass {{ $writeUrl }}$request_uri; + location = /prometheus/api/v1/rules { + proxy_pass {{ $backendUrl }}$request_uri; } - location ~ /ring { - proxy_pass {{ $writeUrl }}$request_uri; + # Compactor + location = /compactor/ring { + proxy_pass {{ $backendUrl }}$request_uri; + } + location = /loki/api/v1/delete { + proxy_pass {{ $backendUrl }}$request_uri; + } + location = /loki/api/v1/cache/generation_numbers { + proxy_pass {{ $backendUrl }}$request_uri; } - location ~ /ingester/.* { - proxy_pass {{ $writeUrl }}$request_uri; + # IndexGateway + location = /indexgateway/ring { + proxy_pass {{ $backendUrl }}$request_uri; } - location ~ /store-gateway/.* { + # QueryScheduler + location = /scheduler/ring { proxy_pass {{ $backendUrl }}$request_uri; } - location ~ /query-scheduler/.* { + # Config + location = /config { proxy_pass {{ $backendUrl }}$request_uri; } - location ~ /scheduler/.* { + + {{- if and .Values.enterprise.enabled .Values.enterprise.adminApi.enabled }} + # Admin API + location ^~ /admin/api/ { proxy_pass {{ $backendUrl }}$request_uri; } + location = /admin/api { + internal; # to suppress 301 + } + {{- end }} - location ~ /loki/api/.* { + + # QueryFrontend, Querier + location = /api/prom/tail { proxy_pass {{ $readUrl }}$request_uri; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; } - - location ~ /admin/api/.* { - proxy_pass {{ $writeUrl }}$request_uri; + location = /loki/api/v1/tail { + proxy_pass {{ $readUrl }}$request_uri; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + location ^~ /api/prom/ { + proxy_pass {{ $readUrl }}$request_uri; + } + location = /api/prom { + internal; # to suppress 301 } + location ^~ /loki/api/v1/ { + proxy_pass {{ $readUrl }}$request_uri; + } + location = /loki/api/v1 { + internal; # to suppress 301 + } + {{- with .Values.gateway.nginxConfig.serverSnippet }} {{ . | nindent 4 }} @@ -698,6 +888,15 @@ enableServiceLinks: false {{/* single binary */}} {{- $compactorAddress = include "loki.singleBinaryFullname" . -}} {{- end -}} -{{- printf "%s" $compactorAddress }} +{{- printf "http://%s:%s" $compactorAddress (.Values.loki.server.http_listen_port | toString) }} {{- end }} +{{/* Determine query-scheduler address */}} +{{- define "loki.querySchedulerAddress" -}} +{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} +{{- $schedulerAddress := ""}} +{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) -}} +{{- $schedulerAddress = printf "query-scheduler-discovery.%s.svc.%s.:%s" .Release.Namespace .Values.global.clusterDomain (.Values.loki.server.grpc_listen_port | toString) -}} +{{- end -}} +{{- printf "%s" $schedulerAddress }} +{{- end }} diff --git a/charts/loki/templates/backend/clusterrole.yaml b/charts/loki/templates/backend/clusterrole.yaml new file mode 100644 index 000000000..176ada056 --- /dev/null +++ b/charts/loki/templates/backend/clusterrole.yaml @@ -0,0 +1,20 @@ +{{- if and (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "loki.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "loki.fullname" . }}-clusterrole +{{- if .Values.sidecar.rules.enabled }} +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- else }} +rules: [] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/loki/templates/backend/clusterrolebinding.yaml b/charts/loki/templates/backend/clusterrolebinding.yaml new file mode 100644 index 000000000..1021fd008 --- /dev/null +++ b/charts/loki/templates/backend/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "loki.fullname" . }}-clusterrolebinding + labels: + {{- include "loki.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "loki.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "loki.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} \ No newline at end of file diff --git a/charts/loki/templates/backend/hpa.yaml b/charts/loki/templates/backend/hpa.yaml new file mode 100644 index 000000000..ea834d6e0 --- /dev/null +++ b/charts/loki/templates/backend/hpa.yaml @@ -0,0 +1,50 @@ +{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} +{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}} +{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) ( .Values.backend.autoscaling.enabled ) }} +{{- if $autoscalingv2 }} +apiVersion: autoscaling/v2 +{{- else }} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "loki.backendFullname" . }} + labels: + {{- include "loki.backendLabels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "loki.backendFullname" . }} + minReplicas: {{ .Values.backend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.backend.autoscaling.maxReplicas }} + {{- with .Values.backend.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} + metrics: + {{- with .Values.backend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.backend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/loki/templates/backend/poddisruptionbudget-backend.yaml b/charts/loki/templates/backend/poddisruptionbudget-backend.yaml index 92c0d5795..d8ce5b061 100644 --- a/charts/loki/templates/backend/poddisruptionbudget-backend.yaml +++ b/charts/loki/templates/backend/poddisruptionbudget-backend.yaml @@ -1,9 +1,10 @@ {{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} {{- if and $isSimpleScalable (gt (int .Values.backend.replicas) 1) (not .Values.read.legacyReadTarget ) }} -apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "loki.backendFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.backendLabels" . | nindent 4 }} spec: diff --git a/charts/loki/templates/backend/query-scheduler-discovery.yaml b/charts/loki/templates/backend/query-scheduler-discovery.yaml new file mode 100644 index 000000000..527fa13cf --- /dev/null +++ b/charts/loki/templates/backend/query-scheduler-discovery.yaml @@ -0,0 +1,27 @@ +{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} +{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }} +--- +apiVersion: v1 +kind: Service +metadata: + name: query-scheduler-discovery + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.backendSelectorLabels" . | nindent 4 }} + prometheus.io/service-monitor: "false" +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: http-metrics + port: {{ .Values.loki.server.http_listen_port }} + targetPort: http-metrics + protocol: TCP + - name: grpc + port: {{ .Values.loki.server.grpc_listen_port }} + targetPort: grpc + protocol: TCP + selector: + {{- include "loki.backendSelectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/loki/templates/backend/service-backend-headless.yaml b/charts/loki/templates/backend/service-backend-headless.yaml index 044510708..0755be66d 100644 --- a/charts/loki/templates/backend/service-backend-headless.yaml +++ b/charts/loki/templates/backend/service-backend-headless.yaml @@ -5,19 +5,34 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.backendFullname" . }}-headless + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.backendSelectorLabels" . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.backend.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + variant: headless prometheus.io/service-monitor: "false" + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.backend.service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: ClusterIP clusterIP: None ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP selector: diff --git a/charts/loki/templates/backend/service-backend.yaml b/charts/loki/templates/backend/service-backend.yaml index b42f71534..cd1bd3b9b 100644 --- a/charts/loki/templates/backend/service-backend.yaml +++ b/charts/loki/templates/backend/service-backend.yaml @@ -5,20 +5,31 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.backendFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.backendLabels" . | nindent 4 }} - {{- with .Values.backend.serviceLabels }} - {{- toYaml . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.backend.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.backend.service.annotations }} + {{- toYaml . | nindent 4}} {{- end }} spec: type: ClusterIP ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP selector: diff --git a/charts/loki/templates/backend/statefulset-backend.yaml b/charts/loki/templates/backend/statefulset-backend.yaml index 7090b7534..97e110ea2 100644 --- a/charts/loki/templates/backend/statefulset-backend.yaml +++ b/charts/loki/templates/backend/statefulset-backend.yaml @@ -5,18 +5,30 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "loki.backendFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.backendLabels" . | nindent 4 }} app.kubernetes.io/part-of: memberlist + {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}} + annotations: + {{- with .Values.loki.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.backend.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} spec: +{{- if not .Values.backend.autoscaling.enabled }} replicas: {{ .Values.backend.replicas }} - podManagementPolicy: Parallel +{{- end }} + podManagementPolicy: {{ .Values.backend.podManagementPolicy }} updateStrategy: rollingUpdate: partition: 0 serviceName: {{ include "loki.backendFullname" . }}-headless revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }} - {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.backend.persistence.enableStatefulSetAutoDeletePVC) }} + {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.backend.persistence.enableStatefulSetAutoDeletePVC) (.Values.backend.persistence.volumeClaimsEnabled) }} {{/* Data on the backend nodes is easy to replace, so we want to always delete PVCs to make operation easier, and will rely on re-fetching data when needed. @@ -31,7 +43,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }} {{- with .Values.loki.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -68,6 +80,75 @@ spec: {{- end }} {{- end }} containers: + {{- if .Values.sidecar.rules.enabled }} + - name: loki-sc-rules + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.rules.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.rules.label }}" + {{- if .Values.sidecar.rules.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.rules.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.rules.folder }}" + - name: RESOURCE + value: {{ quote .Values.sidecar.rules.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.rules.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.rules.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.rules.script }} + - name: SCRIPT + value: "{{ .Values.sidecar.rules.script }}" + {{- end }} + {{- if .Values.sidecar.rules.watchServerTimeout }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.rules.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.rules.watchClientTimeout }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.rules.watchClientTimeout }}" + {{- end }} + {{- if .Values.sidecar.rules.logLevel }} + - name: LOG_LEVEL + value: "{{ .Values.sidecar.rules.logLevel }}" + {{- end }} + {{- if .Values.sidecar.livenessProbe }} + livenessProbe: + {{- toYaml .Values.sidecar.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml .Values.sidecar.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.sidecar.resources }} + resources: + {{- toYaml .Values.sidecar.resources | nindent 12 }} + {{- end }} + {{- if .Values.sidecar.securityContext }} + securityContext: + {{- toYaml .Values.sidecar.securityContext | nindent 12 }} + {{- end }} + volumeMounts: + - name: sc-rules-volume + mountPath: {{ .Values.sidecar.rules.folder | quote }} + {{- end}} - name: loki image: {{ include "loki.image" . }} imagePullPolicy: {{ .Values.loki.image.pullPolicy }} @@ -80,10 +161,10 @@ spec: {{- end }} ports: - name: http-metrics - containerPort: 3100 + containerPort: {{ .Values.loki.server.http_listen_port }} protocol: TCP - name: grpc - containerPort: 9095 + containerPort: {{ .Values.loki.server.grpc_listen_port }} protocol: TCP - name: http-memberlist containerPort: 7946 @@ -113,6 +194,10 @@ spec: - name: license mountPath: /etc/loki/license {{- end}} + {{- if .Values.sidecar.rules.enabled }} + - name: sc-rules-volume + mountPath: {{ .Values.sidecar.rules.folder | quote }} + {{- end}} {{- with .Values.backend.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -122,10 +207,18 @@ spec: affinity: {{- tpl . $ | nindent 8 }} {{- end }} + {{- with .Values.backend.dnsConfig }} + dnsConfig: + {{- tpl . $ | nindent 8 }} + {{- end }} {{- with .Values.backend.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.backend.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.backend.tolerations }} tolerations: {{- toYaml . | nindent 8 }} @@ -133,13 +226,16 @@ spec: volumes: - name: tmp emptyDir: {} + {{- if not .Values.backend.persistence.volumeClaimsEnabled }} + - name: data + {{- toYaml .Values.backend.persistence.dataVolumeParameters | nindent 10 }} + {{- end}} - name: config {{- if .Values.loki.existingSecretForConfig }} secret: secretName: {{ .Values.loki.existingSecretForConfig }} {{- else }} - configMap: - name: {{ include "loki.name" . }} + {{- include "loki.configVolume" . | nindent 10 }} {{- end }} - name: runtime-config configMap: @@ -153,11 +249,23 @@ spec: secretName: enterprise-logs-license {{- end }} {{- end }} + {{- if .Values.sidecar.rules.enabled }} + - name: sc-rules-volume + {{- if .Values.sidecar.rules.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.sidecar.rules.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end -}} + {{- end -}} {{- with .Values.backend.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.backend.persistence.volumeClaimsEnabled }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data spec: accessModes: @@ -172,4 +280,5 @@ spec: selector: {{- toYaml . | nindent 10 }} {{- end }} + {{- end }} {{- end }} diff --git a/charts/loki/templates/ciliumnetworkpolicy.yaml b/charts/loki/templates/ciliumnetworkpolicy.yaml new file mode 100644 index 000000000..fbd2619d8 --- /dev/null +++ b/charts/loki/templates/ciliumnetworkpolicy.yaml @@ -0,0 +1,238 @@ +{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "cilium") }} +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-namespace-only + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +spec: + endpointSelector: {} + egress: + - toEndpoints: + - {} + ingress: + - fromEndpoints: + - {} + +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-egress-dns + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +spec: + endpointSelector: + matchLabels: + {{- include "loki.selectorLabels" . | nindent 6 }} + egress: + - toPorts: + - ports: + - port: dns + protocol: UDP + toEndpoints: + - namespaceSelector: {} + +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-ingress + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +spec: + endpointSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + {{- if .Values.gateway.enabled }} + - gateway + {{- else }} + - read + - write + {{- end }} + matchLabels: + {{- include "loki.selectorLabels" . | nindent 6 }} + ingress: + - toPorts: + - ports: + - port: http + protocol: TCP + {{- if .Values.networkPolicy.ingress.namespaceSelector }} + fromEndpoints: + - matchLabels: + {{- toYaml .Values.networkPolicy.ingress.namespaceSelector | nindent 8 }} + {{- if .Values.networkPolicy.ingress.podSelector }} + {{- toYaml .Values.networkPolicy.ingress.podSelector | nindent 8 }} + {{- end }} + {{- end }} + +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-ingress-metrics + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +spec: + endpointSelector: + matchLabels: + {{- include "loki.selectorLabels" . | nindent 6 }} + ingress: + - toPorts: + - ports: + - port: http-metrics + protocol: TCP + {{- if .Values.networkPolicy.metrics.cidrs }} + {{- range $cidr := .Values.networkPolicy.metrics.cidrs }} + toCIDR: + - {{ $cidr }} + {{- end }} + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + fromEndpoints: + - matchLabels: + {{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 8 }} + {{- if .Values.networkPolicy.metrics.podSelector }} + {{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 8 }} + {{- end }} + {{- end }} + {{- end }} + +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-egress-alertmanager + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +spec: + endpointSelector: + matchLabels: + {{- include "loki.backendSelectorLabels" . | nindent 6 }} + egress: + - toPorts: + - ports: + - port: "{{ .Values.networkPolicy.alertmanager.port }}" + protocol: TCP + {{- if .Values.networkPolicy.alertmanager.namespaceSelector }} + toEndpoints: + - matchLabels: + {{- toYaml .Values.networkPolicy.alertmanager.namespaceSelector | nindent 8 }} + {{- if .Values.networkPolicy.alertmanager.podSelector }} + {{- toYaml .Values.networkPolicy.alertmanager.podSelector | nindent 8 }} + {{- end }} + {{- end }} + +{{- if .Values.networkPolicy.externalStorage.ports }} +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-egress-external-storage + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +spec: + endpointSelector: + matchLabels: + {{- include "loki.selectorLabels" . | nindent 6 }} + egress: + - toPorts: + - ports: + {{- range $port := .Values.networkPolicy.externalStorage.ports }} + - port: "{{ $port }}" + protocol: TCP + {{- end }} + {{- if .Values.networkPolicy.externalStorage.cidrs }} + {{- range $cidr := .Values.networkPolicy.externalStorage.cidrs }} + toCIDR: + - {{ $cidr }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.networkPolicy.egressWorld.enabled }} +{{- $global := . }} +{{- $componentsList := list "read" "write" "backend" }} +{{- if .Values.tableManager.enabled }} +{{- $componentsList = append $componentsList "table-manager" }} +{{- end }} +{{- range $component := $componentsList }} +{{- with $global }} +--- +apiVersion: "cilium.io/v2" +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-{{ $component }}-world-egress + namespace: {{ .Release.Namespace }} +spec: + endpointSelector: + matchLabels: + {{- if eq $component "read" }} + {{- include "loki.readSelectorLabels" . | nindent 6 }} + {{- else if eq $component "write" }} + {{- include "loki.writeSelectorLabels" . | nindent 6 }} + {{- else if eq $component "table-manager" }} + {{- include "loki.tableManagerSelectorLabels" . | nindent 6 }} + {{- else }} + {{- include "loki.backendSelectorLabels" . | nindent 6 }} + {{- end }} + egress: + - toEntities: + - world +{{- end }} +{{- end }} +{{- end }} + +{{- if .Values.networkPolicy.egressKubeApiserver.enabled }} +--- +apiVersion: "cilium.io/v2" +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-backend-kubeapiserver-egress + namespace: {{ .Release.Namespace }} +spec: + endpointSelector: + matchLabels: + {{- include "loki.backendSelectorLabels" . | nindent 6 }} + egress: + - toEntities: + - kube-apiserver +{{- end }} + +{{- end }} + +{{- if and .Values.networkPolicy.discovery.port (eq .Values.networkPolicy.flavor "cilium") }} +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{ include "loki.name" . }}-egress-discovery + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +spec: + endpointSelector: + matchLabels: + {{- include "loki.selectorLabels" . | nindent 6 }} + egress: + - toPorts: + - ports: + - port: "{{ .Values.networkPolicy.discovery.port }}" + protocol: TCP + {{- if .Values.networkPolicy.discovery.namespaceSelector }} + toEndpoints: + - matchLabels: + {{- toYaml .Values.networkPolicy.discovery.namespaceSelector | nindent 8 }} + {{- if .Values.networkPolicy.discovery.podSelector }} + {{- toYaml .Values.networkPolicy.discovery.podSelector | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/loki/templates/config.yaml b/charts/loki/templates/config.yaml new file mode 100644 index 000000000..101abc353 --- /dev/null +++ b/charts/loki/templates/config.yaml @@ -0,0 +1,21 @@ +{{- if not .Values.loki.existingSecretForConfig -}} +apiVersion: v1 +{{- if eq .Values.loki.configStorageType "Secret" }} +kind: Secret +{{- else }} +kind: ConfigMap +{{- end }} +metadata: + name: {{ tpl .Values.loki.externalConfigSecretName . }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.labels" . | nindent 4 }} +{{- if eq .Values.loki.configStorageType "Secret" }} +data: + config.yaml: {{ include "loki.calculatedConfig" . | b64enc }} +{{- else }} +data: + config.yaml: | + {{ include "loki.calculatedConfig" . | nindent 4 }} +{{- end -}} +{{- end }} diff --git a/charts/loki/templates/configmap.yaml b/charts/loki/templates/configmap.yaml deleted file mode 100644 index 8cfb80be8..000000000 --- a/charts/loki/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if not .Values.loki.existingSecretForConfig -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "loki.name" . }} - labels: - {{- include "loki.labels" . | nindent 4 }} -data: - config.yaml: | - {{- tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . | nindent 4 }} -{{- end -}} diff --git a/charts/loki/templates/gateway/configmap-gateway.yaml b/charts/loki/templates/gateway/configmap-gateway.yaml index dcb379b9c..fe98c73dc 100644 --- a/charts/loki/templates/gateway/configmap-gateway.yaml +++ b/charts/loki/templates/gateway/configmap-gateway.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "loki.gatewayFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.gatewayLabels" . | nindent 4 }} data: diff --git a/charts/loki/templates/gateway/deployment-gateway.yaml b/charts/loki/templates/gateway/deployment-gateway.yaml index ff8e64577..4ffa0c935 100644 --- a/charts/loki/templates/gateway/deployment-gateway.yaml +++ b/charts/loki/templates/gateway/deployment-gateway.yaml @@ -3,8 +3,18 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "loki.gatewayFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.gatewayLabels" . | nindent 4 }} + {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}} + annotations: + {{- with .Values.loki.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.gateway.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} spec: {{- if not .Values.gateway.autoscaling.enabled }} replicas: {{ .Values.gateway.replicas }} @@ -86,14 +96,25 @@ spec: {{- end }} resources: {{- toYaml .Values.gateway.resources | nindent 12 }} + {{- if .Values.gateway.extraContainers }} + {{- toYaml .Values.gateway.extraContainers | nindent 8}} + {{- end }} {{- with .Values.gateway.affinity }} affinity: {{- tpl . $ | nindent 8 }} {{- end }} + {{- with .Values.gateway.dnsConfig }} + dnsConfig: + {{- tpl . $ | nindent 8 }} + {{- end }} {{- with .Values.gateway.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.gateway.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.gateway.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/loki/templates/gateway/hpa.yaml b/charts/loki/templates/gateway/hpa.yaml index e23c22103..3541ec696 100644 --- a/charts/loki/templates/gateway/hpa.yaml +++ b/charts/loki/templates/gateway/hpa.yaml @@ -8,6 +8,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: {{ include "loki.gatewayFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.gatewayLabels" . | nindent 4 }} spec: @@ -17,6 +18,10 @@ spec: name: {{ include "loki.gatewayFullname" . }} minReplicas: {{ .Values.gateway.autoscaling.minReplicas }} maxReplicas: {{ .Values.gateway.autoscaling.maxReplicas }} + {{- with .Values.gateway.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} metrics: {{- with .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource diff --git a/charts/loki/templates/gateway/ingress-gateway.yaml b/charts/loki/templates/gateway/ingress-gateway.yaml index 5c1106c64..6f18e3396 100644 --- a/charts/loki/templates/gateway/ingress-gateway.yaml +++ b/charts/loki/templates/gateway/ingress-gateway.yaml @@ -7,8 +7,12 @@ apiVersion: {{ include "loki.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ include "loki.gatewayFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.gatewayLabels" . | nindent 4 }} + {{- range $labelKey, $labelValue := .Values.gateway.ingress.labels }} + {{ $labelKey }}: {{ $labelValue | toYaml }} + {{- end }} {{- with .Values.gateway.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -22,7 +26,7 @@ spec: {{- range .Values.gateway.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . | quote }} + - {{ tpl . $ | quote }} {{- end }} {{- with .secretName }} secretName: {{ . }} @@ -31,7 +35,7 @@ spec: {{- end }} rules: {{- range .Values.gateway.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ tpl .host $ | quote }} http: paths: {{- range .paths }} diff --git a/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml b/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml index 734906db9..0057c5653 100644 --- a/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml +++ b/charts/loki/templates/gateway/poddisruptionbudget-gateway.yaml @@ -1,9 +1,13 @@ {{- if and .Values.gateway.enabled }} -{{- if gt (int .Values.gateway.replicas) 1 }} -apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }} +{{- if or + (and (not .Values.gateway.autoscaling.enabled) (gt (int .Values.gateway.replicas) 1)) + (and .Values.gateway.autoscaling.enabled (gt (int .Values.gateway.autoscaling.minReplicas) 1)) +}} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "loki.gatewayFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.gatewayLabels" . | nindent 4 }} spec: diff --git a/charts/loki/templates/gateway/secret-gateway.yaml b/charts/loki/templates/gateway/secret-gateway.yaml index f7cc8a676..c3c5e9a27 100644 --- a/charts/loki/templates/gateway/secret-gateway.yaml +++ b/charts/loki/templates/gateway/secret-gateway.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "loki.gatewayFullname" $ }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.gatewayLabels" $ | nindent 4 }} stringData: diff --git a/charts/loki/templates/gateway/service-gateway.yaml b/charts/loki/templates/gateway/service-gateway.yaml index 8e7b6c011..5cb7a55c3 100644 --- a/charts/loki/templates/gateway/service-gateway.yaml +++ b/charts/loki/templates/gateway/service-gateway.yaml @@ -3,15 +3,22 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.gatewayFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.gatewayLabels" . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} {{- with .Values.gateway.service.labels }} - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 4}} {{- end }} - {{- with .Values.gateway.service.annotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.gateway.service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: {{ .Values.gateway.service.type }} {{- with .Values.gateway.service.clusterIP }} diff --git a/charts/loki/templates/ingress.yaml b/charts/loki/templates/ingress.yaml index 49e391191..ddbcf7fdb 100644 --- a/charts/loki/templates/ingress.yaml +++ b/charts/loki/templates/ingress.yaml @@ -4,8 +4,12 @@ apiVersion: {{ include "loki.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ include "loki.fullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -19,7 +23,7 @@ spec: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . | quote }} + - {{ tpl . $ | quote }} {{- end }} {{- with .secretName }} secretName: {{ . }} @@ -28,7 +32,7 @@ spec: {{- end }} rules: {{- range $.Values.ingress.hosts }} - - host: {{ . | quote }} + - host: {{ tpl . $ | quote }} http: paths: {{- include "loki.ingress.servicePaths" $ | indent 10}} diff --git a/charts/loki/templates/loki-canary/_helpers.tpl b/charts/loki/templates/loki-canary/_helpers.tpl index 28ce60d10..2ea8dd754 100644 --- a/charts/loki/templates/loki-canary/_helpers.tpl +++ b/charts/loki/templates/loki-canary/_helpers.tpl @@ -30,10 +30,10 @@ Docker image name for loki-canary {{- end -}} {{/* -canry priority class name +canary priority class name */}} {{- define "loki-canary.priorityClassName" -}} -{{- $pcn := coalesce .Values.global.priorityClassName .Values.read.priorityClassName -}} +{{- $pcn := coalesce .Values.global.priorityClassName .Values.monitoring.lokiCanary.priorityClassName .Values.read.priorityClassName -}} {{- if $pcn }} priorityClassName: {{ $pcn }} {{- end }} diff --git a/charts/loki/templates/loki-canary/daemonset.yaml b/charts/loki/templates/loki-canary/daemonset.yaml index 7b5d9c0d5..250d1a8ad 100644 --- a/charts/loki/templates/loki-canary/daemonset.yaml +++ b/charts/loki/templates/loki-canary/daemonset.yaml @@ -5,20 +5,28 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ include "loki-canary.fullname" $ }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki-canary.labels" $ | nindent 4 }} spec: selector: matchLabels: {{- include "loki-canary.selectorLabels" $ | nindent 6 }} + {{- with .updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} template: metadata: + {{- with .annotations }} annotations: - {{- with .annotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} labels: {{- include "loki-canary.selectorLabels" $ | nindent 8 }} + {{- with .podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "loki-canary.fullname" $ }} {{- with $.Values.imagePullSecrets }} @@ -34,7 +42,7 @@ spec: imagePullPolicy: {{ $.Values.loki.image.pullPolicy }} args: - -addr={{- include "loki.host" $ }} - - -labelname=pod + - -labelname={{ .labelname }} - -labelvalue=$(POD_NAME) {{- if $.Values.enterprise.enabled }} - -user=$(USER) @@ -87,6 +95,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/loki/templates/loki-canary/service.yaml b/charts/loki/templates/loki-canary/service.yaml index 6d7ace5cb..d0fb34e38 100644 --- a/charts/loki/templates/loki-canary/service.yaml +++ b/charts/loki/templates/loki-canary/service.yaml @@ -5,8 +5,22 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki-canary.fullname" $ }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki-canary.labels" $ | nindent 4 }} + {{- with $.Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + annotations: + {{- with $.Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: ClusterIP ports: diff --git a/charts/loki/templates/loki-canary/serviceaccount.yaml b/charts/loki/templates/loki-canary/serviceaccount.yaml index 27949423b..dbcd2b345 100644 --- a/charts/loki/templates/loki-canary/serviceaccount.yaml +++ b/charts/loki/templates/loki-canary/serviceaccount.yaml @@ -5,10 +5,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "loki-canary.fullname" $ }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki-canary.labels" $ | nindent 4 }} - annotations: {{- with .annotations }} + annotations: {{- toYaml . | nindent 4 }} {{- end }} automountServiceAccountToken: {{ $.Values.serviceAccount.automountServiceAccountToken }} diff --git a/charts/loki/templates/monitoring/_helpers-monitoring.tpl b/charts/loki/templates/monitoring/_helpers-monitoring.tpl index 342fd2b6b..cb693e4f8 100644 --- a/charts/loki/templates/monitoring/_helpers-monitoring.tpl +++ b/charts/loki/templates/monitoring/_helpers-monitoring.tpl @@ -3,15 +3,15 @@ Client definition for LogsInstance */}} {{- define "loki.logsInstanceClient" -}} {{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}} -{{- $url := printf "http://%s.%s.svc.%s:3100/loki/api/v1/push" (include "loki.writeFullname" .) .Release.Namespace .Values.global.clusterDomain }} +{{- $url := printf "http://%s.%s.svc.%s:%s/loki/api/v1/push" (include "loki.writeFullname" .) .Release.Namespace .Values.global.clusterDomain ( .Values.loki.server.http_listen_port | toString ) }} {{- if $isSingleBinary }} - {{- $url = printf "http://%s.%s.svc.%s:3100/loki/api/v1/push" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain }} + {{- $url = printf "http://%s.%s.svc.%s:%s/loki/api/v1/push" (include "loki.singleBinaryFullname" .) .Release.Namespace .Values.global.clusterDomain ( .Values.loki.server.http_listen_port | toString ) }} {{- else if .Values.gateway.enabled -}} {{- $url = printf "http://%s.%s.svc.%s/loki/api/v1/push" (include "loki.gatewayFullname" .) .Release.Namespace .Values.global.clusterDomain }} {{- end -}} - url: {{ $url }} externalLabels: - cluster: {{ include "loki.fullname" . }} + cluster: {{ include "loki.clusterLabel" . }} {{- if .Values.enterprise.enabled }} basicAuth: username: @@ -21,7 +21,7 @@ Client definition for LogsInstance name: {{ include "enterprise-logs.selfMonitoringTenantSecret" . }} key: password {{- else if .Values.loki.auth_enabled }} - tenantId: {{ .Values.monitoring.selfMonitoring.tenant.name }} + tenantId: {{ .Values.monitoring.selfMonitoring.tenant.name | quote }} {{- end }} {{- end -}} @@ -35,3 +35,13 @@ Convert a recording rule group to yaml {{- toYaml .rules | nindent 4 }} {{- end }} {{- end }} + +{{/* +GrafanaAgent priority class name +*/}} +{{- define "grafana-agent.priorityClassName" -}} +{{- $pcn := coalesce .Values.global.priorityClassName .Values.monitoring.selfMonitoring.grafanaAgent.priorityClassName -}} +{{- if $pcn }} +priorityClassName: {{ $pcn }} +{{- end }} +{{- end }} diff --git a/charts/loki/templates/monitoring/dashboards/configmap-1.yaml b/charts/loki/templates/monitoring/dashboards/configmap-1.yaml index 6447a49d1..6352f2533 100644 --- a/charts/loki/templates/monitoring/dashboards/configmap-1.yaml +++ b/charts/loki/templates/monitoring/dashboards/configmap-1.yaml @@ -1,6 +1,5 @@ -{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} {{- with .Values.monitoring.dashboards }} -{{- if and $isSimpleScalable .enabled }} +{{- if .enabled }} --- apiVersion: v1 kind: ConfigMap diff --git a/charts/loki/templates/monitoring/dashboards/configmap-2.yaml b/charts/loki/templates/monitoring/dashboards/configmap-2.yaml index 6c66d1589..67d3cf4f9 100644 --- a/charts/loki/templates/monitoring/dashboards/configmap-2.yaml +++ b/charts/loki/templates/monitoring/dashboards/configmap-2.yaml @@ -1,6 +1,5 @@ -{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} {{- with .Values.monitoring.dashboards }} -{{- if and $isSimpleScalable .enabled }} +{{- if .enabled }} --- apiVersion: v1 kind: ConfigMap diff --git a/charts/loki/templates/monitoring/grafana-agent.yaml b/charts/loki/templates/monitoring/grafana-agent.yaml index 0ac0f6cad..a047e5f86 100644 --- a/charts/loki/templates/monitoring/grafana-agent.yaml +++ b/charts/loki/templates/monitoring/grafana-agent.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.grafana.com/v1alpha1 kind: GrafanaAgent metadata: name: {{ include "loki.fullname" $ }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" $ | nindent 4 }} {{- with .labels }} @@ -16,6 +17,7 @@ metadata: spec: serviceAccountName: {{ include "loki.fullname" $ }}-grafana-agent enableConfigReadAPI: {{ .enableConfigReadAPI }} + {{- include "grafana-agent.priorityClassName" $ | nindent 2 }} logs: instanceSelector: matchLabels: @@ -28,6 +30,14 @@ spec: {{- include "loki.selectorLabels" $ | nindent 8 }} {{- end }} {{- end }} + {{- with .resources }} + resources: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 4 }} + {{- end }} --- diff --git a/charts/loki/templates/monitoring/logs-instance.yaml b/charts/loki/templates/monitoring/logs-instance.yaml index 34ab6e9a5..58d5fb045 100644 --- a/charts/loki/templates/monitoring/logs-instance.yaml +++ b/charts/loki/templates/monitoring/logs-instance.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.grafana.com/v1alpha1 kind: LogsInstance metadata: name: {{ include "loki.fullname" $ }} + namespace: {{ $.Release.Namespace }} {{- with .annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/loki/templates/monitoring/loki-alerts.yaml b/charts/loki/templates/monitoring/loki-alerts.yaml index c473ed545..f3333df88 100644 --- a/charts/loki/templates/monitoring/loki-alerts.yaml +++ b/charts/loki/templates/monitoring/loki-alerts.yaml @@ -17,6 +17,6 @@ metadata: namespace: {{ .namespace | default $.Release.Namespace }} spec: groups: - {{- include "loki.ruleGroupToYaml" ($.Files.Get "src/alerts.yaml" | fromYaml).groups | indent 4 }} + {{- include "loki.ruleGroupToYaml" (tpl ($.Files.Get "src/alerts.yaml.tpl") $ | fromYaml).groups | indent 4 }} {{- end }} {{- end }} diff --git a/charts/loki/templates/monitoring/pod-logs.yaml b/charts/loki/templates/monitoring/pod-logs.yaml index e9d66d64d..317339d76 100644 --- a/charts/loki/templates/monitoring/pod-logs.yaml +++ b/charts/loki/templates/monitoring/pod-logs.yaml @@ -1,10 +1,11 @@ --- {{- if .Values.monitoring.selfMonitoring.enabled }} {{- with .Values.monitoring.selfMonitoring.podLogs }} -apiVersion: monitoring.grafana.com/v1alpha1 +apiVersion: {{ .apiVersion }} kind: PodLogs metadata: name: {{ include "loki.fullname" $ }} + namespace: {{ $.Release.Namespace }} {{- with .annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -17,8 +18,12 @@ metadata: spec: pipelineStages: - cri: { } + {{- with .additionalPipelineStages }} + {{- toYaml . | nindent 4 }} + {{- end }} relabelings: - - sourceLabels: + - action: replace + sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: __host__ - action: labelmap @@ -41,7 +46,8 @@ spec: sourceLabels: - __meta_kubernetes_pod_container_name targetLabel: container - - replacement: "{{ include "loki.fullname" $ }}" + - action: replace + replacement: "{{ include "loki.clusterLabel" $ }}" targetLabel: cluster {{- with .relabelings }} {{- toYaml . | nindent 4 }} diff --git a/charts/loki/templates/monitoring/servicemonitor.yaml b/charts/loki/templates/monitoring/servicemonitor.yaml index c5dca1fb4..856cee8f3 100644 --- a/charts/loki/templates/monitoring/servicemonitor.yaml +++ b/charts/loki/templates/monitoring/servicemonitor.yaml @@ -5,6 +5,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "loki.fullname" $ }} + namespace: {{ $.Release.Namespace }} {{- with .annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -38,13 +39,19 @@ spec: {{- end }} relabelings: - sourceLabels: [job] + action: replace replacement: "{{ $.Release.Namespace }}/$1" targetLabel: job - - replacement: "{{ include "loki.fullname" $ }}" + - action: replace + replacement: "{{ include "loki.clusterLabel" $ }}" targetLabel: cluster {{- with .relabelings }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/loki/templates/networkpolicy.yaml b/charts/loki/templates/networkpolicy.yaml index a7de14b7c..5052e8116 100644 --- a/charts/loki/templates/networkpolicy.yaml +++ b/charts/loki/templates/networkpolicy.yaml @@ -1,9 +1,10 @@ -{{- if .Values.networkPolicy.enabled }} +{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "kubernetes") }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "loki.name" . }}-namespace-only + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: @@ -23,6 +24,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "loki.name" . }}-egress-dns + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: @@ -33,7 +35,7 @@ spec: {{- include "loki.selectorLabels" . | nindent 6 }} egress: - ports: - - port: 53 + - port: dns protocol: UDP to: - namespaceSelector: {} @@ -43,6 +45,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "loki.name" . }}-ingress + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: @@ -80,6 +83,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "loki.name" . }}-ingress-metrics + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: @@ -108,12 +112,12 @@ spec: {{- end }} {{- end }} -{{- if .Values.ruler.enabled }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "loki.name" . }}-egress-alertmanager + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: @@ -121,7 +125,7 @@ spec: - Egress podSelector: matchLabels: - {{- include "loki.rulerSelectorLabels" . | nindent 6 }} + {{- include "loki.backendSelectorLabels" . | nindent 6 }} egress: - ports: - port: {{ .Values.networkPolicy.alertmanager.port }} @@ -135,7 +139,6 @@ spec: {{- toYaml .Values.networkPolicy.alertmanager.podSelector | nindent 12 }} {{- end }} {{- end }} -{{- end }} {{- if .Values.networkPolicy.externalStorage.ports }} --- @@ -143,6 +146,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "loki.name" . }}-egress-external-storage + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: @@ -168,12 +172,13 @@ spec: {{- end }} -{{- if .Values.networkPolicy.discovery.port }} +{{- if and .Values.networkPolicy.discovery.port (eq .Values.networkPolicy.flavor "kubernetes") }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "loki.name" . }}-egress-discovery + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: diff --git a/charts/loki/templates/podsecuritypolicy.yaml b/charts/loki/templates/podsecuritypolicy.yaml index 9833d0c43..05470d9ff 100644 --- a/charts/loki/templates/podsecuritypolicy.yaml +++ b/charts/loki/templates/podsecuritypolicy.yaml @@ -5,6 +5,10 @@ metadata: name: {{ include "loki.name" . }} labels: {{- include "loki.labels" . | nindent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.rbac.pspAnnotations | indent 4 }} +{{- end }} spec: privileged: false allowPrivilegeEscalation: false @@ -13,6 +17,7 @@ spec: - 'emptyDir' - 'persistentVolumeClaim' - 'secret' + - 'projected' hostNetwork: false hostIPC: false hostPID: false diff --git a/charts/loki/templates/provisioner/job-provisioner.yaml b/charts/loki/templates/provisioner/job-provisioner.yaml index 0845009fb..deb6e73c1 100644 --- a/charts/loki/templates/provisioner/job-provisioner.yaml +++ b/charts/loki/templates/provisioner/job-provisioner.yaml @@ -4,6 +4,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ template "enterprise-logs.provisionerFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }} {{- with .Values.enterprise.provisioner.labels }} @@ -92,21 +93,30 @@ spec: - /bin/bash - -exuc - | + # In case, the admin resources have already been created, the provisioner job + # does not write the token files to the bootstrap mount. + # Therefore, secrets are only created if the respective token files exist. + # Note: the following bash commands should always return a success status code. + # Therefore, in case the token file does not exist, the first clause of the + # or-operation is successful. {{- range .Values.enterprise.provisioner.additionalTenants }} - kubectl --namespace "{{ .secretNamespace }}" create secret generic "{{ include "enterprise-logs.provisionedSecretPrefix" $ }}-{{ .name }}" \ - --from-literal=token-write="$(cat /bootstrap/token-write-{{ .name }})" \ - --from-literal=token-read="$(cat /bootstrap/token-read-{{ .name }})" + ! test -s /bootstrap/token-write-{{ .name }} || \ + kubectl --namespace "{{ .secretNamespace }}" create secret generic "{{ include "enterprise-logs.provisionedSecretPrefix" $ }}-{{ .name }}" \ + --from-literal=token-write="$(cat /bootstrap/token-write-{{ .name }})" \ + --from-literal=token-read="$(cat /bootstrap/token-read-{{ .name }})" {{- end }} {{- $namespace := $.Release.Namespace }} {{- with .Values.monitoring.selfMonitoring.tenant }} {{- $secretNamespace := tpl .secretNamespace $ }} - kubectl --namespace "{{ $namespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \ - --from-literal=username="{{ .name }}" \ - --from-literal=password="$(cat /bootstrap/token-self-monitoring)" + ! test -s /bootstrap/token-self-monitoring || \ + kubectl --namespace "{{ $namespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \ + --from-literal=username="{{ .name }}" \ + --from-literal=password="$(cat /bootstrap/token-self-monitoring)" {{- if not (eq $secretNamespace $namespace) }} - kubectl --namespace "{{ $secretNamespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \ - --from-literal=username="{{ .name }}" \ - --from-literal=password="$(cat /bootstrap/token-self-monitoring)" + ! test -s /bootstrap/token-self-monitoring || \ + kubectl --namespace "{{ $secretNamespace }}" create secret generic "{{ include "enterprise-logs.selfMonitoringTenantSecret" $ }}" \ + --from-literal=username="{{ .name }}" \ + --from-literal=password="$(cat /bootstrap/token-self-monitoring)" {{- end }} {{- end }} volumeMounts: diff --git a/charts/loki/templates/provisioner/role-provisioner.yaml b/charts/loki/templates/provisioner/role-provisioner.yaml index a8da5990c..e1a636ef7 100644 --- a/charts/loki/templates/provisioner/role-provisioner.yaml +++ b/charts/loki/templates/provisioner/role-provisioner.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "enterprise-logs.provisionerFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }} {{- with .Values.enterprise.provisioner.labels }} diff --git a/charts/loki/templates/provisioner/rolebinding-provisioner.yaml b/charts/loki/templates/provisioner/rolebinding-provisioner.yaml index 0fc46f46e..e681e97a7 100644 --- a/charts/loki/templates/provisioner/rolebinding-provisioner.yaml +++ b/charts/loki/templates/provisioner/rolebinding-provisioner.yaml @@ -4,6 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "enterprise-logs.provisionerFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }} {{- with .Values.enterprise.provisioner.labels }} @@ -21,5 +22,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "enterprise-logs.provisionerFullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} {{- end }} diff --git a/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml b/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml index 2dc67d248..81e92e9cc 100644 --- a/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml +++ b/charts/loki/templates/provisioner/serviceaccount-provisioner.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "enterprise-logs.provisionerFullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} labels: {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }} {{- with .Values.enterprise.provisioner.labels }} diff --git a/charts/loki/templates/read/deployment-read.yaml b/charts/loki/templates/read/deployment-read.yaml index 9e9c26dcf..ee9a15108 100644 --- a/charts/loki/templates/read/deployment-read.yaml +++ b/charts/loki/templates/read/deployment-read.yaml @@ -5,9 +5,19 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "loki.readFullname" . }} + namespace: {{ $.Release.Namespace }} labels: app.kubernetes.io/part-of: memberlist {{- include "loki.readLabels" . | nindent 4 }} + {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}} + annotations: + {{- with .Values.loki.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.read.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} spec: {{- if not .Values.read.autoscaling.enabled }} replicas: {{ .Values.read.replicas }} @@ -23,7 +33,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }} {{- with .Values.loki.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -61,16 +71,16 @@ spec: - -config.file=/etc/loki/config/config.yaml - -target={{ .Values.read.targetModule }} - -legacy-read-mode=false - - -common.compactor-grpc-address={{ include "loki.backendFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:9095 + - -common.compactor-grpc-address={{ include "loki.backendFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:{{ .Values.loki.server.grpc_listen_port }} {{- with .Values.read.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} ports: - name: http-metrics - containerPort: 3100 + containerPort: {{ .Values.loki.server.http_listen_port }} protocol: TCP - name: grpc - containerPort: 9095 + containerPort: {{ .Values.loki.server.grpc_listen_port }} protocol: TCP - name: http-memberlist containerPort: 7946 @@ -105,14 +115,25 @@ spec: {{- end }} resources: {{- toYaml .Values.read.resources | nindent 12 }} + {{- with .Values.read.extraContainers }} + {{- toYaml . | nindent 8}} + {{- end }} {{- with .Values.read.affinity }} affinity: {{- tpl . $ | nindent 8 }} {{- end }} + {{- with .Values.read.dnsConfig }} + dnsConfig: + {{- tpl . $ | nindent 8 }} + {{- end }} {{- with .Values.read.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.read.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.read.tolerations }} tolerations: {{- toYaml . | nindent 8 }} @@ -127,8 +148,7 @@ spec: secret: secretName: {{ .Values.loki.existingSecretForConfig }} {{- else }} - configMap: - name: {{ include "loki.name" . }} + {{- include "loki.configVolume" . | nindent 10 }} {{- end }} - name: runtime-config configMap: diff --git a/charts/loki/templates/read/hpa.yaml b/charts/loki/templates/read/hpa.yaml new file mode 100644 index 000000000..5515ecb0b --- /dev/null +++ b/charts/loki/templates/read/hpa.yaml @@ -0,0 +1,55 @@ +{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} +{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}} +{{- if and $isSimpleScalable ( .Values.read.autoscaling.enabled ) }} +{{- if $autoscalingv2 }} +apiVersion: autoscaling/v2 +{{- else }} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "loki.readFullname" . }} + labels: + {{- include "loki.readLabels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 +{{- if and $isSimpleScalable (not .Values.read.legacyReadTarget ) }} + kind: Deployment + name: {{ include "loki.readFullname" . }} +{{- else }} + kind: StatefulSet + name: {{ include "loki.readFullname" . }} +{{- end }} + minReplicas: {{ .Values.read.autoscaling.minReplicas }} + maxReplicas: {{ .Values.read.autoscaling.maxReplicas }} + {{- with .Values.read.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} + metrics: + {{- with .Values.read.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.read.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/loki/templates/read/poddisruptionbudget-read.yaml b/charts/loki/templates/read/poddisruptionbudget-read.yaml index 3f2f5cd0c..af4fcbf16 100644 --- a/charts/loki/templates/read/poddisruptionbudget-read.yaml +++ b/charts/loki/templates/read/poddisruptionbudget-read.yaml @@ -1,9 +1,10 @@ {{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} {{- if and $isSimpleScalable (gt (int .Values.read.replicas) 1) }} -apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "loki.readFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.readLabels" . | nindent 4 }} spec: diff --git a/charts/loki/templates/read/service-read-headless.yaml b/charts/loki/templates/read/service-read-headless.yaml index ec2d57a1e..14ba0f62f 100644 --- a/charts/loki/templates/read/service-read-headless.yaml +++ b/charts/loki/templates/read/service-read-headless.yaml @@ -5,19 +5,34 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.readFullname" . }}-headless + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.readSelectorLabels" . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.read.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + variant: headless prometheus.io/service-monitor: "false" + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.read.service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: ClusterIP clusterIP: None ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP appProtocol: tcp diff --git a/charts/loki/templates/read/service-read.yaml b/charts/loki/templates/read/service-read.yaml index 5512bce7a..f4000fda5 100644 --- a/charts/loki/templates/read/service-read.yaml +++ b/charts/loki/templates/read/service-read.yaml @@ -5,20 +5,31 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.readFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.readLabels" . | nindent 4 }} - {{- with .Values.read.serviceLabels }} - {{- toYaml . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.read.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.read.service.annotations }} + {{- toYaml . | nindent 4}} {{- end }} spec: type: ClusterIP ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP selector: diff --git a/charts/loki/templates/read/statefulset-read.yaml b/charts/loki/templates/read/statefulset-read.yaml index 066620b01..6efa0ad55 100644 --- a/charts/loki/templates/read/statefulset-read.yaml +++ b/charts/loki/templates/read/statefulset-read.yaml @@ -5,12 +5,24 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "loki.readFullname" . }} + namespace: {{ $.Release.Namespace }} labels: app.kubernetes.io/part-of: memberlist {{- include "loki.readLabels" . | nindent 4 }} + {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.read.annotations))}} + annotations: + {{- with .Values.loki.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.read.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} spec: +{{- if not .Values.read.autoscaling.enabled }} replicas: {{ .Values.read.replicas }} - podManagementPolicy: Parallel +{{- end }} + podManagementPolicy: {{ .Values.read.podManagementPolicy }} updateStrategy: rollingUpdate: partition: 0 @@ -31,7 +43,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }} {{- with .Values.loki.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -74,10 +86,10 @@ spec: {{- end }} ports: - name: http-metrics - containerPort: 3100 + containerPort: {{ .Values.loki.server.http_listen_port }} protocol: TCP - name: grpc - containerPort: 9095 + containerPort: {{ .Values.loki.server.grpc_listen_port }} protocol: TCP - name: http-memberlist containerPort: 7946 @@ -116,14 +128,25 @@ spec: {{- end }} resources: {{- toYaml .Values.read.resources | nindent 12 }} + {{- with .Values.read.extraContainers }} + {{- toYaml . | nindent 8}} + {{- end }} {{- with .Values.read.affinity }} affinity: {{- tpl . $ | nindent 8 }} {{- end }} + {{- with .Values.read.dnsConfig }} + dnsConfig: + {{- tpl . $ | nindent 8 }} + {{- end }} {{- with .Values.read.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.read.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.read.tolerations }} tolerations: {{- toYaml . | nindent 8 }} @@ -155,7 +178,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data spec: accessModes: diff --git a/charts/loki/templates/role.yaml b/charts/loki/templates/role.yaml index 768dd39b5..1e714b606 100644 --- a/charts/loki/templates/role.yaml +++ b/charts/loki/templates/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "loki.name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} {{- if .Values.rbac.pspEnabled }} @@ -15,7 +15,7 @@ rules: verbs: - use resourceNames: - - {{ include "loki.fullname" . }} + - {{ include "loki.name" . }} {{- end }} {{- if .Values.rbac.sccEnabled }} rules: @@ -26,6 +26,11 @@ rules: verbs: - use resourceNames: - - {{ include "loki.fullname" . }} + - {{ include "loki.name" . }} + {{- if and .Values.rbac.namespaced .Values.sidecar.rules.enabled }} + - apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] + {{- end }} {{- end }} {{- end }} diff --git a/charts/loki/templates/rolebinding.yaml b/charts/loki/templates/rolebinding.yaml index 71f9e8f75..cc0dfd2ad 100644 --- a/charts/loki/templates/rolebinding.yaml +++ b/charts/loki/templates/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "loki.name" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} roleRef: @@ -12,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "loki.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} {{- end }} diff --git a/charts/loki/templates/runtime-configmap.yaml b/charts/loki/templates/runtime-configmap.yaml index a8a1344c5..2f38193da 100644 --- a/charts/loki/templates/runtime-configmap.yaml +++ b/charts/loki/templates/runtime-configmap.yaml @@ -2,8 +2,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "loki.name" . }}-runtime + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} data: runtime-config.yaml: | - {{ tpl (toYaml .Values.loki.runtimeConfig) . | nindent 4 }} + {{- tpl (toYaml .Values.loki.runtimeConfig) . | nindent 4 }} diff --git a/charts/loki/templates/secret-license.yaml b/charts/loki/templates/secret-license.yaml index 31af72e80..eaa519fc3 100644 --- a/charts/loki/templates/secret-license.yaml +++ b/charts/loki/templates/secret-license.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: enterprise-logs-license + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} data: diff --git a/charts/loki/templates/service-memberlist.yaml b/charts/loki/templates/service-memberlist.yaml index ca1048597..cacb5b1e8 100644 --- a/charts/loki/templates/service-memberlist.yaml +++ b/charts/loki/templates/service-memberlist.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.memberlist" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: diff --git a/charts/loki/templates/serviceaccount.yaml b/charts/loki/templates/serviceaccount.yaml index 5734c012d..dd8914136 100644 --- a/charts/loki/templates/serviceaccount.yaml +++ b/charts/loki/templates/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "loki.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} diff --git a/charts/loki/templates/single-binary/hpa.yaml b/charts/loki/templates/single-binary/hpa.yaml new file mode 100644 index 000000000..c529f1899 --- /dev/null +++ b/charts/loki/templates/single-binary/hpa.yaml @@ -0,0 +1,51 @@ +{{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}} +{{- $usingObjectStorage := eq (include "loki.isUsingObjectStorage" .) "true" }} +{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}} +{{- if and $isSingleBinary $usingObjectStorage ( .Values.singleBinary.autoscaling.enabled ) }} +{{- if $autoscalingv2 }} +apiVersion: autoscaling/v2 +{{- else }} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "loki.singleBinaryFullname" . }} + labels: + {{- include "loki.singleBinaryLabels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "loki.singleBinaryFullname" . }} + minReplicas: {{ .Values.singleBinary.autoscaling.minReplicas }} + maxReplicas: {{ .Values.singleBinary.autoscaling.maxReplicas }} + {{- with .Values.singleBinary.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} + metrics: + {{- with .Values.singleBinary.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.singleBinary.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/loki/templates/single-binary/pdb.yaml b/charts/loki/templates/single-binary/pdb.yaml index 65bc53d4b..bb1e1ccc1 100644 --- a/charts/loki/templates/single-binary/pdb.yaml +++ b/charts/loki/templates/single-binary/pdb.yaml @@ -1,11 +1,11 @@ {{- $isSingleBinary := eq (include "loki.deployment.isSingleBinary" .) "true" -}} {{- if and .Values.podDisruptionBudget $isSingleBinary -}} --- -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "loki.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} spec: diff --git a/charts/loki/templates/single-binary/service-headless.yaml b/charts/loki/templates/single-binary/service-headless.yaml index 9d4d85ee9..7522240af 100644 --- a/charts/loki/templates/single-binary/service-headless.yaml +++ b/charts/loki/templates/single-binary/service-headless.yaml @@ -5,16 +5,29 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.name" . }}-headless - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.singleBinary.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} variant: headless prometheus.io/service-monitor: "false" + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.singleBinary.service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: clusterIP: None ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP selector: diff --git a/charts/loki/templates/single-binary/service.yaml b/charts/loki/templates/single-binary/service.yaml index 698438e12..352fcadf9 100644 --- a/charts/loki/templates/single-binary/service.yaml +++ b/charts/loki/templates/single-binary/service.yaml @@ -5,17 +5,31 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.singleBinaryFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.singleBinary.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.singleBinary.service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: ClusterIP ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP selector: diff --git a/charts/loki/templates/single-binary/statefulset.yaml b/charts/loki/templates/single-binary/statefulset.yaml index ed757f8de..8922c89ab 100644 --- a/charts/loki/templates/single-binary/statefulset.yaml +++ b/charts/loki/templates/single-binary/statefulset.yaml @@ -5,9 +5,19 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "loki.singleBinaryFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.singleBinaryLabels" . | nindent 4 }} app.kubernetes.io/part-of: memberlist + {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.singleBinary.annotations))}} + annotations: + {{- with .Values.loki.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.singleBinary.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} spec: replicas: {{ include "loki.singleBinaryReplicas" . }} podManagementPolicy: Parallel @@ -16,7 +26,7 @@ spec: partition: 0 serviceName: {{ include "loki.singleBinaryFullname" . }}-headless revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }} - {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.singleBinary.persistence.enableStatefulSetAutoDeletePVC) }} + {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.singleBinary.persistence.enableStatefulSetAutoDeletePVC) (.Values.singleBinary.persistence.enabled) }} {{/* Data on the singleBinary nodes is easy to replace, so we want to always delete PVCs to make operation easier, and will rely on re-fetching data when needed. @@ -31,7 +41,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }} {{- with .Values.loki.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -80,10 +90,10 @@ spec: {{- end }} ports: - name: http-metrics - containerPort: 3100 + containerPort: {{ .Values.loki.server.http_listen_port }} protocol: TCP - name: grpc - containerPort: 9095 + containerPort: {{ .Values.loki.server.grpc_listen_port }} protocol: TCP - name: http-memberlist containerPort: 7946 @@ -120,10 +130,17 @@ spec: {{- end }} resources: {{- toYaml .Values.singleBinary.resources | nindent 12 }} + {{- with .Values.singleBinary.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.singleBinary.affinity }} affinity: {{- tpl . $ | nindent 8 }} {{- end }} + {{- with .Values.singleBinary.dnsConfig }} + dnsConfig: + {{- tpl . $ | nindent 8 }} + {{- end }} {{- with .Values.singleBinary.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -140,8 +157,7 @@ spec: secret: secretName: {{ .Values.loki.existingSecretForConfig }} {{- else }} - configMap: - name: {{ include "loki.name" . }} + {{- include "loki.configVolume" . | nindent 10 }} {{- end }} - name: runtime-config configMap: @@ -160,7 +176,9 @@ spec: {{- end }} {{- if .Values.singleBinary.persistence.enabled }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: storage spec: accessModes: diff --git a/charts/loki/templates/table-manager/deployment-table-manager.yaml b/charts/loki/templates/table-manager/deployment-table-manager.yaml index f5529ebec..aeb5b1aff 100644 --- a/charts/loki/templates/table-manager/deployment-table-manager.yaml +++ b/charts/loki/templates/table-manager/deployment-table-manager.yaml @@ -5,10 +5,13 @@ metadata: name: {{ include "loki.tableManagerFullname" . }} labels: {{- include "loki.tableManagerLabels" . | nindent 4 }} - {{- with .Values.loki.annotations }} annotations: + {{- with .Values.loki.annotations }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} + {{- with .Values.tableManager.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }} @@ -18,7 +21,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }} {{- with .Values.loki.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -55,10 +58,10 @@ spec: {{- end }} ports: - name: http-metrics - containerPort: 3100 + containerPort: {{ .Values.loki.server.http_listen_port }} protocol: TCP - name: grpc - containerPort: 9095 + containerPort: {{ .Values.loki.server.grpc_listen_port }} protocol: TCP {{- with .Values.tableManager.extraEnv }} env: @@ -89,6 +92,10 @@ spec: affinity: {{- tpl . $ | nindent 8 }} {{- end }} + {{- with .Values.tableManager.dnsConfig }} + dnsConfig: + {{- tpl . $ | nindent 8 }} + {{- end }} {{- with .Values.tableManager.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -103,8 +110,7 @@ spec: secret: secretName: {{ .Values.loki.existingSecretForConfig }} {{- else }} - configMap: - name: {{ include "loki.fullname" . }} + {{- include "loki.configVolume" . | nindent 10 }} {{- end }} {{- with .Values.tableManager.extraVolumes }} {{- toYaml . | nindent 8 }} diff --git a/charts/loki/templates/table-manager/service-table-manager.yaml b/charts/loki/templates/table-manager/service-table-manager.yaml index 46731204c..214cd3663 100644 --- a/charts/loki/templates/table-manager/service-table-manager.yaml +++ b/charts/loki/templates/table-manager/service-table-manager.yaml @@ -5,23 +5,29 @@ metadata: name: {{ include "loki.fullname" . }}-table-manager labels: {{- include "loki.labels" . | nindent 4 }} - {{- with .Values.tableManager.serviceLabels }} - {{- toYaml . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.tableManager.service.labels }} + {{- toYaml . | nindent 4}} {{- end }} app.kubernetes.io/component: table-manager - {{- with .Values.loki.serviceAnnotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.tableManager.service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: ClusterIP ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP selector: diff --git a/charts/loki/templates/tests/test-canary.yaml b/charts/loki/templates/tests/test-canary.yaml index eb4177239..a4f11e214 100644 --- a/charts/loki/templates/tests/test-canary.yaml +++ b/charts/loki/templates/tests/test-canary.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: Pod metadata: name: "{{ include "loki.name" $ }}-helm-test" + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.helmTestLabels" $ | nindent 4 }} {{- with .labels }} diff --git a/charts/loki/templates/tokengen/clusterrole-tokengen.yaml b/charts/loki/templates/tokengen/clusterrole-tokengen.yaml index 2ebfb1479..19dad8804 100644 --- a/charts/loki/templates/tokengen/clusterrole-tokengen.yaml +++ b/charts/loki/templates/tokengen/clusterrole-tokengen.yaml @@ -17,5 +17,5 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["create"] + verbs: ["create", "get", "patch"] {{- end }} diff --git a/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml b/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml index 3c7fb13be..248337ea2 100644 --- a/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml +++ b/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml @@ -21,5 +21,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "enterprise-logs.tokengenFullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} {{- end }} diff --git a/charts/loki/templates/tokengen/job-tokengen.yaml b/charts/loki/templates/tokengen/job-tokengen.yaml index 670a81288..b917395c3 100644 --- a/charts/loki/templates/tokengen/job-tokengen.yaml +++ b/charts/loki/templates/tokengen/job-tokengen.yaml @@ -4,6 +4,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ template "enterprise-logs.tokengenFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }} {{- with .Values.enterprise.tokengen.labels }} @@ -45,6 +46,10 @@ spec: image: {{ template "loki.image" . }} imagePullPolicy: {{ .Values.loki.image.pullPolicy }} args: + # The shared emptyDir exists only while the job is running, and is deleted once the job is completed. + # The tokengen generates a new admin token in case the 'token-file' file doesn't exist. + # As a result, subsequent executions of this tokengen job will generate new admin tokens. + # Note that previously generated tokens remain valid, as these remain present in the object storage. - -config.file=/etc/loki/config/config.yaml - -target={{ .Values.enterprise.tokengen.targetModule }} - -tokengen.token-file=/shared/admin-token @@ -79,10 +84,17 @@ spec: - /bin/bash - -euc - | - kubectl create secret generic "{{ include "enterprise-logs.adminTokenSecret" . }}" --from-file=token=/shared/admin-token + # Create or update admin token secrets generated by tokengen job + kubectl create secret generic "{{ include "enterprise-logs.adminTokenSecret" . }}" \ + --from-file=token=/shared/admin-token \ + --dry-run=client -o yaml \ + | kubectl apply -f - {{- with .Values.enterprise.adminToken.additionalNamespaces }} {{- range . }} - kubectl --namespace "{{ . }}" create secret generic "{{ include "enterprise-logs.adminTokenSecret" $ }}" --from-file=token=/shared/admin-token + kubectl --namespace "{{ . }}" create secret generic "{{ include "enterprise-logs.adminTokenSecret" $ }}" \ + --from-file=token=/shared/admin-token \ + --dry-run=client -o yaml \ + | kubectl apply -f - {{- end }} {{- end }} volumeMounts: diff --git a/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml b/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml index 25e6ca8bd..6f0e5a3b9 100644 --- a/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml +++ b/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "enterprise-logs.tokengenFullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} labels: {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }} {{- with .Values.enterprise.tokengen.labels }} diff --git a/charts/loki/templates/write/hpa.yaml b/charts/loki/templates/write/hpa.yaml new file mode 100644 index 000000000..ba88ee2dd --- /dev/null +++ b/charts/loki/templates/write/hpa.yaml @@ -0,0 +1,51 @@ +{{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} +{{- $autoscalingv2 := .Capabilities.APIVersions.Has "autoscaling/v2" -}} +{{- if and $isSimpleScalable ( .Values.write.autoscaling.enabled ) }} +{{- if $autoscalingv2 }} +apiVersion: autoscaling/v2 +{{- else }} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "loki.writeFullname" . }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "loki.writeLabels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "loki.writeFullname" . }} + minReplicas: {{ .Values.write.autoscaling.minReplicas }} + maxReplicas: {{ .Values.write.autoscaling.maxReplicas }} + {{- with .Values.write.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} + metrics: + {{- with .Values.write.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.write.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if $autoscalingv2 }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- else }} + targetAverageUtilization: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/loki/templates/write/poddisruptionbudget-write.yaml b/charts/loki/templates/write/poddisruptionbudget-write.yaml index 9acfc74b9..24e135604 100644 --- a/charts/loki/templates/write/poddisruptionbudget-write.yaml +++ b/charts/loki/templates/write/poddisruptionbudget-write.yaml @@ -1,9 +1,10 @@ {{- $isSimpleScalable := eq (include "loki.deployment.isScalable" .) "true" -}} {{- if and $isSimpleScalable (gt (int .Values.write.replicas) 1) }} -apiVersion: {{ include "loki.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "loki.writeFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.writeLabels" . | nindent 4 }} spec: diff --git a/charts/loki/templates/write/service-write-headless.yaml b/charts/loki/templates/write/service-write-headless.yaml index 26f1682a5..84cf5d7b1 100644 --- a/charts/loki/templates/write/service-write-headless.yaml +++ b/charts/loki/templates/write/service-write-headless.yaml @@ -5,19 +5,34 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.writeFullname" . }}-headless + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.writeSelectorLabels" . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.write.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + variant: headless prometheus.io/service-monitor: "false" + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.write.service.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: ClusterIP clusterIP: None ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP appProtocol: tcp diff --git a/charts/loki/templates/write/service-write.yaml b/charts/loki/templates/write/service-write.yaml index 3afc57e3e..9603706e6 100644 --- a/charts/loki/templates/write/service-write.yaml +++ b/charts/loki/templates/write/service-write.yaml @@ -5,20 +5,31 @@ apiVersion: v1 kind: Service metadata: name: {{ include "loki.writeFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.writeLabels" . | nindent 4 }} - {{- with .Values.write.serviceLabels }} - {{- toYaml . | nindent 4 }} + {{- with .Values.loki.serviceLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.write.service.labels }} + {{- toYaml . | nindent 4}} + {{- end }} + annotations: + {{- with .Values.loki.serviceAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.write.service.annotations }} + {{- toYaml . | nindent 4}} {{- end }} spec: type: ClusterIP ports: - name: http-metrics - port: 3100 + port: {{ .Values.loki.server.http_listen_port }} targetPort: http-metrics protocol: TCP - name: grpc - port: 9095 + port: {{ .Values.loki.server.grpc_listen_port }} targetPort: grpc protocol: TCP selector: diff --git a/charts/loki/templates/write/statefulset-write.yaml b/charts/loki/templates/write/statefulset-write.yaml index 702f7f9c2..5aa1e78ea 100644 --- a/charts/loki/templates/write/statefulset-write.yaml +++ b/charts/loki/templates/write/statefulset-write.yaml @@ -5,19 +5,30 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "loki.writeFullname" . }} + namespace: {{ $.Release.Namespace }} labels: {{- include "loki.writeLabels" . | nindent 4 }} app.kubernetes.io/part-of: memberlist + {{- if or (not (empty .Values.loki.annotations)) (not (empty .Values.backend.annotations))}} + annotations: + {{- with .Values.loki.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.write.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} spec: +{{- if not .Values.write.autoscaling.enabled }} replicas: {{ .Values.write.replicas }} - - podManagementPolicy: Parallel +{{- end }} + podManagementPolicy: {{ .Values.write.podManagementPolicy }} updateStrategy: rollingUpdate: partition: 0 serviceName: {{ include "loki.writeFullname" . }}-headless revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }} - {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.write.persistence.enableStatefulSetAutoDeletePVC) }} + {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.write.persistence.enableStatefulSetAutoDeletePVC) (.Values.write.persistence.volumeClaimsEnabled) }} {{/* Data on the write nodes is easy to replace, so we want to always delete PVCs to make operation easier, and will rely on re-fetching data when needed. @@ -32,7 +43,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }} {{- with .Values.loki.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -81,10 +92,10 @@ spec: {{- end }} ports: - name: http-metrics - containerPort: 3100 + containerPort: {{ .Values.loki.server.http_listen_port }} protocol: TCP - name: grpc - containerPort: 9095 + containerPort: {{ .Values.loki.server.grpc_listen_port }} protocol: TCP - name: http-memberlist containerPort: 7946 @@ -101,9 +112,15 @@ spec: {{- toYaml .Values.loki.containerSecurityContext | nindent 12 }} readinessProbe: {{- toYaml .Values.loki.readinessProbe | nindent 12 }} - {{- with .Values.write.lifecycle }} + {{- if .Values.write.lifecycle }} lifecycle: - {{- toYaml . | nindent 12 }} + {{- toYaml .Values.write.lifecycle | nindent 12 }} + {{- else if .Values.write.autoscaling.enabled }} + lifecycle: + preStop: + httpGet: + path: "/ingester/shutdown?terminate=false" + port: http-metrics {{- end }} volumeMounts: - name: config @@ -121,26 +138,40 @@ spec: {{- end }} resources: {{- toYaml .Values.write.resources | nindent 12 }} + {{- with .Values.write.extraContainers }} + {{- toYaml . | nindent 8}} + {{- end }} {{- with .Values.write.affinity }} affinity: {{- tpl . $ | nindent 8 }} {{- end }} + {{- with .Values.write.dnsConfig }} + dnsConfig: + {{- tpl . $ | nindent 8 }} + {{- end }} {{- with .Values.write.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.write.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.write.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: + {{- if not .Values.write.persistence.volumeClaimsEnabled }} + - name: data + {{- toYaml .Values.write.persistence.dataVolumeParameters | nindent 10 }} + {{- end}} - name: config {{- if .Values.loki.existingSecretForConfig }} secret: secretName: {{ .Values.loki.existingSecretForConfig }} {{- else }} - configMap: - name: {{ include "loki.name" . }} + {{- include "loki.configVolume" . | nindent 10 }} {{- end }} - name: runtime-config configMap: @@ -157,8 +188,11 @@ spec: {{- with .Values.write.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.write.persistence.volumeClaimsEnabled }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data spec: accessModes: @@ -173,4 +207,8 @@ spec: selector: {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.write.extraVolumeClaimTemplates }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/loki/values.yaml b/charts/loki/values.yaml index ac047d114..70d853bca 100644 --- a/charts/loki/values.yaml +++ b/charts/loki/values.yaml @@ -1,4 +1,3 @@ ---- global: image: # -- Overrides the Docker registry globally for all images @@ -11,16 +10,14 @@ global: dnsService: "kube-dns" # -- configures DNS service namespace dnsNamespace: "kube-system" - # -- Overrides the chart's name nameOverride: null - # -- Overrides the chart's computed fullname fullnameOverride: null - +# -- Overrides the chart's cluster label +clusterLabelOverride: null # -- Image pull secrets for Docker images imagePullSecrets: [] - kubectlImage: # -- The Docker registry registry: docker.io @@ -28,9 +25,10 @@ kubectlImage: repository: bitnami/kubectl # -- Overrides the image tag whose default is the chart's appVersion tag: null + # -- Overrides the image tag with an image digest + digest: null # -- Docker image pull policy pullPolicy: IfNotPresent - loki: # Configures the readiness probe for all of the Loki pods readinessProbe: @@ -48,12 +46,20 @@ loki: # TODO: needed for 3rd target backend functionality # revert to null or latest once this behavior is relased tag: null + # -- Overrides the image tag with an image digest + digest: null # -- Docker image pull policy pullPolicy: IfNotPresent + # -- Common annotations for all deployments/StatefulSets + annotations: {} # -- Common annotations for all pods podAnnotations: {} # -- Common labels for all pods podLabels: {} + # -- Common annotations for all services + serviceAnnotations: {} + # -- Common labels for all services + serviceLabels: {} # -- The number of old ReplicaSets to retain to allow rollback revisionHistoryLimit: 10 # -- The SecurityContext for Loki pods @@ -73,6 +79,12 @@ loki: enableServiceLinks: true # -- Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config` existingSecretForConfig: "" + # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret. + # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration). + # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables). + configStorageType: ConfigMap + # -- Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal). + externalConfigSecretName: '{{ include "loki.name" . }}' # -- Config file contents for Loki # @default -- See values.yaml config: | @@ -88,6 +100,12 @@ loki: {{- end}} memberlist: + {{- if .Values.loki.memberlistConfig }} + {{- toYaml .Values.loki.memberlistConfig | nindent 2 }} + {{- else }} + {{- if .Values.loki.extraMemberlistConfig}} + {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}} + {{- end }} join_members: - {{ include "loki.memberlist" . }} {{- with .Values.migrate.fromDistributed }} @@ -95,6 +113,7 @@ loki: - {{ .memberlistService }} {{- end }} {{- end }} + {{- end }} {{- with .Values.loki.ingester }} ingester: @@ -134,7 +153,7 @@ loki: {{- end }} {{- end }} - {{- if .Values.loki.schemaConfig}} + {{- if .Values.loki.schemaConfig }} schema_config: {{- toYaml .Values.loki.schemaConfig | nindent 2}} {{- else }} @@ -151,9 +170,11 @@ loki: {{ include "loki.rulerConfig" . }} + {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }} table_manager: - retention_deletes_enabled: false - retention_period: 0 + retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }} + retention_period: {{ .Values.tableManager.retention_period }} + {{- end }} {{- with .Values.loki.memcached.results_cache }} query_range: @@ -200,31 +221,53 @@ loki: {{- tpl (. | toYaml) $ | nindent 4 }} {{- end }} + {{- with .Values.loki.index_gateway }} + index_gateway: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.frontend }} + frontend: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.frontend_worker }} + frontend_worker: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.distributor }} + distributor: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + tracing: + enabled: {{ .Values.loki.tracing.enabled }} # Should authentication be enabled auth_enabled: true - + # -- memberlist configuration (overrides embedded default) + memberlistConfig: {} + # -- Extra memberlist configuration + extraMemberlistConfig: {} + # -- Tenants list to be created on nginx htpasswd file, with name and password keys + tenants: [] # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration. server: http_listen_port: 3100 grpc_listen_port: 9095 - # -- Limits config limits_config: - enforce_metric_name: false reject_old_samples: true reject_old_samples_max_age: 168h max_cache_freshness_per_query: 10m split_queries_by_interval: 15m - # -- Provides a reloadable runtime configuration file for some specific configuration runtimeConfig: {} - # -- Check https://grafana.com/docs/loki/latest/configuration/#common_config for more info on how to provide a common configuration commonConfig: path_prefix: /var/loki replication_factor: 3 compactor_address: '{{ include "loki.compactorAddress" . }}' - # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config. storage: bucketNames: @@ -238,9 +281,12 @@ loki: region: null secretAccessKey: null accessKeyId: null + signatureVersion: null s3ForcePathStyle: false insecure: false http_config: {} + # -- Check https://grafana.com/docs/loki/latest/configure/#s3_storage_config for more info on how to provide a backoff_config + backoff_config: {} gcs: chunkBufferSize: 0 requestTimeout: "0s" @@ -248,13 +294,35 @@ loki: azure: accountName: null accountKey: null + connectionString: null useManagedIdentity: false + useFederatedToken: false userAssignedId: null requestTimeout: null + endpointSuffix: null + swift: + auth_version: null + auth_url: null + internal: null + username: null + user_domain_name: null + user_domain_id: null + user_id: null + password: null + domain_id: null + domain_name: null + project_id: null + project_name: null + project_domain_id: null + project_domain_name: null + region_name: null + container_name: null + max_retries: null + connect_timeout: null + request_timeout: null filesystem: chunks_directory: /var/loki/chunks rules_directory: /var/loki/rules - # -- Configure memcached as an external cache for chunk and results cache. Disabled by default # must enable and specify a host for each cache you would like to use. memcached: @@ -270,72 +338,66 @@ loki: service: "memcached-client" timeout: "500ms" default_validity: "12h" - # -- Check https://grafana.com/docs/loki/latest/configuration/#schema_config for more info on how to configure schemas schemaConfig: {} - # -- Check https://grafana.com/docs/loki/latest/configuration/#ruler for more info on configuring ruler rulerConfig: {} - # -- Structured loki configuration, takes precedence over `loki.config`, `loki.schemaConfig`, `loki.storageConfig` structuredConfig: {} - # -- Additional query scheduler config query_scheduler: {} - # -- Additional storage config storage_config: hedging: at: "250ms" max_per_second: 20 up_to: 3 - # -- Optional compactor configuration compactor: {} - # -- Optional analytics configuration analytics: {} - # -- Optional querier configuration querier: {} - # -- Optional ingester configuration ingester: {} - + # -- Optional index gateway configuration + index_gateway: + mode: ring + frontend: + scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' + frontend_worker: + scheduler_address: '{{ include "loki.querySchedulerAddress" . }}' + # -- Optional distributor configuration + distributor: {} + # -- Enable tracing + tracing: + enabled: false enterprise: # Enable enterprise features, license must be provided enabled: false - # Default verion of GEL to deploy - version: v1.6.1 - + version: v1.8.6 # -- Optional name of the GEL cluster, otherwise will use .Release.Name # The cluster name must match what is in your GEL license cluster_name: null - # -- Grafana Enterprise Logs license # In order to use Grafana Enterprise Logs features, you will need to provide # the contents of your Grafana Enterprise Logs license, either by providing the # contents of the license.jwt, or the name Kubernetes Secret that contains your # license.jwt. - # To set the license contents, use the flag `--set-file 'license.contents=./license.jwt'` + # To set the license contents, use the flag `--set-file 'enterprise.license.contents=./license.jwt'` license: contents: "NOTAVALIDLICENSE" - # -- Set to true when providing an external license useExternalLicense: false - # -- Name of external license secret to use externalLicenseName: null - # -- Name of the external config secret to use externalConfigName: "" - # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise, # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`. adminApi: enabled: true - # enterprise specific sections of the config.yaml file config: | {{- if .Values.enterprise.adminApi.enabled }} @@ -352,29 +414,25 @@ enterprise: cluster_name: {{ include "loki.clusterName" . }} license: path: /etc/loki/license/license.jwt - image: # -- The Docker registry registry: docker.io # -- Docker image repository repository: grafana/enterprise-logs # -- Docker image tag - # TODO: needed for 3rd target backend functionality - # revert to null or latest once this behavior is relased - tag: main-96f32b9f + tag: null + # -- Overrides the image tag with an image digest + digest: null # -- Docker image pull policy pullPolicy: IfNotPresent - adminToken: # -- Alternative name for admin token secret, needed by tokengen and provisioner jobs secret: null # -- Additional namespace to also create the token in. Useful if your Grafana instance # is in a different namespace additionalNamespaces: [] - # -- Alternative name of the secret to store token for the canary canarySecret: null - # -- Configuration for `tokengen` target tokengen: # -- Whether the job should be part of the deployment @@ -405,7 +463,6 @@ enterprise: extraEnvFrom: [] # -- The name of the PriorityClass for tokengen Pods priorityClassName: "" - # -- Configuration for `provisioner` target provisioner: # -- Whether the job should be part of the deployment @@ -441,11 +498,12 @@ enterprise: repository: grafana/enterprise-logs-provisioner # -- Overrides the image tag whose default is the chart's appVersion tag: null + # -- Overrides the image tag with an image digest + digest: null # -- Docker image pull policy pullPolicy: IfNotPresent # -- Volume mounts to add to the provisioner pods extraVolumeMounts: [] - # -- Options that may be necessary when performing a migration from another helm chart migrate: # -- When migrating from a distributed chart like loki-distributed or enterprise-logs @@ -453,9 +511,8 @@ migrate: # -- Set to true if migrating from a distributed helm chart enabled: false # -- If migrating from a distributed service, provide the distributed deployment's - # memberlist service DNS so the new deployment can join it's ring. + # memberlist service DNS so the new deployment can join its ring. memberlistService: "" - serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true @@ -470,14 +527,20 @@ serviceAccount: labels: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true - # RBAC configuration rbac: # -- If pspEnabled true, a PodSecurityPolicy is created for K8s that use psp. pspEnabled: false # -- For OpenShift set pspEnabled to 'false' and sccEnabled to 'true' to use the SecurityContextConstraints. sccEnabled: false - + # -- Specify PSP annotations + # Ref: https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/#podsecuritypolicy-annotations + pspAnnotations: {} + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + # -- Whether to install RBAC in the namespace only or cluster-wide. Useful if you want to watch ConfigMap globally. + namespaced: false # -- Section for configuring optional Helm test test: enabled: true @@ -497,9 +560,10 @@ test: repository: grafana/loki-helm-test # -- Overrides the image tag whose default is the chart's appVersion tag: null + # -- Overrides the image tag with an image digest + digest: null # -- Docker image pull policy pullPolicy: IfNotPresent - # Monitoring section determines which monitoring features to enable monitoring: # Dashboards for monitoring Loki @@ -513,19 +577,26 @@ monitoring: # -- Labels for the dashboards ConfigMap labels: grafana_dashboard: "1" - # Recording rules for monitoring Loki, required for some dashboards rules: # -- If enabled, create PrometheusRule resource with Loki recording rules enabled: true # -- Include alerting rules alerting: true + # -- Specify which individual alerts should be disabled + # -- Instead of turning off each alert one by one, set the .monitoring.rules.alerting value to false instead. + # -- If you disable all the alerts and keep .monitoring.rules.alerting set to true, the chart will fail to render. + disabled: {} + # LokiRequestErrors: true + # LokiRequestPanics: true # -- Alternative namespace to create PrometheusRule resources in namespace: null # -- Additional annotations for the rules PrometheusRule resource annotations: {} # -- Additional labels for the rules PrometheusRule resource labels: {} + # -- Additional labels for PrometheusRule alerts + additionalRuleLabels: {} # -- Additional groups to add to the rules file additionalGroups: [] # - name: additional-loki-rules @@ -536,7 +607,6 @@ monitoring: # expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route) # - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate # expr: sum(rate(container_cpu_usage_seconds_total[1m])) by (node, namespace, pod, container) - # ServiceMonitor configuration serviceMonitor: # -- If enabled, ServiceMonitor resources for Prometheus Operator are created @@ -548,12 +618,17 @@ monitoring: # -- Additional ServiceMonitor labels labels: {} # -- ServiceMonitor scrape interval - interval: null + # Default is 15s because included recording rules use a 1m rate, and scrape interval needs to be at + # least 1/4 rate interval. + interval: 15s # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) scrapeTimeout: null # -- ServiceMonitor relabel configs to apply to samples before scraping # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig relabelings: [] + # -- ServiceMonitor metric relabel configs to apply to samples before ingestion + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + metricRelabelings: [] # -- ServiceMonitor will use http by default, but you can pick https as well scheme: http # -- ServiceMonitor will use these tlsConfig settings to make the health check requests @@ -568,15 +643,13 @@ monitoring: labels: {} # -- If defined a MetricsInstance will be created to remote write metrics. remoteWrite: null - - # Self monitoring determines whether Loki should scrape it's own logs. + # Self monitoring determines whether Loki should scrape its own logs. # This feature currently relies on the Grafana Agent Operator being installed, # which is installed by default using the grafana-agent-operator sub-chart. # It will create custom resources for GrafanaAgent, LogsInstance, and PodLogs to configure - # scrape configs to scrape it's own logs with the labels expected by the included dashboards. + # scrape configs to scrape its own logs with the labels expected by the included dashboards. selfMonitoring: enabled: true - # -- Tenant to use for self monitoring tenant: # -- Name of the tenant @@ -584,7 +657,6 @@ monitoring: # -- Namespace to create additional tenant token secret in. Useful if your Grafana instance # is in a separate namespace. Token will still be created in the canary namespace. secretNamespace: "{{ .Release.Namespace }}" - # Grafana Agent configuration grafanaAgent: # -- Controls whether to install the Grafana Agent Operator and its CRDs. @@ -597,9 +669,21 @@ monitoring: labels: {} # -- Enable the config read api on port 8080 of the agent enableConfigReadAPI: false - + # -- The name of the PriorityClass for GrafanaAgent pods + priorityClassName: null + # -- Resource requests and limits for the grafanaAgent pods + resources: {} + # limits: + # memory: 200Mi + # requests: + # cpu: 50m + # memory: 100Mi + # -- Tolerations for GrafanaAgent pods + tolerations: [] # PodLogs configuration podLogs: + # -- PodLogs version + apiVersion: monitoring.grafana.com/v1alpha1 # -- PodLogs annotations annotations: {} # -- Additional PodLogs labels @@ -607,7 +691,9 @@ monitoring: # -- PodLogs relabel configs to apply to samples before scraping # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig relabelings: [] - + # -- Additional pipeline stages to process logs after scraping + # https://grafana.com/docs/agent/latest/operator/api/#pipelinestagespec-a-namemonitoringgrafanacomv1alpha1pipelinestagespeca + additionalPipelineStages: [] # LogsInstance configuration logsInstance: # -- LogsInstance annotations @@ -616,13 +702,21 @@ monitoring: labels: {} # -- Additional clients for remote write clients: null - # The Loki canary pushes logs to and queries from this loki installation to test # that it's working correctly lokiCanary: enabled: true + # -- The name of the label to look for at loki when doing the checks. + labelname: pod # -- Additional annotations for the `loki-canary` Daemonset annotations: {} + # -- Additional labels for each `loki-canary` pod + podLabels: {} + service: + # -- Annotations for loki-canary Service + annotations: {} + # -- Additional labels for loki-canary Service + labels: {} # -- Additional CLI arguments for the `loki-canary' command extraArgs: [] # -- Environment variables to add to the canary pods @@ -631,10 +725,14 @@ monitoring: extraEnvFrom: [] # -- Resource requests and limits for the canary resources: {} + # -- DNS config for canary pods + dnsConfig: {} # -- Node selector for canary pods nodeSelector: {} # -- Tolerations for canary pods tolerations: [] + # -- The name of the PriorityClass for loki-canary pods + priorityClassName: null # -- Image to use for loki canary image: # -- The Docker registry @@ -643,13 +741,44 @@ monitoring: repository: grafana/loki-canary # -- Overrides the image tag whose default is the chart's appVersion tag: null + # -- Overrides the image tag with an image digest + digest: null # -- Docker image pull policy pullPolicy: IfNotPresent - + # -- Update strategy for the `loki-canary` Daemonset pods + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 # Configuration for the write pod(s) write: # -- Number of replicas for the write replicas: 3 + autoscaling: + # -- Enable autoscaling for the write. + enabled: false + # -- Minimum autoscaling replicas for the write. + minReplicas: 2 + # -- Maximum autoscaling replicas for the write. + maxReplicas: 6 + # -- Target CPU utilisation percentage for the write. + targetCPUUtilizationPercentage: 60 + # -- Target memory utilization percentage for the write. + targetMemoryUtilizationPercentage: + # -- Behavior policies while scaling. + behavior: + # -- see https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown for scaledown details + scaleUp: + policies: + - type: Pods + value: 1 + periodSeconds: 900 + scaleDown: + policies: + - type: Pods + value: 1 + periodSeconds: 1800 + stabilizationWindowSeconds: 3600 image: # -- The Docker registry for the write image. Overrides `loki.image.registry` registry: null @@ -659,14 +788,19 @@ write: tag: null # -- The name of the PriorityClass for write pods priorityClassName: null + # -- Annotations for write StatefulSet + annotations: {} # -- Annotations for write pods podAnnotations: {} # -- Additional labels for each `write` pod podLabels: {} # -- Additional selector labels for each `write` pod selectorLabels: {} - # -- Labels for ingester service - serviceLabels: {} + service: + # -- Annotations for write Service + annotations: {} + # -- Additional labels for write Service + labels: {} # -- Comma-separated list of Loki modules to load for the write targetModule: "write" # -- Additional CLI args for the write @@ -677,12 +811,21 @@ write: extraEnvFrom: [] # -- Lifecycle for the write container lifecycle: {} + # -- The default /flush_shutdown preStop hook is recommended as part of the ingester + # scaledown process so it's added to the template by default when autoscaling is enabled, + # but it's disabled to optimize rolling restarts in instances that will never be scaled + # down or when using chunks storage with WAL disabled. + # https://github.com/grafana/loki/blob/main/docs/sources/operations/storage/wal.md#how-to-scale-updown # -- Init containers to add to the write pods initContainers: [] + # -- Containers to add to the write pods + extraContainers: [] # -- Volume mounts to add to the write pods extraVolumeMounts: [] # -- Volumes to add to the write pods extraVolumes: [] + # -- volumeClaimTemplates to add to StatefulSet + extraVolumeClaimTemplates: [] # -- Resource requests and limits for the write resources: {} # -- Grace period to allow the write to shutdown before it is killed. Especially for the ingester, @@ -698,11 +841,22 @@ write: matchLabels: {{- include "loki.writeSelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname + # -- DNS config for write pods + dnsConfig: {} # -- Node selector for write pods nodeSelector: {} + # -- Topology Spread Constraints for write pods + topologySpreadConstraints: [] # -- Tolerations for write pods tolerations: [] + # -- The default is to deploy all pods in parallel. + podManagementPolicy: "Parallel" persistence: + # -- Enable volume claims in pod spec + volumeClaimsEnabled: true + # -- Parameters used for the `data` volume when volumeClaimEnabled if false + dataVolumeParameters: + emptyDir: {} # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: false # -- Size of persistent disk @@ -715,7 +869,6 @@ write: storageClass: null # -- Selector for persistent disk selector: null - # Configuration for the table-manager tableManager: # -- Specifies whether the table-manager should be enabled @@ -733,10 +886,15 @@ tableManager: priorityClassName: null # -- Labels for table-manager pods podLabels: {} + # -- Annotations for table-manager deployment + annotations: {} # -- Annotations for table-manager pods podAnnotations: {} - # -- Labels for table-manager service - serviceLabels: {} + service: + # -- Annotations for table-manager Service + annotations: {} + # -- Additional labels for table-manager Service + labels: {} # -- Additional CLI args for the table-manager extraArgs: [] # -- Environment variables to add to the table-manager pods @@ -769,11 +927,16 @@ tableManager: matchLabels: {{- include "loki.tableManagerSelectorLabels" . | nindent 12 }} topologyKey: failure-domain.beta.kubernetes.io/zone + # -- DNS config table-manager pods + dnsConfig: {} # -- Node selector for table-manager pods nodeSelector: {} # -- Tolerations for table-manager pods tolerations: [] - + # -- Enable deletes by retention + retention_deletes_enabled: false + # -- Set retention period + retention_period: 0 # Configuration for the read pod(s) read: # -- Number of replicas for the read @@ -782,13 +945,27 @@ read: # -- Enable autoscaling for the read, this is only used if `queryIndex.enabled: true` enabled: false # -- Minimum autoscaling replicas for the read - minReplicas: 1 + minReplicas: 2 # -- Maximum autoscaling replicas for the read - maxReplicas: 3 + maxReplicas: 6 # -- Target CPU utilisation percentage for the read targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the read targetMemoryUtilizationPercentage: + # -- Behavior policies while scaling. + behavior: {} + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 60 + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 image: # -- The Docker registry for the read image. Overrides `loki.image.registry` registry: null @@ -798,22 +975,29 @@ read: tag: null # -- The name of the PriorityClass for read pods priorityClassName: null + # -- Annotations for read deployment + annotations: {} # -- Annotations for read pods podAnnotations: {} # -- Additional labels for each `read` pod podLabels: {} # -- Additional selector labels for each `read` pod selectorLabels: {} - # -- Labels for read service - serviceLabels: {} + service: + # -- Annotations for read Service + annotations: {} + # -- Additional labels for read Service + labels: {} # -- Comma-separated list of Loki modules to load for the read targetModule: "read" # -- Whether or not to use the 2 target type simple scalable mode (read, write) or the # 3 target type (read, write, backend). Legacy refers to the 2 target type, so true will # run two targets, false will run 3 targets. - legacyReadTarget: true + legacyReadTarget: false # -- Additional CLI args for the read extraArgs: [] + # -- Containers to add to the read pods + extraContainers: [] # -- Environment variables to add to the read pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the read pods @@ -837,10 +1021,16 @@ read: matchLabels: {{- include "loki.readSelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname + # -- DNS config for read pods + dnsConfig: {} # -- Node selector for read pods nodeSelector: {} + # -- Topology Spread Constraints for read pods + topologySpreadConstraints: [] # -- Tolerations for read pods tolerations: [] + # -- The default is to deploy all pods in parallel. + podManagementPolicy: "Parallel" persistence: # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true @@ -854,11 +1044,35 @@ read: storageClass: null # -- Selector for persistent disk selector: null - # Configuration for the backend pod(s) backend: # -- Number of replicas for the backend replicas: 3 + autoscaling: + # -- Enable autoscaling for the backend. + enabled: false + # -- Minimum autoscaling replicas for the backend. + minReplicas: 3 + # -- Maximum autoscaling replicas for the backend. + maxReplicas: 6 + # -- Target CPU utilization percentage for the backend. + targetCPUUtilizationPercentage: 60 + # -- Target memory utilization percentage for the backend. + targetMemoryUtilizationPercentage: + # -- Behavior policies while scaling. + behavior: {} + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 60 + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 image: # -- The Docker registry for the backend image. Overrides `loki.image.registry` registry: null @@ -868,14 +1082,19 @@ backend: tag: null # -- The name of the PriorityClass for backend pods priorityClassName: null + # -- Annotations for backend StatefulSet + annotations: {} # -- Annotations for backend pods podAnnotations: {} # -- Additional labels for each `backend` pod podLabels: {} # -- Additional selector labels for each `backend` pod selectorLabels: {} - # -- Labels for ingester service - serviceLabels: {} + service: + # -- Annotations for backend Service + annotations: {} + # -- Additional labels for backend Service + labels: {} # -- Comma-separated list of Loki modules to load for the read targetModule: "backend" # -- Additional CLI args for the backend @@ -905,11 +1124,22 @@ backend: matchLabels: {{- include "loki.backendSelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname + # -- DNS config for backend pods + dnsConfig: {} # -- Node selector for backend pods nodeSelector: {} + # -- Topology Spread Constraints for backend pods + topologySpreadConstraints: [] # -- Tolerations for backend pods tolerations: [] + # -- The default is to deploy all pods in parallel. + podManagementPolicy: "Parallel" persistence: + # -- Enable volume claims in pod spec + volumeClaimsEnabled: true + # -- Parameters used for the `data` volume when volumeClaimEnabled if false + dataVolumeParameters: + emptyDir: {} # -- Enable StatefulSetAutoDeletePVC feature enableStatefulSetAutoDeletePVC: true # -- Size of persistent disk @@ -922,13 +1152,12 @@ backend: storageClass: null # -- Selector for persistent disk selector: null - # Configuration for the single binary node(s) singleBinary: # -- Number of replicas for the single binary replicas: 0 autoscaling: - # -- Enable autoscaling, this is only used if `queryIndex.enabled: true` + # -- Enable autoscaling enabled: false # -- Minimum autoscaling replicas for the single binary minReplicas: 1 @@ -947,12 +1176,19 @@ singleBinary: tag: null # -- The name of the PriorityClass for single binary pods priorityClassName: null + # -- Annotations for single binary StatefulSet + annotations: {} # -- Annotations for single binary pods podAnnotations: {} # -- Additional labels for each `single binary` pod podLabels: {} # -- Additional selector labels for each `single binary` pod selectorLabels: {} + service: + # -- Annotations for single binary Service + annotations: {} + # -- Additional labels for single binary Service + labels: {} # -- Comma-separated list of Loki modules to load for the single binary targetModule: "all" # -- Labels for single binary service @@ -961,6 +1197,8 @@ singleBinary: extraEnv: [] # -- Environment variables from secrets or configmaps to add to the single binary pods extraEnvFrom: [] + # -- Extra containers to add to the single binary loki pod + extraContainers: [] # -- Init containers to add to the single binary pods initContainers: [] # -- Volume mounts to add to the single binary pods @@ -980,6 +1218,8 @@ singleBinary: matchLabels: {{- include "loki.singleBinarySelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname + # -- DNS config for single binary pods + dnsConfig: {} # -- Node selector for single binary pods nodeSelector: {} # -- Tolerations for single binary pods @@ -999,7 +1239,6 @@ singleBinary: storageClass: null # -- Selector for persistent disk selector: null - # Use either this ingress or the gateway, but not both at once. # If you enable this, make sure to disable the gateway. # You'll need to supply authn configuration for your ingress controller. @@ -1012,6 +1251,8 @@ ingress: # nginx.ingress.kubernetes.io/auth-secret-type: auth-map # nginx.ingress.kubernetes.io/configuration-snippet: | # proxy_set_header X-Scope-OrgID $remote_user; + labels: {} + # blackbox.monitoring.exclude: "true" paths: write: - /api/prom/push @@ -1034,9 +1275,10 @@ ingress: - /loki/api/v1/rules - /prometheus/api/v1/rules - /prometheus/api/v1/alerts - + # -- Hosts configuration for the ingress, passed through the `tpl` function to allow templating hosts: - loki.example.com + # -- TLS configuration for the ingress. Hosts passed through the `tpl` function to allow templating tls: [] # - hosts: # - loki.example.com @@ -1046,7 +1288,6 @@ ingress: memberlist: service: publishNotReadyAddresses: false - # Configuration for the gateway gateway: # -- Specifies whether the gateway should be enabled @@ -1066,8 +1307,22 @@ gateway: targetCPUUtilizationPercentage: 60 # -- Target memory utilisation percentage for the gateway targetMemoryUtilizationPercentage: - # -- See `kubectl explain deployment.spec.strategy` for more - # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # -- See `kubectl explain deployment.spec.strategy` for more + # -- ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # -- Behavior policies while scaling. + behavior: {} + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 60 + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 deploymentStrategy: type: RollingUpdate image: @@ -1076,11 +1331,15 @@ gateway: # -- The gateway image repository repository: nginxinc/nginx-unprivileged # -- The gateway image tag - tag: 1.19-alpine + tag: 1.24-alpine + # -- Overrides the gateway image tag with an image digest + digest: null # -- The gateway image pull policy pullPolicy: IfNotPresent # -- The name of the PriorityClass for gateway pods priorityClassName: null + # -- Annotations for gateway deployment + annotations: {} # -- Annotations for gateway pods podAnnotations: {} # -- Additional labels for gateway pods @@ -1112,6 +1371,8 @@ gateway: allowPrivilegeEscalation: false # -- Resource requests and limits for the gateway resources: {} + # -- Containers to add to the gateway pods + extraContainers: [] # -- Grace period to allow the gateway to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string @@ -1123,8 +1384,12 @@ gateway: matchLabels: {{- include "loki.gatewaySelectorLabels" . | nindent 10 }} topologyKey: kubernetes.io/hostname + # -- DNS config for gateway pods + dnsConfig: {} # -- Node selector for gateway pods nodeSelector: {} + # -- Topology Spread Constraints for gateway pods + topologySpreadConstraints: [] # -- Tolerations for gateway pods tolerations: [] # Gateway service configuration @@ -1151,14 +1416,16 @@ gateway: ingressClassName: "" # -- Annotations for the gateway ingress annotations: {} - # -- Hosts configuration for the gateway ingress + # -- Labels for the gateway ingress + labels: {} + # -- Hosts configuration for the gateway ingress, passed through the `tpl` function to allow templating hosts: - host: gateway.loki.example.com paths: - path: / # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers # pathType: Prefix - # -- TLS configuration for the gateway ingress + # -- TLS configuration for the gateway ingress. Hosts passed through the `tpl` function to allow templating tls: - secretName: loki-gateway-tls hosts: @@ -1171,12 +1438,18 @@ gateway: username: null # -- The basic auth password for the gateway password: null - # -- Uses the specified username and password to compute a htpasswd using Sprig's `htpasswd` function. + # -- Uses the specified users from the `loki.tenants` list to create the htpasswd file + # if `loki.tenants` is not set, the `gateway.basicAuth.username` and `gateway.basicAuth.password` are used # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes # high CPU load. htpasswd: >- - {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} + {{ if .Values.loki.tenants }} + + {{- range $t := .Values.loki.tenants }} + {{ htpasswd (required "All tenants must have a 'name' set" $t.name) (required "All tenants must have a 'password' set" $t.password) }} + {{- end }} + {{ else }} {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} {{ end }} # -- Existing basic auth secret to use. Must contain '.htpasswd' existingSecret: null # Configures the readiness probe for the gateway @@ -1187,6 +1460,8 @@ gateway: initialDelaySeconds: 15 timeoutSeconds: 1 nginxConfig: + # -- Enable listener for IPv6, disable on IPv4-only systems + enableIPv6: true # -- NGINX log format logFormat: |- main '$remote_addr - $remote_user [$time_local] $status ' @@ -1194,14 +1469,17 @@ gateway: '"$http_user_agent" "$http_x_forwarded_for"'; # -- Allows appending custom configuration to the server block serverSnippet: "" - # -- Allows appending custom configuration to the http block - httpSnippet: "" + # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating + httpSnippet: >- + {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }} # -- Override Read URL customReadUrl: null # -- Override Write URL customWriteUrl: null # -- Override Backend URL customBackendUrl: null + # -- Allows overriding the DNS resolver address nginx will use. + resolver: "" # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating # @default -- See values.yaml file: | @@ -1209,6 +1487,9 @@ gateway: networkPolicy: # -- Specifies whether Network Policies should be created enabled: false + # -- Specifies whether the policies created will be standard Network Policies (flavor: kubernetes) + # or Cilium Network Policies (flavor: cilium) + flavor: kubernetes metrics: # -- Specifies the Pods which are allowed to access the metrics port. # As this is cross-namespace communication, you also need the namespaceSelector. @@ -1246,10 +1527,12 @@ networkPolicy: podSelector: {} # -- Specifies the namespace the discovery Pods are running in namespaceSelector: {} - -tracing: - jaegerAgentHost: "" - + egressWorld: + # -- Enable additional cilium egress rules to external world for write, read and backend. + enabled: false + egressKubeApiserver: + # -- Enable additional cilium egress rules to kube-apiserver for backend. + enabled: false # ------------------------------------- # Configuration for `minio` child chart # ------------------------------------- @@ -1278,7 +1561,6 @@ minio: requests: cpu: 100m memory: 128Mi - # Create extra manifests via values. Would be passed through `tpl` for templating extraObjects: [] # - apiVersion: v1 @@ -1299,3 +1581,62 @@ extraObjects: [] # category: logs # annotations: # message: "loki has encountered errors" + +sidecar: + image: + # -- The Docker registry and image for the k8s sidecar + repository: kiwigrid/k8s-sidecar + # -- Docker image tag + tag: 1.24.3 + # -- Docker image sha. If empty, no sha will be used + sha: "" + # -- Docker image pull policy + pullPolicy: IfNotPresent + # -- Resource requests and limits for the sidecar + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # cpu: 50m + # memory: 50Mi + # -- The SecurityContext for the sidecar. + securityContext: {} + # -- Set to true to skip tls verification for kube api calls. + skipTlsVerify: false + # -- Ensure that rule files aren't conflicting and being overwritten by prefixing their name with the namespace they are defined in. + enableUniqueFilenames: false + # -- Readiness probe definition. Probe is disabled on the sidecar by default. + readinessProbe: {} + # -- Liveness probe definition. Probe is disabled on the sidecar by default. + livenessProbe: {} + rules: + # -- Whether or not to create a sidecar to ingest rule from specific ConfigMaps and/or Secrets. + enabled: true + # -- Label that the configmaps/secrets with rules will be marked with. + label: loki_rule + # -- Label value that the configmaps/secrets with rules will be set to. + labelValue: "" + # -- Folder into which the rules will be placed. + folder: /rules + # -- Comma separated list of namespaces. If specified, the sidecar will search for config-maps/secrets inside these namespaces. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify 'ALL' to search in all namespaces. + searchNamespace: null + # -- Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH request, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # -- Search in configmap, secret, or both. + resource: both + # -- Absolute path to the shell script to execute after a configmap or secret has been reloaded. + script: null + # -- WatchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S. + watchServerTimeout: 60 + # + # -- WatchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # Defaults to 66sec. + watchClientTimeout: 60 + # -- Log level of the sidecar container. + logLevel: INFO diff --git a/charts/vector/Chart.yaml b/charts/vector/Chart.yaml index be62c862c..ed889b628 100644 --- a/charts/vector/Chart.yaml +++ b/charts/vector/Chart.yaml @@ -1,16 +1,16 @@ annotations: artifacthub.io/images: | - name: vector - image: timberio/vector:0.27.0-distroless-libc + image: timberio/vector:0.37.0-distroless-libc - name: haproxy - image: haproxytech/haproxy-alpine:2.4.17 + image: haproxytech/haproxy-alpine:2.6.12 artifacthub.io/license: MPL-2.0 artifacthub.io/links: | - name: Chart Source url: https://github.com/vectordotdev/helm-charts artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 0.27.0-distroless-libc +appVersion: 0.37.0-distroless-libc description: A lightweight, ultra-fast tool for building observability pipelines home: https://vector.dev/ icon: https://vector.dev/press/vector-icon.svg @@ -29,4 +29,4 @@ name: vector sources: - https://github.com/vectordotdev/vector/ type: application -version: 0.19.0 +version: 0.32.0 diff --git a/charts/vector/README.md b/charts/vector/README.md index 70036af03..49b6889dd 100644 --- a/charts/vector/README.md +++ b/charts/vector/README.md @@ -1,6 +1,6 @@ # Vector -![Version: 0.19.0](https://img.shields.io/badge/Version-0.19.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.27.0-distroless-libc](https://img.shields.io/badge/AppVersion-0.27.0--distroless--libc-informational?style=flat-square) +![Version: 0.32.0](https://img.shields.io/badge/Version-0.32.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.37.0-distroless-libc](https://img.shields.io/badge/AppVersion-0.37.0--distroless--libc-informational?style=flat-square) [Vector](https://vector.dev/) is a high-performance, end-to-end observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and any other vendors you may want tomorrow. Vector enables dramatic cost reduction, novel data enrichment, and data security where you need it, not where is most convenient for your vendors. @@ -125,6 +125,7 @@ helm install --name \ |-----|------|---------|-------------| | affinity | object | `{}` | Configure [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) rules for Vector Pods. | | args | list | `["--config-dir","/etc/vector/"]` | Override Vector's default arguments. | +| autoscaling.annotations | object | `{}` | Annotations to add to Vector's HPA. | | autoscaling.behavior | object | `{}` | Configure separate scale-up and scale-down behaviors. | | autoscaling.customMetric | object | `{}` | Target a custom metric for autoscaling. | | autoscaling.enabled | bool | `false` | Create a [HorizontalPodAutoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for Vector. Valid for the "Aggregator" and "Stateless-Aggregator" roles. | @@ -137,12 +138,15 @@ helm install --name \ | containerPorts | list | `[]` | Manually define Vector's containerPorts, overriding automated generation of containerPorts. | | customConfig | object | `{}` | Override Vector's default configs, if used **all** options need to be specified. This section supports using helm templates to populate dynamic values. See Vector's [configuration documentation](https://vector.dev/docs/reference/configuration/) for all options. | | dataDir | string | `""` | Specify the path for Vector's data, only used when existingConfigMaps are used. | +| defaultVolumeMounts | list | See `values.yaml` | Default volume mounts. Corresponds to `volumes`. | +| defaultVolumes | list | See `values.yaml` | Default volumes that are mounted into pods. In most cases, these should not be changed. Use `extraVolumes`/`extraVolumeMounts` for additional custom volumes. | | dnsConfig | object | `{}` | Specify the [dnsConfig](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config) options for Vector Pods. | | dnsPolicy | string | `"ClusterFirst"` | Specify the [dnsPolicy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for Vector Pods. | | env | list | `[]` | Set environment variables for Vector containers. | | envFrom | list | `[]` | Define environment variables from Secrets or ConfigMaps. | | existingConfigMaps | list | `[]` | List of existing ConfigMaps for Vector's configuration instead of creating a new one. Requires dataDir to be set. Additionally, containerPorts, service.ports, and serviceHeadless.ports should be specified based on your supplied configuration. If set, this parameter takes precedence over customConfig and the chart's default configs. | | extraContainers | list | `[]` | Extra Containers to be added to the Vector Pods. | +| extraObjects | list | `[]` | Create extra manifests via values. Would be passed through `tpl` for templating. | | extraVolumeMounts | list | `[]` | Additional Volume to mount into Vector Containers. | | extraVolumes | list | `[]` | Additional Volumes to use with Vector Pods. | | fullnameOverride | string | `""` | Override the full name of resources. | @@ -159,12 +163,15 @@ helm install --name \ | initContainers | list | `[]` | Init Containers to be added to the Vector Pods. | | lifecycle | object | `{}` | Set lifecycle hooks for Vector containers. | | livenessProbe | object | `{}` | Override default liveness probe settings. If customConfig is used, requires customConfig.api.enabled to be set to true. | +| logLevel | string | `"info"` | | +| minReadySeconds | int | `0` | Specify the minimum number of seconds a newly spun up pod should wait to pass healthchecks before it is considered available. | | nameOverride | string | `""` | Override the name of resources. | | nodeSelector | object | `{}` | Configure a [nodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) for Vector Pods. | | persistence.accessModes | list | `["ReadWriteOnce"]` | Specifies the accessModes for PersistentVolumeClaims. Valid for the "Aggregator" role. | | persistence.enabled | bool | `false` | If true, create and use PersistentVolumeClaims. | | persistence.existingClaim | string | `""` | Name of an existing PersistentVolumeClaim to use. Valid for the "Aggregator" role. | | persistence.finalizers | list | `["kubernetes.io/pvc-protection"]` | Specifies the finalizers of PersistentVolumeClaims. Valid for the "Aggregator" role. | +| persistence.hostPath.enabled | bool | `true` | If true, use hostPath persistence. Valid for the "Agent" role, if it's disabled the "Agent" role will use emptyDir. | | persistence.hostPath.path | string | `"/var/lib/vector"` | Override path used for hostPath persistence. Valid for the "Agent" role, persistence is always used for the "Agent" role. | | persistence.selectors | object | `{}` | Specifies the selectors for PersistentVolumeClaims. Valid for the "Aggregator" role. | | persistence.size | string | `"10Gi"` | Specifies the size of PersistentVolumeClaims. Valid for the "Aggregator" role. | @@ -179,11 +186,14 @@ helm install --name \ | podMonitor.enabled | bool | `false` | If true, create a PodMonitor for Vector. | | podMonitor.honorLabels | bool | `false` | If true, honor_labels is set to true in the [scrape config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config). | | podMonitor.honorTimestamps | bool | `true` | If true, honor_timestamps is set to true in the [scrape config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config). | +| podMonitor.interval | string | `nil` | Override the interval at which metrics should be scraped. | | podMonitor.jobLabel | string | `"app.kubernetes.io/name"` | Override the label to retrieve the job name from. | | podMonitor.metricRelabelings | list | `[]` | [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion. | | podMonitor.path | string | `"/metrics"` | Override the path to scrape. | +| podMonitor.podTargetLabels | list | `[]` | [podTargetLabels](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitorSpec) transfers labels on the Kubernetes Pod onto the target. | | podMonitor.port | string | `"prom-exporter"` | Override the port to scrape. | | podMonitor.relabelings | list | `[]` | [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping. | +| podMonitor.scrapeTimeout | string | `nil` | Override the timeout after which the scrape is ended. | | podPriorityClassName | string | `""` | Set the [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) on Vector Pods. | | podSecurityContext | object | `{}` | Allows you to overwrite the default [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Vector Pods. | | psp.create | bool | `false` | If true, create a [PodSecurityPolicy](https://kubernetes.io/docs/concepts/security/pod-security-policy/) resource. PodSecurityPolicy is deprecated as of Kubernetes v1.21, and will be removed in v1.25. Intended for use with the "Agent" role. | @@ -198,6 +208,7 @@ helm install --name \ | service.annotations | object | `{}` | Set annotations on Vector's Service. | | service.enabled | bool | `true` | If true, create and provide a Service resource for Vector. | | service.externalTrafficPolicy | string | `""` | Specify the [externalTrafficPolicy](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip). | +| service.internalTrafficPolicy | string | `""` | Specify the [internalTrafficPolicy]https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy). | | service.ipFamilies | list | `[]` | Configure [IPv4/IPv6 dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | | service.ipFamilyPolicy | string | `""` | Configure [IPv4/IPv6 dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | | service.loadBalancerIP | string | `""` | Specify the [loadBalancerIP](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). | @@ -209,10 +220,12 @@ helm install --name \ | serviceAccount.create | bool | `true` | If true, create a ServiceAccount for Vector. | | serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. If not set and serviceAccount.create is true, a name is generated using the fullname template. | | serviceHeadless.enabled | bool | `true` | If true, create and provide a Headless Service resource for Vector. | +| shareProcessNamespace | bool | `false` | Specify the [shareProcessNamespace](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) options for Vector Pods. | | terminationGracePeriodSeconds | int | `60` | Override Vector's terminationGracePeriodSeconds. | | tolerations | list | `[]` | Configure Vector Pods to be scheduled on [tainted](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) nodes. | | topologySpreadConstraints | list | `[]` | Configure [topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) for Vector Pods. Valid for the "Aggregator" and "Stateless-Aggregator" roles. | | updateStrategy | object | `{}` | Customize the updateStrategy used to replace Vector Pods, this is also used for the DeploymentStrategy for the "Stateless-Aggregators". Valid options depend on the chosen role. | +| workloadResourceAnnotations | object | `{}` | Set annotations on the Vector DaemonSet, Deployment or StatefulSet. | ### HAProxy values @@ -235,7 +248,7 @@ helm install --name \ | haproxy.image.pullPolicy | string | `"IfNotPresent"` | HAProxy image pullPolicy. | | haproxy.image.pullSecrets | list | `[]` | The [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) to reference for the HAProxy Pods. | | haproxy.image.repository | string | `"haproxytech/haproxy-alpine"` | Override default registry and name for HAProxy. | -| haproxy.image.tag | string | `"2.4.17"` | The tag to use for HAProxy's image. | +| haproxy.image.tag | string | `"2.6.12"` | The tag to use for HAProxy's image. | | haproxy.initContainers | list | `[]` | Init Containers to be added to the HAProxy Pods. | | haproxy.livenessProbe | object | `{"tcpSocket":{"port":1024}}` | Override default HAProxy liveness probe settings. | | haproxy.nodeSelector | object | `{}` | Configure a [nodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) for HAProxy Pods | diff --git a/charts/vector/ci/aggregator-all-values.yaml b/charts/vector/ci/aggregator-all-values.yaml index 86bc5e7d1..131bb9e13 100644 --- a/charts/vector/ci/aggregator-all-values.yaml +++ b/charts/vector/ci/aggregator-all-values.yaml @@ -11,6 +11,10 @@ securityContext: runAsNonRoot: true runAsUser: 1000 +workloadResourceAnnotations: + kubernetes.io/description: "Vector aggregator deployment." + configmap.reloader.stakater.com/reload: additional-configmap + resources: requests: cpu: 200m diff --git a/charts/vector/docs/Migrate_from_vector-agent.md b/charts/vector/docs/Migrate_from_vector-agent.md index 631932253..8d7ab48a8 100644 --- a/charts/vector/docs/Migrate_from_vector-agent.md +++ b/charts/vector/docs/Migrate_from_vector-agent.md @@ -32,7 +32,7 @@ customConfig: excludes: [binfmt_misc] filesystems: excludes: [binfmt_misc] - mountPoints: + mountpoints: excludes: ["*/proc/sys/fs/binfmt_misc"] type: host_metrics internal_metrics: diff --git a/charts/vector/templates/_pod.tpl b/charts/vector/templates/_pod.tpl index 3d5b64fd5..51e1fb0d3 100644 --- a/charts/vector/templates/_pod.tpl +++ b/charts/vector/templates/_pod.tpl @@ -13,6 +13,9 @@ securityContext: {{- with .Values.podPriorityClassName }} priorityClassName: {{ . }} {{- end }} +{{- with .Values.shareProcessNamespace }} +shareProcessNamespace: {{ . }} +{{- end }} {{- with .Values.dnsPolicy }} dnsPolicy: {{ . }} {{- end }} @@ -49,6 +52,8 @@ containers: {{- toYaml . | nindent 6 }} {{- end }} env: + - name: VECTOR_LOG + value: "{{ .Values.logLevel | default "info" }}" {{- if .Values.env }} {{- with .Values.env }} {{- toYaml . | nindent 6 }} @@ -140,18 +145,9 @@ containers: mountPath: "/etc/vector/" readOnly: true {{- if (eq .Values.role "Agent") }} - - name: var-log - mountPath: "/var/log/" - readOnly: true - - name: var-lib - mountPath: "/var/lib" - readOnly: true - - name: procfs - mountPath: "/host/proc" - readOnly: true - - name: sysfs - mountPath: "/host/sys" - readOnly: true +{{- with .Values.defaultVolumeMounts }} +{{- toYaml . | nindent 6 }} +{{- end }} {{- end }} {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 6 }} @@ -201,20 +197,15 @@ volumes: {{- end }} {{- if (eq .Values.role "Agent") }} - name: data + {{- if .Values.persistence.hostPath.enabled }} hostPath: path: {{ .Values.persistence.hostPath.path | quote }} - - name: var-log - hostPath: - path: "/var/log/" - - name: var-lib - hostPath: - path: "/var/lib/" - - name: procfs - hostPath: - path: "/proc" - - name: sysfs - hostPath: - path: "/sys" + {{- else }} + emptyDir: {} + {{- end }} + {{- with .Values.defaultVolumes }} + {{- toYaml . | nindent 2 }} + {{- end }} {{- end }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 2 }} diff --git a/charts/vector/templates/configmap.yaml b/charts/vector/templates/configmap.yaml index a4cebbee2..a84db9a9d 100644 --- a/charts/vector/templates/configmap.yaml +++ b/charts/vector/templates/configmap.yaml @@ -69,7 +69,7 @@ data: excludes: [binfmt_misc] filesystems: excludes: [binfmt_misc] - mountPoints: + mountpoints: excludes: ["*/proc/sys/fs/binfmt_misc"] type: host_metrics internal_metrics: diff --git a/charts/vector/templates/daemonset.yaml b/charts/vector/templates/daemonset.yaml index 51cc01737..7c6bbf6ef 100644 --- a/charts/vector/templates/daemonset.yaml +++ b/charts/vector/templates/daemonset.yaml @@ -5,10 +5,13 @@ metadata: name: {{ include "vector.fullname" . }} labels: {{- include "vector.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.workloadResourceAnnotations | nindent 4 }} spec: selector: matchLabels: {{- include "vector.selectorLabels" . | nindent 6 }} + minReadySeconds: {{ .Values.minReadySeconds }} {{- with .Values.updateStrategy }} updateStrategy: {{- toYaml . | nindent 4 }} diff --git a/charts/vector/templates/deployment.yaml b/charts/vector/templates/deployment.yaml index 0ff098142..20a39ff84 100644 --- a/charts/vector/templates/deployment.yaml +++ b/charts/vector/templates/deployment.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "vector.fullname" . }} labels: {{- include "vector.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.workloadResourceAnnotations | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicas }} @@ -12,6 +14,7 @@ spec: selector: matchLabels: {{- include "vector.selectorLabels" . | nindent 6 }} + minReadySeconds: {{ .Values.minReadySeconds }} {{- with .Values.updateStrategy }} strategy: {{- toYaml . | nindent 4 }} diff --git a/charts/vector/templates/extra-manifests.yaml b/charts/vector/templates/extra-manifests.yaml new file mode 100644 index 000000000..a9bb3b6ba --- /dev/null +++ b/charts/vector/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/charts/vector/templates/hpa.yaml b/charts/vector/templates/hpa.yaml index d9c44a64f..aa6613875 100644 --- a/charts/vector/templates/hpa.yaml +++ b/charts/vector/templates/hpa.yaml @@ -6,6 +6,8 @@ metadata: name: {{ include "vector.fullname" . }} labels: {{- include "vector.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.autoscaling.annotations | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/vector/templates/podmonitor.yaml b/charts/vector/templates/podmonitor.yaml index f82ab375f..ceece5402 100644 --- a/charts/vector/templates/podmonitor.yaml +++ b/charts/vector/templates/podmonitor.yaml @@ -16,9 +16,19 @@ spec: namespaceSelector: matchNames: - {{ .Release.Namespace }} + {{- with .Values.podMonitor.podTargetLabels }} + podTargetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} podMetricsEndpoints: - port: {{ .Values.podMonitor.port }} path: {{ .Values.podMonitor.path }} + {{- if .Values.podMonitor.interval }} + interval: {{ .Values.podMonitor.interval }} + {{- end }} + {{- if .Values.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.podMonitor.scrapeTimeout }} + {{- end }} honorLabels: {{ .Values.podMonitor.honorLabels }} honorTimestamps: {{ .Values.podMonitor.honorTimestamps }} {{- with .Values.podMonitor.relabelings }} diff --git a/charts/vector/templates/service-headless.yaml b/charts/vector/templates/service-headless.yaml index f258563e7..6d0d69f6d 100644 --- a/charts/vector/templates/service-headless.yaml +++ b/charts/vector/templates/service-headless.yaml @@ -18,6 +18,9 @@ spec: {{- if .Values.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} {{- end }} +{{- if .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }} +{{- end }} {{- if .Values.service.ipFamilies }} {{- with .Values.service.ipFamilies }} ipFamilies: @@ -82,6 +85,9 @@ spec: {{- if .Values.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} {{- end }} +{{- if .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }} +{{- end }} {{- if .Values.service.ipFamilies }} {{- with .Values.service.ipFamilies }} ipFamilies: diff --git a/charts/vector/templates/statefulset.yaml b/charts/vector/templates/statefulset.yaml index 09db5c17b..35863c865 100644 --- a/charts/vector/templates/statefulset.yaml +++ b/charts/vector/templates/statefulset.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "vector.fullname" . }} labels: {{- include "vector.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.workloadResourceAnnotations | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicas }} @@ -13,6 +15,9 @@ spec: selector: matchLabels: {{- include "vector.selectorLabels" . | nindent 6 }} + {{- if semverCompare ">=1.22-0" .Capabilities.KubeVersion.GitVersion }} + minReadySeconds: {{ .Values.minReadySeconds }} + {{- end }} {{- with .Values.updateStrategy }} updateStrategy: {{- toYaml . | nindent 4 }} @@ -48,7 +53,9 @@ spec: name: data spec: accessModes: {{ .Values.persistence.accessModes }} + {{- if .Values.persistence.storageClassName }} storageClassName: {{ .Values.persistence.storageClassName }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size }} diff --git a/charts/vector/values.yaml b/charts/vector/values.yaml index c31aa3121..45cfb0da0 100644 --- a/charts/vector/values.yaml +++ b/charts/vector/values.yaml @@ -61,6 +61,8 @@ autoscaling: # autoscaling.enabled -- Create a [HorizontalPodAutoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) # for Vector. Valid for the "Aggregator" and "Stateless-Aggregator" roles. enabled: false + # autoscaling.annotations -- Annotations to add to Vector's HPA. + annotations: {} # autoscaling.minReplicas -- Minimum replicas for Vector's HPA. minReplicas: 1 # autoscaling.maxReplicas -- Maximum replicas for Vector's HPA. @@ -131,6 +133,9 @@ podHostNetwork: false # for Vector Pods. podSecurityContext: {} +# workloadResourceAnnotations -- Set annotations on the Vector DaemonSet, Deployment or StatefulSet. +workloadResourceAnnotations: {} + # securityContext -- Specify securityContext on Vector containers. securityContext: {} @@ -180,6 +185,11 @@ lifecycle: {} # - /bin/sleep # - "10" + +# minReadySeconds -- Specify the minimum number of seconds a newly spun up pod should wait to +# pass healthchecks before it is considered available. +minReadySeconds: 0 + # updateStrategy -- Customize the updateStrategy used to replace Vector Pods, this is also used for the # DeploymentStrategy for the "Stateless-Aggregators". Valid options depend on the chosen role. @@ -229,6 +239,8 @@ service: ports: [] # service.externalTrafficPolicy -- Specify the [externalTrafficPolicy](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip). externalTrafficPolicy: "" + # service.internalTrafficPolicy -- Specify the [internalTrafficPolicy]https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy). + internalTrafficPolicy: "" # service.loadBalancerIP -- Specify the [loadBalancerIP](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). loadBalancerIP: "" # service.ipFamilyPolicy -- Configure [IPv4/IPv6 dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). @@ -298,6 +310,39 @@ customConfig: {} # encoding: # codec: json +# defaultVolumes -- Default volumes that are mounted into pods. In most cases, these should not be changed. +# Use `extraVolumes`/`extraVolumeMounts` for additional custom volumes. +# @default -- See `values.yaml` +defaultVolumes: + - name: var-log + hostPath: + path: "/var/log/" + - name: var-lib + hostPath: + path: "/var/lib/" + - name: procfs + hostPath: + path: "/proc" + - name: sysfs + hostPath: + path: "/sys" + +# defaultVolumeMounts -- Default volume mounts. Corresponds to `volumes`. +# @default -- See `values.yaml` +defaultVolumeMounts: + - name: var-log + mountPath: "/var/log/" + readOnly: true + - name: var-lib + mountPath: "/var/lib" + readOnly: true + - name: procfs + mountPath: "/host/proc" + readOnly: true + - name: sysfs + mountPath: "/host/sys" + readOnly: true + # extraVolumes -- Additional Volumes to use with Vector Pods. extraVolumes: [] @@ -332,6 +377,9 @@ persistence: selectors: {} hostPath: + # persistence.hostPath.enabled -- If true, use hostPath persistence. Valid for the "Agent" role, if it's disabled + # the "Agent" role will use emptyDir. + enabled: true # persistence.hostPath.path -- Override path used for hostPath persistence. Valid for the "Agent" role, persistence # is always used for the "Agent" role. path: "/var/lib/vector" @@ -353,6 +401,10 @@ dnsConfig: {} # value: "2" # - name: edns0 +# shareProcessNamespace -- Specify the [shareProcessNamespace](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) +# options for Vector Pods. +shareProcessNamespace: false + # livenessProbe -- Override default liveness probe settings. If customConfig is used, requires customConfig.api.enabled # to be set to true. livenessProbe: {} @@ -377,12 +429,19 @@ podMonitor: port: prom-exporter # podMonitor.path -- Override the path to scrape. path: /metrics + # podMonitor.interval -- Override the interval at which metrics should be scraped. + interval: + # podMonitor.scrapeTimeout -- Override the timeout after which the scrape is ended. + scrapeTimeout: # podMonitor.relabelings -- [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) # to apply to samples before scraping. relabelings: [] # podMonitor.metricRelabelings -- [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) # to apply to samples before ingestion. metricRelabelings: [] + # podMonitor.podTargetLabels -- [podTargetLabels](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitorSpec) + # transfers labels on the Kubernetes Pod onto the target. + podTargetLabels: [] # podMonitor.additionalLabels -- Adds additional labels to the PodMonitor. additionalLabels: {} # podMonitor.honorLabels -- If true, honor_labels is set to true in the [scrape config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config). @@ -390,7 +449,10 @@ podMonitor: # podMonitor.honorTimestamps -- If true, honor_timestamps is set to true in the [scrape config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config). honorTimestamps: true -# Optional built-in HAProxy load. +# Log level for Vector. +logLevel: "info" + +# Optional built-in HAProxy load balancer. haproxy: # haproxy.enabled -- If true, create a HAProxy load balancer. enabled: false @@ -405,7 +467,7 @@ haproxy: # to reference for the HAProxy Pods. pullSecrets: [] # haproxy.image.tag -- The tag to use for HAProxy's image. - tag: "2.4.17" + tag: "2.6.12" # haproxy.rollWorkload -- Add a checksum of the generated ConfigMap to the HAProxy Deployment. rollWorkload: true @@ -558,3 +620,15 @@ haproxy: # haproxy.affinity -- Configure [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) # rules for HAProxy Pods. affinity: {} + +# extraObjects -- Create extra manifests via values. Would be passed through `tpl` for templating. +extraObjects: [] + # - apiVersion: v1 + # kind: ConfigMap + # metadata: + # name: vector-dashboards + # labels: + # grafana_dashboard: "1" + # data: + # vector.json: | + # {{ .Files.Get "dashboards/vector.json" | fromJson | toJson }} diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index 0b3860eb6..a04c465df 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -13,7 +13,7 @@ # under the License. _atmosphere_images: - alertmanager: quay.io/prometheus/alertmanager:v0.26.0 + alertmanager: quay.io/prometheus/alertmanager:v0.27.0 barbican_api: registry.atmosphere.dev/library/barbican:zed barbican_db_sync: registry.atmosphere.dev/library/barbican:zed bootstrap: registry.atmosphere.dev/library/heat:zed @@ -58,8 +58,8 @@ _atmosphere_images: glance_metadefs_load: registry.atmosphere.dev/library/glance:zed glance_registry: registry.atmosphere.dev/library/glance:zed glance_storage_init: registry.atmosphere.dev/library/glance:zed - grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.25.2 - grafana: docker.io/grafana/grafana:10.3.3 + grafana_sidecar: quay.io/kiwigrid/k8s-sidecar:1.26.1 + grafana: docker.io/grafana/grafana:10.4.0 haproxy: docker.io/library/haproxy:2.5 heat_api: registry.atmosphere.dev/library/heat:zed heat_cfn: registry.atmosphere.dev/library/heat:zed @@ -92,15 +92,15 @@ _atmosphere_images: kube_etcd: registry.k8s.io/etcd:3.5.6-0 kube_proxy: registry.k8s.io/kube-proxy:v1.22.17 kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17 - kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1 + kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 kubectl: docker.io/bitnami/kubectl:1.27.3 libvirt: registry.atmosphere.dev/library/libvirtd:zed libvirt_tls_sidecar: registry.atmosphere.dev/library/libvirt-tls-sidecar:zed libvirt_exporter: docker.io/vexxhost/libvirtd-exporter:latest local_path_provisioner_helper: docker.io/library/busybox:1.36.0 local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24 - loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine - loki: docker.io/grafana/loki:2.7.3 + loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.24-alpine + loki: docker.io/grafana/loki:2.9.6 magnum_api: registry.atmosphere.dev/library/magnum:zed magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:zed magnum_conductor: registry.atmosphere.dev/library/magnum:zed @@ -167,7 +167,7 @@ _atmosphere_images: percona_version_service: docker.io/perconalab/version-service:main-3325140 placement_db_sync: registry.atmosphere.dev/library/placement:zed placement: registry.atmosphere.dev/library/placement:zed - prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2 + prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0 prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0 prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0 @@ -175,9 +175,9 @@ _atmosphere_images: prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0 prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0 prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 - prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.71.2 + prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.0 prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2 - prometheus: quay.io/prometheus/prometheus:v2.49.1 + prometheus: quay.io/prometheus/prometheus:v2.51.1 rabbit_init: docker.io/library/rabbitmq:3.10.2-management rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1 rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2 @@ -195,7 +195,7 @@ _atmosphere_images: staffeln_conductor: registry.atmosphere.dev/library/staffeln:zed staffeln_api: registry.atmosphere.dev/library/staffeln:zed tempest_run_tests: registry.atmosphere.dev/library/tempest:zed - vector: docker.io/timberio/vector:0.27.0-debian + vector: docker.io/timberio/vector:0.37.0-debian atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True) }}' diff --git a/vendir.lock.yml b/vendir.lock.yml index c18a5f08a..1e3293308 100644 --- a/vendir.lock.yml +++ b/vendir.lock.yml @@ -58,8 +58,8 @@ directories: version: 0.3.5 path: keystone - helmChart: - appVersion: v0.71.2 - version: 56.9.0 + appVersion: v0.73.0 + version: 58.0.0 path: kube-prometheus-stack - helmChart: appVersion: v1.0.0 @@ -72,8 +72,8 @@ directories: - v0.0.24 path: local-path-provisioner - helmChart: - appVersion: 2.7.3 - version: 4.6.1 + appVersion: 2.9.6 + version: 5.47.2 path: loki - helmChart: appVersion: v1.0.0 @@ -146,8 +146,8 @@ directories: version: 0.2.8 path: tempest - helmChart: - appVersion: 0.27.0-distroless-libc - version: 0.19.0 + appVersion: 0.37.0-distroless-libc + version: 0.32.0 path: vector path: charts kind: LockConfig diff --git a/vendir.yml b/vendir.yml index 4c820cee6..a089a59f5 100644 --- a/vendir.yml +++ b/vendir.yml @@ -90,7 +90,7 @@ directories: - path: kube-prometheus-stack helmChart: name: kube-prometheus-stack - version: 56.9.0 + version: 58.0.0 repository: url: https://prometheus-community.github.io/helm-charts - path: libvirt @@ -107,7 +107,7 @@ directories: - path: loki helmChart: name: loki - version: 4.6.1 + version: 5.47.2 repository: url: https://grafana.github.io/helm-charts - path: magnum @@ -217,7 +217,7 @@ directories: - path: vector helmChart: name: vector - version: 0.19.0 + version: 0.32.0 repository: url: https://vectordotdev.github.io/helm-charts From 09467451d885a38316aa543013da3f47e20ef2fc Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 13 Apr 2024 14:48:15 -0400 Subject: [PATCH 09/45] [stable/zed] Add missing noVNC (#1099) --- images/nova/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile index 36961bf34..7f4a9dd99 100644 --- a/images/nova/Dockerfile +++ b/images/nova/Dockerfile @@ -23,6 +23,7 @@ pip3 install \ EOF FROM registry.atmosphere.dev/library/openstack-python-runtime:zed +ADD https://github.com/novnc/noVNC.git#v1.4.0 /usr/share/novnc RUN < Date: Sun, 14 Apr 2024 21:59:06 -0400 Subject: [PATCH 10/45] [stable/zed] Add missing mount for OVN metadata agent (#1115) This is an automated cherry-pick of #1109 /assign mnaser --- .../templates/daemonset-ovn-metadata-agent.yaml | 3 +++ .../0002-add-missing-ovn-hostpath-mount.patch | 14 ++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 charts/patches/neutron/0002-add-missing-ovn-hostpath-mount.patch diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml index 598c74c08..431758d76 100644 --- a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml +++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml @@ -220,6 +220,9 @@ spec: - name: run hostPath: path: /run + - name: run-openvswitch + hostPath: + path: /run/openvswitch - name: neutron-bin configMap: name: neutron-bin diff --git a/charts/patches/neutron/0002-add-missing-ovn-hostpath-mount.patch b/charts/patches/neutron/0002-add-missing-ovn-hostpath-mount.patch new file mode 100644 index 000000000..2e5e1ba49 --- /dev/null +++ b/charts/patches/neutron/0002-add-missing-ovn-hostpath-mount.patch @@ -0,0 +1,14 @@ +diff --git a/neutron/templates/daemonset-ovn-metadata-agent.yaml b/neutron/templates/daemonset-ovn-metadata-agent.yaml +index f6dde55b..5c2999cf 100644 +--- a/neutron/templates/daemonset-ovn-metadata-agent.yaml ++++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml +@@ -220,6 +220,9 @@ spec: + - name: run + hostPath: + path: /run ++ - name: run-openvswitch ++ hostPath: ++ path: /run/openvswitch + - name: neutron-bin + configMap: + name: neutron-bin From e4436b49cd15b8dc6c5fe1282f750eef59941a74 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Mon, 15 Apr 2024 17:57:11 -0400 Subject: [PATCH 11/45] [stable/zed] Implement tooling to sync Helm charts (#1108) Pin chart requirements Refactor godaddy-webhook chart name Sync Neutron with Gerrit #914886 Drop language changes in tox.ini Pin all charts with a simplified tool Add linter job to make sure charts are synced --- .ansible-lint | 1 - .charts.yml | 269 +++++ .github/workflows/lint.yml | 26 - .pre-commit-config.yaml | 13 +- build/sync-charts.py | 273 +++++ .../charts/helm-toolkit/requirements.lock | 3 + charts/cinder/requirements.lock | 6 +- charts/cinder/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/designate/requirements.lock | 6 +- charts/designate/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/glance/requirements.lock | 6 +- charts/glance/requirements.yaml | 18 +- .../.helmignore | 0 .../Chart.yaml | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../templates/apiservice.yaml | 0 .../templates/deployment.yaml | 0 .../templates/pki.yaml | 0 .../templates/rbac.yaml | 0 .../templates/service.yaml | 0 .../values.yaml | 0 .../charts/helm-toolkit/requirements.lock | 3 + charts/heat/requirements.lock | 6 +- charts/heat/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/horizon/requirements.lock | 6 +- charts/horizon/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/keystone/requirements.lock | 6 +- charts/keystone/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 2 +- charts/libvirt/requirements.lock | 6 +- charts/libvirt/requirements.yaml | 20 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/magnum/requirements.lock | 6 +- charts/magnum/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/manila/requirements.lock | 6 +- charts/manila/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/neutron/requirements.lock | 6 +- charts/neutron/requirements.yaml | 18 +- .../daemonset-ovn-metadata-agent.yaml | 4 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/nova/requirements.lock | 6 +- charts/nova/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/octavia/requirements.lock | 6 +- charts/octavia/requirements.yaml | 20 +- .../charts/helm-toolkit/requirements.lock | 2 +- charts/openvswitch/requirements.lock | 6 +- charts/openvswitch/requirements.yaml | 20 +- .../ovn/charts/helm-toolkit/requirements.lock | 2 +- charts/ovn/requirements.lock | 6 +- charts/ovn/requirements.yaml | 20 +- .../cinder/0001-tune-uwsgi-config.patch | 25 + .../designate/0001-tune-uwsgi-config.patch | 25 + .../glance/0001-tune-uwsgi-config.patch | 25 + .../patches/heat/0001-tune-uwsgi-config.patch | 46 + .../0001-use-libvirt-tls-sidecar.patch | 398 +++++++ .../magnum/0001-tune-uwsgi-config.patch | 25 + .../manila/0001-tune-uwsgi-config.patch | 25 + .../patches/nova/0001-tune-uwsgi-config.patch | 46 + .../octavia/0001-tune-uwsgi-config.patch | 25 + .../ovn/0001-switch-to-ovn-kubernetes.patch | 1015 +++++++++++++++++ .../placement/0001-tune-uwsgi-config.patch | 25 + .../senlin/0001-tune-uwsgi-config.patch | 25 + .../tempest/0001-mount-results-locally.patch | 23 + .../charts/helm-toolkit/requirements.lock | 3 + charts/placement/requirements.lock | 6 +- charts/placement/requirements.yaml | 20 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/senlin/requirements.lock | 6 +- charts/senlin/requirements.yaml | 18 +- .../charts/helm-toolkit/requirements.lock | 3 + charts/tempest/requirements.lock | 6 +- charts/tempest/requirements.yaml | 18 +- flake.nix | 2 +- hack/sync-charts.sh | 158 --- roles/cluster_issuer/defaults/main.yml | 4 +- tox.ini | 25 +- vendir.lock.yml | 153 --- vendir.yml | 395 ------- zuul.d/jobs.yaml | 5 + zuul.d/playbooks/linters/pre.yml | 24 + zuul.d/project.yaml | 2 + 89 files changed, 2479 insertions(+), 1069 deletions(-) create mode 100644 .charts.yml delete mode 100644 .github/workflows/lint.yml create mode 100644 build/sync-charts.py create mode 100644 charts/cinder/charts/helm-toolkit/requirements.lock create mode 100644 charts/designate/charts/helm-toolkit/requirements.lock create mode 100644 charts/glance/charts/helm-toolkit/requirements.lock rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/.helmignore (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/Chart.yaml (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/templates/NOTES.txt (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/templates/_helpers.tpl (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/templates/apiservice.yaml (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/templates/deployment.yaml (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/templates/pki.yaml (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/templates/rbac.yaml (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/templates/service.yaml (100%) rename charts/{cert-manager-webhook-godaddy => godaddy-webhook}/values.yaml (100%) create mode 100644 charts/heat/charts/helm-toolkit/requirements.lock create mode 100644 charts/horizon/charts/helm-toolkit/requirements.lock create mode 100644 charts/keystone/charts/helm-toolkit/requirements.lock create mode 100644 charts/magnum/charts/helm-toolkit/requirements.lock create mode 100644 charts/manila/charts/helm-toolkit/requirements.lock create mode 100644 charts/neutron/charts/helm-toolkit/requirements.lock create mode 100644 charts/nova/charts/helm-toolkit/requirements.lock create mode 100644 charts/octavia/charts/helm-toolkit/requirements.lock create mode 100644 charts/patches/cinder/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/designate/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/glance/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/heat/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/libvirt/0001-use-libvirt-tls-sidecar.patch create mode 100644 charts/patches/magnum/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/manila/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/nova/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/octavia/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch create mode 100644 charts/patches/placement/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/senlin/0001-tune-uwsgi-config.patch create mode 100644 charts/patches/tempest/0001-mount-results-locally.patch create mode 100644 charts/placement/charts/helm-toolkit/requirements.lock create mode 100644 charts/senlin/charts/helm-toolkit/requirements.lock create mode 100644 charts/tempest/charts/helm-toolkit/requirements.lock delete mode 100755 hack/sync-charts.sh delete mode 100644 vendir.lock.yml delete mode 100644 vendir.yml create mode 100644 zuul.d/playbooks/linters/pre.yml diff --git a/.ansible-lint b/.ansible-lint index c21cd671d..99ed62575 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -8,7 +8,6 @@ exclude_paths: - plugins/filter - roles/defaults/vars/main.yml - roles/kube_prometheus_stack/files/jsonnet - - vendir.lock.yml mock_roles: - opendev.container_registry diff --git a/.charts.yml b/.charts.yml new file mode 100644 index 000000000..a4ff95aa6 --- /dev/null +++ b/.charts.yml @@ -0,0 +1,269 @@ +charts: + - name: barbican + version: 0.3.6 + repository: + url: https://tarballs.openstack.org/openstack-helm + - name: ceph-csi-rbd + version: 3.5.1 + repository: + url: https://ceph.github.io/csi-charts + - name: ceph-provisioners + version: 0.1.8 + repository: + url: https://tarballs.openstack.org/openstack-helm-infra + - name: godaddy-webhook + version: 0.3.0 + repository: + url: https://snowdrop.github.io/godaddy-webhook + - name: cert-manager-webhook-infoblox-wapi + version: 1.5.2 + repository: + url: https://luisico.github.io/cert-manager-webhook-infoblox-wapi + - name: cinder + version: 0.3.15 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899814 + - name: coredns + version: 1.19.4 + repository: + url: https://coredns.github.io/helm + - name: designate + version: 0.2.9 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899932 + - name: glance + version: 0.4.15 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899864 + - name: heat + version: 0.3.7 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899931 + - name: horizon + version: 0.3.15 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + - name: ingress-nginx + version: 4.0.17 + repository: + url: https://kubernetes.github.io/ingress-nginx + - name: keycloak + version: 16.0.3 + repository: + url: https://charts.bitnami.com/bitnami + - name: keystone + version: 0.3.5 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899867 + - name: kube-prometheus-stack + version: 58.0.0 + repository: + url: https://prometheus-community.github.io/helm-charts + - name: libvirt + version: 0.1.27 + repository: + url: https://tarballs.openstack.org/openstack-helm-infra + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.56 + patches: + gerrit: + review.opendev.org: + - 893406 + - name: loki + version: 5.47.2 + repository: + url: https://grafana.github.io/helm-charts + - name: magnum + version: 0.2.9 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899926 + - name: manila + version: 0.1.7 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 883168 + - 899923 + - name: memcached + version: 0.1.12 + repository: + url: https://tarballs.openstack.org/openstack-helm-infra + - name: neutron + version: 0.3.29 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 902767 + - 914886 + - name: node-feature-discovery + version: 0.11.2 + repository: + url: https://kubernetes-sigs.github.io/node-feature-discovery/charts + - name: nova + version: 0.3.27 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899809 + - 904250 + - name: octavia + version: 0.2.9 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899918 + - name: openvswitch + version: 0.1.19 + repository: + url: https://tarballs.openstack.org/openstack-helm-infra + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.56 + - name: ovn + version: 0.1.4 + repository: + url: https://tarballs.openstack.org/openstack-helm-infra + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.56 + patches: + gerrit: + review.opendev.org: + - 893739 + - 914807 + - name: placement + version: 0.3.9 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899914 + - name: prometheus-pushgateway + version: 1.16.0 + repository: + url: https://prometheus-community.github.io/helm-charts + - name: pxc-operator + version: 1.13.3 + repository: + url: https://percona.github.io/percona-helm-charts + - name: rabbitmq-cluster-operator + version: 2.6.6 + repository: + url: https://charts.bitnami.com/bitnami + - name: rook-ceph + version: 1.10.10 + repository: + url: https://charts.rook.io/release + - name: rook-ceph-cluster + version: 1.10.10 + repository: + url: https://charts.rook.io/release + - name: senlin + version: 0.2.9 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + patches: + gerrit: + review.opendev.org: + - 899913 + - name: tempest + version: 0.2.8 + repository: + url: https://tarballs.openstack.org/openstack-helm + dependencies: + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 + - name: vector + version: 0.32.0 + repository: + url: https://vectordotdev.github.io/helm-charts diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 5ef716e83..000000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: lint -on: - pull_request: - -jobs: - Pre-commit: - runs-on: ubuntu-latest - steps: - - name: Checkout project - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - - name: Setup Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 - - - name: Get Python info - id: python_info - run: echo info=$(python -VV | sha256sum | cut -d' ' -f1) >> $GITHUB_OUTPUT - - - name: Create pre-commit cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 - with: - path: ~/.cache/pre-commit - key: pre-commit|${{ steps.python_info.outputs.info }}|${{ hashFiles('.pre-commit-config.yaml') }} - - - name: Setup pre-commit - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 60a07567d..f42c49e25 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,24 +9,17 @@ repos: - id: trailing-whitespace exclude: ^images/.*/patches/.*\.patch$ - - repo: https://github.com/compilerla/conventional-pre-commit - rev: v2.0.0 - hooks: - - id: conventional-pre-commit - stages: - - commit-msg - - repo: https://github.com/psf/black - rev: 22.8.0 + rev: 24.4.0 hooks: - id: black - repo: https://github.com/pycqa/flake8 - rev: 5.0.4 + rev: 7.0.0 hooks: - id: flake8 - repo: https://github.com/pycqa/isort - rev: 5.12.0 + rev: 5.13.2 hooks: - id: isort diff --git a/build/sync-charts.py b/build/sync-charts.py new file mode 100644 index 000000000..ce32da072 --- /dev/null +++ b/build/sync-charts.py @@ -0,0 +1,273 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import asyncio +import os +import pathlib +import textwrap +from datetime import datetime, timezone + +import aiopath +import aioshutil +import platformdirs +from asynctempfile import NamedTemporaryFile +from gerrit import GerritClient +from pydantic import BaseModel, HttpUrl, PrivateAttr +from pydantic_yaml import parse_yaml_file_as, to_yaml_file + + +class ChartRepository(BaseModel): + url: HttpUrl + + @property + def name(self): + return self.url.host.replace(".", "-") + self.url.path.replace("/", "-") + + +class ChartPatches(BaseModel): + gerrit: dict[str, list[int]] = {} + + +class ChartDependency(BaseModel): + name: str + repository: HttpUrl + version: str + + +class ChartRequirements(BaseModel): + dependencies: list[ChartDependency] = [] + + +class ChartLock(BaseModel): + dependencies: list[ChartDependency] = [] + digest: str + generated: datetime + + class Config: + json_encoders = { + "generated": lambda dt: dt.isoformat(), + } + + +class Chart(BaseModel): + name: str + version: str + repository: ChartRepository + dependencies: list[ChartDependency] = [] + patches: ChartPatches = ChartPatches() + + +async def patch(input: bytes, path: aiopath.AsyncPath): + async with NamedTemporaryFile() as temp_file: + await temp_file.write( + textwrap.dedent( + f"""\ + {path.name}/* + """ + ) + .strip() + .encode() + ) + await temp_file.flush() + + proc = await asyncio.create_subprocess_shell( + f"filterdiff -p1 -I {temp_file.name}", + stdin=asyncio.subprocess.PIPE, + stdout=asyncio.subprocess.PIPE, + stderr=asyncio.subprocess.PIPE, + ) + stdout, stderr = await proc.communicate(input=input) + if proc.returncode != 0: + raise Exception(stderr) + + async with NamedTemporaryFile() as temp_file: + await temp_file.write( + textwrap.dedent( + f"""\ + {path.name}/Chart.yaml + """ + ) + .strip() + .encode() + ) + await temp_file.flush() + + proc = await asyncio.create_subprocess_shell( + f"filterdiff -p1 -X {temp_file.name}", + stdin=asyncio.subprocess.PIPE, + stdout=asyncio.subprocess.PIPE, + stderr=asyncio.subprocess.PIPE, + ) + stdout, stderr = await proc.communicate(input=stdout) + if proc.returncode != 0: + raise Exception(stderr) + + proc = await asyncio.create_subprocess_shell( + f"patch -p2 -d {path} -E", + stdin=asyncio.subprocess.PIPE, + stdout=asyncio.subprocess.PIPE, + stderr=asyncio.subprocess.PIPE, + ) + stdout, stderr = await proc.communicate(input=stdout) + if proc.returncode != 0: + raise Exception(stdout) + + +class Config(BaseModel): + charts: list[Chart] + + _workspace: pathlib.Path = PrivateAttr( + default=pathlib.Path( + platformdirs.user_cache_dir("atmosphere-sync-charts", "vexxhost") + ) + ) + + @property + def repositories(self): + repositories = [] + + for chart in self.charts: + if chart.repository in repositories: + continue + repositories.append(chart.repository) + + return repositories + + async def _helm(self, args: list[str]): + proc = await asyncio.create_subprocess_shell( + f"helm {' '.join(args)}", + env={**dict(os.environ), **{"HOME": str(self._workspace)}}, + ) + await proc.communicate() + if proc.returncode != 0: + raise Exception(f"helm {' '.join(args)} failed") + + async def _fetch_chart(self, chart: Chart, path="charts"): + charts_path: aiopath.AsyncPath = aiopath.AsyncPath(path) + chart_path = charts_path / chart.name + + try: + await aioshutil.rmtree(f"{path}/{chart.name}-{chart.version}") + except FileNotFoundError: + pass + + try: + try: + os.rename( + f"{path}/{chart.name}", f"{path}/{chart.name}-{chart.version}" + ) + except FileNotFoundError: + pass + + await self._helm( + [ + "fetch", + "--untar", + f"--destination={path}", + f"{chart.repository.name}/{chart.name}", + f"--version={chart.version}", + ] + ) + except Exception: + os.rename(f"{path}/{chart.name}-{chart.version}", f"{path}/{chart.name}") + raise + + try: + await aioshutil.rmtree(f"{path}/{chart.name}-{chart.version}") + except FileNotFoundError: + pass + + if chart.dependencies: + requirements = ChartRequirements(dependencies=chart.dependencies) + to_yaml_file(f"{path}/{chart.name}/requirements.yaml", requirements) + + await asyncio.gather( + *[ + aioshutil.rmtree(f"{path}/{chart.name}/charts/{req.name}") + for req in chart.dependencies + ] + ) + + await self._helm( + ["dependency", "update", "--skip-refresh", f"{path}/{chart.name}"] + ) + + await asyncio.gather( + *[ + aioshutil.unpack_archive( + f"{path}/{chart.name}/charts/{req.name}-{req.version}.tgz", + f"{path}/{chart.name}/charts", + ) + for req in chart.dependencies + ] + ) + + await asyncio.gather( + *[ + (chart_path / "charts" / f"{req.name}-{req.version}.tgz").unlink() + for req in chart.dependencies + ] + ) + + for req in chart.dependencies: + lock = parse_yaml_file_as( + ChartLock, + f"{path}/{chart.name}/charts/{req.name}/requirements.lock", + ) + lock.generated = datetime.min.replace(tzinfo=timezone.utc) + to_yaml_file( + f"{path}/{chart.name}/charts/{req.name}/requirements.lock", lock + ) + + # Reset the generated time in the lock file to make things reproducible + lock = parse_yaml_file_as( + ChartLock, f"{path}/{chart.name}/requirements.lock" + ) + lock.generated = datetime.min.replace(tzinfo=timezone.utc) + to_yaml_file(f"{path}/{chart.name}/requirements.lock", lock) + + for gerrit, changes in chart.patches.gerrit.items(): + client = GerritClient(base_url=f"https://{gerrit}") + + for change_id in changes: + change = client.changes.get(change_id) + gerrit_patch = change.get_revision().get_patch(decode=True) + await patch(input=gerrit_patch.encode(), path=chart_path) + + patches_path = charts_path / "patches" / chart.name + if await patches_path.exists(): + async for patch_path in patches_path.glob("*.patch"): + async with patch_path.open(mode="rb") as patch_file: + patch_data = await patch_file.read() + await patch(input=patch_data, path=chart_path) + + async def fetch_charts(self): + await asyncio.gather( + *[ + self._helm(["repo", "add", repo.name, str(repo.url)]) + for repo in self.repositories + ] + ) + await self._helm(["repo", "update"]) + + await asyncio.gather(*[self._fetch_chart(chart) for chart in self.charts]) + + +async def main(): + config = parse_yaml_file_as(Config, ".charts.yml") + await config.fetch_charts() + + +if __name__ == "__main__": + asyncio.run(main()) diff --git a/charts/cinder/charts/helm-toolkit/requirements.lock b/charts/cinder/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/cinder/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/cinder/requirements.lock b/charts/cinder/requirements.lock index 67c521328..e346dde68 100644 --- a/charts/cinder/requirements.lock +++ b/charts/cinder/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:14:58.592049716Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/cinder/requirements.yaml b/charts/cinder/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/cinder/requirements.yaml +++ b/charts/cinder/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/designate/charts/helm-toolkit/requirements.lock b/charts/designate/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/designate/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/designate/requirements.lock b/charts/designate/requirements.lock index b454b9323..e346dde68 100644 --- a/charts/designate/requirements.lock +++ b/charts/designate/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:14:54.685042515Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/designate/requirements.yaml b/charts/designate/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/designate/requirements.yaml +++ b/charts/designate/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/glance/charts/helm-toolkit/requirements.lock b/charts/glance/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/glance/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/glance/requirements.lock b/charts/glance/requirements.lock index 10059165f..e346dde68 100644 --- a/charts/glance/requirements.lock +++ b/charts/glance/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-09T15:11:39.317300744Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/glance/requirements.yaml b/charts/glance/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/glance/requirements.yaml +++ b/charts/glance/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/cert-manager-webhook-godaddy/.helmignore b/charts/godaddy-webhook/.helmignore similarity index 100% rename from charts/cert-manager-webhook-godaddy/.helmignore rename to charts/godaddy-webhook/.helmignore diff --git a/charts/cert-manager-webhook-godaddy/Chart.yaml b/charts/godaddy-webhook/Chart.yaml similarity index 100% rename from charts/cert-manager-webhook-godaddy/Chart.yaml rename to charts/godaddy-webhook/Chart.yaml diff --git a/charts/cert-manager-webhook-godaddy/templates/NOTES.txt b/charts/godaddy-webhook/templates/NOTES.txt similarity index 100% rename from charts/cert-manager-webhook-godaddy/templates/NOTES.txt rename to charts/godaddy-webhook/templates/NOTES.txt diff --git a/charts/cert-manager-webhook-godaddy/templates/_helpers.tpl b/charts/godaddy-webhook/templates/_helpers.tpl similarity index 100% rename from charts/cert-manager-webhook-godaddy/templates/_helpers.tpl rename to charts/godaddy-webhook/templates/_helpers.tpl diff --git a/charts/cert-manager-webhook-godaddy/templates/apiservice.yaml b/charts/godaddy-webhook/templates/apiservice.yaml similarity index 100% rename from charts/cert-manager-webhook-godaddy/templates/apiservice.yaml rename to charts/godaddy-webhook/templates/apiservice.yaml diff --git a/charts/cert-manager-webhook-godaddy/templates/deployment.yaml b/charts/godaddy-webhook/templates/deployment.yaml similarity index 100% rename from charts/cert-manager-webhook-godaddy/templates/deployment.yaml rename to charts/godaddy-webhook/templates/deployment.yaml diff --git a/charts/cert-manager-webhook-godaddy/templates/pki.yaml b/charts/godaddy-webhook/templates/pki.yaml similarity index 100% rename from charts/cert-manager-webhook-godaddy/templates/pki.yaml rename to charts/godaddy-webhook/templates/pki.yaml diff --git a/charts/cert-manager-webhook-godaddy/templates/rbac.yaml b/charts/godaddy-webhook/templates/rbac.yaml similarity index 100% rename from charts/cert-manager-webhook-godaddy/templates/rbac.yaml rename to charts/godaddy-webhook/templates/rbac.yaml diff --git a/charts/cert-manager-webhook-godaddy/templates/service.yaml b/charts/godaddy-webhook/templates/service.yaml similarity index 100% rename from charts/cert-manager-webhook-godaddy/templates/service.yaml rename to charts/godaddy-webhook/templates/service.yaml diff --git a/charts/cert-manager-webhook-godaddy/values.yaml b/charts/godaddy-webhook/values.yaml similarity index 100% rename from charts/cert-manager-webhook-godaddy/values.yaml rename to charts/godaddy-webhook/values.yaml diff --git a/charts/heat/charts/helm-toolkit/requirements.lock b/charts/heat/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/heat/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/heat/requirements.lock b/charts/heat/requirements.lock index 4057c923a..e346dde68 100644 --- a/charts/heat/requirements.lock +++ b/charts/heat/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-20T16:59:14.214540302Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/heat/requirements.yaml b/charts/heat/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/heat/requirements.yaml +++ b/charts/heat/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/horizon/charts/helm-toolkit/requirements.lock b/charts/horizon/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/horizon/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/horizon/requirements.lock b/charts/horizon/requirements.lock index d605ea58d..e346dde68 100644 --- a/charts/horizon/requirements.lock +++ b/charts/horizon/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:15:05.83595607Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/horizon/requirements.yaml b/charts/horizon/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/horizon/requirements.yaml +++ b/charts/horizon/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/keystone/charts/helm-toolkit/requirements.lock b/charts/keystone/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/keystone/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/keystone/requirements.lock b/charts/keystone/requirements.lock index a2fbbec02..e346dde68 100644 --- a/charts/keystone/requirements.lock +++ b/charts/keystone/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-15T23:04:58.660312058Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/keystone/requirements.yaml b/charts/keystone/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/keystone/requirements.yaml +++ b/charts/keystone/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/libvirt/charts/helm-toolkit/requirements.lock b/charts/libvirt/charts/helm-toolkit/requirements.lock index 474adbc9b..808bd945e 100644 --- a/charts/libvirt/charts/helm-toolkit/requirements.lock +++ b/charts/libvirt/charts/helm-toolkit/requirements.lock @@ -1,3 +1,3 @@ dependencies: [] digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 -generated: "2023-11-29T02:39:33.120856137Z" +generated: '0001-01-01T00:00:00Z' diff --git a/charts/libvirt/requirements.lock b/charts/libvirt/requirements.lock index 41e4298d4..5cfd3538e 100644 --- a/charts/libvirt/requirements.lock +++ b/charts/libvirt/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.56 -digest: sha256:2341734ff37eda298acb943a81ff603ee8edd5cfcbe655dba5943b485b64f9e3 -generated: "2023-11-29T02:39:38.485927956Z" +digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/libvirt/requirements.yaml b/charts/libvirt/requirements.yaml index 84f0affae..2590759be 100644 --- a/charts/libvirt/requirements.yaml +++ b/charts/libvirt/requirements.yaml @@ -1,18 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- dependencies: - - name: helm-toolkit - repository: file://../helm-toolkit - version: ">= 0.1.0" -... +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.56 diff --git a/charts/magnum/charts/helm-toolkit/requirements.lock b/charts/magnum/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/magnum/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/magnum/requirements.lock b/charts/magnum/requirements.lock index f10f45182..e346dde68 100644 --- a/charts/magnum/requirements.lock +++ b/charts/magnum/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:15:14.57130025Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/magnum/requirements.yaml b/charts/magnum/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/magnum/requirements.yaml +++ b/charts/magnum/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/manila/charts/helm-toolkit/requirements.lock b/charts/manila/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/manila/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/manila/requirements.lock b/charts/manila/requirements.lock index 8d56ee15b..e346dde68 100644 --- a/charts/manila/requirements.lock +++ b/charts/manila/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:15:09.875210224Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/manila/requirements.yaml b/charts/manila/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/manila/requirements.yaml +++ b/charts/manila/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/neutron/charts/helm-toolkit/requirements.lock b/charts/neutron/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/neutron/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/neutron/requirements.lock b/charts/neutron/requirements.lock index 9cc2f7622..e346dde68 100644 --- a/charts/neutron/requirements.lock +++ b/charts/neutron/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:14:55.619219382Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/neutron/requirements.yaml b/charts/neutron/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/neutron/requirements.yaml +++ b/charts/neutron/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml index 431758d76..5c2999cf8 100644 --- a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml +++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml @@ -100,8 +100,8 @@ spec: command: - /tmp/neutron-metadata-agent-init.sh volumeMounts: - - name: run - mountPath: /run + - name: run-openvswitch + mountPath: /run/openvswitch - name: pod-tmp mountPath: /tmp - name: neutron-bin diff --git a/charts/nova/charts/helm-toolkit/requirements.lock b/charts/nova/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/nova/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock index 5c187eb57..e346dde68 100644 --- a/charts/nova/requirements.lock +++ b/charts/nova/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-03T00:16:38.441631616Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/nova/requirements.yaml b/charts/nova/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/nova/requirements.yaml +++ b/charts/nova/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/octavia/charts/helm-toolkit/requirements.lock b/charts/octavia/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/octavia/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/octavia/requirements.lock b/charts/octavia/requirements.lock index f24caac67..e346dde68 100644 --- a/charts/octavia/requirements.lock +++ b/charts/octavia/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:15:15.673945271Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/octavia/requirements.yaml b/charts/octavia/requirements.yaml index 512dcb495..6ab539f71 100644 --- a/charts/octavia/requirements.yaml +++ b/charts/octavia/requirements.yaml @@ -1,18 +1,4 @@ -# Copyright 2019 Samsung Electronics Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/openvswitch/charts/helm-toolkit/requirements.lock b/charts/openvswitch/charts/helm-toolkit/requirements.lock index 474adbc9b..808bd945e 100644 --- a/charts/openvswitch/charts/helm-toolkit/requirements.lock +++ b/charts/openvswitch/charts/helm-toolkit/requirements.lock @@ -1,3 +1,3 @@ dependencies: [] digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 -generated: "2023-11-29T02:39:33.120856137Z" +generated: '0001-01-01T00:00:00Z' diff --git a/charts/openvswitch/requirements.lock b/charts/openvswitch/requirements.lock index a9a0bd4a1..5cfd3538e 100644 --- a/charts/openvswitch/requirements.lock +++ b/charts/openvswitch/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.56 -digest: sha256:2341734ff37eda298acb943a81ff603ee8edd5cfcbe655dba5943b485b64f9e3 -generated: "2023-11-29T02:39:43.736465441Z" +digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/openvswitch/requirements.yaml b/charts/openvswitch/requirements.yaml index 84f0affae..2590759be 100644 --- a/charts/openvswitch/requirements.yaml +++ b/charts/openvswitch/requirements.yaml @@ -1,18 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- dependencies: - - name: helm-toolkit - repository: file://../helm-toolkit - version: ">= 0.1.0" -... +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.56 diff --git a/charts/ovn/charts/helm-toolkit/requirements.lock b/charts/ovn/charts/helm-toolkit/requirements.lock index 474adbc9b..808bd945e 100644 --- a/charts/ovn/charts/helm-toolkit/requirements.lock +++ b/charts/ovn/charts/helm-toolkit/requirements.lock @@ -1,3 +1,3 @@ dependencies: [] digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 -generated: "2023-11-29T02:39:33.120856137Z" +generated: '0001-01-01T00:00:00Z' diff --git a/charts/ovn/requirements.lock b/charts/ovn/requirements.lock index 0e9719e80..5cfd3538e 100644 --- a/charts/ovn/requirements.lock +++ b/charts/ovn/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.56 -digest: sha256:2341734ff37eda298acb943a81ff603ee8edd5cfcbe655dba5943b485b64f9e3 -generated: "2023-11-29T02:39:38.134714677Z" +digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/ovn/requirements.yaml b/charts/ovn/requirements.yaml index 84f0affae..2590759be 100644 --- a/charts/ovn/requirements.yaml +++ b/charts/ovn/requirements.yaml @@ -1,18 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- dependencies: - - name: helm-toolkit - repository: file://../helm-toolkit - version: ">= 0.1.0" -... +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.56 diff --git a/charts/patches/cinder/0001-tune-uwsgi-config.patch b/charts/patches/cinder/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..c6d1e6ae1 --- /dev/null +++ b/charts/patches/cinder/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/cinder/values.yaml a/charts/cinder/values.yaml +index 0c50ec60..12351a60 100644 +--- b/cinder/values.yaml ++++ a/cinder/values.yaml +@@ -1015,15 +1015,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "cinder-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/cinder-wsgi diff --git a/charts/patches/designate/0001-tune-uwsgi-config.patch b/charts/patches/designate/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..649396517 --- /dev/null +++ b/charts/patches/designate/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/designate/values.yaml a/charts/designate/values.yaml +index 80051e75..71694146 100644 +--- b/designate/values.yaml ++++ a/designate/values.yaml +@@ -532,15 +532,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "designate-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/designate-api-wsgi diff --git a/charts/patches/glance/0001-tune-uwsgi-config.patch b/charts/patches/glance/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..be3740469 --- /dev/null +++ b/charts/patches/glance/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/glance/values.yaml a/charts/glance/values.yaml +index d2c3f504..85ddf18b 100644 +--- b/glance/values.yaml ++++ a/glance/values.yaml +@@ -393,15 +393,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "glance-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/glance-wsgi-api diff --git a/charts/patches/heat/0001-tune-uwsgi-config.patch b/charts/patches/heat/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..704747001 --- /dev/null +++ b/charts/patches/heat/0001-tune-uwsgi-config.patch @@ -0,0 +1,46 @@ +diff --git b/heat/values.yaml a/charts/heat/values.yaml +index c9b8cdd9..1cf8bdc4 100644 +--- b/heat/values.yaml ++++ a/heat/values.yaml +@@ -494,15 +494,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "heat-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/heat-wsgi-api +@@ -510,15 +515,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: 4096000 + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "heat-api-cfn:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/heat-wsgi-api-cfn diff --git a/charts/patches/libvirt/0001-use-libvirt-tls-sidecar.patch b/charts/patches/libvirt/0001-use-libvirt-tls-sidecar.patch new file mode 100644 index 000000000..24b0b3c5b --- /dev/null +++ b/charts/patches/libvirt/0001-use-libvirt-tls-sidecar.patch @@ -0,0 +1,398 @@ +diff --git b/libvirt/templates/bin/_libvirt.sh.tpl a/charts/libvirt/templates/bin/_libvirt.sh.tpl +index 0f96c0be..d87a1262 100644 +--- b/libvirt/templates/bin/_libvirt.sh.tpl ++++ a/libvirt/templates/bin/_libvirt.sh.tpl +@@ -16,31 +16,30 @@ limitations under the License. + + set -ex + +-# NOTE(mnaser): This will move the API certificates into the expected location. +-if [ -f /tmp/api.crt ]; then +- mkdir -p /etc/pki/CA /etc/pki/libvirt/private +- +- cp /tmp/api-ca.crt {{ .Values.conf.libvirt.ca_file }} +- cp /tmp/api-ca.crt /etc/pki/qemu/ca-cert.pem +- +- cp /tmp/api.crt {{ .Values.conf.libvirt.cert_file }} +- cp /tmp/api.crt /etc/pki/libvirt/clientcert.pem +- cp /tmp/api.crt /etc/pki/qemu/server-cert.pem +- cp /tmp/api.crt /etc/pki/qemu/client-cert.pem +- +- cp /tmp/api.key {{ .Values.conf.libvirt.key_file }} +- cp /tmp/api.key /etc/pki/libvirt/private/clientkey.pem +- cp /tmp/api.key /etc/pki/qemu/server-key.pem +- cp /tmp/api.key /etc/pki/qemu/client-key.pem +-fi ++wait_for_file() { ++ local file=$1 + +-# NOTE(mnaser): This will move the VNC certificates into the expected location. +-if [ -f /tmp/vnc.crt ]; then +- mkdir -p /etc/pki/libvirt-vnc +- mv /tmp/vnc.key /etc/pki/libvirt-vnc/server-key.pem +- mv /tmp/vnc.crt /etc/pki/libvirt-vnc/server-cert.pem +- mv /tmp/vnc-ca.crt /etc/pki/libvirt-vnc/ca-cert.pem +-fi ++ while [ ! -f $file ]; do ++ sleep 1 ++ done ++} ++ ++wait_for_file {{ .Values.conf.libvirt.ca_file }} ++wait_for_file /etc/pki/qemu/ca-cert.pem ++ ++wait_for_file {{ .Values.conf.libvirt.cert_file }} ++wait_for_file /etc/pki/libvirt/clientcert.pem ++wait_for_file /etc/pki/qemu/server-cert.pem ++wait_for_file /etc/pki/qemu/client-cert.pem ++ ++wait_for_file {{ .Values.conf.libvirt.key_file }} ++wait_for_file /etc/pki/libvirt/private/clientkey.pem ++wait_for_file /etc/pki/qemu/server-key.pem ++wait_for_file /etc/pki/qemu/client-key.pem ++ ++wait_for_file /etc/pki/libvirt-vnc/ca-cert.pem ++wait_for_file /etc/pki/libvirt-vnc/server-cert.pem ++wait_for_file /etc/pki/libvirt-vnc/server-key.pem + + # TODO: We disable cgroup functionality for cgroup v2, we should fix this in the future + if $(stat -fc %T /sys/fs/cgroup/ | grep -q cgroup2fs); then +diff --git b/libvirt/templates/bin/_wait-for-libvirt.sh.tpl a/charts/libvirt/templates/bin/_wait-for-libvirt.sh.tpl +new file mode 100644 +index 00000000..65eca54b +--- /dev/null ++++ a/libvirt/templates/bin/_wait-for-libvirt.sh.tpl +@@ -0,0 +1,27 @@ ++#!/bin/bash ++ ++{{/* ++Copyright (c) 2023 VEXXHOST, Inc. ++ ++Licensed under the Apache License, Version 2.0 (the "License"); ++you may not use this file except in compliance with the License. ++You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++Unless required by applicable law or agreed to in writing, software ++distributed under the License is distributed on an "AS IS" BASIS, ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++See the License for the specific language governing permissions and ++limitations under the License. ++*/}} ++ ++set -xe ++ ++# NOTE(mnaser): We use this script in the postStart hook of the libvirt ++# container to ensure that the libvirt daemon is running ++# before we start the exporter. ++until virsh list --all; do ++ echo "Waiting for libvirt to be ready..." ++ sleep 1 ++done +diff --git b/libvirt/templates/configmap-bin.yaml a/charts/libvirt/templates/configmap-bin.yaml +index 9b74179f..99a0c815 100644 +--- b/libvirt/templates/configmap-bin.yaml ++++ a/libvirt/templates/configmap-bin.yaml +@@ -26,10 +26,8 @@ data: + {{- end }} + libvirt.sh: | + {{ tuple "bin/_libvirt.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +-{{- if or (eq .Values.conf.libvirt.listen_tls "1") (eq .Values.conf.qemu.vnc_tls "1") }} +- cert-init.sh: | +-{{ tpl .Values.scripts.cert_init_sh . | indent 4 }} +-{{- end }} ++ wait-for-libvirt.sh: | ++{{ tuple "bin/_wait-for-libvirt.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + {{- if .Values.conf.ceph.enabled }} + ceph-keyring.sh: | + {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +diff --git b/libvirt/templates/daemonset-libvirt.yaml a/charts/libvirt/templates/daemonset-libvirt.yaml +index 35cd6e14..51b3c1f3 100644 +--- b/libvirt/templates/daemonset-libvirt.yaml ++++ a/libvirt/templates/daemonset-libvirt.yaml +@@ -32,10 +32,6 @@ exec: + {{- $configMapName := index . 1 }} + {{- $serviceAccountName := index . 2 }} + {{- $envAll := index . 3 }} +-{{- $ssl_enabled := false }} +-{{- if eq $envAll.Values.conf.libvirt.listen_tls "1" }} +-{{- $ssl_enabled = true }} +-{{- end }} + {{- with $envAll }} + + {{- $mounts_libvirt := .Values.pod.mounts.libvirt.libvirt }} +@@ -60,6 +56,7 @@ spec: + labels: + {{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: ++ kubectl.kubernetes.io/default-container: libvirt + {{- dict "envAll" $envAll "podName" "libvirt-libvirt-default" "containerNames" (list "libvirt") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} +@@ -79,80 +76,6 @@ spec: + initContainers: + {{ tuple $envAll "pod_dependency" $mounts_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + {{ dict "envAll" $envAll | include "helm-toolkit.snippets.kubernetes_apparmor_loader_init_container" | indent 8 }} +-{{- if $ssl_enabled }} +- - name: cert-init-api +-{{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }} +-{{ dict "envAll" $envAll "application" "libvirt" "container" "cert_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +- command: +- - /tmp/cert-init.sh +- env: +- - name: TYPE +- value: api +- - name: ISSUER_KIND +- value: {{ .Values.issuers.libvirt.kind }} +- - name: ISSUER_NAME +- value: {{ .Values.issuers.libvirt.name }} +- - name: POD_UID +- valueFrom: +- fieldRef: +- fieldPath: metadata.uid +- - name: POD_NAME +- valueFrom: +- fieldRef: +- fieldPath: metadata.name +- - name: POD_NAMESPACE +- valueFrom: +- fieldRef: +- fieldPath: metadata.namespace +- - name: POD_IP +- valueFrom: +- fieldRef: +- fieldPath: status.podIP +- volumeMounts: +- - name: pod-tmp +- mountPath: /tmp +- - name: libvirt-bin +- mountPath: /tmp/cert-init.sh +- subPath: cert-init.sh +- readOnly: true +-{{- end }} +-{{- if eq .Values.conf.qemu.vnc_tls "1" }} +- - name: cert-init-vnc +-{{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }} +-{{ dict "envAll" $envAll "application" "libvirt" "container" "cert_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +- command: +- - /tmp/cert-init.sh +- env: +- - name: TYPE +- value: vnc +- - name: ISSUER_KIND +- value: {{ .Values.issuers.vencrypt.kind }} +- - name: ISSUER_NAME +- value: {{ .Values.issuers.vencrypt.name }} +- - name: POD_UID +- valueFrom: +- fieldRef: +- fieldPath: metadata.uid +- - name: POD_NAME +- valueFrom: +- fieldRef: +- fieldPath: metadata.name +- - name: POD_NAMESPACE +- valueFrom: +- fieldRef: +- fieldPath: metadata.namespace +- - name: POD_IP +- valueFrom: +- fieldRef: +- fieldPath: status.podIP +- volumeMounts: +- - name: pod-tmp +- mountPath: /tmp +- - name: libvirt-bin +- mountPath: /tmp/cert-init.sh +- subPath: cert-init.sh +- readOnly: true +-{{- end }} + {{- if .Values.conf.ceph.enabled }} + {{- if empty .Values.conf.ceph.cinder.keyring }} + - name: ceph-admin-keyring-placement +@@ -205,6 +128,44 @@ spec: + readOnly: true + {{- end }} + containers: ++ - name: tls-sidecar ++{{ tuple $envAll "libvirt_tls_sidecar" | include "helm-toolkit.snippets.image" | indent 10 }} ++{{ tuple $envAll $envAll.Values.pod.resources.libvirt_tls_sidecar | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ++{{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_tls_sidecar" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} ++ env: ++ - name: API_ISSUER_KIND ++ value: {{ .Values.issuers.libvirt.kind }} ++ - name: API_ISSUER_NAME ++ value: {{ .Values.issuers.libvirt.name }} ++ - name: VNC_ISSUER_KIND ++ value: {{ .Values.issuers.vencrypt.kind }} ++ - name: VNC_ISSUER_NAME ++ value: {{ .Values.issuers.vencrypt.name }} ++ - name: POD_UID ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.uid ++ - name: POD_NAME ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.name ++ - name: POD_NAMESPACE ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.namespace ++ - name: POD_IP ++ valueFrom: ++ fieldRef: ++ fieldPath: status.podIP ++ volumeMounts: ++ - name: etc-pki-qemu ++ mountPath: /etc/pki/qemu ++ - name: etc-pki-ca ++ mountPath: /etc/pki/CA ++ - name: etc-pki-libvirt ++ mountPath: /etc/pki/libvirt ++ - name: etc-pki-libvirt-vnc ++ mountPath: /etc/pki/libvirt-vnc + - name: libvirt + {{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.libvirt | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +@@ -231,6 +192,10 @@ spec: + command: + - /tmp/libvirt.sh + lifecycle: ++ postStart: ++ exec: ++ command: ++ - /tmp/wait-for-libvirt.sh + preStop: + exec: + command: +@@ -239,16 +204,24 @@ spec: + - |- + kill $(cat /var/run/libvirtd.pid) + volumeMounts: +-{{- if $ssl_enabled }} + - name: etc-pki-qemu + mountPath: /etc/pki/qemu +-{{- end }} ++ - name: etc-pki-ca ++ mountPath: /etc/pki/CA ++ - name: etc-pki-libvirt ++ mountPath: /etc/pki/libvirt ++ - name: etc-pki-libvirt-vnc ++ mountPath: /etc/pki/libvirt-vnc + - name: pod-tmp + mountPath: /tmp + - name: libvirt-bin + mountPath: /tmp/libvirt.sh + subPath: libvirt.sh + readOnly: true ++ - name: libvirt-bin ++ mountPath: /tmp/wait-for-libvirt.sh ++ subPath: wait-for-libvirt.sh ++ readOnly: true + - name: libvirt-etc + mountPath: /etc/libvirt/libvirtd.conf + subPath: libvirtd.conf +@@ -328,11 +301,15 @@ spec: + {{- end }} + {{- end }} + volumes: +-{{- if $ssl_enabled }} + - name: etc-pki-qemu + hostPath: + path: /etc/pki/qemu +-{{- end }} ++ - name: etc-pki-ca ++ emptyDir: {} ++ - name: etc-pki-libvirt ++ emptyDir: {} ++ - name: etc-pki-libvirt-vnc ++ emptyDir: {} + - name: pod-tmp + emptyDir: {} + - name: libvirt-bin +diff --git b/libvirt/templates/role-cert-manager.yaml a/charts/libvirt/templates/role-cert-manager.yaml +index b830690c..c7f7b3cd 100644 +--- b/libvirt/templates/role-cert-manager.yaml ++++ a/libvirt/templates/role-cert-manager.yaml +@@ -48,7 +48,9 @@ rules: + - "" + verbs: + - get ++ - list + - patch ++ - watch + resources: + - secrets +-{{- end -}} +\ No newline at end of file ++{{- end -}} +diff --git b/libvirt/values.yaml a/charts/libvirt/values.yaml +index 207b8fbf..4ab23536 100644 +--- b/libvirt/values.yaml ++++ a/libvirt/values.yaml +@@ -27,6 +27,7 @@ labels: + images: + tags: + libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal ++ libvirt_tls_sidecar: ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest + libvirt_exporter: vexxhost/libvirtd-exporter:latest + ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_18.2.0-1-20231013' + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 +@@ -271,55 +272,6 @@ dependencies: + - endpoint: internal + service: local_image_registry + +-scripts: +- # Script is included here (vs in bin/) to allow overriding. +- cert_init_sh: | +- #!/bin/bash +- set -x +- +- HOSTNAME_FQDN=$(hostname --fqdn) +- +- # Script to create certs for each libvirt pod based on pod IP (by default). +- cat < /tmp/${TYPE}.crt +- kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${TYPE}.key +- kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${TYPE}-ca.crt +- + manifests: + configmap_bin: true + configmap_etc: true diff --git a/charts/patches/magnum/0001-tune-uwsgi-config.patch b/charts/patches/magnum/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..3a0d90379 --- /dev/null +++ b/charts/patches/magnum/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/magnum/values.yaml a/charts/magnum/values.yaml +index 56232eb8..88b4203e 100644 +--- b/magnum/values.yaml ++++ a/magnum/values.yaml +@@ -161,15 +161,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "magnum-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/magnum-api-wsgi diff --git a/charts/patches/manila/0001-tune-uwsgi-config.patch b/charts/patches/manila/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..cd876060b --- /dev/null +++ b/charts/patches/manila/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/manila/values.yaml a/charts/manila/values.yaml +index e54f214c..f820bc1f 100644 +--- b/manila/values.yaml ++++ a/manila/values.yaml +@@ -806,15 +806,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "manila-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/manila-wsgi diff --git a/charts/patches/nova/0001-tune-uwsgi-config.patch b/charts/patches/nova/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..eb6e7913f --- /dev/null +++ b/charts/patches/nova/0001-tune-uwsgi-config.patch @@ -0,0 +1,46 @@ +diff --git b/nova/values.yaml a/charts/nova/values.yaml +index df2e2ff6..fe02e605 100644 +--- b/nova/values.yaml ++++ a/nova/values.yaml +@@ -1539,15 +1539,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "nova-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/nova-api-wsgi +@@ -1555,15 +1560,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: 4096000 + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "nova-metadata:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/nova-metadata-wsgi diff --git a/charts/patches/octavia/0001-tune-uwsgi-config.patch b/charts/patches/octavia/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..209e41395 --- /dev/null +++ b/charts/patches/octavia/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/octavia/values.yaml a/charts/octavia/values.yaml +index 699aa05d..b15114a5 100644 +--- b/octavia/values.yaml ++++ a/octavia/values.yaml +@@ -336,15 +336,20 @@ conf: + processes: 4 + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "octavia-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/octavia-wsgi diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch new file mode 100644 index 000000000..f8dc4c1bb --- /dev/null +++ b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch @@ -0,0 +1,1015 @@ +diff --git b/ovn/templates/bin/_ovn-controller-init.sh.tpl a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl +index 1e61577d..77e1e687 100644 +--- b/ovn/templates/bin/_ovn-controller-init.sh.tpl ++++ a/ovn/templates/bin/_ovn-controller-init.sh.tpl +@@ -14,6 +14,8 @@ + # See the License for the specific language governing permissions and + # limitations under the License. + ++ANNOTATION_KEY="atmosphere.cloud/ovn-system-id" ++ + function get_ip_address_from_interface { + local interface=$1 + local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}') +@@ -75,6 +77,19 @@ function migrate_ip_from_nic { + set -e + } + ++function get_current_system_id { ++ ovs-vsctl --if-exists get Open_vSwitch . external_ids:system-id | tr -d '"' ++} ++ ++function get_stored_system_id { ++ kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.atmosphere\.cloud/ovn-system-id}" ++} ++ ++function store_system_id() { ++ local system_id=$1 ++ kubectl annotate node "$NODE_NAME" "$ANNOTATION_KEY=$system_id" ++} ++ + # Detect tunnel interface + tunnel_interface="{{- .Values.network.interface.tunnel -}}" + if [ -z "${tunnel_interface}" ] ; then +@@ -89,13 +104,25 @@ if [ -z "${tunnel_interface}" ] ; then + fi + ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})" + +-# Configure system ID +-set +e +-ovs-vsctl get open . external-ids:system-id +-if [ $? -eq 1 ]; then +- ovs-vsctl set open . external-ids:system-id="$(uuidgen)" ++# Get the stored system-id from the Kubernetes node annotation ++stored_system_id=$(get_stored_system_id) ++ ++# Get the current system-id set in OVS ++current_system_id=$(get_current_system_id) ++ ++if [ -n "$stored_system_id" ] && [ "$stored_system_id" != "$current_system_id" ]; then ++ # If the annotation exists and does not match the current system-id, set the system-id to the stored one ++ ovs-vsctl set Open_vSwitch . external_ids:system-id="$stored_system_id" ++elif [ -z "$current_system_id" ]; then ++ # If no current system-id is set, generate a new one ++ current_system_id=$(uuidgen) ++ ovs-vsctl set Open_vSwitch . external_ids:system-id="$current_system_id" ++ # Store the new system-id in the Kubernetes node annotation ++ store_system_id "$current_system_id" ++elif [ -z "$stored_system_id" ]; then ++ # If there is no stored system-id, store the current one ++ store_system_id "$current_system_id" + fi +-set -e + + # Configure OVN remote + {{- if empty .Values.conf.ovn_remote -}} +@@ -118,6 +145,9 @@ ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type + ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}" + ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}" + ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}" ++{{ if .Values.conf.ovn_bridge_datapath_type -}} ++ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}" ++{{- end }} + + # Configure hostname + {{- if .Values.conf.use_fqdn.compute }} +diff --git b/ovn/templates/clusterrole-controller.yaml a/charts/ovn/templates/clusterrole-controller.yaml +new file mode 100644 +index 00000000..8291f65a +--- /dev/null ++++ a/ovn/templates/clusterrole-controller.yaml +@@ -0,0 +1,12 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: ClusterRole ++metadata: ++ name: ovn-controller ++rules: ++- apiGroups: ++ - "" ++ resources: ++ - nodes ++ verbs: ++ - get ++ - patch +diff --git b/ovn/templates/clusterrolebinding-controller.yaml a/charts/ovn/templates/clusterrolebinding-controller.yaml +new file mode 100644 +index 00000000..c95ef5e9 +--- /dev/null ++++ a/ovn/templates/clusterrolebinding-controller.yaml +@@ -0,0 +1,15 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: ClusterRoleBinding ++metadata: ++ name: ovn-controller ++roleRef: ++ apiGroup: rbac.authorization.k8s.io ++ kind: ClusterRole ++ name: ovn-controller ++subjects: ++- kind: ServiceAccount ++ name: ovn-controller ++ namespace: {{ .Release.Namespace }} ++- kind: ServiceAccount ++ name: ovn-controller-gw ++ namespace: {{ .Release.Namespace }} +diff --git b/ovn/templates/configmap-bin.yaml a/charts/ovn/templates/configmap-bin.yaml +index a849dd8a..82001f99 100644 +--- b/ovn/templates/configmap-bin.yaml ++++ a/ovn/templates/configmap-bin.yaml +@@ -24,12 +24,6 @@ data: + image-repo-sync.sh: | + {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} + {{- end }} +- ovsdb-server.sh: | +-{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +- ovn-northd.sh: | +-{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ovn-controller-init.sh: | + {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +- ovn-controller.sh: | +-{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + {{- end }} +diff --git b/ovn/templates/daemonset-controller-gw.yaml a/charts/ovn/templates/daemonset-controller-gw.yaml +index 6307bbab..eb309c5e 100644 +--- b/ovn/templates/daemonset-controller-gw.yaml ++++ a/ovn/templates/daemonset-controller-gw.yaml +@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and + limitations under the License. + */}} + ++{{- define "controllerGatewayReadinessProbeTemplate" }} ++exec: ++ command: ++ - /usr/bin/ovn-kube-util ++ - readiness-probe ++ - -t ++ - ovn-controller ++{{- end }} ++ + {{- if .Values.manifests.daemonset_ovn_controller_gw }} + {{- $envAll := . }} + +@@ -59,6 +68,10 @@ spec: + env: + - name: OVN_CMS_OPTIONS + value: {{ .Values.conf.gw_ovn_cms_options | quote }} ++ - name: NODE_NAME ++ valueFrom: ++ fieldRef: ++ fieldPath: spec.nodeName + volumeMounts: + - name: ovn-bin + mountPath: /tmp/ovn-controller-init.sh +@@ -72,25 +85,33 @@ spec: + readOnly: true + containers: + - name: controller ++ command: ++ - /root/ovnkube.sh ++ - ovn-controller + {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + {{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +- command: +- - /tmp/ovn-controller.sh +- - start +- lifecycle: +- preStop: +- exec: +- command: +- - /tmp/ovn-controller.sh +- - stop ++{{ dict "envAll" . "component" "ovn_controller_gw" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerGatewayReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} ++ env: ++ - name: OVN_DAEMONSET_VERSION ++ value: "3" ++ - name: OVN_LOGLEVEL_CONTROLLER ++ value: "-vconsole:info -vfile:info" ++ - name: OVN_KUBERNETES_NAMESPACE ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.namespace ++ - name: OVN_KUBERNETES_NB_STATEFULSET ++ value: ovn-ovsdb-nb ++ - name: OVN_KUBERNETES_SB_STATEFULSET ++ value: ovn-ovsdb-sb ++ - name: OVN_SSL_ENABLE ++ value: "no" + volumeMounts: +- - name: ovn-bin +- mountPath: /tmp/ovn-controller.sh +- subPath: ovn-controller.sh +- readOnly: true + - name: run-openvswitch +- mountPath: /run/openvswitch ++ mountPath: /var/run/ovn ++ - name: run-openvswitch ++ mountPath: /var/run/openvswitch + volumes: + - name: ovn-bin + configMap: +diff --git b/ovn/templates/daemonset-controller.yaml a/charts/ovn/templates/daemonset-controller.yaml +index 85daf70b..b6b0b048 100644 +--- b/ovn/templates/daemonset-controller.yaml ++++ a/ovn/templates/daemonset-controller.yaml +@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and + limitations under the License. + */}} + ++{{- define "controllerReadinessProbeTemplate" }} ++exec: ++ command: ++ - /usr/bin/ovn-kube-util ++ - readiness-probe ++ - -t ++ - ovn-controller ++{{- end }} ++ + {{- if .Values.manifests.daemonset_ovn_controller }} + {{- $envAll := . }} + +@@ -59,6 +68,10 @@ spec: + env: + - name: OVN_CMS_OPTIONS + value: {{ .Values.conf.ovn_cms_options | quote }} ++ - name: NODE_NAME ++ valueFrom: ++ fieldRef: ++ fieldPath: spec.nodeName + volumeMounts: + - name: ovn-bin + mountPath: /tmp/ovn-controller-init.sh +@@ -72,25 +85,33 @@ spec: + readOnly: true + containers: + - name: controller ++ command: ++ - /root/ovnkube.sh ++ - ovn-controller + {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +- command: +- - /tmp/ovn-controller.sh +- - start +- lifecycle: +- preStop: +- exec: +- command: +- - /tmp/ovn-controller.sh +- - stop ++{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} ++ env: ++ - name: OVN_DAEMONSET_VERSION ++ value: "3" ++ - name: OVN_LOGLEVEL_CONTROLLER ++ value: "-vconsole:info -vfile:info" ++ - name: OVN_KUBERNETES_NAMESPACE ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.namespace ++ - name: OVN_KUBERNETES_NB_STATEFULSET ++ value: ovn-ovsdb-nb ++ - name: OVN_KUBERNETES_SB_STATEFULSET ++ value: ovn-ovsdb-sb ++ - name: OVN_SSL_ENABLE ++ value: "no" + volumeMounts: +- - name: ovn-bin +- mountPath: /tmp/ovn-controller.sh +- subPath: ovn-controller.sh +- readOnly: true + - name: run-openvswitch +- mountPath: /run/openvswitch ++ mountPath: /var/run/ovn ++ - name: run-openvswitch ++ mountPath: /var/run/openvswitch + volumes: + - name: ovn-bin + configMap: +diff --git b/ovn/templates/deployment-northd.yaml a/charts/ovn/templates/deployment-northd.yaml +index e3afdd05..ae31b357 100644 +--- b/ovn/templates/deployment-northd.yaml ++++ a/ovn/templates/deployment-northd.yaml +@@ -12,18 +12,13 @@ See the License for the specific language governing permissions and + limitations under the License. + */}} + +-{{- define "livenessProbeTemplate" }} ++{{- define "northdReadinessProbeTemplate" }} + exec: + command: +- - /tmp/ovn-northd.sh +- - liveness +-{{- end }} +- +-{{- define "readinessProbeTemplate" }} +-exec: +- command: +- - /tmp/ovn-northd.sh +- - readiness ++ - /usr/bin/ovn-kube-util ++ - readiness-probe ++ - -t ++ - ovn-northd + {{- end }} + + {{- if .Values.manifests.deployment_northd }} +@@ -60,28 +55,26 @@ spec: + {{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: northd ++ command: ++ - /root/ovnkube.sh ++ - run-ovn-northd + {{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +- command: +- - /tmp/ovn-northd.sh +- - start +- lifecycle: +- preStop: +- exec: +- command: +- - /tmp/ovn-northd.sh +- - stop +- volumeMounts: +- - name: ovn-bin +- mountPath: /tmp/ovn-northd.sh +- subPath: ovn-northd.sh +- readOnly: true +- volumes: +- - name: ovn-bin +- configMap: +- name: ovn-bin +- defaultMode: 0555 ++{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} ++ env: ++ - name: OVN_DAEMONSET_VERSION ++ value: "3" ++ - name: OVN_LOGLEVEL_NORTHD ++ value: "-vconsole:info -vfile:info" ++ - name: OVN_KUBERNETES_NAMESPACE ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.namespace ++ - name: OVN_KUBERNETES_NB_STATEFULSET ++ value: ovn-ovsdb-nb ++ - name: OVN_KUBERNETES_SB_STATEFULSET ++ value: ovn-ovsdb-sb ++ - name: OVN_SSL_ENABLE ++ value: "no" + {{- end }} +diff --git b/ovn/templates/role-controller.yaml a/charts/ovn/templates/role-controller.yaml +new file mode 100644 +index 00000000..de3cfa6d +--- /dev/null ++++ a/ovn/templates/role-controller.yaml +@@ -0,0 +1,11 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: Role ++metadata: ++ name: ovn-controller ++rules: ++- apiGroups: ++ - discovery.k8s.io ++ resources: ++ - endpointslices ++ verbs: ++ - list +diff --git b/ovn/templates/role-northd.yaml a/charts/ovn/templates/role-northd.yaml +new file mode 100644 +index 00000000..ca02fae6 +--- /dev/null ++++ a/ovn/templates/role-northd.yaml +@@ -0,0 +1,11 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: Role ++metadata: ++ name: ovn-northd ++rules: ++- apiGroups: ++ - discovery.k8s.io ++ resources: ++ - endpointslices ++ verbs: ++ - list +diff --git b/ovn/templates/role-ovsdb.yaml a/charts/ovn/templates/role-ovsdb.yaml +new file mode 100644 +index 00000000..10e0e239 +--- /dev/null ++++ a/ovn/templates/role-ovsdb.yaml +@@ -0,0 +1,19 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: Role ++metadata: ++ name: ovn-ovsdb ++rules: ++- apiGroups: ++ - "apps" ++ resources: ++ - statefulsets ++ verbs: ++ - get ++- apiGroups: ++ - "" ++ resources: ++ - pods ++ - endpoints ++ verbs: ++ - list ++ - get +diff --git b/ovn/templates/rolebinding-controller.yaml a/charts/ovn/templates/rolebinding-controller.yaml +new file mode 100644 +index 00000000..7973c7e2 +--- /dev/null ++++ a/ovn/templates/rolebinding-controller.yaml +@@ -0,0 +1,13 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: RoleBinding ++metadata: ++ name: ovn-controller ++roleRef: ++ apiGroup: rbac.authorization.k8s.io ++ kind: Role ++ name: ovn-controller ++subjects: ++- kind: ServiceAccount ++ name: ovn-controller ++- kind: ServiceAccount ++ name: ovn-controller-gw +diff --git b/ovn/templates/rolebinding-northd.yaml a/charts/ovn/templates/rolebinding-northd.yaml +new file mode 100644 +index 00000000..428a4707 +--- /dev/null ++++ a/ovn/templates/rolebinding-northd.yaml +@@ -0,0 +1,11 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: RoleBinding ++metadata: ++ name: ovn-northd ++roleRef: ++ apiGroup: rbac.authorization.k8s.io ++ kind: Role ++ name: ovn-northd ++subjects: ++- kind: ServiceAccount ++ name: ovn-northd +diff --git b/ovn/templates/rolebinding-ovsdb.yaml a/charts/ovn/templates/rolebinding-ovsdb.yaml +new file mode 100644 +index 00000000..f32382bc +--- /dev/null ++++ a/ovn/templates/rolebinding-ovsdb.yaml +@@ -0,0 +1,13 @@ ++apiVersion: rbac.authorization.k8s.io/v1 ++kind: RoleBinding ++metadata: ++ name: ovn-ovsdb ++roleRef: ++ apiGroup: rbac.authorization.k8s.io ++ kind: Role ++ name: ovn-ovsdb ++subjects: ++- kind: ServiceAccount ++ name: ovn-ovsdb-nb ++- kind: ServiceAccount ++ name: ovn-ovsdb-sb +diff --git b/ovn/templates/service-ovsdb-nb.yaml a/charts/ovn/templates/service-ovsdb-nb.yaml +index b93da9b8..56f7cd09 100644 +--- b/ovn/templates/service-ovsdb-nb.yaml ++++ a/ovn/templates/service-ovsdb-nb.yaml +@@ -20,6 +20,7 @@ kind: Service + metadata: + name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + spec: ++ publishNotReadyAddresses: true + ports: + - name: ovsdb + port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +diff --git b/ovn/templates/service-ovsdb-sb.yaml a/charts/ovn/templates/service-ovsdb-sb.yaml +index 70f62c6e..4a6b5864 100644 +--- b/ovn/templates/service-ovsdb-sb.yaml ++++ a/ovn/templates/service-ovsdb-sb.yaml +@@ -20,6 +20,7 @@ kind: Service + metadata: + name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + spec: ++ publishNotReadyAddresses: true + ports: + - name: ovsdb + port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +diff --git b/ovn/templates/statefulset-ovsdb-nb.yaml a/charts/ovn/templates/statefulset-ovsdb-nb.yaml +index c8198279..4866074e 100644 +--- b/ovn/templates/statefulset-ovsdb-nb.yaml ++++ a/ovn/templates/statefulset-ovsdb-nb.yaml +@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and + limitations under the License. + */}} + ++{{- define "ovnnbReadinessProbeTemplate" }} ++exec: ++ command: ++ - /usr/bin/ovn-kube-util ++ - readiness-probe ++ - -t ++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }} ++ - ovnnb-db-raft ++{{- else }} ++ - ovnnb-db ++{{- end }} ++{{- end }} ++ + {{- if .Values.manifests.statefulset_ovn_ovsdb_nb }} + {{- $envAll := . }} + +@@ -28,6 +41,7 @@ metadata: + {{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + spec: + serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} ++ podManagementPolicy: Parallel + replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }} + selector: + matchLabels: +@@ -49,41 +63,54 @@ spec: + {{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ovsdb ++ command: ++ - /root/ovnkube.sh ++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }} ++ - nb-ovsdb-raft ++{{- else }} ++ - nb-ovsdb ++{{- end }} + {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ++{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + ports: + - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: +- - name: OVS_DATABASE +- value: nb +- - name: OVS_PORT ++ - name: OVN_DAEMONSET_VERSION ++ value: "3" ++ - name: OVN_LOGLEVEL_NB ++ value: "-vconsole:info -vfile:info" ++ - name: OVN_KUBERNETES_NAMESPACE ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.namespace ++ - name: OVN_KUBERNETES_STATEFULSET ++ value: ovn-ovsdb-nb ++ - name: POD_NAME ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.name ++ - name: OVN_SSL_ENABLE ++ value: "no" ++ - name: ENABLE_IPSEC ++ value: "false" ++ - name: OVN_NB_RAFT_ELECTION_TIMER ++ value: "1000" ++ - name: OVN_NB_PORT + value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} +- command: +- - /tmp/ovsdb-server.sh +- - start +- lifecycle: +- preStop: +- exec: +- command: +- - /tmp/ovsdb-server.sh +- - stop ++ - name: OVN_NB_RAFT_PORT ++ value: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + volumeMounts: +- - name: ovn-bin +- mountPath: /tmp/ovsdb-server.sh +- subPath: ovsdb-server.sh +- readOnly: true + - name: run-openvswitch +- mountPath: /run/openvswitch ++ mountPath: /var/run/openvswitch ++ - name: run-openvswitch ++ mountPath: /var/run/ovn + - name: data +- mountPath: {{ $envAll.Values.volume.ovn_ovsdb_nb.path }} ++ mountPath: /etc/ovn + volumes: + - name: run-openvswitch + emptyDir: {} +- - name: ovn-bin +- configMap: +- name: ovn-bin +- defaultMode: 0555 + {{- if not .Values.volume.ovn_ovsdb_nb.enabled }} + - name: data + emptyDir: {} +diff --git b/ovn/templates/statefulset-ovsdb-sb.yaml a/charts/ovn/templates/statefulset-ovsdb-sb.yaml +index 916ef94d..92af96de 100644 +--- b/ovn/templates/statefulset-ovsdb-sb.yaml ++++ a/ovn/templates/statefulset-ovsdb-sb.yaml +@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and + limitations under the License. + */}} + ++{{- define "ovnsbReadinessProbeTemplate" }} ++exec: ++ command: ++ - /usr/bin/ovn-kube-util ++ - readiness-probe ++ - -t ++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }} ++ - ovnsb-db-raft ++{{- else }} ++ - ovnsb-db ++{{- end }} ++{{- end }} ++ + {{- if .Values.manifests.statefulset_ovn_ovsdb_sb }} + {{- $envAll := . }} + +@@ -28,6 +41,7 @@ metadata: + {{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + spec: + serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} ++ podManagementPolicy: Parallel + replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }} + selector: + matchLabels: +@@ -49,41 +63,54 @@ spec: + {{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ovsdb ++ command: ++ - /root/ovnkube.sh ++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }} ++ - sb-ovsdb-raft ++{{- else }} ++ - sb-ovsdb ++{{- end }} + {{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ++{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + ports: + - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: +- - name: OVS_DATABASE +- value: sb +- - name: OVS_PORT ++ - name: OVN_DAEMONSET_VERSION ++ value: "3" ++ - name: OVN_LOGLEVEL_SB ++ value: "-vconsole:info -vfile:info" ++ - name: OVN_KUBERNETES_NAMESPACE ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.namespace ++ - name: OVN_KUBERNETES_STATEFULSET ++ value: ovn-ovsdb-sb ++ - name: POD_NAME ++ valueFrom: ++ fieldRef: ++ fieldPath: metadata.name ++ - name: OVN_SSL_ENABLE ++ value: "no" ++ - name: ENABLE_IPSEC ++ value: "false" ++ - name: OVN_SB_RAFT_ELECTION_TIMER ++ value: "1000" ++ - name: OVN_SB_PORT + value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} +- command: +- - /tmp/ovsdb-server.sh +- - start +- lifecycle: +- preStop: +- exec: +- command: +- - /tmp/ovsdb-server.sh +- - stop ++ - name: OVN_SB_RAFT_PORT ++ value: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + volumeMounts: +- - name: ovn-bin +- mountPath: /tmp/ovsdb-server.sh +- subPath: ovsdb-server.sh +- readOnly: true + - name: run-openvswitch +- mountPath: /run/openvswitch ++ mountPath: /var/run/openvswitch ++ - name: run-openvswitch ++ mountPath: /var/run/ovn + - name: data +- mountPath: {{ $envAll.Values.volume.ovn_ovsdb_sb.path }} ++ mountPath: /etc/ovn + volumes: + - name: run-openvswitch + emptyDir: {} +- - name: ovn-bin +- configMap: +- name: ovn-bin +- defaultMode: 0555 + {{- if not .Values.volume.ovn_ovsdb_sb.enabled }} + - name: data + emptyDir: {} +@@ -93,10 +120,10 @@ spec: + name: data + spec: + accessModes: ["ReadWriteOnce"] ++ storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }} + resources: + requests: + storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }} +- storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }} + {{- end }} + + {{- end }} +diff --git b/ovn/values.yaml a/charts/ovn/values.yaml +index 518dd71e..214dd16f 100644 +--- b/ovn/values.yaml ++++ a/ovn/values.yaml +@@ -52,12 +52,10 @@ labels: + + volume: + ovn_ovsdb_nb: +- path: /var/lib/ovn + enabled: true + class_name: general + size: 5Gi + ovn_ovsdb_sb: +- path: /var/lib/ovn + enabled: true + class_name: general + size: 5Gi +@@ -76,6 +74,8 @@ conf: + ovn_encap_type: geneve + ovn_bridge: br-int + ovn_bridge_mappings: external:br-ex ++ # For DPDK enabled environments, enable netdev datapath type for br-int ++ # ovn_bridge_datapath_type: netdev + + # auto_bridge_add: + # br-private: eth0 +@@ -138,13 +138,41 @@ pod: + readiness: + enabled: true + params: +- initialDelaySeconds: 5 +- timeoutSeconds: 10 +- liveness: ++ initialDelaySeconds: 30 ++ timeoutSeconds: 30 ++ periodSeconds: 60 ++ ovn_ovsdb_nb: ++ ovsdb: ++ readiness: ++ enabled: true ++ params: ++ initialDelaySeconds: 30 ++ timeoutSeconds: 30 ++ periodSeconds: 60 ++ ovn_ovsdb_sb: ++ ovsdb: ++ readiness: ++ enabled: true ++ params: ++ initialDelaySeconds: 30 ++ timeoutSeconds: 30 ++ periodSeconds: 60 ++ ovn_controller: ++ controller: ++ readiness: ++ enabled: true ++ params: ++ initialDelaySeconds: 30 ++ timeoutSeconds: 30 ++ periodSeconds: 60 ++ ovn_controller_gw: ++ controller: ++ readiness: + enabled: true + params: +- initialDelaySeconds: 5 +- timeoutSeconds: 10 ++ initialDelaySeconds: 30 ++ timeoutSeconds: 30 ++ periodSeconds: 60 + dns_policy: "ClusterFirstWithHostNet" + replicas: + ovn_ovsdb_nb: 1 +@@ -179,18 +207,18 @@ pod: + ovs: + ovn_ovsdb_nb: + requests: +- memory: "128Mi" ++ memory: "384Mi" + cpu: "100m" + limits: + memory: "1024Mi" +- cpu: "2000m" ++ cpu: "1000m" + ovn_ovsdb_sb: + requests: +- memory: "128Mi" ++ memory: "384Mi" + cpu: "100m" + limits: + memory: "1024Mi" +- cpu: "2000m" ++ cpu: "1000m" + ovn_northd: + requests: + memory: "128Mi" +diff --git b/ovn/templates/bin/_ovn-controller.sh.tpl a/charts/ovn/templates/bin/_ovn-controller.sh.tpl +deleted file mode 100644 +index ecb659d2..00000000 +--- b/ovn/templates/bin/_ovn-controller.sh.tpl ++++ /dev/null +@@ -1,39 +0,0 @@ +-#!/bin/bash -xe +- +-# Copyright 2023 VEXXHOST, Inc. +-# +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +- +-COMMAND="${@:-start}" +- +-function start () { +- /usr/share/ovn/scripts/ovn-ctl start_controller \ +- --ovn-manage-ovsdb=no +- +- tail --follow=name /var/log/ovn/ovn-controller.log +-} +- +-function stop () { +- /usr/share/ovn/scripts/ovn-ctl stop_controller +- pkill tail +-} +- +-function liveness () { +- ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status +-} +- +-function readiness () { +- ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status +-} +- +-$COMMAND +diff --git b/ovn/templates/bin/_ovn-northd.sh.tpl a/charts/ovn/templates/bin/_ovn-northd.sh.tpl +deleted file mode 100644 +index fefd793c..00000000 +--- b/ovn/templates/bin/_ovn-northd.sh.tpl ++++ /dev/null +@@ -1,57 +0,0 @@ +-#!/bin/bash -xe +- +-# Copyright 2023 VEXXHOST, Inc. +-# +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +- +-COMMAND="${@:-start}" +- +-{{- $nb_svc_name := "ovn-ovsdb-nb" -}} +-{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}} +-{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}} +-{{- $nb_service_list := list -}} +-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}} +- {{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}} +-{{- end -}} +- +-{{- $sb_svc_name := "ovn-ovsdb-sb" -}} +-{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}} +-{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}} +-{{- $sb_service_list := list -}} +-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}} +- {{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}} +-{{- end }} +- +-function start () { +- /usr/share/ovn/scripts/ovn-ctl start_northd \ +- --ovn-manage-ovsdb=no \ +- --ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \ +- --ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }} +- +- tail --follow=name /var/log/ovn/ovn-northd.log +-} +- +-function stop () { +- /usr/share/ovn/scripts/ovn-ctl stop_northd +- pkill tail +-} +- +-function liveness () { +- ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status +-} +- +-function readiness () { +- ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status +-} +- +-$COMMAND +diff --git b/ovn/templates/bin/_ovsdb-server.sh.tpl a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl +deleted file mode 100644 +index e023505b..00000000 +--- b/ovn/templates/bin/_ovsdb-server.sh.tpl ++++ /dev/null +@@ -1,72 +0,0 @@ +-#!/bin/bash -xe +- +-# Copyright 2023 VEXXHOST, Inc. +-# +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +- +-COMMAND="${@:-start}" +- +-OVSDB_HOST=$(hostname -f) +-ARGS=( +- --db-${OVS_DATABASE}-create-insecure-remote=yes +- --db-${OVS_DATABASE}-cluster-local-proto=tcp +- --db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f) +-) +- +-if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then +- OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}" +- +- ARGS+=( +- --db-${OVS_DATABASE}-cluster-remote-proto=tcp +- --db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST} +- ) +-fi +- +-function start () { +- /usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]} +- +- tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log +-} +- +-function stop () { +- /usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb +- pkill tail +-} +- +-function liveness () { +- if [[ $OVS_DATABASE == "nb" ]]; then +- OVN_DATABASE="Northbound" +- elif [[ $OVS_DATABASE == "sb" ]]; then +- OVN_DATABASE="Southbound" +- else +- echo "OVS_DATABASE must be nb or sb" +- exit 1 +- fi +- +- ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE} +-} +- +-function readiness () { +- if [[ $OVS_DATABASE == "nb" ]]; then +- OVN_DATABASE="Northbound" +- elif [[ $OVS_DATABASE == "sb" ]]; then +- OVN_DATABASE="Southbound" +- else +- echo "OVS_DATABASE must be nb or sb" +- exit 1 +- fi +- +- ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE} +-} +- +-$COMMAND diff --git a/charts/patches/placement/0001-tune-uwsgi-config.patch b/charts/patches/placement/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..7a1597f15 --- /dev/null +++ b/charts/patches/placement/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/placement/values.yaml a/charts/placement/values.yaml +index 2f4b3539..c5752676 100644 +--- b/placement/values.yaml ++++ a/placement/values.yaml +@@ -141,15 +141,20 @@ conf: + processes: 4 + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "placement-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/placement-api diff --git a/charts/patches/senlin/0001-tune-uwsgi-config.patch b/charts/patches/senlin/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..0c96c34c5 --- /dev/null +++ b/charts/patches/senlin/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git b/senlin/values.yaml a/charts/senlin/values.yaml +index d4f72483..5631c58b 100644 +--- b/senlin/values.yaml ++++ a/senlin/values.yaml +@@ -208,15 +215,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "senlin-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/senlin-wsgi-api diff --git a/charts/patches/tempest/0001-mount-results-locally.patch b/charts/patches/tempest/0001-mount-results-locally.patch new file mode 100644 index 000000000..db1ab3a8a --- /dev/null +++ b/charts/patches/tempest/0001-mount-results-locally.patch @@ -0,0 +1,23 @@ +diff --git b/tempest/templates/job-run-tests.yaml a/charts/tempest/templates/job-run-tests.yaml +index fc375235..fa1c3618 100644 +--- b/tempest/templates/job-run-tests.yaml ++++ a/tempest/templates/job-run-tests.yaml +@@ -97,6 +97,8 @@ spec: + subPath: test-whitelist + readOnly: true + {{- end }} ++ - name: stestr ++ mountPath: /.stestr + - name: tempest-reports + mountPath: /var/lib/tempest/data + {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.identity.api.internal "path" "/etc/tempest/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +@@ -113,6 +115,9 @@ spec: + configMap: + name: tempest-bin + defaultMode: 0555 ++ - name: stestr ++ hostPath: ++ path: /tmp/stestr + - name: tempest-reports + {{- if not .Values.pvc.enabled }} + emptyDir: {} diff --git a/charts/placement/charts/helm-toolkit/requirements.lock b/charts/placement/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/placement/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/placement/requirements.lock b/charts/placement/requirements.lock index 19840529a..e346dde68 100644 --- a/charts/placement/requirements.lock +++ b/charts/placement/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:15:04.838002001Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/placement/requirements.yaml b/charts/placement/requirements.yaml index 639dab0ad..6ab539f71 100644 --- a/charts/placement/requirements.yaml +++ b/charts/placement/requirements.yaml @@ -1,18 +1,4 @@ -# Copyright 2019 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/senlin/charts/helm-toolkit/requirements.lock b/charts/senlin/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/senlin/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/senlin/requirements.lock b/charts/senlin/requirements.lock index d43449cc6..e346dde68 100644 --- a/charts/senlin/requirements.lock +++ b/charts/senlin/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:15:02.349435177Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/senlin/requirements.yaml b/charts/senlin/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/senlin/requirements.yaml +++ b/charts/senlin/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/charts/tempest/charts/helm-toolkit/requirements.lock b/charts/tempest/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/tempest/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/tempest/requirements.lock b/charts/tempest/requirements.lock index cc2292fff..e346dde68 100644 --- a/charts/tempest/requirements.lock +++ b/charts/tempest/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-22T20:15:05.422266295Z" +digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/tempest/requirements.yaml b/charts/tempest/requirements.yaml index 4124d0145..6ab539f71 100644 --- a/charts/tempest/requirements.yaml +++ b/charts/tempest/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.55 diff --git a/flake.nix b/flake.nix index f29612c26..4eec2f5f0 100644 --- a/flake.nix +++ b/flake.nix @@ -21,9 +21,9 @@ go kubernetes-helm nixpkgs-fmt + patchutils poetry python311Packages.tox - vendir ]; }; } diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh deleted file mode 100755 index c05e759b6..000000000 --- a/hack/sync-charts.sh +++ /dev/null @@ -1,158 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2023 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This script is used to sync the charts from the upstream repositories into -# the charts directory. It is used to update the charts to the versions which -# are defined in this file. - -set -xe - -# Determine the root path for Atmosphere -ATMOSPHERE="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." >/dev/null 2>&1 && pwd )" - -# Sync using "vendir" -vendir sync - -# Keystone -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899867/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'keystone/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/keystone -rm -fv ${ATMOSPHERE}/charts/keystone/templates/bin/{_domain-manage-init.sh.tpl,_domain-manage.py.tpl} - -# Glance -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899864/revisions/2/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'glance/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/glance - -# Cinder -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899814/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'cinder/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/cinder - -# Placement -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899914/revisions/3/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'placement/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/placement - -# Libvirt -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893406/revisions/9/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'libvirt/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/libvirt - -# OVN -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893739/revisions/2/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'ovn/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/ovn -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~914807/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'ovn/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/ovn - -# Nova -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899809/revisions/2/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'nova/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/nova -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~904250/revisions/3/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'nova/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/nova - -# Senlin -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899913/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'senlin/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/senlin - -# Designate -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899932/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'designate/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/designate - -# Heat -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899931/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'heat/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/heat - -# Octavia -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899918/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'octavia/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/octavia - -# Magnum -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899926/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'magnum/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/magnum - -# Manila -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/11/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'manila/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/manila -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899923/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'manila/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/manila - -# Neutron -curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~902767/revisions/1/patch?download' \ - | base64 --decode \ - | filterdiff -p1 -x 'releasenotes/*' \ - | filterdiff -p2 -x 'Chart.yaml' \ - | filterdiff -p1 -i 'neutron/*' \ - | patch -p2 -d ${ATMOSPHERE}/charts/neutron diff --git a/roles/cluster_issuer/defaults/main.yml b/roles/cluster_issuer/defaults/main.yml index f877cda3d..f66a24697 100644 --- a/roles/cluster_issuer/defaults/main.yml +++ b/roles/cluster_issuer/defaults/main.yml @@ -36,8 +36,8 @@ cluster_issuer_acme_route53_secret_name: cert-manager-issuer-route53-credentials # cluster_issuer_acme_route53_secret_access_key: cluster_issuer_acme_godaddy_helm_release_name: cert-manager-webhook-godaddy -cluster_issuer_acme_godaddy_helm_chart_path: "../../charts/cert-manager-webhook-godaddy/" -cluster_issuer_acme_godaddy_helm_chart_ref: /usr/local/src/cert-manager-webhook-godaddy +cluster_issuer_acme_godaddy_helm_chart_path: "../../charts/godaddy-webhook/" +cluster_issuer_acme_godaddy_helm_chart_ref: /usr/local/src/godaddy-webhook cluster_issuer_acme_godaddy_helm_release_namespace: cert-manager cluster_issuer_acme_godaddy_helm_values: {} diff --git a/tox.ini b/tox.ini index 684a26566..2ae75ad00 100644 --- a/tox.ini +++ b/tox.ini @@ -5,8 +5,6 @@ minversion = 4 usedevelop = True setenv = VIRTUAL_ENV={envdir} - LANGUAGE=en_US - LC_ALL=en_US.utf-8 OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=160 @@ -30,6 +28,29 @@ deps = commands = python3 {toxinidir}/build/pin-images.py roles/defaults/vars/main.yml roles/defaults/vars/main.yml +[testenv:sync-charts] +skipsdist = True +deps = + aiopath + aioshutil + asynctempfile + GitPython + platformdirs + pydantic + pydantic-yaml + python-gerrit-api +commands = + python3 {toxinidir}/build/sync-charts.py + +[testenv:linters] +skipsdist = True +deps = + {[testenv:sync-charts]deps} + pre-commit +commands = + pre-commit run --all-files --show-diff-on-failure + python3 {toxinidir}/build/sync-charts.py --check + [testenv:molecule-keycloak] commands = molecule test -s keycloak diff --git a/vendir.lock.yml b/vendir.lock.yml deleted file mode 100644 index 1e3293308..000000000 --- a/vendir.lock.yml +++ /dev/null @@ -1,153 +0,0 @@ -apiVersion: vendir.k14s.io/v1alpha1 -directories: -- contents: - - helmChart: - appVersion: v1.0.0 - version: 0.3.6 - path: barbican - - helmChart: - appVersion: 3.5.1 - version: 3.5.1 - path: ceph-csi-rbd - - helmChart: - appVersion: v1.0.0 - version: 0.1.8 - path: ceph-provisioners - - helmChart: - appVersion: 0.3.0 - version: 0.3.0 - path: cert-manager-webhook-godaddy - - helmChart: - appVersion: 1.5.0 - version: 1.5.2 - path: cert-manager-webhook-infoblox-wapi - - helmChart: - appVersion: v1.0.0 - version: 0.3.15 - path: cinder - - helmChart: - appVersion: 1.9.3 - version: 1.19.4 - path: coredns - - helmChart: - appVersion: v1.0.0 - version: 0.2.9 - path: designate - - helmChart: - appVersion: v1.0.0 - version: 0.4.15 - path: glance - - helmChart: - appVersion: v1.0.0 - version: 0.3.7 - path: heat - - helmChart: - appVersion: v1.0.0 - version: 0.3.15 - path: horizon - - helmChart: - appVersion: 1.1.1 - version: 4.0.17 - path: ingress-nginx - - helmChart: - appVersion: 22.0.1 - version: 16.0.3 - path: keycloak - - helmChart: - appVersion: v1.0.0 - version: 0.3.5 - path: keystone - - helmChart: - appVersion: v0.73.0 - version: 58.0.0 - path: kube-prometheus-stack - - helmChart: - appVersion: v1.0.0 - version: 0.1.27 - path: libvirt - - git: - commitTitle: Fix missing plugins/github-release image for arm platform... - sha: 97e0501428f0a5bcac49ecd0bfdb051797c4a6c5 - tags: - - v0.0.24 - path: local-path-provisioner - - helmChart: - appVersion: 2.9.6 - version: 5.47.2 - path: loki - - helmChart: - appVersion: v1.0.0 - version: 0.2.9 - path: magnum - - helmChart: - appVersion: v1.0.0 - version: 0.1.7 - path: manila - - helmChart: - appVersion: v1.5.5 - version: 0.1.12 - path: memcached - - helmChart: - appVersion: v1.0.0 - version: 0.3.29 - path: neutron - - helmChart: - appVersion: v0.11.2 - version: 0.11.2 - path: node-feature-discovery - - helmChart: - appVersion: v1.0.0 - version: 0.3.27 - path: nova - - helmChart: - appVersion: v1.0.0 - version: 0.2.9 - path: octavia - - helmChart: - appVersion: v1.0.0 - version: 0.1.19 - path: openvswitch - - helmChart: - appVersion: v23.3.0 - version: 0.1.4 - path: ovn - - helmChart: - appVersion: v1.0.0 - version: 0.3.9 - path: placement - - helmChart: - appVersion: 1.4.2 - version: 1.16.0 - path: prometheus-pushgateway - - helmChart: - appVersion: 1.12.0 - version: 1.12.0 - path: pxc-operator - - helmChart: - appVersion: 1.13.1 - version: 2.6.6 - path: rabbitmq-cluster-operator - - helmChart: - appVersion: v1.10.10 - version: v1.10.10 - path: rook-ceph - - helmChart: - appVersion: v1.10.10 - version: v1.10.10 - path: rook-ceph-cluster - - helmChart: - appVersion: v1.0.0 - version: 0.2.9 - path: senlin - - manual: {} - path: staffeln - - helmChart: - appVersion: v1.0.0 - version: 0.2.8 - path: tempest - - helmChart: - appVersion: 0.37.0-distroless-libc - version: 0.32.0 - path: vector - path: charts -kind: LockConfig diff --git a/vendir.yml b/vendir.yml deleted file mode 100644 index a089a59f5..000000000 --- a/vendir.yml +++ /dev/null @@ -1,395 +0,0 @@ -apiVersion: vendir.k14s.io/v1alpha1 -kind: Config -directories: - - path: charts - contents: - - path: barbican - helmChart: - name: barbican - version: 0.3.6 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: ceph-csi-rbd - helmChart: - name: ceph-csi-rbd - version: 3.5.1 - repository: - url: https://ceph.github.io/csi-charts - - path: ceph-provisioners - helmChart: - name: ceph-provisioners - version: 0.1.8 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - - path: cert-manager-webhook-godaddy - helmChart: - name: godaddy-webhook - version: 0.3.0 - repository: - url: https://snowdrop.github.io/godaddy-webhook - - path: cert-manager-webhook-infoblox-wapi - helmChart: - name: cert-manager-webhook-infoblox-wapi - version: 1.5.2 - repository: - url: https://luisico.github.io/cert-manager-webhook-infoblox-wapi - - path: cinder - helmChart: - name: cinder - version: 0.3.15 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: coredns - helmChart: - name: coredns - version: 1.19.4 - repository: - url: https://coredns.github.io/helm - - path: designate - helmChart: - name: designate - version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: glance - helmChart: - name: glance - version: 0.4.15 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: heat - helmChart: - name: heat - version: 0.3.7 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: horizon - helmChart: - name: horizon - version: 0.3.15 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: ingress-nginx - helmChart: - name: ingress-nginx - version: 4.0.17 - repository: - url: https://kubernetes.github.io/ingress-nginx - - path: keycloak - helmChart: - name: keycloak - version: 16.0.3 - repository: - url: https://charts.bitnami.com/bitnami - - path: keystone - helmChart: - name: keystone - version: 0.3.5 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: kube-prometheus-stack - helmChart: - name: kube-prometheus-stack - version: 58.0.0 - repository: - url: https://prometheus-community.github.io/helm-charts - - path: libvirt - helmChart: - name: libvirt - version: 0.1.27 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - - path: local-path-provisioner - git: - url: https://github.com/rancher/local-path-provisioner - ref: v0.0.24 - newRootPath: deploy/chart/local-path-provisioner - - path: loki - helmChart: - name: loki - version: 5.47.2 - repository: - url: https://grafana.github.io/helm-charts - - path: magnum - helmChart: - name: magnum - version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: manila - helmChart: - name: manila - version: 0.1.7 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: memcached - helmChart: - name: memcached - version: 0.1.12 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - - path: neutron - helmChart: - name: neutron - version: 0.3.29 - repository: - url: https://tarballs.openstack.org/openstack-helm/ - - path: node-feature-discovery - helmChart: - name: node-feature-discovery - version: 0.11.2 - repository: - url: https://kubernetes-sigs.github.io/node-feature-discovery/charts - - path: nova - helmChart: - name: nova - version: 0.3.27 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: octavia - helmChart: - name: octavia - version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: openvswitch - helmChart: - name: openvswitch - version: 0.1.19 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - - path: ovn - helmChart: - name: ovn - version: 0.1.4 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - - path: placement - helmChart: - name: placement - version: 0.3.9 - repository: - url: https://tarballs.openstack.org/openstack-helm/ - - path: prometheus-pushgateway - helmChart: - name: prometheus-pushgateway - version: 1.16.0 - repository: - url: https://prometheus-community.github.io/helm-charts - - path: pxc-operator - helmChart: - name: pxc-operator - version: 1.12.0 - repository: - url: https://percona.github.io/percona-helm-charts - - path: rabbitmq-cluster-operator - helmChart: - name: rabbitmq-cluster-operator - version: 2.6.6 - repository: - url: https://charts.bitnami.com/bitnami - - path: rook-ceph - helmChart: - name: rook-ceph - version: 1.10.10 - repository: - url: https://charts.rook.io/release - - path: rook-ceph-cluster - helmChart: - name: rook-ceph-cluster - version: 1.10.10 - repository: - url: https://charts.rook.io/release - - path: senlin - helmChart: - name: senlin - version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: staffeln - manual: {} - - path: tempest - helmChart: - name: tempest - version: 0.2.8 - repository: - url: https://tarballs.openstack.org/openstack-helm - - path: vector - helmChart: - name: vector - version: 0.32.0 - repository: - url: https://vectordotdev.github.io/helm-charts - - -# KEYSTONE_VERSION=0.3.5 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/keystone-${KEYSTONE_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899867/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'keystone/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/keystone -# # Remove extra files before 899867 merged -# rm -fv ${ATMOSPHERE}/charts/keystone/templates/bin/_domain-manage-init.sh.tpl ${ATMOSPHERE}/charts/keystone/templates/bin/_domain-manage.py.tpl - -# GLANCE_VERSION=0.4.15 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/glance-${GLANCE_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899864/revisions/2/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'glance/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/glance - -# CINDER_VERSION=0.3.15 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/cinder-${CINDER_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899814/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'cinder/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/cinder - -# PLACEMENT_VERSION=0.3.9 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/placement-${PLACEMENT_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899914/revisions/3/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'placement/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/placement -# # Remove extra files before 899914 merged -# rm -rfv ${ATMOSPHERE}/charts/placement/values_overrides/ - -# LIBVIRT_VERSION=0.1.27 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm-infra/libvirt-${LIBVIRT_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893406/revisions/9/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'libvirt/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/libvirt - -# LOCAL_PATH_PROVISIONER_VERSION=0.0.24 -# curl -sL https://github.com/rancher/local-path-provisioner/archive/refs/tags/v${LOCAL_PATH_PROVISIONER_VERSION}.tar.gz \ -# | tar -xz -C ${ATMOSPHERE}/charts --strip-components=3 local-path-provisioner-${LOCAL_PATH_PROVISIONER_VERSION}/deploy/chart/ - -# OVN_VERSION=0.1.4 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm-infra/ovn-${OVN_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893739/revisions/2/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'ovn/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/ovn - -# NEUTRON_VERSION=0.3.24 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/neutron-${NEUTRON_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899711/revisions/2/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'neutron/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/neutron -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899684/revisions/4/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'neutron/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/neutron -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899716/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'neutron/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/neutron -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899933/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'neutron/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/neutron - -# NOVA_VERISON=0.3.27 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/nova-${NOVA_VERISON}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899809/revisions/2/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'nova/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/nova - -# SENLIN_VERSION=0.2.9 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/senlin-${SENLIN_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899913/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'senlin/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/senlin - -# DESIGNATE_VERSION=0.2.9 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/designate-${DESIGNATE_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899932/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'designate/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/designate - -# HEAT_VERSION=0.3.7 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/heat-${HEAT_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899931/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'heat/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/heat - -# OCTAVIA_VERSION=0.2.9 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/octavia-${OCTAVIA_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899918/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'octavia/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/octavia - -# MAGNUM_VERSION=0.2.9 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/magnum-${MAGNUM_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899926/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'magnum/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/magnum - -# MANILA_VERSION=0.1.7 -# curl -sL https://tarballs.opendev.org/openstack/openstack-helm/manila-${MANILA_VERSION}.tgz \ -# | tar -xz -C ${ATMOSPHERE}/charts -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/11/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'manila/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/manila -# curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~899923/revisions/1/patch?download' \ -# | base64 --decode \ -# | filterdiff -p1 -x 'releasenotes/*' \ -# | filterdiff -p2 -x 'Chart.yaml' \ -# | filterdiff -p1 -i 'manila/*' \ -# | patch -p2 -d ${ATMOSPHERE}/charts/manila diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 31fcd3ee8..c78e4f1c5 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -12,6 +12,11 @@ # License for the specific language governing permissions and limitations # under the License. +- job: + name: atmosphere-linters + parent: tox-linters + pre-run: zuul.d/playbooks/linters/pre.yml + - job: name: atmosphere-build-collection pre-run: zuul.d/playbooks/build-collection/pre.yml diff --git a/zuul.d/playbooks/linters/pre.yml b/zuul.d/playbooks/linters/pre.yml new file mode 100644 index 000000000..bb4079442 --- /dev/null +++ b/zuul.d/playbooks/linters/pre.yml @@ -0,0 +1,24 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- hosts: all + roles: + - role: ensure-helm + helm_version: 3.13.3 + tasks: + - name: Install patchutils + become: true + ansible.builtin.package: + name: patchutils + state: present diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 708999698..a0206eaad 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -16,6 +16,7 @@ merge-mode: squash-merge check: jobs: + - atmosphere-linters - atmosphere-build-collection - atmosphere-molecule-aio-keycloak: dependencies: &molecule_check_dependencies @@ -79,6 +80,7 @@ dependencies: *molecule_check_dependencies gate: jobs: + - atmosphere-linters - atmosphere-build-collection - atmosphere-molecule-aio-keycloak: dependencies: &molecule_gate_dependencies From 42067fb1f99eed1694ff615ed2f6af47f6a10d54 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Mon, 15 Apr 2024 23:55:03 -0400 Subject: [PATCH 12/45] [stable/zed] Build `keepalived` image (#1117) This is an automated cherry-pick of #1112 /assign mnaser --- images/keepalived/Dockerfile | 22 +++++++++ roles/defaults/vars/main.yml | 2 +- zuul.d/container-images/keepalived.yaml | 59 +++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 images/keepalived/Dockerfile create mode 100644 zuul.d/container-images/keepalived.yaml diff --git a/images/keepalived/Dockerfile b/images/keepalived/Dockerfile new file mode 100644 index 000000000..e4bfc0832 --- /dev/null +++ b/images/keepalived/Dockerfile @@ -0,0 +1,22 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +FROM registry.atmosphere.dev/library/ubuntu:zed +RUN < Date: Wed, 17 Apr 2024 09:34:08 -0400 Subject: [PATCH 13/45] [stable/zed] Fix image ci (#1118) This is an automated cherry-pick of #1049 /assign mnaser --- images/ovn/Dockerfile | 2 +- ...ump-golang.org-x-crypto-for-security.patch | 6184 ----------------- ...h => 0003-stop-creating-ovnkube-eps.patch} | 0 3 files changed, 1 insertion(+), 6185 deletions(-) delete mode 100644 images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch rename images/ovn/patches/ovn-kubernetes/{0004-stop-creating-ovnkube-eps.patch => 0003-stop-creating-ovnkube-eps.patch} (100%) diff --git a/images/ovn/Dockerfile b/images/ovn/Dockerfile index 589322e88..4e9ac939f 100644 --- a/images/ovn/Dockerfile +++ b/images/ovn/Dockerfile @@ -13,7 +13,7 @@ # under the License. FROM golang:1.20 AS ovn-kubernetes -ARG OVN_KUBERNETES_REF=cbff639b83af00e4887b540fc06b880108662780 +ARG OVN_KUBERNETES_REF=5359e7d7f872058b6e5bf884c9f19d1922451f29 ADD https://github.com/ovn-org/ovn-kubernetes.git#${OVN_KUBERNETES_REF} /src COPY patches/ovn-kubernetes /patches/ovn-kubernetes RUN git -C /src apply --verbose /patches/ovn-kubernetes/* diff --git a/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch b/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch deleted file mode 100644 index 66e0b0090..000000000 --- a/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch +++ /dev/null @@ -1,6184 +0,0 @@ -From 6d47afb26fb1bb1e6d5668f336ee292ad48954f3 Mon Sep 17 00:00:00 2001 -From: Mohammed Naser -Date: Sun, 4 Feb 2024 02:22:36 -0500 -Subject: [PATCH] chore: bump golang.org/x/crypto for security - ---- - go-controller/go.mod | 8 +- - go-controller/go.sum | 16 ++-- - .../golang.org/x/sys/execabs/execabs_go118.go | 1 - - .../golang.org/x/sys/execabs/execabs_go119.go | 1 - - .../golang.org/x/sys/plan9/pwd_go15_plan9.go | 1 - - .../golang.org/x/sys/plan9/pwd_plan9.go | 1 - - .../vendor/golang.org/x/sys/plan9/race.go | 1 - - .../vendor/golang.org/x/sys/plan9/race0.go | 1 - - .../vendor/golang.org/x/sys/plan9/str.go | 1 - - .../vendor/golang.org/x/sys/plan9/syscall.go | 1 - - .../x/sys/plan9/zsyscall_plan9_386.go | 1 - - .../x/sys/plan9/zsyscall_plan9_amd64.go | 1 - - .../x/sys/plan9/zsyscall_plan9_arm.go | 1 - - .../vendor/golang.org/x/sys/unix/aliases.go | 2 - - .../golang.org/x/sys/unix/asm_aix_ppc64.s | 1 - - .../golang.org/x/sys/unix/asm_bsd_386.s | 2 - - .../golang.org/x/sys/unix/asm_bsd_amd64.s | 2 - - .../golang.org/x/sys/unix/asm_bsd_arm.s | 2 - - .../golang.org/x/sys/unix/asm_bsd_arm64.s | 2 - - .../golang.org/x/sys/unix/asm_bsd_ppc64.s | 2 - - .../golang.org/x/sys/unix/asm_bsd_riscv64.s | 2 - - .../golang.org/x/sys/unix/asm_linux_386.s | 1 - - .../golang.org/x/sys/unix/asm_linux_amd64.s | 1 - - .../golang.org/x/sys/unix/asm_linux_arm.s | 1 - - .../golang.org/x/sys/unix/asm_linux_arm64.s | 3 - - .../golang.org/x/sys/unix/asm_linux_loong64.s | 3 - - .../golang.org/x/sys/unix/asm_linux_mips64x.s | 3 - - .../golang.org/x/sys/unix/asm_linux_mipsx.s | 3 - - .../golang.org/x/sys/unix/asm_linux_ppc64x.s | 3 - - .../golang.org/x/sys/unix/asm_linux_riscv64.s | 2 - - .../golang.org/x/sys/unix/asm_linux_s390x.s | 3 - - .../x/sys/unix/asm_openbsd_mips64.s | 1 - - .../golang.org/x/sys/unix/asm_solaris_amd64.s | 1 - - .../golang.org/x/sys/unix/asm_zos_s390x.s | 3 - - .../golang.org/x/sys/unix/cap_freebsd.go | 1 - - .../vendor/golang.org/x/sys/unix/constants.go | 1 - - .../golang.org/x/sys/unix/dev_aix_ppc.go | 1 - - .../golang.org/x/sys/unix/dev_aix_ppc64.go | 1 - - .../vendor/golang.org/x/sys/unix/dev_zos.go | 1 - - .../vendor/golang.org/x/sys/unix/dirent.go | 1 - - .../golang.org/x/sys/unix/endian_big.go | 1 - - .../golang.org/x/sys/unix/endian_little.go | 1 - - .../vendor/golang.org/x/sys/unix/env_unix.go | 1 - - .../vendor/golang.org/x/sys/unix/epoll_zos.go | 1 - - .../vendor/golang.org/x/sys/unix/fcntl.go | 3 +- - .../x/sys/unix/fcntl_linux_32bit.go | 1 - - .../vendor/golang.org/x/sys/unix/fdset.go | 1 - - .../golang.org/x/sys/unix/fstatfs_zos.go | 1 - - .../vendor/golang.org/x/sys/unix/gccgo.go | 1 - - .../vendor/golang.org/x/sys/unix/gccgo_c.c | 1 - - .../x/sys/unix/gccgo_linux_amd64.go | 1 - - .../golang.org/x/sys/unix/ifreq_linux.go | 1 - - .../golang.org/x/sys/unix/ioctl_linux.go | 5 + - .../golang.org/x/sys/unix/ioctl_signed.go | 1 - - .../golang.org/x/sys/unix/ioctl_unsigned.go | 1 - - .../vendor/golang.org/x/sys/unix/ioctl_zos.go | 1 - - .../vendor/golang.org/x/sys/unix/mkerrors.sh | 4 +- - .../golang.org/x/sys/unix/mmap_nomremap.go | 1 - - .../vendor/golang.org/x/sys/unix/mremap.go | 1 - - .../golang.org/x/sys/unix/pagesize_unix.go | 1 - - .../golang.org/x/sys/unix/pledge_openbsd.go | 92 ++++--------------- - .../golang.org/x/sys/unix/ptrace_darwin.go | 1 - - .../golang.org/x/sys/unix/ptrace_ios.go | 1 - - .../vendor/golang.org/x/sys/unix/race.go | 1 - - .../vendor/golang.org/x/sys/unix/race0.go | 1 - - .../x/sys/unix/readdirent_getdents.go | 1 - - .../x/sys/unix/readdirent_getdirentries.go | 1 - - .../golang.org/x/sys/unix/sockcmsg_unix.go | 1 - - .../x/sys/unix/sockcmsg_unix_other.go | 1 - - .../vendor/golang.org/x/sys/unix/syscall.go | 1 - - .../golang.org/x/sys/unix/syscall_aix.go | 4 +- - .../golang.org/x/sys/unix/syscall_aix_ppc.go | 1 - - .../x/sys/unix/syscall_aix_ppc64.go | 1 - - .../golang.org/x/sys/unix/syscall_bsd.go | 3 +- - .../x/sys/unix/syscall_darwin_amd64.go | 1 - - .../x/sys/unix/syscall_darwin_arm64.go | 1 - - .../x/sys/unix/syscall_darwin_libSystem.go | 1 - - .../x/sys/unix/syscall_dragonfly_amd64.go | 1 - - .../x/sys/unix/syscall_freebsd_386.go | 1 - - .../x/sys/unix/syscall_freebsd_amd64.go | 1 - - .../x/sys/unix/syscall_freebsd_arm.go | 1 - - .../x/sys/unix/syscall_freebsd_arm64.go | 1 - - .../x/sys/unix/syscall_freebsd_riscv64.go | 1 - - .../golang.org/x/sys/unix/syscall_hurd.go | 1 - - .../golang.org/x/sys/unix/syscall_hurd_386.go | 1 - - .../golang.org/x/sys/unix/syscall_illumos.go | 1 - - .../golang.org/x/sys/unix/syscall_linux.go | 33 ++++--- - .../x/sys/unix/syscall_linux_386.go | 1 - - .../x/sys/unix/syscall_linux_alarm.go | 2 - - .../x/sys/unix/syscall_linux_amd64.go | 1 - - .../x/sys/unix/syscall_linux_amd64_gc.go | 1 - - .../x/sys/unix/syscall_linux_arm.go | 1 - - .../x/sys/unix/syscall_linux_arm64.go | 1 - - .../golang.org/x/sys/unix/syscall_linux_gc.go | 1 - - .../x/sys/unix/syscall_linux_gc_386.go | 1 - - .../x/sys/unix/syscall_linux_gc_arm.go | 1 - - .../x/sys/unix/syscall_linux_gccgo_386.go | 1 - - .../x/sys/unix/syscall_linux_gccgo_arm.go | 1 - - .../x/sys/unix/syscall_linux_loong64.go | 1 - - .../x/sys/unix/syscall_linux_mips64x.go | 2 - - .../x/sys/unix/syscall_linux_mipsx.go | 2 - - .../x/sys/unix/syscall_linux_ppc.go | 1 - - .../x/sys/unix/syscall_linux_ppc64x.go | 2 - - .../x/sys/unix/syscall_linux_riscv64.go | 1 - - .../x/sys/unix/syscall_linux_s390x.go | 1 - - .../x/sys/unix/syscall_linux_sparc64.go | 1 - - .../x/sys/unix/syscall_netbsd_386.go | 1 - - .../x/sys/unix/syscall_netbsd_amd64.go | 1 - - .../x/sys/unix/syscall_netbsd_arm.go | 1 - - .../x/sys/unix/syscall_netbsd_arm64.go | 1 - - .../golang.org/x/sys/unix/syscall_openbsd.go | 28 ++++-- - .../x/sys/unix/syscall_openbsd_386.go | 1 - - .../x/sys/unix/syscall_openbsd_amd64.go | 1 - - .../x/sys/unix/syscall_openbsd_arm.go | 1 - - .../x/sys/unix/syscall_openbsd_arm64.go | 1 - - .../x/sys/unix/syscall_openbsd_libc.go | 1 - - .../x/sys/unix/syscall_openbsd_ppc64.go | 1 - - .../x/sys/unix/syscall_openbsd_riscv64.go | 1 - - .../golang.org/x/sys/unix/syscall_solaris.go | 5 +- - .../x/sys/unix/syscall_solaris_amd64.go | 1 - - .../golang.org/x/sys/unix/syscall_unix.go | 1 - - .../golang.org/x/sys/unix/syscall_unix_gc.go | 2 - - .../x/sys/unix/syscall_unix_gc_ppc64x.go | 3 - - .../x/sys/unix/syscall_zos_s390x.go | 3 +- - .../golang.org/x/sys/unix/sysvshm_linux.go | 1 - - .../golang.org/x/sys/unix/sysvshm_unix.go | 1 - - .../x/sys/unix/sysvshm_unix_other.go | 1 - - .../golang.org/x/sys/unix/timestruct.go | 1 - - .../golang.org/x/sys/unix/unveil_openbsd.go | 41 +++++---- - .../vendor/golang.org/x/sys/unix/xattr_bsd.go | 1 - - .../golang.org/x/sys/unix/zerrors_aix_ppc.go | 1 - - .../x/sys/unix/zerrors_aix_ppc64.go | 1 - - .../x/sys/unix/zerrors_darwin_amd64.go | 1 - - .../x/sys/unix/zerrors_darwin_arm64.go | 1 - - .../x/sys/unix/zerrors_dragonfly_amd64.go | 1 - - .../x/sys/unix/zerrors_freebsd_386.go | 1 - - .../x/sys/unix/zerrors_freebsd_amd64.go | 1 - - .../x/sys/unix/zerrors_freebsd_arm.go | 1 - - .../x/sys/unix/zerrors_freebsd_arm64.go | 1 - - .../x/sys/unix/zerrors_freebsd_riscv64.go | 1 - - .../golang.org/x/sys/unix/zerrors_linux.go | 14 ++- - .../x/sys/unix/zerrors_linux_386.go | 1 - - .../x/sys/unix/zerrors_linux_amd64.go | 1 - - .../x/sys/unix/zerrors_linux_arm.go | 1 - - .../x/sys/unix/zerrors_linux_arm64.go | 1 - - .../x/sys/unix/zerrors_linux_loong64.go | 2 +- - .../x/sys/unix/zerrors_linux_mips.go | 1 - - .../x/sys/unix/zerrors_linux_mips64.go | 1 - - .../x/sys/unix/zerrors_linux_mips64le.go | 1 - - .../x/sys/unix/zerrors_linux_mipsle.go | 1 - - .../x/sys/unix/zerrors_linux_ppc.go | 1 - - .../x/sys/unix/zerrors_linux_ppc64.go | 1 - - .../x/sys/unix/zerrors_linux_ppc64le.go | 1 - - .../x/sys/unix/zerrors_linux_riscv64.go | 4 +- - .../x/sys/unix/zerrors_linux_s390x.go | 1 - - .../x/sys/unix/zerrors_linux_sparc64.go | 1 - - .../x/sys/unix/zerrors_netbsd_386.go | 1 - - .../x/sys/unix/zerrors_netbsd_amd64.go | 1 - - .../x/sys/unix/zerrors_netbsd_arm.go | 1 - - .../x/sys/unix/zerrors_netbsd_arm64.go | 1 - - .../x/sys/unix/zerrors_openbsd_386.go | 1 - - .../x/sys/unix/zerrors_openbsd_amd64.go | 1 - - .../x/sys/unix/zerrors_openbsd_arm.go | 1 - - .../x/sys/unix/zerrors_openbsd_arm64.go | 1 - - .../x/sys/unix/zerrors_openbsd_mips64.go | 1 - - .../x/sys/unix/zerrors_openbsd_ppc64.go | 1 - - .../x/sys/unix/zerrors_openbsd_riscv64.go | 1 - - .../x/sys/unix/zerrors_solaris_amd64.go | 1 - - .../x/sys/unix/zerrors_zos_s390x.go | 1 - - .../x/sys/unix/zptrace_armnn_linux.go | 2 - - .../x/sys/unix/zptrace_mipsnn_linux.go | 2 - - .../x/sys/unix/zptrace_mipsnnle_linux.go | 2 - - .../x/sys/unix/zptrace_x86_linux.go | 2 - - .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 1 - - .../x/sys/unix/zsyscall_aix_ppc64.go | 1 - - .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 1 - - .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 1 - - .../x/sys/unix/zsyscall_darwin_amd64.go | 1 - - .../x/sys/unix/zsyscall_darwin_arm64.go | 1 - - .../x/sys/unix/zsyscall_dragonfly_amd64.go | 1 - - .../x/sys/unix/zsyscall_freebsd_386.go | 1 - - .../x/sys/unix/zsyscall_freebsd_amd64.go | 1 - - .../x/sys/unix/zsyscall_freebsd_arm.go | 1 - - .../x/sys/unix/zsyscall_freebsd_arm64.go | 1 - - .../x/sys/unix/zsyscall_freebsd_riscv64.go | 1 - - .../x/sys/unix/zsyscall_illumos_amd64.go | 1 - - .../golang.org/x/sys/unix/zsyscall_linux.go | 26 +++++- - .../x/sys/unix/zsyscall_linux_386.go | 1 - - .../x/sys/unix/zsyscall_linux_amd64.go | 1 - - .../x/sys/unix/zsyscall_linux_arm.go | 1 - - .../x/sys/unix/zsyscall_linux_arm64.go | 1 - - .../x/sys/unix/zsyscall_linux_loong64.go | 1 - - .../x/sys/unix/zsyscall_linux_mips.go | 1 - - .../x/sys/unix/zsyscall_linux_mips64.go | 1 - - .../x/sys/unix/zsyscall_linux_mips64le.go | 1 - - .../x/sys/unix/zsyscall_linux_mipsle.go | 1 - - .../x/sys/unix/zsyscall_linux_ppc.go | 1 - - .../x/sys/unix/zsyscall_linux_ppc64.go | 1 - - .../x/sys/unix/zsyscall_linux_ppc64le.go | 1 - - .../x/sys/unix/zsyscall_linux_riscv64.go | 1 - - .../x/sys/unix/zsyscall_linux_s390x.go | 1 - - .../x/sys/unix/zsyscall_linux_sparc64.go | 1 - - .../x/sys/unix/zsyscall_netbsd_386.go | 1 - - .../x/sys/unix/zsyscall_netbsd_amd64.go | 1 - - .../x/sys/unix/zsyscall_netbsd_arm.go | 1 - - .../x/sys/unix/zsyscall_netbsd_arm64.go | 1 - - .../x/sys/unix/zsyscall_openbsd_386.go | 72 ++++++++++++++- - .../x/sys/unix/zsyscall_openbsd_386.s | 20 ++++ - .../x/sys/unix/zsyscall_openbsd_amd64.go | 72 ++++++++++++++- - .../x/sys/unix/zsyscall_openbsd_amd64.s | 20 ++++ - .../x/sys/unix/zsyscall_openbsd_arm.go | 72 ++++++++++++++- - .../x/sys/unix/zsyscall_openbsd_arm.s | 20 ++++ - .../x/sys/unix/zsyscall_openbsd_arm64.go | 72 ++++++++++++++- - .../x/sys/unix/zsyscall_openbsd_arm64.s | 20 ++++ - .../x/sys/unix/zsyscall_openbsd_mips64.go | 72 ++++++++++++++- - .../x/sys/unix/zsyscall_openbsd_mips64.s | 20 ++++ - .../x/sys/unix/zsyscall_openbsd_ppc64.go | 72 ++++++++++++++- - .../x/sys/unix/zsyscall_openbsd_ppc64.s | 24 +++++ - .../x/sys/unix/zsyscall_openbsd_riscv64.go | 72 ++++++++++++++- - .../x/sys/unix/zsyscall_openbsd_riscv64.s | 20 ++++ - .../x/sys/unix/zsyscall_solaris_amd64.go | 1 - - .../x/sys/unix/zsyscall_zos_s390x.go | 1 - - .../x/sys/unix/zsysctl_openbsd_386.go | 1 - - .../x/sys/unix/zsysctl_openbsd_amd64.go | 1 - - .../x/sys/unix/zsysctl_openbsd_arm.go | 1 - - .../x/sys/unix/zsysctl_openbsd_arm64.go | 1 - - .../x/sys/unix/zsysctl_openbsd_mips64.go | 1 - - .../x/sys/unix/zsysctl_openbsd_ppc64.go | 1 - - .../x/sys/unix/zsysctl_openbsd_riscv64.go | 1 - - .../x/sys/unix/zsysnum_darwin_amd64.go | 1 - - .../x/sys/unix/zsysnum_darwin_arm64.go | 1 - - .../x/sys/unix/zsysnum_dragonfly_amd64.go | 1 - - .../x/sys/unix/zsysnum_freebsd_386.go | 1 - - .../x/sys/unix/zsysnum_freebsd_amd64.go | 1 - - .../x/sys/unix/zsysnum_freebsd_arm.go | 1 - - .../x/sys/unix/zsysnum_freebsd_arm64.go | 1 - - .../x/sys/unix/zsysnum_freebsd_riscv64.go | 1 - - .../x/sys/unix/zsysnum_linux_386.go | 2 +- - .../x/sys/unix/zsysnum_linux_amd64.go | 3 +- - .../x/sys/unix/zsysnum_linux_arm.go | 2 +- - .../x/sys/unix/zsysnum_linux_arm64.go | 2 +- - .../x/sys/unix/zsysnum_linux_loong64.go | 2 +- - .../x/sys/unix/zsysnum_linux_mips.go | 2 +- - .../x/sys/unix/zsysnum_linux_mips64.go | 2 +- - .../x/sys/unix/zsysnum_linux_mips64le.go | 2 +- - .../x/sys/unix/zsysnum_linux_mipsle.go | 2 +- - .../x/sys/unix/zsysnum_linux_ppc.go | 2 +- - .../x/sys/unix/zsysnum_linux_ppc64.go | 2 +- - .../x/sys/unix/zsysnum_linux_ppc64le.go | 2 +- - .../x/sys/unix/zsysnum_linux_riscv64.go | 2 +- - .../x/sys/unix/zsysnum_linux_s390x.go | 2 +- - .../x/sys/unix/zsysnum_linux_sparc64.go | 2 +- - .../x/sys/unix/zsysnum_netbsd_386.go | 1 - - .../x/sys/unix/zsysnum_netbsd_amd64.go | 1 - - .../x/sys/unix/zsysnum_netbsd_arm.go | 1 - - .../x/sys/unix/zsysnum_netbsd_arm64.go | 1 - - .../x/sys/unix/zsysnum_openbsd_386.go | 1 - - .../x/sys/unix/zsysnum_openbsd_amd64.go | 1 - - .../x/sys/unix/zsysnum_openbsd_arm.go | 1 - - .../x/sys/unix/zsysnum_openbsd_arm64.go | 1 - - .../x/sys/unix/zsysnum_openbsd_mips64.go | 1 - - .../x/sys/unix/zsysnum_openbsd_ppc64.go | 1 - - .../x/sys/unix/zsysnum_openbsd_riscv64.go | 1 - - .../x/sys/unix/zsysnum_zos_s390x.go | 1 - - .../golang.org/x/sys/unix/ztypes_aix_ppc.go | 1 - - .../golang.org/x/sys/unix/ztypes_aix_ppc64.go | 1 - - .../x/sys/unix/ztypes_darwin_amd64.go | 1 - - .../x/sys/unix/ztypes_darwin_arm64.go | 1 - - .../x/sys/unix/ztypes_dragonfly_amd64.go | 1 - - .../x/sys/unix/ztypes_freebsd_386.go | 1 - - .../x/sys/unix/ztypes_freebsd_amd64.go | 1 - - .../x/sys/unix/ztypes_freebsd_arm.go | 1 - - .../x/sys/unix/ztypes_freebsd_arm64.go | 1 - - .../x/sys/unix/ztypes_freebsd_riscv64.go | 1 - - .../golang.org/x/sys/unix/ztypes_linux.go | 45 ++++++++- - .../golang.org/x/sys/unix/ztypes_linux_386.go | 1 - - .../x/sys/unix/ztypes_linux_amd64.go | 1 - - .../golang.org/x/sys/unix/ztypes_linux_arm.go | 1 - - .../x/sys/unix/ztypes_linux_arm64.go | 1 - - .../x/sys/unix/ztypes_linux_loong64.go | 1 - - .../x/sys/unix/ztypes_linux_mips.go | 1 - - .../x/sys/unix/ztypes_linux_mips64.go | 1 - - .../x/sys/unix/ztypes_linux_mips64le.go | 1 - - .../x/sys/unix/ztypes_linux_mipsle.go | 1 - - .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 1 - - .../x/sys/unix/ztypes_linux_ppc64.go | 1 - - .../x/sys/unix/ztypes_linux_ppc64le.go | 1 - - .../x/sys/unix/ztypes_linux_riscv64.go | 1 - - .../x/sys/unix/ztypes_linux_s390x.go | 1 - - .../x/sys/unix/ztypes_linux_sparc64.go | 1 - - .../x/sys/unix/ztypes_netbsd_386.go | 1 - - .../x/sys/unix/ztypes_netbsd_amd64.go | 1 - - .../x/sys/unix/ztypes_netbsd_arm.go | 1 - - .../x/sys/unix/ztypes_netbsd_arm64.go | 1 - - .../x/sys/unix/ztypes_openbsd_386.go | 1 - - .../x/sys/unix/ztypes_openbsd_amd64.go | 1 - - .../x/sys/unix/ztypes_openbsd_arm.go | 1 - - .../x/sys/unix/ztypes_openbsd_arm64.go | 1 - - .../x/sys/unix/ztypes_openbsd_mips64.go | 1 - - .../x/sys/unix/ztypes_openbsd_ppc64.go | 1 - - .../x/sys/unix/ztypes_openbsd_riscv64.go | 1 - - .../x/sys/unix/ztypes_solaris_amd64.go | 1 - - .../golang.org/x/sys/unix/ztypes_zos_s390x.go | 1 - - .../golang.org/x/sys/windows/aliases.go | 1 - - .../vendor/golang.org/x/sys/windows/empty.s | 1 - - .../golang.org/x/sys/windows/eventlog.go | 1 - - .../golang.org/x/sys/windows/mksyscall.go | 1 - - .../vendor/golang.org/x/sys/windows/race.go | 1 - - .../vendor/golang.org/x/sys/windows/race0.go | 1 - - .../golang.org/x/sys/windows/registry/key.go | 1 - - .../x/sys/windows/registry/mksyscall.go | 1 - - .../x/sys/windows/registry/syscall.go | 1 - - .../x/sys/windows/registry/value.go | 1 - - .../golang.org/x/sys/windows/service.go | 1 - - .../vendor/golang.org/x/sys/windows/str.go | 1 - - .../golang.org/x/sys/windows/svc/security.go | 1 - - .../golang.org/x/sys/windows/svc/service.go | 1 - - .../golang.org/x/sys/windows/syscall.go | 1 - - .../x/sys/windows/syscall_windows.go | 6 +- - .../golang.org/x/sys/windows/types_windows.go | 28 +++++- - .../x/sys/windows/zsyscall_windows.go | 28 ++++++ - .../vendor/golang.org/x/term/term_unix.go | 1 - - .../vendor/golang.org/x/term/term_unix_bsd.go | 1 - - .../golang.org/x/term/term_unix_other.go | 1 - - .../golang.org/x/term/term_unsupported.go | 1 - - .../x/text/secure/bidirule/bidirule10.0.0.go | 1 - - .../x/text/secure/bidirule/bidirule9.0.0.go | 1 - - .../x/text/unicode/bidi/tables10.0.0.go | 1 - - .../x/text/unicode/bidi/tables11.0.0.go | 1 - - .../x/text/unicode/bidi/tables12.0.0.go | 1 - - .../x/text/unicode/bidi/tables13.0.0.go | 1 - - .../x/text/unicode/bidi/tables15.0.0.go | 1 - - .../x/text/unicode/bidi/tables9.0.0.go | 1 - - .../x/text/unicode/norm/tables10.0.0.go | 1 - - .../x/text/unicode/norm/tables11.0.0.go | 1 - - .../x/text/unicode/norm/tables12.0.0.go | 1 - - .../x/text/unicode/norm/tables13.0.0.go | 1 - - .../x/text/unicode/norm/tables15.0.0.go | 1 - - .../x/text/unicode/norm/tables9.0.0.go | 1 - - .../k8s.io/client-go/informers/factory.go | 10 -- - go-controller/vendor/modules.txt | 16 ++-- - 341 files changed, 924 insertions(+), 501 deletions(-) - -diff --git a/go-controller/go.mod b/go-controller/go.mod -index e3c730420..394778ac7 100644 ---- a/go-controller/go.mod -+++ b/go-controller/go.mod -@@ -41,7 +41,7 @@ require ( - golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb - golang.org/x/net v0.17.0 - golang.org/x/sync v0.2.0 -- golang.org/x/sys v0.13.0 -+ golang.org/x/sys v0.15.0 - golang.org/x/time v0.3.0 - google.golang.org/grpc v1.56.3 - google.golang.org/protobuf v1.30.0 -@@ -105,11 +105,11 @@ require ( - github.com/stretchr/objx v0.5.0 // indirect - github.com/vishvananda/netns v0.0.4 // indirect - go.opencensus.io v0.24.0 // indirect -- golang.org/x/crypto v0.14.0 // indirect -+ golang.org/x/crypto v0.17.0 // indirect - golang.org/x/mod v0.11.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect -- golang.org/x/term v0.13.0 // indirect -- golang.org/x/text v0.13.0 // indirect -+ golang.org/x/term v0.15.0 // indirect -+ golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.9.1 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/appengine v1.6.7 // indirect -diff --git a/go-controller/go.sum b/go-controller/go.sum -index da8817fbb..a3818d28a 100644 ---- a/go-controller/go.sum -+++ b/go-controller/go.sum -@@ -811,8 +811,8 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh - golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= - golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= - golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= --golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= --golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= - golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= - golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= - golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -@@ -1022,12 +1022,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= --golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= --golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= --golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -+golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= - golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -1038,8 +1038,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= --golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= --golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= - golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go -index 2000064a8..5627d70e3 100644 ---- a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go -+++ b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build !go1.19 --// +build !go1.19 - - package execabs - -diff --git a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go -index f364b3418..d60ab1b41 100644 ---- a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go -+++ b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build go1.19 --// +build go1.19 - - package execabs - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go -index c9b69937a..73687de74 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build go1.5 --// +build go1.5 - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go -index 98bf56b73..fb9458218 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build !go1.5 --// +build !go1.5 - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/race.go b/go-controller/vendor/golang.org/x/sys/plan9/race.go -index 62377d2ff..c02d9ed33 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/race.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/race.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build plan9 && race --// +build plan9,race - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/race0.go b/go-controller/vendor/golang.org/x/sys/plan9/race0.go -index f8da30876..7b15e15f6 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/race0.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/race0.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build plan9 && !race --// +build plan9,!race - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/str.go b/go-controller/vendor/golang.org/x/sys/plan9/str.go -index 55fa8d025..ba3e8ff8a 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/str.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/str.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build plan9 --// +build plan9 - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/syscall.go b/go-controller/vendor/golang.org/x/sys/plan9/syscall.go -index 67e5b0115..d631fd664 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/syscall.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/syscall.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build plan9 --// +build plan9 - - // Package plan9 contains an interface to the low-level operating system - // primitives. OS details vary depending on the underlying system, and -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go -index 3f40b9bd7..f780d5c80 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build plan9 && 386 --// +build plan9,386 - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go -index 0e6a96aa4..7de61065f 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build plan9 && amd64 --// +build plan9,amd64 - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go -index 244c501b7..ea85780f0 100644 ---- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build plan9 && arm --// +build plan9,arm - - package plan9 - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/aliases.go b/go-controller/vendor/golang.org/x/sys/unix/aliases.go -index abc89c104..e7d3df4bd 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/aliases.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/aliases.go -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9 --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos --// +build go1.9 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s -index db9171c2e..269e173ca 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gc --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s -index e0fcd9b3d..a4fcef0e0 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (freebsd || netbsd || openbsd) && gc --// +build freebsd netbsd openbsd --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s -index 2b99c349a..1e63615c5 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc --// +build darwin dragonfly freebsd netbsd openbsd --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s -index d702d4adc..6496c3100 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (freebsd || netbsd || openbsd) && gc --// +build freebsd netbsd openbsd --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s -index fe36a7391..4fd1f54da 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (darwin || freebsd || netbsd || openbsd) && gc --// +build darwin freebsd netbsd openbsd --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s -index e5b9a8489..42f7eb9e4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (darwin || freebsd || netbsd || openbsd) && gc --// +build darwin freebsd netbsd openbsd --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s -index d560019ea..f8902667e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (darwin || freebsd || netbsd || openbsd) && gc --// +build darwin freebsd netbsd openbsd --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s -index 8fd101d07..3b4734870 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gc --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s -index 7ed38e43c..67e29f317 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gc --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s -index 8ef1d5140..d6ae269ce 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gc --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s -index 98ae02760..01e5e253c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && arm64 && gc --// +build linux --// +build arm64 --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s -index 565357288..2abf12f6e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && loong64 && gc --// +build linux --// +build loong64 --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s -index 21231d2ce..f84bae712 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (mips64 || mips64le) && gc --// +build linux --// +build mips64 mips64le --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s -index 6783b26c6..f08f62807 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (mips || mipsle) && gc --// +build linux --// +build mips mipsle --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s -index 19d498934..bdfc024d2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (ppc64 || ppc64le) && gc --// +build linux --// +build ppc64 ppc64le --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s -index e42eb81d5..2e8c99612 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build riscv64 && gc --// +build riscv64 --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s -index c46aab339..2c394b11e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && s390x && gc --// +build linux --// +build s390x --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s -index 5e7a1169c..fab586a2c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gc --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s -index f8c5394c1..f949ec547 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gc --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s -index 3b54e1858..2f67ba86d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x && gc --// +build zos --// +build s390x --// +build gc - - #include "textflag.h" - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go b/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go -index 0b7c6adb8..a08657890 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build freebsd --// +build freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/constants.go b/go-controller/vendor/golang.org/x/sys/unix/constants.go -index 394a3965b..6fb7cb77d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/constants.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/constants.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go -index 65a998508..d78513461 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix && ppc --// +build aix,ppc - - // Functions to access/create device major and minor numbers matching the - // encoding used by AIX. -diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go -index 8fc08ad0a..623a5e697 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix && ppc64 --// +build aix,ppc64 - - // Functions to access/create device major and minor numbers matching the - // encoding used AIX. -diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go b/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go -index a388e59a0..bb6a64fe9 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - // Functions to access/create device major and minor numbers matching the - // encoding used by z/OS. -diff --git a/go-controller/vendor/golang.org/x/sys/unix/dirent.go b/go-controller/vendor/golang.org/x/sys/unix/dirent.go -index 2499f977b..1ebf11782 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/dirent.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/dirent.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/endian_big.go b/go-controller/vendor/golang.org/x/sys/unix/endian_big.go -index a52026557..1095fd31d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/endian_big.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/endian_big.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - // - //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64 --// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/endian_little.go b/go-controller/vendor/golang.org/x/sys/unix/endian_little.go -index b0f2bc4ae..b9f0e277b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/endian_little.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/endian_little.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - // - //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh --// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/env_unix.go b/go-controller/vendor/golang.org/x/sys/unix/env_unix.go -index 29ccc4d13..a96da71f4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/env_unix.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/env_unix.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - // Unix environment variables. - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go b/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go -index cedaf7e02..7753fddea 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/fcntl.go b/go-controller/vendor/golang.org/x/sys/unix/fcntl.go -index e9b991258..6200876fb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/fcntl.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/fcntl.go -@@ -2,8 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build dragonfly || freebsd || linux || netbsd || openbsd --// +build dragonfly freebsd linux netbsd openbsd -+//go:build dragonfly || freebsd || linux || netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go -index 29d44808b..13b4acd5c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc) --// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/fdset.go b/go-controller/vendor/golang.org/x/sys/unix/fdset.go -index a8068f94f..9e83d18cd 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/fdset.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/fdset.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go -index e377cc9f4..c8bde601e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo.go b/go-controller/vendor/golang.org/x/sys/unix/gccgo.go -index b06f52d74..aca5721dd 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/gccgo.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gccgo && !aix && !hurd --// +build gccgo,!aix,!hurd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c b/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c -index f98a1c542..d468b7b47 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c -+++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gccgo && !aix && !hurd --// +build gccgo,!aix,!hurd - - #include - #include -diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go -index e60e49a3d..972d61bd7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build gccgo && linux && amd64 --// +build gccgo,linux,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go -index 15721a510..848840ae4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux --// +build linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go -index 0d12c0851..dbe680eab 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go -@@ -231,3 +231,8 @@ func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) { - func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error { - return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value)) - } -+ -+// IoctlLoopConfigure configures all loop device parameters in a single step -+func IoctlLoopConfigure(fd int, value *LoopConfig) error { -+ return ioctlPtr(fd, LOOP_CONFIGURE, unsafe.Pointer(value)) -+} -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go -index 7def9580e..5b0759bd8 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || solaris --// +build aix solaris - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go -index 649913d1e..20f470b9d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd --// +build darwin dragonfly freebsd hurd linux netbsd openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go -index cdc21bf76..c8b2a750f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh b/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh -index 47fa6a7eb..6202638ba 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh -+++ b/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh -@@ -519,6 +519,7 @@ ccflags="$@" - $2 ~ /^LOCK_(SH|EX|NB|UN)$/ || - $2 ~ /^LO_(KEY|NAME)_SIZE$/ || - $2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ || -+ $2 == "LOOP_CONFIGURE" || - $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || - $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || - $2 ~ /^NFC_.*_(MAX)?SIZE$/ || -@@ -560,7 +561,7 @@ ccflags="$@" - $2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ || - $2 ~ /^PRIO_(PROCESS|PGRP|USER)/ || - $2 ~ /^CLONE_[A-Z_]+/ || -- $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ && -+ $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+|BPF_F_LINK)$/ && - $2 ~ /^(BPF|DLT)_/ || - $2 ~ /^AUDIT_/ || - $2 ~ /^(CLOCK|TIMER)_/ || -@@ -663,7 +664,6 @@ echo '// mkerrors.sh' "$@" - echo '// Code generated by the command above; see README.md. DO NOT EDIT.' - echo - echo "//go:build ${GOARCH} && ${GOOS}" --echo "// +build ${GOARCH},${GOOS}" - echo - go tool cgo -godefs -- "$@" _const.go >_error.out - cat _error.out | grep -vf _error.grep | grep -vf _signal.grep -diff --git a/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go -index ca0513632..4b68e5978 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris --// +build aix darwin dragonfly freebsd openbsd solaris - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/mremap.go b/go-controller/vendor/golang.org/x/sys/unix/mremap.go -index fa93d0aa9..fd45fe529 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/mremap.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/mremap.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux || netbsd --// +build linux netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go b/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go -index 53f1b4c5b..4d0a3430e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris - - // For Unix, get the pagesize from the runtime. - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go -index eb48294b2..6a09af53e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go -@@ -8,54 +8,31 @@ import ( - "errors" - "fmt" - "strconv" -- "syscall" -- "unsafe" - ) - - // Pledge implements the pledge syscall. - // --// The pledge syscall does not accept execpromises on OpenBSD releases --// before 6.3. --// --// execpromises must be empty when Pledge is called on OpenBSD --// releases predating 6.3, otherwise an error will be returned. -+// This changes both the promises and execpromises; use PledgePromises or -+// PledgeExecpromises to only change the promises or execpromises -+// respectively. - // - // For more information see pledge(2). - func Pledge(promises, execpromises string) error { -- maj, min, err := majmin() -- if err != nil { -+ if err := pledgeAvailable(); err != nil { - return err - } - -- err = pledgeAvailable(maj, min, execpromises) -+ pptr, err := BytePtrFromString(promises) - if err != nil { - return err - } - -- pptr, err := syscall.BytePtrFromString(promises) -+ exptr, err := BytePtrFromString(execpromises) - if err != nil { - return err - } - -- // This variable will hold either a nil unsafe.Pointer or -- // an unsafe.Pointer to a string (execpromises). -- var expr unsafe.Pointer -- -- // If we're running on OpenBSD > 6.2, pass execpromises to the syscall. -- if maj > 6 || (maj == 6 && min > 2) { -- exptr, err := syscall.BytePtrFromString(execpromises) -- if err != nil { -- return err -- } -- expr = unsafe.Pointer(exptr) -- } -- -- _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) -- if e != 0 { -- return e -- } -- -- return nil -+ return pledge(pptr, exptr) - } - - // PledgePromises implements the pledge syscall. -@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error { - // - // For more information see pledge(2). - func PledgePromises(promises string) error { -- maj, min, err := majmin() -- if err != nil { -- return err -- } -- -- err = pledgeAvailable(maj, min, "") -- if err != nil { -+ if err := pledgeAvailable(); err != nil { - return err - } - -- // This variable holds the execpromises and is always nil. -- var expr unsafe.Pointer -- -- pptr, err := syscall.BytePtrFromString(promises) -+ pptr, err := BytePtrFromString(promises) - if err != nil { - return err - } - -- _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) -- if e != 0 { -- return e -- } -- -- return nil -+ return pledge(pptr, nil) - } - - // PledgeExecpromises implements the pledge syscall. -@@ -96,30 +59,16 @@ func PledgePromises(promises string) error { - // - // For more information see pledge(2). - func PledgeExecpromises(execpromises string) error { -- maj, min, err := majmin() -- if err != nil { -+ if err := pledgeAvailable(); err != nil { - return err - } - -- err = pledgeAvailable(maj, min, execpromises) -+ exptr, err := BytePtrFromString(execpromises) - if err != nil { - return err - } - -- // This variable holds the promises and is always nil. -- var pptr unsafe.Pointer -- -- exptr, err := syscall.BytePtrFromString(execpromises) -- if err != nil { -- return err -- } -- -- _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0) -- if e != 0 { -- return e -- } -- -- return nil -+ return pledge(nil, exptr) - } - - // majmin returns major and minor version number for an OpenBSD system. -@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) { - - // pledgeAvailable checks for availability of the pledge(2) syscall - // based on the running OpenBSD version. --func pledgeAvailable(maj, min int, execpromises string) error { -- // If OpenBSD <= 5.9, pledge is not available. -- if (maj == 5 && min != 9) || maj < 5 { -- return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min) -+func pledgeAvailable() error { -+ maj, min, err := majmin() -+ if err != nil { -+ return err - } - -- // If OpenBSD <= 6.2 and execpromises is not empty, -- // return an error - execpromises is not available before 6.3 -- if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" { -- return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min) -+ // Require OpenBSD 6.4 as a minimum. -+ if maj < 6 || (maj == 6 && min <= 3) { -+ return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min) - } - - return nil -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go -index 463c3eff7..3f0975f3d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build darwin && !ios --// +build darwin,!ios - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go b/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go -index ed0509a01..a4d35db5d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build ios --// +build ios - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/race.go b/go-controller/vendor/golang.org/x/sys/unix/race.go -index 6f6c5fec5..714d2aae7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/race.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/race.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (darwin && race) || (linux && race) || (freebsd && race) --// +build darwin,race linux,race freebsd,race - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/race0.go b/go-controller/vendor/golang.org/x/sys/unix/race0.go -index 706e1322a..4a9f6634c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/race0.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/race0.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos --// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go -index 4d6257569..dbd2b6ccb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd --// +build aix dragonfly freebsd linux netbsd openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go -index 2a4ba47c4..130398b6b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build darwin --// +build darwin - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go -index 3865943f6..c3a62dbb1 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - // Socket control messages - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go -index 0840fe4a5..4a1eab37e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin freebsd linux netbsd openbsd solaris zos - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall.go b/go-controller/vendor/golang.org/x/sys/unix/syscall.go -index 63e8c8383..5ea74da98 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - // Package unix contains an interface to the low-level operating system - // primitives. OS details vary depending on the underlying system, and -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go -index e94e6cdac..67ce6cef2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix --// +build aix - - // Aix system calls. - // This file is compiled as ordinary Go code, -@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { - if n > 0 { - sl += _Socklen(n) + 1 - } -- if sa.raw.Path[0] == '@' { -+ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { -+ // Check sl > 3 so we don't change unnamed socket behavior. - sa.raw.Path[0] = 0 - // Don't count trailing NUL for abstract address. - sl-- -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go -index f2871fa95..1fdaa4760 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix && ppc --// +build aix,ppc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go -index 75718ec0f..c87f9a9f4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix && ppc64 --// +build aix,ppc64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go -index 4217de518..a00c3e545 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build darwin || dragonfly || freebsd || netbsd || openbsd --// +build darwin dragonfly freebsd netbsd openbsd - - // BSD system call wrappers shared by *BSD based systems - // including OS X (Darwin) and FreeBSD. Like the other -@@ -317,7 +316,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { - if err != nil { - return "", err - } -- return string(buf[:vallen-1]), nil -+ return ByteSliceToString(buf[:vallen]), nil - } - - //sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go -index b37310ce9..0eaecf5fc 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && darwin --// +build amd64,darwin - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go -index d51ec9963..f36c6707c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm64 && darwin --// +build arm64,darwin - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go -index 53c96641f..16dc69937 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build darwin && go1.12 --// +build darwin,go1.12 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go -index 4e2d32120..14bab6b2d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && dragonfly --// +build amd64,dragonfly - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go -index b8da51004..3967bca77 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build 386 && freebsd --// +build 386,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go -index 47155c483..eff19ada2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && freebsd --// +build amd64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go -index 08932093f..4f24b517a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm && freebsd --// +build arm,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go -index d151a0d0e..ac30759ec 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm64 && freebsd --// +build arm64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go -index d5cd64b37..aab725ca7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build riscv64 && freebsd --// +build riscv64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go -index 381fd4673..ba46651f8 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build hurd --// +build hurd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go -index 7cf54a3e4..df89f9e6b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build 386 && hurd --// +build 386,hurd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go -index 87db5a6a8..a863f7052 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go -@@ -5,7 +5,6 @@ - // illumos system calls not present on Solaris. - - //go:build amd64 && illumos --// +build amd64,illumos - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go -index fb4e50224..0f85e29e6 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go -@@ -61,15 +61,23 @@ func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) ( - } - - //sys fchmodat(dirfd int, path string, mode uint32) (err error) -- --func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { -- // Linux fchmodat doesn't support the flags parameter. Mimick glibc's behavior -- // and check the flags. Otherwise the mode would be applied to the symlink -- // destination which is not what the user expects. -- if flags&^AT_SYMLINK_NOFOLLOW != 0 { -- return EINVAL -- } else if flags&AT_SYMLINK_NOFOLLOW != 0 { -- return EOPNOTSUPP -+//sys fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) -+ -+func Fchmodat(dirfd int, path string, mode uint32, flags int) error { -+ // Linux fchmodat doesn't support the flags parameter, but fchmodat2 does. -+ // Try fchmodat2 if flags are specified. -+ if flags != 0 { -+ err := fchmodat2(dirfd, path, mode, flags) -+ if err == ENOSYS { -+ // fchmodat2 isn't available. If the flags are known to be valid, -+ // return EOPNOTSUPP to indicate that fchmodat doesn't support them. -+ if flags&^(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 { -+ return EINVAL -+ } else if flags&(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 { -+ return EOPNOTSUPP -+ } -+ } -+ return err - } - return fchmodat(dirfd, path, mode) - } -@@ -417,7 +425,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { - if n > 0 { - sl += _Socklen(n) + 1 - } -- if sa.raw.Path[0] == '@' { -+ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { -+ // Check sl > 3 so we don't change unnamed socket behavior. - sa.raw.Path[0] = 0 - // Don't count trailing NUL for abstract address. - sl-- -@@ -1301,7 +1310,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { - return "", err - } - } -- return string(buf[:vallen-1]), nil -+ return ByteSliceToString(buf[:vallen]), nil - } - - func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) { -@@ -2482,3 +2491,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) { - } - return attr, nil - } -+ -+//sys Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go -index c7d9945ea..506dafa7b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build 386 && linux --// +build 386,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go -index 08086ac6a..38d55641b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64) --// +build linux --// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go -index 70601ce36..d557cf8de 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && linux --// +build amd64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go -index 8b0f0f3aa..facdb83b2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && linux && gc --// +build amd64,linux,gc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go -index da2986415..cd2dd797f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm && linux --// +build arm,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go -index f5266689a..cf2ee6c75 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm64 && linux --// +build arm64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go -index 2b1168d7d..ffc4c2b63 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && gc --// +build linux,gc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go -index 9843fb489..9ebfdcf44 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && gc && 386 --// +build linux,gc,386 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go -index a6008fccd..5f2b57c4c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm && gc && linux --// +build arm,gc,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go -index 7740af242..d1a3ad826 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && gccgo && 386 --// +build linux,gccgo,386 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go -index e16a12299..f2f67423e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && gccgo && arm --// +build linux,gccgo,arm - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go -index f6ab02ec1..3d0e98451 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build loong64 && linux --// +build loong64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go -index 93fe59d25..70963a95a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (mips64 || mips64le) --// +build linux --// +build mips64 mips64le - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go -index aae7f0ffd..c218ebd28 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (mips || mipsle) --// +build linux --// +build mips mipsle - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go -index 66eff19a3..e6c48500c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && ppc --// +build linux,ppc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go -index 806aa2574..7286a9aa8 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (ppc64 || ppc64le) --// +build linux --// +build ppc64 ppc64le - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go -index 5e6ceee12..6f5a28894 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build riscv64 && linux --// +build riscv64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go -index 2f89e8f5d..66f31210d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build s390x && linux --// +build s390x,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go -index 7ca064ae7..11d1f1698 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build sparc64 && linux --// +build sparc64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go -index 5199d282f..7a5eb5743 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build 386 && netbsd --// +build 386,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go -index 70a9c52e9..62d8957ae 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && netbsd --// +build amd64,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go -index 3eb5942f9..ce6a06885 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm && netbsd --// +build arm,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go -index fc6ccfd81..d46d689d1 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm64 && netbsd --// +build arm64,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go -index 6f34479b5..b25343c71 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go -@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e - } - - func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { -- var _p0 unsafe.Pointer -+ var bufptr *Statfs_t - var bufsize uintptr - if len(buf) > 0 { -- _p0 = unsafe.Pointer(&buf[0]) -+ bufptr = &buf[0] - bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf)) - } -- r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags)) -- n = int(r0) -- if e1 != 0 { -- err = e1 -- } -- return -+ return getfsstat(bufptr, bufsize, flags) - } - - //sysnb getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) -@@ -171,6 +166,20 @@ func Getresgid() (rgid, egid, sgid int) { - - //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL - -+//sys fcntl(fd int, cmd int, arg int) (n int, err error) -+//sys fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) = SYS_FCNTL -+ -+// FcntlInt performs a fcntl syscall on fd with the provided command and argument. -+func FcntlInt(fd uintptr, cmd, arg int) (int, error) { -+ return fcntl(int(fd), cmd, arg) -+} -+ -+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command. -+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error { -+ _, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk)) -+ return err -+} -+ - //sys ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) - - func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { -@@ -326,4 +335,7 @@ func Uname(uname *Utsname) error { - //sys write(fd int, p []byte) (n int, err error) - //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) - //sys munmap(addr uintptr, length uintptr) (err error) -+//sys getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) - //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) -+//sys pledge(promises *byte, execpromises *byte) (err error) -+//sys unveil(path *byte, flags *byte) (err error) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go -index 6baabcdcb..9ddc89f4f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build 386 && openbsd --// +build 386,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go -index bab25360e..70a3c96ee 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && openbsd --// +build amd64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go -index 8eed3c4d4..265caa87f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm && openbsd --// +build arm,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go -index 483dde99d..ac4fda171 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build arm64 && openbsd --// +build arm64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go -index 04aa43f41..0a451e6dd 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build openbsd --// +build openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go -index c2796139c..30a308cbb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build ppc64 && openbsd --// +build ppc64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go -index 23199a7ff..ea954330f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build riscv64 && openbsd --// +build riscv64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go -index b99cfa134..21974af06 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go -@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { - if n > 0 { - sl += _Socklen(n) + 1 - } -- if sa.raw.Path[0] == '@' { -+ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { -+ // Check sl > 3 so we don't change unnamed socket behavior. - sa.raw.Path[0] = 0 - // Don't count trailing NUL for abstract address. - sl-- -@@ -157,7 +158,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { - if err != nil { - return "", err - } -- return string(buf[:vallen-1]), nil -+ return ByteSliceToString(buf[:vallen]), nil - } - - const ImplementsGetwd = true -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go -index 0bd25ef81..e02d8ceae 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build amd64 && solaris --// +build amd64,solaris - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go -index f6eda2705..77081de8c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go -index b6919ca58..05c95bccf 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go -@@ -3,8 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc --// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris --// +build gc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go -index f6f707acf..23f39b7af 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go -@@ -3,9 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux && (ppc64le || ppc64) && gc --// +build linux --// +build ppc64le ppc64 --// +build gc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go -index 4596d041c..b473038c6 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - package unix - -@@ -1105,7 +1104,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { - return "", err - } - -- return string(buf[:vallen-1]), nil -+ return ByteSliceToString(buf[:vallen]), nil - } - - func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { -diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go -index 2c3a4437f..4fcd38de2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build linux --// +build linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go -index 5bb41d17b..79a84f18b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build (darwin && !ios) || linux --// +build darwin,!ios linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go -index 71bddefdb..9eb0db664 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build darwin && !ios --// +build darwin,!ios - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/timestruct.go b/go-controller/vendor/golang.org/x/sys/unix/timestruct.go -index 616b1b284..7997b1902 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/timestruct.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/timestruct.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go -index 168d5ae77..cb7e598ce 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go -@@ -4,39 +4,48 @@ - - package unix - --import ( -- "syscall" -- "unsafe" --) -+import "fmt" - - // Unveil implements the unveil syscall. - // For more information see unveil(2). - // Note that the special case of blocking further - // unveil calls is handled by UnveilBlock. - func Unveil(path string, flags string) error { -- pathPtr, err := syscall.BytePtrFromString(path) -- if err != nil { -+ if err := supportsUnveil(); err != nil { - return err - } -- flagsPtr, err := syscall.BytePtrFromString(flags) -+ pathPtr, err := BytePtrFromString(path) - if err != nil { - return err - } -- _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0) -- if e != 0 { -- return e -+ flagsPtr, err := BytePtrFromString(flags) -+ if err != nil { -+ return err - } -- return nil -+ return unveil(pathPtr, flagsPtr) - } - - // UnveilBlock blocks future unveil calls. - // For more information see unveil(2). - func UnveilBlock() error { -- // Both pointers must be nil. -- var pathUnsafe, flagsUnsafe unsafe.Pointer -- _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0) -- if e != 0 { -- return e -+ if err := supportsUnveil(); err != nil { -+ return err - } -+ return unveil(nil, nil) -+} -+ -+// supportsUnveil checks for availability of the unveil(2) system call based -+// on the running OpenBSD version. -+func supportsUnveil() error { -+ maj, min, err := majmin() -+ if err != nil { -+ return err -+ } -+ -+ // unveil is not available before 6.4 -+ if maj < 6 || (maj == 6 && min <= 3) { -+ return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min) -+ } -+ - return nil - } -diff --git a/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go b/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go -index f5f8e9f36..e16879396 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build freebsd || netbsd --// +build freebsd netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go -index ca9799b79..2fb219d78 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc && aix --// +build ppc,aix - - // Created by cgo -godefs - DO NOT EDIT - // cgo -godefs -- -maix32 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go -index 200c8c26f..b0e6f5c85 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && aix --// +build ppc64,aix - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -maix64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go -index 143007627..e40fa8524 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && darwin --// +build amd64,darwin - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go -index ab044a742..bb02aa6c0 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && darwin --// +build arm64,darwin - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go -index 17bba0e44..c0e0f8694 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && dragonfly --// +build amd64,dragonfly - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go -index f8c2c5138..6c6923906 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && freebsd --// +build 386,freebsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m32 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go -index 96310c3be..dd9163f8e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && freebsd --// +build amd64,freebsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go -index 777b69def..493a2a793 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && freebsd --// +build arm,freebsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go -index c557ac2db..8b437b307 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && freebsd --// +build arm64,freebsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go -index 341b4d962..67c02dd57 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && freebsd --// +build riscv64,freebsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go -index f9c7f479b..c73cfe2f1 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go -@@ -1,7 +1,6 @@ - // Code generated by mkmerge; DO NOT EDIT. - - //go:build linux --// +build linux - - package unix - -@@ -481,10 +480,13 @@ const ( - BPF_FROM_BE = 0x8 - BPF_FROM_LE = 0x0 - BPF_FS_MAGIC = 0xcafe4a11 -+ BPF_F_AFTER = 0x10 - BPF_F_ALLOW_MULTI = 0x2 - BPF_F_ALLOW_OVERRIDE = 0x1 - BPF_F_ANY_ALIGNMENT = 0x2 -- BPF_F_KPROBE_MULTI_RETURN = 0x1 -+ BPF_F_BEFORE = 0x8 -+ BPF_F_ID = 0x20 -+ BPF_F_NETFILTER_IP_DEFRAG = 0x1 - BPF_F_QUERY_EFFECTIVE = 0x1 - BPF_F_REPLACE = 0x4 - BPF_F_SLEEPABLE = 0x10 -@@ -521,6 +523,7 @@ const ( - BPF_MAJOR_VERSION = 0x1 - BPF_MAXINSNS = 0x1000 - BPF_MEM = 0x60 -+ BPF_MEMSX = 0x80 - BPF_MEMWORDS = 0x10 - BPF_MINOR_VERSION = 0x1 - BPF_MISC = 0x7 -@@ -776,6 +779,8 @@ const ( - DEVLINK_GENL_MCGRP_CONFIG_NAME = "config" - DEVLINK_GENL_NAME = "devlink" - DEVLINK_GENL_VERSION = 0x1 -+ DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO = 0x4 -+ DEVLINK_PORT_FN_CAP_IPSEC_PACKET = 0x8 - DEVLINK_PORT_FN_CAP_MIGRATABLE = 0x2 - DEVLINK_PORT_FN_CAP_ROCE = 0x1 - DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX = 0x14 -@@ -1698,6 +1703,7 @@ const ( - KEXEC_ON_CRASH = 0x1 - KEXEC_PRESERVE_CONTEXT = 0x2 - KEXEC_SEGMENT_MAX = 0x10 -+ KEXEC_UPDATE_ELFCOREHDR = 0x4 - KEYCTL_ASSUME_AUTHORITY = 0x10 - KEYCTL_CAPABILITIES = 0x1f - KEYCTL_CAPS0_BIG_KEY = 0x10 -@@ -1795,6 +1801,7 @@ const ( - LOCK_SH = 0x1 - LOCK_UN = 0x8 - LOOP_CLR_FD = 0x4c01 -+ LOOP_CONFIGURE = 0x4c0a - LOOP_CTL_ADD = 0x4c80 - LOOP_CTL_GET_FREE = 0x4c82 - LOOP_CTL_REMOVE = 0x4c81 -@@ -2275,6 +2282,7 @@ const ( - PERF_MEM_LVLNUM_PMEM = 0xe - PERF_MEM_LVLNUM_RAM = 0xd - PERF_MEM_LVLNUM_SHIFT = 0x21 -+ PERF_MEM_LVLNUM_UNC = 0x8 - PERF_MEM_LVL_HIT = 0x2 - PERF_MEM_LVL_IO = 0x1000 - PERF_MEM_LVL_L1 = 0x8 -@@ -3461,6 +3469,7 @@ const ( - XDP_PACKET_HEADROOM = 0x100 - XDP_PGOFF_RX_RING = 0x0 - XDP_PGOFF_TX_RING = 0x80000000 -+ XDP_PKT_CONTD = 0x1 - XDP_RING_NEED_WAKEUP = 0x1 - XDP_RX_RING = 0x2 - XDP_SHARED_UMEM = 0x1 -@@ -3473,6 +3482,7 @@ const ( - XDP_UMEM_REG = 0x4 - XDP_UMEM_UNALIGNED_CHUNK_FLAG = 0x1 - XDP_USE_NEED_WAKEUP = 0x8 -+ XDP_USE_SG = 0x10 - XDP_ZEROCOPY = 0x4 - XENFS_SUPER_MAGIC = 0xabba1974 - XFS_SUPER_MAGIC = 0x58465342 -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go -index 30aee00a5..4920821cf 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && linux --// +build 386,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go -index 8ebfa5127..a0c1e4112 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && linux --// +build amd64,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go -index 271a21cdc..c63985560 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && linux --// +build arm,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go -index 910c330a3..47cc62e25 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && linux --// +build arm64,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go -index a640798c9..27ac4a09e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build loong64 && linux --// +build loong64,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go -@@ -119,6 +118,7 @@ const ( - IXOFF = 0x1000 - IXON = 0x400 - LASX_CTX_MAGIC = 0x41535801 -+ LBT_CTX_MAGIC = 0x42540001 - LSX_CTX_MAGIC = 0x53580001 - MAP_ANON = 0x20 - MAP_ANONYMOUS = 0x20 -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go -index 0d5925d34..54694642a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips && linux --// +build mips,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go -index d72a00e0b..3adb81d75 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64 && linux --// +build mips64,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go -index 02ba129f8..2dfe98f0d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64le && linux --// +build mips64le,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go -index 8daa6dd96..f5398f84f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mipsle && linux --// +build mipsle,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go -index 63c8fa2f7..c54f152d6 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc && linux --// +build ppc,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go -index 930799ec1..76057dc72 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && linux --// +build ppc64,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go -index 8605a7dd7..e0c3725e2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64le && linux --// +build ppc64le,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go -index 95a016f1c..18f2813ed 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && linux --// +build riscv64,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go -@@ -228,6 +227,9 @@ const ( - PPPIOCUNBRIDGECHAN = 0x7434 - PPPIOCXFERUNIT = 0x744e - PR_SET_PTRACER_ANY = 0xffffffffffffffff -+ PTRACE_GETFDPIC = 0x21 -+ PTRACE_GETFDPIC_EXEC = 0x0 -+ PTRACE_GETFDPIC_INTERP = 0x1 - RLIMIT_AS = 0x9 - RLIMIT_MEMLOCK = 0x8 - RLIMIT_NOFILE = 0x7 -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go -index 1ae0108f5..11619d4ec 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build s390x && linux --// +build s390x,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go -index 1bb7c6333..396d994da 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build sparc64 && linux --// +build sparc64,linux - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go -index 72f7420d2..130085df4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && netbsd --// +build 386,netbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m32 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go -index 8d4eb0c08..84769a1a3 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && netbsd --// +build amd64,netbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go -index 9eef9749f..602ded003 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && netbsd --// +build arm,netbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -marm _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go -index 3b62ba192..efc0406ee 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && netbsd --// +build arm64,netbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go -index af20e474b..5a6500f83 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && openbsd --// +build 386,openbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m32 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go -index 6015fcb2b..a5aeeb979 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && openbsd --// +build amd64,openbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go -index 8d44955e4..0e9748a72 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && openbsd --// +build arm,openbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go -index ae16fe754..4f4449abc 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && openbsd --// +build arm64,openbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go -index 03d90fe35..76a363f0f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64 && openbsd --// +build mips64,openbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go -index 8e2c51b1e..43ca0cdfd 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && openbsd --// +build ppc64,openbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go -index 13d403031..b1b8bb200 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && openbsd --// +build riscv64,openbsd - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go -index 1afee6a08..d2ddd3176 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && solaris --// +build amd64,solaris - - // Code generated by cmd/cgo -godefs; DO NOT EDIT. - // cgo -godefs -- -m64 _const.go -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go -index fc7d0506f..4dfd2e051 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - // Hand edited based on zerrors_linux_s390x.go - // TODO: auto-generate. -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go -index 97f20ca28..586317c78 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go -@@ -1,8 +1,6 @@ - // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT. - - //go:build linux && (arm || arm64) --// +build linux --// +build arm arm64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go -index 0b5f79430..d7c881be7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go -@@ -1,8 +1,6 @@ - // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT. - - //go:build linux && (mips || mips64) --// +build linux --// +build mips mips64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go -index 2807f7e64..2d2de5d29 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go -@@ -1,8 +1,6 @@ - // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT. - - //go:build linux && (mipsle || mips64le) --// +build linux --// +build mipsle mips64le - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go -index 281ea64e3..5adc79fb5 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go -@@ -1,8 +1,6 @@ - // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT. - - //go:build linux && (386 || amd64) --// +build linux --// +build 386 amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go -index d1d1d2331..6ea64a3c0 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build aix && ppc --// +build aix,ppc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go -index f99a18adc..99ee4399a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build aix && ppc64 --// +build aix,ppc64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go -index c4d50ae50..b68a78362 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build aix && ppc64 && gc --// +build aix,ppc64,gc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go -index 6903d3b09..0a87450bf 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build aix && ppc64 && gccgo --// +build aix,ppc64,gccgo - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go -index 1cad561e9..ccb02f240 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build darwin && amd64 --// +build darwin,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go -index b18edbd0e..1b40b997b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build darwin && arm64 --// +build darwin,arm64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go -index 0c67df64a..aad65fc79 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build dragonfly && amd64 --// +build dragonfly,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go -index e6e05d145..c0096391a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build freebsd && 386 --// +build freebsd,386 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go -index 7508accac..7664df749 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build freebsd && amd64 --// +build freebsd,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go -index 7b56aead4..ae099182c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build freebsd && arm --// +build freebsd,arm - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go -index cc623dcaa..11fd5d45b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build freebsd && arm64 --// +build freebsd,arm64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go -index 581849197..c3d2d6530 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build freebsd && riscv64 --// +build freebsd,riscv64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go -index 6be25cd19..c698cbc01 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build illumos && amd64 --// +build illumos,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go -index 1ff3aec74..1488d2712 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go -@@ -1,7 +1,6 @@ - // Code generated by mkmerge; DO NOT EDIT. - - //go:build linux --// +build linux - - package unix - -@@ -38,6 +37,21 @@ func fchmodat(dirfd int, path string, mode uint32) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_FCHMODAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ioctl(fd int, req uint, arg uintptr) (err error) { - _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) - if e1 != 0 { -@@ -2195,3 +2209,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) { - } - return - } -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) { -+ _, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go -index 07b549cc2..4def3e9fc 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && 386 --// +build linux,386 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go -index 5f481bf83..fef2bc8ba 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && amd64 --// +build linux,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go -index 824cd52c7..a9fd76a88 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && arm --// +build linux,arm - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go -index e77aecfe9..460065028 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && arm64 --// +build linux,arm64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go -index 806ffd1e1..c8987d264 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && loong64 --// +build linux,loong64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go -index 961a3afb7..921f43061 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && mips --// +build linux,mips - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go -index ed05005e9..44f067829 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && mips64 --// +build linux,mips64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go -index d365b718f..e7fa0abf0 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && mips64le --// +build linux,mips64le - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go -index c3f1b8bbd..8c5125675 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && mipsle --// +build linux,mipsle - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go -index a6574cf98..7392fd45e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && ppc --// +build linux,ppc - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go -index f40990264..41180434e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && ppc64 --// +build linux,ppc64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go -index 9dfcc2997..40c6ce7ae 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && ppc64le --// +build linux,ppc64le - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go -index 0ab4f2ed7..2cfe34adb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && riscv64 --// +build linux,riscv64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go -index 6cde32237..61e6f0709 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && s390x --// +build linux,s390x - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go -index 5253d65bf..834b84204 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build linux && sparc64 --// +build linux,sparc64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go -index 2df3c5bac..e91ebc14a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build netbsd && 386 --// +build netbsd,386 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go -index a60556bab..be28babbc 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build netbsd && amd64 --// +build netbsd,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go -index 9f788917a..fb587e826 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build netbsd && arm --// +build netbsd,arm - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go -index 82a4cb2dc..d576438bb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build netbsd && arm64 --// +build netbsd,arm64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go -index 66b3b6456..a1d061597 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build openbsd && 386 --// +build openbsd,386 - - package unix - -@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fcntl(fd int, cmd int, arg int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_fcntl_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) - n = int(r0) -@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_getfsstat_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error - var libc_utimensat_trampoline_addr uintptr - - //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pledge(promises *byte, execpromises *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_pledge_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_pledge pledge "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func unveil(path *byte, flags *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_unveil_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_unveil unveil "libc.so" -+ -+ -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s -index 3dcacd30d..41b561731 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s -@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 - DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) - -+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_fcntl(SB) -+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB) -+ - TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 -@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 - DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) - -+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_getfsstat(SB) -+GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB) -+ - TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 - DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) -+ -+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_pledge(SB) -+GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB) -+ -+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_unveil(SB) -+GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go -index c5c4cc112..5b2a74097 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build openbsd && amd64 --// +build openbsd,amd64 - - package unix - -@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fcntl(fd int, cmd int, arg int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_fcntl_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) - n = int(r0) -@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_getfsstat_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error - var libc_utimensat_trampoline_addr uintptr - - //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pledge(promises *byte, execpromises *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_pledge_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_pledge pledge "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func unveil(path *byte, flags *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_unveil_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_unveil unveil "libc.so" -+ -+ -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s -index 2763620b0..4019a656f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s -@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 - DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) - -+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_fcntl(SB) -+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) -+ - TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 -@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 - DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) - -+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_getfsstat(SB) -+GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) -+ - TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 - DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) -+ -+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_pledge(SB) -+GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) -+ -+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_unveil(SB) -+GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go -index 93bfbb328..f6eda1344 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build openbsd && arm --// +build openbsd,arm - - package unix - -@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fcntl(fd int, cmd int, arg int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_fcntl_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) - n = int(r0) -@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_getfsstat_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error - var libc_utimensat_trampoline_addr uintptr - - //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pledge(promises *byte, execpromises *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_pledge_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_pledge pledge "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func unveil(path *byte, flags *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_unveil_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_unveil unveil "libc.so" -+ -+ -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s -index c92231404..ac4af24f9 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s -@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 - DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) - -+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_fcntl(SB) -+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB) -+ - TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 -@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 - DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) - -+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_getfsstat(SB) -+GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB) -+ - TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 - DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) -+ -+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_pledge(SB) -+GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB) -+ -+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_unveil(SB) -+GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4 -+DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go -index a107b8fda..55df20ae9 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build openbsd && arm64 --// +build openbsd,arm64 - - package unix - -@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fcntl(fd int, cmd int, arg int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_fcntl_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) - n = int(r0) -@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_getfsstat_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error - var libc_utimensat_trampoline_addr uintptr - - //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pledge(promises *byte, execpromises *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_pledge_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_pledge pledge "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func unveil(path *byte, flags *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_unveil_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_unveil unveil "libc.so" -+ -+ -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s -index a6bc32c92..f77d53212 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s -@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 - DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) - -+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_fcntl(SB) -+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) -+ - TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 -@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 - DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) - -+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_getfsstat(SB) -+GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) -+ - TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 - DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) -+ -+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_pledge(SB) -+GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) -+ -+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_unveil(SB) -+GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go -index c427de509..8c1155cbc 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build openbsd && mips64 --// +build openbsd,mips64 - - package unix - -@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fcntl(fd int, cmd int, arg int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_fcntl_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) - n = int(r0) -@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_getfsstat_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error - var libc_utimensat_trampoline_addr uintptr - - //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pledge(promises *byte, execpromises *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_pledge_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_pledge pledge "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func unveil(path *byte, flags *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_unveil_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_unveil unveil "libc.so" -+ -+ -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s -index b4e7bceab..fae140b62 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s -@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 - DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) - -+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_fcntl(SB) -+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) -+ - TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 -@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 - DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) - -+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_getfsstat(SB) -+GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) -+ - TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 - DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) -+ -+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_pledge(SB) -+GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) -+ -+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_unveil(SB) -+GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go -index 60c1a99ae..7cc80c58d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build openbsd && ppc64 --// +build openbsd,ppc64 - - package unix - -@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fcntl(fd int, cmd int, arg int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_fcntl_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) - n = int(r0) -@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_getfsstat_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error - var libc_utimensat_trampoline_addr uintptr - - //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pledge(promises *byte, execpromises *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_pledge_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_pledge pledge "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func unveil(path *byte, flags *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_unveil_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_unveil unveil "libc.so" -+ -+ -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s -index ca3f76600..9d1e0ff06 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s -@@ -213,6 +213,12 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 - DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) - -+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 -+ CALL libc_fcntl(SB) -+ RET -+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) -+ - TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 - CALL libc_ppoll(SB) - RET -@@ -801,8 +807,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 - DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) - -+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 -+ CALL libc_getfsstat(SB) -+ RET -+GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) -+ - TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 - CALL libc_utimensat(SB) - RET - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 - DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) -+ -+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 -+ CALL libc_pledge(SB) -+ RET -+GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) -+ -+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 -+ CALL libc_unveil(SB) -+ RET -+GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go -index 52eba360f..0688737f4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build openbsd && riscv64 --// +build openbsd,riscv64 - - package unix - -@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func fcntl(fd int, cmd int, arg int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_fcntl_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) - n = int(r0) -@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { -+ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_getfsstat_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error - var libc_utimensat_trampoline_addr uintptr - - //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pledge(promises *byte, execpromises *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_pledge_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_pledge pledge "libc.so" -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func unveil(path *byte, flags *byte) (err error) { -+ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+var libc_unveil_trampoline_addr uintptr -+ -+//go:cgo_import_dynamic libc_unveil unveil "libc.so" -+ -+ -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s -index 477a7d5b2..da115f9a4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s -@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 - DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) - -+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_fcntl(SB) -+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) -+ - TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 -@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 - DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) - -+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_getfsstat(SB) -+GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) -+ - TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 - DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) -+ -+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_pledge(SB) -+GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) -+ -+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 -+ JMP libc_unveil(SB) -+GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 -+DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go -index b40189464..829b87feb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build solaris && amd64 --// +build solaris,amd64 - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go -index 1d8fe1d4b..94f011238 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build zos && s390x --// +build zos,s390x - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go -index 55e048471..3a58ae819 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build 386 && openbsd --// +build 386,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go -index d2243cf83..dcb7a0eb7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build amd64 && openbsd --// +build amd64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go -index 82dc51bd8..db5a7bf13 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build arm && openbsd --// +build arm,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go -index cbdda1a4a..7be575a77 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build arm64 && openbsd --// +build arm64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go -index f55eae1a8..d6e3174c6 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build mips64 && openbsd --// +build mips64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go -index e44054470..ee97157d0 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build ppc64 && openbsd --// +build ppc64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go -index a0db82fce..35c3b91d0 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build riscv64 && openbsd --// +build riscv64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go -index f8298ff9b..5edda7687 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && darwin --// +build amd64,darwin - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go -index 5eb433bbf..0dc9e8b4d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && darwin --// +build arm64,darwin - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go -index 703675c0c..308ddf3a1 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && dragonfly --// +build amd64,dragonfly - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go -index 4e0d96107..418664e3d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && freebsd --// +build 386,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go -index 01636b838..34d0b86d7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && freebsd --// +build amd64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go -index ad99bc106..b71cf45e2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && freebsd --// +build arm,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go -index 89dcc4274..e32df1c1e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && freebsd --// +build arm64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go -index ee37aaa0c..15ad6111f 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && freebsd --// +build riscv64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go -index 9862853d3..fcf3ecbdd 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && linux --// +build 386,linux - - package unix - -@@ -448,4 +447,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go -index 8901f0f4e..f56dc2504 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && linux --// +build amd64,linux - - package unix - -@@ -370,4 +369,6 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 -+ SYS_MAP_SHADOW_STACK = 453 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go -index 6902c37ee..974bf2467 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && linux --// +build arm,linux - - package unix - -@@ -412,4 +411,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go -index a6d3dff81..39a2739e2 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && linux --// +build arm64,linux - - package unix - -@@ -315,4 +314,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go -index b18f3f710..cf9c9d77e 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build loong64 && linux --// +build loong64,linux - - package unix - -@@ -309,4 +308,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go -index 0302e5e3d..10b7362ef 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips && linux --// +build mips,linux - - package unix - -@@ -432,4 +431,5 @@ const ( - SYS_FUTEX_WAITV = 4449 - SYS_SET_MEMPOLICY_HOME_NODE = 4450 - SYS_CACHESTAT = 4451 -+ SYS_FCHMODAT2 = 4452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go -index 6693ba4a0..cd4d8b4fd 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64 && linux --// +build mips64,linux - - package unix - -@@ -362,4 +361,5 @@ const ( - SYS_FUTEX_WAITV = 5449 - SYS_SET_MEMPOLICY_HOME_NODE = 5450 - SYS_CACHESTAT = 5451 -+ SYS_FCHMODAT2 = 5452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go -index fd93f4987..2c0efca81 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64le && linux --// +build mips64le,linux - - package unix - -@@ -362,4 +361,5 @@ const ( - SYS_FUTEX_WAITV = 5449 - SYS_SET_MEMPOLICY_HOME_NODE = 5450 - SYS_CACHESTAT = 5451 -+ SYS_FCHMODAT2 = 5452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go -index 760ddcadc..a72e31d39 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mipsle && linux --// +build mipsle,linux - - package unix - -@@ -432,4 +431,5 @@ const ( - SYS_FUTEX_WAITV = 4449 - SYS_SET_MEMPOLICY_HOME_NODE = 4450 - SYS_CACHESTAT = 4451 -+ SYS_FCHMODAT2 = 4452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go -index cff2b2555..c7d1e3747 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc && linux --// +build ppc,linux - - package unix - -@@ -439,4 +438,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go -index a4b2405d0..f4d4838c8 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && linux --// +build ppc64,linux - - package unix - -@@ -411,4 +410,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go -index aca54b4e3..b64f0e591 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64le && linux --// +build ppc64le,linux - - package unix - -@@ -411,4 +410,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -index 9d1738d64..95711195a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && linux --// +build riscv64,linux - - package unix - -@@ -316,4 +315,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go -index 022878dc8..f94e943bc 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build s390x && linux --// +build s390x,linux - - package unix - -@@ -377,4 +376,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go -index 4100a761c..ba0c2bc51 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build sparc64 && linux --// +build sparc64,linux - - package unix - -@@ -390,4 +389,5 @@ const ( - SYS_FUTEX_WAITV = 449 - SYS_SET_MEMPOLICY_HOME_NODE = 450 - SYS_CACHESTAT = 451 -+ SYS_FCHMODAT2 = 452 - ) -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go -index 3a6699eba..b2aa8cd49 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && netbsd --// +build 386,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go -index 5677cd4f1..524a1b1c9 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && netbsd --// +build amd64,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go -index e784cb6db..d59b943ac 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && netbsd --// +build arm,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go -index bd4952efa..31e771d53 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; DO NOT EDIT. - - //go:build arm64 && netbsd --// +build arm64,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go -index 597733813..9fd77c6cb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && openbsd --// +build 386,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go -index 16af29189..af10af28c 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && openbsd --// +build amd64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go -index f59b18a97..cc2028af4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && openbsd --// +build arm,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go -index 721ef5910..c06dd4415 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && openbsd --// +build arm64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go -index 01c43a01f..9ddbf3e08 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64 && openbsd --// +build mips64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go -index f258cfa24..19a6ee413 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && openbsd --// +build ppc64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go -index 07919e0ec..05192a782 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && openbsd --// +build riscv64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go -index 073daad43..b2e308581 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go -index 7a8161c1d..3e6d57cae 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc && aix --// +build ppc,aix - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go -index 07ed733c5..3a219bdce 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && aix --// +build ppc64,aix - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go -index 690cefc3d..091d107f3 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && darwin --// +build amd64,darwin - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go -index 5bffc10ea..28ff4ef74 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && darwin --// +build arm64,darwin - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go -index d0ba8e9b8..30e405bb4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && dragonfly --// +build amd64,dragonfly - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go -index 29dc48337..6cbd094a3 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && freebsd --// +build 386,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go -index 0a89b2890..7c03b6ee7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && freebsd --// +build amd64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go -index c8666bb15..422107ee8 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && freebsd --// +build arm,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go -index 88fb48a88..505a12acf 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && freebsd --// +build arm64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go -index 698dc975e..cc986c790 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && freebsd --// +build riscv64,freebsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go -index 18aa70b42..bbf8399ff 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go -@@ -1,7 +1,6 @@ - // Code generated by mkmerge; DO NOT EDIT. - - //go:build linux --// +build linux - - package unix - -@@ -2672,6 +2671,7 @@ const ( - BPF_PROG_TYPE_LSM = 0x1d - BPF_PROG_TYPE_SK_LOOKUP = 0x1e - BPF_PROG_TYPE_SYSCALL = 0x1f -+ BPF_PROG_TYPE_NETFILTER = 0x20 - BPF_CGROUP_INET_INGRESS = 0x0 - BPF_CGROUP_INET_EGRESS = 0x1 - BPF_CGROUP_INET_SOCK_CREATE = 0x2 -@@ -2716,6 +2716,11 @@ const ( - BPF_PERF_EVENT = 0x29 - BPF_TRACE_KPROBE_MULTI = 0x2a - BPF_LSM_CGROUP = 0x2b -+ BPF_STRUCT_OPS = 0x2c -+ BPF_NETFILTER = 0x2d -+ BPF_TCX_INGRESS = 0x2e -+ BPF_TCX_EGRESS = 0x2f -+ BPF_TRACE_UPROBE_MULTI = 0x30 - BPF_LINK_TYPE_UNSPEC = 0x0 - BPF_LINK_TYPE_RAW_TRACEPOINT = 0x1 - BPF_LINK_TYPE_TRACING = 0x2 -@@ -2726,6 +2731,18 @@ const ( - BPF_LINK_TYPE_PERF_EVENT = 0x7 - BPF_LINK_TYPE_KPROBE_MULTI = 0x8 - BPF_LINK_TYPE_STRUCT_OPS = 0x9 -+ BPF_LINK_TYPE_NETFILTER = 0xa -+ BPF_LINK_TYPE_TCX = 0xb -+ BPF_LINK_TYPE_UPROBE_MULTI = 0xc -+ BPF_PERF_EVENT_UNSPEC = 0x0 -+ BPF_PERF_EVENT_UPROBE = 0x1 -+ BPF_PERF_EVENT_URETPROBE = 0x2 -+ BPF_PERF_EVENT_KPROBE = 0x3 -+ BPF_PERF_EVENT_KRETPROBE = 0x4 -+ BPF_PERF_EVENT_TRACEPOINT = 0x5 -+ BPF_PERF_EVENT_EVENT = 0x6 -+ BPF_F_KPROBE_MULTI_RETURN = 0x1 -+ BPF_F_UPROBE_MULTI_RETURN = 0x1 - BPF_ANY = 0x0 - BPF_NOEXIST = 0x1 - BPF_EXIST = 0x2 -@@ -2743,6 +2760,8 @@ const ( - BPF_F_MMAPABLE = 0x400 - BPF_F_PRESERVE_ELEMS = 0x800 - BPF_F_INNER_MAP = 0x1000 -+ BPF_F_LINK = 0x2000 -+ BPF_F_PATH_FD = 0x4000 - BPF_STATS_RUN_TIME = 0x0 - BPF_STACK_BUILD_ID_EMPTY = 0x0 - BPF_STACK_BUILD_ID_VALID = 0x1 -@@ -2763,6 +2782,7 @@ const ( - BPF_F_ZERO_CSUM_TX = 0x2 - BPF_F_DONT_FRAGMENT = 0x4 - BPF_F_SEQ_NUMBER = 0x8 -+ BPF_F_NO_TUNNEL_KEY = 0x10 - BPF_F_TUNINFO_FLAGS = 0x10 - BPF_F_INDEX_MASK = 0xffffffff - BPF_F_CURRENT_CPU = 0xffffffff -@@ -2779,6 +2799,8 @@ const ( - BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10 - BPF_F_ADJ_ROOM_NO_CSUM_RESET = 0x20 - BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 0x40 -+ BPF_F_ADJ_ROOM_DECAP_L3_IPV4 = 0x80 -+ BPF_F_ADJ_ROOM_DECAP_L3_IPV6 = 0x100 - BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff - BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38 - BPF_F_SYSCTL_BASE_NAME = 0x1 -@@ -2867,6 +2889,8 @@ const ( - BPF_DEVCG_DEV_CHAR = 0x2 - BPF_FIB_LOOKUP_DIRECT = 0x1 - BPF_FIB_LOOKUP_OUTPUT = 0x2 -+ BPF_FIB_LOOKUP_SKIP_NEIGH = 0x4 -+ BPF_FIB_LOOKUP_TBID = 0x8 - BPF_FIB_LKUP_RET_SUCCESS = 0x0 - BPF_FIB_LKUP_RET_BLACKHOLE = 0x1 - BPF_FIB_LKUP_RET_UNREACHABLE = 0x2 -@@ -2902,6 +2926,7 @@ const ( - BPF_CORE_ENUMVAL_EXISTS = 0xa - BPF_CORE_ENUMVAL_VALUE = 0xb - BPF_CORE_TYPE_MATCHES = 0xc -+ BPF_F_TIMER_ABS = 0x1 - ) - - const ( -@@ -2980,6 +3005,12 @@ type LoopInfo64 struct { - Encrypt_key [32]uint8 - Init [2]uint64 - } -+type LoopConfig struct { -+ Fd uint32 -+ Size uint32 -+ Info LoopInfo64 -+ _ [8]uint64 -+} - - type TIPCSocketAddr struct { - Ref uint32 -@@ -5883,3 +5914,15 @@ type SchedAttr struct { - } - - const SizeofSchedAttr = 0x38 -+ -+type Cachestat_t struct { -+ Cache uint64 -+ Dirty uint64 -+ Writeback uint64 -+ Evicted uint64 -+ Recently_evicted uint64 -+} -+type CachestatRange struct { -+ Off uint64 -+ Len uint64 -+} -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -index 6d8acbcc5..438a30aff 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && linux --// +build 386,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -index 59293c688..adceca355 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && linux --// +build amd64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -index 40cfa38c2..eeaa00a37 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && linux --// +build arm,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -index 055bc4216..6739aa91d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && linux --// +build arm64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go -index f28affbc6..9920ef631 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build loong64 && linux --// +build loong64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -index 9d71e7ccd..2923b799a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips && linux --// +build mips,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -index fd5ccd332..ce2750ee4 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64 && linux --// +build mips64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -index 7704de77a..3038811d7 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64le && linux --// +build mips64le,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -index df00b8757..efc6fed18 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mipsle && linux --// +build mipsle,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go -index 0942840db..9a654b75a 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc && linux --// +build ppc,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -index 034874395..40d358e33 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && linux --// +build ppc64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -index bad067047..148c6ceb8 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64le && linux --// +build ppc64le,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -index 1b4c97c32..72ba81543 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && linux --// +build riscv64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -index aa268d025..71e765508 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build s390x && linux --// +build s390x,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -index 444045b6c..4abbdb9de 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build sparc64 && linux --// +build sparc64,linux - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go -index 9bc4c8f9d..f22e7947d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && netbsd --// +build 386,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go -index bb05f655d..066a7d83d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && netbsd --// +build amd64,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go -index db40e3a19..439548ec9 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && netbsd --// +build arm,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go -index 11121151c..16085d3bb 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && netbsd --// +build arm64,netbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go -index 26eba23b7..afd13a3af 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build 386 && openbsd --// +build 386,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go -index 5a5479886..5d97f1f9b 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && openbsd --// +build amd64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go -index be58c4e1f..34871cdc1 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm && openbsd --// +build arm,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go -index 52338266c..5911bceb3 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build arm64 && openbsd --// +build arm64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go -index 605cfdb12..e4f24f3bc 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build mips64 && openbsd --// +build mips64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go -index d6724c010..ca50a7930 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build ppc64 && openbsd --// +build ppc64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go -index ddfd27a43..d7d7f7902 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build riscv64 && openbsd --// +build riscv64,openbsd - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go -index 0400747c6..14160576d 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go -@@ -2,7 +2,6 @@ - // Code generated by the command above; see README.md. DO NOT EDIT. - - //go:build amd64 && solaris --// +build amd64,solaris - - package unix - -diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go -index aec1efcb3..54f31be63 100644 ---- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go -+++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build zos && s390x --// +build zos,s390x - - // Hand edited based on ztypes_linux_s390x.go - // TODO: auto-generate. -diff --git a/go-controller/vendor/golang.org/x/sys/windows/aliases.go b/go-controller/vendor/golang.org/x/sys/windows/aliases.go -index a20ebea63..ce2d713d6 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/aliases.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/aliases.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows && go1.9 --// +build windows,go1.9 - - package windows - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/empty.s b/go-controller/vendor/golang.org/x/sys/windows/empty.s -index fdbbbcd31..ba64caca5 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/empty.s -+++ b/go-controller/vendor/golang.org/x/sys/windows/empty.s -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build !go1.12 --// +build !go1.12 - - // This file is here to allow bodyless functions with go:linkname for Go 1.11 - // and earlier (see https://golang.org/issue/23311). -diff --git a/go-controller/vendor/golang.org/x/sys/windows/eventlog.go b/go-controller/vendor/golang.org/x/sys/windows/eventlog.go -index 2cd60645e..6c366955d 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/eventlog.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/eventlog.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - package windows - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go b/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go -index 8563f79c5..dbcdb090c 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build generate --// +build generate - - package windows - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/race.go b/go-controller/vendor/golang.org/x/sys/windows/race.go -index 9196b089c..0f1bdc386 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/race.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/race.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows && race --// +build windows,race - - package windows - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/race0.go b/go-controller/vendor/golang.org/x/sys/windows/race0.go -index 7bae4817a..0c78da78b 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/race0.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/race0.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows && !race --// +build windows,!race - - package windows - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/key.go b/go-controller/vendor/golang.org/x/sys/windows/registry/key.go -index 6c8d97b6a..fd8632444 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/registry/key.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/registry/key.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - // Package registry provides access to the Windows registry. - // -diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go -index ee74927d3..bbf86ccf0 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build generate --// +build generate - - package registry - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go b/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go -index 417335123..f533091c1 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - package registry - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/value.go b/go-controller/vendor/golang.org/x/sys/windows/registry/value.go -index 2789f6f18..74db26b94 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/registry/value.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/registry/value.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - package registry - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/service.go b/go-controller/vendor/golang.org/x/sys/windows/service.go -index c44a1b963..a9dc6308d 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/service.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/service.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - package windows - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/str.go b/go-controller/vendor/golang.org/x/sys/windows/str.go -index 4fc01434e..6a4f9ce6a 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/str.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/str.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - package windows - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/svc/security.go b/go-controller/vendor/golang.org/x/sys/windows/svc/security.go -index 1c51006ea..6a1f3c627 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/svc/security.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/svc/security.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - package svc - -diff --git a/go-controller/vendor/golang.org/x/sys/windows/svc/service.go b/go-controller/vendor/golang.org/x/sys/windows/svc/service.go -index e9e47f0b4..c96932d96 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/svc/service.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/svc/service.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - // Package svc provides everything required to build Windows service. - package svc -diff --git a/go-controller/vendor/golang.org/x/sys/windows/syscall.go b/go-controller/vendor/golang.org/x/sys/windows/syscall.go -index 8732cdb95..e85ed6b9c 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/syscall.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/syscall.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build windows --// +build windows - - // Package windows contains an interface to the low-level operating system - // primitives. OS details vary depending on the underlying system, and -diff --git a/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go b/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go -index 35cfc57ca..47dc57967 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go -@@ -155,6 +155,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { - //sys GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW - //sys GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW - //sys SetDefaultDllDirectories(directoryFlags uint32) (err error) -+//sys AddDllDirectory(path *uint16) (cookie uintptr, err error) = kernel32.AddDllDirectory -+//sys RemoveDllDirectory(cookie uintptr) (err error) = kernel32.RemoveDllDirectory - //sys SetDllDirectory(path string) (err error) = kernel32.SetDllDirectoryW - //sys GetVersion() (ver uint32, err error) - //sys FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW -@@ -233,6 +235,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { - //sys CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock - //sys DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock - //sys getTickCount64() (ms uint64) = kernel32.GetTickCount64 -+//sys GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) - //sys SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) - //sys GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW - //sys SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW -@@ -969,7 +972,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) { - if n > 0 { - sl += int32(n) + 1 - } -- if sa.raw.Path[0] == '@' { -+ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { -+ // Check sl > 3 so we don't change unnamed socket behavior. - sa.raw.Path[0] = 0 - // Don't count trailing NUL for abstract address. - sl-- -diff --git a/go-controller/vendor/golang.org/x/sys/windows/types_windows.go b/go-controller/vendor/golang.org/x/sys/windows/types_windows.go -index b88dc7c85..359780f6a 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/types_windows.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/types_windows.go -@@ -1094,7 +1094,33 @@ const ( - - SOMAXCONN = 0x7fffffff - -- TCP_NODELAY = 1 -+ TCP_NODELAY = 1 -+ TCP_EXPEDITED_1122 = 2 -+ TCP_KEEPALIVE = 3 -+ TCP_MAXSEG = 4 -+ TCP_MAXRT = 5 -+ TCP_STDURG = 6 -+ TCP_NOURG = 7 -+ TCP_ATMARK = 8 -+ TCP_NOSYNRETRIES = 9 -+ TCP_TIMESTAMPS = 10 -+ TCP_OFFLOAD_PREFERENCE = 11 -+ TCP_CONGESTION_ALGORITHM = 12 -+ TCP_DELAY_FIN_ACK = 13 -+ TCP_MAXRTMS = 14 -+ TCP_FASTOPEN = 15 -+ TCP_KEEPCNT = 16 -+ TCP_KEEPIDLE = TCP_KEEPALIVE -+ TCP_KEEPINTVL = 17 -+ TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18 -+ TCP_ICMP_ERROR_INFO = 19 -+ -+ UDP_NOCHECKSUM = 1 -+ UDP_SEND_MSG_SIZE = 2 -+ UDP_RECV_MAX_COALESCED_SIZE = 3 -+ UDP_CHECKSUM_COVERAGE = 20 -+ -+ UDP_COALESCED_INFO = 3 - - SHUT_RD = 0 - SHUT_WR = 1 -diff --git a/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go -index 8b1688de4..146a1f019 100644 ---- a/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go -+++ b/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go -@@ -184,6 +184,7 @@ var ( - procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") - procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") - procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") -+ procAddDllDirectory = modkernel32.NewProc("AddDllDirectory") - procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") - procCancelIo = modkernel32.NewProc("CancelIo") - procCancelIoEx = modkernel32.NewProc("CancelIoEx") -@@ -253,6 +254,7 @@ var ( - procGetFileAttributesW = modkernel32.NewProc("GetFileAttributesW") - procGetFileInformationByHandle = modkernel32.NewProc("GetFileInformationByHandle") - procGetFileInformationByHandleEx = modkernel32.NewProc("GetFileInformationByHandleEx") -+ procGetFileTime = modkernel32.NewProc("GetFileTime") - procGetFileType = modkernel32.NewProc("GetFileType") - procGetFinalPathNameByHandleW = modkernel32.NewProc("GetFinalPathNameByHandleW") - procGetFullPathNameW = modkernel32.NewProc("GetFullPathNameW") -@@ -329,6 +331,7 @@ var ( - procReadProcessMemory = modkernel32.NewProc("ReadProcessMemory") - procReleaseMutex = modkernel32.NewProc("ReleaseMutex") - procRemoveDirectoryW = modkernel32.NewProc("RemoveDirectoryW") -+ procRemoveDllDirectory = modkernel32.NewProc("RemoveDllDirectory") - procResetEvent = modkernel32.NewProc("ResetEvent") - procResizePseudoConsole = modkernel32.NewProc("ResizePseudoConsole") - procResumeThread = modkernel32.NewProc("ResumeThread") -@@ -1604,6 +1607,15 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) { - return - } - -+func AddDllDirectory(path *uint16) (cookie uintptr, err error) { -+ r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) -+ cookie = uintptr(r0) -+ if cookie == 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func AssignProcessToJobObject(job Handle, process Handle) (err error) { - r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0) - if r1 == 0 { -@@ -2185,6 +2197,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, - return - } - -+func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) { -+ r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0) -+ if r1 == 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func GetFileType(filehandle Handle) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0) - n = uint32(r0) -@@ -2870,6 +2890,14 @@ func RemoveDirectory(path *uint16) (err error) { - return - } - -+func RemoveDllDirectory(cookie uintptr) (err error) { -+ r1, _, e1 := syscall.Syscall(procRemoveDllDirectory.Addr(), 1, uintptr(cookie), 0, 0) -+ if r1 == 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func ResetEvent(event Handle) (err error) { - r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0) - if r1 == 0 { -diff --git a/go-controller/vendor/golang.org/x/term/term_unix.go b/go-controller/vendor/golang.org/x/term/term_unix.go -index 62c2b3f41..1ad0ddfe3 100644 ---- a/go-controller/vendor/golang.org/x/term/term_unix.go -+++ b/go-controller/vendor/golang.org/x/term/term_unix.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos --// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos - - package term - -diff --git a/go-controller/vendor/golang.org/x/term/term_unix_bsd.go b/go-controller/vendor/golang.org/x/term/term_unix_bsd.go -index 853b3d698..9dbf54629 100644 ---- a/go-controller/vendor/golang.org/x/term/term_unix_bsd.go -+++ b/go-controller/vendor/golang.org/x/term/term_unix_bsd.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build darwin || dragonfly || freebsd || netbsd || openbsd --// +build darwin dragonfly freebsd netbsd openbsd - - package term - -diff --git a/go-controller/vendor/golang.org/x/term/term_unix_other.go b/go-controller/vendor/golang.org/x/term/term_unix_other.go -index 1e8955c93..1b36de799 100644 ---- a/go-controller/vendor/golang.org/x/term/term_unix_other.go -+++ b/go-controller/vendor/golang.org/x/term/term_unix_other.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build aix || linux || solaris || zos --// +build aix linux solaris zos - - package term - -diff --git a/go-controller/vendor/golang.org/x/term/term_unsupported.go b/go-controller/vendor/golang.org/x/term/term_unsupported.go -index f1df85065..3c409e588 100644 ---- a/go-controller/vendor/golang.org/x/term/term_unsupported.go -+++ b/go-controller/vendor/golang.org/x/term/term_unsupported.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !zos && !windows && !solaris && !plan9 --// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!zos,!windows,!solaris,!plan9 - - package term - -diff --git a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go -index 8a7392c4a..784bb8808 100644 ---- a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build go1.10 --// +build go1.10 - - package bidirule - -diff --git a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go -index bb0a92001..8e1e94395 100644 ---- a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go -@@ -3,7 +3,6 @@ - // license that can be found in the LICENSE file. - - //go:build !go1.10 --// +build !go1.10 - - package bidirule - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go -index 42fa8d72c..d2bd71181 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.10 && !go1.13 --// +build go1.10,!go1.13 - - package bidi - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go -index 56a0e1ea2..f76bdca27 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.13 && !go1.14 --// +build go1.13,!go1.14 - - package bidi - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go -index baacf32b4..3aa2c3bdf 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.14 && !go1.16 --// +build go1.14,!go1.16 - - package bidi - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go -index ffadb7beb..a71375790 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.16 && !go1.21 --// +build go1.16,!go1.21 - - package bidi - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go -index 92cce5802..f15746f7d 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.21 --// +build go1.21 - - package bidi - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go -index f517fdb20..c164d3791 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build !go1.10 --// +build !go1.10 - - package bidi - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go -index f5a078827..1af161c75 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.10 && !go1.13 --// +build go1.10,!go1.13 - - package norm - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go -index cb7239c43..eb73ecc37 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.13 && !go1.14 --// +build go1.13,!go1.14 - - package norm - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go -index 11b273300..276cb8d8c 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.14 && !go1.16 --// +build go1.14,!go1.16 - - package norm - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go -index f65785e8a..0cceffd73 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.16 && !go1.21 --// +build go1.16,!go1.21 - - package norm - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go -index e1858b879..b0819e42d 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build go1.21 --// +build go1.21 - - package norm - -diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go -index 0175eae50..bf65457d9 100644 ---- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go -+++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go -@@ -1,7 +1,6 @@ - // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - - //go:build !go1.10 --// +build !go1.10 - - package norm - -diff --git a/go-controller/vendor/k8s.io/client-go/informers/factory.go b/go-controller/vendor/k8s.io/client-go/informers/factory.go -index 9fc86441a..7dd0ae635 100644 ---- a/go-controller/vendor/k8s.io/client-go/informers/factory.go -+++ b/go-controller/vendor/k8s.io/client-go/informers/factory.go -@@ -60,7 +60,6 @@ type sharedInformerFactory struct { - lock sync.Mutex - defaultResync time.Duration - customResync map[reflect.Type]time.Duration -- transform cache.TransformFunc - - informers map[reflect.Type]cache.SharedIndexInformer - // startedInformers is used for tracking which informers have been started. -@@ -99,14 +98,6 @@ func WithNamespace(namespace string) SharedInformerOption { - } - } - --// WithTransform sets a transform on all informers. --func WithTransform(transform cache.TransformFunc) SharedInformerOption { -- return func(factory *sharedInformerFactory) *sharedInformerFactory { -- factory.transform = transform -- return factory -- } --} -- - // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. - func NewSharedInformerFactory(client kubernetes.Interface, defaultResync time.Duration) SharedInformerFactory { - return NewSharedInformerFactoryWithOptions(client, defaultResync) -@@ -211,7 +202,6 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal - } - - informer = newFunc(f.client, resyncPeriod) -- informer.SetTransform(f.transform) - f.informers[informerType] = informer - - return informer -diff --git a/go-controller/vendor/modules.txt b/go-controller/vendor/modules.txt -index c88f00fa8..a9683f0a0 100644 ---- a/go-controller/vendor/modules.txt -+++ b/go-controller/vendor/modules.txt -@@ -385,8 +385,8 @@ go.opencensus.io/internal - go.opencensus.io/trace - go.opencensus.io/trace/internal - go.opencensus.io/trace/tracestate --# golang.org/x/crypto v0.14.0 --## explicit; go 1.17 -+# golang.org/x/crypto v0.17.0 -+## explicit; go 1.18 - golang.org/x/crypto/ed25519 - # golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb - ## explicit; go 1.20 -@@ -420,19 +420,19 @@ golang.org/x/oauth2/internal - # golang.org/x/sync v0.2.0 - ## explicit - golang.org/x/sync/errgroup --# golang.org/x/sys v0.13.0 --## explicit; go 1.17 -+# golang.org/x/sys v0.15.0 -+## explicit; go 1.18 - golang.org/x/sys/execabs - golang.org/x/sys/plan9 - golang.org/x/sys/unix - golang.org/x/sys/windows - golang.org/x/sys/windows/registry - golang.org/x/sys/windows/svc --# golang.org/x/term v0.13.0 --## explicit; go 1.17 -+# golang.org/x/term v0.15.0 -+## explicit; go 1.18 - golang.org/x/term --# golang.org/x/text v0.13.0 --## explicit; go 1.17 -+# golang.org/x/text v0.14.0 -+## explicit; go 1.18 - golang.org/x/text/encoding - golang.org/x/text/encoding/charmap - golang.org/x/text/encoding/htmlindex --- -2.43.0 - diff --git a/images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch b/images/ovn/patches/ovn-kubernetes/0003-stop-creating-ovnkube-eps.patch similarity index 100% rename from images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch rename to images/ovn/patches/ovn-kubernetes/0003-stop-creating-ovnkube-eps.patch From 19c6c8ab76b9a347c4929676a91bf429ed8e0fd5 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Thu, 18 Apr 2024 01:47:10 -0400 Subject: [PATCH 14/45] [stable/zed] Refactor image tags to be dynamic (#1122) In order to simplify backporting and branching of new releases, this patch relies on the Zuul branch when building images so that we can easily branch out a new release and it will automatically pick up the images. Closes: #1121 --- Dockerfile | 4 +- build/pin-images.py | 15 +- images/barbican/Dockerfile | 6 +- images/cinder/Dockerfile | 6 +- images/designate/Dockerfile | 6 +- images/glance/Dockerfile | 6 +- images/heat/Dockerfile | 6 +- images/horizon/Dockerfile | 6 +- images/ironic/Dockerfile | 6 +- images/keepalived/Dockerfile | 4 +- images/keystone/Dockerfile | 6 +- images/libvirtd/Dockerfile | 4 +- images/magnum/Dockerfile | 8 +- images/manila/Dockerfile | 6 +- images/netoffload/Dockerfile | 4 +- images/neutron/Dockerfile | 6 +- images/nova-ssh/Dockerfile | 4 +- images/nova/Dockerfile | 6 +- images/octavia/Dockerfile | 6 +- images/openstack-runtime/Dockerfile | 4 +- images/openstack-venv-builder/Dockerfile | 6 +- images/ovn/Dockerfile | 4 +- images/placement/Dockerfile | 6 +- images/python-base/Dockerfile | 4 +- images/senlin/Dockerfile | 6 +- images/staffeln/Dockerfile | 6 +- images/tempest/Dockerfile | 6 +- images/ubuntu-cloud-archive/Dockerfile | 4 +- roles/defaults/vars/main.yml | 234 +++++++++--------- zuul.d/container-images/barbican.yaml | 3 +- zuul.d/container-images/cinder.yaml | 3 +- .../cluster-api-provider-openstack.yaml | 2 +- zuul.d/container-images/designate.yaml | 3 +- zuul.d/container-images/glance.yaml | 3 +- zuul.d/container-images/heat.yaml | 3 +- zuul.d/container-images/horizon.yaml | 3 +- zuul.d/container-images/ironic.yaml | 3 +- zuul.d/container-images/keepalived.yaml | 4 +- zuul.d/container-images/keystone.yaml | 3 +- .../kubernetes-entrypoint.yaml | 2 +- .../container-images/libvirt-tls-sidecar.yaml | 4 +- zuul.d/container-images/libvirtd.yaml | 3 +- zuul.d/container-images/magnum.yaml | 3 +- zuul.d/container-images/manila.yaml | 3 +- zuul.d/container-images/netoffload.yaml | 4 +- zuul.d/container-images/neutron.yaml | 3 +- zuul.d/container-images/nova-ssh.yaml | 3 +- zuul.d/container-images/nova.yaml | 3 +- zuul.d/container-images/octavia.yaml | 3 +- .../openstack-python-runtime.yaml | 5 +- .../container-images/openstack-runtime.yaml | 4 +- .../openstack-venv-builder.yaml | 4 +- zuul.d/container-images/openvswitch.yaml | 2 +- zuul.d/container-images/ovn.yaml | 6 +- zuul.d/container-images/placement.yaml | 3 +- zuul.d/container-images/python-base.yaml | 4 +- zuul.d/container-images/senlin.yaml | 3 +- zuul.d/container-images/staffeln.yaml | 3 +- zuul.d/container-images/tempest.yaml | 3 +- .../ubuntu-cloud-archive.yaml | 4 +- zuul.d/container-images/ubuntu.yaml | 4 +- zuul.d/playbooks/molecule/pre.yml | 5 +- 62 files changed, 293 insertions(+), 213 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4b74bee9b..278b4189c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,8 @@ # License for the specific language governing permissions and limitations # under the License. +ARG RELEASE + FROM golang:1.21 AS go-builder COPY go.mod go.sum /src/ WORKDIR /src @@ -22,6 +24,6 @@ COPY cmd/ /src/cmd/ COPY internal/ /src/internal/ RUN go build -o main ./cmd/libvirt-tls-sidecar/main.go -FROM registry.atmosphere.dev/library/ubuntu:zed AS libvirt-tls-sidecar +FROM registry.atmosphere.dev/library/ubuntu:${RELEASE} AS libvirt-tls-sidecar COPY --from=libvirt-tls-sidecar-builder /src/main /usr/bin/libvirt-tls-sidecar ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"] diff --git a/build/pin-images.py b/build/pin-images.py index d35ca6519..8818f2c1a 100755 --- a/build/pin-images.py +++ b/build/pin-images.py @@ -129,12 +129,6 @@ def main(): parser.add_argument( "dst", help="Path for output file", type=argparse.FileType("r+") ) - parser.add_argument( - "-r", - "--registry", - default="ghcr.io/vexxhost/atmosphere", - help="Registry containing Atmosphere images", - ) args = parser.parse_args() @@ -145,15 +139,8 @@ def main(): if image in SKIP_IMAGE_LIST: continue - # NOTE(mnaser): If we're in CI, only pin the Atmosphere images - if ( - "registry.atmosphere.dev" in args.registry - and "ghcr.io/vexxhost/atmosphere" not in data["_atmosphere_images"][image] - ): - continue - image_src = data["_atmosphere_images"][image].replace( - "ghcr.io/vexxhost/atmosphere", args.registry + "{{ atmosphere_release }}", data["atmosphere_release"] ) pinned_image = get_pinned_image(image_src) diff --git a/images/barbican/Dockerfile b/images/barbican/Dockerfile index e12147859..743ec32c9 100644 --- a/images/barbican/Dockerfile +++ b/images/barbican/Dockerfile @@ -12,7 +12,9 @@ # License for the specific language governing permissions and limitations # under the License. -FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG RELEASE + +FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build ARG BARBICAN_GIT_REF=7d6749fcb1ad16a3350de82cd8e523d5b55306f8 ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src/barbican RUN git -C /src/barbican fetch --unshallow @@ -23,5 +25,5 @@ pip3 install \ pykmip EOF -FROM registry.atmosphere.dev/library/openstack-python-runtime:zed +FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE} COPY --from=build --link /var/lib/openstack /var/lib/openstack diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile index 4c8f153ce..f954b3a25 100644 --- a/images/cinder/Dockerfile +++ b/images/cinder/Dockerfile @@ -12,7 +12,9 @@ # License for the specific language governing permissions and limitations # under the License. -FROM registry.atmosphere.dev/library/openstack-venv-builder:zed AS build +ARG RELEASE + +FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build ARG CINDER_GIT_REF=f74e2729554bee01b0a3e631a8001bb39e540433 ADD --keep-git-dir=true https://opendev.org/openstack/cinder.git#${CINDER_GIT_REF} /src/cinder RUN git -C /src/cinder fetch --unshallow @@ -23,7 +25,7 @@ pip3 install \ purestorage EOF -FROM registry.atmosphere.dev/library/openstack-python-runtime:zed +FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE} RUN < Date: Thu, 18 Apr 2024 23:36:25 -0400 Subject: [PATCH 15/45] [stable/zed] Ignore value_overrides in patches (#1132) This is an automated cherry-pick of #1130 /assign mnaser --- build/sync-charts.py | 1 + 1 file changed, 1 insertion(+) diff --git a/build/sync-charts.py b/build/sync-charts.py index ce32da072..577c8fc4e 100644 --- a/build/sync-charts.py +++ b/build/sync-charts.py @@ -96,6 +96,7 @@ async def patch(input: bytes, path: aiopath.AsyncPath): textwrap.dedent( f"""\ {path.name}/Chart.yaml + {path.name}/values_overrides/* """ ) .strip() From ffe63e79c0fb03c45a8776cc858587d58154e856 Mon Sep 17 00:00:00 2001 From: Rico Lin Date: Sat, 20 Apr 2024 03:13:24 +0800 Subject: [PATCH 16/45] [stable/zed] chore: add cinder rbd tunning patches to zed (#1139) relate to #1016 --- images/cinder/Dockerfile | 2 + ...te-encrypted-volumes-directly-to-RBD.patch | 146 ++++++++ ...-encrypted-image-to-encrypted-volume.patch | 130 +++++++ ...ypted-volume-clone-from-Glance-image.patch | 320 ++++++++++++++++++ 4 files changed, 598 insertions(+) create mode 100644 images/cinder/patches/cinder/0001-Create-encrypted-volumes-directly-to-RBD.patch create mode 100644 images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch create mode 100644 images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile index f954b3a25..4d5addf97 100644 --- a/images/cinder/Dockerfile +++ b/images/cinder/Dockerfile @@ -18,6 +18,8 @@ FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build ARG CINDER_GIT_REF=f74e2729554bee01b0a3e631a8001bb39e540433 ADD --keep-git-dir=true https://opendev.org/openstack/cinder.git#${CINDER_GIT_REF} /src/cinder RUN git -C /src/cinder fetch --unshallow +COPY patches/cinder /patches/cinder +RUN git -C /src/cinder apply --verbose /patches/cinder/* RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < +Date: Fri, 1 Mar 2024 13:50:13 +0800 +Subject: [PATCH 1/3] Create encrypted volumes directly to RBD + +This fix slow on create encrypted volumes with temp file import. +Encrypted volume create is now directly upload to RBD with qemu-img +command without temprory image file generated. + +Closes-Bug: #2055517 +Change-Id: If7a72a4acd5600de1350289a9d9c38017d42659e +--- + cinder/tests/unit/volume/drivers/test_rbd.py | 9 +-- + cinder/volume/drivers/rbd.py | 62 +++++++++---------- + ...ate-encrypted-volume-c1bb6b44b85c0242.yaml | 7 +++ + 3 files changed, 40 insertions(+), 38 deletions(-) + create mode 100644 releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml + +diff --git a/cinder/tests/unit/volume/drivers/test_rbd.py b/cinder/tests/unit/volume/drivers/test_rbd.py +index 57dae3af1..38ceaf27f 100644 +--- a/cinder/tests/unit/volume/drivers/test_rbd.py ++++ b/cinder/tests/unit/volume/drivers/test_rbd.py +@@ -3247,7 +3247,6 @@ class RBDTestCase(test.TestCase): + self.__dict__ = d + + mock_temp_file.return_value.__enter__.side_effect = [ +- DictObj({'name': '/imgfile'}), + DictObj({'name': '/passfile'})] + + key_mgr = fake_keymgr.fake_api() +@@ -3268,15 +3267,13 @@ class RBDTestCase(test.TestCase): + self.context) + mock_open.assert_called_with('/passfile', 'w') + +- mock_exec.assert_any_call( ++ mock_exec.assert_called_with( + 'qemu-img', 'create', '-f', 'luks', '-o', + 'cipher-alg=aes-256,cipher-mode=xts,ivgen-alg=essiv', + '--object', + 'secret,id=luks_sec,format=raw,file=/passfile', +- '-o', 'key-secret=luks_sec', '/imgfile', '12288M') +- mock_exec.assert_any_call( +- 'rbd', 'import', '--dest-pool', 'rbd', '--order', 22, +- '/imgfile', self.volume_c.name) ++ '-o', 'key-secret=luks_sec', 'rbd:rbd/%s' % self.volume_c.name, ++ '12288M') + + @mock.patch('cinder.objects.Volume.get_by_id') + @mock.patch('cinder.db.volume_glance_metadata_get', return_value={}) +diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py +index 6cc86c2c5..b883ee47a 100644 +--- a/cinder/volume/drivers/rbd.py ++++ b/cinder/volume/drivers/rbd.py +@@ -1087,8 +1087,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + context: context.RequestContext) -> None: + """Create an encrypted volume. + +- This works by creating an encrypted image locally, +- and then uploading it to the volume. ++ This works by creating an encrypted image and ++ then uploading it to the volume directly. + """ + encryption = volume_utils.check_encryption_provider(volume, context) + +@@ -1100,37 +1100,35 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + # create a file + tmp_dir = volume_utils.image_conversion_dir() + +- with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_image: +- with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_key: +- with open(tmp_key.name, 'w') as f: +- f.write(passphrase) +- +- cipher_spec = image_utils.decode_cipher(encryption['cipher'], +- encryption['key_size']) +- +- create_cmd = ( +- 'qemu-img', 'create', '-f', 'luks', +- '-o', 'cipher-alg=%(cipher_alg)s,' +- 'cipher-mode=%(cipher_mode)s,' +- 'ivgen-alg=%(ivgen_alg)s' % cipher_spec, +- '--object', 'secret,id=luks_sec,' +- 'format=raw,file=%(passfile)s' % {'passfile': +- tmp_key.name}, +- '-o', 'key-secret=luks_sec', +- tmp_image.name, +- '%sM' % (volume.size * 1024)) +- self._execute(*create_cmd) +- +- # Copy image into RBD +- chunk_size = self.configuration.rbd_store_chunk_size * units.Mi +- order = int(math.log(chunk_size, 2)) ++ with tempfile.NamedTemporaryFile(dir=tmp_dir) as tmp_key: ++ with open(tmp_key.name, 'w') as f: ++ f.write(passphrase) + +- cmd = ['rbd', 'import', +- '--dest-pool', self.configuration.rbd_pool, +- '--order', order, +- tmp_image.name, volume.name] +- cmd.extend(self._ceph_args()) +- self._execute(*cmd) ++ cipher_spec = image_utils.decode_cipher(encryption['cipher'], ++ encryption['key_size']) ++ ++ _, conf, user_id, _ = self._get_config_tuple() ++ rbd_options = '' ++ if user_id: ++ rbd_options += ':id=%(user_id)s' % {'user_id': user_id} ++ if conf: ++ rbd_options += ':conf=%(conf)s' % {'conf': conf} ++ create_cmd = ( ++ 'qemu-img', 'create', '-f', 'luks', ++ '-o', 'cipher-alg=%(cipher_alg)s,' ++ 'cipher-mode=%(cipher_mode)s,' ++ 'ivgen-alg=%(ivgen_alg)s' % cipher_spec, ++ '--object', 'secret,id=luks_sec,' ++ 'format=raw,file=%(passfile)s' % {'passfile': ++ tmp_key.name}, ++ '-o', 'key-secret=luks_sec', ++ 'rbd:%(pool_name)s/%(image_name)s%(rbd_options)s' % { ++ 'pool_name': self.configuration.rbd_pool, ++ 'image_name': volume.name, ++ 'rbd_options': rbd_options ++ }, ++ '%sM' % (volume.size * 1024)) ++ self._execute(*create_cmd) + + def create_volume(self, volume: Volume) -> dict[str, Any]: + """Creates a logical volume.""" +diff --git a/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml b/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml +new file mode 100644 +index 000000000..8bdff6746 +--- /dev/null ++++ b/releasenotes/notes/improve-create-encrypted-volume-c1bb6b44b85c0242.yaml +@@ -0,0 +1,7 @@ ++--- ++fixes: ++ - | ++ [Bug 255517](https://bugs.launchpad.net/cinder/+bug/2055517): Fix slow ++ on create encrypted volumes with temp file import. Encrypted volume create ++ is now directly upload to rbd with qemu-img command without temprory image ++ file generated. +-- +2.25.1 + diff --git a/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch b/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch new file mode 100644 index 000000000..60c75d17c --- /dev/null +++ b/images/cinder/patches/cinder/0002-Allow-clone-encrypted-image-to-encrypted-volume.patch @@ -0,0 +1,130 @@ +From 410d45106cfc20c064380c3914ff8c2cd41a1a5e Mon Sep 17 00:00:00 2001 +From: ricolin +Date: Sat, 16 Mar 2024 00:35:12 +0800 +Subject: [PATCH 2/3] Allow clone encrypted image to encrypted volume + +Exactly like what we did in copy-and-import image when create encrypted +volume from encrypted image. If the image is encrypted, we will copy +`cinder_encryption_key_id` from image metadata to volume. That means we +should be safe to try directly clone from encrypted image. + +Related-Bug: #2055517 +Change-Id: Id6a1452c2c197a58677bf181470f54565fbd263b +--- + .../volume/flows/test_create_volume_flow.py | 46 +++++++++++++++++++ + cinder/volume/flows/manager/create_volume.py | 9 +++- + ...clone-encryped-image-6961ca1439825dc4.yaml | 8 ++++ + 3 files changed, 61 insertions(+), 2 deletions(-) + create mode 100644 releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml + +diff --git a/cinder/tests/unit/volume/flows/test_create_volume_flow.py b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +index 5b4ddb35f..7e08f8e78 100644 +--- a/cinder/tests/unit/volume/flows/test_create_volume_flow.py ++++ b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +@@ -1202,6 +1202,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + encryption_key_id=fakes.ENCRYPTION_KEY_ID, + host='host@backend#pool') + ++ fake_driver.clone_image.return_value = (None, False) + fake_image_service = fake_image.FakeImageService() + image_meta = {} + image_id = fakes.IMAGE_ID +@@ -1218,6 +1219,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_meta, fake_image_service) + + fake_driver.create_volume.assert_called_once_with(volume) ++ fake_driver.clone_image.assert_called_once() + fake_driver.copy_image_to_encrypted_volume.assert_not_called() + fake_driver.copy_image_to_volume.assert_called_once_with( + self.ctxt, volume, fake_image_service, image_id) +@@ -1226,6 +1228,50 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_meta=image_meta) + mock_cleanup_cg.assert_called_once_with(volume) + ++ @mock.patch('cinder.volume.flows.manager.create_volume.' ++ 'CreateVolumeFromSpecTask.' ++ '_handle_bootable_volume_glance_meta') ++ @mock.patch('cinder.image.image_utils.TemporaryImages.fetch') ++ @mock.patch('cinder.image.image_utils.qemu_img_info') ++ @mock.patch('cinder.image.image_utils.check_virtual_size') ++ def test_create_encrypted_volume_from_enc_image_clone( ++ self, mock_check_size, mock_qemu_img, ++ mock_fetch_img, mock_handle_bootable ++ ): ++ fake_db = mock.MagicMock() ++ fake_driver = mock.MagicMock() ++ fake_volume_manager = mock.MagicMock() ++ fake_manager = create_volume_manager.CreateVolumeFromSpecTask( ++ fake_volume_manager, fake_db, fake_driver) ++ volume = fake_volume.fake_volume_obj( ++ self.ctxt, ++ encryption_key_id=fakes.ENCRYPTION_KEY_ID, ++ host='host@backend#pool') ++ ++ fake_driver.clone_image.return_value = (None, True) ++ fake_image_service = fake_image.FakeImageService() ++ image_meta = {} ++ image_id = fakes.IMAGE_ID ++ image_meta['id'] = image_id ++ image_meta['status'] = 'active' ++ image_meta['size'] = 1 ++ image_meta['cinder_encryption_key_id'] = \ ++ '00000000-0000-0000-0000-000000000000' ++ image_location = 'abc' ++ ++ fake_db.volume_update.return_value = volume ++ fake_manager._create_from_image(self.ctxt, volume, ++ image_location, image_id, ++ image_meta, fake_image_service) ++ ++ fake_driver.create_volume.assert_not_called() ++ fake_driver.clone_image.assert_called_once() ++ fake_driver.copy_image_to_encrypted_volume.assert_not_called() ++ fake_driver.copy_image_to_volume.assert_not_called() ++ mock_handle_bootable.assert_called_once_with(self.ctxt, volume, ++ image_id=image_id, ++ image_meta=image_meta) ++ + @ddt.data({'driver_error': True}, + {'driver_error': False}) + @mock.patch('cinder.backup.api.API.get_available_backup_service_host') +diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py +index 0ae3cb59d..9d0590d9c 100644 +--- a/cinder/volume/flows/manager/create_volume.py ++++ b/cinder/volume/flows/manager/create_volume.py +@@ -1087,11 +1087,16 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): + # dict containing provider_location for cloned volume + # and clone status. + # NOTE (lixiaoy1): Currently all images are raw data, we can't +- # use clone_image to copy data if new volume is encrypted. ++ # use clone_image to copy data if new volume is encrypted ++ # NOTE (ricolin): If the image provided an encryption key, we have ++ # already cloned it to the volume's key in ++ # _get_encryption_key_id, so we can do a direct clone. ++ image_encryption_key = image_meta.get('cinder_encryption_key_id') + volume_is_encrypted = volume.encryption_key_id is not None + cloned = False + model_update = None +- if not volume_is_encrypted: ++ if not volume_is_encrypted or ( ++ volume_is_encrypted and image_encryption_key): + model_update, cloned = self.driver.clone_image(context, + volume, + image_location, +diff --git a/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml b/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml +new file mode 100644 +index 000000000..d6c7e8eb8 +--- /dev/null ++++ b/releasenotes/notes/allow-clone-encryped-image-6961ca1439825dc4.yaml +@@ -0,0 +1,8 @@ ++--- ++features: ++ - | ++ Allow clone encrypted image when create encrypted volume from image. ++ Exactly like what we did in copy-and-import image when create encrypted ++ volume from encrypted image. If the image is encrypted, we will copy ++ `cinder_encryption_key_id` from image metadata to volume. That means we ++ should be safe to try directly clone from encrypted image. +-- +2.25.1 + diff --git a/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch b/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch new file mode 100644 index 000000000..49ad536f1 --- /dev/null +++ b/images/cinder/patches/cinder/0003-Allow-encrypted-volume-clone-from-Glance-image.patch @@ -0,0 +1,320 @@ +From e72198cdf5b63fba70acb3ff43ec0b7531ff76da Mon Sep 17 00:00:00 2001 +From: ricolin +Date: Fri, 15 Mar 2024 23:26:14 +0800 +Subject: [PATCH 3/3] Allow encrypted volume clone from Glance image + +Allow clone image when creating encrypted volume from Glance image if both +stored in RBD. +Previously, Glance image clone is not supported for encrypted volume +creation. The old process is to download image to local disk, encrypt the +local file, and import it back to RBD. This not just slow, but also +protentially take large amount of local disk space from hosts that runs +Cinder volume service. +The new process is to try and clone from Glance image (if it's also stored +in RBD), flatten it, and encrypting new image in RBD for volume. And If +Glance image source is not clonable, will continue with copy-and-import +method as previous flow. +In above flow, If clone from Glance image is appliable. Even it still +requires to clone and flatten RBD image might took some time, but should +still be a lot faster than copy-and-import. And also no local disk will +be used to store raw image in this case. +This also introduced driver method `clone_image_and_encrypt` for drivers +that seperate the clone process from non-encrypted volume so the create +flow won't be affected. + +Related-Bug: #2055517 +Change-Id: Ia023646d8bc9468bf5cc8955f7013299b2a3a460 +--- + .../volume/flows/test_create_volume_flow.py | 49 ++++++++++ + cinder/volume/driver.py | 11 +++ + cinder/volume/drivers/rbd.py | 95 ++++++++++++++++--- + cinder/volume/flows/manager/create_volume.py | 8 +- + ...for-encrypted-volume-de477647e9016b8b.yaml | 21 ++++ + 5 files changed, 167 insertions(+), 17 deletions(-) + create mode 100644 releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml + +diff --git a/cinder/tests/unit/volume/flows/test_create_volume_flow.py b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +index 7e08f8e78..04d9048ea 100644 +--- a/cinder/tests/unit/volume/flows/test_create_volume_flow.py ++++ b/cinder/tests/unit/volume/flows/test_create_volume_flow.py +@@ -1164,6 +1164,7 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_location = 'abc' + + fake_db.volume_update.return_value = volume ++ fake_driver.clone_image_and_encrypt.return_value = (None, False) + fake_manager._create_from_image(self.ctxt, volume, + image_location, image_id, + image_meta, fake_image_service) +@@ -1177,6 +1178,54 @@ class CreateVolumeFlowManagerTestCase(test.TestCase): + image_meta=image_meta) + mock_cleanup_cg.assert_called_once_with(volume) + ++ @mock.patch('cinder.volume.flows.manager.create_volume.' ++ 'CreateVolumeFromSpecTask.' ++ '_prepare_image_cache_entry') ++ @mock.patch('cinder.volume.flows.manager.create_volume.' ++ 'CreateVolumeFromSpecTask.' ++ '_handle_bootable_volume_glance_meta') ++ @mock.patch('cinder.image.image_utils.TemporaryImages.fetch') ++ @mock.patch('cinder.image.image_utils.qemu_img_info') ++ @mock.patch('cinder.image.image_utils.check_virtual_size') ++ def test_create_encrypted_volume_from_image_clone( ++ self, mock_check_size, mock_qemu_img, mock_fetch_img, ++ mock_handle_bootable, mock_prepare_image_cache ++ ): ++ fake_db = mock.MagicMock() ++ fake_driver = mock.MagicMock() ++ fake_volume_manager = mock.MagicMock() ++ fake_cache = mock.MagicMock() ++ fake_manager = create_volume_manager.CreateVolumeFromSpecTask( ++ fake_volume_manager, fake_db, fake_driver, fake_cache) ++ volume = fake_volume.fake_volume_obj( ++ self.ctxt, ++ encryption_key_id=fakes.ENCRYPTION_KEY_ID, ++ host='host@backend#pool') ++ ++ fake_image_service = fake_image.FakeImageService() ++ image_meta = {} ++ image_id = fakes.IMAGE_ID ++ image_meta['id'] = image_id ++ image_meta['status'] = 'active' ++ image_meta['size'] = 1 ++ image_location = 'abc' ++ ++ fake_db.volume_update.return_value = volume ++ fake_driver.clone_image_and_encrypt.return_value = (None, True) ++ fake_manager._create_from_image(self.ctxt, volume, ++ image_location, image_id, ++ image_meta, fake_image_service) ++ ++ mock_prepare_image_cache.assert_not_called() ++ fake_driver.create_volume.assert_not_called() ++ fake_driver.clone_image.assert_not_called() ++ fake_driver.clone_image_and_encrypt.assert_called_once() ++ fake_driver.copy_image_to_encrypted_volume.assert_not_called() ++ fake_driver.copy_image_to_volume.assert_not_called() ++ mock_handle_bootable.assert_called_once_with(self.ctxt, volume, ++ image_id=image_id, ++ image_meta=image_meta) ++ + @mock.patch('cinder.volume.flows.manager.create_volume.' + 'CreateVolumeFromSpecTask.' + '_cleanup_cg_in_volume') +diff --git a/cinder/volume/driver.py b/cinder/volume/driver.py +index 0208b8be6..b0b669019 100644 +--- a/cinder/volume/driver.py ++++ b/cinder/volume/driver.py +@@ -1167,6 +1167,17 @@ class BaseVD(object, metaclass=abc.ABCMeta): + """ + return None, False + ++ def clone_image_and_encrypt( ++ self, context, volume, image_location, image_meta, image_service ++ ): ++ """Create and encrypt a volume efficiently from an existing image. ++ ++ Refer to ++ :obj:`cinder.interface.volume_driver.VolumeDriverCore.clone_image` ++ for additional information. ++ """ ++ return None, False ++ + def backup_use_temp_snapshot(self): + """Get the configured setting for backup from snapshot. + +diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py +index b883ee47a..855f32896 100644 +--- a/cinder/volume/drivers/rbd.py ++++ b/cinder/volume/drivers/rbd.py +@@ -141,6 +141,13 @@ CONF.register_opts(RBD_OPTS, group=configuration.SHARED_CONF_GROUP) + EXTRA_SPECS_REPL_ENABLED = "replication_enabled" + EXTRA_SPECS_MULTIATTACH = "multiattach" + ++# Note(ricolin): Reference ceph site for more information: ++# https://github.com/ceph/ceph/blob/main/src/include/rbd/librbd.h ++RBD_ENCRYPTION_ALG = { ++ 'aes-128': 0, ++ 'aes-256': 1 ++} ++ + QOS_KEY_MAP = { + 'total_iops_sec': { + 'ceph_key': 'rbd_qos_iops_limit', +@@ -1188,6 +1195,20 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + + return max(image_stripe_unit, default_stripe_unit) + ++ def _encrypt_volume(self, ++ context: context.RequestContext, ++ volume: Volume, ++ passphrase: str, ++ cipher_spec: dict ++ ) -> None: ++ LOG.debug("Encrypting volume $s", volume.name) ++ with RBDVolumeProxy(self, volume.name) as vol: ++ vol.encryption_format( ++ 0, ++ passphrase, ++ RBD_ENCRYPTION_ALG[cipher_spec['cipher_alg']] ++ ) ++ + def _clone(self, + volume: Volume, + src_pool: str, +@@ -1871,6 +1892,37 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + image_location: Optional[list], + image_meta: dict, + image_service) -> tuple[dict, bool]: ++ return self._clone_image(context, volume, image_location, ++ image_meta, image_service) ++ ++ def clone_image_and_encrypt( ++ self, ++ context: context.RequestContext, ++ volume: Volume, ++ image_location: Optional[list], ++ image_meta: dict, ++ image_service ++ ) -> tuple[dict, bool]: ++ ++ # Note(ricolin): method `encryption_format` added after Ceph Pacific ++ # release (>=16.1.0). ++ if self.rbd and hasattr( ++ self.rbd.Image, 'encryption_format') and callable( ++ self.rbd.Image.encryption_format): ++ return self._clone_image( ++ context, volume, image_location, ++ image_meta, image_service, is_encrypt=True) ++ else: ++ return {}, False ++ ++ def _clone_image(self, ++ context: context.RequestContext, ++ volume: Volume, ++ image_location: Optional[list], ++ image_meta: dict, ++ image_service, ++ is_encrypt: Optional[bool] = False ++ ) -> tuple[dict, bool]: + if image_location: + # Note: image_location[0] is glance image direct_url. + # image_location[1] contains the list of all locations (including +@@ -1888,12 +1940,41 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + url_location, image_meta): + _prefix, pool, image, snapshot = \ + self._parse_location(url_location) ++ if is_encrypt: ++ passphrase, cipher_spec = self._fetch_encryption_info( ++ context, volume) ++ if cipher_spec['cipher_alg'] not in RBD_ENCRYPTION_ALG: ++ LOG.debug( ++ "Skip clone. Cipher spec: %s not supported " ++ "for encrypt volume directly from RBD.", ++ cipher_spec) ++ return ({}, False) + volume_update = self._clone(volume, pool, image, snapshot) ++ if is_encrypt: ++ self._flatten(self.configuration.rbd_pool, volume.name) ++ self._encrypt_volume( ++ context, volume, passphrase, cipher_spec) + volume_update['provider_location'] = None + self._resize(volume) + return volume_update, True + return ({}, False) + ++ def _fetch_encryption_info(self, ++ context: context.RequestContext, ++ volume: Volume) -> tuple[str, dict]: ++ encryption = volume_utils.check_encryption_provider( ++ volume, ++ context) ++ # Fetch the key associated with the volume and decode the passphrase ++ keymgr = key_manager.API(CONF) ++ key = keymgr.get(context, encryption['encryption_key_id']) ++ passphrase = binascii.hexlify(key.get_encoded()).decode('utf-8') ++ ++ # Decode the dm-crypt style cipher spec into something qemu-img can use ++ cipher_spec = image_utils.decode_cipher(encryption['cipher'], ++ encryption['key_size']) ++ return passphrase, cipher_spec ++ + def copy_image_to_encrypted_volume(self, + context: context.RequestContext, + volume: Volume, +@@ -1914,18 +1995,8 @@ class RBDDriver(driver.CloneableImageVD, driver.MigrateVD, + volume: Volume, + tmp_dir: str, + src_image_path: Any) -> None: +- encryption = volume_utils.check_encryption_provider( +- volume, +- context) +- +- # Fetch the key associated with the volume and decode the passphrase +- keymgr = key_manager.API(CONF) +- key = keymgr.get(context, encryption['encryption_key_id']) +- passphrase = binascii.hexlify(key.get_encoded()).decode('utf-8') +- +- # Decode the dm-crypt style cipher spec into something qemu-img can use +- cipher_spec = image_utils.decode_cipher(encryption['cipher'], +- encryption['key_size']) ++ passphrase, cipher_spec = self._fetch_encryption_info( ++ context, volume) + + tmp_dir = volume_utils.image_conversion_dir() + +diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py +index 9d0590d9c..10eaa4b92 100644 +--- a/cinder/volume/flows/manager/create_volume.py ++++ b/cinder/volume/flows/manager/create_volume.py +@@ -1086,11 +1086,6 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): + # NOTE (singn): two params need to be returned + # dict containing provider_location for cloned volume + # and clone status. +- # NOTE (lixiaoy1): Currently all images are raw data, we can't +- # use clone_image to copy data if new volume is encrypted +- # NOTE (ricolin): If the image provided an encryption key, we have +- # already cloned it to the volume's key in +- # _get_encryption_key_id, so we can do a direct clone. + image_encryption_key = image_meta.get('cinder_encryption_key_id') + volume_is_encrypted = volume.encryption_key_id is not None + cloned = False +@@ -1102,6 +1097,9 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): + image_location, + image_meta, + image_service) ++ else: ++ model_update, cloned = self.driver.clone_image_and_encrypt( ++ context, volume, image_location, image_meta, image_service) + + # Try and clone the image if we have it set as a glance location. + if not cloned and 'cinder' in CONF.allowed_direct_url_schemes: +diff --git a/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml b/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml +new file mode 100644 +index 000000000..63d1f38cd +--- /dev/null ++++ b/releasenotes/notes/allow-clone-image-for-encrypted-volume-de477647e9016b8b.yaml +@@ -0,0 +1,21 @@ ++--- ++features: ++ - | ++ Allow clone image when creating encrypted volume from Glance image if both ++ stored in RBD. ++ Previously, Glance image clone is not supported for encrypted volume ++ creation. The old process is to download image to local disk, encrypt the ++ local file, and import it back to RBD. This not just slow, but also ++ protentially take large amount of local disk space from hosts that runs ++ Cinder volume service. ++ The new process is to try and clone from Glance image (if it's also stored ++ in RBD), flatten it, and encrypting new image in RBD for volume. And If ++ Glance image source is not clonable, will continue with copy-and-import ++ method as previous flow. ++ In above flow, If clone from Glance image is appliable. Even it still ++ requires to clone and flatten RBD image might took some time, but should ++ still be a lot faster than copy-and-import. And also no local disk will ++ be used to store raw image in this case. ++ This also introduced driver method `clone_image_and_encrypt` for drivers ++ that seperate the clone process from non-encrypted volume so the create ++ flow won't be affected. +-- +2.25.1 + From 2bc6f4bd962a4f865118d635d1d53a1bc4080853 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Fri, 19 Apr 2024 17:04:57 -0400 Subject: [PATCH 17/45] [stable/zed] Add monitoring for stuck VMs (#1133) This is an automated cherry-pick of #1129 /assign mnaser --- roles/defaults/vars/main.yml | 2 +- .../files/jsonnet/openstack.libsonnet | 12 ++++++++++ roles/openstack_exporter/tasks/main.yml | 22 ++++++++++++++----- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index 4b8204781..6d36998c1 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -174,7 +174,7 @@ _atmosphere_images: prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0 prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0 prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0 - prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.2.0 + prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.3.0 prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0 prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.0 diff --git a/roles/kube_prometheus_stack/files/jsonnet/openstack.libsonnet b/roles/kube_prometheus_stack/files/jsonnet/openstack.libsonnet index b8e6ac161..e77077e9f 100644 --- a/roles/kube_prometheus_stack/files/jsonnet/openstack.libsonnet +++ b/roles/kube_prometheus_stack/files/jsonnet/openstack.libsonnet @@ -203,6 +203,18 @@ description: 'All instances of a specific Nova service have been down for more than 5 minutes.', }, }, + { + alert: 'NovaServerTaskStateStuck', + annotations: { + summary: 'Nova server stuck in task state', + description: 'Nova server with ID {{ $labels.id }} stuck in {{ $labels.task_state }} state for more than 1 hour', + }, + expr: 'openstack_nova_server_task_state > 0', + 'for': '1h', + labels: { + severity: 'P3', + }, + }, { alert: 'NovaInstanceError', expr: 'openstack_nova_server_status{status="ERROR"} > 0', diff --git a/roles/openstack_exporter/tasks/main.yml b/roles/openstack_exporter/tasks/main.yml index 21e19154d..115445d47 100644 --- a/roles/openstack_exporter/tasks/main.yml +++ b/roles/openstack_exporter/tasks/main.yml @@ -117,23 +117,32 @@ selector: application: openstack-exporter -- name: Fetch Octavia DB secret +- name: Fetch Neutron DB secret run_once: true no_log: true kubernetes.core.k8s_info: kind: Secret namespace: openstack - name: octavia-db-user - register: _octavia_db_user + name: neutron-db-user + register: _neutron_db_user -- name: Fetch Neutron DB secret +- name: Fetch Nova DB secret run_once: true no_log: true kubernetes.core.k8s_info: kind: Secret namespace: openstack - name: neutron-db-user - register: _neutron_db_user + name: nova-db-user + register: _nova_db_user + +- name: Fetch Octavia DB secret + run_once: true + no_log: true + kubernetes.core.k8s_info: + kind: Secret + namespace: openstack + name: octavia-db-user + register: _octavia_db_user - name: Create "openstack-database-exporter-dsn" secret run_once: true @@ -151,6 +160,7 @@ application: openstack-database-exporter stringData: NEUTRON_DSN: "{{ _neutron_db_user.resources.0.data.DB_CONNECTION | b64decode | regex_replace('^.*//', '') | regex_replace('@(.*)/', '@tcp(\\1)/') }}" + NOVA_DSN: "{{ _nova_db_user.resources.0.data.DB_CONNECTION | b64decode | regex_replace('^.*//', '') | regex_replace('@(.*)/', '@tcp(\\1)/') }}" OCTAVIA_DSN: "{{ _octavia_db_user.resources.0.data.DB_CONNECTION | b64decode | regex_replace('^.*//', '') | regex_replace('@(.*)/', '@tcp(\\1)/') }}" - name: Deploy service From 4f218dd882bb95562795dde8518bc1e4d5a747c1 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Fri, 19 Apr 2024 18:53:23 -0400 Subject: [PATCH 18/45] [stable/zed] Change Loki log_level from info to warn (#1134) This is an automated cherry-pick of #1126 /assign mnaser --- roles/loki/vars/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/loki/vars/main.yml b/roles/loki/vars/main.yml index fd17dac96..dbefa79c9 100644 --- a/roles/loki/vars/main.yml +++ b/roles/loki/vars/main.yml @@ -14,6 +14,8 @@ _loki_helm_values: loki: + server: + log_level: warn image: registry: "{{ atmosphere_images['loki'] | vexxhost.kubernetes.docker_image('domain') }}" repository: "{{ atmosphere_images['loki'] | vexxhost.kubernetes.docker_image('path') }}" From 0be4bcbf9025ba0c605438dbe36753ef82626ef9 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Fri, 19 Apr 2024 18:53:25 -0400 Subject: [PATCH 19/45] [stable/zed] Update Ceph image to v18.2.1 (#1135) This is an automated cherry-pick of #1125 /assign mnaser --- roles/defaults/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index 6d36998c1..f6ef07abf 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -20,7 +20,7 @@ _atmosphere_images: barbican_db_sync: "registry.atmosphere.dev/library/barbican:{{ atmosphere_release }}" bootstrap: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}" ceph_config_helper: "registry.atmosphere.dev/library/libvirtd:{{ atmosphere_release }}" - ceph: quay.io/ceph/ceph:v16.2.11 + ceph: quay.io/ceph/ceph:v18.2.1 cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1 cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1 cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1 From 7f4ca4de0a0f0e7462584c7bed19ce05ef1acfa3 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Sun, 21 Apr 2024 17:03:14 -0400 Subject: [PATCH 20/45] [stable/zed] fix(barbican): create and add implied role creator (#1142) This is an automated cherry-pick of #909 /assign mnaser --- roles/barbican/meta/main.yml | 2 ++ roles/barbican/tasks/main.yml | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/roles/barbican/meta/main.yml b/roles/barbican/meta/main.yml index da38a2e16..7d301963c 100644 --- a/roles/barbican/meta/main.yml +++ b/roles/barbican/meta/main.yml @@ -30,6 +30,8 @@ galaxy_info: dependencies: - role: defaults + - role: openstacksdk + - role: openstack_cli - role: openstack_helm_endpoints vars: openstack_helm_endpoints_chart: barbican diff --git a/roles/barbican/tasks/main.yml b/roles/barbican/tasks/main.yml index fd40051ec..2652cf366 100644 --- a/roles/barbican/tasks/main.yml +++ b/roles/barbican/tasks/main.yml @@ -54,3 +54,24 @@ openstack_helm_ingress_service_name: barbican-api openstack_helm_ingress_service_port: 9311 openstack_helm_ingress_annotations: "{{ barbican_ingress_annotations }}" + +- name: Create creator role + openstack.cloud.identity_role: + cloud: atmosphere + state: present + name: creator + +- name: Add implied roles + run_once: true + ansible.builtin.shell: | + openstack implied role create \ + --implied-role {{ item.implies }} \ + {{ item.role }} + loop: + - role: member + implies: creator + environment: + OS_CLOUD: atmosphere + register: _octavia_implied_role_create + changed_when: _octavia_implied_role_create.rc == 0 + failed_when: _octavia_implied_role_create.rc != 0 and 'Duplicate entry.' not in _octavia_implied_role_create.stderr From d8d1b3baa4f4bfafe86cf8679e0b7e756fb5a747 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sun, 21 Apr 2024 17:33:04 -0400 Subject: [PATCH 21/45] [stable/zed] fix: Barbican use same uwsgi config as other services. (#1146) Refactor + pin helm-toolkit (#1124) fix: Barbican use same uwsgi config as other services. (#1119) Closes #1144 --- .charts.yml | 162 ++---- .../barbican/charts/helm-toolkit/Chart.yaml | 2 +- .../charts/helm-toolkit/requirements.lock | 3 + .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/barbican/requirements.lock | 8 +- charts/barbican/requirements.yaml | 18 +- .../barbican/templates/bin/_barbican.sh.tpl | 2 +- charts/barbican/templates/configmap-etc.yaml | 12 +- charts/barbican/templates/deployment-api.yaml | 4 +- charts/barbican/values.yaml | 30 +- .../charts/helm-toolkit/Chart.yaml | 2 +- .../charts/helm-toolkit/requirements.lock | 2 +- ...e_namespaced_endpoint_namespace_lookup.tpl | 38 ++ .../templates/manifests/_certificates.tpl | 72 +-- .../templates/manifests/_ingress.tpl | 224 +++++--- .../templates/manifests/_job-bootstrap.tpl | 11 + .../manifests/_job-db-drop-mysql.tpl | 11 + .../manifests/_job-db-init-mysql.tpl | 11 + .../templates/manifests/_job-db-sync.tpl | 11 + .../templates/manifests/_job-ks-endpoints.tpl | 11 + .../templates/manifests/_job-ks-service.tpl | 11 + .../templates/manifests/_job-ks-user.yaml.tpl | 35 ++ .../manifests/_job-rabbit-init.yaml.tpl | 13 +- .../manifests/_job-s3-bucket.yaml.tpl | 11 + .../templates/manifests/_job-s3-user.yaml.tpl | 11 + .../manifests/_job_image_repo_sync.tpl | 10 + .../manifests/_secret-registry.yaml.tpl | 78 +++ .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../templates/scripts/_db-init.py.tpl | 6 +- .../templates/scripts/_db-pg-init.sh.tpl | 3 + .../templates/scripts/_rabbit-init.sh.tpl | 5 + .../db-backup-restore/_backup_main.sh.tpl | 494 ++++++++++++++---- .../db-backup-restore/_restore_main.sh.tpl | 2 +- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../snippets/_kubernetes_metadata_labels.tpl | 16 + .../_kubernetes_pod_image_pull_secret.tpl | 45 ++ .../snippets/_kubernetes_pod_rbac_roles.tpl | 3 + .../_kubernetes_pod_rbac_serviceaccount.tpl | 8 + .../snippets/_mon_host_from_k8s_ep.sh.tpl | 68 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + .../templates/utils/_dependency_resolver.tpl | 2 + charts/ceph-provisioners/requirements.lock | 8 +- charts/ceph-provisioners/requirements.yaml | 20 +- charts/cinder/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/cinder/requirements.lock | 4 +- charts/cinder/requirements.yaml | 2 +- .../designate/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/designate/requirements.lock | 4 +- charts/designate/requirements.yaml | 2 +- charts/glance/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/glance/requirements.lock | 4 +- charts/glance/requirements.yaml | 2 +- charts/heat/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/heat/requirements.lock | 4 +- charts/heat/requirements.yaml | 2 +- charts/horizon/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/horizon/requirements.lock | 4 +- charts/horizon/requirements.yaml | 2 +- .../keystone/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/keystone/requirements.lock | 4 +- charts/keystone/requirements.yaml | 2 +- charts/libvirt/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ charts/libvirt/requirements.lock | 4 +- charts/libvirt/requirements.yaml | 2 +- charts/magnum/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/magnum/requirements.lock | 4 +- charts/magnum/requirements.yaml | 2 +- charts/manila/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/manila/requirements.lock | 4 +- charts/manila/requirements.yaml | 2 +- .../memcached/charts/helm-toolkit/Chart.yaml | 2 +- .../charts/helm-toolkit/requirements.lock | 2 +- .../templates/manifests/_ingress.tpl | 82 +-- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../templates/scripts/_db-init.py.tpl | 6 +- .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + .../templates/utils/_dependency_resolver.tpl | 2 + charts/memcached/requirements.lock | 8 +- charts/memcached/requirements.yaml | 20 +- charts/neutron/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/neutron/requirements.lock | 4 +- charts/neutron/requirements.yaml | 2 +- charts/nova/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/nova/requirements.lock | 4 +- charts/nova/requirements.yaml | 2 +- charts/octavia/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/octavia/requirements.lock | 4 +- charts/octavia/requirements.yaml | 2 +- .../charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ charts/openvswitch/requirements.lock | 4 +- charts/openvswitch/requirements.yaml | 2 +- charts/ovn/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ charts/ovn/requirements.lock | 4 +- charts/ovn/requirements.yaml | 2 +- .../barbican/0001-tune-uwsgi-config.patch | 25 + .../placement/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/placement/requirements.lock | 4 +- charts/placement/requirements.yaml | 2 +- charts/senlin/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/senlin/requirements.lock | 4 +- charts/senlin/requirements.yaml | 2 +- charts/tempest/charts/helm-toolkit/Chart.yaml | 2 +- .../templates/manifests/_ingress.tpl | 60 ++- .../templates/manifests/_job-bootstrap.tpl | 1 + .../manifests/_job-db-drop-mysql.tpl | 1 + .../manifests/_job-db-init-mysql.tpl | 1 + .../templates/manifests/_job-db-sync.tpl | 1 + .../templates/manifests/_job-ks-endpoints.tpl | 1 + .../templates/manifests/_job-ks-service.tpl | 1 + .../templates/manifests/_job-ks-user.yaml.tpl | 1 + .../manifests/_job-rabbit-init.yaml.tpl | 1 + .../manifests/_job-s3-bucket.yaml.tpl | 1 + .../templates/manifests/_job-s3-user.yaml.tpl | 1 + .../manifests/_secret-registry.yaml.tpl | 33 +- .../templates/manifests/_secret-tls.yaml.tpl | 11 + .../db-backup-restore/_backup_main.sh.tpl | 142 ++++- .../snippets/_custom_job_annotations.tpl | 76 +++ .../snippets/_custom_pod_annotations.tpl | 76 +++ .../snippets/_custom_secret_annotations.tpl | 81 +++ .../_rgw_s3_bucket_user_env_vars_rook.tpl | 28 + charts/tempest/requirements.lock | 4 +- charts/tempest/requirements.yaml | 2 +- 441 files changed, 10122 insertions(+), 1595 deletions(-) create mode 100644 charts/barbican/charts/helm-toolkit/requirements.lock create mode 100644 charts/barbican/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/barbican/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/barbican/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/barbican/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_namespace_lookup.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_image_pull_secret.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_mon_host_from_k8s_ep.sh.tpl create mode 100644 charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/cinder/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/cinder/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/cinder/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/cinder/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/designate/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/designate/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/designate/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/designate/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/glance/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/glance/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/glance/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/glance/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/heat/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/heat/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/heat/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/heat/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/horizon/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/horizon/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/horizon/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/horizon/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/keystone/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/keystone/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/keystone/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/keystone/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/magnum/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/magnum/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/magnum/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/magnum/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/manila/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/manila/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/manila/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/manila/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/memcached/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/memcached/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/memcached/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/memcached/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/neutron/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/neutron/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/neutron/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/neutron/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/nova/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/nova/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/nova/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/nova/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/octavia/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/octavia/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/octavia/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/octavia/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/ovn/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/ovn/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/ovn/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/patches/barbican/0001-tune-uwsgi-config.patch create mode 100644 charts/placement/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/placement/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/placement/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/placement/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/senlin/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/senlin/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/senlin/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/senlin/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl create mode 100644 charts/tempest/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl create mode 100644 charts/tempest/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl create mode 100644 charts/tempest/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl create mode 100644 charts/tempest/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl diff --git a/.charts.yml b/.charts.yml index a4ff95aa6..e4a964ec9 100644 --- a/.charts.yml +++ b/.charts.yml @@ -1,16 +1,30 @@ +.common: + openstack_helm_repository: &openstack_helm_repository + url: https://tarballs.openstack.org/openstack-helm + openstack_helm_infra_repository: &openstack_helm_infra_repository + url: https://tarballs.openstack.org/openstack-helm-infra + openstack_helm_dependencies: &openstack_helm_dependencies + - name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.64 + charts: - name: barbican version: 0.3.6 - repository: - url: https://tarballs.openstack.org/openstack-helm + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies + patches: + gerrit: + review.opendev.org: + - 916034 - name: ceph-csi-rbd version: 3.5.1 repository: url: https://ceph.github.io/csi-charts - name: ceph-provisioners version: 0.1.8 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra + repository: *openstack_helm_infra_repository + dependencies: *openstack_helm_dependencies - name: godaddy-webhook version: 0.3.0 repository: @@ -21,12 +35,8 @@ charts: url: https://luisico.github.io/cert-manager-webhook-infoblox-wapi - name: cinder version: 0.3.15 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -37,48 +47,32 @@ charts: url: https://coredns.github.io/helm - name: designate version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: - 899932 - name: glance version: 0.4.15 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: - 899864 - name: heat version: 0.3.7 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: - 899931 - name: horizon version: 0.3.15 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies - name: ingress-nginx version: 4.0.17 repository: @@ -89,12 +83,8 @@ charts: url: https://charts.bitnami.com/bitnami - name: keystone version: 0.3.5 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -105,12 +95,8 @@ charts: url: https://prometheus-community.github.io/helm-charts - name: libvirt version: 0.1.27 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 + repository: *openstack_helm_infra_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -121,24 +107,16 @@ charts: url: https://grafana.github.io/helm-charts - name: magnum version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: - 899926 - name: manila version: 0.1.7 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -146,16 +124,12 @@ charts: - 899923 - name: memcached version: 0.1.12 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra + repository: *openstack_helm_infra_repository + dependencies: *openstack_helm_dependencies - name: neutron version: 0.3.29 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -167,12 +141,8 @@ charts: url: https://kubernetes-sigs.github.io/node-feature-discovery/charts - name: nova version: 0.3.27 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -180,32 +150,20 @@ charts: - 904250 - name: octavia version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: - 899918 - name: openvswitch version: 0.1.19 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 + repository: *openstack_helm_infra_repository + dependencies: *openstack_helm_dependencies - name: ovn version: 0.1.4 - repository: - url: https://tarballs.openstack.org/openstack-helm-infra - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 + repository: *openstack_helm_infra_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -213,12 +171,8 @@ charts: - 914807 - name: placement version: 0.3.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: @@ -245,24 +199,16 @@ charts: url: https://charts.rook.io/release - name: senlin version: 0.2.9 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies patches: gerrit: review.opendev.org: - 899913 - name: tempest version: 0.2.8 - repository: - url: https://tarballs.openstack.org/openstack-helm - dependencies: - - name: helm-toolkit - repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + repository: *openstack_helm_repository + dependencies: *openstack_helm_dependencies - name: vector version: 0.32.0 repository: diff --git a/charts/barbican/charts/helm-toolkit/Chart.yaml b/charts/barbican/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/barbican/charts/helm-toolkit/Chart.yaml +++ b/charts/barbican/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/barbican/charts/helm-toolkit/requirements.lock b/charts/barbican/charts/helm-toolkit/requirements.lock new file mode 100644 index 000000000..808bd945e --- /dev/null +++ b/charts/barbican/charts/helm-toolkit/requirements.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/barbican/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/barbican/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/barbican/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/barbican/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/barbican/requirements.lock b/charts/barbican/requirements.lock index b9146d75a..43aa382fd 100644 --- a/charts/barbican/requirements.lock +++ b/charts/barbican/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: 0.2.55 -digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca -generated: "2023-11-15T23:08:24.10384684Z" + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/barbican/requirements.yaml b/charts/barbican/requirements.yaml index 4124d0145..ddafbfc88 100644 --- a/charts/barbican/requirements.yaml +++ b/charts/barbican/requirements.yaml @@ -1,16 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - dependencies: - - name: helm-toolkit - repository: file://../../openstack-helm-infra/helm-toolkit - version: ">= 0.1.0" +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.64 diff --git a/charts/barbican/templates/bin/_barbican.sh.tpl b/charts/barbican/templates/bin/_barbican.sh.tpl index 1ac7911e5..21612f791 100644 --- a/charts/barbican/templates/bin/_barbican.sh.tpl +++ b/charts/barbican/templates/bin/_barbican.sh.tpl @@ -18,7 +18,7 @@ set -ex COMMAND="${@:-start}" function start () { - exec uwsgi --die-on-term --master --emperor /etc/barbican/vassals + exec uwsgi --ini /etc/barbican/barbican-api-uwsgi.ini } function stop () { diff --git a/charts/barbican/templates/configmap-etc.yaml b/charts/barbican/templates/configmap-etc.yaml index d9323e08f..d2bff2c01 100644 --- a/charts/barbican/templates/configmap-etc.yaml +++ b/charts/barbican/templates/configmap-etc.yaml @@ -67,12 +67,10 @@ limitations under the License. {{- $_ := tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.DEFAULT "host_href" -}} {{- end -}} -{{- if empty .Values.conf.barbican.barbican_api.bind_port -}} -{{- $_ := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.barbican.barbican_api "bind_port" -}} -{{- end -}} - -{{- if empty .Values.conf.barbican_api.uwsgi.socket -}} -{{- $_ := printf ":%s" ( tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" ) | set .Values.conf.barbican_api.uwsgi "socket" -}} +{{- if empty (index .Values.conf.barbican_api_uwsgi.uwsgi "http-socket") -}} +{{- $http_socket_port := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }} +{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }} +{{- $_ := set .Values.conf.barbican_api_uwsgi.uwsgi "http-socket" $http_socket -}} {{- end -}} {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} @@ -99,6 +97,6 @@ data: barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }} policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} - barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }} + barbican-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api_uwsgi | b64enc }} old_kek: {{ index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default "" | b64enc | quote }} {{- end }} diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml index 4e281d910..f67c2215b 100644 --- a/charts/barbican/templates/deployment-api.yaml +++ b/charts/barbican/templates/deployment-api.yaml @@ -89,8 +89,8 @@ spec: - name: etcbarbican mountPath: /etc/barbican - name: barbican-etc - mountPath: /etc/barbican/vassals/barbican-api.ini - subPath: barbican-api.ini + mountPath: /etc/barbican/barbican-api-uwsgi.ini + subPath: barbican-api-uwsgi.ini readOnly: true - name: barbican-etc mountPath: /etc/barbican/barbican.conf diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml index 09e21983b..380707628 100644 --- a/charts/barbican/values.yaml +++ b/charts/barbican/values.yaml @@ -356,18 +356,28 @@ conf: service_endpoints: # map endpoint type defined in service catalog to CADF typeURI key-manager: service/security/keymanager - barbican_api: + barbican_api_uwsgi: uwsgi: - socket: null - protocol: http - processes: 1 - lazy: true - vacuum: true - no-default-app: true - memory-report: true - plugins: python - paste: "config:/etc/barbican/barbican-api-paste.ini" add-header: "Connection: close" + buffer-size: 65535 + chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all + http-auto-chunked: true + http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true + need-app: true + procname-prefix-spaced: "barbiacan-api:" + route-user-agent: '^kube-probe.* donotlog:' + socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api + processes: 1 barbican: DEFAULT: transport_url: null diff --git a/charts/ceph-provisioners/charts/helm-toolkit/Chart.yaml b/charts/ceph-provisioners/charts/helm-toolkit/Chart.yaml index f76229259..e827e99f5 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/Chart.yaml +++ b/charts/ceph-provisioners/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.17 +version: 0.2.64 diff --git a/charts/ceph-provisioners/charts/helm-toolkit/requirements.lock b/charts/ceph-provisioners/charts/helm-toolkit/requirements.lock index df843bb91..808bd945e 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/requirements.lock +++ b/charts/ceph-provisioners/charts/helm-toolkit/requirements.lock @@ -1,3 +1,3 @@ dependencies: [] digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 -generated: "2021-07-27T15:44:21.585311483Z" +generated: '0001-01-01T00:00:00Z' diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_namespace_lookup.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_namespace_lookup.tpl new file mode 100644 index 000000000..cc4d4de62 --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_namespace_lookup.tpl @@ -0,0 +1,38 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Resolves the namespace scoped hostname for an endpoint +values: | + endpoints: + oslo_db: + hosts: + default: mariadb + host_fqdn_override: + default: null +usage: | + {{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_namespace_lookup" }} +return: | + default +*/}} + +{{- define "helm-toolkit.endpoints.hostname_namespaced_endpoint_namespace_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $context := index . 2 -}} +{{- $endpointMap := index $context.Values.endpoints ( $type | replace "-" "_" ) }} +{{- $namespace := $endpointMap.namespace | default $context.Release.Namespace }} +{{- printf "%s" $namespace -}} +{{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_certificates.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_certificates.tpl index 241e8b12d..8be771e6c 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_certificates.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_certificates.tpl @@ -30,7 +30,8 @@ examples: organization: - ACME commonName: keystone-api.openstack.svc.cluster.local - keySize: 2048 + privateKey: + size: 2048 usages: - server auth - client auth @@ -55,55 +56,8 @@ examples: duration: 2160h issuerRef: name: ca-issuer - keySize: 2048 - organization: - - ACME - secretName: keystone-tls-api - usages: - - server auth - - client auth - - - values: | - cert_manager_version: v0.15.0 - endpoints: - dashboard: - host_fqdn_override: - default: - host: null - tls: - secretName: keystone-tls-api - issuerRef: - name: ca-issuer - duration: 2160h - organization: - - ACME - commonName: keystone-api.openstack.svc.cluster.local - keySize: 2048 - usages: - - server auth - - client auth - dnsNames: - - cluster.local - issuerRef: - name: ca-issuer - usage: | - {{- $opts := dict "envAll" . "service" "dashboard" "type" "internal" -}} - {{ $opts | include "helm-toolkit.manifests.certificates" }} - return: | - --- - apiVersion: cert-manager.io/v1alpha3 - kind: Certificate - metadata: - name: keystone-tls-api - namespace: NAMESPACE - spec: - commonName: keystone-api.openstack.svc.cluster.local - dnsNames: - - cluster.local - duration: 2160h - issuerRef: - name: ca-issuer - keySize: 2048 + privateKey: + size: 2048 organization: - ACME secretName: keystone-tls-api @@ -125,11 +79,13 @@ examples: {{- $dnsNames := list $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) -}} {{- $_ := $dnsNames | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "dnsNames" -}} {{- end -}} -{{/* Default keySize to 4096. This can be overridden. */}} -{{- if not (hasKey $slice "keySize") -}} -{{- $_ := ( printf "%d" 4096 | atoi ) | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "keySize" -}} +{{/* Default privateKey size to 4096. This can be overridden. */}} +{{- if not (hasKey $slice "privateKey") -}} +{{- $_ := dict "size" ( printf "%d" 4096 | atoi ) | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "privateKey" -}} +{{- else if empty (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "privateKey" "size") -}} +{{- $_ := ( printf "%d" 4096 | atoi ) | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "privateKey") "size" -}} {{- end -}} -{{/* Default keySize to 3 months. Note the min is 720h. This can be overridden. */}} +{{/* Default duration to 3 months. Note the min is 720h. This can be overridden. */}} {{- if not (hasKey $slice "duration") -}} {{- $_ := printf "%s" "2190h" | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "duration" -}} {{- end -}} @@ -141,16 +97,8 @@ examples: {{- if not (hasKey $slice "usages") -}} {{- $_ := (list "server auth" "client auth") | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "usages" -}} {{- end -}} -{{- $cert_manager_version := "v1.0.0" -}} -{{- if $envAll.Values.cert_manager_version -}} -{{- $cert_manager_version = $envAll.Values.cert_manager_version -}} -{{- end -}} --- -{{- if semverCompare "< v1.0.0" $cert_manager_version }} -apiVersion: cert-manager.io/v1alpha3 -{{- else }} apiVersion: cert-manager.io/v1 -{{- end }} kind: Certificate metadata: name: {{ index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "secretName" }} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_ingress.tpl index 2d62a1701..cacb4b813 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,50 +59,59 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" rules: - host: barbican http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default.svc.cluster.local http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: barbican-namespace-fqdn annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public hosts: @@ -112,19 +121,22 @@ examples: http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: barbican-cluster-fqdn annotations: - kubernetes.io/ingress.class: "nginx-cluster" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx-cluster" tls: - secretName: barbican-tls-public hosts: @@ -134,9 +146,12 @@ examples: http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - values: | network: api: @@ -179,18 +194,18 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public hosts: @@ -202,23 +217,32 @@ examples: http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default.svc.cluster.local http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - values: | cert_issuer_type: issuer network: @@ -270,20 +294,20 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" cert-manager.io/issuer: ca-issuer certmanager.k8s.io/issuer: ca-issuer nginx.ingress.kubernetes.io/backend-protocol: https nginx.ingress.kubernetes.io/secure-backends: "true" spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public-certmanager hosts: @@ -295,23 +319,32 @@ examples: http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default.svc.cluster.local http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - values: | network: @@ -363,20 +396,20 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" cert-manager.io/cluster-issuer: ca-issuer certmanager.k8s.io/cluster-issuer: ca-issuer nginx.ingress.kubernetes.io/backend-protocol: https nginx.ingress.kubernetes.io/secure-backends: "true" spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public-certmanager hosts: @@ -388,23 +421,32 @@ examples: http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api - host: barbican.default.svc.cluster.local http: paths: - path: / + pathType: Prefix backend: - serviceName: barbican-api - servicePort: b-api + service: + name: barbican-api + port: + name: b-api # Sample usage for multiple DNS names associated with the same public # endpoint and certificate - values: | @@ -437,51 +479,60 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grafana annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" rules: - host: grafana http: paths: - path: / + pathType: Prefix backend: - serviceName: grafana-dashboard - servicePort: dashboard + service: + name: grafana-dashboard + port: + name: dashboard - host: grafana.default http: paths: - path: / + pathType: Prefix backend: - serviceName: grafana-dashboard - servicePort: dashboard + service: + name: grafana-dashboard + port: + name: dashboard - host: grafana.default.svc.cluster.local http: paths: - path: / + pathType: Prefix backend: - serviceName: grafana-dashboard - servicePort: dashboard + service: + name: grafana-dashboard + port: + name: dashboard --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grafana-namespace-fqdn annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" tls: - secretName: grafana-tls-public hosts: @@ -492,26 +543,32 @@ examples: http: paths: - path: / + pathType: Prefix backend: - serviceName: grafana-dashboard - servicePort: dashboard + service: + name: grafana-dashboard + port: + name: dashboard - host: grafana-alt.openstackhelm.example http: paths: - path: / + pathType: Prefix backend: - serviceName: grafana-dashboard - servicePort: dashboard + service: + name: grafana-dashboard + port: + name: dashboard --- - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grafana-cluster-fqdn annotations: - kubernetes.io/ingress.class: "nginx-cluster" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx-cluster" tls: - secretName: grafana-tls-public hosts: @@ -522,16 +579,22 @@ examples: http: paths: - path: / + pathType: Prefix backend: - serviceName: grafana-dashboard - servicePort: dashboard + service: + name: grafana-dashboard + port: + name: dashboard - host: grafana-alt.openstackhelm.example http: paths: - path: / + pathType: Prefix backend: - serviceName: grafana-dashboard - servicePort: dashboard + service: + name: grafana-dashboard + port: + name: dashboard */}} @@ -539,13 +602,21 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / + pathType: {{ $pathType }} backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} + service: + name: {{ $backendName }} + port: +{{- if or (kindIs "int" $backendPort) (regexMatch "^[0-9]{1,5}$" $backendPort) }} + number: {{ $backendPort | int }} +{{- else }} + name: {{ $backendPort | quote }} +{{- end }} {{- end }} {{- define "helm-toolkit.manifests.ingress" -}} @@ -554,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -564,12 +636,11 @@ examples: {{- $certIssuerType = $envAll.Values.cert_issuer_type }} {{- end }} --- -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }} {{- if $certIssuer }} cert-manager.io/{{ $certIssuerType }}: {{ $certIssuer }} certmanager.k8s.io/{{ $certIssuerType }}: {{ $certIssuer }} @@ -580,6 +651,7 @@ metadata: {{- end }} {{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} spec: + ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }} {{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "hosts" }} {{- if $certIssuer }} {{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} @@ -611,21 +683,23 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} -{{- range $key2, $ingressController := tuple "namespace" "cluster" }} +{{- $ingressConf := $envAll.Values.network -}} +{{- $ingressClasses := ternary (tuple "namespace") (tuple "namespace" "cluster") (and (hasKey $ingressConf "use_external_ingress_controller") $ingressConf.use_external_ingress_controller) }} +{{- range $key2, $ingressController := $ingressClasses }} {{- $vHosts := list $hostNameFull }} --- -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }} annotations: - kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }} {{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} spec: + ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }} {{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "host_fqdn_override" }} {{- if hasKey $host $endpoint }} {{- $endpointHost := index $host $endpoint }} @@ -634,7 +708,6 @@ spec: {{- range $v := without (index $endpointHost.tls "dnsNames" | default list) $hostNameFull }} {{- $vHosts = append $vHosts $v }} {{- end }} -{{- if and ( not ( empty $endpointHost.tls.key ) ) ( not ( empty $endpointHost.tls.crt ) ) }} {{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} {{- $_ := required "You need to specify a secret in your values for the endpoint" $secretName }} tls: @@ -645,11 +718,10 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 6bd0898e2..6b77004f0 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -23,6 +23,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $podVolMounts := index . "podVolMounts" | default false -}} {{- $podVols := index . "podVols" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} @@ -44,7 +45,13 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "bootstrap" | quote }} + labels: +{{ tuple $envAll $serviceName "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -65,8 +72,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure + {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index cfd64ff02..2b7ff2cdc 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -28,6 +28,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} {{- $dbToDrop := index . "dbToDrop" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} @@ -45,9 +46,15 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "db-drop" | quote }} + labels: +{{ tuple $envAll $serviceName "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -66,8 +73,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure + {{ tuple $envAll "db_drop" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "db_drop" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 446339737..b8a1dce3b 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -28,6 +28,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} {{- $dbToInit := index . "dbToInit" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} @@ -45,7 +46,13 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "db-init" | quote }} + labels: +{{ tuple $envAll $serviceName "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -66,8 +73,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure + {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 979211d32..4696c88fd 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -23,6 +23,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} {{- $podVolMounts := index . "podVolMounts" | default false -}} @@ -42,7 +43,13 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "db-sync" | quote }} + labels: +{{ tuple $envAll $serviceName "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -63,8 +70,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure + {{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "db_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 6df37b6e2..d69c9e6ec 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -24,6 +24,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $secretBin := index . "secretBin" -}} {{- $tlsSecret := index . "tlsSecret" | default "" -}} @@ -45,7 +46,13 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "ks-endpoints" | quote }} + labels: +{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -66,8 +73,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: {{ $restartPolicy }} + {{ tuple $envAll "ks_endpoints" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "ks_endpoints" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index ca9f6c3e9..9604c6372 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -24,6 +24,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $secretBin := index . "secretBin" -}} {{- $tlsSecret := index . "tlsSecret" | default "" -}} @@ -45,7 +46,13 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "ks-service" | quote }} + labels: +{{ tuple $envAll $serviceName "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -66,8 +73,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: {{ $restartPolicy }} + {{ tuple $envAll "ks_service" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "ks_service" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 42f237039..58dcdc5c6 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -17,12 +17,35 @@ limitations under the License. # {- $ksUserJob := dict "envAll" . "serviceName" "senlin" } # { $ksUserJob | include "helm-toolkit.manifests.job_ks_user" } +{{/* + # To enable PodSecuritycontext (PodSecurityContext/v1) define the below in values.yaml: + # example: + # values: | + # pod: + # security_context: + # ks_user: + # pod: + # runAsUser: 65534 + # To enable Container SecurityContext(SecurityContext/v1) for ks-user container define the values: + # example: + # values: | + # pod: + # security_context: + # ks_user: + # container: + # ks-user: + # runAsUser: 65534 + # readOnlyRootFilesystem: true + # allowPrivilegeEscalation: false +*/}} + {{- define "helm-toolkit.manifests.job_ks_user" -}} {{- $envAll := index . "envAll" -}} {{- $serviceName := index . "serviceName" -}} {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $serviceUser := index . "serviceUser" | default $serviceName -}} {{- $secretBin := index . "secretBin" -}} @@ -45,7 +68,13 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceUserPretty "ks-user" | quote }} + labels: +{{ tuple $envAll $serviceName "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -65,9 +94,14 @@ spec: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName | quote }} +{{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} restartPolicy: {{ $restartPolicy }} + {{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "ks_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: @@ -75,6 +109,7 @@ spec: image: {{ $envAll.Values.images.tags.ks_user }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "ks_user" "container" "ks_user" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /bin/bash - -c diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 55740322a..2cfadafe3 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -18,6 +18,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $serviceUser := index . "serviceUser" | default $serviceName -}} {{- $secretBin := index . "secretBin" -}} @@ -35,7 +36,13 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceUserPretty "rabbit-init" | quote }} + labels: +{{ tuple $envAll $serviceName "rabbit-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -56,8 +63,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName | quote }} restartPolicy: OnFailure + {{ tuple $envAll "rabbit_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "rabbit_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: @@ -94,7 +105,7 @@ spec: - name: RABBITMQ_AUXILIARY_CONFIGURATION value: {{ toJson $envAll.Values.conf.rabbitmq | quote }} {{- end }} -{{- if $envAll.Values.manifests.certificates }} +{{- if and $envAll.Values.manifests.certificates (ne $tlsSecret "") }} - name: RABBITMQ_X509 value: "REQUIRE X509" - name: USER_CERT_PATH diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index bea68762d..b5fdc09c3 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -23,6 +23,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $configMapCeph := index . "configMapCeph" | default (printf "ceph-etc" ) -}} {{- $secretBin := index . "secretBin" -}} @@ -41,8 +42,14 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "s3-bucket" | quote }} + labels: +{{ tuple $envAll $serviceName "s3-bucket" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -61,8 +68,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName | quote }} restartPolicy: OnFailure + {{ tuple $envAll "s3_bucket" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "s3_bucket" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 36af63f3b..77d1a71e9 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -23,6 +23,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} {{- $configMapCeph := index . "configMapCeph" | default (printf "ceph-etc" ) -}} {{- $secretBin := index . "secretBin" -}} @@ -38,9 +39,15 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "s3-user" | quote }} + labels: +{{ tuple $envAll $serviceName "s3-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} @@ -59,8 +66,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName | quote }} restartPolicy: OnFailure + {{ tuple $envAll "s3_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "s3_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: ceph-keyring-placement diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl index 2e67006b4..0906df4c9 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl @@ -23,6 +23,7 @@ limitations under the License. {{- $jobAnnotations := index . "jobAnnotations" -}} {{- $jobLabels := index . "jobLabels" -}} {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} {{- $podVolMounts := index . "podVolMounts" | default false -}} {{- $podVols := index . "podVols" | default false -}} {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} @@ -38,6 +39,11 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ printf "%s-%s" $serviceNamePretty "image-repo-sync" | quote }} + labels: +{{ tuple $envAll $serviceName "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if $jobLabels }} +{{ toYaml $jobLabels | indent 4 }} +{{- end }} annotations: "helm.sh/hook-delete-policy": before-hook-creation {{- if $jobAnnotations }} @@ -58,8 +64,12 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure + {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} nodeSelector: {{ toYaml $nodeSelector | indent 8 }} +{{- if $tolerationsEnabled }} +{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} initContainers: {{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl new file mode 100644 index 000000000..7ad505b55 --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -0,0 +1,78 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Creates a manifest for a authenticating a registry with a secret +examples: + - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" + secrets: + oci_image_registry: + {{ $serviceName }}: {{ $keyName }} + endpoints: + oci_image_registry: + name: oci-image-registry + auth: + enabled: true + {{ $serviceName }}: + name: {{ $userName }} + password: {{ $password }} + usage: | + {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} + return: | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $secretName }} + annotations: + custom.tld/key: "value" + type: kubernetes.io/dockerconfigjson + data: + dockerconfigjson: {{ $dockerAuth }} +*/}} + +{{- define "helm-toolkit.manifests.secret_registry" }} +{{- $envAll := index . "envAll" }} +{{- $registryUser := index . "registryUser" }} +{{- $secretName := index $envAll.Values.secrets.oci_image_registry $registryUser }} +{{- $registryHost := tuple "oci_image_registry" "internal" $envAll | include "helm-toolkit.endpoints.endpoint_host_lookup" }} +{{/* +We only use "host:port" when port is non-null, else just use "host" +*/}} +{{- $registryPort := "" }} +{{- $port := $envAll.Values.endpoints.oci_image_registry.port.registry.default }} +{{- if $port }} +{{- $port = tuple "oci_image_registry" "internal" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $registryPort = printf ":%s" $port }} +{{- end }} +{{- $imageCredentials := index $envAll.Values.endpoints.oci_image_registry.auth $registryUser }} +{{- $dockerAuthToken := printf "%s:%s" $imageCredentials.username $imageCredentials.password | b64enc }} +{{- $dockerAuth := printf "{\"auths\": {\"%s%s\": {\"auth\": \"%s\"}}}" $registryHost $registryPort $dockerAuthToken | b64enc }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ $dockerAuth }} +{{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-init.py.tpl index 4294d40c5..6027b9515 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-init.py.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-init.py.tpl @@ -133,8 +133,10 @@ except: # Create DB User try: root_engine.execute( - "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format( - database, user, password, mysql_x509)) + "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format( + user, password, mysql_x509)) + root_engine.execute( + "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user)) logger.info("Created user {0} for {1}".format(user, database)) except: logger.critical("Could not create user {0} for {1}".format(user, database)) diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-pg-init.sh.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-pg-init.sh.tpl index 93cea2516..4d7dfaa37 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-pg-init.sh.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_db-pg-init.sh.tpl @@ -63,4 +63,7 @@ pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$USER_DB_USER';" && #give permissions to user pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $USER_DB_NAME to $USER_DB_USER;" + +#revoke all privileges from PUBLIC role +pgsql_superuser_cmd "REVOKE ALL ON DATABASE $USER_DB_NAME FROM PUBLIC;" {{- end }} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl index 87872d6ff..3739f9554 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl @@ -77,6 +77,11 @@ rabbitmqadmin_cli \ password="${RABBITMQ_PASSWORD}" \ tags="user" +echo "Deleting Guest User" +rabbitmqadmin_cli \ + delete user \ + name="guest" || true + if [ "${RABBITMQ_VHOST}" != "/" ] then echo "Managing: vHost: ${RABBITMQ_VHOST}" diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 7c62bc426..695cb2e47 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -40,11 +40,21 @@ # export OS_PROJECT_DOMAIN_NAME Keystone domain the user belongs to # export OS_IDENTITY_API_VERSION Keystone API version to use # -# The following variables are optional: -# export RGW_TIMEOUT Number of seconds to wait for the -# connection to the RGW to be available -# when sending a backup to the RGW. Default -# is 1800 (30 minutes). +# export REMOTE_BACKUP_RETRIES Number of retries to send backup to remote +# in case of any temporary failures. +# export MIN_DELAY_SEND_REMOTE Minimum seconds to delay before sending backup +# to remote to stagger backups being sent to RGW +# export MAX_DELAY_SEND_REMOTE Maximum seconds to delay before sending backup +# to remote to stagger backups being sent to RGW. +# A random number between min and max delay is generated +# to set the delay. +# +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into # # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] @@ -63,6 +73,14 @@ # framework will automatically tar/zip the files in that directory and # name the tarball appropriately according to the proper conventions. # +# verify_databases_backup_archives [scope] +# returns: 0 if no errors; 1 if any errors occurred +# +# This function is expected to verify the database backup archives. If this function +# completes successfully (returns 0), the +# framework will automatically starts remote backup upload. +# +# # The functions in this file will take care of: # 1) Calling "dump_databases_to_directory" and then compressing the files, # naming the tarball properly, and then storing it locally at the specified @@ -73,21 +91,32 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. -set -x log_backup_error_exit() { MSG=$1 - ERRCODE=$2 + ERRCODE=${2:-0} log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 +} + +log_verify_backup_exit() { + MSG=$1 + ERRCODE=${2:-0} + log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" + rm -f $ERR_LOG_FILE + # rm -rf $TMP_DIR + exit 0 } + log() { #Log message to a file or stdout #TODO: This can be convert into mail alert of alert send to a monitoring system @@ -107,6 +136,13 @@ log() { fi } +# Generate a random number between MIN_DELAY_SEND_REMOTE and +# MAX_DELAY_SEND_REMOTE +random_number() { + diff=$((${MAX_DELAY_SEND_REMOTE} - ${MIN_DELAY_SEND_REMOTE} + 1)) + echo $(($(( ${RANDOM} % ${diff} )) + ${MIN_DELAY_SEND_REMOTE} )) +} + #Get the day delta since the archive file backup seconds_difference() { ARCHIVE_DATE=$( date --date="$1" +%s ) @@ -135,9 +171,17 @@ send_to_remote_server() { if [[ $? -ne 0 ]]; then # Find the swift URL from the keystone endpoint list SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi # Get a token from keystone TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi # Create the container RES_FILE=$(mktemp -p /tmp) @@ -146,28 +190,28 @@ send_to_remote_server() { -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then - log ERROR "${DB_NAME}_backup" "Error creating container ${CONTAINER_NAME}" + log WARN "${DB_NAME}_backup" "Unable to create container ${CONTAINER_NAME}" cat $RES_FILE rm -f $RES_FILE - return 1 + return 2 fi rm -f $RES_FILE swift stat $CONTAINER_NAME if [[ $? -ne 0 ]]; then - log ERROR "${DB_NAME}_backup" "Error retrieving container ${CONTAINER_NAME} details after creation." - return 1 + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${CONTAINER_NAME} details after creation." + return 2 fi fi else - echo $RESULT | grep "HTTP 401" + echo $RESULT | grep -E "HTTP 401|HTTP 403" if [[ $? -eq 0 ]]; then log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" return 1 else - echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable" + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" if [[ $? -eq 0 ]]; then - log ERROR "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" # In this case, keystone or the site/node may be temporarily down. # Return slightly different error code so the calling code can retry return 2 @@ -178,14 +222,163 @@ send_to_remote_server() { fi fi + # load balance delay + DELAY=$((1 + ${RANDOM} % 30)) + echo "Sleeping for ${DELAY} seconds to spread the load in time..." + sleep ${DELAY} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file - openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE || log ERROR "${DB_NAME}_backup" "Cannot create container object ${FILE}!" + openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create container object ${FILE}!" + return 2 + fi + openstack object show $CONTAINER_NAME $FILE if [[ $? -ne 0 ]]; then - log ERROR "${DB_NAME}_backup" "Error retrieving container object $FILE after creation." - return 1 + log WARN "${DB_NAME}_backup" "Unable to retrieve container object $FILE after creation." + return 2 + fi + + # Remote backup verification + MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag") + MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}') + log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME." + log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}." + log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}." + if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then + log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME." + else + log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" + return 2 + fi + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} fi + #--------------------------------------------------------------------------- + log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 } @@ -198,93 +391,175 @@ store_backup_remotely() { FILEPATH=$1 FILE=$2 - # If the RGW_TIMEOUT has already been set, use that value, otherwise give it - # a default value. - if [[ -z $RGW_TIMEOUT ]]; then - RGW_TIMEOUT=1800 - fi - - ERROR_SEEN=false - DONE=false - TIMEOUT_EXP=$(( $(date +%s) + $RGW_TIMEOUT )) - while [[ $DONE == "false" ]]; do + count=1 + while [[ ${count} -le ${REMOTE_BACKUP_RETRIES} ]]; do # Store the new archive to the remote backup storage facility. send_to_remote_server $FILEPATH $FILE + SEND_RESULT="$?" # Check if successful - if [[ $? -eq 0 ]]; then + if [[ $SEND_RESULT -eq 0 ]]; then log INFO "${DB_NAME}_backup" "Backup file ${FILE} successfully sent to RGW." - DONE=true - elif [[ $? -eq 2 ]]; then - # Temporary failure occurred. We need to retry if we have not timed out - log WARN "${DB_NAME}_backup" "Backup file ${FILE} could not be sent to RGW due to connection issue." - DELTA=$(( TIMEOUT_EXP - $(date +%s) )) - if [[ $DELTA -lt 0 ]]; then - DONE=true - log ERROR "${DB_NAME}_backup" "Timed out waiting for RGW to become available." - ERROR_SEEN=true - else - log INFO "${DB_NAME}_backup" "Sleeping 30 seconds waiting for RGW to become available..." - sleep 30 - log INFO "${DB_NAME}_backup" "Retrying..." + return 0 + elif [[ $SEND_RESULT -eq 2 ]]; then + if [[ ${count} -ge ${REMOTE_BACKUP_RETRIES} ]]; then + log ERROR "${DB_NAME}_backup" "Backup file ${FILE} could not be sent to the RGW in " \ + "${REMOTE_BACKUP_RETRIES} retries. Errors encountered. Exiting." + break fi + # Temporary failure occurred. We need to retry + log WARN "${DB_NAME}_backup" "Backup file ${FILE} could not be sent to RGW due to connection issue." + sleep_time=$(random_number) + log INFO "${DB_NAME}_backup" "Sleeping ${sleep_time} seconds waiting for RGW to become available..." + sleep ${sleep_time} + log INFO "${DB_NAME}_backup" "Retrying..." else - log ERROR "${DB_NAME}_backup" "Backup file ${FILE} could not be sent to the RGW." - ERROR_SEEN=true - DONE=true + log ERROR "${DB_NAME}_backup" "Backup file ${FILE} could not be sent to the RGW. Errors encountered. Exiting." + break fi + + # Increment the counter + count=$((count+1)) done - if [[ $ERROR_SEEN == "true" ]]; then - log ERROR "${DB_NAME}_backup" "Errors encountered. Exiting." - return 1 - fi - return 0 + return 1 +} + + +function get_archive_date(){ +# get_archive_date function returns correct archive date +# for different formats of archives' names +# the old one: ....tar.gz +# the new one: ..
...tar.gz + local A_FILE="$1" + awk -F. '{print $(NF-2)}' <<< ${A_FILE} | tr -d "Z" +} + +# This function takes a list of archives' names as an input +# and creates a hash table where keys are number of seconds +# between current date and archive date (see seconds_difference), +# and values are space separated archives' names +# +# +------------+---------------------------------------------------------------------------------------------------------+ +# | 1265342678 | "tmp/mysql.backup.auto.2022-02-14T10:13:13Z.tar.gz" | +# +------------+---------------------------------------------------------------------------------------------------------+ +# | 2346254257 | "tmp/mysql.backup.auto.2022-02-11T10:13:13Z.tar.gz tmp/mysql.backup.manual.2022-02-11T10:13:13Z.tar.gz" | +# +------------+---------------------------------------------------------------------------------------------------------+ +# <...> +# +------------+---------------------------------------------------------------------------------------------------------+ +# | 6253434567 | "tmp/mysql.backup.manual.2022-02-01T10:13:13Z.tar.gz" | +# +------------+---------------------------------------------------------------------------------------------------------+ +# We will use the explained above data stracture to cover rare, but still +# possible case, when we have several backups of the same date. E.g. +# one manual, and one automatic. + +declare -A fileTable +create_hash_table() { +unset fileTable +fileList=$@ + for ARCHIVE_FILE in ${fileList}; do + # Creating index, we will round given ARCHIVE_DATE to the midnight (00:00:00) + # to take in account a possibility, that we can have more than one scheduled + # backup per day. + ARCHIVE_DATE=$(get_archive_date ${ARCHIVE_FILE}) + ARCHIVE_DATE=$(date --date=${ARCHIVE_DATE} +%D) + log INFO "${DB_NAME}_backup" "Archive date to build index: ${ARCHIVE_DATE}" + INDEX=$(seconds_difference ${ARCHIVE_DATE}) + if [[ -z fileTable[${INDEX}] ]]; then + fileTable[${INDEX}]=${ARCHIVE_FILE} + else + fileTable[${INDEX}]="${fileTable[${INDEX}]} ${ARCHIVE_FILE}" + fi + echo "INDEX: ${INDEX} VALUE: ${fileTable[${INDEX}]}" + done +} + +function get_backup_prefix() { +# Create list of all possible prefixes in a format: +# . to cover a possible situation +# when different backups of different databases and/or +# namespaces share the same local or remote storage. + ALL_FILES=($@) + PREFIXES=() + for fname in ${ALL_FILES[@]}; do + prefix=$(basename ${fname} | cut -d'.' -f1,2 ) + for ((i=0; i<${#PREFIXES[@]}; i++)) do + if [[ ${PREFIXES[${i}]} == ${prefix} ]]; then + prefix="" + break + fi + done + if [[ ! -z ${prefix} ]]; then + PREFIXES+=(${prefix}) + fi + done } remove_old_local_archives() { - log INFO "${DB_NAME}_backup" "Deleting backups older than ${LOCAL_DAYS_TO_KEEP} days" + SECONDS_TO_KEEP=$(( $((${LOCAL_DAYS_TO_KEEP}))*86400)) + log INFO "${DB_NAME}_backup" "Deleting backups older than ${LOCAL_DAYS_TO_KEEP} days (${SECONDS_TO_KEEP} seconds)" if [[ -d $ARCHIVE_DIR ]]; then - for ARCHIVE_FILE in $(ls -1 $ARCHIVE_DIR/*.gz); do - ARCHIVE_DATE=$( echo $ARCHIVE_FILE | awk -F/ '{print $NF}' | cut -d'.' -f 4) - if [[ "$(seconds_difference $ARCHIVE_DATE)" -gt "$(($LOCAL_DAYS_TO_KEEP*86400))" ]]; then - log INFO "${DB_NAME}_backup" "Deleting file $ARCHIVE_FILE." - rm -rf $ARCHIVE_FILE - if [[ $? -ne 0 ]]; then - # Log error but don't exit so we can finish the script - # because at this point we haven't sent backup to RGW yet - log ERROR "${DB_NAME}_backup" "Cannot remove ${ARCHIVE_FILE}" - fi + count=0 + # We iterate over the hash table, checking the delta in seconds (hash keys), + # and minimum number of backups we must have in place. List of keys has to be sorted. + for INDEX in $(tr " " "\n" <<< ${!fileTable[@]} | sort -n -); do + ARCHIVE_FILE=${fileTable[${INDEX}]} + if [[ ${INDEX} -lt ${SECONDS_TO_KEEP} || ${count} -lt ${LOCAL_DAYS_TO_KEEP} ]]; then + ((count++)) + log INFO "${DB_NAME}_backup" "Keeping file(s) ${ARCHIVE_FILE}." else - log INFO "${DB_NAME}_backup" "Keeping file ${ARCHIVE_FILE}." + log INFO "${DB_NAME}_backup" "Deleting file(s) ${ARCHIVE_FILE}." + rm -f ${ARCHIVE_FILE} + if [[ $? -ne 0 ]]; then + # Log error but don't exit so we can finish the script + # because at this point we haven't sent backup to RGW yet + log ERROR "${DB_NAME}_backup" "Failed to cleanup local backup. Cannot remove some of ${ARCHIVE_FILE}" + fi fi done + else + log WARN "${DB_NAME}_backup" "The local backup directory ${$ARCHIVE_DIR} does not exist." fi } -remove_old_remote_archives() { - log INFO "${DB_NAME}_backup" "Deleting backups older than ${REMOTE_DAYS_TO_KEEP} days" +prepare_list_of_remote_backups() { BACKUP_FILES=$(mktemp -p /tmp) DB_BACKUP_FILES=$(mktemp -p /tmp) - openstack object list $CONTAINER_NAME > $BACKUP_FILES if [[ $? -ne 0 ]]; then - log_backup_error_exit "Could not obtain a list of current backup files in the RGW" 1 + log_backup_error_exit \ + "Failed to cleanup remote backup. Could not obtain a list of current backup files in the RGW" fi - # Filter out other types of backup files cat $BACKUP_FILES | grep $DB_NAME | grep $DB_NAMESPACE | awk '{print $2}' > $DB_BACKUP_FILES +} - for ARCHIVE_FILE in $(cat $DB_BACKUP_FILES); do - ARCHIVE_DATE=$( echo $ARCHIVE_FILE | awk -F/ '{print $NF}' | cut -d'.' -f 4) - if [[ "$(seconds_difference ${ARCHIVE_DATE})" -gt "$((${REMOTE_DAYS_TO_KEEP}*86400))" ]]; then - log INFO "${DB_NAME}_backup" "Deleting file ${ARCHIVE_FILE} from the RGW" - openstack object delete $CONTAINER_NAME $ARCHIVE_FILE || log_backup_error_exit "Cannot delete container object ${ARCHIVE_FILE}!" 1 +# The logic implemented with this function is absolutely similar +# to the function remove_old_local_archives (see above) +remove_old_remote_archives() { + count=0 + SECONDS_TO_KEEP=$((${REMOTE_DAYS_TO_KEEP}*86400)) + log INFO "${DB_NAME}_backup" "Deleting backups older than ${REMOTE_DAYS_TO_KEEP} days (${SECONDS_TO_KEEP} seconds)" + for INDEX in $(tr " " "\n" <<< ${!fileTable[@]} | sort -n -); do + ARCHIVE_FILE=${fileTable[${INDEX}]} + if [[ ${INDEX} -lt ${SECONDS_TO_KEEP} || ${count} -lt ${REMOTE_DAYS_TO_KEEP} ]]; then + ((count++)) + log INFO "${DB_NAME}_backup" "Keeping remote backup(s) ${ARCHIVE_FILE}." + else + log INFO "${DB_NAME}_backup" "Deleting remote backup(s) ${ARCHIVE_FILE} from the RGW" + openstack object delete ${CONTAINER_NAME} ${ARCHIVE_FILE} || log WARN "${DB_NAME}_backup" \ + "Failed to cleanup remote backup. Cannot delete container object ${ARCHIVE_FILE}" fi done # Cleanup now that we're done. - rm -f $BACKUP_FILES $DB_BACKUP_FILES + for fd in ${BACKUP_FILES} ${DB_BACKUP_FILES}; do + if [[ -f ${fd} ]]; then + rm -f ${fd} + else + log WARN "${DB_NAME}_backup" "Can not delete a temporary file ${fd}" + fi + done } # Main function to backup the databases. Calling functions need to supply: @@ -297,11 +572,14 @@ backup_databases() { SCOPE=${1:-"all"} # Create necessary directories if they do not exist. - mkdir -p $ARCHIVE_DIR || log_backup_error_exit "Cannot create directory ${ARCHIVE_DIR}!" - export TMP_DIR=$(mktemp -d) || log_backup_error_exit "Cannot create temp directory!" + mkdir -p $ARCHIVE_DIR || log_backup_error_exit \ + "Backup of the ${DB_NAME} database failed. Cannot create directory ${ARCHIVE_DIR}!" + export TMP_DIR=$(mktemp -d) || log_backup_error_exit \ + "Backup of the ${DB_NAME} database failed. Cannot create temp directory!" # Create temporary log file - export ERR_LOG_FILE=$(mktemp -p /tmp) || log_backup_error_exit "Cannot create log file!" + export ERR_LOG_FILE=$(mktemp -p /tmp) || log_backup_error_exit \ + "Backup of the ${DB_NAME} database failed. Cannot create log file!" # It is expected that this function will dump the database files to the $TMP_DIR dump_databases_to_directory $TMP_DIR $ERR_LOG_FILE $SCOPE @@ -321,12 +599,14 @@ backup_databases() { TARBALL_FILE="${DB_NAME}.${DB_NAMESPACE}.${SCOPE}.${BACK_UP_MODE}.${NOW}.tar.gz" fi - cd $TMP_DIR || log_backup_error_exit "Cannot change to directory $TMP_DIR" + cd $TMP_DIR || log_backup_error_exit \ + "Backup of the ${DB_NAME} database failed. Cannot change to directory $TMP_DIR" #Archive the current database files tar zcvf $ARCHIVE_DIR/$TARBALL_FILE * if [[ $? -ne 0 ]]; then - log_backup_error_exit "Backup tarball could not be created." + log_backup_error_exit \ + "Backup ${DB_NAME} to local file system failed. Backup tarball could not be created." fi # Get the size of the file @@ -336,30 +616,55 @@ backup_databases() { cd $ARCHIVE_DIR - # Remove the temporary directory and files as they are no longer needed. - rm -rf $TMP_DIR - rm -f $ERR_LOG_FILE - #Only delete the old archive after a successful archive export LOCAL_DAYS_TO_KEEP=$(echo $LOCAL_DAYS_TO_KEEP | sed 's/"//g') if [[ "$LOCAL_DAYS_TO_KEEP" -gt 0 ]]; then - remove_old_local_archives + get_backup_prefix $(ls -1 ${ARCHIVE_DIR}/*.gz) + for ((i=0; i<${#PREFIXES[@]}; i++)); do + echo "Working with prefix: ${PREFIXES[i]}" + create_hash_table $(ls -1 ${ARCHIVE_DIR}/${PREFIXES[i]}*.gz) + remove_old_local_archives + done + fi + + # Local backup verification process + + # It is expected that this function will verify the database backup files + if verify_databases_backup_archives ${SCOPE}; then + log INFO "${DB_NAME}_backup_verify" "Databases backup verified successfully. Uploading verified backups to remote location..." + else + # If successful, there should be at least one file in the TMP_DIR + if [[ $(ls $TMP_DIR | wc -w) -eq 0 ]]; then + cat $ERR_LOG_FILE + fi + log_verify_backup_exit "Verify of the ${DB_NAME} database backup failed and needs attention." + exit 1 fi + # Remove the temporary directory and files as they are no longer needed. + rm -rf $TMP_DIR + rm -f $ERR_LOG_FILE + + # Remote backup REMOTE_BACKUP=$(echo $REMOTE_BACKUP_ENABLED | sed 's/"//g') if $REMOTE_BACKUP; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export REMOTE_BACKUP_RETRIES=$(echo $REMOTE_BACKUP_RETRIES | sed 's/"//g') + export MIN_DELAY_SEND_REMOTE=$(echo $MIN_DELAY_SEND_REMOTE | sed 's/"//g') + export MAX_DELAY_SEND_REMOTE=$(echo $MAX_DELAY_SEND_REMOTE | sed 's/"//g') + export REMOTE_DAYS_TO_KEEP=$(echo $REMOTE_DAYS_TO_KEEP | sed 's/"//g') + store_backup_remotely $ARCHIVE_DIR $TARBALL_FILE if [[ $? -ne 0 ]]; then # This error should print first, then print the summary as the last # thing that the user sees in the output. log ERROR "${DB_NAME}_backup" "Backup ${TARBALL_FILE} could not be sent to remote RGW." - set +x echo "==================================================================" echo "Local backup successful, but could not send to remote RGW." echo "Backup archive name: $TARBALL_FILE" echo "Backup archive size: $ARCHIVE_SIZE" echo "==================================================================" - set -x # Because the local backup was successful, exit with 0 so the pod will not # continue to restart and fill the disk with more backups. The ERRORs are # logged and alerting system should catch those errors and flag the operator. @@ -367,31 +672,30 @@ backup_databases() { fi #Only delete the old archive after a successful archive - export REMOTE_DAYS_TO_KEEP=$(echo $REMOTE_DAYS_TO_KEEP | sed 's/"//g') if [[ "$REMOTE_DAYS_TO_KEEP" -gt 0 ]]; then - remove_old_remote_archives + prepare_list_of_remote_backups + get_backup_prefix $(cat $DB_BACKUP_FILES) + for ((i=0; i<${#PREFIXES[@]}; i++)); do + echo "Working with prefix: ${PREFIXES[i]}" + create_hash_table $(cat ${DB_BACKUP_FILES} | grep ${PREFIXES[i]}) + remove_old_remote_archives + done fi - # Turn off trace just for a clearer printout of backup status - for manual backups, mainly. - set +x echo "==================================================================" echo "Local backup and backup to remote RGW successful!" echo "Backup archive name: $TARBALL_FILE" echo "Backup archive size: $ARCHIVE_SIZE" echo "==================================================================" - set -x else # Remote backup is not enabled. This is ok; at least we have a local backup. log INFO "${DB_NAME}_backup" "Skipping remote backup, as it is not enabled." - # Turn off trace just for a clearer printout of backup status - for manual backups, mainly. - set +x echo "==================================================================" echo "Local backup successful!" echo "Backup archive name: $TARBALL_FILE" echo "Backup archive size: $ARCHIVE_SIZE" echo "==================================================================" - set -x fi } -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_restore_main.sh.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_restore_main.sh.tpl index c2de3aaa6..093dd2cc9 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_restore_main.sh.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/scripts/db-backup-restore/_restore_main.sh.tpl @@ -269,7 +269,7 @@ list_archives() { echo "==============================================" for archive in $archives do - echo $archive | cut -d '/' -f 8 + echo $archive | cut -d '/' -f8- done clean_and_exit 0 "" else diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl index 0324e682d..48b53fa10 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl @@ -17,12 +17,20 @@ abstract: | Renders a set of standardised labels values: | release_group: null + pod: + labels: + default: + label1.example.com: value + bar: + label2.example.com: bar usage: | {{ tuple . "foo" "bar" | include "helm-toolkit.snippets.kubernetes_metadata_labels" }} return: | release_group: RELEASE-NAME application: foo component: bar + label1.example.com: value + label2.example.com: bar */}} {{- define "helm-toolkit.snippets.kubernetes_metadata_labels" -}} @@ -32,4 +40,12 @@ return: | release_group: {{ $envAll.Values.release_group | default $envAll.Release.Name }} application: {{ $application }} component: {{ $component }} +{{- if ($envAll.Values.pod).labels }} +{{- if hasKey $envAll.Values.pod.labels $component }} +{{ index $envAll.Values.pod "labels" $component | toYaml }} +{{- end -}} +{{- if hasKey $envAll.Values.pod.labels "default" }} +{{ $envAll.Values.pod.labels.default | toYaml }} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_image_pull_secret.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_image_pull_secret.tpl new file mode 100644 index 000000000..74173dcef --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_image_pull_secret.tpl @@ -0,0 +1,45 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Renders image pull secrets for a pod +values: | + pod: + image_pull_secrets: + default: + - name: some-pull-secret + bar: + - name: another-pull-secret +usage: | + {{ tuple . "bar" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" }} +return: | + imagePullSecrets: + - name: some-pull-secret + - name: another-pull-secret +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_image_pull_secrets" -}} +{{- $envAll := index . 0 -}} +{{- $application := index . 1 -}} +{{- if ($envAll.Values.pod).image_pull_secrets }} +imagePullSecrets: +{{- if hasKey $envAll.Values.pod.image_pull_secrets $application }} +{{ index $envAll.Values.pod "image_pull_secrets" $application | toYaml | indent 2 }} +{{- end -}} +{{- if hasKey $envAll.Values.pod.image_pull_secrets "default" }} +{{ $envAll.Values.pod.image_pull_secrets.default | toYaml | indent 2 }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl index baa70732e..90a7a6517 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl @@ -62,5 +62,8 @@ rules: - services - endpoints {{- end -}} + {{ if eq $v "secrets" }} + - secrets + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl index a8f1c49e3..bc2045e5f 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl @@ -42,6 +42,12 @@ kind: ServiceAccount metadata: name: {{ $saName }} namespace: {{ $saNamespace }} +{{- if $envAll.Values.manifests.secret_registry }} +{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }} +imagePullSecrets: + - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }} +{{- end -}} +{{- end -}} {{- range $k, $v := $deps -}} {{- if eq $k "services" }} {{- range $serv := $v }} @@ -57,6 +63,8 @@ metadata: {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }} {{- else if and (eq $k "pod") $v }} {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }} +{{- else if and (eq $k "secret") $v }} +{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "secrets," ((index $allNamespace $saNamespace) | default "")) }} {{- end -}} {{- end -}} {{- $_ := unset $allNamespace $randomKey }} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_mon_host_from_k8s_ep.sh.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_mon_host_from_k8s_ep.sh.tpl new file mode 100644 index 000000000..fc74c6fb4 --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_mon_host_from_k8s_ep.sh.tpl @@ -0,0 +1,68 @@ +{{- define "helm-toolkit.snippets.mon_host_from_k8s_ep" -}} +{{/* + +Inserts a bash function definition mon_host_from_k8s_ep() which can be used +to construct a mon_hosts value from the given namespaced endpoint. + +Usage (e.g. in _script.sh.tpl): + #!/bin/bash + + : "${NS:=ceph}" + : "${EP:=ceph-mon-discovery}" + + {{ include "helm-toolkit.snippets.mon_host_from_k8s_ep" . }} + + MON_HOST=$(mon_host_from_k8s_ep "$NS" "$EP") + + if [ -z "$MON_HOST" ]; then + # deal with failure + else + sed -i -e "s/^mon_host = /mon_host = $MON_HOST/" /etc/ceph/ceph.conf + fi +*/}} +{{` +# Construct a mon_hosts value from the given namespaced endpoint +# IP x.x.x.x with port p named "mon-msgr2" will appear as [v2:x.x.x.x/p/0] +# IP x.x.x.x with port q named "mon" will appear as [v1:x.x.x.x/q/0] +# IP x.x.x.x with ports p and q will appear as [v2:x.x.x.x/p/0,v1:x.x.x.x/q/0] +# The entries for all IPs will be joined with commas +mon_host_from_k8s_ep() { + local ns=$1 + local ep=$2 + + if [ -z "$ns" ] || [ -z "$ep" ]; then + return 1 + fi + + # We don't want shell expansion for the go-template expression + # shellcheck disable=SC2016 + kubectl get endpoints -n "$ns" "$ep" -o go-template=' + {{- $sep := "" }} + {{- range $_,$s := .subsets }} + {{- $v2port := 0 }} + {{- $v1port := 0 }} + {{- range $_,$port := index $s "ports" }} + {{- if (eq $port.name "mon-msgr2") }} + {{- $v2port = $port.port }} + {{- else if (eq $port.name "mon") }} + {{- $v1port = $port.port }} + {{- end }} + {{- end }} + {{- range $_,$address := index $s "addresses" }} + {{- $v2endpoint := printf "v2:%s:%d/0" $address.ip $v2port }} + {{- $v1endpoint := printf "v1:%s:%d/0" $address.ip $v1port }} + {{- if (and $v2port $v1port) }} + {{- printf "%s[%s,%s]" $sep $v2endpoint $v1endpoint }} + {{- $sep = "," }} + {{- else if $v2port }} + {{- printf "%s[%s]" $sep $v2endpoint }} + {{- $sep = "," }} + {{- else if $v1port }} + {{- printf "%s[%s]" $sep $v1endpoint }} + {{- $sep = "," }} + {{- end }} + {{- end }} + {{- end }}' +} +`}} +{{- end -}} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl index b99c00db4..4a88dd8df 100644 --- a/charts/ceph-provisioners/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl +++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl @@ -27,10 +27,12 @@ limitations under the License. {{- else if kindIs "slice" $dependencyMixinParam }} {{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }} {{- range $k, $v := $dependencyMixinParam -}} +{{- if ( index $envAll.Values.dependencies.dynamic.targeted $v ) }} {{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}} {{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}} {{- end }} {{- end }} +{{- end }} {{- else -}} {{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}} {{- end -}} diff --git a/charts/ceph-provisioners/requirements.lock b/charts/ceph-provisioners/requirements.lock index 3b09b9a53..43aa382fd 100644 --- a/charts/ceph-provisioners/requirements.lock +++ b/charts/ceph-provisioners/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: https://tarballs.opendev.org/openstack/openstack-helm-infra - version: '>= 0.1.0' -digest: sha256:9a14200f65f9e9d7f811f6b763242eea2a0ff5f36199412abc2c58f273b95899 -generated: "2021-07-28T15:09:21.187908283Z" + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/ceph-provisioners/requirements.yaml b/charts/ceph-provisioners/requirements.yaml index 4333ba9a1..ddafbfc88 100644 --- a/charts/ceph-provisioners/requirements.yaml +++ b/charts/ceph-provisioners/requirements.yaml @@ -1,18 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- dependencies: - - name: helm-toolkit - repository: https://tarballs.opendev.org/openstack/openstack-helm-infra - version: ">= 0.1.0" -... +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.64 diff --git a/charts/cinder/charts/helm-toolkit/Chart.yaml b/charts/cinder/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/cinder/charts/helm-toolkit/Chart.yaml +++ b/charts/cinder/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/cinder/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/cinder/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/cinder/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/cinder/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/cinder/requirements.lock b/charts/cinder/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/cinder/requirements.lock +++ b/charts/cinder/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/cinder/requirements.yaml b/charts/cinder/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/cinder/requirements.yaml +++ b/charts/cinder/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/designate/charts/helm-toolkit/Chart.yaml b/charts/designate/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/designate/charts/helm-toolkit/Chart.yaml +++ b/charts/designate/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/designate/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/designate/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/designate/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/designate/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/designate/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/designate/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/designate/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/designate/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/designate/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/designate/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/designate/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/designate/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/designate/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/designate/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/designate/requirements.lock b/charts/designate/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/designate/requirements.lock +++ b/charts/designate/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/designate/requirements.yaml b/charts/designate/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/designate/requirements.yaml +++ b/charts/designate/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/glance/charts/helm-toolkit/Chart.yaml b/charts/glance/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/glance/charts/helm-toolkit/Chart.yaml +++ b/charts/glance/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/glance/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/glance/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/glance/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/glance/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/glance/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/glance/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/glance/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/glance/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/glance/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/glance/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/glance/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/glance/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/glance/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/glance/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/glance/requirements.lock b/charts/glance/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/glance/requirements.lock +++ b/charts/glance/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/glance/requirements.yaml b/charts/glance/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/glance/requirements.yaml +++ b/charts/glance/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/heat/charts/helm-toolkit/Chart.yaml b/charts/heat/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/heat/charts/helm-toolkit/Chart.yaml +++ b/charts/heat/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/heat/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/heat/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/heat/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/heat/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/heat/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/heat/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/heat/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/heat/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/heat/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/heat/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/heat/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/heat/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/heat/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/heat/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/heat/requirements.lock b/charts/heat/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/heat/requirements.lock +++ b/charts/heat/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/heat/requirements.yaml b/charts/heat/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/heat/requirements.yaml +++ b/charts/heat/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/horizon/charts/helm-toolkit/Chart.yaml b/charts/horizon/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/horizon/charts/helm-toolkit/Chart.yaml +++ b/charts/horizon/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/horizon/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/horizon/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/horizon/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/horizon/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/horizon/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/horizon/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/horizon/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/horizon/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/horizon/requirements.lock b/charts/horizon/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/horizon/requirements.lock +++ b/charts/horizon/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/horizon/requirements.yaml b/charts/horizon/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/horizon/requirements.yaml +++ b/charts/horizon/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/keystone/charts/helm-toolkit/Chart.yaml b/charts/keystone/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/keystone/charts/helm-toolkit/Chart.yaml +++ b/charts/keystone/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/keystone/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/keystone/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/keystone/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/keystone/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/keystone/requirements.lock b/charts/keystone/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/keystone/requirements.lock +++ b/charts/keystone/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/keystone/requirements.yaml b/charts/keystone/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/keystone/requirements.yaml +++ b/charts/keystone/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/libvirt/charts/helm-toolkit/Chart.yaml b/charts/libvirt/charts/helm-toolkit/Chart.yaml index fd3f461a1..e827e99f5 100644 --- a/charts/libvirt/charts/helm-toolkit/Chart.yaml +++ b/charts/libvirt/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.56 +version: 0.2.64 diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/libvirt/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/libvirt/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/libvirt/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/libvirt/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/libvirt/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/libvirt/requirements.lock b/charts/libvirt/requirements.lock index 5cfd3538e..43aa382fd 100644 --- a/charts/libvirt/requirements.lock +++ b/charts/libvirt/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 -digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/libvirt/requirements.yaml b/charts/libvirt/requirements.yaml index 2590759be..ddafbfc88 100644 --- a/charts/libvirt/requirements.yaml +++ b/charts/libvirt/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 + version: 0.2.64 diff --git a/charts/magnum/charts/helm-toolkit/Chart.yaml b/charts/magnum/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/magnum/charts/helm-toolkit/Chart.yaml +++ b/charts/magnum/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/magnum/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/magnum/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/magnum/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/magnum/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/magnum/requirements.lock b/charts/magnum/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/magnum/requirements.lock +++ b/charts/magnum/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/magnum/requirements.yaml b/charts/magnum/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/magnum/requirements.yaml +++ b/charts/magnum/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/manila/charts/helm-toolkit/Chart.yaml b/charts/manila/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/manila/charts/helm-toolkit/Chart.yaml +++ b/charts/manila/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/manila/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/manila/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/manila/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/manila/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/manila/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/manila/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/manila/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/manila/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/manila/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/manila/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/manila/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/manila/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/manila/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/manila/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/manila/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/manila/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/manila/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/manila/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/manila/requirements.lock b/charts/manila/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/manila/requirements.lock +++ b/charts/manila/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/manila/requirements.yaml b/charts/manila/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/manila/requirements.yaml +++ b/charts/manila/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/memcached/charts/helm-toolkit/Chart.yaml b/charts/memcached/charts/helm-toolkit/Chart.yaml index 404f380d0..e827e99f5 100644 --- a/charts/memcached/charts/helm-toolkit/Chart.yaml +++ b/charts/memcached/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.52 +version: 0.2.64 diff --git a/charts/memcached/charts/helm-toolkit/requirements.lock b/charts/memcached/charts/helm-toolkit/requirements.lock index f58d8e029..808bd945e 100644 --- a/charts/memcached/charts/helm-toolkit/requirements.lock +++ b/charts/memcached/charts/helm-toolkit/requirements.lock @@ -1,3 +1,3 @@ dependencies: [] digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 -generated: "2023-03-17T21:00:03.500496699Z" +generated: '0001-01-01T00:00:00Z' diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_ingress.tpl index 4c476b2ce..cacb4b813 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -67,16 +67,16 @@ examples: metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" rules: - host: barbican http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -108,10 +108,10 @@ examples: metadata: name: barbican-namespace-fqdn annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public hosts: @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -133,10 +133,10 @@ examples: metadata: name: barbican-cluster-fqdn annotations: - kubernetes.io/ingress.class: "nginx-cluster" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx-cluster" tls: - secretName: barbican-tls-public hosts: @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -202,10 +202,10 @@ examples: metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public hosts: @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -302,12 +302,12 @@ examples: metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" cert-manager.io/issuer: ca-issuer certmanager.k8s.io/issuer: ca-issuer nginx.ingress.kubernetes.io/backend-protocol: https nginx.ingress.kubernetes.io/secure-backends: "true" spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public-certmanager hosts: @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -404,12 +404,12 @@ examples: metadata: name: barbican annotations: - kubernetes.io/ingress.class: "nginx" cert-manager.io/cluster-issuer: ca-issuer certmanager.k8s.io/cluster-issuer: ca-issuer nginx.ingress.kubernetes.io/backend-protocol: https nginx.ingress.kubernetes.io/secure-backends: "true" spec: + ingressClassName: "nginx" tls: - secretName: barbican-tls-public-certmanager hosts: @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -488,16 +488,16 @@ examples: metadata: name: grafana annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" rules: - host: grafana http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -529,10 +529,10 @@ examples: metadata: name: grafana-namespace-fqdn annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx" tls: - secretName: grafana-tls-public hosts: @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -565,10 +565,10 @@ examples: metadata: name: grafana-cluster-fqdn annotations: - kubernetes.io/ingress.class: "nginx-cluster" nginx.ingress.kubernetes.io/rewrite-target: / spec: + ingressClassName: "nginx-cluster" tls: - secretName: grafana-tls-public hosts: @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -639,7 +641,6 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }} {{- if $certIssuer }} cert-manager.io/{{ $certIssuerType }}: {{ $certIssuer }} certmanager.k8s.io/{{ $certIssuerType }}: {{ $certIssuer }} @@ -650,6 +651,7 @@ metadata: {{- end }} {{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} spec: + ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }} {{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "hosts" }} {{- if $certIssuer }} {{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -695,9 +697,9 @@ kind: Ingress metadata: name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }} annotations: - kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }} {{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} spec: + ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }} {{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "host_fqdn_override" }} {{- if hasKey $host $endpoint }} {{- $endpointHost := index $host $endpoint }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/memcached/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/memcached/charts/helm-toolkit/templates/scripts/_db-init.py.tpl index 4294d40c5..6027b9515 100644 --- a/charts/memcached/charts/helm-toolkit/templates/scripts/_db-init.py.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/scripts/_db-init.py.tpl @@ -133,8 +133,10 @@ except: # Create DB User try: root_engine.execute( - "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format( - database, user, password, mysql_x509)) + "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format( + user, password, mysql_x509)) + root_engine.execute( + "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user)) logger.info("Created user {0} for {1}".format(user, database)) except: logger.critical("Could not create user {0} for {1}".format(user, database)) diff --git a/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/memcached/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/memcached/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/memcached/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/memcached/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/memcached/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl b/charts/memcached/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl index b99c00db4..4a88dd8df 100644 --- a/charts/memcached/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl +++ b/charts/memcached/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl @@ -27,10 +27,12 @@ limitations under the License. {{- else if kindIs "slice" $dependencyMixinParam }} {{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }} {{- range $k, $v := $dependencyMixinParam -}} +{{- if ( index $envAll.Values.dependencies.dynamic.targeted $v ) }} {{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}} {{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}} {{- end }} {{- end }} +{{- end }} {{- else -}} {{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}} {{- end -}} diff --git a/charts/memcached/requirements.lock b/charts/memcached/requirements.lock index a348b9ece..43aa382fd 100644 --- a/charts/memcached/requirements.lock +++ b/charts/memcached/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit - repository: file://../helm-toolkit - version: 0.2.52 -digest: sha256:d7c1d04fc7525277f29dac7fc7d2996c60cb3e708f487cd2bf88a0236454f7e3 -generated: "2023-03-17T21:00:20.838477353Z" + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 +generated: '0001-01-01T00:00:00Z' diff --git a/charts/memcached/requirements.yaml b/charts/memcached/requirements.yaml index 84f0affae..ddafbfc88 100644 --- a/charts/memcached/requirements.yaml +++ b/charts/memcached/requirements.yaml @@ -1,18 +1,4 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- dependencies: - - name: helm-toolkit - repository: file://../helm-toolkit - version: ">= 0.1.0" -... +- name: helm-toolkit + repository: https://tarballs.openstack.org/openstack-helm-infra + version: 0.2.64 diff --git a/charts/neutron/charts/helm-toolkit/Chart.yaml b/charts/neutron/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/neutron/charts/helm-toolkit/Chart.yaml +++ b/charts/neutron/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/neutron/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/neutron/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/neutron/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/neutron/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/neutron/requirements.lock b/charts/neutron/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/neutron/requirements.lock +++ b/charts/neutron/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/neutron/requirements.yaml b/charts/neutron/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/neutron/requirements.yaml +++ b/charts/neutron/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/nova/charts/helm-toolkit/Chart.yaml b/charts/nova/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/nova/charts/helm-toolkit/Chart.yaml +++ b/charts/nova/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/nova/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/nova/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/nova/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/nova/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/nova/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/nova/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/nova/requirements.lock +++ b/charts/nova/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/nova/requirements.yaml b/charts/nova/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/nova/requirements.yaml +++ b/charts/nova/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/octavia/charts/helm-toolkit/Chart.yaml b/charts/octavia/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/octavia/charts/helm-toolkit/Chart.yaml +++ b/charts/octavia/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/octavia/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/octavia/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/octavia/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/octavia/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/octavia/requirements.lock b/charts/octavia/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/octavia/requirements.lock +++ b/charts/octavia/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/octavia/requirements.yaml b/charts/octavia/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/octavia/requirements.yaml +++ b/charts/octavia/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/openvswitch/charts/helm-toolkit/Chart.yaml b/charts/openvswitch/charts/helm-toolkit/Chart.yaml index fd3f461a1..e827e99f5 100644 --- a/charts/openvswitch/charts/helm-toolkit/Chart.yaml +++ b/charts/openvswitch/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.56 +version: 0.2.64 diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/openvswitch/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openvswitch/requirements.lock b/charts/openvswitch/requirements.lock index 5cfd3538e..43aa382fd 100644 --- a/charts/openvswitch/requirements.lock +++ b/charts/openvswitch/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 -digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/openvswitch/requirements.yaml b/charts/openvswitch/requirements.yaml index 2590759be..ddafbfc88 100644 --- a/charts/openvswitch/requirements.yaml +++ b/charts/openvswitch/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 + version: 0.2.64 diff --git a/charts/ovn/charts/helm-toolkit/Chart.yaml b/charts/ovn/charts/helm-toolkit/Chart.yaml index fd3f461a1..e827e99f5 100644 --- a/charts/ovn/charts/helm-toolkit/Chart.yaml +++ b/charts/ovn/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.56 +version: 0.2.64 diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/ovn/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/ovn/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/ovn/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/ovn/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/ovn/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ovn/requirements.lock b/charts/ovn/requirements.lock index 5cfd3538e..43aa382fd 100644 --- a/charts/ovn/requirements.lock +++ b/charts/ovn/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 -digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/ovn/requirements.yaml b/charts/ovn/requirements.yaml index 2590759be..ddafbfc88 100644 --- a/charts/ovn/requirements.yaml +++ b/charts/ovn/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.56 + version: 0.2.64 diff --git a/charts/patches/barbican/0001-tune-uwsgi-config.patch b/charts/patches/barbican/0001-tune-uwsgi-config.patch new file mode 100644 index 000000000..3c472ee8b --- /dev/null +++ b/charts/patches/barbican/0001-tune-uwsgi-config.patch @@ -0,0 +1,25 @@ +diff --git a/barbican/values.yaml b/charts/barbican/values.yaml +index 3991d2ba..86abf1d3 100644 +--- a/barbican/values.yaml ++++ b/barbican/values.yaml +@@ -360,15 +360,20 @@ conf: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 ++ chunked-input-limit: "4096000" + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all ++ http-auto-chunked: true ++ http-raw-body: true + lazy-apps: true + log-x-forwarded-for: true + master: true ++ need-app: true + procname-prefix-spaced: "barbiacan-api:" + route-user-agent: '^kube-probe.* donotlog:' ++ socket-timeout: 10 + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api diff --git a/charts/placement/charts/helm-toolkit/Chart.yaml b/charts/placement/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/placement/charts/helm-toolkit/Chart.yaml +++ b/charts/placement/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/placement/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/placement/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/placement/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/placement/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/placement/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/placement/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/placement/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/placement/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/placement/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/placement/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/placement/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/placement/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/placement/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/placement/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/placement/requirements.lock b/charts/placement/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/placement/requirements.lock +++ b/charts/placement/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/placement/requirements.yaml b/charts/placement/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/placement/requirements.yaml +++ b/charts/placement/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/senlin/charts/helm-toolkit/Chart.yaml b/charts/senlin/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/senlin/charts/helm-toolkit/Chart.yaml +++ b/charts/senlin/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/senlin/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/senlin/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/senlin/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/senlin/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/senlin/requirements.lock b/charts/senlin/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/senlin/requirements.lock +++ b/charts/senlin/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/senlin/requirements.yaml b/charts/senlin/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/senlin/requirements.yaml +++ b/charts/senlin/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 diff --git a/charts/tempest/charts/helm-toolkit/Chart.yaml b/charts/tempest/charts/helm-toolkit/Chart.yaml index 1ee97589b..e827e99f5 100644 --- a/charts/tempest/charts/helm-toolkit/Chart.yaml +++ b/charts/tempest/charts/helm-toolkit/Chart.yaml @@ -9,4 +9,4 @@ name: helm-toolkit sources: - https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm -version: 0.2.55 +version: 0.2.64 diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl index 972e42946..cacb4b813 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl @@ -59,7 +59,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -76,7 +76,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -86,7 +86,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -96,7 +96,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -121,7 +121,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -146,7 +146,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -194,7 +194,7 @@ examples: default: 9311 public: 80 usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -217,7 +217,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -227,7 +227,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -237,7 +237,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -294,7 +294,7 @@ examples: name: ca-issuer kind: Issuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -319,7 +319,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -329,7 +329,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -339,7 +339,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -396,7 +396,7 @@ examples: name: ca-issuer kind: ClusterIssuer usage: | - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}} + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}} return: | --- apiVersion: networking.k8s.io/v1 @@ -421,7 +421,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -431,7 +431,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -441,7 +441,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: barbican-api @@ -479,7 +479,7 @@ examples: grafana: public: grafana-tls-public usage: | - {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} + {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} return: | --- @@ -497,7 +497,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -507,7 +507,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -517,7 +517,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -543,7 +543,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -553,7 +553,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -579,7 +579,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -589,7 +589,7 @@ examples: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: grafana-dashboard @@ -602,11 +602,12 @@ examples: {{- $vHost := index . "vHost" -}} {{- $backendName := index . "backendName" -}} {{- $backendPort := index . "backendPort" -}} +{{- $pathType := index . "pathType" -}} - host: {{ $vHost }} http: paths: - path: / - pathType: ImplementationSpecific + pathType: {{ $pathType }} backend: service: name: {{ $backendName }} @@ -624,6 +625,7 @@ examples: {{- $backendServiceType := index . "backendServiceType" -}} {{- $backendPort := index . "backendPort" -}} {{- $endpoint := index . "endpoint" | default "public" -}} +{{- $pathType := index . "pathType" | default "Prefix" -}} {{- $certIssuer := index . "certIssuer" | default "" -}} {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} @@ -681,7 +683,7 @@ spec: {{- end }} rules: {{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }} -{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} @@ -719,7 +721,7 @@ spec: {{- end }} rules: {{- range $vHost := $vHosts }} -{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }} {{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }} {{- end }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 5d98c8b7f..6b77004f0 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -51,6 +51,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 62ed11916..2b7ff2cdc 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -54,6 +54,7 @@ metadata: annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 745e8dab8..b8a1dce3b 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl index 24d2496d1..4696c88fd 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -49,6 +49,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 3a7df7ff9..d69c9e6ec 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl index a109e3cc0..9604c6372 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -52,6 +52,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 905eb71a6..58dcdc5c6 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -74,6 +74,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 698206426..2cfadafe3 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -42,6 +42,7 @@ metadata: {{ toYaml $jobLabels | indent 4 }} {{- end }} annotations: +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 29cb99378..b5fdc09c3 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -49,6 +49,7 @@ metadata: {{- end }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 50d9af599..77d1a71e9 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -47,6 +47,7 @@ metadata: annotations: "helm.sh/hook-delete-policy": before-hook-creation {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} {{- if $jobAnnotations }} {{ toYaml $jobAnnotations | indent 4 }} {{- end }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl index 4854bb1ec..7ad505b55 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a authenticating a registry with a secret examples: - values: | + annotations: + secret: + oci_image_registry: + {{ $serviceName }}: + custom.tld/key: "value" secrets: oci_image_registry: {{ $serviceName }}: {{ $keyName }} @@ -36,30 +41,8 @@ examples: kind: Secret metadata: name: {{ $secretName }} - type: kubernetes.io/dockerconfigjson - data: - dockerconfigjson: {{ $dockerAuth }} - - - values: | - secrets: - oci_image_registry: - {{ $serviceName }}: {{ $keyName }} - endpoints: - oci_image_registry: - name: oci-image-registry - auth: - enabled: true - {{ $serviceName }}: - name: {{ $userName }} - password: {{ $password }} - usage: | - {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}} - return: | - --- - apiVersion: v1 - kind: Secret - metadata: - name: {{ $secretName }} + annotations: + custom.tld/key: "value" type: kubernetes.io/dockerconfigjson data: dockerconfigjson: {{ $dockerAuth }} @@ -87,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + annotations: +{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ $dockerAuth }} diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl index 24a70450c..c80034030 100644 --- a/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl @@ -17,6 +17,11 @@ abstract: | Creates a manifest for a services public tls secret examples: - values: | + annotations: + secret: + tls: + key_manager_api_public: + custom.tld/key: "value" secrets: tls: key_manager: @@ -41,6 +46,8 @@ examples: kind: Secret metadata: name: barbican-tls-public + annotations: + custom.tld/key: "value" type: kubernetes.io/tls data: tls.key: Rk9PLUtFWQo= @@ -88,11 +95,15 @@ examples: {{- if kindIs "map" $endpointHost }} {{- if hasKey $endpointHost "tls" }} {{- if and $endpointHost.tls.key $endpointHost.tls.crt }} + +{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} --- apiVersion: v1 kind: Secret metadata: name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }} + annotations: +{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} type: kubernetes.io/tls data: tls.key: {{ $endpointHost.tls.key | b64enc }} diff --git a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl index 3963bd405..695cb2e47 100644 --- a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl +++ b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl @@ -49,6 +49,13 @@ # A random number between min and max delay is generated # to set the delay. # +# RGW backup throttle limits variables: +# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality +# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions +# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned +# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry +# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into +# # The database-specific functions that need to be implemented are: # dump_databases_to_directory [scope] # where: @@ -84,8 +91,10 @@ # specified by the "LOCAL_DAYS_TO_KEEP" variable. # 4) Removing remote backup tarballs (from the remote gateway) which are older # than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable. +# 5) Controlling remote storage gateway load from client side and throttling it +# by using a dedicated RGW container to store flag files defining upload session +# in progress # - # Note: not using set -e in this script because more elaborate error handling # is needed. @@ -95,7 +104,7 @@ log_backup_error_exit() { log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } log_verify_backup_exit() { @@ -104,7 +113,7 @@ log_verify_backup_exit() { log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}" rm -f $ERR_LOG_FILE # rm -rf $TMP_DIR - exit $ERRCODE + exit 0 } @@ -218,6 +227,113 @@ send_to_remote_server() { echo "Sleeping for ${DELAY} seconds to spread the load in time..." sleep ${DELAY} + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove Quotes from the constants which were added due to reading + # from secret. + export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g') + export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g') + export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g') + export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g') + + # load balance delay + RESULT=$(openstack container list 2>&1) + + if [[ $? -eq 0 ]]; then + echo $RESULT | grep $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + # Find the swift URL from the keystone endpoint list + SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}') + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog." + return 2 + fi + + # Get a token from keystone + TOKEN=$(openstack token issue -f value -c id) + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to get keystone token." + return 2 + fi + + # Create the container + RES_FILE=$(mktemp -p /tmp) + curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \ + -H "X-Auth-Token: ${TOKEN}" \ + -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE + + if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then + log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}" + cat $RES_FILE + rm -f $RES_FILE + return 2 + fi + rm -f $RES_FILE + + swift stat $THROTTLE_CONTAINER_NAME + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation." + return 2 + fi + fi + else + echo $RESULT | grep -E "HTTP 401|HTTP 403" + if [[ $? -eq 0 ]]; then + log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}" + return 1 + else + echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50" + if [[ $? -eq 0 ]]; then + log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}" + # In this case, keystone or the site/node may be temporarily down. + # Return slightly different error code so the calling code can retry + return 2 + else + log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}" + return 1 + fi + fi + fi + + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]] + do + log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!" + log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...." + sleep ${THROTTLE_RETRY_AFTER} + NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l) + log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now." + done + + # Create a lock file in THROTTLE_CONTAINER + THROTTLE_FILEPATH=$(mktemp -d) + THROTTLE_FILE=${CONTAINER_NAME}.lock + date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE + + # Create an object to store the file + openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!" + return 2 + fi + + swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}" + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!" + return 2 + fi + openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation." + return 2 + fi + fi + + #--------------------------------------------------------------------------- + # Create an object to store the file openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE if [[ $? -ne 0 ]]; then @@ -243,7 +359,25 @@ send_to_remote_server() { log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values" return 2 fi - rm -rf ${REMOTE_FILE} + rm -f ${REMOTE_FILE} + + #--------------------------------------------------------------------------- + # Remote backup throttling + export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g') + if $THROTTLE_BACKUPS_ENABLED; then + # Remove flag file + # Delete an object to remove the flag file + openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE + if [[ $? -ne 0 ]]; then + log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}" + return 0 + else + log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed." + fi + rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE} + fi + + #--------------------------------------------------------------------------- log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully." return 0 diff --git a/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl new file mode 100644 index 000000000..fc426142f --- /dev/null +++ b/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the job spec of a component. +examples: + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + job: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + keystone_domain_manage: + another.tld/foo: "bar" + keystone_bootstrap: + usage: | + {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_job_annotations" -}} +{{- $envAll := index . 1 -}} +{{- $component := index . 0 | replace "-" "_" -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "job") -}} +{{- $annotationsMap := $envAll.Values.annotations.job -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl new file mode 100644 index 000000000..ecff6e96a --- /dev/null +++ b/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl @@ -0,0 +1,76 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the pod spec of a component. +examples: + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + pod: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + nova_compute: + another.tld/foo: "bar" + nova_api: + usage: | + {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_pod_annotations" -}} +{{- $component := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "pod") -}} +{{- $annotationsMap := $envAll.Values.annotations.pod -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $annotationsMap "default" ) -}} +{{- $defaultAnnotations = $annotationsMap.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl new file mode 100644 index 000000000..19c438088 --- /dev/null +++ b/charts/tempest/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl @@ -0,0 +1,81 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Adds custom annotations to the secret spec of a component. +examples: + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + another.tld/foo: bar + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" + - values: | + annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oslo_db: + admin: + usage: | + {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }} + return: | + custom.tld/key: "value" + custom.tld/key2: "value2" +*/}} + +{{- define "helm-toolkit.snippets.custom_secret_annotations" -}} +{{- $secretType := index . 0 -}} +{{- $userClass := index . 1 | replace "-" "_" -}} +{{- $envAll := index . 2 -}} +{{- if (hasKey $envAll.Values "annotations") -}} +{{- if (hasKey $envAll.Values.annotations "secret") -}} +{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}} +{{- $defaultAnnotations := dict -}} +{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}} +{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}} +{{- end -}} +{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}} +{{- if (not (empty $annotations)) -}} +{{- toYaml $annotations -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/tempest/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/tempest/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl new file mode 100644 index 000000000..08521e0fe --- /dev/null +++ b/charts/tempest/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }} +{{- range $s3Bucket := .Values.storage.s3.buckets }} +- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_ACCESS_KEY_ID +- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }} + valueFrom: + secretKeyRef: + name: {{ $s3Bucket.name }} + key: AWS_SECRET_ACCESS_KEY +{{- end }} +{{- end }} diff --git a/charts/tempest/requirements.lock b/charts/tempest/requirements.lock index e346dde68..43aa382fd 100644 --- a/charts/tempest/requirements.lock +++ b/charts/tempest/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 -digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368 + version: 0.2.64 +digest: sha256:4c00b9bfa1d3dc0426a82ec22f51b440e838c55cbd1f81dbf7de5b28471f6141 generated: '0001-01-01T00:00:00Z' diff --git a/charts/tempest/requirements.yaml b/charts/tempest/requirements.yaml index 6ab539f71..ddafbfc88 100644 --- a/charts/tempest/requirements.yaml +++ b/charts/tempest/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: helm-toolkit repository: https://tarballs.openstack.org/openstack-helm-infra - version: 0.2.55 + version: 0.2.64 From c410422d9d9374c752f6700ff3633d1141c74ad7 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Mon, 22 Apr 2024 23:12:58 -0400 Subject: [PATCH 22/45] [stable/zed] fix: add missing qemu rbd package (#1154) This is an automated cherry-pick of #1149 /assign ricolin --- images/cinder/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile index 4d5addf97..07f2ac520 100644 --- a/images/cinder/Dockerfile +++ b/images/cinder/Dockerfile @@ -31,7 +31,7 @@ FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE} RUN < Date: Wed, 24 Apr 2024 00:32:54 -0400 Subject: [PATCH 23/45] [stable/zed] Add updated Storpool drivers to images (#1155) Signed-off-by: Mohammed Naser --- images/cinder/Dockerfile | 10 +++++++++- images/glance/Dockerfile | 7 ++++++- images/nova/Dockerfile | 7 ++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/images/cinder/Dockerfile b/images/cinder/Dockerfile index 07f2ac520..fe1f3c38d 100644 --- a/images/cinder/Dockerfile +++ b/images/cinder/Dockerfile @@ -24,8 +24,16 @@ RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < Date: Wed, 24 Apr 2024 13:05:22 -0400 Subject: [PATCH 24/45] [stable/zed] Fix registry dependency for container jobs (#1156) This is an automated cherry-pick of #1152 /assign mnaser --- zuul.d/container-images/barbican.yaml | 4 ++++ zuul.d/container-images/base.yaml | 6 ------ zuul.d/container-images/cinder.yaml | 4 ++++ zuul.d/container-images/designate.yaml | 4 ++++ zuul.d/container-images/glance.yaml | 4 ++++ zuul.d/container-images/heat.yaml | 4 ++++ zuul.d/container-images/horizon.yaml | 4 ++++ zuul.d/container-images/ironic.yaml | 4 ++++ zuul.d/container-images/keepalived.yaml | 4 ++++ zuul.d/container-images/keystone.yaml | 4 ++++ zuul.d/container-images/libvirt-tls-sidecar.yaml | 4 ++++ zuul.d/container-images/libvirtd.yaml | 4 ++++ zuul.d/container-images/magnum.yaml | 4 ++++ zuul.d/container-images/manila.yaml | 4 ++++ zuul.d/container-images/netoffload.yaml | 4 ++++ zuul.d/container-images/neutron.yaml | 4 ++++ zuul.d/container-images/nova-ssh.yaml | 4 ++++ zuul.d/container-images/nova.yaml | 4 ++++ zuul.d/container-images/octavia.yaml | 4 ++++ zuul.d/container-images/openstack-python-runtime.yaml | 4 ++++ zuul.d/container-images/openstack-runtime.yaml | 4 ++++ zuul.d/container-images/openstack-venv-builder.yaml | 4 ++++ zuul.d/container-images/ovn.yaml | 4 ++++ zuul.d/container-images/placement.yaml | 4 ++++ zuul.d/container-images/python-base.yaml | 4 ++++ zuul.d/container-images/senlin.yaml | 4 ++++ zuul.d/container-images/staffeln.yaml | 4 ++++ zuul.d/container-images/tempest.yaml | 4 ++++ zuul.d/container-images/ubuntu-cloud-archive.yaml | 4 ++++ 29 files changed, 112 insertions(+), 6 deletions(-) diff --git a/zuul.d/container-images/barbican.yaml b/zuul.d/container-images/barbican.yaml index 73d178e73..da767db80 100644 --- a/zuul.d/container-images/barbican.yaml +++ b/zuul.d/container-images/barbican.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-barbican parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-barbican parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/base.yaml b/zuul.d/container-images/base.yaml index 6e33526a9..f2467fe68 100644 --- a/zuul.d/container-images/base.yaml +++ b/zuul.d/container-images/base.yaml @@ -28,9 +28,6 @@ name: atmosphere-build-container-image parent: ci-build-container-image abstract: true - dependencies: - - name: atmosphere-buildset-registry - soft: false vars: &image_vars container_command: docker promote_container_image_method: intermediate-registry @@ -44,9 +41,6 @@ name: atmosphere-upload-container-image parent: ci-upload-container-image abstract: true - dependencies: - - name: atmosphere-buildset-registry - soft: false secrets: name: container_registry_credentials secret: atmosphere-registry-credentials diff --git a/zuul.d/container-images/cinder.yaml b/zuul.d/container-images/cinder.yaml index fa7a675b6..55c9442b8 100644 --- a/zuul.d/container-images/cinder.yaml +++ b/zuul.d/container-images/cinder.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-cinder parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-cinder parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/designate.yaml b/zuul.d/container-images/designate.yaml index 9ff13fdea..bfc3c6a5b 100644 --- a/zuul.d/container-images/designate.yaml +++ b/zuul.d/container-images/designate.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-designate parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-designate parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/glance.yaml b/zuul.d/container-images/glance.yaml index 69b543347..6f92bedda 100644 --- a/zuul.d/container-images/glance.yaml +++ b/zuul.d/container-images/glance.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-glance parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-glance parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/heat.yaml b/zuul.d/container-images/heat.yaml index 52403ef7b..5b4087eaa 100644 --- a/zuul.d/container-images/heat.yaml +++ b/zuul.d/container-images/heat.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-heat parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-heat parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/horizon.yaml b/zuul.d/container-images/horizon.yaml index 914053df8..a9de5a2e1 100644 --- a/zuul.d/container-images/horizon.yaml +++ b/zuul.d/container-images/horizon.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-horizon parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-horizon parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/ironic.yaml b/zuul.d/container-images/ironic.yaml index 3e16dd182..780a02cc3 100644 --- a/zuul.d/container-images/ironic.yaml +++ b/zuul.d/container-images/ironic.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-ironic parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-ironic parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/keepalived.yaml b/zuul.d/container-images/keepalived.yaml index 68f462ae7..81b18f053 100644 --- a/zuul.d/container-images/keepalived.yaml +++ b/zuul.d/container-images/keepalived.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-keepalived parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true vars: &container_image_vars @@ -49,6 +51,8 @@ name: atmosphere-upload-container-image-keepalived parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true vars: *container_image_vars diff --git a/zuul.d/container-images/keystone.yaml b/zuul.d/container-images/keystone.yaml index 791f3ce54..74f04b2ec 100644 --- a/zuul.d/container-images/keystone.yaml +++ b/zuul.d/container-images/keystone.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-keystone parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-keystone parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/libvirt-tls-sidecar.yaml b/zuul.d/container-images/libvirt-tls-sidecar.yaml index 76dfd48ff..0899068c6 100644 --- a/zuul.d/container-images/libvirt-tls-sidecar.yaml +++ b/zuul.d/container-images/libvirt-tls-sidecar.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-libvirt-tls-sidecar parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true vars: &container_image_vars @@ -54,6 +56,8 @@ name: atmosphere-upload-container-image-libvirt-tls-sidecar parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true vars: *container_image_vars diff --git a/zuul.d/container-images/libvirtd.yaml b/zuul.d/container-images/libvirtd.yaml index dc2d6d23c..0c34b3e19 100644 --- a/zuul.d/container-images/libvirtd.yaml +++ b/zuul.d/container-images/libvirtd.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-libvirtd parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -55,6 +57,8 @@ name: atmosphere-upload-container-image-libvirtd parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/magnum.yaml b/zuul.d/container-images/magnum.yaml index 234e5912c..7751cef3c 100644 --- a/zuul.d/container-images/magnum.yaml +++ b/zuul.d/container-images/magnum.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-magnum parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-magnum parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/manila.yaml b/zuul.d/container-images/manila.yaml index 2d7169019..ad298ff81 100644 --- a/zuul.d/container-images/manila.yaml +++ b/zuul.d/container-images/manila.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-manila parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-manila parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/netoffload.yaml b/zuul.d/container-images/netoffload.yaml index 2ca86b4a9..50620c577 100644 --- a/zuul.d/container-images/netoffload.yaml +++ b/zuul.d/container-images/netoffload.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-netoffload parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true vars: &container_image_vars @@ -49,6 +51,8 @@ name: atmosphere-upload-container-image-netoffload parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true vars: *container_image_vars diff --git a/zuul.d/container-images/neutron.yaml b/zuul.d/container-images/neutron.yaml index 5612ff802..8e9557dfc 100644 --- a/zuul.d/container-images/neutron.yaml +++ b/zuul.d/container-images/neutron.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-neutron parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-neutron parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/nova-ssh.yaml b/zuul.d/container-images/nova-ssh.yaml index d7801c18b..365030642 100644 --- a/zuul.d/container-images/nova-ssh.yaml +++ b/zuul.d/container-images/nova-ssh.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-nova-ssh parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -56,6 +58,8 @@ name: atmosphere-upload-container-image-nova-ssh parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/nova.yaml b/zuul.d/container-images/nova.yaml index 5b415c3ed..3d0780272 100644 --- a/zuul.d/container-images/nova.yaml +++ b/zuul.d/container-images/nova.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-nova parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-nova parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/octavia.yaml b/zuul.d/container-images/octavia.yaml index e8555a332..d7c74ac86 100644 --- a/zuul.d/container-images/octavia.yaml +++ b/zuul.d/container-images/octavia.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-octavia parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-octavia parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/openstack-python-runtime.yaml b/zuul.d/container-images/openstack-python-runtime.yaml index 5a7ce33e1..b2cbcca5c 100644 --- a/zuul.d/container-images/openstack-python-runtime.yaml +++ b/zuul.d/container-images/openstack-python-runtime.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-openstack-python-runtime parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -56,6 +58,8 @@ name: atmosphere-upload-container-image-openstack-python-runtime parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/openstack-runtime.yaml b/zuul.d/container-images/openstack-runtime.yaml index cde07373f..93508908a 100644 --- a/zuul.d/container-images/openstack-runtime.yaml +++ b/zuul.d/container-images/openstack-runtime.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-openstack-runtime parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -52,6 +54,8 @@ name: atmosphere-upload-container-image-openstack-runtime parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/openstack-venv-builder.yaml b/zuul.d/container-images/openstack-venv-builder.yaml index a50ee9366..9c29e292c 100644 --- a/zuul.d/container-images/openstack-venv-builder.yaml +++ b/zuul.d/container-images/openstack-venv-builder.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-openstack-venv-builder parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -55,6 +57,8 @@ name: atmosphere-upload-container-image-openstack-venv-builder parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/ovn.yaml b/zuul.d/container-images/ovn.yaml index 5a3e18097..0c31387b1 100644 --- a/zuul.d/container-images/ovn.yaml +++ b/zuul.d/container-images/ovn.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-ovn parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-openvswitch soft: true vars: &container_image_vars @@ -60,6 +62,8 @@ name: atmosphere-upload-container-image-ovn parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-openvswitch soft: true vars: *container_image_vars diff --git a/zuul.d/container-images/placement.yaml b/zuul.d/container-images/placement.yaml index d020a7923..a3a024d2b 100644 --- a/zuul.d/container-images/placement.yaml +++ b/zuul.d/container-images/placement.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-placement parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-placement parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/python-base.yaml b/zuul.d/container-images/python-base.yaml index 3e63e8c7d..0bb84e49d 100644 --- a/zuul.d/container-images/python-base.yaml +++ b/zuul.d/container-images/python-base.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-python-base parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -52,6 +54,8 @@ name: atmosphere-upload-container-image-python-base parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/senlin.yaml b/zuul.d/container-images/senlin.yaml index fc12aa0a1..55ad02cf6 100644 --- a/zuul.d/container-images/senlin.yaml +++ b/zuul.d/container-images/senlin.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-senlin parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-senlin parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/staffeln.yaml b/zuul.d/container-images/staffeln.yaml index db0191205..7cecc3986 100644 --- a/zuul.d/container-images/staffeln.yaml +++ b/zuul.d/container-images/staffeln.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-staffeln parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-staffeln parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/tempest.yaml b/zuul.d/container-images/tempest.yaml index 1d8174910..1a979e2b9 100644 --- a/zuul.d/container-images/tempest.yaml +++ b/zuul.d/container-images/tempest.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-tempest parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true - name: atmosphere-build-container-image-ubuntu-cloud-archive @@ -62,6 +64,8 @@ name: atmosphere-upload-container-image-tempest parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true - name: atmosphere-upload-container-image-ubuntu-cloud-archive diff --git a/zuul.d/container-images/ubuntu-cloud-archive.yaml b/zuul.d/container-images/ubuntu-cloud-archive.yaml index d2d23ba87..563fc3413 100644 --- a/zuul.d/container-images/ubuntu-cloud-archive.yaml +++ b/zuul.d/container-images/ubuntu-cloud-archive.yaml @@ -27,6 +27,8 @@ name: atmosphere-build-container-image-ubuntu-cloud-archive parent: atmosphere-build-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-build-container-image-ubuntu soft: true vars: &container_image_vars @@ -49,6 +51,8 @@ name: atmosphere-upload-container-image-ubuntu-cloud-archive parent: atmosphere-upload-container-image dependencies: + - name: atmosphere-buildset-registry + soft: false - name: atmosphere-upload-container-image-ubuntu soft: true vars: *container_image_vars From fb50c1cf1b82a4e6c98582b381cb7b7664bc9de7 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Wed, 24 Apr 2024 13:05:27 -0400 Subject: [PATCH 25/45] [stable/zed] Update kube-prometheus-stack to 58.1.3 (#1159) This is an automated cherry-pick of #1128 /assign mnaser --- .charts.yml | 2 +- charts/kube-prometheus-stack/Chart.lock | 6 ++--- charts/kube-prometheus-stack/Chart.yaml | 4 ++-- .../crds/crds/crd-alertmanagerconfigs.yaml | 4 ++-- .../charts/crds/crds/crd-alertmanagers.yaml | 4 ++-- .../charts/crds/crds/crd-podmonitors.yaml | 4 ++-- .../charts/crds/crds/crd-probes.yaml | 4 ++-- .../crds/crds/crd-prometheusagents.yaml | 4 ++-- .../charts/crds/crds/crd-prometheuses.yaml | 4 ++-- .../charts/crds/crds/crd-prometheusrules.yaml | 4 ++-- .../charts/crds/crds/crd-scrapeconfigs.yaml | 4 ++-- .../charts/crds/crds/crd-servicemonitors.yaml | 4 ++-- .../charts/crds/crds/crd-thanosrulers.yaml | 4 ++-- .../charts/grafana/Chart.yaml | 4 ++-- .../templates/_helpers.tpl | 10 +++++--- .../thanos-ruler/podDisruptionBudget.yaml | 2 +- .../templates/thanos-ruler/ruler.yaml | 24 +++++++++++++------ .../templates/thanos-ruler/service.yaml | 2 +- charts/kube-prometheus-stack/values.yaml | 17 ++++++++++++- roles/defaults/vars/main.yml | 4 ++-- 20 files changed, 72 insertions(+), 43 deletions(-) diff --git a/.charts.yml b/.charts.yml index e4a964ec9..71f4afce2 100644 --- a/.charts.yml +++ b/.charts.yml @@ -90,7 +90,7 @@ charts: review.opendev.org: - 899867 - name: kube-prometheus-stack - version: 58.0.0 + version: 58.1.3 repository: url: https://prometheus-community.github.io/helm-charts - name: libvirt diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index 1cfc76228..a08f93d2f 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -10,9 +10,9 @@ dependencies: version: 4.32.0 - name: grafana repository: https://grafana.github.io/helm-charts - version: 7.3.7 + version: 7.3.8 - name: prometheus-windows-exporter repository: https://prometheus-community.github.io/helm-charts version: 0.3.1 -digest: sha256:e76569873a8180bd8cd6fa3c763df5254d31ad3850fc19b4e1177cf284ee475b -generated: "2024-04-06T20:24:42.162947923Z" +digest: sha256:5f1c820c07899d5a7c706fa35c68fd089ef9a1fe100ebb847f88aca34c4860d0 +generated: "2024-04-16T19:29:54.882554528Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 85e9d8964..a7414547c 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -7,7 +7,7 @@ annotations: url: https://github.com/prometheus-operator/kube-prometheus artifacthub.io/operator: "true" apiVersion: v2 -appVersion: v0.73.0 +appVersion: v0.73.1 dependencies: - condition: crds.enabled name: crds @@ -62,4 +62,4 @@ sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus type: application -version: 58.0.0 +version: 58.1.3 diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml index 88812b96b..0d71a0551 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml index bbe74c2bb..320b82bd0 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml index b9dd4145c..721c51ea5 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml index fb8fbdc7d..769bf6ebb 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml index 6926a2ff1..961d21a31 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml index 927fa2e9a..8c754ecb8 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml index a58be373e..4e66a5c88 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml index 4eff248cf..7d5ce00a7 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml index 98ea1c2f4..920b24ef1 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml index 0efed2bfc..98803af1c 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.0 + operator.prometheus.io/version: 0.73.1 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml index d95d7c2a2..2ff8d5628 100644 --- a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml @@ -6,7 +6,7 @@ annotations: - name: Upstream Project url: https://github.com/grafana/grafana apiVersion: v2 -appVersion: 10.4.0 +appVersion: 10.4.1 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 @@ -30,4 +30,4 @@ sources: - https://github.com/grafana/grafana - https://github.com/grafana/helm-charts type: application -version: 7.3.7 +version: 7.3.8 diff --git a/charts/kube-prometheus-stack/templates/_helpers.tpl b/charts/kube-prometheus-stack/templates/_helpers.tpl index aa0ed4c73..731e3e0d2 100644 --- a/charts/kube-prometheus-stack/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/templates/_helpers.tpl @@ -57,9 +57,13 @@ The longest name that gets created adds and extra 37 characters, so truncation s {{- end }} {{- end }} -{{/* Fullname suffixed with thanos-ruler */}} -{{- define "kube-prometheus-stack.thanosRuler.fullname" -}} -{{- printf "%s-thanos-ruler" (include "kube-prometheus-stack.fullname" .) -}} +{{/* ThanosRuler custom resource instance name */}} +{{- define "kube-prometheus-stack.thanosRuler.crname" -}} +{{- if .Values.cleanPrometheusOperatorObjectNames }} +{{- include "kube-prometheus-stack.fullname" . }} +{{- else }} +{{- print (include "kube-prometheus-stack.fullname" .) "-thanos-ruler" -}} +{{- end }} {{- end }} {{/* Shortened name suffixed with thanos-ruler */}} diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml index 83e54edf9..c28f91464 100644 --- a/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml @@ -17,5 +17,5 @@ spec: selector: matchLabels: app.kubernetes.io/name: thanos-ruler - thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.name" . }} + thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.crname" . }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml index b365262e6..123dc245e 100644 --- a/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ThanosRuler metadata: - name: {{ template "kube-prometheus-stack.thanosRuler.name" . }} + name: {{ template "kube-prometheus-stack.thanosRuler.crname" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ include "kube-prometheus-stack.thanosRuler.name" . }} @@ -34,12 +34,12 @@ spec: externalPrefix: "{{ tpl .Values.thanosRuler.thanosRulerSpec.externalPrefix . }}" {{- else if and .Values.thanosRuler.ingress.enabled .Values.thanosRuler.ingress.hosts }} externalPrefix: "http://{{ tpl (index .Values.thanosRuler.ingress.hosts 0) . }}{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}" -{{- else }} - externalPrefix: http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }} +{{- else if .Values.thanosRuler.thanosRulerSpec.externalPrefixNilUsesHelmValues }} + externalPrefix: "http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}" {{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.additionalArgs }} additionalArgs: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.additionalArgs | indent 4 }} +{{ tpl (toYaml .Values.thanosRuler.thanosRulerSpec.additionalArgs) $ | indent 4 }} {{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.nodeSelector }} nodeSelector: @@ -123,7 +123,7 @@ spec: {{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.labels }} labels: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.labels | indent 4 }} +{{ tpl (toYaml .Values.thanosRuler.thanosRulerSpec.labels) $ | indent 4 }} {{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.podMetadata }} podMetadata: @@ -142,7 +142,7 @@ spec: labelSelector: matchExpressions: - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]} - - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.name" . }}]} + - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.crname" . }}]} {{- else if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "soft" }} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -152,7 +152,7 @@ spec: labelSelector: matchExpressions: - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]} - - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.name" . }}]} + - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.crname" . }}]} {{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.tolerations }} tolerations: @@ -184,6 +184,16 @@ spec: {{- if .Values.thanosRuler.thanosRulerSpec.volumeMounts }} volumeMounts: {{ toYaml .Values.thanosRuler.thanosRulerSpec.volumeMounts | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.alertDropLabels }} + alertDropLabels: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertDropLabels | indent 4 }} {{- end }} portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }} +{{- with .Values.thanosRuler.thanosRulerSpec.additionalConfig }} + {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .Values.thanosRuler.thanosRulerSpec.additionalConfigString }} + {{- tpl . $ | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml index be0c84459..e08b71ff8 100644 --- a/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml @@ -48,6 +48,6 @@ spec: {{- end }} selector: app.kubernetes.io/name: thanos-ruler - thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.name" . }} + thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.crname" . }} type: "{{ .Values.thanosRuler.service.type }}" {{- end }} diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index 754377dfd..8fcb6e35d 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -3350,7 +3350,7 @@ prometheus: image: registry: quay.io repository: prometheus/prometheus - tag: v2.51.1 + tag: v2.51.2 sha: "" ## Tolerations for use with node taints @@ -4431,6 +4431,10 @@ thanosRuler: ## externalPrefix: + ## If true, http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }} + ## will be used as value for externalPrefix + externalPrefixNilUsesHelmValues: true + ## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. ## @@ -4453,6 +4457,10 @@ thanosRuler: # access_key: "" # secret_key: "" + ## Labels by name to drop before sending to alertmanager + ## Maps to the --alert.label-drop flag of thanos ruler. + alertDropLabels: [] + ## QueryEndpoints defines Thanos querier endpoints from which to query metrics. ## Maps to the --query flag of thanos ruler. queryEndpoints: [] @@ -4593,6 +4601,13 @@ thanosRuler: ## portName: "web" + ## Additional configuration which is not covered by the properties above. (passed through tpl) + additionalConfig: {} + + ## Additional configuration which is not covered by the properties above. + ## Useful, if you need advanced templating + additionalConfigString: "" + ## ExtraSecret can be used to store various data in an extra secret ## (use it for example to store hashed basic auth credentials) extraSecret: diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index f6ef07abf..3661f6157 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -177,9 +177,9 @@ _atmosphere_images: prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.3.0 prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0 prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 - prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.0 + prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.1 prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2 - prometheus: quay.io/prometheus/prometheus:v2.51.1 + prometheus: quay.io/prometheus/prometheus:v2.51.2 rabbit_init: docker.io/library/rabbitmq:3.10.2-management rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1 rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2 From 3e10065a651b36a89c9ccc293585ae6273924618 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Wed, 24 Apr 2024 16:18:03 -0400 Subject: [PATCH 26/45] [stable/zed] ipmi-exporter: Ignore sensor ID 167 (Entity Presence) (#1162) This is an automated cherry-pick of #1158 /assign mnaser --- roles/ipmi_exporter/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/ipmi_exporter/defaults/main.yml b/roles/ipmi_exporter/defaults/main.yml index d9abdec1d..3b5e77665 100644 --- a/roles/ipmi_exporter/defaults/main.yml +++ b/roles/ipmi_exporter/defaults/main.yml @@ -33,6 +33,7 @@ ipmi_exporter_config: - 89 # BP Presence (Dell PowerEdge servers) - 90 # BP Presence (Dell PowerEdge servers) - 164 + - 167 # Entity Presence (Dell PowerEdge servers) - 168 - 178 # TPM Presence (Dell PowerEdge servers) - 180 # TPM Presence (Dell PowerEdge servers) From a546734aa19fec77b5b8ace6c8e9406188c2188c Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Tue, 30 Apr 2024 00:34:16 -0400 Subject: [PATCH 27/45] [stable/zed] Switch docs to Sphinx (#1166) (#1169) Closes #1168 --- .gitignore | 1 + Earthfile | 19 - Jenkinsfile | 10 - README.md | 131 -- doc/requirements.txt | 5 + doc/source/_static/.gitkeep | 0 .../images}/monitoring-alertmanger-list.png | Bin .../images}/monitoring-silences-menu.png | Bin doc/source/admin/index.rst | 19 + doc/source/admin/integration.rst | 77 + doc/source/admin/maintenance.rst | 31 + doc/source/admin/monitoring.rst | 463 ++++ doc/source/admin/troubleshooting.rst | 155 ++ doc/source/conf.py | 35 + doc/source/config/index.rst | 8 + doc/source/config/ingress.rst | 70 + doc/source/deploy/cinder.rst | 178 ++ doc/source/deploy/csi.rst | 56 + doc/source/deploy/glance.rst | 96 + doc/source/deploy/index.rst | 20 + doc/source/deploy/inventory.rst | 64 + doc/source/deploy/neutron.rst | 200 ++ doc/source/index.rst | 38 + doc/source/quick-start.rst | 228 ++ docs/SUMMARY.md | 20 - docs/deploy/production.md | 59 - docs/deploy/quick-start.md | 81 - docs/developer/getting-started.md | 25 - docs/developer/images.md | 15 - docs/developer/services.md | 51 - docs/developer/testing.md | 26 - docs/index.md | 23 - docs/ingress.md | 55 - docs/kubernetes/certificates.md | 23 - docs/monitoring.md | 143 -- docs/openstack/cinder.md | 133 -- docs/openstack/keycloak.md | 43 - docs/openstack/neutron.md | 185 -- docs/openstack/nova.md | 28 - docs/openstack/octavia.md | 77 - docs/openstack/ovn.md | 34 - galaxy.yml | 1 - poetry.lock | 1961 ++++++++--------- pyproject.toml | 5 +- roles/kube_prometheus_stack/README.md | 268 --- tox.ini | 18 + zuul.d/container-images/base.yaml | 8 + zuul.d/docs.yaml | 27 + zuul.d/jobs.yaml | 18 +- 49 files changed, 2748 insertions(+), 2483 deletions(-) create mode 100644 doc/requirements.txt create mode 100644 doc/source/_static/.gitkeep rename {docs/static => doc/source/admin/images}/monitoring-alertmanger-list.png (100%) rename {docs/static => doc/source/admin/images}/monitoring-silences-menu.png (100%) create mode 100644 doc/source/admin/index.rst create mode 100644 doc/source/admin/integration.rst create mode 100644 doc/source/admin/maintenance.rst create mode 100644 doc/source/admin/monitoring.rst create mode 100644 doc/source/admin/troubleshooting.rst create mode 100644 doc/source/conf.py create mode 100644 doc/source/config/index.rst create mode 100644 doc/source/config/ingress.rst create mode 100644 doc/source/deploy/cinder.rst create mode 100644 doc/source/deploy/csi.rst create mode 100644 doc/source/deploy/glance.rst create mode 100644 doc/source/deploy/index.rst create mode 100644 doc/source/deploy/inventory.rst create mode 100644 doc/source/deploy/neutron.rst create mode 100644 doc/source/index.rst create mode 100644 doc/source/quick-start.rst delete mode 100644 docs/SUMMARY.md delete mode 100644 docs/deploy/production.md delete mode 100644 docs/deploy/quick-start.md delete mode 100644 docs/developer/getting-started.md delete mode 100644 docs/developer/images.md delete mode 100644 docs/developer/services.md delete mode 100644 docs/developer/testing.md delete mode 100644 docs/index.md delete mode 100644 docs/ingress.md delete mode 100644 docs/kubernetes/certificates.md delete mode 100644 docs/monitoring.md delete mode 100644 docs/openstack/cinder.md delete mode 100644 docs/openstack/keycloak.md delete mode 100644 docs/openstack/neutron.md delete mode 100644 docs/openstack/nova.md delete mode 100644 docs/openstack/octavia.md delete mode 100644 docs/openstack/ovn.md create mode 100644 zuul.d/docs.yaml diff --git a/.gitignore b/.gitignore index 6f6a4ed85..6993ca346 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ ansible-lint.xml output .stestr .tox +doc/build diff --git a/Earthfile b/Earthfile index 24a1027c0..990cea170 100644 --- a/Earthfile +++ b/Earthfile @@ -116,22 +116,3 @@ image-sync: WORKDIR /src COPY . /src RUN --secret GITHUB_TOKEN go run ./cmd/atmosphere-ci image repo sync ${project} - -mkdocs-image: - FROM ghcr.io/squidfunk/mkdocs-material:9.5.4 - RUN pip install \ - mkdocs-literate-nav - SAVE IMAGE mkdocs - -mkdocs-serve: - LOCALLY - WITH DOCKER --load=+mkdocs-image - RUN docker run --rm -p 8000:8000 -v ${PWD}:/docs mkdocs - END - -mkdocs-build: - FROM +mkdocs-image - COPY . /docs - RUN mkdocs build - RUN --push --secret GITHUB_TOKEN git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/vexxhost/atmosphere.git - RUN --push mkdocs gh-deploy --force diff --git a/Jenkinsfile b/Jenkinsfile index 8b9b9eb71..6cb3aee7d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -81,16 +81,6 @@ pipeline { } } } - - stage('docs') { - agent { - label 'earthly-2c-4g' - } - - steps { - sh 'earthly +mkdocs-build' - } - } } } diff --git a/README.md b/README.md index d4c03efc6..be2840333 100644 --- a/README.md +++ b/README.md @@ -9,137 +9,6 @@ community: on the Kubernetes Slack. If you are new to Kubernetes Slack workspace, [Join the Kubernetes Slack workspace](https://slack.kubernetes.io/) first. -## Quick Start - -The quick start intends to provide the most near-production experience possible, -as it is architected purely towards production-only environments. In order to -get a quick production-ready experience of Atmosphere, you will need access to -an OpenStack cloud. - -The quick start is powered by Molecule and it is used in continuous integration -running against the VEXXHOST public cloud so that would be an easy target to -use to try it out. - -You will need the following quotas set up in your cloud account: - -* 8 instances -* 32 cores -* 128GB RAM -* 360GB storage - -These resources will be used to create a total of 8 instances broken up as -follows: - -* 3 Controller nodes -* 3 Ceph OSD nodes -* 2 Compute nodes - -First of all, you'll have to make sure you clone the repository locally to your -system with `git` by running the following command: - -```shell -git clone https://github.com/vexxhost/atmosphere -``` - -You will need `poetry` installed on your operating system. You will need to make -sure that you have the appropriate OpenStack environment variables set (such -as `OS_CLOUD` or `OS_AUTH_URL`, etc.). You can also use the following -environment variables to tweak the behaviour of the Heat stack that is created: - -* `ATMOSPHERE_STACK_NAME`: The name of the Heat stack to be created (defaults to - `atmosphere`). - -* `ATMOSPHERE_PUBLIC_NETWORK`: The name of the public network to attach floating - IPs from (defaults to `public`). - -* `ATMOSPHERE_IMAGE`: The name or UUID of the image to be used for deploying the - instances (defaults to `Ubuntu 20.04.3 LTS (x86_64) [2021-10-04]`). - -* `ATMOSPHERE_INSTANCE_TYPE`(Deprecated): The instance type used to deploy all of the - different instances.(It doesn't have its own default value.) - This has been deprecated from v1.4.0. You can configure the instance type per a - machine role using `ATMOSPHERE_CONTROLLER_INSTANCE_TYPE`, - `ATMOSPHERE_COMPUTE_INSTANCE_TYPE`, and `ATMOSPHERE_STORAGE_INSTANCE_TYPE` - variables. For backwards compatibility, if variables specific to the machine roles - are not set and `ATMOSPHERE_INSTANCE_TYPE` is set, `ATMOSPHERE_INSTANCE_TYPE` value - is used. - -* `ATMOSPHERE_CONTROLLER_INSTANCE_TYPE`: The instance type used to deploy controller - instances (defaults to `v3-standard-16`). - -* `ATMOSPHERE_COMPUTE_INSTANCE_TYPE`: The instance type used to deploy compute - instances (defaults to `v3-standard-4`). - -* `ATMOSPHERE_STORAGE_INSTANCE_TYPE`: The instance type used to deploy storage - instances (defaults to `v3-standard-4`). - -* `ATMOSPHERE_NAMESERVERS`: A comma-separated list of nameservers to be used for - the instances (defaults to `1.1.1.1`). - -* `ATMOSPHERE_USERNAME`: The username what is used to login into the instances ( - defaults to `ubuntu`). - -* `ATMOSPHERE_DNS_SUFFIX_NAME`: The DNS domainname that is used for the API and - Horizon. (defaults to `nip.io`). - -* `ATMOSPHERE_ACME_SERVER`: The ACME server, currenly this is from LetsEncrypt, - with StepCA from SmallStep it is possible to run a internal ACME server. - The CA of that ACME server should be present in the instance image. - -* `ATMOSPHERE_ANSIBLE_VARS_PATH`: The path for ansible group_vars and host_vars. - This to build a multinode development cluster with own configs, that are not - generated by molecule. This way you can test your configs before you bring - them to production. - -Once you're ready to get started, you can run the following command to install -poetry dependencies: - -```shell -poetry install -``` - -Then you can run the following command to build the Heat stack : - -```shell -poetry run molecule converge -``` - -This will create a Heat stack with the name `atmosphere` and start deploying -the cloud. Once it's complete, you can login to any of the systems by using -the `login` sub-command. For exampel, to login to the first controller node, -you can run the following: - -```shell -poetry run molecule login -h ctl1 -``` - -In all the controllers, you will find an `openrc` file location inside the -`root` account home directory, as well as the OpenStack client installed there -as well. You can use it by running the following after logging in: - -```shell -source /root/openrc -openstack server list -``` - -The Kubernetes administrator configuration will also be available on all of the -control plane nodes, you can simply use it by running `kubectl` commands on -any of the controllers as `root`: - -```shell -kubectl get nodes -owide -``` - -Once you're done with your environment and you need to tear it down, you can -use the `destroy` sub-command: - -```shell -poetry run molecule destroy -``` - -For more information about the different commands used by Molecule, you can -refer to the Molecule documentation. - ## Contributing You'll need to make sure that you have [`pre-commit`](https://pre-commit.com) diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 000000000..8c261cd21 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,5 @@ +dunamai +furo +sphinx +sphinx-autobuild +sphinx-copybutton diff --git a/doc/source/_static/.gitkeep b/doc/source/_static/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/docs/static/monitoring-alertmanger-list.png b/doc/source/admin/images/monitoring-alertmanger-list.png similarity index 100% rename from docs/static/monitoring-alertmanger-list.png rename to doc/source/admin/images/monitoring-alertmanger-list.png diff --git a/docs/static/monitoring-silences-menu.png b/doc/source/admin/images/monitoring-silences-menu.png similarity index 100% rename from docs/static/monitoring-silences-menu.png rename to doc/source/admin/images/monitoring-silences-menu.png diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst new file mode 100644 index 000000000..87d5546e9 --- /dev/null +++ b/doc/source/admin/index.rst @@ -0,0 +1,19 @@ +Administrator Documentation +=========================== + +This section is designed to equip system administrators with the knowledge and +tools necessary for the effective management and operation of the Atmosphere +deployment. It offers comprehensive guides and resources across various aspects +of system administration, including troubleshooting, maintenance, and more. + +Intended for administrators tasked with the setup and ongoing management of +Atmosphere, this documentation aims to provide clear and practical +information to ensure stable and efficient operation of the system. + +.. toctree:: + :maxdepth: 2 + + integration + monitoring + maintenance + troubleshooting diff --git a/doc/source/admin/integration.rst b/doc/source/admin/integration.rst new file mode 100644 index 000000000..7350c6130 --- /dev/null +++ b/doc/source/admin/integration.rst @@ -0,0 +1,77 @@ +################# +Integration Guide +################# + +This section provides detailed instructions on integrating external systems +and services with Atmosphere, enhancing functionality and streamlining workflows. + +******** +Keycloak +******** + +Keycloak serves as a comprehensive identity and access management solution, +facilitating the integration of various identity providers for centralized user +authentication and authorization. By leveraging federated identity, Keycloak enables +seamless Single Sign-On (SSO) capabilities across a suite of applications, enhancing +the user experience and bolstering security measures. + +Identity Providers +================== + +Incorporating identity providers into Keycloak allows users to authenticate via trusted +external sources. This federated authentication scheme simplifies the login process by +using existing credentials, whether from enterprise directories like LDAP or other +identity services. + +Azure AD +-------- + +Azure AD is recognized for its extensive adoption and integration within the enterprise +ecosystem, offers a secure and familiar authentication method for countless users. + +You can begin the integration process by creating an application registration in Azure AD +and configuring the necessary settings in Keycloak. The following steps outline the +procedure: + +1. Sign in to the Azure portal and access the **Azure Active Directory** service. +2. Navigate to **App registrations** and click **New registration**. +3. Fill in the application name, select the account types it will serve, and + specify a **Redirect URI**. + +At this point, you'll need to grab the **Redirect URI** from the Keycloak client settings +using the following steps: + +1. Log into the Keycloak admin console using your administrator credentials. +2. Switch to the ``atmosphere`` realm where you'll be configuring Azure AD. +3. In the **Identity Providers** section, select **Add provider** and choose **Microsoft**. +4. Keycloak will generate a **Redirect URI** which you will use in the Azure AD + application registration process to ensure that authentication responses are + correctly routed. + +At this point, you'll be able to finalize the Azure AD application registration by +following these remaining steps: + +1. Return to the Azure AD application registration page and input the Redirect + URI from Keycloak. +2. After the application is registered, navigate to **Certificates & secrets** + to create a client secret. +3. Record the **Client ID** and **Client Secret** provided, as they will be + needed to configure Keycloak. + +At this point, you're ready to configure Keycloak with the Azure AD settings: + +1. In the Keycloak admin console, navigate back to the `atmosphere` realm's + **Identity Providers** section. +2. For the Microsoft provider configuration, enter the **Client ID** and + **Client Secret** obtained from Azure AD. +3. Adjust any additional settings according to your requirements, such as the + default scopes, mappers, and other provider-specific configurations. +4. Save your changes to finalize the integration. + +By integrating Azure AD with Keycloak, you enable users to authenticate with +their corporate credentials across all applications that are secured by +Keycloak. This provides a consistent and secure user experience, leveraging +the robust features of Azure AD within the flexible framework of Keycloak. + +For a deeper dive into the Azure AD configuration within Keycloak, consult the +`Keycloak Microsoft Identity Provider documentation `_. diff --git a/doc/source/admin/maintenance.rst b/doc/source/admin/maintenance.rst new file mode 100644 index 000000000..362b152cd --- /dev/null +++ b/doc/source/admin/maintenance.rst @@ -0,0 +1,31 @@ +################# +Maintenance Guide +################# + +This guide provides instructions for regular maintenance tasks necessary to +ensure the smooth and secure operation of the system. + +********************* +Renewing Certificates +********************* + +The certificates used by the Kubernetes cluster are valid for one year. They +are automatically renewed when the cluster is upgraded to a new version of +Kubernetes. However, if you are running the same version of Kubernetes for +more than a year, you will need to manually renew the certificates. + +To renew the certificates, run the following command on each one of your +control plane nodes: + +.. code-block:: console + + $ sudo kubeadm certs renew all + +Once the certificates have been renewed, you will need to restart the +Kubernetes control plane components to pick up the new certificates. You need +to do this on each one of your control plane nodes by running the following +command one at a time on each node: + +.. code-block:: console + + $ ps auxf | egrep '(kube-(apiserver|controller-manager|scheduler)|etcd)' | awk '{ print $2 }' | xargs sudo kill diff --git a/doc/source/admin/monitoring.rst b/doc/source/admin/monitoring.rst new file mode 100644 index 000000000..d196e15cf --- /dev/null +++ b/doc/source/admin/monitoring.rst @@ -0,0 +1,463 @@ +######################### +Monitoring and Operations +######################### + +There is a Grafana deployment with a few dashboards that are created by default +and a Prometheus deployment that is used to collect metrics from the cluster +which sends alerts to AlertManager. In addition, Loki is deployed to collect +logs from the cluster using Vector. + +****************************** +Philosophy and Alerting Levels +****************************** + +Atmosphere's monitoring philosophy is strongly aligned with the principles +outlined in the Google Site Reliability Engineering (SRE) book. Our approach +focuses on alerting on conditions that are symptomatic of issues which directly +impact the service or system health, rather than simply monitoring the state of +individual components. + +Alerting Philosophy +=================== + +Our alerting philosophy aims to alert the right people at the right time. Most +alerts, if they are affecting a single system, would trigger a lower priority +level (P4 or P5). However, if an issue is affecting the entire control plane of +a specific service, it might escalate to a P3 or P2. And if the whole service +is unavailable, it becomes a P1. + +We believe in minimizing alert noise to ensure that alerts are meaningful and +actionable. Our goal is to have every alert provide enough information to +initiate an immediate and effective response, regardless of business hours for +high priority alerts. + +We continue to refine our monitoring and alerting strategies to ensure that we +are effectively identifying and responding to incidents. The ultimate goal is +to provide a reliable and high-quality service to all our users. + +Severity Levels +=============== + +Our alerting system classifies incidents into different severity levels based on +their impact on the system and users. + +**P1**: Critical + This level is used for incidents causing a complete service disruption or + significant loss of functionality across the entire Atmosphere platform. + Immediate response, attention, and action are necessary regardless of + business hours. + +**P2**: High + This level is for incidents that affect a large group of users or critical + system components. These incidents require swift attention and action, + regardless of business hours, but do not cause a total disruption. + +**P3**: Moderate + This level is for incidents that affect a smaller group of users or a single + system. These incidents require attention and may necessitate action during + business hours. + +**P4**: Low + This level is used for minor issues that have a limited impact on a small + subset of users or system functionality. These incidents require attention + and action, if necessary, during standard business hours. + +**P5**: Informational + This is the lowest level of severity, used for providing information about + normal system activities or minor issues that don't significantly impact + users or system functionality. These incidents typically do not require + immediate attention or action and are addressed during standard business + hours. + +********************** +Operational Procedures +********************** + +Creating silences +================= + +In order to create a silence, you'll need to login to your Grafana instance that +is deployed as part of Atmosphere as an admin user. + +1. Click on the hamburger menu in the top left corner and select "Alerting" + and then "Silences" from the menu. + + .. image:: images/monitoring-silences-menu.png + :alt: Silences menu + :width: 200 + +2. Ensure that you select "AlertManager" on the top right corner of the page, + this will make sure that you create a silence inside of the AlertManager + that is managed by the Prometheus operator instead of the built-in Grafana + AlertManager which is not used. + + .. image:: images/monitoring-alertmanger-list.png + :alt: AlertManager list + :width: 200 + + .. admonition:: AlertManager selection + :class: warning + + It's important that you select the AlertManager that is managed by the + Prometheus operator, otherwise your silence will not be applied to the + Prometheus instance that is deployed as part of Atmosphere. + +3. Click the "Add Silence" button and use the AlertManager format to create + your silence, which you can test by seeing if it matches any alerts in the + list labeled "Affected alert instances". + +.. admonition:: Limit the number of labels + :class: info + + It is important to limit the number of labels that you use in your silence + to ensure that it will continue to work even if the alerts are modified. + + For example, if you have an alert that is labeled with the following labels: + + - ``alertname`` + - ``instance`` + - ``job`` + - ``severity`` + + You should only use the ``alertname`` and ``severity`` labels in your + silence to ensure that it will continue to work even if the ``instance`` + or ``job`` labels are modified. + +************** +Configurations +************** + +Dashboard Management +==================== + +For Grafana, rather than enabling persistence through the application's user +interface or manual Helm chart modifications, dashboards should be managed +directly via the Helm chart values. + +.. admonition:: Avoid Manual Persistence Configurations! + :class: warning + + It is important to avoid manual persistence configurations, especially for + services like Grafana, where dashboards and data sources can be saved. Such + practices are not captured in version control and pose a risk of data loss, + configuration drift, and upgrade complications. + +To manage Grafana dashboards through Helm, you can include the dashboard +definitions within your configuration file. By doing so, you facilitate +version-controlled dashboard configurations that can be replicated across +different deployments without manual intervention. + +For example, a dashboard can be defined in the Helm values like this: + +.. code-block:: yaml + + kube_prometheus_stack_helm_values: + grafana: + dashboards: + default: + my-dashboard: + gnetId: 10000 + revision: 1 + datasource: Prometheus + +This instructs Helm to fetch and configure the specified dashboard from +`Grafana.com dashboards `_, using +Prometheus as the data source. You can find more examples of how to do +this in the Grafana Helm chart `Import Dashboards `_ +documentation. + +************ +Viewing data +************ + +There are a few different ways to view the data that is collected by the +monitoring stack. The most common ways are through AlertManager, Grafana, and +Prometheus. + +Grafana dashboard +================= + +By default, an ``Ingress`` is created for Grafana using the +``kube_prometheus_stack_grafana_host`` variable. The authentication is done +using the Keycloak service which is deployed by default. + +Inside Keycloak, there are two client roles that are created for Grafana: + +``grafana:admin`` + Has access to all organization resources, including dashboards, users, and + teams. + +``grafana:editor`` + Can view and edit dashboards, folders, and playlists. + +``grafana:viewer`` + Can view dashboards, playlists, and query data sources. + +You can view the existing dashboards by going to *Manage* > *Dashboards*. You +can also check any alerts that are currently firing by going to *Alerting* > +*Alerts*. + +Prometheus +========== + +By default, Prometheus is exposed behind an ``Ingress`` using the +``kube_prometheus_stack_prometheus_host`` variable. In addition, it is also +running behind the `oauth2-proxy` service which is used for authentication +so that only authenticated users can access the Prometheus UI. + +Alternative Authentication +-------------------------- + +It is possible to by-pass the `oauth2-proxy` service and use an alternative +authentication method to access the Prometheus UI. In both cases, we will +be overriding the ``servicePort`` on the ``Ingress`` to point to the port +where Prometheus is running and not the `oauth2-proxy` service. + +.. admonition:: Advanced Usage Only + :class: warning + + It's strongly recommended that you stick to keeping the `oauth2-proxy` + service in front of the Prometheus UI. The `oauth2-proxy` service is + responsible for authenticating users and ensuring that only authenticated + users can access the Prometheus UI. + +Basic Authentication +~~~~~~~~~~~~~~~~~~~~ + +If you want to rely on basic authentication to access the Prometheus UI instead +of using the `oauth2-proxy` service to expose it over single sign-on, you can +do so by making the following changes to your inventory: + +.. code-block:: yaml + + kube_prometheus_stack_helm_values: + prometheus: + ingress: + servicePort: 8080 + annotations: + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: basic-auth-secret-name + +In the example above, we are using the ``basic-auth-secret-name`` secret to +authenticate users. The secret should be created in the same namespace as the +Prometheus deployment based on the `Ingress NGINX Annotations `_. + +IP Whitelisting +~~~~~~~~~~~~~~~ + +If you want to whitelist specific IPs to access the Prometheus UI, you can do +so by making the following changes to your inventory: + +.. code-block:: yaml + + kube_prometheus_stack_helm_values: + prometheus: + ingress: + servicePort: 8080 + annotations: + nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/24,172.10.0.1" + +In the example above, we are whitelisting the IP range ``10.0.0.0/24`` and the IP address +``172.10.0.1``. + +AlertManager +============ + +By default, the AlertManager dashboard is pointing to the Ansible variable +``kube_prometheus_stack_alertmanager_host`` and is exposed using an ``Ingress`` +behind the `oauth2-proxy` service, protected by Keycloak similar to Prometheus. + +************ +Integrations +************ + +Since Atmosphere relies on AlertManager to send alerts, it is possible to +integrate it with services like OpsGenie, PagerDuty, email and more. To +receive monitoring alerts using your preferred notification tools, you'll +need to integrate them with AlertManager. + +OpsGenie +======== + +In order to get started, you will need to complete the following steps inside +OpsGenie: + +1. Create an integration inside OpsGenie, you can do this by going to + *Settings* > *Integrations* > *Add Integration* and selecting *Prometheus*. +2. Copy the API key that is generated for you and setup correct assignment + rules inside OpsGenie. +3. Create a new heartbeat inside OpsGenie, you can do this by going to + *Settings* > *Heartbeats* > *Create Heartbeat*. Set the interval to 1 minute. + +Afterwards, you can configure the following options for the Atmosphere config, +making sure that you replace the placeholders with the correct values: + +``API_KEY`` + The API key that you copied from the OpsGenie integration. + +``HEARTBEAT_NAME`` + The name of the heartbeat that you created inside OpsGenie + +.. code-block:: yaml + + kube_prometheus_stack_helm_values: + alertmanager: + config: + receivers: + - name: "null" + - name: notifier + opsgenie_configs: + - api_key: API_KEY + message: >- + {% raw -%} + {{ .GroupLabels.alertname }} + {%- endraw %} + priority: >- + {% raw -%} + {{- if eq .GroupLabels.severity "critical" -}} + P1 + {{- else if eq .GroupLabels.severity "warning" -}} + P3 + {{- else if eq .GroupLabels.severity "info" -}} + P5 + {{- else -}} + {{ .GroupLabels.severity }} + {{- end -}} + {%- endraw %} + description: |- + {% raw -%} + {{ if gt (len .Alerts.Firing) 0 -}} + Alerts Firing: + {{ range .Alerts.Firing }} + - Message: {{ .Annotations.message }} + Labels: + {{ range .Labels.SortedPairs }} - {{ .Name }} = {{ .Value }} + {{ end }} Annotations: + {{ range .Annotations.SortedPairs }} - {{ .Name }} = {{ .Value }} + {{ end }} Source: {{ .GeneratorURL }} + {{ end }} + {{- end }} + {{ if gt (len .Alerts.Resolved) 0 -}} + Alerts Resolved: + {{ range .Alerts.Resolved }} + - Message: {{ .Annotations.message }} + Labels: + {{ range .Labels.SortedPairs }} - {{ .Name }} = {{ .Value }} + {{ end }} Annotations: + {{ range .Annotations.SortedPairs }} - {{ .Name }} = {{ .Value }} + {{ end }} Source: {{ .GeneratorURL }} + {{ end }} + {{- end }} + {%- endraw %} + - name: heartbeat + webhook_configs: + - url: https://api.opsgenie.com/v2/heartbeats/HEARTBEAT_NAME/ping + send_resolved: false + http_config: + basic_auth: + password: API_KEY + +Once this is done and deployed, you'll start to see alerts inside OpsGenie and +you can also verify that the heartbeat is listed as *ACTIVE*. + +PagerDuty +========= + +To integrate with Pagerduty, first you need to prepare an *Integration key*. In +order to do that, you must decide how you want to integrate with PagerDuty since +there are two ways to do it: + +**Event Orchestration** + This method is beneficial if you want to build different routing rules based + on the events coming from the integrated tool. + +**PagerDuty Service Integration** + This method is beneficial if you don't need to route alerts from the integrated + tool to different responders based on the event payload. + +For both of these methods, you need to create an *Integration key* in PagerDuty +using the `PagerDuty Integration Guide `_. + +Once you're done, you'll need to configure the inventory with the following +options: + +.. code-block:: yaml + + kube_prometheus_stack_helm_values: + alertmanager: + config: + receivers: + - name: notifier + pagerduty_configs: + - service_key: '' + +You can find more details about +`pagerduty_configs `_ +in the Prometheus documentation. + +Email +===== + +To integrate with email, you need to configure the following options in the +inventory: + +.. code-block:: yaml + + kube_prometheus_stack_helm_values: + alertmanager: + config: + receivers: + - name: notifier + email_configs: + - smarthost: 'smtp.gmail.com:587' + auth_username: '' + auth_password: '' + from: '' + to: '' + headers: + subject: 'Prometheus Mail Alerts' + +You can find more details about +`email_configs `_ +in the Prometheus documentation. + +**************** +Alerts Reference +**************** + +``etcdDatabaseHighFragmentationRatio`` + This alert is triggered when the etcd database has a high fragmentation ratio + which can cause performance issues on the cluster. In order to resolve this + issue, you can use the following command: + + .. code-block:: console + + kubectl -n kube-system exec svc/kube-prometheus-stack-kube-etcd -- \ + etcdctl defrag \ + --cluster \ + --cacert /etc/kubernetes/pki/etcd/ca.crt \ + --key /etc/kubernetes/pki/etcd/server.key \ + --cert /etc/kubernetes/pki/etcd/server.crt + +``NodeNetworkMulticast`` + This alert is triggered when a node is receiving large volumes of multicast + traffic which can be a sign of a misconfigured network or a malicious actor. + + This can result in high CPU usage on the node and can cause the node to become + unresponsive. Also, it can be the cause of a very high amount of software + interrupts on the node. + + In order to find the root cause of this issue, you can use the following + commands: + + .. code-block:: console + + iftop -ni $DEV -f 'multicast and not broadcast' + + With the command above, you're able to see which IP addresses are sending the + multicast traffic. Once you have the IP address, you can use the following + command to find the server behind it: + + .. code-block:: console + + openstack server list --all-projects --long -n --ip $IP diff --git a/doc/source/admin/troubleshooting.rst b/doc/source/admin/troubleshooting.rst new file mode 100644 index 000000000..49f247a97 --- /dev/null +++ b/doc/source/admin/troubleshooting.rst @@ -0,0 +1,155 @@ +##################### +Troubleshooting Guide +##################### + +This document aims to provide solutions to common issues encountered during the deployment and operation of Atmosphere. The guide is organized by component and issue type to help you quickly find the most relevant information. + +************************** +Open Virtual Network (OVN) +************************** + +Recovering clusters +=================== + +If any of the OVN database pods fail, they will no longer be ready. You can +recover the cluster by deleting the pods and allowing them to be recreated. + +For example, if the ``ovn-ovsdb-nb-0`` pod fails, you can recover the cluster by +deleting the pod: + +.. code-block:: console + + $ kubectl -n openstack delete pods/ovn-ovsdb-nb-0 + +If the entire cluster fails, you can recover the cluster by deleting all of the +pods. For example, if the southbound database fails, you can recover the +cluster with this command: + +.. code-block:: console + + $ kubectl -n openstack delete pods -lcomponent=ovn-ovsdb-sb + +If the state of Neutron is lost from the cluster, you can recover it by running +the repair command: + +.. code-block:: console + + $ kubectl -n openstack exec deploy/neutron-server -- \ + neutron-ovn-db-sync-util \ + --debug \ + --config-file /etc/neutron/neutron.conf \ + --config-file /tmp/pod-shared/ovn.ini \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --ovn-neutron_sync_mode repair + +********************** +Compute Service (Nova) +********************** + +Provisioning Failure Due to ``downloading`` Volume +================================================== + +If you're trying to provision a new instance that is using a volume where the +backend needs to download images directly from Glance (such as PowerStore for +example) and it fails with the following error: + +.. code-block:: text + + Build of instance 54a41735-a4cb-4312-b812-52e4f3d8c500 aborted: Volume 728bdc40-fc22-4b65-b6b6-c94ee7f98ff0 did not finish being created even after we waited 187 seconds or 61 attempts. And its status is downloading. + +This means that the volume service could not download the image before the +compute service timed out. Out of the box, Atmosphere ships with the volume +cache enabled to help offset this issue. However, if you're using a backend +that does not support the volume cache, you can increase the timeout by setting +the following in your ``inventory/group_vars/all/nova.yml`` file: + +.. code-block:: yaml + + nova_helm_values: + conf: + enable_iscsi: true + nova: + DEFAULT: + block_device_allocate_retries: 300 + +******************************* +Load Balancer Service (Octavia) +******************************* + +Accessing Amphorae +================== + +Atmosphere configures an SSH keypair which allows you to login to the Amphorae +for debugging purposes. The ``octavia-worker`` containers are fully configured +to allow you to SSH to the Amphorae. + +If you have an Amphora running with the IP address ``172.24.0.148``, you can login +to it by simply executing the following: + +.. code-block:: console + + $ kubectl -n openstack exec -it deploy/octavia-worker -- ssh 172.24.0.148 + + +Listener with ``provisioning_status`` stuck in ``ERROR`` +======================================================== + +There are scenarios where the load balancer could be in an ``ACTIVE`` state however +the listener can be stuck in a ``provisioning_status`` of ``ERROR``. This is usually +related to an expired TLS certificate not cleanly recovering. + +Another symptom of this issue will be that you'll see the following inside the +``octavia-worker`` logs: + +.. code-block:: text + + ERROR oslo_messaging.rpc.server [None req-ad303faf-7a53-4c55-94a5-28cd61c46619 - e83856ceda5c42df8810df42fef8fc1c - - - -] Exception during message handling: octavia.amphorae.drivers.haproxy.exceptions.InternalServerError: Internal Server Erro + ERROR oslo_messaging.rpc.server Traceback (most recent call last): + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/oslo_messaging/rpc/server.py", line 165, in _process_incoming + ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/oslo_messaging/rpc/dispatcher.py", line 309, in dispatch + ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/oslo_messaging/rpc/dispatcher.py", line 229, in _do_dispatch + ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/queue/v2/endpoints.py", line 90, in update_pool + ERROR oslo_messaging.rpc.server self.worker.update_pool(original_pool, pool_updates) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/worker/v2/controller_worker.py", line 733, in update_pool + ERROR oslo_messaging.rpc.server self.run_flow( + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/worker/v2/controller_worker.py", line 113, in run_flow + ERROR oslo_messaging.rpc.server tf.run() + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/engines/action_engine/engine.py", line 247, in run + ERROR oslo_messaging.rpc.server for _state in self.run_iter(timeout=timeout): + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/engines/action_engine/engine.py", line 340, in run_iter + ERROR oslo_messaging.rpc.server failure.Failure.reraise_if_any(er_failures) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/types/failure.py", line 338, in reraise_if_any + ERROR oslo_messaging.rpc.server failures[0].reraise() + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/types/failure.py", line 350, in reraise + ERROR oslo_messaging.rpc.server raise value + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/engines/action_engine/executor.py", line 52, in _execute_task + ERROR oslo_messaging.rpc.server result = task.execute(**arguments) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/worker/v2/tasks/amphora_driver_tasks.py", line 157, in execute + ERROR oslo_messaging.rpc.server self.amphora_driver.update(loadbalancer) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py", line 236, in update + ERROR oslo_messaging.rpc.server self.update_amphora_listeners(loadbalancer, amphora) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py", line 205, in update_amphora_listeners + ERROR oslo_messaging.rpc.server self.clients[amphora.api_version].upload_config( + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py", line 758, in upload_config + ERROR oslo_messaging.rpc.server return exc.check_exception(r) + ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/exceptions.py", line 44, in check_exception + ERROR oslo_messaging.rpc.server raise responses[status_code]() + ERROR oslo_messaging.rpc.server octavia.amphorae.drivers.haproxy.exceptions.InternalServerError: Internal Server Error + +You can simply trigger a complete failover of the load balancer which will solve +the issue: + +.. code-block:: console + + $ openstack loadbalancer failover ${LOAD_BALANCER_ID} + +.. admonition:: Help us improve Atmosphere! + :class: info + + We're trying to collect data with when these failures occur to better understand + the root cause. If you encounter this issue, please reach out to the Atmosphere + team so we can better understand the issue by filing an issue with the output of + the ``amphora-agent`` logs from the Amphora. diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 000000000..f99817d8b --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,35 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from dunamai import Version + +project = "Atmosphere" +copyright = "2024, VEXXHOST, Inc." +author = "VEXXHOST, Inc." +release = Version.from_git().serialize() + +# -- General configuration --------------------------------------------------- +# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration + +extensions = ["sphinx_copybutton"] + +templates_path = ["_templates"] +exclude_patterns = [] + + +# -- Options for HTML output ------------------------------------------------- +# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output + +html_theme = "furo" +html_static_path = ["_static"] diff --git a/doc/source/config/index.rst b/doc/source/config/index.rst new file mode 100644 index 000000000..6e6cb56ee --- /dev/null +++ b/doc/source/config/index.rst @@ -0,0 +1,8 @@ +################### +Configuration Guide +################### + +.. toctree:: + :maxdepth: 2 + + ingress diff --git a/doc/source/config/ingress.rst b/doc/source/config/ingress.rst new file mode 100644 index 000000000..7f31536b2 --- /dev/null +++ b/doc/source/config/ingress.rst @@ -0,0 +1,70 @@ +======= +Ingress +======= + +The ingress component is the primary entry point for all traffic to the cluster, +it is currently deployed as an instance of ``ingress-nginx``. It is tuned to work +out of the box and should require no changes + +.. admonition:: Warning + :class: warning + + The ingress component is a critical part of the cluster, and should be + managed with care. Any changes to the ingress configuration should be + carefully reviewed and tested before being applied to the cluster. + + If you make any changes to the ingress configuration, you may see a small + outage as the ingress controller is restarted. + +********** +Helm Chart +********** + +The ingress component is deployed using the ``ingress-nginx`` helm chart. The +chart is configured with a number of values to ensure it works correctly with +the cluster out of the box, however, you can override these values by adding +the following to your inventory: + +.. code-block:: yaml + + ingress_nginx_helm_values: + foo: bar + +These values will be merged with the default values in the chart, and will be +used to configure the ingress controller. + +*********************** +TLS Version and Ciphers +*********************** + +To provide the most secure baseline configuration possible, ``ingress-nginx`` +defaults to using TLS 1.2 and 1.3 only, with a `secure set of TLS ciphers `_. + +Verifying TLS Version and Ciphers +================================= + +In order to check the TLS version and ciphers used by the ingress controller, +you can use the [sslscan](https://github.com/rbsec/sslscan) tool: + +.. code-block:: console + + sslscan dashboard.cloud.example.com + +Legacy TLS +========== + +The default configuration, though secure, does not support some older browsers +and operating systems. + +In order to change this behaviour, you can make to make the following changes +to the ``ingress_nginx_helm_values`` variable, the following example is using the +`Mozilla SSL Configuration Generator `_ +configured for the *old* profile: + +.. code-block:: yaml + + ingress_nginx_helm_values: + controller: + config: + ssl-protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" + ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" diff --git a/doc/source/deploy/cinder.rst b/doc/source/deploy/cinder.rst new file mode 100644 index 000000000..41a0bc2d7 --- /dev/null +++ b/doc/source/deploy/cinder.rst @@ -0,0 +1,178 @@ +#################### +Cinder Configuration +#################### + +Cinder, the block storage service for OpenStack, can be configured to use a +variety of storage backends. This section guides you through setting up Cinder +with different backend technologies, each of which might require specific +configuration steps. + +******** +Ceph RBD +******** + +When using the integrated Ceph cluster provided with Atmosphere, no additional +configuration is needed for Cinder. The deployment process automatically +configures Cinder to use Ceph as the backend, simplifying setup and integration. + +*************** +Dell PowerStore +*************** + +In order to be able to use Dell PowerStore, you'll need to make sure that you +setup the hosts inside of your storage array. You'll also need to make sure +that they are not inside a host group or otherwise individual attachments will +not work. + +You can enable the native PowerStore driver for Cinder with the following +configuration inside your Ansible inventory: + +.. code-block:: yaml + + cinder_helm_values: + storage: powerstore + dependencies: + static: + api: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + scheduler: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + volume: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + volume_usage_audit: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + conf: + cinder: + DEFAULT: + enabled_backends: powerstore + default_volume_type: powerstore + backends: + rbd1: null + powerstore: + volume_backend_name: powerstore + volume_driver: cinder.volume.drivers.dell_emc.powerstore.driver.PowerStoreDriver + san_ip: + san_login: + san_password: + storage_protocol: # FC or iSCSI + manifests: + deployment_backup: true + job_backup_storage_init: true + job_storage_init: false + + nova_helm_values: + conf: + enable_iscsi: true + +.. admonition:: About ``conf.enable_iscsi`` + :class: info + + The ``enable_iscsi`` setting is required to allow the Nova instances to + expose volumes by making the `/dev` devices available to the containers, + not necessarily to use iSCSI as the storage protocol. In this case, the + PowerStore driver will use the storage protocol specified inside Cinder, + +******** +StorPool +******** + +Using StorPool as a storage backend requires additional configuration to ensure +proper integration. These adjustments include network settings and file system mounts. + +Configure Cinder to use StorPool by implementing the following settings: + +.. code-block:: yaml + + cinder_helm_values: + storage: storpool + pod: + useHostNetwork: + volume: true + mounts: + cinder_volume: + volumeMounts: + - name: etc-storpool-conf + mountPath: /etc/storpool.conf + readOnly: true + - name: etc-storpool-conf-d + mountPath: /etc/storpool.conf.d + readOnly: true + volumes: + - name: etc-storpool-conf + hostPath: + type: File + path: /etc/storpool.conf + - name: etc-storpool-conf-d + hostPath: + type: Directory + path: /etc/storpool.conf.d + dependencies: + static: + api: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + scheduler: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + volume: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + volume_usage_audit: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + - cinder-rabbit-init + conf: + cinder: + DEFAULT: + enabled_backends: hybrid-2ssd + default_volume_type: hybrid-2ssd + backends: + rbd1: null + hybrid-2ssd: + volume_backend_name: hybrid-2ssd + volume_driver: cinder.volume.drivers.storpool.StorPoolDriver + storpool_template: hybrid-2ssd + report_discard_supported: true + manifests: + deployment_backup: false + job_backup_storage_init: false + job_storage_init: false + + nova_helm_values: + conf: + enable_iscsi: true + +.. admonition:: About ``conf.enable_iscsi`` + :class: info + + The ``enable_iscsi`` setting is required to allow the Nova instances to + expose volumes by making the `/dev` devices available to the containers, + not necessarily to use iSCSI as the storage protocol. In this case, the + StorPool devices will be exposed as block devices to the containers. diff --git a/doc/source/deploy/csi.rst b/doc/source/deploy/csi.rst new file mode 100644 index 000000000..fc899454b --- /dev/null +++ b/doc/source/deploy/csi.rst @@ -0,0 +1,56 @@ +################# +CSI Configuration +################# + +This section details how to configure Container Storage Interfaces (CSI) for +your Kubernetes cluster that Atmosphere runs on. You will need to follow the +steps below to enable specific CSI drivers based on your storage requirements. + +******** +Ceph RBD +******** + +If you are using the Ceph storage solution that Atmosphere deploys out of the +box, no additional configuration is required. The necessary settings are +automatically applied during the installation process. + +*************** +Dell PowerStore +*************** + +For environments requiring the integration of PowerStore for storage, +configure the PowerStore CSI driver by updating your Ansible inventory as +follows: + +.. code-block:: yaml + + csi_driver: powerstore + powerstore_csi_config: + arrays: + - endpoint: https:///api/rest + globalID: + username: + password: + skipCertificateValidation: true + isDefault: true + blockProtocol: # FC or iSCSI + +Ensure that you replace ```` with actual values relevant to your +PowerStore configuration. This includes specifying the block protocol, which +can either be Fibre Channel (FC) or iSCSI, depending on your network +infrastructure. + +******** +StorPool +******** + +For environments requiring the integration of StorPool for storage, configure +the StorPool CSI driver by updating your Ansible inventory as follows: + +.. code-block:: yaml + + csi_driver: storpool + storpool_csi_template: k8s + +The ``storpool_csi_template`` variable specifies the StorPool template to use +for the deployment which is set to ``k8s`` in the example above. diff --git a/doc/source/deploy/glance.rst b/doc/source/deploy/glance.rst new file mode 100644 index 000000000..f2f560b75 --- /dev/null +++ b/doc/source/deploy/glance.rst @@ -0,0 +1,96 @@ +#################### +Glance Configuration +#################### + +Glance, the image service used by OpenStack, can be configured to use different +storage backends depending on your deployment needs. This document provides +guidance on setting up Glance with either the integrated Ceph cluster that +comes with Atmosphere or using Cinder as a storage backend, with additional +details for configurations that require special handling. + +**** +Ceph +**** + +The Atmosphere deployment includes a pre-configured Ceph cluster that is +ready to use with Glance, requiring no additional configuration steps. This +setup is recommended for most users as it provides a seamless and integrated +storage solution. + +****** +Cinder +****** + +To configure Glance to use Cinder as its storage backend, which allows for +managing images as block storage volumes, apply the following configuration: + +.. code-block:: yaml + + glance_helm_values: + storage: cinder + conf: + glance: + glance_store: + stores: cinder + default_store: cinder + image_formats: + disk_formats: raw + +This configuration sets Cinder as the default and only storage backend for +Glance, with images stored in the ``raw`` disk format. The configuration +above will use the Cinder default volume type for image storage. + +If you want to use a specific volume type, you can merge the following with +the above configuration: + +.. code-block:: yaml + + glance_helm_values: + conf: + glance: + glance_store: + cinder_volume_type: slow + +Vendor-Specific Configurations +============================== + +Depending on the vendor you use for your Cinder storage backend, you may need +to make some additional changes to accommodate specific requirements or +capabilities offered by that vendor. Below are the configuration details for +common providers. + +StorPool +-------- + +For deployments utilizing StorPool as the storage backend, additional +configuration settings are necessary to ensure proper integration and +functionality. You can merge the following with the base Cinder configuration +above: + +.. code-block:: yaml + + glance_helm_values: + pod: + useHostNetwork: + api: true + mounts: + glance_api: + volumeMounts: + - name: etc-storpool-conf + mountPath: /etc/storpool.conf + readOnly: true + - name: etc-storpool-conf-d + mountPath: /etc/storpool.conf.d + readOnly: true + volumes: + - name: etc-storpool-conf + hostPath: + type: File + path: /etc/storpool.conf + - name: etc-storpool-conf-d + hostPath: + type: Directory + path: /etc/storpool.conf.d + +These adjustments include network settings and mounting necessary configuration +files into the Glance API pod to interact efficiently with the StorPool backend. diff --git a/doc/source/deploy/index.rst b/doc/source/deploy/index.rst new file mode 100644 index 000000000..ff9238f99 --- /dev/null +++ b/doc/source/deploy/index.rst @@ -0,0 +1,20 @@ +################ +Deployment Guide +################ + +Welcome to the Deployment Guide for the Atmosphere project. This guide provides +detailed instructions and resources for setting up and configuring the +Atmosphere deployment on a Kubernetes cluster. + +It is designed to assist you through the entire process, from initial system +requirements to post-deployment verification, ensuring a successful installation +and setup. + +.. toctree:: + :maxdepth: 2 + + inventory + csi + cinder + glance + neutron diff --git a/doc/source/deploy/inventory.rst b/doc/source/deploy/inventory.rst new file mode 100644 index 000000000..62293ee9f --- /dev/null +++ b/doc/source/deploy/inventory.rst @@ -0,0 +1,64 @@ +================== +Building Inventory +================== + +Atmosphere relies on an Ansible inventory in order to drive the deployment of +all the components. + +In order to deploy Atmosphere, you will need to build a directory structure +that will contain all the configuration files and secrets required to deploy +the platform. + +The recommended layout is as follows: + +.. code-block:: text + + cloud-config + ├── inventory + │ ├── group_vars + │ │ ├── all + │ │ │ ├── ceph.yml + │ │ │ ├── cluster_issuer.yml + │ │ │ ├── endpoints.yml + │ │ │ ├── keepalived.yml + │ │ │ ├── kube-prometheus-stack.yml + │ │ │ ├── kubernetes.yml + │ │ │ ├── neutron.yml + │ │ │ └── secrets.sops.yml + │ │ ├── cephs + │ │ │ └── osds.yml + │ └── hosts.ini + ├── playbooks + │ └── site.yml + └── requirements.yml + +************* +``hosts.ini`` +************* + +The ``hosts.ini`` file is the Ansible inventory file that will be used to deploy +the platform. It is recommended to use the following layout: + +.. code-block:: ini + + [controllers] + ctl1.cloud.atmosphere.dev + ctl2.cloud.atmosphere.dev + ctl3.cloud.atmosphere.dev + + [computes] + kvm1.cloud.atmosphere.dev + kvm2.cloud.atmosphere.dev + kvm3.cloud.atmosphere.dev + + [cephs] + ceph1.cloud.atmosphere.dev + ceph2.cloud.atmosphere.dev + ceph3.cloud.atmosphere.dev + +.. admonition:: FQDNs are required! + + The hostnames listed in the inventory file must be a FQDN that resolves to + the IP address of the host. If they do not, you will have failures such + as agents failing to start, live migration failures and other transient + and hard to diagnose issues. diff --git a/doc/source/deploy/neutron.rst b/doc/source/deploy/neutron.rst new file mode 100644 index 000000000..f327e7a68 --- /dev/null +++ b/doc/source/deploy/neutron.rst @@ -0,0 +1,200 @@ +##################### +Neutron Configuration +##################### + +Neutron, the network service for OpenStack, supports a variety of +configurations to optimize and tailor network performance. This includes +integrating hardware acceleration technologies to enhance networking +capabilities within your OpenStack environment. + +********************* +Hardware Acceleration +********************* + +Hardware acceleration can significantly improve network performance by +offloading specific network functions to directly to the network interface +card (NIC). This reduces the load on the host CPU and improves network +throughput and latency. + +ML2/OVS +======= + +Mellanox Accelerated Switching And Packet Processing (ASAP\ :sup:`2`) +--------------------------------------------------------------------- + +Mellanox ASAP\ :sup:`2` is a technology that enables the offloading of the Open vSwitch +datapath to the NIC. This offloading is done by the NIC's firmware, and is +transparent to the host. + +Atmosphere uses the `netoffload `_ +project which takes care of validating and preparing the host for SR-IOV. + +It is recommended to follow the ``netoffload`` `BIOS, Kernel & NIC configuration `_ +steps documented before getting started. + +Open vSwitch configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In order to enable hardware off-loading in Open vSwitch, you must make sure that +you deploy with the following configuration: + +.. code-block:: yaml + + openvswitch_helm_values: + conf: + ovs_hw_offload: + enabled: true + +Neutron configuration +^^^^^^^^^^^^^^^^^^^^^ + +In order to enable hardware off-loading in Neutron, you can simply deploy it +with the following configuration and it will use `netoffload `_ +to automatically configure ASAP\ :sup:`2`. + +.. admonition:: About ``Init`` errors + :class: info + + If you see an Init error when deploying Neutron, you may need to look at the + logs of the ``netoffload`` container to see what went wrong. + +.. code-block:: yaml + + neutron_helm_values: + conf: + netoffload: + asap2: + - dev: enp97s0f0 + vfs: 16 + +ML2/OVN +======= + +DPDK for provider & tenant networks +----------------------------------- + +DPDK is a set of libraries and drivers for fast packet processing. It is +designed to run mostly in userspace, and can be used to accelerate network +functions in OpenStack. + +DPDK can be used with OVN to accelerate the processing of packets in the +datapath. This can be done by enabling the DPDK support in the OVN +configuration. + +Open vSwitch configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In order to enable hardware off-loading in Open vSwitch, you must make sure that +you deploy with the following configuration: + +.. code-block:: yaml + + openvswitch_helm_values: + conf: + ovs_dpdk: + enabled: true + socket_memory: 2048 + hugepages_mountpath: /dev/hugepages + vhostuser_socket_dir: vhostuser + lcore_mask: 0x1 + driver: mlx5_core + vhost_iommu_support: true + +For more details about configuring `socket_memory`, `lcore_mask`, and `driver` +parameters, please refer to the `OpenvSwitch documentation `_. + +OVN configuration +^^^^^^^^^^^^^^^^^ + +In order to enable hardware off-loading in OVN, you must make sure that +you deploy with the following configuration: + +.. code-block:: yaml + + ovn_helm_values: + network: + interface: + tunnel: br-ex + tunnel_network_cidr: 192.168.0.0/19 + conf: + ovn_bridge_mappings: external:br-ex + ovn_bridge_datapath_type: netdev + +Neutron configuration +^^^^^^^^^^^^^^^^^^^^^ + +In order to enable hardware off-loading in Neutron, you can simply deploy it +with the following configuration and it will take care of creating the +DPDK interfaces for you. + +.. code-block:: yaml + + neutron_helm_values: + conf: + neutron: + DEFAULT: + global_physnet_mtu: 9100 + plugins: + ml2_conf: + ml2: + path_mtu: 9100 + physical_network_mtus: external:9100 + ml2_type_vxlan: + vni_ranges: 2000:1000000 + ovs_dpdk: + enabled: true + update_dpdk_bond_config: true + driver: mlx5_core + bonds: + - name: dpdkbond + bridge: br-ex + migrate_ip: true + mtu: 9100 + n_rxq: 2 + n_txq: 2 + n_rxq_size: 2048 + n_txq_size: 2048 + vhost_iommu_support: true + ovs_options: 'bond_mode=balance-tcp lacp=active bond_updelay=10 bond_downdelay=10 other_config:lacp-time=fast' + nics: + - name: dpdk_b0s0 + pci_id: '0000:c1:00.0' + - name: dpdk_b0s1 + pci_id: '0000:c1:00.1' + modules: + - name: dpdk + log_level: info + nics: null + +Flavor configuration +^^^^^^^^^^^^^^^^^^^^ + +In order to use DPDK with OVN, you must create a flavor that supports DPDKw +which also includes making changes for the services that use the service +virtual machine model such as Octavia and Manila. + +.. code-block:: yaml + + nova_flavors: + - disk: 1 + name: m1.tiny + ram: 512 + vcpus: 1 + extra_specs: + "hw:vif_multiqueue_enabled": 'true' + "hw:mem_page_size": 'large' + - disk: 20 + name: m1.small + ram: 2048 + vcpus: 1 + extra_specs: + "hw:vif_multiqueue_enabled": 'true' + "hw:mem_page_size": 'large' + + manila_flavor_extra_specs: + "hw:vif_multiqueue_enabled": 'true' + "hw:mem_page_size": large + + octavia_amphora_flavor_extra_specs: + "hw:vif_multiqueue_enabled": 'true' + "hw:mem_page_size": large diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 000000000..f7150fc45 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,38 @@ +########## +Atmosphere +########## + +Atmosphere is an advanced OpenStack distribution that is powered by open source +technologies & built by `VEXXHOST `_ powered by Kuberentes, +which allows you to easily deliver virtual machines, Kubernetes and bare-metal +on your on-premise hardware. + +The difference between Atmosphere and other deployment tools is that it is +fully open source with batteries included. It ships with settings that are +curated by years of experience from our team alongside other features such as: + +- Built on top of Kubernetes for the life-cycle of the OpenStack cloud. +- Native integration with Keycloak for robust identity management. +- Native integration with `Cluster API driver for Magnum `_ +- Simplified deployment and management of the cloud using Kubernetes. +- Pre-integrated with many popular OpenStack projects with no additional configuration. +- Native integration with many storage platforms out of the box. +- Full day 2 operations for monitoring, logging and alerting out of the box using Prometheus, AlertManager, Grafana, Loki and more. + +.. toctree:: + :maxdepth: 2 + :caption: Contents: + + quick-start + config/index + deploy/index + admin/index + + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` diff --git a/doc/source/quick-start.rst b/doc/source/quick-start.rst new file mode 100644 index 000000000..9479f25ba --- /dev/null +++ b/doc/source/quick-start.rst @@ -0,0 +1,228 @@ +########### +Quick Start +########### + +There are several ways that you can quickly get started with Atmosphere to explore +it's capabilities. + +********** +Deployment +********** + +This section covers all of the different ways you can deploy a quick start +environment for Atmosphere. + +.. admonition:: Testing & Development Only + :class: info + + The quick start installation is not for production use, it's perfect + for testing and development. + +All-in-one +========== + +The easiest way to get started with Atmosphere is to deploy the all-in-one +installation. This will install an entire stack of Atmosphere, with Ceph +and all the OpenStack services inside a single machine. + +.. admonition:: Non-reversible Changes + :class: warning + + The all-in-one will fully take-over the machine by making system-level + changes. It's recommended to run it inside a virtual machine or a + physical machine that can be dedicated to this purpose. + +In order to get started, you'll need a **Ubuntu 22.04** system with the +following minimum system requirements: + +- Cores: 8 threads (or vCPUs) +- Memory: 32GB + +If you're looking to run Kubernetes clusters, you'll need more memory +for the workloads, it following minimum is recommended (but more memory +is always better!): + +- Cores: 16 threads (or vCPUs) +- Memory: 64GB + +.. admonition:: Nested Virtualization + :class: warning + + If you're running this inside a virtual machine, it is **extremely** + important that the virtual machines supported nested virtualization, + otherwise the performance of the VMs will be un-usable. + +You'll need to start all of the necessary dependencies first: + +.. code-block:: bash + + $ sudo apt-get update + $ sudo apt-get install git python3-pip + $ sudo pip install poetry + +Once done, you can clone the repository locally and switch to the +``atmosphere`` directory: + +.. code-block:: bash + + $ git clone https://github.com/vexxhost/atmosphere.git + $ cd atmosphere + +Once you're in the directory, you can deploy the all-in-one environment +by running the following command: + +.. code-block:: bash + + $ cd atmosphere + $ sudo poetry install --with dev + $ sudo poetry run molecule converge -s aio + +Once the deployment is done, it will have a full deployment of all services +inside the same host, so you can use the cloud from the same machine by +referencing the usage section. + +Multi-node +========== + +The multi-node intends to provide the most near-production experience possible, +as it is architected purely towards production-only environments. In order to +get a quick production-ready experience of Atmosphere, this will deploy a full +stack of Atmosphere, with Ceph and all the OpenStack services across multiple +machines in a lab environment. + +OpenStack +--------- + +You can deploy Atmosphere on top of an existing OpenStack environment where many +virtual machines will be deployed in the same way that you'd have multiple +physical machines in a datacenter for a production environment. + +The quick start is powered by Molecule and it is used in continuous integration +running against the VEXXHOST public cloud so that would be an easy target to +use to try it out. + +ou will need the following quotas set up in your cloud account: + +* 8 instances +* 32 cores +* 128GB RAM +* 360GB storage + +These resources will be used to create a total of 8 instances broken up as +follows: + +* 3 Controller nodes +* 3 Ceph OSD nodes +* 2 Compute nodes + +First of all, you'll have to make sure you clone the repository locally to your +system with `git` by running the following command: + +.. code-block:: console + + $ git clone https://github.com/vexxhost/atmosphere + +You will need ``poetry`` installed on your operating system. You will need to make +sure that you have the appropriate OpenStack environment variables set (such +as ``OS_CLOUD`` or ``OS_AUTH_URL``, etc.). You can also use the following +environment variables to tweak the behaviour of the Heat stack that is created: + +* ``ATMOSPHERE_STACK_NAME``: The name of the Heat stack to be created (defaults to + `atmosphere`). +* ``ATMOSPHERE_PUBLIC_NETWORK``: The name of the public network to attach floating + IPs from (defaults to ``public``). +* ``ATMOSPHERE_IMAGE``: The name or UUID of the image to be used for deploying the + instances (defaults to ``Ubuntu 20.04.3 LTS (x86_64) [2021-10-04]``). +* ``ATMOSPHERE_INSTANCE_TYPE``(Deprecated): The instance type used to deploy all of the + different instances.(It doesn't have its own default value.) + This has been deprecated from v1.4.0. You can configure the instance type per a + machine role using ``ATMOSPHERE_CONTROLLER_INSTANCE_TYPE``, + ``ATMOSPHERE_COMPUTE_INSTANCE_TYPE``, and ``ATMOSPHERE_STORAGE_INSTANCE_TYPE`` + variables. For backwards compatibility, if variables specific to the machine roles + are not set and ``ATMOSPHERE_INSTANCE_TYPE`` is set, ``ATMOSPHERE_INSTANCE_TYPE`` value + is used. +* ``ATMOSPHERE_CONTROLLER_INSTANCE_TYPE``: The instance type used to deploy controller + instances (defaults to ``v3-standard-16``). +* ``ATMOSPHERE_COMPUTE_INSTANCE_TYPE``: The instance type used to deploy compute + instances (defaults to ``v3-standard-4``). +* ``ATMOSPHERE_STORAGE_INSTANCE_TYPE``: The instance type used to deploy storage + instances (defaults to ``v3-standard-4``). +* ``ATMOSPHERE_NAMESERVERS``: A comma-separated list of nameservers to be used for + the instances (defaults to ``1.1.1.1``). +* ``ATMOSPHERE_USERNAME``: The username what is used to login into the instances ( + defaults to ``ubuntu``). +* ``ATMOSPHERE_DNS_SUFFIX_NAME``: The DNS domainname that is used for the API and + Horizon. (defaults to ``nip.io``). +* ``ATMOSPHERE_ACME_SERVER``: The ACME server, currenly this is from LetsEncrypt, + with StepCA from SmallStep it is possible to run a internal ACME server. + The CA of that ACME server should be present in the instance image. +* ``ATMOSPHERE_ANSIBLE_VARS_PATH``: The path for ansible group_vars and host_vars. + This to build a multinode development cluster with own configs, that are not + generated by molecule. This way you can test your configs before you bring + them to production. + +Once you're ready to get started, you can run the following command to install +poetry dependencies: + +.. code-block:: console + + $ poetry install + +Then you can run the following command to build the Heat stack: + +.. code-block:: console + + $ poetry run molecule converge + +This will create a Heat stack with the name `atmosphere` and start deploying +the cloud. Once it's complete, you can login to any of the systems by using +the `login` sub-command. For exampel, to login to the first controller node, +you can run the following: + +.. code-block:: console + + $ poetry run molecule login -h ctl1 + +At this point, you can proceed to the usage section to see how to interact +with the cloud. + +Once you're done with your environment and you need to tear it down, you can +use the `destroy` sub-command: + +.. code-block:: console + + $ poetry run molecule destroy + +For more information about the different commands used by Molecule, you can +refer to the Molecule documentation. + +***** +Usage +***** + +Once the deployment is done, you can either use the CLI to interact with +the OpenStack environment, or you can access the Horizon dashboard. + +For the CLI, you can ``source /root/openrc`` and then use the ``openstack`` +CLI. For example, if you want to list the networks, you can run the +following command: + +.. code-block:: console + + $ source /root/openrc + $ openstack network list + +For the Horizon dashboard, you can find the URL to access it by running +the following command: + +.. code-block:: console + + $ kubectl -n openstack get ingress/dashboard -ojsonpath='{.spec.rules[0].host}' + +You can find the credentials to login to the dashboard reading the +`/root/openrc` file. You can use the following variables to match +the credentials: + +- Username: ``OS_USERNAME`` +- Password: ``OS_PASSWORD`` +- Domain: ``OS_USER_DOMAIN_NAME`` diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md deleted file mode 100644 index 5aacde1f7..000000000 --- a/docs/SUMMARY.md +++ /dev/null @@ -1,20 +0,0 @@ -# Summary - -- Deployment - - [Quick start](deploy/quick-start.md) - - [Production](deploy/production.md) -- [Ingress](ingress.md) -- [Monitoring](monitoring.md) -- Kubernetes - - [Certificates](kubernetes/certificates.md) -- OpenStack - - [Keycloak](openstack/keycloak.md) - - [Cinder](openstack/cinder.md) - - [Neutron](openstack/neutron.md) - - [Nova](openstack/nova.md) - - [Octavia](openstack/octavia.md) -- Developer Guide - - [Getting Started](developer/getting-started.md) - - [Services](developer/services.md) - - [Images](developer/images.md) - - [Testing](developer/testing.md) diff --git a/docs/deploy/production.md b/docs/deploy/production.md deleted file mode 100644 index b94ae572a..000000000 --- a/docs/deploy/production.md +++ /dev/null @@ -1,59 +0,0 @@ -# Deployment Guide - -## Building inventory - -In order to deploy Atmosphere, you will need to build a directory structure -that will contain all the configuration files and secrets required to deploy -the platform. - -The recommended layout is as follows: - -```text -cloud-config -├── inventory -│ ├── group_vars -│ │ ├── all -│ │ │ ├── ceph.yml -│ │ │ ├── cluster_issuer.yml -│ │ │ ├── endpoints.yml -│ │ │ ├── keepalived.yml -│ │ │ ├── kube-prometheus-stack.yml -│ │ │ ├── kubernetes.yml -│ │ │ ├── neutron.yml -│ │ │ └── secrets.sops.yml -│ │ ├── cephs -│ │ │ └── osds.yml -│ └── hosts.ini -├── playbooks -│ └── site.yml -└── requirements.yml -``` - -### `hosts.ini` file - -The `hosts.ini` file is the Ansible inventory file that will be used to deploy -the platform. It is recommended to use the following layout: - -```ini -[controllers] -ctl1.cloud.atmosphere.dev -ctl2.cloud.atmosphere.dev -ctl3.cloud.atmosphere.dev - -[computes] -kvm1.cloud.atmosphere.dev -kvm2.cloud.atmosphere.dev -kvm3.cloud.atmosphere.dev - -[cephs] -ceph1.cloud.atmosphere.dev -ceph2.cloud.atmosphere.dev -ceph3.cloud.atmosphere.dev -``` - -!!! warning - - The hostnames listed in the inventory file must be a FQDN that resolves to - the IP address of the host. If they do not, you will have failures such - as agents failing to start, live migration failures and other transient - and hard to diagnose issues. diff --git a/docs/deploy/quick-start.md b/docs/deploy/quick-start.md deleted file mode 100644 index 58321f1af..000000000 --- a/docs/deploy/quick-start.md +++ /dev/null @@ -1,81 +0,0 @@ -# Quick-start - -## All-in-one - -The easiest way to get started with Atmosphere is to deploy the all-in-one -installation. This will install an entire stack of Atmosphere, with Ceph -and all the OpenStack services inside a single machine. - -!!! info - - The all-in-one installation is not for production use, it's perfect - for testing and development. - -!!! warning - - The all-in-one will fully take-over the machine by making system-level - changes. It's recommended to run it inside a virtual machine or a - physical machine that can be dedicated to this purpose. - -In order to get started, you'll need a **Ubuntu 22.04** system with the -following minimum system requirements: - -- Cores: 8 threads / vCPUs -- Memory: 32GB - -If you're looking to run Kubernetes clusters, you'll need more memory -for the workloads, it following minimum is recommended (but more memory -is always better!): - -- Cores: 16 threads / vCPUs -- Memory: 64GB - -!!! info - - If you're running this inside a virtual machine, it is **extremely** - important that the virtual machines supported nested virtualization, - otherwise the performance of the VMs will be un-usable. - -You can use the following commands to deploy the all-in-one environment: - -```bash -# Install dependencies -sudo apt-get update -sudo apt-get install git python3-pip -sudo pip install poetry - -# Clone the repository -git clone https://github.com/vexxhost/atmosphere.git - -# Deploy AIO -cd atmosphere -sudo poetry install --with dev -sudo poetry run molecule converge -s aio -``` - -Once the deployment is done, you can either use the CLI to interact with -the OpenStack environment, or you can access the Horizon dashboard. - -For the CLI, you can `source /root/openrc` and then use the `openstack` -CLI. For example, if you want to list the networks, you can run the -following command: - -```bash -source /root/openrc -openstack network list -``` - -For the Horizon dashboard, you can find the URL to access it by running -the following command: - -```bash -kubectl -n openstack get ingress/dashboard -ojsonpath='{.spec.rules[0].host}' -``` - -You can find the credentials to login to the dashboard reading the -`/root/openrc` file. You can use the following variables to match -the credentials: - -- Username: `OS_USERNAME` -- Password: `OS_PASSWORD` -- Domain: `OS_USER_DOMAIN_NAME` diff --git a/docs/developer/getting-started.md b/docs/developer/getting-started.md deleted file mode 100644 index 1e676310e..000000000 --- a/docs/developer/getting-started.md +++ /dev/null @@ -1,25 +0,0 @@ -# Getting Started - -We've got a few different Molecule scenarios which help you get up to speed fast -in order to develop for a specific feature set. The primary requirement for -those scenarios is that you have a working Docker installation. - -## Molecule - -If you'd like to validate one of the feature sets, you can simply run the -following command on your local system with the name of the scenario you'd like - -```bash -molecule converge -s -``` - -If you want to expose your local instance to the outside world, or if you are -running this on a remote system, you can use the `HOST_IP` environment variable. - -```bash -HOST_IP=1.2.3.4 molecule converge -s -``` - -### Scenarios - -- SSO (Keycloak + Monitoring + Keystone + Horizon): `keycloak` diff --git a/docs/developer/images.md b/docs/developer/images.md deleted file mode 100644 index 4a7acfbed..000000000 --- a/docs/developer/images.md +++ /dev/null @@ -1,15 +0,0 @@ -# Images - -The images are built using Earthly and the contents of these files are all -located in the `images/` directory. - -## Adding Gerrit packages - -If you need to cherry-pick a specific Gerrit patch, you can use the following -command to download and extract the patch: - -```bash -earthly ./images+fetch-gerrit-patch \ - --IMAGE keystone \ - --CHANGE 893737 -``` diff --git a/docs/developer/services.md b/docs/developer/services.md deleted file mode 100644 index ec268d695..000000000 --- a/docs/developer/services.md +++ /dev/null @@ -1,51 +0,0 @@ -# Services - -## OpenStack - -Atmosphere deploys a set of OpenStack services to provide a cloud environment -for users. The OpenStack services are deployed using the Helm charts which are -provided by the [OpenStack-Helm](https://opendev.org/openstack/openstack-helm) -project. - -The idea is that the use and combination of those services should be transparent -to the user consuming those services, which makes Atmosphere an opinionated -deployment tool. - -### Fully Supported Services - -The following OpenStack services are included, fully supported and integrated -together out of the box inside Atmosphere. - -- [Keystone](https://docs.openstack.org/keystone/latest/) -- [Barbican](https://docs.openstack.org/barbican/latest/) -- [Glance](https://docs.openstack.org/glance/latest/) -- [Cinder](https://docs.openstack.org/cinder/latest/) -- [Placement](https://docs.openstack.org/placement/latest/) -- [Neutron](https://docs.openstack.org/neutron/latest/) -- [Nova](https://docs.openstack.org/nova/latest/) -- [Senlin](https://docs.openstack.org/senlin/latest/) -- [Heat](https://docs.openstack.org/heat/latest/) -- [Horizon](https://docs.openstack.org/horizon/latest/) -- [Octavia](https://docs.openstack.org/octavia/latest/) -- [Designate](https://docs.openstack.org/designate/latest/) -- [Magnum](https://docs.openstack.org/magnum/latest/) -- [Manila](https://docs.openstack.org/manila/latest/) - -### Planned Supported Services - -The following OpenStack services are planned to be included, fully supported and -integrated together out of the box inside Atmosphere. This is a priority-ordered -list of services that are planned to be included in the future. - -- [Swift](https://docs.openstack.org/swift/latest/) via RADOS Gateway -- [Ironic](https://docs.openstack.org/ironic/latest/) -- [Masakari](https://docs.openstack.org/masakari/latest/) -- [Trove](https://docs.openstack.org/trove/latest/) -- [Sahara](https://docs.openstack.org/sahara/latest/) -- [Zaqar](https://docs.openstack.org/zaqar/latest/) - -!!! note - - The list of services is not final and may change over time, with no promised - timeline on the addition of those feature. If you would like to sponsor the - development of a specific service, please [contact us](https://vexxhost.com/contact-us/). diff --git a/docs/developer/testing.md b/docs/developer/testing.md deleted file mode 100644 index c9cc43d32..000000000 --- a/docs/developer/testing.md +++ /dev/null @@ -1,26 +0,0 @@ -# Testing - -## GitHub Actions - -### Integration tests - -#### Troubleshooting - -If you're seeing problems with integration tests, you can add the following step -before the Molecule step in order to be able to troubleshoot: - -```yaml -- uses: mxschmitt/action-tmate@v3 - with: - limit-access-to-actor: true -``` - -Once you push the job, it will stop at the `tmate` action and you will need to -run the following command to continue: - -```bash -sudo touch /continue -``` - -Once that's done, the job will continue to run and you'll be able to watch the -system output and potentially use `molecule` to SSH to any of the target boxes. diff --git a/docs/index.md b/docs/index.md deleted file mode 100644 index 08f36332e..000000000 --- a/docs/index.md +++ /dev/null @@ -1,23 +0,0 @@ -# Atmosphere - -Atmosphere is an advanced OpenStack distribution built by [VEXXHOST](https://vexxhost.com) -powered by Kuberentes, which allows you to easily deliver virtual machines, -Kubernetes and bare-metal on your on-premise hardware. - -The difference between Atmosphere and other deployment tools is that it is -fully open source with batteries included. It ships with settings that are -curated by years of experience from our team alongside comprehensive day-2 -operations such as monitoring, centralized logging and simplified upgrades -that only require upgrading your Atmosphere version. - -If you're looking to get started quickly, you can review our -[Quick Start](deploy/quick-start.md) guide. - -## Community - -If you have any questions and discussions about Atmosphere, you can join the -community: - -* [`#atmosphere`](https://kubernetes.slack.com/archives/C056YSPJB7U) channel - on the Kubernetes Slack. If you are new to Kubernetes Slack workspace, - [Join the Kubernetes Slack workspace](https://slack.kubernetes.io/) first. diff --git a/docs/ingress.md b/docs/ingress.md deleted file mode 100644 index 4378cdae7..000000000 --- a/docs/ingress.md +++ /dev/null @@ -1,55 +0,0 @@ -# Ingress - -The ingress component is the primary entry point for all traffic to the cluster, -it is currently deployed as an instance of `ingress-nginx`. It is tuned to work -out of the box and should require no changes - -!!! warning - - If you make any changes to the ingress configuration, you may see a small - outage as the ingress controller is restarted. - -## Customization - -You can customize `ingress-nginx`controller deployment by making changes to the -Helm chart values used for the deployment. -Define `ingress_nginx_helm_values` ansible variable to override values: - -```yaml -ingress_nginx_helm_values: - foo: bar -``` - -This will be merged with the default values for the chart. - -## Default TLS Version and Ciphers - -To provide the most secure baseline configuration possible, `ingress-nginx` -defaults to using TLS 1.2 and 1.3 only, with a [secure set of TLS ciphers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#ssl-ciphers). - -### Checking TLS Version and Ciphers - -In order to check the TLS version and ciphers used by the ingress controller, -you can use the [sslscan](https://github.com/rbsec/sslscan) tool: - -```sh -sslscan dashboard.cloud.example.com -``` - -### Legacy TLS - -The default configuration, though secure, does not support some older browsers -and operating systems. - -In order to change this behaviour, you can make to make the following changes -to the `ingress_nginx_helm_values` variable, the following example is using the -[Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/#server=nginx&config=old) -"Old" profile: - -```yaml -ingress_nginx_helm_values: - controller: - config: - ssl-protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" - ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" -``` diff --git a/docs/kubernetes/certificates.md b/docs/kubernetes/certificates.md deleted file mode 100644 index 71d4d4ebc..000000000 --- a/docs/kubernetes/certificates.md +++ /dev/null @@ -1,23 +0,0 @@ -# Certificates - -## Manual certificate renewal - -To renew certificates manually, run the following commands on all the -control-plane nodes. - -- Renew your all certificates. - -```sh -kubeadm certs renew all -``` - -- Restart control plane pods. - -This is required since dynamic certificate reload is currently not supported -for all components and certificates. Static Pods are managed by the local -kubelet and not by the API Server, thus kubectl cannot be used to delete and -restart them. - -```sh -ps auxf | egrep '(kube-(apiserver|controller-manager|scheduler)|etcd)' | awk '{ print $2 }' | xargs kill -``` diff --git a/docs/monitoring.md b/docs/monitoring.md deleted file mode 100644 index cc7d5252f..000000000 --- a/docs/monitoring.md +++ /dev/null @@ -1,143 +0,0 @@ -# Monitoring - -## Creating silences - -In order to create a silence, you'll need to login to your Grafana instance that -is deployed as part of Atmosphere as an admin user. - -1. Click on the hamburger menu in the top left corner and select "Alerting" - and then "Silences" from the menu. - - ![Silences menu](static/monitoring-silences-menu.png) - -2. Ensure that you select "AlertManager" on the top right corner of the page, - this will make sure that you create a silence inside of the AlertManager - that is managed by the Prometheus operator instead of the built-in Grafana - AlertManager which is not used. - - ![AlertManager list](static/monitoring-alertmanger-list.png) - - !!! warning - - It's important that you select the AlertManager that is managed by the - Prometheus operator, otherwise your silence will not be applied to the - Prometheus instance that is deployed as part of Atmosphere. - -3. Click the "Add Silence" button and use the AlertManager format to create - your silence, which you can test by seeing if it matches any alerts in the - list labeled "Affected alert instances". - -!!! note - - It is strongly recommended that you create a silence with the least amount - of needed labels which will make sure that small minor changes to the - alerts will not break your silence. - -## Persistence - -For Grafana, rather than enabling persistence through the application's user -interface or manual Helm chart modifications, dashboards should be managed -directly via the Helm chart values. - -!!! warning - - It is important to avoid manual persistence configurations, especially for - services like Grafana, where dashboards and data sources can be saved. Such - practices are not captured in version control and pose a risk of data loss, - configuration drift, and upgrade complications. - -To manage Grafana dashboards through Helm, you can include the dashboard -definitions within your configuration file. By doing so, you facilitate -version-controlled dashboard configurations that can be replicated across -different deployments without manual intervention. - -For example, a dashboard can be defined in the Helm values like this: - -```yaml -kube_prometheus_stack_helm_values: - grafana: - dashboards: - default: - my-dashboard: - gnetId: 10000 - revision: 1 - datasource: Prometheus -``` - -This instructs Helm to fetch and configure the specified dashboard from -[Grafana.com](https://grafana.com/grafana/dashboards/), using Prometheus as the data source. - -You can find more examples of how to do this in the Grafana Helm chart -[Documentation](https://github.com/grafana/helm-charts/tree/main/charts/grafana#import-dashboards). - -## Alert receiver integration - -To receive monitoring alerts using your preferred notification tools, you'll -need to integrate them with alertmanager. - -### Email - -To integrate with email, configure your email server and credentials in -alertmanager receivers like this. - -```yaml -kube_prometheus_stack_helm_values: - alertmanager: - config: - route: - routes: - - receiver: "email" - matchers: ["severity =~ \"warning|critical\""] - receivers: - - name: "email" - email_configs: - - smarthost: 'smtp.gmail.com:587' - auth_username: '' - auth_password: '' - from: '' - to: '' - headers: - subject: 'Prometheus Mail Alerts' -``` - -You can find more details about `email_configs` from [this](https://prometheus.io/docs/alerting/latest/configuration/#email_config). - -### Pagerduty - -- In Pagerduty - -To integrate with Pagerduty, first you need to prepare `Integration key` in -Pagerduty. - -There are two ways to integrate with PagerDuty: via [Event Orchestration](https://support.pagerduty.com/docs/event-orchestration) -or directly through an [Integration on a PagerDuty service](https://support.pagerduty.com/docs/services-and-integrations#section-configuring-services-and-integrations). - -Integrating with Event Orchestration may be beneficial if you want to build -different routing rules based on the events coming from the integrated tool. - -Integrating with a PagerDuty service directly can be beneficial if you -don't need to route alerts from the integrated tool to different responders -based on the event payload. - -You can find how to generate `Integration key` using both ways in this -[Document](https://www.pagerduty.com/docs/guides/prometheus-integration-guide/). - -- In Atmoshpere - -Configure your `Integration key` in alertmanager receivers like this. - -```yaml -kube_prometheus_stack_helm_values: - alertmanager: - config: - route: - routes: - - receiver: "pagerduty" - matchers: ["severity =~ \"warning|critical\""] - receivers: - - name: "pagerduty" - pagerduty_configs: - - service_key: '' -``` - -You can find more details about `pagerduty_configs` from [this](https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config). diff --git a/docs/openstack/cinder.md b/docs/openstack/cinder.md deleted file mode 100644 index e1391cb69..000000000 --- a/docs/openstack/cinder.md +++ /dev/null @@ -1,133 +0,0 @@ -# Cinder (Block Storage Service) - -## Built-in Ceph cluster - -## External storage - -When using an external storage platform, it's important to create to disable Ceph -globally by adding the following to your Ansible inventory: - -```yaml -atmosphere_ceph_enabled: false -``` - -### Dell PowerStore - -In order to be able to use Dell PowerStore, you'll need to make sure that you -setup the hosts inside of your storage array. You'll also need to make sure -that they are not inside a host group or otherwise individual attachments will -not work. - -#### CSI - -You'll need to enable the Kubernetes cluster to use the PowerStore driver by -using adding the following YAML to your Ansible inventory: - -```yaml -csi_driver: powerstore -powerstore_csi_config: - arrays: - - endpoint: https:///api/rest - globalID: - username: - password: - skipCertificateValidation: true - isDefault: true - blockProtocol: # FC or iSCSI -``` - -#### Glance - -Since Glance does not have a native PowerStore driver, you'll need to enable -the use of the Cinder driver by adding the following to your Ansible inventory: - -```yaml -glance_helm_values: - storage: cinder - conf: - glance: - glance_store: - stores: cinder - default_store: cinder - image_formats: - disk_formats: raw -``` - -Please note that Glance images will not function until the Cinder service is -deployed. In addition, we're forcing all images to be `raw` format in order to -avoid any issues with the PowerStore driver having to constantly download and -upload the images. - -#### Cinder - -You can enable the native PowerStore driver for Cinder with the following -configuration inside your Ansible inventory: - -```yaml -cinder_helm_values: - storage: powerstore - dependencies: - static: - api: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - scheduler: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - volume: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - volume_usage_audit: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - conf: - cinder: - DEFAULT: - enabled_backends: powerstore - default_volume_type: powerstore - backends: - rbd1: null - powerstore: - volume_backend_name: powerstore - volume_driver: cinder.volume.drivers.dell_emc.powerstore.driver.PowerStoreDriver - san_ip: - san_login: - san_password: - storage_protocol: # FC or iSCSI - manifests: - deployment_backup: true - job_backup_storage_init: true - job_storage_init: false -``` - -It's important to note that the configuration above will disable the Cinder -backup service. In the future, we'll update this sample configuration to use -the Cinder backup service. - -#### Nova - -You can enable the native PowerStore driver for Cinder with the following -configuration inside your Ansible inventory: - -```yaml -nova_helm_values: - conf: - enable_iscsi: true -``` - -!!! note - - The PowerStore driver will use the storage protocol specified inside Cinder, - even if the above mentions `iscsi`. diff --git a/docs/openstack/keycloak.md b/docs/openstack/keycloak.md deleted file mode 100644 index f9ad0f978..000000000 --- a/docs/openstack/keycloak.md +++ /dev/null @@ -1,43 +0,0 @@ -# Keycloak - -Keycloak serves as a comprehensive identity and access management solution, facilitating the integration of various identity providers for centralized user authentication and authorization. By leveraging federated identity, Keycloak enables seamless Single Sign-On (SSO) capabilities across a suite of applications, enhancing the user experience and bolstering security measures. - -## Identity Providers - -Incorporating identity providers into Keycloak allows users to authenticate via trusted external sources. This federated authentication scheme simplifies the login process by using existing credentials, whether from enterprise directories like LDAP or other identity services. - -### Azure AD - -Azure AD is recognized for its extensive adoption and integration within the enterprise ecosystem, offers a secure and familiar authentication method for countless users. - -#### Create an Application Registration - -##### Begin the Application Registration Process - -1. Sign in to the Azure portal and access the **Azure Active Directory** service. -2. Navigate to **App registrations** and click **New registration**. -3. Fill in the application name, select the account types it will serve, and specify a **Redirect URI**. - -##### Obtain the Redirect URI from Keycloak - -1. Log into the Keycloak admin console using your administrator credentials. -2. Switch to the `atmosphere` realm where you'll be configuring Azure AD. -3. In the **Identity Providers** section, select **Add provider** and choose **Microsoft**. -4. Keycloak will generate a **Redirect URI** which you will use in the Azure AD application registration process to ensure that authentication responses are correctly routed. - -##### Finalize Azure AD Application Registration - -1. Return to the Azure AD application registration page and input the Redirect URI from Keycloak. -2. After the application is registered, navigate to **Certificates & secrets** to create a client secret. -3. Record the **Client ID** and **Client Secret** provided, as they will be needed to configure Keycloak. - -#### Configure Keycloak - -With the Client ID and Client Secret in hand, you can now set up Keycloak to use Azure AD as an identity provider. - -1. In the Keycloak admin console, navigate back to the `atmosphere` realm's **Identity Providers** section. -2. For the Microsoft provider configuration, enter the **Client ID** and **Client Secret** obtained from Azure AD. -3. Adjust any additional settings according to your requirements, such as the default scopes, mappers, and other provider-specific configurations. -4. Save your changes to finalize the integration. - -By integrating Azure AD with Keycloak, you enable users to authenticate with their corporate credentials across all applications that are secured by Keycloak. This provides a consistent and secure user experience, leveraging the robust features of Azure AD within the flexible framework of Keycloak. For a deeper dive into the Azure AD configuration within Keycloak, consult the [Keycloak Microsoft Identity Provider documentation](https://www.keycloak.org/docs/latest/server_admin/#_microsoft). diff --git a/docs/openstack/neutron.md b/docs/openstack/neutron.md deleted file mode 100644 index f8539700d..000000000 --- a/docs/openstack/neutron.md +++ /dev/null @@ -1,185 +0,0 @@ -# Neutron - -## Hardware Acceleration - -### Mellanox Accelerated Switching And Packet Processing (ASAP2) - -Mellanox ASAP2 is a technology that enables the offloading of the Open vSwitch -datapath to the NIC. This offloading is done by the NIC's firmware, and is -transparent to the host. - -Atmosphere uses the [`netoffload`](https://github.com/vexxhost/netoffload) -project which takes care of validating and preparing the host for SR-IOV. - -It is recommended to follow the BIOS, Kernel & NIC configuration steps documented -within the [`netoffload`](https://github.com/vexxhost/netoffload#bios-configuration) -project before getting started. - -#### Open vSwitch configuration - -In order to enable hardware off-loading in Open vSwitch, you must make sure that -you deploy with the following configuration: - -```yaml -openvswitch_helm_values: - conf: - ovs_hw_offload: - enabled: true -``` - -#### Neutron configuration - -In order to enable hardware off-loading in Neutron, you can simply deploy it -with the following configuration and it will use -[`netoffload`](https://github.com/vexxhost/netoffload) to automatically -configure ASAP2. - -!!! note - - If you see an Init error when deploying Neutron, you may need to look at the - logs of the `netoffload` container to see what went wrong. - -```yaml -neutron_helm_values: - conf: - netoffload: - asap2: - - dev: enp97s0f0 - vfs: 16 -``` - -## OVN with DPDK enabled provider and internal tunnel network traffic - -To enable this configuration it is recommended to have the management interface separate -from the interfaces used with DPDK. Additionally, you need to allocate enough 1g -huge memory pages for the interfaces and VMs' memory that will use this network. A -sample inventory with all the elements for DPDK enabled OVN configuration is below. -The example is using Mellanox NIC cards with the mlx5_core driver. - -```yaml - -# Add if manila or octavia VMs will be using the DPDK network -manila_flavor_extra_specs: - "hw:vif_multiqueue_enabled": 'true' - "hw:mem_page_size": large - -octavia_amphora_flavor_extra_specs: - "hw:vif_multiqueue_enabled": 'true' - "hw:mem_page_size": large - -# Here are some examples of internal and provider networks using the DPDK network -neutron_networks: -- external: true - mtu_size: 1500 - name: dpdk-network - port_security_enabled: true - provider_network_type: vlan - provider_segmentation_id: 999 - provider_physical_network: external - shared: true - subnets: - - allocation_pool_start: 10.0.1.2 - allocation_pool_end: 10.0.1.254 - cidr: 10.0.10/24 - dns_nameservers: - - 8.8.8.8 - - 8.8.8.8 - enable_dhcp: true - gateway_ip: 10.0.1.1 - name: dpdk-network-subnet -- external: false - mtu_size: 9000 - name: internal - port_security_enabled: true - shared: true - subnets: - - allocation_pool_start: 192.168.77.2 - allocation_pool_end: 192.168.77.254 - cidr: 192.168.77.0/24 - dns_nameservers: - - 1.1.1.1 - - 1.1.1.1 - enable_dhcp: true - gateway_ip: 192.168.77.1 - name: internal-subnet - -# Socket_memory, lcore_mask, and driver parameters are depending on the environment -# See this OpenvSwitch [doc](https://docs.openvswitch.org/en/latest/intro/install/dpdk/#setup-ovs) -# for more information about tuning OpenvSwitch -openvswitch_helm_values: - conf: - ovs_dpdk: - enabled: true - socket_memory: 2048 - hugepages_mountpath: /dev/hugepages - vhostuser_socket_dir: vhostuser - lcore_mask: 0x1 - driver: mlx5_core - vhost_iommu_support: true - -# In these values we are defining the provider interface the same as our internal -# tunnel interface. It assumes that the primary interface is for tunnel traffic and -# provider networks via VLAN. -ovn_helm_values: - network: - interface: - tunnel: br-ex - tunnel_network_cidr: 192.168.0.0/19 - conf: - ovn_bridge_mappings: external:br-ex - ovn_bridge_datapath_type: netdev - -neutron_helm_values: - conf: - neutron: - DEFAULT: - global_physnet_mtu: 9100 - plugins: - ml2_conf: - ml2: - path_mtu: 9100 - physical_network_mtus: external:9100 - ml2_type_vxlan: - vni_ranges: 2000:1000000 - ovs_dpdk: - enabled: true - update_dpdk_bond_config: true - driver: mlx5_core - bonds: - - name: dpdkbond - bridge: br-ex - migrate_ip: true - mtu: 9100 - n_rxq: 2 - n_txq: 2 - n_rxq_size: 2048 - n_txq_size: 2048 - vhost_iommu_support: true - ovs_options: 'bond_mode=balance-tcp lacp=active bond_updelay=10 bond_downdelay=10 other_config:lacp-time=fast' - nics: - - name: dpdk_b0s0 - pci_id: '0000:c1:00.0' - - name: dpdk_b0s1 - pci_id: '0000:c1:00.1' - modules: - - name: dpdk - log_level: info - nics: null - -# for any flavors that need to use a DPDK enabled network the extra_specs are require. -nova_flavors: - - disk: 1 - name: m1.tiny - ram: 512 - vcpus: 1 - extra_specs: - "hw:vif_multiqueue_enabled": 'true' - "hw:mem_page_size": 'large' - - disk: 20 - name: m1.small - ram: 2048 - vcpus: 1 - extra_specs: - "hw:vif_multiqueue_enabled": 'true' - "hw:mem_page_size": 'large' -``` diff --git a/docs/openstack/nova.md b/docs/openstack/nova.md deleted file mode 100644 index a94b71f47..000000000 --- a/docs/openstack/nova.md +++ /dev/null @@ -1,28 +0,0 @@ -# Nova - -## Troubleshooting - -### Provisioning failure due to `downloading` volume - -If you're trying to provision a new instance that is using a volume where the -backend needs to download images directly from Glance (such as PowerStore for -example) and it fails with the following error: - -```text -Build of instance 54a41735-a4cb-4312-b812-52e4f3d8c500 aborted: Volume 728bdc40-fc22-4b65-b6b6-c94ee7f98ff0 did not finish being created even after we waited 187 seconds or 61 attempts. And its status is downloading. -``` - -This means that the volume service could not download the image before the -compute service timed out. Out of the box, Atmosphere ships with the volume -cache enabled to help offset this issue. However, if you're using a backend -that does not support the volume cache, you can increase the timeout by setting -the following in your `inventory/group_vars/all/nova.yml` file: - -```yaml -nova_helm_values: - conf: - enable_iscsi: true - nova: - DEFAULT: - block_device_allocate_retries: 300 -``` diff --git a/docs/openstack/octavia.md b/docs/openstack/octavia.md deleted file mode 100644 index f659b8e57..000000000 --- a/docs/openstack/octavia.md +++ /dev/null @@ -1,77 +0,0 @@ -# Octavia - -## Troubleshooting - -### Accessing Amphorae - -Atmosphere configures an SSH keypair which allows you to login to the Amphorae -for debugging purposes. The `octavia-worker` containers are fully configured -to allow you to SSH to the Amphorae. - -If you have an Amphora running with the IP address `172.24.0.148`, you can login -to it by simply executing the following: - -```bash -kubectl -n openstack exec -it deploy/octavia-worker -- ssh 172.24.0.148 -``` - -### Listener with `provisioning_status` stuck in `ERROR` - -There are scenarios where the load balancer could be in an `ACTIVE` state however -the listener can be stuck in a `provisioning_status` of `ERROR`. This is usually -related to an expired TLS certificate not cleanly recovering. - -Another symptom of this issue will be that you'll see the following inside the -`octavia-worker` logs: - -```log -ERROR oslo_messaging.rpc.server [None req-ad303faf-7a53-4c55-94a5-28cd61c46619 - e83856ceda5c42df8810df42fef8fc1c - - - -] Exception during message handling: octavia.amphorae.drivers.haproxy.exceptions.InternalServerError: Internal Server Erro -ERROR oslo_messaging.rpc.server Traceback (most recent call last): -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/oslo_messaging/rpc/server.py", line 165, in _process_incoming -ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/oslo_messaging/rpc/dispatcher.py", line 309, in dispatch -ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/oslo_messaging/rpc/dispatcher.py", line 229, in _do_dispatch -ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/queue/v2/endpoints.py", line 90, in update_pool -ERROR oslo_messaging.rpc.server self.worker.update_pool(original_pool, pool_updates) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/worker/v2/controller_worker.py", line 733, in update_pool -ERROR oslo_messaging.rpc.server self.run_flow( -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/worker/v2/controller_worker.py", line 113, in run_flow -ERROR oslo_messaging.rpc.server tf.run() -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/engines/action_engine/engine.py", line 247, in run -ERROR oslo_messaging.rpc.server for _state in self.run_iter(timeout=timeout): -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/engines/action_engine/engine.py", line 340, in run_iter -ERROR oslo_messaging.rpc.server failure.Failure.reraise_if_any(er_failures) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/types/failure.py", line 338, in reraise_if_any -ERROR oslo_messaging.rpc.server failures[0].reraise() -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/types/failure.py", line 350, in reraise -ERROR oslo_messaging.rpc.server raise value -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/taskflow/engines/action_engine/executor.py", line 52, in _execute_task -ERROR oslo_messaging.rpc.server result = task.execute(**arguments) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/controller/worker/v2/tasks/amphora_driver_tasks.py", line 157, in execute -ERROR oslo_messaging.rpc.server self.amphora_driver.update(loadbalancer) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py", line 236, in update -ERROR oslo_messaging.rpc.server self.update_amphora_listeners(loadbalancer, amphora) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py", line 205, in update_amphora_listeners -ERROR oslo_messaging.rpc.server self.clients[amphora.api_version].upload_config( -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py", line 758, in upload_config -ERROR oslo_messaging.rpc.server return exc.check_exception(r) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.10/site-packages/octavia/amphorae/drivers/haproxy/exceptions.py", line 44, in check_exception -ERROR oslo_messaging.rpc.server raise responses[status_code]() -ERROR oslo_messaging.rpc.server octavia.amphorae.drivers.haproxy.exceptions.InternalServerError: Internal Server Error -``` - -You can simply trigger a complete failover of the load balancer which will solve -the issue: - -```bash -openstack loadbalancer failover -``` - -!!! note - - We're trying to collect data with when these failures occur to better understand - the root cause. If you encounter this issue, please reach out to the Atmosphere - team so we can better understand the issue by filing an issue with the output of - the `amphora-agent` logs from the Amphora. diff --git a/docs/openstack/ovn.md b/docs/openstack/ovn.md deleted file mode 100644 index bd103c1e7..000000000 --- a/docs/openstack/ovn.md +++ /dev/null @@ -1,34 +0,0 @@ -# OVN - -## Recovering cluster - -If any of the OVN database pods fail, they will no longer be ready. You can -recover the cluster by deleting the pods and allowing them to be recreated. - -For example, if the `ovn-ovsdb-nb-0` pod fails, you can recover the cluster by -deleting the pod: - -```bash -kubectl -n openstack delete pods/ovn-ovsdb-nb-0 -``` - -If the entire cluster fails, you can recover the cluster by deleting all of the -pods. For example, if the southbound database fails, you can recover the -cluster with this command: - -```bash -kubectl -n openstack delete pods -lcomponent=ovn-ovsdb-sb -``` - -If the state of Neutron is lost from the cluster, you can recover it by running -the repair command: - -```bash -kubectl -n openstack exec deploy/neutron-server -- \ - neutron-ovn-db-sync-util \ - --debug \ - --config-file /etc/neutron/neutron.conf \ - --config-file /tmp/pod-shared/ovn.ini \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - --ovn-neutron_sync_mode repair -``` diff --git a/galaxy.yml b/galaxy.yml index 1da75fa43..e2cd762a5 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -51,7 +51,6 @@ build_ignore: - CHANGELOG.md - go.mod - go.sum - - mkdocs.yml - poetry.lock - pyproject.toml - release-please-config.json diff --git a/poetry.lock b/poetry.lock index 7e1677394..979abc9ea 100644 --- a/poetry.lock +++ b/poetry.lock @@ -24,13 +24,13 @@ test = ["coverage", "pip-tools", "pytest (>=7.2.0)", "pytest-mock", "pytest-plus [[package]] name = "ansible-core" -version = "2.15.9" +version = "2.16.6" description = "Radically simple IT automation" optional = false -python-versions = ">=3.9" +python-versions = ">=3.10" files = [ - {file = "ansible-core-2.15.9.tar.gz", hash = "sha256:25f9b1b5a5af3c0986bd3928ed086eaddb867527fb5c83afef1a03cfad34f345"}, - {file = "ansible_core-2.15.9-py3-none-any.whl", hash = "sha256:5b6a4b12aa5358f60933e79d86763e3558862282fb1dc563a29b9999e5849fc3"}, + {file = "ansible_core-2.16.6-py3-none-any.whl", hash = "sha256:f9dea5044a86fd95cc27099f4f5c3ae9beb23acf7c3b6331455726c47825922b"}, + {file = "ansible_core-2.16.6.tar.gz", hash = "sha256:111e55d358c2297ec0ce03ba98e6c5ce95947fdf50d878215eb8c183d0c275e4"}, ] [package.dependencies] @@ -53,21 +53,22 @@ files = [ [[package]] name = "attrs" -version = "22.2.0" +version = "23.2.0" description = "Classes Without Boilerplate" optional = false -python-versions = ">=3.6" +python-versions = ">=3.7" files = [ - {file = "attrs-22.2.0-py3-none-any.whl", hash = "sha256:29e95c7f6778868dbd49170f98f8818f78f3dc5e0e37c0b1f474e3561b240836"}, - {file = "attrs-22.2.0.tar.gz", hash = "sha256:c9227bfc2f01993c03f68db37d1d15c9690188323c067c641f1a35ca58185f99"}, + {file = "attrs-23.2.0-py3-none-any.whl", hash = "sha256:99b87a485a5820b23b879f04c2305b44b951b502fd64be915879d77a7e8fc6f1"}, + {file = "attrs-23.2.0.tar.gz", hash = "sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30"}, ] [package.extras] -cov = ["attrs[tests]", "coverage-enable-subprocess", "coverage[toml] (>=5.3)"] -dev = ["attrs[docs,tests]"] -docs = ["furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier", "zope.interface"] -tests = ["attrs[tests-no-zope]", "zope.interface"] -tests-no-zope = ["cloudpickle", "cloudpickle", "hypothesis", "hypothesis", "mypy (>=0.971,<0.990)", "mypy (>=0.971,<0.990)", "pympler", "pympler", "pytest (>=4.3.0)", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-mypy-plugins", "pytest-xdist[psutil]", "pytest-xdist[psutil]"] +cov = ["attrs[tests]", "coverage[toml] (>=5.3)"] +dev = ["attrs[tests]", "pre-commit"] +docs = ["furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier", "zope-interface"] +tests = ["attrs[tests-no-zope]", "zope-interface"] +tests-mypy = ["mypy (>=1.6)", "pytest-mypy-plugins"] +tests-no-zope = ["attrs[tests-mypy]", "cloudpickle", "hypothesis", "pympler", "pytest (>=4.3.0)", "pytest-xdist[psutil]"] [[package]] name = "bracex" @@ -82,86 +83,74 @@ files = [ [[package]] name = "certifi" -version = "2023.7.22" +version = "2024.2.2" description = "Python package for providing Mozilla's CA Bundle." optional = false python-versions = ">=3.6" files = [ - {file = "certifi-2023.7.22-py3-none-any.whl", hash = "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9"}, - {file = "certifi-2023.7.22.tar.gz", hash = "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082"}, + {file = "certifi-2024.2.2-py3-none-any.whl", hash = "sha256:dc383c07b76109f368f6106eee2b593b04a011ea4d55f652c6ca24a754d1cdd1"}, + {file = "certifi-2024.2.2.tar.gz", hash = "sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f"}, ] [[package]] name = "cffi" -version = "1.15.1" +version = "1.16.0" description = "Foreign Function Interface for Python calling C code." optional = false -python-versions = "*" +python-versions = ">=3.8" files = [ - {file = "cffi-1.15.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2"}, - {file = "cffi-1.15.1-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2"}, - {file = "cffi-1.15.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914"}, - {file = "cffi-1.15.1-cp27-cp27m-win32.whl", hash = "sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3"}, - {file = "cffi-1.15.1-cp27-cp27m-win_amd64.whl", hash = "sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e"}, - {file = "cffi-1.15.1-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162"}, - {file = "cffi-1.15.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b"}, - {file = "cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21"}, - {file = "cffi-1.15.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185"}, - {file = "cffi-1.15.1-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd"}, - {file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc"}, - {file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f"}, - {file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e"}, - {file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4"}, - {file = "cffi-1.15.1-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01"}, - {file = "cffi-1.15.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e"}, - {file = "cffi-1.15.1-cp310-cp310-win32.whl", hash = "sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2"}, - {file = "cffi-1.15.1-cp310-cp310-win_amd64.whl", hash = "sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d"}, - {file = "cffi-1.15.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac"}, - {file = "cffi-1.15.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83"}, - {file = "cffi-1.15.1-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9"}, - {file = "cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c"}, - {file = "cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325"}, - {file = "cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c"}, - {file = "cffi-1.15.1-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef"}, - {file = "cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8"}, - {file = "cffi-1.15.1-cp311-cp311-win32.whl", hash = "sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d"}, - {file = "cffi-1.15.1-cp311-cp311-win_amd64.whl", hash = "sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104"}, - {file = "cffi-1.15.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7"}, - {file = "cffi-1.15.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6"}, - {file = "cffi-1.15.1-cp36-cp36m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d"}, - {file = "cffi-1.15.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a"}, - {file = "cffi-1.15.1-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405"}, - {file = "cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e"}, - {file = "cffi-1.15.1-cp36-cp36m-win32.whl", hash = "sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf"}, - {file = "cffi-1.15.1-cp36-cp36m-win_amd64.whl", hash = "sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497"}, - {file = "cffi-1.15.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375"}, - {file = "cffi-1.15.1-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e"}, - {file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82"}, - {file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b"}, - {file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c"}, - {file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426"}, - {file = "cffi-1.15.1-cp37-cp37m-win32.whl", hash = "sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9"}, - {file = "cffi-1.15.1-cp37-cp37m-win_amd64.whl", hash = "sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045"}, - {file = "cffi-1.15.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3"}, - {file = "cffi-1.15.1-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a"}, - {file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5"}, - {file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca"}, - {file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02"}, - {file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192"}, - {file = "cffi-1.15.1-cp38-cp38-win32.whl", hash = "sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314"}, - {file = "cffi-1.15.1-cp38-cp38-win_amd64.whl", hash = "sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5"}, - {file = "cffi-1.15.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585"}, - {file = "cffi-1.15.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0"}, - {file = "cffi-1.15.1-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415"}, - {file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d"}, - {file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984"}, - {file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35"}, - {file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27"}, - {file = "cffi-1.15.1-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76"}, - {file = "cffi-1.15.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3"}, - {file = "cffi-1.15.1-cp39-cp39-win32.whl", hash = "sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee"}, - {file = "cffi-1.15.1-cp39-cp39-win_amd64.whl", hash = "sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c"}, - {file = "cffi-1.15.1.tar.gz", hash = "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9"}, + {file = "cffi-1.16.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088"}, + {file = "cffi-1.16.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9"}, + {file = "cffi-1.16.0-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673"}, + {file = "cffi-1.16.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896"}, + {file = "cffi-1.16.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684"}, + {file = "cffi-1.16.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7"}, + {file = "cffi-1.16.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614"}, + {file = "cffi-1.16.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743"}, + {file = "cffi-1.16.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d"}, + {file = "cffi-1.16.0-cp310-cp310-win32.whl", hash = "sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a"}, + {file = "cffi-1.16.0-cp310-cp310-win_amd64.whl", hash = "sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1"}, + {file = "cffi-1.16.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404"}, + {file = "cffi-1.16.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417"}, + {file = "cffi-1.16.0-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627"}, + {file = "cffi-1.16.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936"}, + {file = "cffi-1.16.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d"}, + {file = "cffi-1.16.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56"}, + {file = "cffi-1.16.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e"}, + {file = "cffi-1.16.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc"}, + {file = "cffi-1.16.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb"}, + {file = "cffi-1.16.0-cp311-cp311-win32.whl", hash = "sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab"}, + {file = "cffi-1.16.0-cp311-cp311-win_amd64.whl", hash = "sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba"}, + {file = "cffi-1.16.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956"}, + {file = "cffi-1.16.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e"}, + {file = "cffi-1.16.0-cp312-cp312-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e"}, + {file = "cffi-1.16.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2"}, + {file = "cffi-1.16.0-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357"}, + {file = "cffi-1.16.0-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6"}, + {file = "cffi-1.16.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969"}, + {file = "cffi-1.16.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520"}, + {file = "cffi-1.16.0-cp312-cp312-win32.whl", hash = "sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b"}, + {file = "cffi-1.16.0-cp312-cp312-win_amd64.whl", hash = "sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235"}, + {file = "cffi-1.16.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc"}, + {file = "cffi-1.16.0-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0"}, + {file = "cffi-1.16.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b"}, + {file = "cffi-1.16.0-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c"}, + {file = "cffi-1.16.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b"}, + {file = "cffi-1.16.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324"}, + {file = "cffi-1.16.0-cp38-cp38-win32.whl", hash = "sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a"}, + {file = "cffi-1.16.0-cp38-cp38-win_amd64.whl", hash = "sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36"}, + {file = "cffi-1.16.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed"}, + {file = "cffi-1.16.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2"}, + {file = "cffi-1.16.0-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872"}, + {file = "cffi-1.16.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8"}, + {file = "cffi-1.16.0-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f"}, + {file = "cffi-1.16.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4"}, + {file = "cffi-1.16.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098"}, + {file = "cffi-1.16.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000"}, + {file = "cffi-1.16.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe"}, + {file = "cffi-1.16.0-cp39-cp39-win32.whl", hash = "sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4"}, + {file = "cffi-1.16.0-cp39-cp39-win_amd64.whl", hash = "sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8"}, + {file = "cffi-1.16.0.tar.gz", hash = "sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0"}, ] [package.dependencies] @@ -169,110 +158,112 @@ pycparser = "*" [[package]] name = "charset-normalizer" -version = "3.0.1" +version = "3.3.2" description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." optional = false -python-versions = "*" +python-versions = ">=3.7.0" files = [ - {file = "charset-normalizer-3.0.1.tar.gz", hash = "sha256:ebea339af930f8ca5d7a699b921106c6e29c617fe9606fa7baa043c1cdae326f"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:88600c72ef7587fe1708fd242b385b6ed4b8904976d5da0893e31df8b3480cb6"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:c75ffc45f25324e68ab238cb4b5c0a38cd1c3d7f1fb1f72b5541de469e2247db"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:db72b07027db150f468fbada4d85b3b2729a3db39178abf5c543b784c1254539"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:62595ab75873d50d57323a91dd03e6966eb79c41fa834b7a1661ed043b2d404d"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ff6f3db31555657f3163b15a6b7c6938d08df7adbfc9dd13d9d19edad678f1e8"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:772b87914ff1152b92a197ef4ea40efe27a378606c39446ded52c8f80f79702e"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:70990b9c51340e4044cfc394a81f614f3f90d41397104d226f21e66de668730d"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:292d5e8ba896bbfd6334b096e34bffb56161c81408d6d036a7dfa6929cff8783"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:2edb64ee7bf1ed524a1da60cdcd2e1f6e2b4f66ef7c077680739f1641f62f555"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:31a9ddf4718d10ae04d9b18801bd776693487cbb57d74cc3458a7673f6f34639"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:44ba614de5361b3e5278e1241fda3dc1838deed864b50a10d7ce92983797fa76"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:12db3b2c533c23ab812c2b25934f60383361f8a376ae272665f8e48b88e8e1c6"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:c512accbd6ff0270939b9ac214b84fb5ada5f0409c44298361b2f5e13f9aed9e"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-win32.whl", hash = "sha256:502218f52498a36d6bf5ea77081844017bf7982cdbe521ad85e64cabee1b608b"}, - {file = "charset_normalizer-3.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:601f36512f9e28f029d9481bdaf8e89e5148ac5d89cffd3b05cd533eeb423b59"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:0298eafff88c99982a4cf66ba2efa1128e4ddaca0b05eec4c456bbc7db691d8d"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:a8d0fc946c784ff7f7c3742310cc8a57c5c6dc31631269876a88b809dbeff3d3"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:87701167f2a5c930b403e9756fab1d31d4d4da52856143b609e30a1ce7160f3c"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:14e76c0f23218b8f46c4d87018ca2e441535aed3632ca134b10239dfb6dadd6b"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:0c0a590235ccd933d9892c627dec5bc7511ce6ad6c1011fdf5b11363022746c1"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8c7fe7afa480e3e82eed58e0ca89f751cd14d767638e2550c77a92a9e749c317"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:79909e27e8e4fcc9db4addea88aa63f6423ebb171db091fb4373e3312cb6d603"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:8ac7b6a045b814cf0c47f3623d21ebd88b3e8cf216a14790b455ea7ff0135d18"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:72966d1b297c741541ca8cf1223ff262a6febe52481af742036a0b296e35fa5a"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:f9d0c5c045a3ca9bedfc35dca8526798eb91a07aa7a2c0fee134c6c6f321cbd7"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:5995f0164fa7df59db4746112fec3f49c461dd6b31b841873443bdb077c13cfc"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:4a8fcf28c05c1f6d7e177a9a46a1c52798bfe2ad80681d275b10dcf317deaf0b"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:761e8904c07ad053d285670f36dd94e1b6ab7f16ce62b9805c475b7aa1cffde6"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-win32.whl", hash = "sha256:71140351489970dfe5e60fc621ada3e0f41104a5eddaca47a7acb3c1b851d6d3"}, - {file = "charset_normalizer-3.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:9ab77acb98eba3fd2a85cd160851816bfce6871d944d885febf012713f06659c"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:84c3990934bae40ea69a82034912ffe5a62c60bbf6ec5bc9691419641d7d5c9a"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:74292fc76c905c0ef095fe11e188a32ebd03bc38f3f3e9bcb85e4e6db177b7ea"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c95a03c79bbe30eec3ec2b7f076074f4281526724c8685a42872974ef4d36b72"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f4c39b0e3eac288fedc2b43055cfc2ca7a60362d0e5e87a637beac5d801ef478"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:df2c707231459e8a4028eabcd3cfc827befd635b3ef72eada84ab13b52e1574d"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:93ad6d87ac18e2a90b0fe89df7c65263b9a99a0eb98f0a3d2e079f12a0735837"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:59e5686dd847347e55dffcc191a96622f016bc0ad89105e24c14e0d6305acbc6"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-musllinux_1_1_i686.whl", hash = "sha256:cd6056167405314a4dc3c173943f11249fa0f1b204f8b51ed4bde1a9cd1834dc"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-musllinux_1_1_ppc64le.whl", hash = "sha256:083c8d17153ecb403e5e1eb76a7ef4babfc2c48d58899c98fcaa04833e7a2f9a"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-musllinux_1_1_s390x.whl", hash = "sha256:f5057856d21e7586765171eac8b9fc3f7d44ef39425f85dbcccb13b3ebea806c"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:7eb33a30d75562222b64f569c642ff3dc6689e09adda43a082208397f016c39a"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-win32.whl", hash = "sha256:95dea361dd73757c6f1c0a1480ac499952c16ac83f7f5f4f84f0658a01b8ef41"}, - {file = "charset_normalizer-3.0.1-cp36-cp36m-win_amd64.whl", hash = "sha256:eaa379fcd227ca235d04152ca6704c7cb55564116f8bc52545ff357628e10602"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:3e45867f1f2ab0711d60c6c71746ac53537f1684baa699f4f668d4c6f6ce8e14"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cadaeaba78750d58d3cc6ac4d1fd867da6fc73c88156b7a3212a3cd4819d679d"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:911d8a40b2bef5b8bbae2e36a0b103f142ac53557ab421dc16ac4aafee6f53dc"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:503e65837c71b875ecdd733877d852adbc465bd82c768a067badd953bf1bc5a3"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a60332922359f920193b1d4826953c507a877b523b2395ad7bc716ddd386d866"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:16a8663d6e281208d78806dbe14ee9903715361cf81f6d4309944e4d1e59ac5b"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:a16418ecf1329f71df119e8a65f3aa68004a3f9383821edcb20f0702934d8087"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:9d9153257a3f70d5f69edf2325357251ed20f772b12e593f3b3377b5f78e7ef8"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:02a51034802cbf38db3f89c66fb5d2ec57e6fe7ef2f4a44d070a593c3688667b"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:2e396d70bc4ef5325b72b593a72c8979999aa52fb8bcf03f701c1b03e1166918"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:11b53acf2411c3b09e6af37e4b9005cba376c872503c8f28218c7243582df45d"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-win32.whl", hash = "sha256:0bf2dae5291758b6f84cf923bfaa285632816007db0330002fa1de38bfcb7154"}, - {file = "charset_normalizer-3.0.1-cp37-cp37m-win_amd64.whl", hash = "sha256:2c03cc56021a4bd59be889c2b9257dae13bf55041a3372d3295416f86b295fb5"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:024e606be3ed92216e2b6952ed859d86b4cfa52cd5bc5f050e7dc28f9b43ec42"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:4b0d02d7102dd0f997580b51edc4cebcf2ab6397a7edf89f1c73b586c614272c"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:358a7c4cb8ba9b46c453b1dd8d9e431452d5249072e4f56cfda3149f6ab1405e"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:81d6741ab457d14fdedc215516665050f3822d3e56508921cc7239f8c8e66a58"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:8b8af03d2e37866d023ad0ddea594edefc31e827fee64f8de5611a1dbc373174"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9cf4e8ad252f7c38dd1f676b46514f92dc0ebeb0db5552f5f403509705e24753"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e696f0dd336161fca9adbb846875d40752e6eba585843c768935ba5c9960722b"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c22d3fe05ce11d3671297dc8973267daa0f938b93ec716e12e0f6dee81591dc1"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:109487860ef6a328f3eec66f2bf78b0b72400280d8f8ea05f69c51644ba6521a"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:37f8febc8ec50c14f3ec9637505f28e58d4f66752207ea177c1d67df25da5aed"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:f97e83fa6c25693c7a35de154681fcc257c1c41b38beb0304b9c4d2d9e164479"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:a152f5f33d64a6be73f1d30c9cc82dfc73cec6477ec268e7c6e4c7d23c2d2291"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:39049da0ffb96c8cbb65cbf5c5f3ca3168990adf3551bd1dee10c48fce8ae820"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-win32.whl", hash = "sha256:4457ea6774b5611f4bed5eaa5df55f70abde42364d498c5134b7ef4c6958e20e"}, - {file = "charset_normalizer-3.0.1-cp38-cp38-win_amd64.whl", hash = "sha256:e62164b50f84e20601c1ff8eb55620d2ad25fb81b59e3cd776a1902527a788af"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:8eade758719add78ec36dc13201483f8e9b5d940329285edcd5f70c0a9edbd7f"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:8499ca8f4502af841f68135133d8258f7b32a53a1d594aa98cc52013fff55678"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:3fc1c4a2ffd64890aebdb3f97e1278b0cc72579a08ca4de8cd2c04799a3a22be"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:00d3ffdaafe92a5dc603cb9bd5111aaa36dfa187c8285c543be562e61b755f6b"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c2ac1b08635a8cd4e0cbeaf6f5e922085908d48eb05d44c5ae9eabab148512ca"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f6f45710b4459401609ebebdbcfb34515da4fc2aa886f95107f556ac69a9147e"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3ae1de54a77dc0d6d5fcf623290af4266412a7c4be0b1ff7444394f03f5c54e3"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3b590df687e3c5ee0deef9fc8c547d81986d9a1b56073d82de008744452d6541"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:ab5de034a886f616a5668aa5d098af2b5385ed70142090e2a31bcbd0af0fdb3d"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:9cb3032517f1627cc012dbc80a8ec976ae76d93ea2b5feaa9d2a5b8882597579"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:608862a7bf6957f2333fc54ab4399e405baad0163dc9f8d99cb236816db169d4"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:0f438ae3532723fb6ead77e7c604be7c8374094ef4ee2c5e03a3a17f1fca256c"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:356541bf4381fa35856dafa6a965916e54bed415ad8a24ee6de6e37deccf2786"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-win32.whl", hash = "sha256:39cf9ed17fe3b1bc81f33c9ceb6ce67683ee7526e65fde1447c772afc54a1bb8"}, - {file = "charset_normalizer-3.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:0a11e971ed097d24c534c037d298ad32c6ce81a45736d31e0ff0ad37ab437d59"}, - {file = "charset_normalizer-3.0.1-py3-none-any.whl", hash = "sha256:7e189e2e1d3ed2f4aebabd2d5b0f931e883676e51c7624826e0a4e5fe8a0bf24"}, + {file = "charset-normalizer-3.3.2.tar.gz", hash = "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-win32.whl", hash = "sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73"}, + {file = "charset_normalizer-3.3.2-cp310-cp310-win_amd64.whl", hash = "sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-win32.whl", hash = "sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab"}, + {file = "charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl", hash = "sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_ppc64le.whl", hash = "sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_s390x.whl", hash = "sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-win32.whl", hash = "sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7"}, + {file = "charset_normalizer-3.3.2-cp312-cp312-win_amd64.whl", hash = "sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-win32.whl", hash = "sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4"}, + {file = "charset_normalizer-3.3.2-cp37-cp37m-win_amd64.whl", hash = "sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-win32.whl", hash = "sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25"}, + {file = "charset_normalizer-3.3.2-cp38-cp38-win_amd64.whl", hash = "sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-win32.whl", hash = "sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f"}, + {file = "charset_normalizer-3.3.2-cp39-cp39-win_amd64.whl", hash = "sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d"}, + {file = "charset_normalizer-3.3.2-py3-none-any.whl", hash = "sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc"}, ] [[package]] name = "click" -version = "8.1.3" +version = "8.1.7" description = "Composable command line interface toolkit" optional = false python-versions = ">=3.7" files = [ - {file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"}, - {file = "click-8.1.3.tar.gz", hash = "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e"}, + {file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"}, + {file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"}, ] [package.dependencies] @@ -280,20 +271,20 @@ colorama = {version = "*", markers = "platform_system == \"Windows\""} [[package]] name = "click-help-colors" -version = "0.9.1" +version = "0.9.4" description = "Colorization of help messages in Click" optional = false python-versions = "*" files = [ - {file = "click-help-colors-0.9.1.tar.gz", hash = "sha256:78cbcf30cfa81c5fc2a52f49220121e1a8190cd19197d9245997605d3405824d"}, - {file = "click_help_colors-0.9.1-py3-none-any.whl", hash = "sha256:25a6bd22d8abbc72c18a416a1cf21ab65b6120bee48e9637829666cbad22d51d"}, + {file = "click-help-colors-0.9.4.tar.gz", hash = "sha256:f4cabe52cf550299b8888f4f2ee4c5f359ac27e33bcfe4d61db47785a5cc936c"}, + {file = "click_help_colors-0.9.4-py3-none-any.whl", hash = "sha256:b33c5803eeaeb084393b1ab5899dc5476c7196b87a18713045afe76f840b42db"}, ] [package.dependencies] click = ">=7.0,<9" [package.extras] -dev = ["pytest"] +dev = ["mypy", "pytest"] [[package]] name = "colorama" @@ -308,62 +299,63 @@ files = [ [[package]] name = "coverage" -version = "7.1.0" +version = "7.5.0" description = "Code coverage measurement for Python" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "coverage-7.1.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:3b946bbcd5a8231383450b195cfb58cb01cbe7f8949f5758566b881df4b33baf"}, - {file = "coverage-7.1.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:ec8e767f13be637d056f7e07e61d089e555f719b387a7070154ad80a0ff31801"}, - {file = "coverage-7.1.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d4a5a5879a939cb84959d86869132b00176197ca561c664fc21478c1eee60d75"}, - {file = "coverage-7.1.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b643cb30821e7570c0aaf54feaf0bfb630b79059f85741843e9dc23f33aaca2c"}, - {file = "coverage-7.1.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:32df215215f3af2c1617a55dbdfb403b772d463d54d219985ac7cd3bf124cada"}, - {file = "coverage-7.1.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:33d1ae9d4079e05ac4cc1ef9e20c648f5afabf1a92adfaf2ccf509c50b85717f"}, - {file = "coverage-7.1.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:29571503c37f2ef2138a306d23e7270687c0efb9cab4bd8038d609b5c2393a3a"}, - {file = "coverage-7.1.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:63ffd21aa133ff48c4dff7adcc46b7ec8b565491bfc371212122dd999812ea1c"}, - {file = "coverage-7.1.0-cp310-cp310-win32.whl", hash = "sha256:4b14d5e09c656de5038a3f9bfe5228f53439282abcab87317c9f7f1acb280352"}, - {file = "coverage-7.1.0-cp310-cp310-win_amd64.whl", hash = "sha256:8361be1c2c073919500b6601220a6f2f98ea0b6d2fec5014c1d9cfa23dd07038"}, - {file = "coverage-7.1.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:da9b41d4539eefd408c46725fb76ecba3a50a3367cafb7dea5f250d0653c1040"}, - {file = "coverage-7.1.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:c5b15ed7644ae4bee0ecf74fee95808dcc34ba6ace87e8dfbf5cb0dc20eab45a"}, - {file = "coverage-7.1.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d12d076582507ea460ea2a89a8c85cb558f83406c8a41dd641d7be9a32e1274f"}, - {file = "coverage-7.1.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e2617759031dae1bf183c16cef8fcfb3de7617f394c813fa5e8e46e9b82d4222"}, - {file = "coverage-7.1.0-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c4e4881fa9e9667afcc742f0c244d9364d197490fbc91d12ac3b5de0bf2df146"}, - {file = "coverage-7.1.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:9d58885215094ab4a86a6aef044e42994a2bd76a446dc59b352622655ba6621b"}, - {file = "coverage-7.1.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:ffeeb38ee4a80a30a6877c5c4c359e5498eec095878f1581453202bfacc8fbc2"}, - {file = "coverage-7.1.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:3baf5f126f30781b5e93dbefcc8271cb2491647f8283f20ac54d12161dff080e"}, - {file = "coverage-7.1.0-cp311-cp311-win32.whl", hash = "sha256:ded59300d6330be27bc6cf0b74b89ada58069ced87c48eaf9344e5e84b0072f7"}, - {file = "coverage-7.1.0-cp311-cp311-win_amd64.whl", hash = "sha256:6a43c7823cd7427b4ed763aa7fb63901ca8288591323b58c9cd6ec31ad910f3c"}, - {file = "coverage-7.1.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:7a726d742816cb3a8973c8c9a97539c734b3a309345236cd533c4883dda05b8d"}, - {file = "coverage-7.1.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bc7c85a150501286f8b56bd8ed3aa4093f4b88fb68c0843d21ff9656f0009d6a"}, - {file = "coverage-7.1.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f5b4198d85a3755d27e64c52f8c95d6333119e49fd001ae5798dac872c95e0f8"}, - {file = "coverage-7.1.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ddb726cb861c3117a553f940372a495fe1078249ff5f8a5478c0576c7be12050"}, - {file = "coverage-7.1.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:51b236e764840a6df0661b67e50697aaa0e7d4124ca95e5058fa3d7cbc240b7c"}, - {file = "coverage-7.1.0-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:7ee5c9bb51695f80878faaa5598040dd6c9e172ddcf490382e8aedb8ec3fec8d"}, - {file = "coverage-7.1.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:c31b75ae466c053a98bf26843563b3b3517b8f37da4d47b1c582fdc703112bc3"}, - {file = "coverage-7.1.0-cp37-cp37m-win32.whl", hash = "sha256:3b155caf3760408d1cb903b21e6a97ad4e2bdad43cbc265e3ce0afb8e0057e73"}, - {file = "coverage-7.1.0-cp37-cp37m-win_amd64.whl", hash = "sha256:2a60d6513781e87047c3e630b33b4d1e89f39836dac6e069ffee28c4786715f5"}, - {file = "coverage-7.1.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:f2cba5c6db29ce991029b5e4ac51eb36774458f0a3b8d3137241b32d1bb91f06"}, - {file = "coverage-7.1.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:beeb129cacea34490ffd4d6153af70509aa3cda20fdda2ea1a2be870dfec8d52"}, - {file = "coverage-7.1.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0c45948f613d5d18c9ec5eaa203ce06a653334cf1bd47c783a12d0dd4fd9c851"}, - {file = "coverage-7.1.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ef382417db92ba23dfb5864a3fc9be27ea4894e86620d342a116b243ade5d35d"}, - {file = "coverage-7.1.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7c7c0d0827e853315c9bbd43c1162c006dd808dbbe297db7ae66cd17b07830f0"}, - {file = "coverage-7.1.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:e5cdbb5cafcedea04924568d990e20ce7f1945a1dd54b560f879ee2d57226912"}, - {file = "coverage-7.1.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:9817733f0d3ea91bea80de0f79ef971ae94f81ca52f9b66500c6a2fea8e4b4f8"}, - {file = "coverage-7.1.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:218fe982371ac7387304153ecd51205f14e9d731b34fb0568181abaf7b443ba0"}, - {file = "coverage-7.1.0-cp38-cp38-win32.whl", hash = "sha256:04481245ef966fbd24ae9b9e537ce899ae584d521dfbe78f89cad003c38ca2ab"}, - {file = "coverage-7.1.0-cp38-cp38-win_amd64.whl", hash = "sha256:8ae125d1134bf236acba8b83e74c603d1b30e207266121e76484562bc816344c"}, - {file = "coverage-7.1.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:2bf1d5f2084c3932b56b962a683074a3692bce7cabd3aa023c987a2a8e7612f6"}, - {file = "coverage-7.1.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:98b85dd86514d889a2e3dd22ab3c18c9d0019e696478391d86708b805f4ea0fa"}, - {file = "coverage-7.1.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:38da2db80cc505a611938d8624801158e409928b136c8916cd2e203970dde4dc"}, - {file = "coverage-7.1.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3164d31078fa9efe406e198aecd2a02d32a62fecbdef74f76dad6a46c7e48311"}, - {file = "coverage-7.1.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:db61a79c07331e88b9a9974815c075fbd812bc9dbc4dc44b366b5368a2936063"}, - {file = "coverage-7.1.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:9ccb092c9ede70b2517a57382a601619d20981f56f440eae7e4d7eaafd1d1d09"}, - {file = "coverage-7.1.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:33ff26d0f6cc3ca8de13d14fde1ff8efe1456b53e3f0273e63cc8b3c84a063d8"}, - {file = "coverage-7.1.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:d47dd659a4ee952e90dc56c97d78132573dc5c7b09d61b416a9deef4ebe01a0c"}, - {file = "coverage-7.1.0-cp39-cp39-win32.whl", hash = "sha256:d248cd4a92065a4d4543b8331660121b31c4148dd00a691bfb7a5cdc7483cfa4"}, - {file = "coverage-7.1.0-cp39-cp39-win_amd64.whl", hash = "sha256:7ed681b0f8e8bcbbffa58ba26fcf5dbc8f79e7997595bf071ed5430d8c08d6f3"}, - {file = "coverage-7.1.0-pp37.pp38.pp39-none-any.whl", hash = "sha256:755e89e32376c850f826c425ece2c35a4fc266c081490eb0a841e7c1cb0d3bda"}, - {file = "coverage-7.1.0.tar.gz", hash = "sha256:10188fe543560ec4874f974b5305cd1a8bdcfa885ee00ea3a03733464c4ca265"}, + {file = "coverage-7.5.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:432949a32c3e3f820af808db1833d6d1631664d53dd3ce487aa25d574e18ad1c"}, + {file = "coverage-7.5.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:2bd7065249703cbeb6d4ce679c734bef0ee69baa7bff9724361ada04a15b7e3b"}, + {file = "coverage-7.5.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bbfe6389c5522b99768a93d89aca52ef92310a96b99782973b9d11e80511f932"}, + {file = "coverage-7.5.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:39793731182c4be939b4be0cdecde074b833f6171313cf53481f869937129ed3"}, + {file = "coverage-7.5.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:85a5dbe1ba1bf38d6c63b6d2c42132d45cbee6d9f0c51b52c59aa4afba057517"}, + {file = "coverage-7.5.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:357754dcdfd811462a725e7501a9b4556388e8ecf66e79df6f4b988fa3d0b39a"}, + {file = "coverage-7.5.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:a81eb64feded34f40c8986869a2f764f0fe2db58c0530d3a4afbcde50f314880"}, + {file = "coverage-7.5.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:51431d0abbed3a868e967f8257c5faf283d41ec882f58413cf295a389bb22e58"}, + {file = "coverage-7.5.0-cp310-cp310-win32.whl", hash = "sha256:f609ebcb0242d84b7adeee2b06c11a2ddaec5464d21888b2c8255f5fd6a98ae4"}, + {file = "coverage-7.5.0-cp310-cp310-win_amd64.whl", hash = "sha256:6782cd6216fab5a83216cc39f13ebe30adfac2fa72688c5a4d8d180cd52e8f6a"}, + {file = "coverage-7.5.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:e768d870801f68c74c2b669fc909839660180c366501d4cc4b87efd6b0eee375"}, + {file = "coverage-7.5.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:84921b10aeb2dd453247fd10de22907984eaf80901b578a5cf0bb1e279a587cb"}, + {file = "coverage-7.5.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:710c62b6e35a9a766b99b15cdc56d5aeda0914edae8bb467e9c355f75d14ee95"}, + {file = "coverage-7.5.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c379cdd3efc0658e652a14112d51a7668f6bfca7445c5a10dee7eabecabba19d"}, + {file = "coverage-7.5.0-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fea9d3ca80bcf17edb2c08a4704259dadac196fe5e9274067e7a20511fad1743"}, + {file = "coverage-7.5.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:41327143c5b1d715f5f98a397608f90ab9ebba606ae4e6f3389c2145410c52b1"}, + {file = "coverage-7.5.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:565b2e82d0968c977e0b0f7cbf25fd06d78d4856289abc79694c8edcce6eb2de"}, + {file = "coverage-7.5.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:cf3539007202ebfe03923128fedfdd245db5860a36810136ad95a564a2fdffff"}, + {file = "coverage-7.5.0-cp311-cp311-win32.whl", hash = "sha256:bf0b4b8d9caa8d64df838e0f8dcf68fb570c5733b726d1494b87f3da85db3a2d"}, + {file = "coverage-7.5.0-cp311-cp311-win_amd64.whl", hash = "sha256:9c6384cc90e37cfb60435bbbe0488444e54b98700f727f16f64d8bfda0b84656"}, + {file = "coverage-7.5.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:fed7a72d54bd52f4aeb6c6e951f363903bd7d70bc1cad64dd1f087980d309ab9"}, + {file = "coverage-7.5.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:cbe6581fcff7c8e262eb574244f81f5faaea539e712a058e6707a9d272fe5b64"}, + {file = "coverage-7.5.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ad97ec0da94b378e593ef532b980c15e377df9b9608c7c6da3506953182398af"}, + {file = "coverage-7.5.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bd4bacd62aa2f1a1627352fe68885d6ee694bdaebb16038b6e680f2924a9b2cc"}, + {file = "coverage-7.5.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:adf032b6c105881f9d77fa17d9eebe0ad1f9bfb2ad25777811f97c5362aa07f2"}, + {file = "coverage-7.5.0-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:4ba01d9ba112b55bfa4b24808ec431197bb34f09f66f7cb4fd0258ff9d3711b1"}, + {file = "coverage-7.5.0-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:f0bfe42523893c188e9616d853c47685e1c575fe25f737adf473d0405dcfa7eb"}, + {file = "coverage-7.5.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:a9a7ef30a1b02547c1b23fa9a5564f03c9982fc71eb2ecb7f98c96d7a0db5cf2"}, + {file = "coverage-7.5.0-cp312-cp312-win32.whl", hash = "sha256:3c2b77f295edb9fcdb6a250f83e6481c679335ca7e6e4a955e4290350f2d22a4"}, + {file = "coverage-7.5.0-cp312-cp312-win_amd64.whl", hash = "sha256:427e1e627b0963ac02d7c8730ca6d935df10280d230508c0ba059505e9233475"}, + {file = "coverage-7.5.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:9dd88fce54abbdbf4c42fb1fea0e498973d07816f24c0e27a1ecaf91883ce69e"}, + {file = "coverage-7.5.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:a898c11dca8f8c97b467138004a30133974aacd572818c383596f8d5b2eb04a9"}, + {file = "coverage-7.5.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:07dfdd492d645eea1bd70fb1d6febdcf47db178b0d99161d8e4eed18e7f62fe7"}, + {file = "coverage-7.5.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d3d117890b6eee85887b1eed41eefe2e598ad6e40523d9f94c4c4b213258e4a4"}, + {file = "coverage-7.5.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6afd2e84e7da40fe23ca588379f815fb6dbbb1b757c883935ed11647205111cb"}, + {file = "coverage-7.5.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:a9960dd1891b2ddf13a7fe45339cd59ecee3abb6b8326d8b932d0c5da208104f"}, + {file = "coverage-7.5.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:ced268e82af993d7801a9db2dbc1d2322e786c5dc76295d8e89473d46c6b84d4"}, + {file = "coverage-7.5.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:e7c211f25777746d468d76f11719e64acb40eed410d81c26cefac641975beb88"}, + {file = "coverage-7.5.0-cp38-cp38-win32.whl", hash = "sha256:262fffc1f6c1a26125d5d573e1ec379285a3723363f3bd9c83923c9593a2ac25"}, + {file = "coverage-7.5.0-cp38-cp38-win_amd64.whl", hash = "sha256:eed462b4541c540d63ab57b3fc69e7d8c84d5957668854ee4e408b50e92ce26a"}, + {file = "coverage-7.5.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d0194d654e360b3e6cc9b774e83235bae6b9b2cac3be09040880bb0e8a88f4a1"}, + {file = "coverage-7.5.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:33c020d3322662e74bc507fb11488773a96894aa82a622c35a5a28673c0c26f5"}, + {file = "coverage-7.5.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0cbdf2cae14a06827bec50bd58e49249452d211d9caddd8bd80e35b53cb04631"}, + {file = "coverage-7.5.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3235d7c781232e525b0761730e052388a01548bd7f67d0067a253887c6e8df46"}, + {file = "coverage-7.5.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:db2de4e546f0ec4b2787d625e0b16b78e99c3e21bc1722b4977c0dddf11ca84e"}, + {file = "coverage-7.5.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:4d0e206259b73af35c4ec1319fd04003776e11e859936658cb6ceffdeba0f5be"}, + {file = "coverage-7.5.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:2055c4fb9a6ff624253d432aa471a37202cd8f458c033d6d989be4499aed037b"}, + {file = "coverage-7.5.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:075299460948cd12722a970c7eae43d25d37989da682997687b34ae6b87c0ef0"}, + {file = "coverage-7.5.0-cp39-cp39-win32.whl", hash = "sha256:280132aada3bc2f0fac939a5771db4fbb84f245cb35b94fae4994d4c1f80dae7"}, + {file = "coverage-7.5.0-cp39-cp39-win_amd64.whl", hash = "sha256:c58536f6892559e030e6924896a44098bc1290663ea12532c78cef71d0df8493"}, + {file = "coverage-7.5.0-pp38.pp39.pp310-none-any.whl", hash = "sha256:2b57780b51084d5223eee7b59f0d4911c31c16ee5aa12737c7a02455829ff067"}, + {file = "coverage-7.5.0.tar.gz", hash = "sha256:cf62d17310f34084c59c01e027259076479128d11e4661bb6c9acb38c5e19bb8"}, ] [package.dependencies] @@ -374,58 +366,67 @@ toml = ["tomli"] [[package]] name = "cryptography" -version = "41.0.6" +version = "42.0.5" description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." optional = false python-versions = ">=3.7" files = [ - {file = "cryptography-41.0.6-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:0f27acb55a4e77b9be8d550d762b0513ef3fc658cd3eb15110ebbcbd626db12c"}, - {file = "cryptography-41.0.6-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:ae236bb8760c1e55b7a39b6d4d32d2279bc6c7c8500b7d5a13b6fb9fc97be35b"}, - {file = "cryptography-41.0.6-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:afda76d84b053923c27ede5edc1ed7d53e3c9f475ebaf63c68e69f1403c405a8"}, - {file = "cryptography-41.0.6-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:da46e2b5df770070412c46f87bac0849b8d685c5f2679771de277a422c7d0b86"}, - {file = "cryptography-41.0.6-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:ff369dd19e8fe0528b02e8df9f2aeb2479f89b1270d90f96a63500afe9af5cae"}, - {file = "cryptography-41.0.6-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:b648fe2a45e426aaee684ddca2632f62ec4613ef362f4d681a9a6283d10e079d"}, - {file = "cryptography-41.0.6-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:5daeb18e7886a358064a68dbcaf441c036cbdb7da52ae744e7b9207b04d3908c"}, - {file = "cryptography-41.0.6-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:068bc551698c234742c40049e46840843f3d98ad7ce265fd2bd4ec0d11306596"}, - {file = "cryptography-41.0.6-cp37-abi3-win32.whl", hash = "sha256:2132d5865eea673fe6712c2ed5fb4fa49dba10768bb4cc798345748380ee3660"}, - {file = "cryptography-41.0.6-cp37-abi3-win_amd64.whl", hash = "sha256:48783b7e2bef51224020efb61b42704207dde583d7e371ef8fc2a5fb6c0aabc7"}, - {file = "cryptography-41.0.6-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:8efb2af8d4ba9dbc9c9dd8f04d19a7abb5b49eab1f3694e7b5a16a5fc2856f5c"}, - {file = "cryptography-41.0.6-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:c5a550dc7a3b50b116323e3d376241829fd326ac47bc195e04eb33a8170902a9"}, - {file = "cryptography-41.0.6-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:85abd057699b98fce40b41737afb234fef05c67e116f6f3650782c10862c43da"}, - {file = "cryptography-41.0.6-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:f39812f70fc5c71a15aa3c97b2bbe213c3f2a460b79bd21c40d033bb34a9bf36"}, - {file = "cryptography-41.0.6-pp38-pypy38_pp73-macosx_10_12_x86_64.whl", hash = "sha256:742ae5e9a2310e9dade7932f9576606836ed174da3c7d26bc3d3ab4bd49b9f65"}, - {file = "cryptography-41.0.6-pp38-pypy38_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:35f3f288e83c3f6f10752467c48919a7a94b7d88cc00b0668372a0d2ad4f8ead"}, - {file = "cryptography-41.0.6-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:4d03186af98b1c01a4eda396b137f29e4e3fb0173e30f885e27acec8823c1b09"}, - {file = "cryptography-41.0.6-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:b27a7fd4229abef715e064269d98a7e2909ebf92eb6912a9603c7e14c181928c"}, - {file = "cryptography-41.0.6-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:398ae1fc711b5eb78e977daa3cbf47cec20f2c08c5da129b7a296055fbb22aed"}, - {file = "cryptography-41.0.6-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:7e00fb556bda398b99b0da289ce7053639d33b572847181d6483ad89835115f6"}, - {file = "cryptography-41.0.6-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:60e746b11b937911dc70d164060d28d273e31853bb359e2b2033c9e93e6f3c43"}, - {file = "cryptography-41.0.6-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:3288acccef021e3c3c10d58933f44e8602cf04dba96d9796d70d537bb2f4bbc4"}, - {file = "cryptography-41.0.6.tar.gz", hash = "sha256:422e3e31d63743855e43e5a6fcc8b4acab860f560f9321b0ee6269cc7ed70cc3"}, + {file = "cryptography-42.0.5-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:a30596bae9403a342c978fb47d9b0ee277699fa53bbafad14706af51fe543d16"}, + {file = "cryptography-42.0.5-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:b7ffe927ee6531c78f81aa17e684e2ff617daeba7f189f911065b2ea2d526dec"}, + {file = "cryptography-42.0.5-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2424ff4c4ac7f6b8177b53c17ed5d8fa74ae5955656867f5a8affaca36a27abb"}, + {file = "cryptography-42.0.5-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:329906dcc7b20ff3cad13c069a78124ed8247adcac44b10bea1130e36caae0b4"}, + {file = "cryptography-42.0.5-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:b03c2ae5d2f0fc05f9a2c0c997e1bc18c8229f392234e8a0194f202169ccd278"}, + {file = "cryptography-42.0.5-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f8837fe1d6ac4a8052a9a8ddab256bc006242696f03368a4009be7ee3075cdb7"}, + {file = "cryptography-42.0.5-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:0270572b8bd2c833c3981724b8ee9747b3ec96f699a9665470018594301439ee"}, + {file = "cryptography-42.0.5-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:b8cac287fafc4ad485b8a9b67d0ee80c66bf3574f655d3b97ef2e1082360faf1"}, + {file = "cryptography-42.0.5-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:16a48c23a62a2f4a285699dba2e4ff2d1cff3115b9df052cdd976a18856d8e3d"}, + {file = "cryptography-42.0.5-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:2bce03af1ce5a5567ab89bd90d11e7bbdff56b8af3acbbec1faded8f44cb06da"}, + {file = "cryptography-42.0.5-cp37-abi3-win32.whl", hash = "sha256:b6cd2203306b63e41acdf39aa93b86fb566049aeb6dc489b70e34bcd07adca74"}, + {file = "cryptography-42.0.5-cp37-abi3-win_amd64.whl", hash = "sha256:98d8dc6d012b82287f2c3d26ce1d2dd130ec200c8679b6213b3c73c08b2b7940"}, + {file = "cryptography-42.0.5-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:5e6275c09d2badf57aea3afa80d975444f4be8d3bc58f7f80d2a484c6f9485c8"}, + {file = "cryptography-42.0.5-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e4985a790f921508f36f81831817cbc03b102d643b5fcb81cd33df3fa291a1a1"}, + {file = "cryptography-42.0.5-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7cde5f38e614f55e28d831754e8a3bacf9ace5d1566235e39d91b35502d6936e"}, + {file = "cryptography-42.0.5-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:7367d7b2eca6513681127ebad53b2582911d1736dc2ffc19f2c3ae49997496bc"}, + {file = "cryptography-42.0.5-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:cd2030f6650c089aeb304cf093f3244d34745ce0cfcc39f20c6fbfe030102e2a"}, + {file = "cryptography-42.0.5-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:a2913c5375154b6ef2e91c10b5720ea6e21007412f6437504ffea2109b5a33d7"}, + {file = "cryptography-42.0.5-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:c41fb5e6a5fe9ebcd58ca3abfeb51dffb5d83d6775405305bfa8715b76521922"}, + {file = "cryptography-42.0.5-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:3eaafe47ec0d0ffcc9349e1708be2aaea4c6dd4978d76bf6eb0cb2c13636c6fc"}, + {file = "cryptography-42.0.5-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:1b95b98b0d2af784078fa69f637135e3c317091b615cd0905f8b8a087e86fa30"}, + {file = "cryptography-42.0.5-cp39-abi3-win32.whl", hash = "sha256:1f71c10d1e88467126f0efd484bd44bca5e14c664ec2ede64c32f20875c0d413"}, + {file = "cryptography-42.0.5-cp39-abi3-win_amd64.whl", hash = "sha256:a011a644f6d7d03736214d38832e030d8268bcff4a41f728e6030325fea3e400"}, + {file = "cryptography-42.0.5-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:9481ffe3cf013b71b2428b905c4f7a9a4f76ec03065b05ff499bb5682a8d9ad8"}, + {file = "cryptography-42.0.5-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:ba334e6e4b1d92442b75ddacc615c5476d4ad55cc29b15d590cc6b86efa487e2"}, + {file = "cryptography-42.0.5-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:ba3e4a42397c25b7ff88cdec6e2a16c2be18720f317506ee25210f6d31925f9c"}, + {file = "cryptography-42.0.5-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:111a0d8553afcf8eb02a4fea6ca4f59d48ddb34497aa8706a6cf536f1a5ec576"}, + {file = "cryptography-42.0.5-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:cd65d75953847815962c84a4654a84850b2bb4aed3f26fadcc1c13892e1e29f6"}, + {file = "cryptography-42.0.5-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:e807b3188f9eb0eaa7bbb579b462c5ace579f1cedb28107ce8b48a9f7ad3679e"}, + {file = "cryptography-42.0.5-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:f12764b8fffc7a123f641d7d049d382b73f96a34117e0b637b80643169cec8ac"}, + {file = "cryptography-42.0.5-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:37dd623507659e08be98eec89323469e8c7b4c1407c85112634ae3dbdb926fdd"}, + {file = "cryptography-42.0.5.tar.gz", hash = "sha256:6fe07eec95dfd477eb9530aef5bead34fec819b3aaf6c5bd6d20565da607bfe1"}, ] [package.dependencies] -cffi = ">=1.12" +cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""} [package.extras] docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"] -docstest = ["pyenchant (>=1.6.11)", "sphinxcontrib-spelling (>=4.0.1)", "twine (>=1.12.0)"] +docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"] nox = ["nox"] -pep8test = ["black", "check-sdist", "mypy", "ruff"] +pep8test = ["check-sdist", "click", "mypy", "ruff"] sdist = ["build"] ssh = ["bcrypt (>=3.1.5)"] -test = ["pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"] +test = ["certifi", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"] test-randomorder = ["pytest-randomly"] [[package]] name = "debtcollector" -version = "2.5.0" +version = "3.0.0" description = "A collection of Python deprecation patterns and strategies that help you collect your technical debt in a non-destructive manner." optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "debtcollector-2.5.0-py3-none-any.whl", hash = "sha256:1393a527d2c72f143ffa6a629e9c33face6642634eece475b48cab7b04ba61f3"}, - {file = "debtcollector-2.5.0.tar.gz", hash = "sha256:dc9d1ad3f745c43f4bbedbca30f9ffe8905a8c028c9926e61077847d5ea257ab"}, + {file = "debtcollector-3.0.0-py3-none-any.whl", hash = "sha256:46f9dacbe8ce49c47ebf2bf2ec878d50c9443dfae97cc7b8054be684e54c3e91"}, + {file = "debtcollector-3.0.0.tar.gz", hash = "sha256:2a8917d25b0e1f1d0d365d3c1c6ecfc7a522b1e9716e8a1a4a915126f7ccea6f"}, ] [package.dependencies] @@ -444,24 +445,24 @@ files = [ [[package]] name = "distro" -version = "1.8.0" +version = "1.9.0" description = "Distro - an OS platform information API" optional = false python-versions = ">=3.6" files = [ - {file = "distro-1.8.0-py3-none-any.whl", hash = "sha256:99522ca3e365cac527b44bde033f64c6945d90eb9f769703caaec52b09bbd3ff"}, - {file = "distro-1.8.0.tar.gz", hash = "sha256:02e111d1dc6a50abb8eed6bf31c3e48ed8b0830d1ea2a1b78c61765c2513fdd8"}, + {file = "distro-1.9.0-py3-none-any.whl", hash = "sha256:7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"}, + {file = "distro-1.9.0.tar.gz", hash = "sha256:2fa77c6fd8940f116ee1d6b94a2f90b13b5ea8d019b98bc8bafdcabcdd9bdbed"}, ] [[package]] name = "docker" -version = "6.0.1" +version = "7.0.0" description = "A Python library for the Docker Engine API." optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "docker-6.0.1-py3-none-any.whl", hash = "sha256:dbcb3bd2fa80dca0788ed908218bf43972772009b881ed1e20dfc29a65e49782"}, - {file = "docker-6.0.1.tar.gz", hash = "sha256:896c4282e5c7af5c45e8b683b0b0c33932974fe6e50fc6906a0a83616ab3da97"}, + {file = "docker-7.0.0-py3-none-any.whl", hash = "sha256:12ba681f2777a0ad28ffbcc846a69c31b4dfd9752b47eb425a274ee269c5e14b"}, + {file = "docker-7.0.0.tar.gz", hash = "sha256:323736fb92cd9418fc5e7133bc953e11a9da04f4483f828b527db553f1e7e5a3"}, ] [package.dependencies] @@ -469,10 +470,10 @@ packaging = ">=14.0" pywin32 = {version = ">=304", markers = "sys_platform == \"win32\""} requests = ">=2.26.0" urllib3 = ">=1.26.0" -websocket-client = ">=0.32.0" [package.extras] ssh = ["paramiko (>=2.4.3)"] +websockets = ["websocket-client (>=1.3.0)"] [[package]] name = "docker-image-py" @@ -489,19 +490,23 @@ files = [ regex = ">=2019.4.14" [[package]] -name = "dogpile.cache" -version = "1.1.8" +name = "dogpile-cache" +version = "1.3.2" description = "A caching front-end based on the Dogpile lock." optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "dogpile.cache-1.1.8-py3-none-any.whl", hash = "sha256:3f0ca10b46b165e0b0e65e0e74b1a4b36187787b69db7c0f7073077adff2f05d"}, - {file = "dogpile.cache-1.1.8.tar.gz", hash = "sha256:d844e8bb638cc4f544a4c89a834dfd36fe935400b71a16cbd744ebdfb720fd4e"}, + {file = "dogpile.cache-1.3.2-py3-none-any.whl", hash = "sha256:c59250e23ddb4c03259c315c3b03d18b0658ec4f30ee665b39b91faf6401ef41"}, + {file = "dogpile.cache-1.3.2.tar.gz", hash = "sha256:4f71dc0333ad351c9c6f704f5ba2a37bf51c6eed0437d1adf56e075959afe63b"}, ] [package.dependencies] decorator = ">=4.0.0" stevedore = ">=3.0.0" +typing_extensions = {version = ">=4.0.1", markers = "python_version < \"3.11\""} + +[package.extras] +pifpaf = ["pifpaf (>=2.5.0)", "setuptools"] [[package]] name = "enrich" @@ -522,13 +527,13 @@ test = ["mock (>=3.0.5)", "pytest (>=5.4.0)", "pytest-cov (>=2.7.1)", "pytest-mo [[package]] name = "exceptiongroup" -version = "1.1.0" +version = "1.2.1" description = "Backport of PEP 654 (exception groups)" optional = false python-versions = ">=3.7" files = [ - {file = "exceptiongroup-1.1.0-py3-none-any.whl", hash = "sha256:327cbda3da756e2de031a3107b81ab7b3770a602c4d16ca618298c526f4bec1e"}, - {file = "exceptiongroup-1.1.0.tar.gz", hash = "sha256:bcb67d800a4497e1b404c2dd44fca47d3b7a5e5433dbab67f96c1a685cdfdf23"}, + {file = "exceptiongroup-1.2.1-py3-none-any.whl", hash = "sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad"}, + {file = "exceptiongroup-1.2.1.tar.gz", hash = "sha256:a4785e48b045528f5bfe627b6ad554ff32def154f42372786903b7abcfe1aa16"}, ] [package.extras] @@ -536,17 +541,17 @@ test = ["pytest (>=6)"] [[package]] name = "execnet" -version = "1.9.0" +version = "2.1.1" description = "execnet: rapid multi-Python deployment" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +python-versions = ">=3.8" files = [ - {file = "execnet-1.9.0-py2.py3-none-any.whl", hash = "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142"}, - {file = "execnet-1.9.0.tar.gz", hash = "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5"}, + {file = "execnet-2.1.1-py3-none-any.whl", hash = "sha256:26dee51f1b80cebd6d0ca8e74dd8745419761d3bef34163928cbebbdc4749fdc"}, + {file = "execnet-2.1.1.tar.gz", hash = "sha256:5189b52c6121c24feae288166ab41b32549c7e2348652736540b9e6e7d4e72e3"}, ] [package.extras] -testing = ["pre-commit"] +testing = ["hatch", "pre-commit", "pytest", "tox"] [[package]] name = "flake8" @@ -582,23 +587,6 @@ isort = ">=4.3.5,<6" [package.extras] test = ["pytest-cov"] -[[package]] -name = "ghp-import" -version = "2.1.0" -description = "Copy your docs directly to the gh-pages branch." -optional = false -python-versions = "*" -files = [ - {file = "ghp-import-2.1.0.tar.gz", hash = "sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343"}, - {file = "ghp_import-2.1.0-py3-none-any.whl", hash = "sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619"}, -] - -[package.dependencies] -python-dateutil = ">=2.8.1" - -[package.extras] -dev = ["flake8", "markdown", "twine", "wheel"] - [[package]] name = "idna" version = "3.4" @@ -623,31 +611,28 @@ files = [ [[package]] name = "iso8601" -version = "1.1.0" +version = "2.1.0" description = "Simple module to parse ISO 8601 dates" optional = false -python-versions = ">=3.6.2,<4.0" +python-versions = ">=3.7,<4.0" files = [ - {file = "iso8601-1.1.0-py3-none-any.whl", hash = "sha256:8400e90141bf792bce2634df533dc57e3bee19ea120a87bebcd3da89a58ad73f"}, - {file = "iso8601-1.1.0.tar.gz", hash = "sha256:32811e7b81deee2063ea6d2e94f8819a86d1f3811e49d23623a41fa832bef03f"}, + {file = "iso8601-2.1.0-py3-none-any.whl", hash = "sha256:aac4145c4dcb66ad8b648a02830f5e2ff6c24af20f4f482689be402db2429242"}, + {file = "iso8601-2.1.0.tar.gz", hash = "sha256:6b1d3829ee8921c4301998c909f7829fa9ed3cbdac0d3b16af2d743aed1ba8df"}, ] [[package]] name = "isort" -version = "5.12.0" +version = "5.13.2" description = "A Python utility / library to sort Python imports." optional = false python-versions = ">=3.8.0" files = [ - {file = "isort-5.12.0-py3-none-any.whl", hash = "sha256:f84c2818376e66cf843d497486ea8fed8700b340f308f076c6fb1229dff318b6"}, - {file = "isort-5.12.0.tar.gz", hash = "sha256:8bef7dde241278824a6d83f44a544709b065191b95b6e50894bdc722fcba0504"}, + {file = "isort-5.13.2-py3-none-any.whl", hash = "sha256:8ca5e72a8d85860d5a3fa69b8745237f2939afe12dbf656afbcb47fe72d947a6"}, + {file = "isort-5.13.2.tar.gz", hash = "sha256:48fdfcb9face5d58a4f6dde2e72a1fb8dcaf8ab26f95ab49fab84c2ddefb0109"}, ] [package.extras] -colors = ["colorama (>=0.4.3)"] -pipfile-deprecated-finder = ["pip-shims (>=0.5.2)", "pipreqs", "requirementslib"] -plugins = ["setuptools"] -requirements-deprecated-finder = ["pip-api", "pipreqs"] +colors = ["colorama (>=0.4.6)"] [[package]] name = "jinja2" @@ -679,13 +664,13 @@ files = [ [[package]] name = "jsonpatch" -version = "1.32" +version = "1.33" description = "Apply JSON-Patches (RFC 6902)" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*" files = [ - {file = "jsonpatch-1.32-py2.py3-none-any.whl", hash = "sha256:26ac385719ac9f54df8a2f0827bb8253aa3ea8ab7b3368457bcdb8c14595a397"}, - {file = "jsonpatch-1.32.tar.gz", hash = "sha256:b6ddfe6c3db30d81a96aaeceb6baf916094ffa23d7dd5fa2c13e13f8b6e600c2"}, + {file = "jsonpatch-1.33-py2.py3-none-any.whl", hash = "sha256:0ae28c0cd062bbd8b8ecc26d7d164fbbea9652a1a3693f3b956c1eae5145dade"}, + {file = "jsonpatch-1.33.tar.gz", hash = "sha256:9fcd4009c41e6d12348b4a0ff2563ba56a2923a7dfee731d004e212e1ee5030c"}, ] [package.dependencies] @@ -693,43 +678,59 @@ jsonpointer = ">=1.9" [[package]] name = "jsonpointer" -version = "2.3" +version = "2.4" description = "Identify specific nodes in a JSON document (RFC 6901)" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*" files = [ - {file = "jsonpointer-2.3-py2.py3-none-any.whl", hash = "sha256:51801e558539b4e9cd268638c078c6c5746c9ac96bc38152d443400e4f3793e9"}, - {file = "jsonpointer-2.3.tar.gz", hash = "sha256:97cba51526c829282218feb99dab1b1e6bdf8efd1c43dc9d57be093c0d69c99a"}, + {file = "jsonpointer-2.4-py2.py3-none-any.whl", hash = "sha256:15d51bba20eea3165644553647711d150376234112651b4f1811022aecad7d7a"}, + {file = "jsonpointer-2.4.tar.gz", hash = "sha256:585cee82b70211fa9e6043b7bb89db6e1aa49524340dde8ad6b63206ea689d88"}, ] [[package]] name = "jsonschema" -version = "4.17.3" +version = "4.21.1" description = "An implementation of JSON Schema validation for Python" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "jsonschema-4.17.3-py3-none-any.whl", hash = "sha256:a870ad254da1a8ca84b6a2905cac29d265f805acc57af304784962a2aa6508f6"}, - {file = "jsonschema-4.17.3.tar.gz", hash = "sha256:0f864437ab8b6076ba6707453ef8f98a6a0d512a80e93f8abdb676f737ecb60d"}, + {file = "jsonschema-4.21.1-py3-none-any.whl", hash = "sha256:7996507afae316306f9e2290407761157c6f78002dcf7419acb99822143d1c6f"}, + {file = "jsonschema-4.21.1.tar.gz", hash = "sha256:85727c00279f5fa6bedbe6238d2aa6403bedd8b4864ab11207d07df3cc1b2ee5"}, ] [package.dependencies] -attrs = ">=17.4.0" -pyrsistent = ">=0.14.0,<0.17.0 || >0.17.0,<0.17.1 || >0.17.1,<0.17.2 || >0.17.2" +attrs = ">=22.2.0" +jsonschema-specifications = ">=2023.03.6" +referencing = ">=0.28.4" +rpds-py = ">=0.7.1" [package.extras] format = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-validator", "rfc3987", "uri-template", "webcolors (>=1.11)"] format-nongpl = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-validator", "rfc3986-validator (>0.1.0)", "uri-template", "webcolors (>=1.11)"] +[[package]] +name = "jsonschema-specifications" +version = "2023.12.1" +description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry" +optional = false +python-versions = ">=3.8" +files = [ + {file = "jsonschema_specifications-2023.12.1-py3-none-any.whl", hash = "sha256:87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"}, + {file = "jsonschema_specifications-2023.12.1.tar.gz", hash = "sha256:48a76787b3e70f5ed53f1160d2b81f586e4ca6d1548c5de7085d1682674764cc"}, +] + +[package.dependencies] +referencing = ">=0.31.0" + [[package]] name = "keystoneauth1" -version = "5.1.1" +version = "5.6.0" description = "Authentication Library for OpenStack Identity" optional = false -python-versions = "*" +python-versions = ">=3.8" files = [ - {file = "keystoneauth1-5.1.1-py3-none-any.whl", hash = "sha256:7fd532490ce4cf3f41d7b3a5804bf293fc58e2d88b8365d4cad90c0faf95f68f"}, - {file = "keystoneauth1-5.1.1.tar.gz", hash = "sha256:8ca23b5bf9cb6bc2c836790326505c85c01ad78d707b43d6b766197bdb26d1d3"}, + {file = "keystoneauth1-5.6.0-py3-none-any.whl", hash = "sha256:d740843afcf9c159fb929004eee1eecf46573236901e9d8ca2dca5694733a379"}, + {file = "keystoneauth1-5.6.0.tar.gz", hash = "sha256:ecb7f34759ebe103db372ab0953c0b821929ddd497f332aa6b3ef6caacffed88"}, ] [package.dependencies] @@ -737,7 +738,6 @@ iso8601 = ">=0.1.11" os-service-types = ">=1.2.0" pbr = ">=2.0.0,<2.1.0 || >2.1.0" requests = ">=2.14.2" -six = ">=1.10.0" stevedore = ">=1.20.0" [package.extras] @@ -745,31 +745,17 @@ betamax = ["betamax (>=0.7.0)", "fixtures (>=3.0.0)", "mock (>=2.0.0)"] kerberos = ["requests-kerberos (>=0.8.0)"] oauth1 = ["oauthlib (>=0.6.2)"] saml2 = ["lxml (>=4.2.0)"] -test = ["PyYAML (>=3.12)", "bandit (>=1.1.0,<1.6.0)", "betamax (>=0.7.0)", "coverage (>=4.0,!=4.4)", "fixtures (>=3.0.0)", "flake8-docstrings (>=1.6.0,<1.7.0)", "flake8-import-order (>=0.17.1)", "hacking (>=4.1.0,<4.2.0)", "lxml (>=4.2.0)", "oauthlib (>=0.6.2)", "oslo.config (>=5.2.0)", "oslo.utils (>=3.33.0)", "oslotest (>=3.2.0)", "reno (>=3.1.0)", "requests-kerberos (>=0.8.0)", "requests-mock (>=1.2.0)", "stestr (>=1.0.0)", "testresources (>=2.0.0)", "testtools (>=2.2.0)"] - -[[package]] -name = "Markdown" -version = "3.3.7" -description = "Python implementation of Markdown." -optional = false -python-versions = ">=3.6" -files = [ - {file = "Markdown-3.3.7-py3-none-any.whl", hash = "sha256:f5da449a6e1c989a4cea2631aa8ee67caa5a2ef855d551c88f9e309f4634c621"}, - {file = "Markdown-3.3.7.tar.gz", hash = "sha256:cbb516f16218e643d8e0a95b309f77eb118cb138d39a4f27851e6a63581db874"}, -] - -[package.extras] -testing = ["coverage", "pyyaml"] +test = ["PyYAML (>=3.12)", "bandit (>=1.7.6,<1.8.0)", "betamax (>=0.7.0)", "coverage (>=4.0,!=4.4)", "fixtures (>=3.0.0)", "flake8-docstrings (>=1.7.0,<1.8.0)", "flake8-import-order (>=0.18.2,<0.19.0)", "hacking (>=6.1.0,<6.2.0)", "lxml (>=4.2.0)", "oauthlib (>=0.6.2)", "oslo.config (>=5.2.0)", "oslo.utils (>=3.33.0)", "oslotest (>=3.2.0)", "reno (>=3.1.0)", "requests-kerberos (>=0.8.0)", "requests-mock (>=1.2.0)", "stestr (>=1.0.0)", "testresources (>=2.0.0)", "testtools (>=2.2.0)"] [[package]] name = "markdown-it-py" -version = "2.2.0" +version = "3.0.0" description = "Python port of markdown-it. Markdown parsing, done right!" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "markdown-it-py-2.2.0.tar.gz", hash = "sha256:7c9a5e412688bc771c67432cbfebcdd686c93ce6484913dccf06cb5a0bea35a1"}, - {file = "markdown_it_py-2.2.0-py3-none-any.whl", hash = "sha256:5a35f8d1870171d9acc47b99612dc146129b631baf04970128b568f190d0cc30"}, + {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"}, + {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"}, ] [package.dependencies] @@ -782,66 +768,76 @@ compare = ["commonmark (>=0.9,<1.0)", "markdown (>=3.4,<4.0)", "mistletoe (>=1.0 linkify = ["linkify-it-py (>=1,<3)"] plugins = ["mdit-py-plugins"] profiling = ["gprof2dot"] -rtd = ["attrs", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"] +rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"] testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"] [[package]] -name = "MarkupSafe" -version = "2.1.2" +name = "markupsafe" +version = "2.1.5" description = "Safely add untrusted strings to HTML/XML markup." optional = false python-versions = ">=3.7" files = [ - {file = "MarkupSafe-2.1.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:665a36ae6f8f20a4676b53224e33d456a6f5a72657d9c83c2aa00765072f31f7"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:340bea174e9761308703ae988e982005aedf427de816d1afe98147668cc03036"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:22152d00bf4a9c7c83960521fc558f55a1adbc0631fbb00a9471e097b19d72e1"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:28057e985dace2f478e042eaa15606c7efccb700797660629da387eb289b9323"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ca244fa73f50a800cf8c3ebf7fd93149ec37f5cb9596aa8873ae2c1d23498601"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:d9d971ec1e79906046aa3ca266de79eac42f1dbf3612a05dc9368125952bd1a1"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:7e007132af78ea9df29495dbf7b5824cb71648d7133cf7848a2a5dd00d36f9ff"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:7313ce6a199651c4ed9d7e4cfb4aa56fe923b1adf9af3b420ee14e6d9a73df65"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-win32.whl", hash = "sha256:c4a549890a45f57f1ebf99c067a4ad0cb423a05544accaf2b065246827ed9603"}, - {file = "MarkupSafe-2.1.2-cp310-cp310-win_amd64.whl", hash = "sha256:835fb5e38fd89328e9c81067fd642b3593c33e1e17e2fdbf77f5676abb14a156"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:2ec4f2d48ae59bbb9d1f9d7efb9236ab81429a764dedca114f5fdabbc3788013"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:608e7073dfa9e38a85d38474c082d4281f4ce276ac0010224eaba11e929dd53a"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:65608c35bfb8a76763f37036547f7adfd09270fbdbf96608be2bead319728fcd"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f2bfb563d0211ce16b63c7cb9395d2c682a23187f54c3d79bfec33e6705473c6"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:da25303d91526aac3672ee6d49a2f3db2d9502a4a60b55519feb1a4c7714e07d"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:9cad97ab29dfc3f0249b483412c85c8ef4766d96cdf9dcf5a1e3caa3f3661cf1"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:085fd3201e7b12809f9e6e9bc1e5c96a368c8523fad5afb02afe3c051ae4afcc"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:1bea30e9bf331f3fef67e0a3877b2288593c98a21ccb2cf29b74c581a4eb3af0"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-win32.whl", hash = "sha256:7df70907e00c970c60b9ef2938d894a9381f38e6b9db73c5be35e59d92e06625"}, - {file = "MarkupSafe-2.1.2-cp311-cp311-win_amd64.whl", hash = "sha256:e55e40ff0cc8cc5c07996915ad367fa47da6b3fc091fdadca7f5403239c5fec3"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:a6e40afa7f45939ca356f348c8e23048e02cb109ced1eb8420961b2f40fb373a"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cf877ab4ed6e302ec1d04952ca358b381a882fbd9d1b07cccbfd61783561f98a"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:63ba06c9941e46fa389d389644e2d8225e0e3e5ebcc4ff1ea8506dce646f8c8a"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f1cd098434e83e656abf198f103a8207a8187c0fc110306691a2e94a78d0abb2"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:55f44b440d491028addb3b88f72207d71eeebfb7b5dbf0643f7c023ae1fba619"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:a6f2fcca746e8d5910e18782f976489939d54a91f9411c32051b4aab2bd7c513"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:0b462104ba25f1ac006fdab8b6a01ebbfbce9ed37fd37fd4acd70c67c973e460"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-win32.whl", hash = "sha256:7668b52e102d0ed87cb082380a7e2e1e78737ddecdde129acadb0eccc5423859"}, - {file = "MarkupSafe-2.1.2-cp37-cp37m-win_amd64.whl", hash = "sha256:6d6607f98fcf17e534162f0709aaad3ab7a96032723d8ac8750ffe17ae5a0666"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:a806db027852538d2ad7555b203300173dd1b77ba116de92da9afbc3a3be3eed"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:a4abaec6ca3ad8660690236d11bfe28dfd707778e2442b45addd2f086d6ef094"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f03a532d7dee1bed20bc4884194a16160a2de9ffc6354b3878ec9682bb623c54"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4cf06cdc1dda95223e9d2d3c58d3b178aa5dacb35ee7e3bbac10e4e1faacb419"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:22731d79ed2eb25059ae3df1dfc9cb1546691cc41f4e3130fe6bfbc3ecbbecfa"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:f8ffb705ffcf5ddd0e80b65ddf7bed7ee4f5a441ea7d3419e861a12eaf41af58"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:8db032bf0ce9022a8e41a22598eefc802314e81b879ae093f36ce9ddf39ab1ba"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:2298c859cfc5463f1b64bd55cb3e602528db6fa0f3cfd568d3605c50678f8f03"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-win32.whl", hash = "sha256:50c42830a633fa0cf9e7d27664637532791bfc31c731a87b202d2d8ac40c3ea2"}, - {file = "MarkupSafe-2.1.2-cp38-cp38-win_amd64.whl", hash = "sha256:bb06feb762bade6bf3c8b844462274db0c76acc95c52abe8dbed28ae3d44a147"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:99625a92da8229df6d44335e6fcc558a5037dd0a760e11d84be2260e6f37002f"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:8bca7e26c1dd751236cfb0c6c72d4ad61d986e9a41bbf76cb445f69488b2a2bd"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:40627dcf047dadb22cd25ea7ecfe9cbf3bbbad0482ee5920b582f3809c97654f"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:40dfd3fefbef579ee058f139733ac336312663c6706d1163b82b3003fb1925c4"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:090376d812fb6ac5f171e5938e82e7f2d7adc2b629101cec0db8b267815c85e2"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:2e7821bffe00aa6bd07a23913b7f4e01328c3d5cc0b40b36c0bd81d362faeb65"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:c0a33bc9f02c2b17c3ea382f91b4db0e6cde90b63b296422a939886a7a80de1c"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:b8526c6d437855442cdd3d87eede9c425c4445ea011ca38d937db299382e6fa3"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-win32.whl", hash = "sha256:137678c63c977754abe9086a3ec011e8fd985ab90631145dfb9294ad09c102a7"}, - {file = "MarkupSafe-2.1.2-cp39-cp39-win_amd64.whl", hash = "sha256:0576fe974b40a400449768941d5d0858cc624e3249dfd1e0c33674e5c7ca7aed"}, - {file = "MarkupSafe-2.1.2.tar.gz", hash = "sha256:abcabc8c2b26036d62d4c746381a6f7cf60aafcc653198ad678306986b09450d"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e61659ba32cf2cf1481e575d0462554625196a1f2fc06a1c777d3f48e8865d46"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2174c595a0d73a3080ca3257b40096db99799265e1c27cc5a610743acd86d62f"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ae2ad8ae6ebee9d2d94b17fb62763125f3f374c25618198f40cbb8b525411900"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:598e3276b64aff0e7b3451b72e94fa3c238d452e7ddcd893c3ab324717456bad"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:fce659a462a1be54d2ffcacea5e3ba2d74daa74f30f5f143fe0c58636e355fdd"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-win32.whl", hash = "sha256:d9fad5155d72433c921b782e58892377c44bd6252b5af2f67f16b194987338a4"}, + {file = "MarkupSafe-2.1.5-cp310-cp310-win_amd64.whl", hash = "sha256:bf50cd79a75d181c9181df03572cdce0fbb75cc353bc350712073108cba98de5"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:629ddd2ca402ae6dbedfceeba9c46d5f7b2a61d9749597d4307f943ef198fc1f"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:5b7b716f97b52c5a14bffdf688f971b2d5ef4029127f1ad7a513973cfd818df2"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6ec585f69cec0aa07d945b20805be741395e28ac1627333b1c5b0105962ffced"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b91c037585eba9095565a3556f611e3cbfaa42ca1e865f7b8015fe5c7336d5a5"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7502934a33b54030eaf1194c21c692a534196063db72176b0c4028e140f8f32c"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:0e397ac966fdf721b2c528cf028494e86172b4feba51d65f81ffd65c63798f3f"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:c061bb86a71b42465156a3ee7bd58c8c2ceacdbeb95d05a99893e08b8467359a"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:3a57fdd7ce31c7ff06cdfbf31dafa96cc533c21e443d57f5b1ecc6cdc668ec7f"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-win32.whl", hash = "sha256:397081c1a0bfb5124355710fe79478cdbeb39626492b15d399526ae53422b906"}, + {file = "MarkupSafe-2.1.5-cp311-cp311-win_amd64.whl", hash = "sha256:2b7c57a4dfc4f16f7142221afe5ba4e093e09e728ca65c51f5620c9aaeb9a617"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:8dec4936e9c3100156f8a2dc89c4b88d5c435175ff03413b443469c7c8c5f4d1"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:3c6b973f22eb18a789b1460b4b91bf04ae3f0c4234a0a6aa6b0a92f6f7b951d4"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ac07bad82163452a6884fe8fa0963fb98c2346ba78d779ec06bd7a6262132aee"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f5dfb42c4604dddc8e4305050aa6deb084540643ed5804d7455b5df8fe16f5e5"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ea3d8a3d18833cf4304cd2fc9cbb1efe188ca9b5efef2bdac7adc20594a0e46b"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:d050b3361367a06d752db6ead6e7edeb0009be66bc3bae0ee9d97fb326badc2a"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bec0a414d016ac1a18862a519e54b2fd0fc8bbfd6890376898a6c0891dd82e9f"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:58c98fee265677f63a4385256a6d7683ab1832f3ddd1e66fe948d5880c21a169"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-win32.whl", hash = "sha256:8590b4ae07a35970728874632fed7bd57b26b0102df2d2b233b6d9d82f6c62ad"}, + {file = "MarkupSafe-2.1.5-cp312-cp312-win_amd64.whl", hash = "sha256:823b65d8706e32ad2df51ed89496147a42a2a6e01c13cfb6ffb8b1e92bc910bb"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c8b29db45f8fe46ad280a7294f5c3ec36dbac9491f2d1c17345be8e69cc5928f"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ec6a563cff360b50eed26f13adc43e61bc0c04d94b8be985e6fb24b81f6dcfdf"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a549b9c31bec33820e885335b451286e2969a2d9e24879f83fe904a5ce59d70a"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4f11aa001c540f62c6166c7726f71f7573b52c68c31f014c25cc7901deea0b52"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:7b2e5a267c855eea6b4283940daa6e88a285f5f2a67f2220203786dfa59b37e9"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:2d2d793e36e230fd32babe143b04cec8a8b3eb8a3122d2aceb4a371e6b09b8df"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:ce409136744f6521e39fd8e2a24c53fa18ad67aa5bc7c2cf83645cce5b5c4e50"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-win32.whl", hash = "sha256:4096e9de5c6fdf43fb4f04c26fb114f61ef0bf2e5604b6ee3019d51b69e8c371"}, + {file = "MarkupSafe-2.1.5-cp37-cp37m-win_amd64.whl", hash = "sha256:4275d846e41ecefa46e2015117a9f491e57a71ddd59bbead77e904dc02b1bed2"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:656f7526c69fac7f600bd1f400991cc282b417d17539a1b228617081106feb4a"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:97cafb1f3cbcd3fd2b6fbfb99ae11cdb14deea0736fc2b0952ee177f2b813a46"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f3fbcb7ef1f16e48246f704ab79d79da8a46891e2da03f8783a5b6fa41a9532"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ffee1f21e5ef0d712f9033568f8344d5da8cc2869dbd08d87c84656e6a2d2f68"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:5dedb4db619ba5a2787a94d877bc8ffc0566f92a01c0ef214865e54ecc9ee5e0"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:30b600cf0a7ac9234b2638fbc0fb6158ba5bdcdf46aeb631ead21248b9affbc4"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:8dd717634f5a044f860435c1d8c16a270ddf0ef8588d4887037c5028b859b0c3"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-win32.whl", hash = "sha256:daa4ee5a243f0f20d528d939d06670a298dd39b1ad5f8a72a4275124a7819eff"}, + {file = "MarkupSafe-2.1.5-cp38-cp38-win_amd64.whl", hash = "sha256:619bc166c4f2de5caa5a633b8b7326fbe98e0ccbfacabd87268a2b15ff73a029"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:7a68b554d356a91cce1236aa7682dc01df0edba8d043fd1ce607c49dd3c1edcf"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:db0b55e0f3cc0be60c1f19efdde9a637c32740486004f20d1cff53c3c0ece4d2"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3e53af139f8579a6d5f7b76549125f0d94d7e630761a2111bc431fd820e163b8"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:17b950fccb810b3293638215058e432159d2b71005c74371d784862b7e4683f3"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4c31f53cdae6ecfa91a77820e8b151dba54ab528ba65dfd235c80b086d68a465"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:bff1b4290a66b490a2f4719358c0cdcd9bafb6b8f061e45c7a2460866bf50c2e"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:bc1667f8b83f48511b94671e0e441401371dfd0f0a795c7daa4a3cd1dde55bea"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5049256f536511ee3f7e1b3f87d1d1209d327e818e6ae1365e8653d7e3abb6a6"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-win32.whl", hash = "sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf"}, + {file = "MarkupSafe-2.1.5-cp39-cp39-win_amd64.whl", hash = "sha256:fa173ec60341d6bb97a89f5ea19c85c5643c1e7dedebc22f5181eb73573142c5"}, + {file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"}, ] [[package]] @@ -866,75 +862,6 @@ files = [ {file = "mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"}, ] -[[package]] -name = "mergedeep" -version = "1.3.4" -description = "A deep merge function for 🐍." -optional = false -python-versions = ">=3.6" -files = [ - {file = "mergedeep-1.3.4-py3-none-any.whl", hash = "sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307"}, - {file = "mergedeep-1.3.4.tar.gz", hash = "sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8"}, -] - -[[package]] -name = "mkdocs" -version = "1.4.2" -description = "Project documentation with Markdown." -optional = false -python-versions = ">=3.7" -files = [ - {file = "mkdocs-1.4.2-py3-none-any.whl", hash = "sha256:c8856a832c1e56702577023cd64cc5f84948280c1c0fcc6af4cd39006ea6aa8c"}, - {file = "mkdocs-1.4.2.tar.gz", hash = "sha256:8947af423a6d0facf41ea1195b8e1e8c85ad94ac95ae307fe11232e0424b11c5"}, -] - -[package.dependencies] -click = ">=7.0" -colorama = {version = ">=0.4", markers = "platform_system == \"Windows\""} -ghp-import = ">=1.0" -jinja2 = ">=2.11.1" -markdown = ">=3.2.1,<3.4" -mergedeep = ">=1.3.4" -packaging = ">=20.5" -pyyaml = ">=5.1" -pyyaml-env-tag = ">=0.1" -watchdog = ">=2.0" - -[package.extras] -i18n = ["babel (>=2.9.0)"] -min-versions = ["babel (==2.9.0)", "click (==7.0)", "colorama (==0.4)", "ghp-import (==1.0)", "importlib-metadata (==4.3)", "jinja2 (==2.11.1)", "markdown (==3.2.1)", "markupsafe (==2.0.1)", "mergedeep (==1.3.4)", "packaging (==20.5)", "pyyaml (==5.1)", "pyyaml-env-tag (==0.1)", "typing-extensions (==3.10)", "watchdog (==2.0)"] - -[[package]] -name = "mkdocs-material" -version = "8.5.11" -description = "Documentation that simply works" -optional = false -python-versions = ">=3.7" -files = [ - {file = "mkdocs_material-8.5.11-py3-none-any.whl", hash = "sha256:c907b4b052240a5778074a30a78f31a1f8ff82d7012356dc26898b97559f082e"}, - {file = "mkdocs_material-8.5.11.tar.gz", hash = "sha256:b0ea0513fd8cab323e8a825d6692ea07fa83e917bb5db042e523afecc7064ab7"}, -] - -[package.dependencies] -jinja2 = ">=3.0.2" -markdown = ">=3.2" -mkdocs = ">=1.4.0" -mkdocs-material-extensions = ">=1.1" -pygments = ">=2.12" -pymdown-extensions = ">=9.4" -requests = ">=2.26" - -[[package]] -name = "mkdocs-material-extensions" -version = "1.1.1" -description = "Extension pack for Python Markdown and MkDocs Material." -optional = false -python-versions = ">=3.7" -files = [ - {file = "mkdocs_material_extensions-1.1.1-py3-none-any.whl", hash = "sha256:e41d9f38e4798b6617ad98ca8f7f1157b1e4385ac1459ca1e4ea219b556df945"}, - {file = "mkdocs_material_extensions-1.1.1.tar.gz", hash = "sha256:9c003da71e2cc2493d910237448c672e00cefc800d3d6ae93d2fc69979e3bd93"}, -] - [[package]] name = "molecule" version = "6.0.3" @@ -967,115 +894,106 @@ testinfra = ["pytest-testinfra (>=8.1.0)"] [[package]] name = "molecule-plugins" -version = "23.5.0" +version = "23.5.3" description = "Molecule Plugins" optional = false python-versions = ">=3.9" files = [ - {file = "molecule-plugins-23.5.0.tar.gz", hash = "sha256:f13ea047b8650c892604b81b76382bc80bb4ae25ea50b23f30e81fd9d5802aff"}, - {file = "molecule_plugins-23.5.0-py3-none-any.whl", hash = "sha256:893dba8d077adb30fcd50a5d082300404ced3bb745451bc0927d4a1ada131d31"}, + {file = "molecule-plugins-23.5.3.tar.gz", hash = "sha256:a2b1437d532d736e3fbc6db7a69ec533e2334b2115ff9245a0b2772ed9738d23"}, + {file = "molecule_plugins-23.5.3-py3-none-any.whl", hash = "sha256:87f8ac8d5e9fe1cbdfb784d92b1fd08e7cb11bf02a9391bb34dcb93fadf7a3fc"}, ] [package.dependencies] docker = {version = ">=4.3.1", optional = true, markers = "extra == \"docker\""} -molecule = ">=5.0" +molecule = ">=6.0.0a1" requests = {version = "*", optional = true, markers = "extra == \"docker\""} selinux = {version = "*", optional = true, markers = "(sys_platform == \"linux\" or sys_platform == \"linux2\") and extra == \"docker\""} [package.extras] docker = ["docker (>=4.3.1)", "requests", "selinux", "selinux"] +openstack = ["openstacksdk (>=1.1.0)"] selinux = ["selinux", "selinux"] -test = ["molecule[test]", "pytest-helpers-namespace (>=2019.1.8)"] +test = ["molecule[test] (>=6.0.0a1)", "pytest-helpers-namespace (>=2019.1.8)"] vagrant = ["python-vagrant"] [[package]] name = "msgpack" -version = "1.0.5" +version = "1.0.8" description = "MessagePack serializer" optional = false -python-versions = "*" +python-versions = ">=3.8" files = [ - {file = "msgpack-1.0.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:525228efd79bb831cf6830a732e2e80bc1b05436b086d4264814b4b2955b2fa9"}, - {file = "msgpack-1.0.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:4f8d8b3bf1ff2672567d6b5c725a1b347fe838b912772aa8ae2bf70338d5a198"}, - {file = "msgpack-1.0.5-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:cdc793c50be3f01106245a61b739328f7dccc2c648b501e237f0699fe1395b81"}, - {file = "msgpack-1.0.5-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5cb47c21a8a65b165ce29f2bec852790cbc04936f502966768e4aae9fa763cb7"}, - {file = "msgpack-1.0.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e42b9594cc3bf4d838d67d6ed62b9e59e201862a25e9a157019e171fbe672dd3"}, - {file = "msgpack-1.0.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:55b56a24893105dc52c1253649b60f475f36b3aa0fc66115bffafb624d7cb30b"}, - {file = "msgpack-1.0.5-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:1967f6129fc50a43bfe0951c35acbb729be89a55d849fab7686004da85103f1c"}, - {file = "msgpack-1.0.5-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:20a97bf595a232c3ee6d57ddaadd5453d174a52594bf9c21d10407e2a2d9b3bd"}, - {file = "msgpack-1.0.5-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:d25dd59bbbbb996eacf7be6b4ad082ed7eacc4e8f3d2df1ba43822da9bfa122a"}, - {file = "msgpack-1.0.5-cp310-cp310-win32.whl", hash = "sha256:382b2c77589331f2cb80b67cc058c00f225e19827dbc818d700f61513ab47bea"}, - {file = "msgpack-1.0.5-cp310-cp310-win_amd64.whl", hash = "sha256:4867aa2df9e2a5fa5f76d7d5565d25ec76e84c106b55509e78c1ede0f152659a"}, - {file = "msgpack-1.0.5-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:9f5ae84c5c8a857ec44dc180a8b0cc08238e021f57abdf51a8182e915e6299f0"}, - {file = "msgpack-1.0.5-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:9e6ca5d5699bcd89ae605c150aee83b5321f2115695e741b99618f4856c50898"}, - {file = "msgpack-1.0.5-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:5494ea30d517a3576749cad32fa27f7585c65f5f38309c88c6d137877fa28a5a"}, - {file = "msgpack-1.0.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1ab2f3331cb1b54165976a9d976cb251a83183631c88076613c6c780f0d6e45a"}, - {file = "msgpack-1.0.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:28592e20bbb1620848256ebc105fc420436af59515793ed27d5c77a217477705"}, - {file = "msgpack-1.0.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fe5c63197c55bce6385d9aee16c4d0641684628f63ace85f73571e65ad1c1e8d"}, - {file = "msgpack-1.0.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:ed40e926fa2f297e8a653c954b732f125ef97bdd4c889f243182299de27e2aa9"}, - {file = "msgpack-1.0.5-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:b2de4c1c0538dcb7010902a2b97f4e00fc4ddf2c8cda9749af0e594d3b7fa3d7"}, - {file = "msgpack-1.0.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:bf22a83f973b50f9d38e55c6aade04c41ddda19b00c4ebc558930d78eecc64ed"}, - {file = "msgpack-1.0.5-cp311-cp311-win32.whl", hash = "sha256:c396e2cc213d12ce017b686e0f53497f94f8ba2b24799c25d913d46c08ec422c"}, - {file = "msgpack-1.0.5-cp311-cp311-win_amd64.whl", hash = "sha256:6c4c68d87497f66f96d50142a2b73b97972130d93677ce930718f68828b382e2"}, - {file = "msgpack-1.0.5-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:a2b031c2e9b9af485d5e3c4520f4220d74f4d222a5b8dc8c1a3ab9448ca79c57"}, - {file = "msgpack-1.0.5-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4f837b93669ce4336e24d08286c38761132bc7ab29782727f8557e1eb21b2080"}, - {file = "msgpack-1.0.5-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b1d46dfe3832660f53b13b925d4e0fa1432b00f5f7210eb3ad3bb9a13c6204a6"}, - {file = "msgpack-1.0.5-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:366c9a7b9057e1547f4ad51d8facad8b406bab69c7d72c0eb6f529cf76d4b85f"}, - {file = "msgpack-1.0.5-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:4c075728a1095efd0634a7dccb06204919a2f67d1893b6aa8e00497258bf926c"}, - {file = "msgpack-1.0.5-cp36-cp36m-musllinux_1_1_i686.whl", hash = "sha256:f933bbda5a3ee63b8834179096923b094b76f0c7a73c1cfe8f07ad608c58844b"}, - {file = "msgpack-1.0.5-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:36961b0568c36027c76e2ae3ca1132e35123dcec0706c4b7992683cc26c1320c"}, - {file = "msgpack-1.0.5-cp36-cp36m-win32.whl", hash = "sha256:b5ef2f015b95f912c2fcab19c36814963b5463f1fb9049846994b007962743e9"}, - {file = "msgpack-1.0.5-cp36-cp36m-win_amd64.whl", hash = "sha256:288e32b47e67f7b171f86b030e527e302c91bd3f40fd9033483f2cacc37f327a"}, - {file = "msgpack-1.0.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:137850656634abddfb88236008339fdaba3178f4751b28f270d2ebe77a563b6c"}, - {file = "msgpack-1.0.5-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0c05a4a96585525916b109bb85f8cb6511db1c6f5b9d9cbcbc940dc6b4be944b"}, - {file = "msgpack-1.0.5-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:56a62ec00b636583e5cb6ad313bbed36bb7ead5fa3a3e38938503142c72cba4f"}, - {file = "msgpack-1.0.5-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ef8108f8dedf204bb7b42994abf93882da1159728a2d4c5e82012edd92c9da9f"}, - {file = "msgpack-1.0.5-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:1835c84d65f46900920b3708f5ba829fb19b1096c1800ad60bae8418652a951d"}, - {file = "msgpack-1.0.5-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:e57916ef1bd0fee4f21c4600e9d1da352d8816b52a599c46460e93a6e9f17086"}, - {file = "msgpack-1.0.5-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:17358523b85973e5f242ad74aa4712b7ee560715562554aa2134d96e7aa4cbbf"}, - {file = "msgpack-1.0.5-cp37-cp37m-win32.whl", hash = "sha256:cb5aaa8c17760909ec6cb15e744c3ebc2ca8918e727216e79607b7bbce9c8f77"}, - {file = "msgpack-1.0.5-cp37-cp37m-win_amd64.whl", hash = "sha256:ab31e908d8424d55601ad7075e471b7d0140d4d3dd3272daf39c5c19d936bd82"}, - {file = "msgpack-1.0.5-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:b72d0698f86e8d9ddf9442bdedec15b71df3598199ba33322d9711a19f08145c"}, - {file = "msgpack-1.0.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:379026812e49258016dd84ad79ac8446922234d498058ae1d415f04b522d5b2d"}, - {file = "msgpack-1.0.5-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:332360ff25469c346a1c5e47cbe2a725517919892eda5cfaffe6046656f0b7bb"}, - {file = "msgpack-1.0.5-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:476a8fe8fae289fdf273d6d2a6cb6e35b5a58541693e8f9f019bfe990a51e4ba"}, - {file = "msgpack-1.0.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a9985b214f33311df47e274eb788a5893a761d025e2b92c723ba4c63936b69b1"}, - {file = "msgpack-1.0.5-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:48296af57cdb1d885843afd73c4656be5c76c0c6328db3440c9601a98f303d87"}, - {file = "msgpack-1.0.5-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:addab7e2e1fcc04bd08e4eb631c2a90960c340e40dfc4a5e24d2ff0d5a3b3edb"}, - {file = "msgpack-1.0.5-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:916723458c25dfb77ff07f4c66aed34e47503b2eb3188b3adbec8d8aa6e00f48"}, - {file = "msgpack-1.0.5-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:821c7e677cc6acf0fd3f7ac664c98803827ae6de594a9f99563e48c5a2f27eb0"}, - {file = "msgpack-1.0.5-cp38-cp38-win32.whl", hash = "sha256:1c0f7c47f0087ffda62961d425e4407961a7ffd2aa004c81b9c07d9269512f6e"}, - {file = "msgpack-1.0.5-cp38-cp38-win_amd64.whl", hash = "sha256:bae7de2026cbfe3782c8b78b0db9cbfc5455e079f1937cb0ab8d133496ac55e1"}, - {file = "msgpack-1.0.5-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:20c784e66b613c7f16f632e7b5e8a1651aa5702463d61394671ba07b2fc9e025"}, - {file = "msgpack-1.0.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:266fa4202c0eb94d26822d9bfd7af25d1e2c088927fe8de9033d929dd5ba24c5"}, - {file = "msgpack-1.0.5-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:18334484eafc2b1aa47a6d42427da7fa8f2ab3d60b674120bce7a895a0a85bdd"}, - {file = "msgpack-1.0.5-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:57e1f3528bd95cc44684beda696f74d3aaa8a5e58c816214b9046512240ef437"}, - {file = "msgpack-1.0.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:586d0d636f9a628ddc6a17bfd45aa5b5efaf1606d2b60fa5d87b8986326e933f"}, - {file = "msgpack-1.0.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a740fa0e4087a734455f0fc3abf5e746004c9da72fbd541e9b113013c8dc3282"}, - {file = "msgpack-1.0.5-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:3055b0455e45810820db1f29d900bf39466df96ddca11dfa6d074fa47054376d"}, - {file = "msgpack-1.0.5-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:a61215eac016f391129a013c9e46f3ab308db5f5ec9f25811e811f96962599a8"}, - {file = "msgpack-1.0.5-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:362d9655cd369b08fda06b6657a303eb7172d5279997abe094512e919cf74b11"}, - {file = "msgpack-1.0.5-cp39-cp39-win32.whl", hash = "sha256:ac9dd47af78cae935901a9a500104e2dea2e253207c924cc95de149606dc43cc"}, - {file = "msgpack-1.0.5-cp39-cp39-win_amd64.whl", hash = "sha256:06f5174b5f8ed0ed919da0e62cbd4ffde676a374aba4020034da05fab67b9164"}, - {file = "msgpack-1.0.5.tar.gz", hash = "sha256:c075544284eadc5cddc70f4757331d99dcbc16b2bbd4849d15f8aae4cf36d31c"}, + {file = "msgpack-1.0.8-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:505fe3d03856ac7d215dbe005414bc28505d26f0c128906037e66d98c4e95868"}, + {file = "msgpack-1.0.8-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e6b7842518a63a9f17107eb176320960ec095a8ee3b4420b5f688e24bf50c53c"}, + {file = "msgpack-1.0.8-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:376081f471a2ef24828b83a641a02c575d6103a3ad7fd7dade5486cad10ea659"}, + {file = "msgpack-1.0.8-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5e390971d082dba073c05dbd56322427d3280b7cc8b53484c9377adfbae67dc2"}, + {file = "msgpack-1.0.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:00e073efcba9ea99db5acef3959efa45b52bc67b61b00823d2a1a6944bf45982"}, + {file = "msgpack-1.0.8-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:82d92c773fbc6942a7a8b520d22c11cfc8fd83bba86116bfcf962c2f5c2ecdaa"}, + {file = "msgpack-1.0.8-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:9ee32dcb8e531adae1f1ca568822e9b3a738369b3b686d1477cbc643c4a9c128"}, + {file = "msgpack-1.0.8-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:e3aa7e51d738e0ec0afbed661261513b38b3014754c9459508399baf14ae0c9d"}, + {file = "msgpack-1.0.8-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:69284049d07fce531c17404fcba2bb1df472bc2dcdac642ae71a2d079d950653"}, + {file = "msgpack-1.0.8-cp310-cp310-win32.whl", hash = "sha256:13577ec9e247f8741c84d06b9ece5f654920d8365a4b636ce0e44f15e07ec693"}, + {file = "msgpack-1.0.8-cp310-cp310-win_amd64.whl", hash = "sha256:e532dbd6ddfe13946de050d7474e3f5fb6ec774fbb1a188aaf469b08cf04189a"}, + {file = "msgpack-1.0.8-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:9517004e21664f2b5a5fd6333b0731b9cf0817403a941b393d89a2f1dc2bd836"}, + {file = "msgpack-1.0.8-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d16a786905034e7e34098634b184a7d81f91d4c3d246edc6bd7aefb2fd8ea6ad"}, + {file = "msgpack-1.0.8-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:e2872993e209f7ed04d963e4b4fbae72d034844ec66bc4ca403329db2074377b"}, + {file = "msgpack-1.0.8-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5c330eace3dd100bdb54b5653b966de7f51c26ec4a7d4e87132d9b4f738220ba"}, + {file = "msgpack-1.0.8-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:83b5c044f3eff2a6534768ccfd50425939e7a8b5cf9a7261c385de1e20dcfc85"}, + {file = "msgpack-1.0.8-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1876b0b653a808fcd50123b953af170c535027bf1d053b59790eebb0aeb38950"}, + {file = "msgpack-1.0.8-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:dfe1f0f0ed5785c187144c46a292b8c34c1295c01da12e10ccddfc16def4448a"}, + {file = "msgpack-1.0.8-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:3528807cbbb7f315bb81959d5961855e7ba52aa60a3097151cb21956fbc7502b"}, + {file = "msgpack-1.0.8-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e2f879ab92ce502a1e65fce390eab619774dda6a6ff719718069ac94084098ce"}, + {file = "msgpack-1.0.8-cp311-cp311-win32.whl", hash = "sha256:26ee97a8261e6e35885c2ecd2fd4a6d38252246f94a2aec23665a4e66d066305"}, + {file = "msgpack-1.0.8-cp311-cp311-win_amd64.whl", hash = "sha256:eadb9f826c138e6cf3c49d6f8de88225a3c0ab181a9b4ba792e006e5292d150e"}, + {file = "msgpack-1.0.8-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:114be227f5213ef8b215c22dde19532f5da9652e56e8ce969bf0a26d7c419fee"}, + {file = "msgpack-1.0.8-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:d661dc4785affa9d0edfdd1e59ec056a58b3dbb9f196fa43587f3ddac654ac7b"}, + {file = "msgpack-1.0.8-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:d56fd9f1f1cdc8227d7b7918f55091349741904d9520c65f0139a9755952c9e8"}, + {file = "msgpack-1.0.8-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0726c282d188e204281ebd8de31724b7d749adebc086873a59efb8cf7ae27df3"}, + {file = "msgpack-1.0.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8db8e423192303ed77cff4dce3a4b88dbfaf43979d280181558af5e2c3c71afc"}, + {file = "msgpack-1.0.8-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:99881222f4a8c2f641f25703963a5cefb076adffd959e0558dc9f803a52d6a58"}, + {file = "msgpack-1.0.8-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:b5505774ea2a73a86ea176e8a9a4a7c8bf5d521050f0f6f8426afe798689243f"}, + {file = "msgpack-1.0.8-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:ef254a06bcea461e65ff0373d8a0dd1ed3aa004af48839f002a0c994a6f72d04"}, + {file = "msgpack-1.0.8-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:e1dd7839443592d00e96db831eddb4111a2a81a46b028f0facd60a09ebbdd543"}, + {file = "msgpack-1.0.8-cp312-cp312-win32.whl", hash = "sha256:64d0fcd436c5683fdd7c907eeae5e2cbb5eb872fafbc03a43609d7941840995c"}, + {file = "msgpack-1.0.8-cp312-cp312-win_amd64.whl", hash = "sha256:74398a4cf19de42e1498368c36eed45d9528f5fd0155241e82c4082b7e16cffd"}, + {file = "msgpack-1.0.8-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:0ceea77719d45c839fd73abcb190b8390412a890df2f83fb8cf49b2a4b5c2f40"}, + {file = "msgpack-1.0.8-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1ab0bbcd4d1f7b6991ee7c753655b481c50084294218de69365f8f1970d4c151"}, + {file = "msgpack-1.0.8-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:1cce488457370ffd1f953846f82323cb6b2ad2190987cd4d70b2713e17268d24"}, + {file = "msgpack-1.0.8-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3923a1778f7e5ef31865893fdca12a8d7dc03a44b33e2a5f3295416314c09f5d"}, + {file = "msgpack-1.0.8-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a22e47578b30a3e199ab067a4d43d790249b3c0587d9a771921f86250c8435db"}, + {file = "msgpack-1.0.8-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bd739c9251d01e0279ce729e37b39d49a08c0420d3fee7f2a4968c0576678f77"}, + {file = "msgpack-1.0.8-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:d3420522057ebab1728b21ad473aa950026d07cb09da41103f8e597dfbfaeb13"}, + {file = "msgpack-1.0.8-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:5845fdf5e5d5b78a49b826fcdc0eb2e2aa7191980e3d2cfd2a30303a74f212e2"}, + {file = "msgpack-1.0.8-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:6a0e76621f6e1f908ae52860bdcb58e1ca85231a9b0545e64509c931dd34275a"}, + {file = "msgpack-1.0.8-cp38-cp38-win32.whl", hash = "sha256:374a8e88ddab84b9ada695d255679fb99c53513c0a51778796fcf0944d6c789c"}, + {file = "msgpack-1.0.8-cp38-cp38-win_amd64.whl", hash = "sha256:f3709997b228685fe53e8c433e2df9f0cdb5f4542bd5114ed17ac3c0129b0480"}, + {file = "msgpack-1.0.8-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:f51bab98d52739c50c56658cc303f190785f9a2cd97b823357e7aeae54c8f68a"}, + {file = "msgpack-1.0.8-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:73ee792784d48aa338bba28063e19a27e8d989344f34aad14ea6e1b9bd83f596"}, + {file = "msgpack-1.0.8-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:f9904e24646570539a8950400602d66d2b2c492b9010ea7e965025cb71d0c86d"}, + {file = "msgpack-1.0.8-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e75753aeda0ddc4c28dce4c32ba2f6ec30b1b02f6c0b14e547841ba5b24f753f"}, + {file = "msgpack-1.0.8-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5dbf059fb4b7c240c873c1245ee112505be27497e90f7c6591261c7d3c3a8228"}, + {file = "msgpack-1.0.8-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4916727e31c28be8beaf11cf117d6f6f188dcc36daae4e851fee88646f5b6b18"}, + {file = "msgpack-1.0.8-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:7938111ed1358f536daf311be244f34df7bf3cdedb3ed883787aca97778b28d8"}, + {file = "msgpack-1.0.8-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:493c5c5e44b06d6c9268ce21b302c9ca055c1fd3484c25ba41d34476c76ee746"}, + {file = "msgpack-1.0.8-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5fbb160554e319f7b22ecf530a80a3ff496d38e8e07ae763b9e82fadfe96f273"}, + {file = "msgpack-1.0.8-cp39-cp39-win32.whl", hash = "sha256:f9af38a89b6a5c04b7d18c492c8ccf2aee7048aff1ce8437c4683bb5a1df893d"}, + {file = "msgpack-1.0.8-cp39-cp39-win_amd64.whl", hash = "sha256:ed59dd52075f8fc91da6053b12e8c89e37aa043f8986efd89e61fae69dc1b011"}, + {file = "msgpack-1.0.8.tar.gz", hash = "sha256:95c02b0e27e706e48d0e5426d1710ca78e0f0628d6e89d5b5a5b91a5f12274f3"}, ] [[package]] name = "munch" -version = "2.5.0" +version = "4.0.0" description = "A dot-accessible dictionary (a la JavaScript objects)" optional = false -python-versions = "*" +python-versions = ">=3.6" files = [ - {file = "munch-2.5.0-py2.py3-none-any.whl", hash = "sha256:6f44af89a2ce4ed04ff8de41f70b226b984db10a91dcc7b9ac2efc1c77022fdd"}, - {file = "munch-2.5.0.tar.gz", hash = "sha256:2d735f6f24d4dba3417fa448cae40c6e896ec1fdab6cdb5e6510999758a4dbd2"}, + {file = "munch-4.0.0-py2.py3-none-any.whl", hash = "sha256:71033c45db9fb677a0b7eb517a4ce70ae09258490e419b0e7f00d1e386ecb1b4"}, + {file = "munch-4.0.0.tar.gz", hash = "sha256:542cb151461263216a4e37c3fd9afc425feeaf38aaa3025cd2a981fadb422235"}, ] -[package.dependencies] -six = "*" - [package.extras] -testing = ["astroid (>=1.5.3,<1.6.0)", "astroid (>=2.0)", "coverage", "pylint (>=1.7.2,<1.8.0)", "pylint (>=2.3.1,<2.4.0)", "pytest"] +testing = ["astroid (>=2.0)", "coverage", "pylint (>=2.3.1,<2.4.0)", "pytest"] yaml = ["PyYAML (>=5.1.0)"] [[package]] @@ -1171,13 +1089,13 @@ pbr = ">=2.0.0,<2.1.0 || >2.1.0" [[package]] name = "oslo-config" -version = "9.1.1" +version = "9.4.0" description = "Oslo Configuration API" optional = false python-versions = ">=3.8" files = [ - {file = "oslo.config-9.1.1-py3-none-any.whl", hash = "sha256:7cd56e0b41b04f64dbc42e83e8164d5ef03466390f1216fbda2cb0e1c535c22c"}, - {file = "oslo.config-9.1.1.tar.gz", hash = "sha256:b07654b53d87792ae8e739962ad729c529c9938a118d891ece9ee31d59716bc9"}, + {file = "oslo.config-9.4.0-py3-none-any.whl", hash = "sha256:8c2049c14cade7adeeda18638531b3b3a40d3c6bcc690535939f64a3c1ec8d63"}, + {file = "oslo.config-9.4.0.tar.gz", hash = "sha256:35b11a661b608edb50305dad91e4e30819d90ef794b7d7dba5bd8b2ef2eb8c0d"}, ] [package.dependencies] @@ -1191,17 +1109,17 @@ stevedore = ">=1.20.0" [package.extras] rst-generator = ["rst2txt (>=1.1.0)", "sphinx (>=1.8.0,!=2.1.0)"] -test = ["bandit (>=1.6.0,<1.7.0)", "coverage (>=4.0,!=4.4)", "fixtures (>=3.0.0)", "hacking (>=3.0.1,<3.1.0)", "mypy (>=0.720)", "oslo.log (>=3.36.0)", "oslotest (>=3.2.0)", "pre-commit (>=2.6.0)", "requests-mock (>=1.5.0)", "stestr (>=2.1.0)", "testscenarios (>=0.4)", "testtools (>=2.2.0)"] +test = ["bandit (>=1.7.0,<1.8.0)", "coverage (>=4.0,!=4.4)", "fixtures (>=3.0.0)", "hacking (>=6.1.0,<6.2.0)", "mypy (>=0.720)", "oslo.log (>=3.36.0)", "oslotest (>=3.2.0)", "pre-commit (>=2.6.0)", "requests-mock (>=1.5.0)", "stestr (>=2.1.0)", "testscenarios (>=0.4)", "testtools (>=2.2.0)"] [[package]] name = "oslo-context" -version = "5.1.1" +version = "5.5.0" description = "Oslo Context library" optional = false python-versions = ">=3.8" files = [ - {file = "oslo.context-5.1.1-py3-none-any.whl", hash = "sha256:3cbe3c42a3e2fc967e740f23e84421bb2d2b5f7579798698dd1d1485dd6baa44"}, - {file = "oslo.context-5.1.1.tar.gz", hash = "sha256:2f2e79171044efd1807c55713ed2c7f4068b18d73d027819165c4819b287cfaf"}, + {file = "oslo.context-5.5.0-py3-none-any.whl", hash = "sha256:aa858a42aac9858bf259bc0804513a8f9bf36916f9cfc8937708f6c90ad68259"}, + {file = "oslo.context-5.5.0.tar.gz", hash = "sha256:eae0317b29928f1934df4c60b860fe8625247cb297c5cc62fef8eb5827b12fac"}, ] [package.dependencies] @@ -1210,13 +1128,13 @@ pbr = ">=2.0.0,<2.1.0 || >2.1.0" [[package]] name = "oslo-i18n" -version = "6.0.0" +version = "6.3.0" description = "Oslo i18n library" optional = false python-versions = ">=3.8" files = [ - {file = "oslo.i18n-6.0.0-py3-none-any.whl", hash = "sha256:080fedf41b05d4dcd23a91d23ee2dea0863996e860a59695856269a42d939fc1"}, - {file = "oslo.i18n-6.0.0.tar.gz", hash = "sha256:ed10686b75f7c607825177a669155f4e259ce39f6143a375f6359bbcaa4a35cd"}, + {file = "oslo.i18n-6.3.0-py3-none-any.whl", hash = "sha256:698eb5c63a01359ed6d91031d6331098190d38be0bdda7d270264d6f86bc79e7"}, + {file = "oslo.i18n-6.3.0.tar.gz", hash = "sha256:64a251edef8bf1bb1d4e6f78d377e149d4f15c1a9245de77f172016da6267444"}, ] [package.dependencies] @@ -1224,13 +1142,13 @@ pbr = ">=2.0.0,<2.1.0 || >2.1.0" [[package]] name = "oslo-log" -version = "5.2.0" +version = "5.5.1" description = "oslo.log library" optional = false python-versions = ">=3.8" files = [ - {file = "oslo.log-5.2.0-py3-none-any.whl", hash = "sha256:3f73c96e1cce9a54be26663a7616e3067bc65b112c47916ac0a655d7709f8eff"}, - {file = "oslo.log-5.2.0.tar.gz", hash = "sha256:6226336d5b6ee1885f057b65dbede84c4a9c5e4e4ae75a0e8e7f383c163ec480"}, + {file = "oslo.log-5.5.1-py3-none-any.whl", hash = "sha256:8e9b51cbeae6a3706fd3a1629d78210cd9681b28006e0ebdf8d96c75a77cd35a"}, + {file = "oslo.log-5.5.1.tar.gz", hash = "sha256:484148512c5db2a8b35c83cd997e9953755fd8bfa8aaf6ee0cc8c7aeb7429210"}, ] [package.dependencies] @@ -1247,34 +1165,34 @@ python-dateutil = ">=2.7.0" [package.extras] fixtures = ["fixtures (>=3.0.0)"] systemd = ["systemd-python (>=234)"] -test = ["bandit (>=1.6.0,<1.7.0)", "coverage (>=4.5.1)", "fixtures (>=3.0.0)", "hacking (>=2.0.0,<2.1.0)", "oslotest (>=3.3.0)", "pre-commit (>=2.6.0)", "stestr (>=2.0.0)", "testtools (>=2.3.0)"] +test = ["coverage (>=4.5.1)", "eventlet (>=0.30.1,!=0.32.0)", "fixtures (>=3.0.0)", "oslotest (>=3.3.0)", "stestr (>=2.0.0)", "testtools (>=2.3.0)"] [[package]] name = "oslo-serialization" -version = "5.1.1" +version = "5.4.0" description = "Oslo Serialization library" optional = false python-versions = ">=3.8" files = [ - {file = "oslo.serialization-5.1.1-py3-none-any.whl", hash = "sha256:c5dfb97ce8ddd1d2708a9a3f4a091063f6c304940c7cb39f532f7f791441fdca"}, - {file = "oslo.serialization-5.1.1.tar.gz", hash = "sha256:8abbda8b1763a06071fc28c5d8a9be547ba285f4830e68a70ff88fe11f16bf43"}, + {file = "oslo.serialization-5.4.0-py3-none-any.whl", hash = "sha256:f999b75f2c2904c2f6aae5efbb67ab668cc0e79470510b721937626b36427220"}, + {file = "oslo.serialization-5.4.0.tar.gz", hash = "sha256:315cb3465e99c685cb091b90365cb701bee7140e204ba3e5fc2d8a20b4ec6e76"}, ] [package.dependencies] msgpack = ">=0.5.2" "oslo.utils" = ">=3.33.0" pbr = ">=2.0.0,<2.1.0 || >2.1.0" -pytz = ">=2013.6" +tzdata = {version = ">=2022.4", markers = "python_version >= \"3.9\""} [[package]] name = "oslo-utils" -version = "6.1.0" +version = "7.1.0" description = "Oslo Utility library" optional = false python-versions = ">=3.8" files = [ - {file = "oslo.utils-6.1.0-py3-none-any.whl", hash = "sha256:b34648b1eb311dc3461e84a3bb75ed677fb0a49024def708057881e51759d5d6"}, - {file = "oslo.utils-6.1.0.tar.gz", hash = "sha256:76bc0108d50aca972b68fec8298e791b5fbcbeb9a51a27c6986b41b0a6a62eeb"}, + {file = "oslo.utils-7.1.0-py3-none-any.whl", hash = "sha256:1d6504526c33cc10ae2c72565d0446a82d2acd43eaa5e6f3fd901d78400a2da0"}, + {file = "oslo.utils-7.1.0.tar.gz", hash = "sha256:5e42f3394d1f1f976e8994ac4a0918966d2f7eaf7c77380dd612c4a4148dd98e"}, ] [package.dependencies] @@ -1285,39 +1203,40 @@ netifaces = ">=0.10.4" "oslo.i18n" = ">=3.15.3" packaging = ">=20.4" pyparsing = ">=2.1.0" -pytz = ">=2013.6" +PyYAML = ">=3.13" +tzdata = {version = ">=2022.4", markers = "python_version >= \"3.9\""} [[package]] name = "packaging" -version = "23.0" +version = "24.0" description = "Core utilities for Python packages" optional = false python-versions = ">=3.7" files = [ - {file = "packaging-23.0-py3-none-any.whl", hash = "sha256:714ac14496c3e68c99c29b00845f7a2b85f3bb6f1078fd9f72fd20f0570002b2"}, - {file = "packaging-23.0.tar.gz", hash = "sha256:b6ad297f8907de0fa2fe1ccbd26fdaf387f5f47c7275fedf8cce89f99446cf97"}, + {file = "packaging-24.0-py3-none-any.whl", hash = "sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5"}, + {file = "packaging-24.0.tar.gz", hash = "sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9"}, ] [[package]] name = "pbr" -version = "5.11.1" +version = "6.0.0" description = "Python Build Reasonableness" optional = false python-versions = ">=2.6" files = [ - {file = "pbr-5.11.1-py2.py3-none-any.whl", hash = "sha256:567f09558bae2b3ab53cb3c1e2e33e726ff3338e7bae3db5dc954b3a44eef12b"}, - {file = "pbr-5.11.1.tar.gz", hash = "sha256:aefc51675b0b533d56bb5fd1c8c6c0522fe31896679882e1c4c63d5e4a0fccb3"}, + {file = "pbr-6.0.0-py2.py3-none-any.whl", hash = "sha256:4a7317d5e3b17a3dccb6a8cfe67dab65b20551404c52c8ed41279fa4f0cb4cda"}, + {file = "pbr-6.0.0.tar.gz", hash = "sha256:d1377122a5a00e2f940ee482999518efe16d745d423a670c27773dfbc3c9a7d9"}, ] [[package]] name = "pluggy" -version = "1.0.0" +version = "1.5.0" description = "plugin and hook calling mechanisms for python" optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"}, - {file = "pluggy-1.0.0.tar.gz", hash = "sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"}, + {file = "pluggy-1.5.0-py3-none-any.whl", hash = "sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669"}, + {file = "pluggy-1.5.0.tar.gz", hash = "sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1"}, ] [package.extras] @@ -1348,13 +1267,13 @@ files = [ [[package]] name = "pycparser" -version = "2.21" +version = "2.22" description = "C parser in Python" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=3.8" files = [ - {file = "pycparser-2.21-py2.py3-none-any.whl", hash = "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9"}, - {file = "pycparser-2.21.tar.gz", hash = "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"}, + {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"}, + {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"}, ] [[package]] @@ -1370,17 +1289,18 @@ files = [ [[package]] name = "pygments" -version = "2.15.0" +version = "2.17.2" description = "Pygments is a syntax highlighting package written in Python." optional = false python-versions = ">=3.7" files = [ - {file = "Pygments-2.15.0-py3-none-any.whl", hash = "sha256:77a3299119af881904cd5ecd1ac6a66214b6e9bed1f2db16993b54adede64094"}, - {file = "Pygments-2.15.0.tar.gz", hash = "sha256:f7e36cffc4c517fbc252861b9a6e4644ca0e5abadf9a113c72d1358ad09b9500"}, + {file = "pygments-2.17.2-py3-none-any.whl", hash = "sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c"}, + {file = "pygments-2.17.2.tar.gz", hash = "sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367"}, ] [package.extras] plugins = ["importlib-metadata"] +windows-terminal = ["colorama (>=0.4.6)"] [[package]] name = "pyinotify" @@ -1392,83 +1312,32 @@ files = [ {file = "pyinotify-0.9.6.tar.gz", hash = "sha256:9c998a5d7606ca835065cdabc013ae6c66eb9ea76a00a1e3bc6e0cfe2b4f71f4"}, ] -[[package]] -name = "pymdown-extensions" -version = "9.9.2" -description = "Extension pack for Python Markdown." -optional = false -python-versions = ">=3.7" -files = [ - {file = "pymdown_extensions-9.9.2-py3-none-any.whl", hash = "sha256:c3d804eb4a42b85bafb5f36436342a5ad38df03878bb24db8855a4aa8b08b765"}, - {file = "pymdown_extensions-9.9.2.tar.gz", hash = "sha256:ebb33069bafcb64d5f5988043331d4ea4929325dc678a6bcf247ddfcf96499f8"}, -] - -[package.dependencies] -markdown = ">=3.2" - [[package]] name = "pyparsing" -version = "3.0.9" +version = "3.1.2" description = "pyparsing module - Classes and methods to define and execute parsing grammars" optional = false python-versions = ">=3.6.8" files = [ - {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"}, - {file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"}, + {file = "pyparsing-3.1.2-py3-none-any.whl", hash = "sha256:f9db75911801ed778fe61bb643079ff86601aca99fcae6345aa67292038fb742"}, + {file = "pyparsing-3.1.2.tar.gz", hash = "sha256:a1bac0ce561155ecc3ed78ca94d3c9378656ad4c94c1270de543f621420f94ad"}, ] [package.extras] diagrams = ["jinja2", "railroad-diagrams"] -[[package]] -name = "pyrsistent" -version = "0.19.3" -description = "Persistent/Functional/Immutable data structures" -optional = false -python-versions = ">=3.7" -files = [ - {file = "pyrsistent-0.19.3-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:20460ac0ea439a3e79caa1dbd560344b64ed75e85d8703943e0b66c2a6150e4a"}, - {file = "pyrsistent-0.19.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4c18264cb84b5e68e7085a43723f9e4c1fd1d935ab240ce02c0324a8e01ccb64"}, - {file = "pyrsistent-0.19.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4b774f9288dda8d425adb6544e5903f1fb6c273ab3128a355c6b972b7df39dcf"}, - {file = "pyrsistent-0.19.3-cp310-cp310-win32.whl", hash = "sha256:5a474fb80f5e0d6c9394d8db0fc19e90fa540b82ee52dba7d246a7791712f74a"}, - {file = "pyrsistent-0.19.3-cp310-cp310-win_amd64.whl", hash = "sha256:49c32f216c17148695ca0e02a5c521e28a4ee6c5089f97e34fe24163113722da"}, - {file = "pyrsistent-0.19.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:f0774bf48631f3a20471dd7c5989657b639fd2d285b861237ea9e82c36a415a9"}, - {file = "pyrsistent-0.19.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3ab2204234c0ecd8b9368dbd6a53e83c3d4f3cab10ecaf6d0e772f456c442393"}, - {file = "pyrsistent-0.19.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e42296a09e83028b3476f7073fcb69ffebac0e66dbbfd1bd847d61f74db30f19"}, - {file = "pyrsistent-0.19.3-cp311-cp311-win32.whl", hash = "sha256:64220c429e42a7150f4bfd280f6f4bb2850f95956bde93c6fda1b70507af6ef3"}, - {file = "pyrsistent-0.19.3-cp311-cp311-win_amd64.whl", hash = "sha256:016ad1afadf318eb7911baa24b049909f7f3bb2c5b1ed7b6a8f21db21ea3faa8"}, - {file = "pyrsistent-0.19.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c4db1bd596fefd66b296a3d5d943c94f4fac5bcd13e99bffe2ba6a759d959a28"}, - {file = "pyrsistent-0.19.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:aeda827381f5e5d65cced3024126529ddc4289d944f75e090572c77ceb19adbf"}, - {file = "pyrsistent-0.19.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:42ac0b2f44607eb92ae88609eda931a4f0dfa03038c44c772e07f43e738bcac9"}, - {file = "pyrsistent-0.19.3-cp37-cp37m-win32.whl", hash = "sha256:e8f2b814a3dc6225964fa03d8582c6e0b6650d68a232df41e3cc1b66a5d2f8d1"}, - {file = "pyrsistent-0.19.3-cp37-cp37m-win_amd64.whl", hash = "sha256:c9bb60a40a0ab9aba40a59f68214eed5a29c6274c83b2cc206a359c4a89fa41b"}, - {file = "pyrsistent-0.19.3-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:a2471f3f8693101975b1ff85ffd19bb7ca7dd7c38f8a81701f67d6b4f97b87d8"}, - {file = "pyrsistent-0.19.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cc5d149f31706762c1f8bda2e8c4f8fead6e80312e3692619a75301d3dbb819a"}, - {file = "pyrsistent-0.19.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3311cb4237a341aa52ab8448c27e3a9931e2ee09561ad150ba94e4cfd3fc888c"}, - {file = "pyrsistent-0.19.3-cp38-cp38-win32.whl", hash = "sha256:f0e7c4b2f77593871e918be000b96c8107da48444d57005b6a6bc61fb4331b2c"}, - {file = "pyrsistent-0.19.3-cp38-cp38-win_amd64.whl", hash = "sha256:c147257a92374fde8498491f53ffa8f4822cd70c0d85037e09028e478cababb7"}, - {file = "pyrsistent-0.19.3-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:b735e538f74ec31378f5a1e3886a26d2ca6351106b4dfde376a26fc32a044edc"}, - {file = "pyrsistent-0.19.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:99abb85579e2165bd8522f0c0138864da97847875ecbd45f3e7e2af569bfc6f2"}, - {file = "pyrsistent-0.19.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3a8cb235fa6d3fd7aae6a4f1429bbb1fec1577d978098da1252f0489937786f3"}, - {file = "pyrsistent-0.19.3-cp39-cp39-win32.whl", hash = "sha256:c74bed51f9b41c48366a286395c67f4e894374306b197e62810e0fdaf2364da2"}, - {file = "pyrsistent-0.19.3-cp39-cp39-win_amd64.whl", hash = "sha256:878433581fc23e906d947a6814336eee031a00e6defba224234169ae3d3d6a98"}, - {file = "pyrsistent-0.19.3-py3-none-any.whl", hash = "sha256:ccf0d6bd208f8111179f0c26fdf84ed7c3891982f2edaeae7422575f47e66b64"}, - {file = "pyrsistent-0.19.3.tar.gz", hash = "sha256:1a2994773706bbb4995c31a97bc94f1418314923bd1048c6d964837040376440"}, -] - [[package]] name = "pytest" -version = "7.2.1" +version = "7.4.4" description = "pytest: simple powerful testing with Python" optional = false python-versions = ">=3.7" files = [ - {file = "pytest-7.2.1-py3-none-any.whl", hash = "sha256:c7c6ca206e93355074ae32f7403e8ea12163b1163c976fee7d4d84027c162be5"}, - {file = "pytest-7.2.1.tar.gz", hash = "sha256:d45e0952f3727241918b8fd0f376f5ff6b301cc0777c6f9a556935c92d8a7d42"}, + {file = "pytest-7.4.4-py3-none-any.whl", hash = "sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8"}, + {file = "pytest-7.4.4.tar.gz", hash = "sha256:2cf0005922c6ace4a3e2ec8b4080eb0d9753fdc93107415332f50ce9e7994280"}, ] [package.dependencies] -attrs = ">=19.2.0" colorama = {version = "*", markers = "sys_platform == \"win32\""} exceptiongroup = {version = ">=1.0.0rc8", markers = "python_version < \"3.11\""} iniconfig = "*" @@ -1477,7 +1346,7 @@ pluggy = ">=0.12,<2.0" tomli = {version = ">=1.0.0", markers = "python_version < \"3.11\""} [package.extras] -testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "pygments (>=2.7.2)", "requests", "xmlschema"] +testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "nose", "pygments (>=2.7.2)", "requests", "setuptools", "xmlschema"] [[package]] name = "pytest-cov" @@ -1499,13 +1368,13 @@ testing = ["fields", "hunter", "process-tests", "pytest-xdist", "six", "virtuale [[package]] name = "pytest-forked" -version = "1.4.0" +version = "1.6.0" description = "run tests in isolated forked subprocesses" optional = false -python-versions = ">=3.6" +python-versions = ">=3.7" files = [ - {file = "pytest-forked-1.4.0.tar.gz", hash = "sha256:8b67587c8f98cbbadfdd804539ed5455b6ed03802203485dd2f53c1422d7440e"}, - {file = "pytest_forked-1.4.0-py3-none-any.whl", hash = "sha256:bbbb6717efc886b9d64537b41fb1497cfaf3c9601276be8da2cccfea5a3c8ad8"}, + {file = "pytest-forked-1.6.0.tar.gz", hash = "sha256:4dafd46a9a600f65d822b8f605133ecf5b3e1941ebb3588e943b4e3eb71a5a3f"}, + {file = "pytest_forked-1.6.0-py3-none-any.whl", hash = "sha256:810958f66a91afb1a1e2ae83089d8dc1cd2437ac96b12963042fbb9fb4d16af0"}, ] [package.dependencies] @@ -1514,35 +1383,35 @@ pytest = ">=3.10" [[package]] name = "pytest-mock" -version = "3.10.0" +version = "3.14.0" description = "Thin-wrapper around the mock package for easier use with pytest" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "pytest-mock-3.10.0.tar.gz", hash = "sha256:fbbdb085ef7c252a326fd8cdcac0aa3b1333d8811f131bdcc701002e1be7ed4f"}, - {file = "pytest_mock-3.10.0-py3-none-any.whl", hash = "sha256:f4c973eeae0282963eb293eb173ce91b091a79c1334455acfac9ddee8a1c784b"}, + {file = "pytest-mock-3.14.0.tar.gz", hash = "sha256:2719255a1efeceadbc056d6bf3df3d1c5015530fb40cf347c0f9afac88410bd0"}, + {file = "pytest_mock-3.14.0-py3-none-any.whl", hash = "sha256:0b72c38033392a5f4621342fe11e9219ac11ec9d375f8e2a0c164539e0d70f6f"}, ] [package.dependencies] -pytest = ">=5.0" +pytest = ">=6.2.5" [package.extras] dev = ["pre-commit", "pytest-asyncio", "tox"] [[package]] name = "pytest-xdist" -version = "3.1.0" +version = "3.6.1" description = "pytest xdist plugin for distributed testing, most importantly across multiple CPUs" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "pytest-xdist-3.1.0.tar.gz", hash = "sha256:40fdb8f3544921c5dfcd486ac080ce22870e71d82ced6d2e78fa97c2addd480c"}, - {file = "pytest_xdist-3.1.0-py3-none-any.whl", hash = "sha256:70a76f191d8a1d2d6be69fc440cdf85f3e4c03c08b520fd5dc5d338d6cf07d89"}, + {file = "pytest_xdist-3.6.1-py3-none-any.whl", hash = "sha256:9ed4adfb68a016610848639bb7e02c9352d5d9f03d04809919e2dafc3be4cca7"}, + {file = "pytest_xdist-3.6.1.tar.gz", hash = "sha256:ead156a4db231eec769737f57668ef58a2084a34b2e55c4a8fa20d861107300d"}, ] [package.dependencies] -execnet = ">=1.1" -pytest = ">=6.2.0" +execnet = ">=2.1" +pytest = ">=7.0.0" [package.extras] psutil = ["psutil (>=3.0)"] @@ -1551,228 +1420,220 @@ testing = ["filelock"] [[package]] name = "python-dateutil" -version = "2.8.2" +version = "2.9.0.post0" description = "Extensions to the standard Python datetime module" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" files = [ - {file = "python-dateutil-2.8.2.tar.gz", hash = "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"}, - {file = "python_dateutil-2.8.2-py2.py3-none-any.whl", hash = "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"}, + {file = "python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3"}, + {file = "python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"}, ] [package.dependencies] six = ">=1.5" [[package]] -name = "pytz" -version = "2023.3" -description = "World timezone definitions, modern and historical" +name = "pywin32" +version = "306" +description = "Python for Window Extensions" optional = false python-versions = "*" files = [ - {file = "pytz-2023.3-py2.py3-none-any.whl", hash = "sha256:a151b3abb88eda1d4e34a9814df37de2a80e301e68ba0fd856fb9b46bfbbbffb"}, - {file = "pytz-2023.3.tar.gz", hash = "sha256:1d8ce29db189191fb55338ee6d0387d82ab59f3d00eac103412d64e0ebd0c588"}, + {file = "pywin32-306-cp310-cp310-win32.whl", hash = "sha256:06d3420a5155ba65f0b72f2699b5bacf3109f36acbe8923765c22938a69dfc8d"}, + {file = "pywin32-306-cp310-cp310-win_amd64.whl", hash = "sha256:84f4471dbca1887ea3803d8848a1616429ac94a4a8d05f4bc9c5dcfd42ca99c8"}, + {file = "pywin32-306-cp311-cp311-win32.whl", hash = "sha256:e65028133d15b64d2ed8f06dd9fbc268352478d4f9289e69c190ecd6818b6407"}, + {file = "pywin32-306-cp311-cp311-win_amd64.whl", hash = "sha256:a7639f51c184c0272e93f244eb24dafca9b1855707d94c192d4a0b4c01e1100e"}, + {file = "pywin32-306-cp311-cp311-win_arm64.whl", hash = "sha256:70dba0c913d19f942a2db25217d9a1b726c278f483a919f1abfed79c9cf64d3a"}, + {file = "pywin32-306-cp312-cp312-win32.whl", hash = "sha256:383229d515657f4e3ed1343da8be101000562bf514591ff383ae940cad65458b"}, + {file = "pywin32-306-cp312-cp312-win_amd64.whl", hash = "sha256:37257794c1ad39ee9be652da0462dc2e394c8159dfd913a8a4e8eb6fd346da0e"}, + {file = "pywin32-306-cp312-cp312-win_arm64.whl", hash = "sha256:5821ec52f6d321aa59e2db7e0a35b997de60c201943557d108af9d4ae1ec7040"}, + {file = "pywin32-306-cp37-cp37m-win32.whl", hash = "sha256:1c73ea9a0d2283d889001998059f5eaaba3b6238f767c9cf2833b13e6a685f65"}, + {file = "pywin32-306-cp37-cp37m-win_amd64.whl", hash = "sha256:72c5f621542d7bdd4fdb716227be0dd3f8565c11b280be6315b06ace35487d36"}, + {file = "pywin32-306-cp38-cp38-win32.whl", hash = "sha256:e4c092e2589b5cf0d365849e73e02c391c1349958c5ac3e9d5ccb9a28e017b3a"}, + {file = "pywin32-306-cp38-cp38-win_amd64.whl", hash = "sha256:e8ac1ae3601bee6ca9f7cb4b5363bf1c0badb935ef243c4733ff9a393b1690c0"}, + {file = "pywin32-306-cp39-cp39-win32.whl", hash = "sha256:e25fd5b485b55ac9c057f67d94bc203f3f6595078d1fb3b458c9c28b7153a802"}, + {file = "pywin32-306-cp39-cp39-win_amd64.whl", hash = "sha256:39b61c15272833b5c329a2989999dcae836b1eed650252ab1b7bfbe1d59f30f4"}, ] [[package]] -name = "pywin32" -version = "305" -description = "Python for Window Extensions" -optional = false -python-versions = "*" -files = [ - {file = "pywin32-305-cp310-cp310-win32.whl", hash = "sha256:421f6cd86e84bbb696d54563c48014b12a23ef95a14e0bdba526be756d89f116"}, - {file = "pywin32-305-cp310-cp310-win_amd64.whl", hash = "sha256:73e819c6bed89f44ff1d690498c0a811948f73777e5f97c494c152b850fad478"}, - {file = "pywin32-305-cp310-cp310-win_arm64.whl", hash = "sha256:742eb905ce2187133a29365b428e6c3b9001d79accdc30aa8969afba1d8470f4"}, - {file = "pywin32-305-cp311-cp311-win32.whl", hash = "sha256:19ca459cd2e66c0e2cc9a09d589f71d827f26d47fe4a9d09175f6aa0256b51c2"}, - {file = "pywin32-305-cp311-cp311-win_amd64.whl", hash = "sha256:326f42ab4cfff56e77e3e595aeaf6c216712bbdd91e464d167c6434b28d65990"}, - {file = "pywin32-305-cp311-cp311-win_arm64.whl", hash = "sha256:4ecd404b2c6eceaca52f8b2e3e91b2187850a1ad3f8b746d0796a98b4cea04db"}, - {file = "pywin32-305-cp36-cp36m-win32.whl", hash = "sha256:48d8b1659284f3c17b68587af047d110d8c44837736b8932c034091683e05863"}, - {file = "pywin32-305-cp36-cp36m-win_amd64.whl", hash = "sha256:13362cc5aa93c2beaf489c9c9017c793722aeb56d3e5166dadd5ef82da021fe1"}, - {file = "pywin32-305-cp37-cp37m-win32.whl", hash = "sha256:a55db448124d1c1484df22fa8bbcbc45c64da5e6eae74ab095b9ea62e6d00496"}, - {file = "pywin32-305-cp37-cp37m-win_amd64.whl", hash = "sha256:109f98980bfb27e78f4df8a51a8198e10b0f347257d1e265bb1a32993d0c973d"}, - {file = "pywin32-305-cp38-cp38-win32.whl", hash = "sha256:9dd98384da775afa009bc04863426cb30596fd78c6f8e4e2e5bbf4edf8029504"}, - {file = "pywin32-305-cp38-cp38-win_amd64.whl", hash = "sha256:56d7a9c6e1a6835f521788f53b5af7912090674bb84ef5611663ee1595860fc7"}, - {file = "pywin32-305-cp39-cp39-win32.whl", hash = "sha256:9d968c677ac4d5cbdaa62fd3014ab241718e619d8e36ef8e11fb930515a1e918"}, - {file = "pywin32-305-cp39-cp39-win_amd64.whl", hash = "sha256:50768c6b7c3f0b38b7fb14dd4104da93ebced5f1a50dc0e834594bff6fbe1271"}, -] - -[[package]] -name = "PyYAML" -version = "6.0" +name = "pyyaml" +version = "6.0.1" description = "YAML parser and emitter for Python" optional = false python-versions = ">=3.6" files = [ - {file = "PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53"}, - {file = "PyYAML-6.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c"}, - {file = "PyYAML-6.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc"}, - {file = "PyYAML-6.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b"}, - {file = "PyYAML-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5"}, - {file = "PyYAML-6.0-cp310-cp310-win32.whl", hash = "sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513"}, - {file = "PyYAML-6.0-cp310-cp310-win_amd64.whl", hash = "sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a"}, - {file = "PyYAML-6.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d4b0ba9512519522b118090257be113b9468d804b19d63c71dbcf4a48fa32358"}, - {file = "PyYAML-6.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:81957921f441d50af23654aa6c5e5eaf9b06aba7f0a19c18a538dc7ef291c5a1"}, - {file = "PyYAML-6.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:afa17f5bc4d1b10afd4466fd3a44dc0e245382deca5b3c353d8b757f9e3ecb8d"}, - {file = "PyYAML-6.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:dbad0e9d368bb989f4515da330b88a057617d16b6a8245084f1b05400f24609f"}, - {file = "PyYAML-6.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:432557aa2c09802be39460360ddffd48156e30721f5e8d917f01d31694216782"}, - {file = "PyYAML-6.0-cp311-cp311-win32.whl", hash = "sha256:bfaef573a63ba8923503d27530362590ff4f576c626d86a9fed95822a8255fd7"}, - {file = "PyYAML-6.0-cp311-cp311-win_amd64.whl", hash = "sha256:01b45c0191e6d66c470b6cf1b9531a771a83c1c4208272ead47a3ae4f2f603bf"}, - {file = "PyYAML-6.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86"}, - {file = "PyYAML-6.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f"}, - {file = "PyYAML-6.0-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92"}, - {file = "PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4"}, - {file = "PyYAML-6.0-cp36-cp36m-win32.whl", hash = "sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293"}, - {file = "PyYAML-6.0-cp36-cp36m-win_amd64.whl", hash = "sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57"}, - {file = "PyYAML-6.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c"}, - {file = "PyYAML-6.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0"}, - {file = "PyYAML-6.0-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4"}, - {file = "PyYAML-6.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9"}, - {file = "PyYAML-6.0-cp37-cp37m-win32.whl", hash = "sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737"}, - {file = "PyYAML-6.0-cp37-cp37m-win_amd64.whl", hash = "sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d"}, - {file = "PyYAML-6.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b"}, - {file = "PyYAML-6.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba"}, - {file = "PyYAML-6.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34"}, - {file = "PyYAML-6.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287"}, - {file = "PyYAML-6.0-cp38-cp38-win32.whl", hash = "sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78"}, - {file = "PyYAML-6.0-cp38-cp38-win_amd64.whl", hash = "sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07"}, - {file = "PyYAML-6.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b"}, - {file = "PyYAML-6.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174"}, - {file = "PyYAML-6.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803"}, - {file = "PyYAML-6.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3"}, - {file = "PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0"}, - {file = "PyYAML-6.0-cp39-cp39-win32.whl", hash = "sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb"}, - {file = "PyYAML-6.0-cp39-cp39-win_amd64.whl", hash = "sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c"}, - {file = "PyYAML-6.0.tar.gz", hash = "sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"}, -] - -[[package]] -name = "pyyaml_env_tag" -version = "0.1" -description = "A custom YAML tag for referencing environment variables in YAML files. " + {file = "PyYAML-6.0.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a"}, + {file = "PyYAML-6.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f"}, + {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938"}, + {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d"}, + {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515"}, + {file = "PyYAML-6.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290"}, + {file = "PyYAML-6.0.1-cp310-cp310-win32.whl", hash = "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924"}, + {file = "PyYAML-6.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d"}, + {file = "PyYAML-6.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007"}, + {file = "PyYAML-6.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab"}, + {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d"}, + {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc"}, + {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673"}, + {file = "PyYAML-6.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b"}, + {file = "PyYAML-6.0.1-cp311-cp311-win32.whl", hash = "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741"}, + {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"}, + {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"}, + {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"}, + {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef"}, + {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"}, + {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"}, + {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"}, + {file = "PyYAML-6.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df"}, + {file = "PyYAML-6.0.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47"}, + {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98"}, + {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c"}, + {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd"}, + {file = "PyYAML-6.0.1-cp36-cp36m-win32.whl", hash = "sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585"}, + {file = "PyYAML-6.0.1-cp36-cp36m-win_amd64.whl", hash = "sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa"}, + {file = "PyYAML-6.0.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3"}, + {file = "PyYAML-6.0.1-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27"}, + {file = "PyYAML-6.0.1-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3"}, + {file = "PyYAML-6.0.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c"}, + {file = "PyYAML-6.0.1-cp37-cp37m-win32.whl", hash = "sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba"}, + {file = "PyYAML-6.0.1-cp37-cp37m-win_amd64.whl", hash = "sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867"}, + {file = "PyYAML-6.0.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595"}, + {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5"}, + {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696"}, + {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735"}, + {file = "PyYAML-6.0.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6"}, + {file = "PyYAML-6.0.1-cp38-cp38-win32.whl", hash = "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206"}, + {file = "PyYAML-6.0.1-cp38-cp38-win_amd64.whl", hash = "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62"}, + {file = "PyYAML-6.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8"}, + {file = "PyYAML-6.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859"}, + {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6"}, + {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0"}, + {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c"}, + {file = "PyYAML-6.0.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5"}, + {file = "PyYAML-6.0.1-cp39-cp39-win32.whl", hash = "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c"}, + {file = "PyYAML-6.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486"}, + {file = "PyYAML-6.0.1.tar.gz", hash = "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43"}, +] + +[[package]] +name = "referencing" +version = "0.35.0" +description = "JSON Referencing + Python" optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "pyyaml_env_tag-0.1-py3-none-any.whl", hash = "sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069"}, - {file = "pyyaml_env_tag-0.1.tar.gz", hash = "sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb"}, + {file = "referencing-0.35.0-py3-none-any.whl", hash = "sha256:8080727b30e364e5783152903672df9b6b091c926a146a759080b62ca3126cd6"}, + {file = "referencing-0.35.0.tar.gz", hash = "sha256:191e936b0c696d0af17ad7430a3dc68e88bc11be6514f4757dc890f04ab05889"}, ] [package.dependencies] -pyyaml = "*" +attrs = ">=22.2.0" +rpds-py = ">=0.7.0" [[package]] name = "regex" -version = "2022.10.31" +version = "2024.4.28" description = "Alternative regular expression module, to replace re." optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "regex-2022.10.31-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:a8ff454ef0bb061e37df03557afda9d785c905dab15584860f982e88be73015f"}, - {file = "regex-2022.10.31-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:1eba476b1b242620c266edf6325b443a2e22b633217a9835a52d8da2b5c051f9"}, - {file = "regex-2022.10.31-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d0e5af9a9effb88535a472e19169e09ce750c3d442fb222254a276d77808620b"}, - {file = "regex-2022.10.31-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d03fe67b2325cb3f09be029fd5da8df9e6974f0cde2c2ac6a79d2634e791dd57"}, - {file = "regex-2022.10.31-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a9d0b68ac1743964755ae2d89772c7e6fb0118acd4d0b7464eaf3921c6b49dd4"}, - {file = "regex-2022.10.31-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8a45b6514861916c429e6059a55cf7db74670eaed2052a648e3e4d04f070e001"}, - {file = "regex-2022.10.31-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:8b0886885f7323beea6f552c28bff62cbe0983b9fbb94126531693ea6c5ebb90"}, - {file = "regex-2022.10.31-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:5aefb84a301327ad115e9d346c8e2760009131d9d4b4c6b213648d02e2abe144"}, - {file = "regex-2022.10.31-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:702d8fc6f25bbf412ee706bd73019da5e44a8400861dfff7ff31eb5b4a1276dc"}, - {file = "regex-2022.10.31-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:a3c1ebd4ed8e76e886507c9eddb1a891673686c813adf889b864a17fafcf6d66"}, - {file = "regex-2022.10.31-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:50921c140561d3db2ab9f5b11c5184846cde686bb5a9dc64cae442926e86f3af"}, - {file = "regex-2022.10.31-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:7db345956ecce0c99b97b042b4ca7326feeec6b75facd8390af73b18e2650ffc"}, - {file = "regex-2022.10.31-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:763b64853b0a8f4f9cfb41a76a4a85a9bcda7fdda5cb057016e7706fde928e66"}, - {file = "regex-2022.10.31-cp310-cp310-win32.whl", hash = "sha256:44136355e2f5e06bf6b23d337a75386371ba742ffa771440b85bed367c1318d1"}, - {file = "regex-2022.10.31-cp310-cp310-win_amd64.whl", hash = "sha256:bfff48c7bd23c6e2aec6454aaf6edc44444b229e94743b34bdcdda2e35126cf5"}, - {file = "regex-2022.10.31-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:4b4b1fe58cd102d75ef0552cf17242705ce0759f9695334a56644ad2d83903fe"}, - {file = "regex-2022.10.31-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:542e3e306d1669b25936b64917285cdffcd4f5c6f0247636fec037187bd93542"}, - {file = "regex-2022.10.31-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c27cc1e4b197092e50ddbf0118c788d9977f3f8f35bfbbd3e76c1846a3443df7"}, - {file = "regex-2022.10.31-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b8e38472739028e5f2c3a4aded0ab7eadc447f0d84f310c7a8bb697ec417229e"}, - {file = "regex-2022.10.31-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:76c598ca73ec73a2f568e2a72ba46c3b6c8690ad9a07092b18e48ceb936e9f0c"}, - {file = "regex-2022.10.31-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c28d3309ebd6d6b2cf82969b5179bed5fefe6142c70f354ece94324fa11bf6a1"}, - {file = "regex-2022.10.31-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9af69f6746120998cd9c355e9c3c6aec7dff70d47247188feb4f829502be8ab4"}, - {file = "regex-2022.10.31-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:a5f9505efd574d1e5b4a76ac9dd92a12acb2b309551e9aa874c13c11caefbe4f"}, - {file = "regex-2022.10.31-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:5ff525698de226c0ca743bfa71fc6b378cda2ddcf0d22d7c37b1cc925c9650a5"}, - {file = "regex-2022.10.31-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:4fe7fda2fe7c8890d454f2cbc91d6c01baf206fbc96d89a80241a02985118c0c"}, - {file = "regex-2022.10.31-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:2cdc55ca07b4e70dda898d2ab7150ecf17c990076d3acd7a5f3b25cb23a69f1c"}, - {file = "regex-2022.10.31-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:44a6c2f6374e0033873e9ed577a54a3602b4f609867794c1a3ebba65e4c93ee7"}, - {file = "regex-2022.10.31-cp311-cp311-win32.whl", hash = "sha256:d8716f82502997b3d0895d1c64c3b834181b1eaca28f3f6336a71777e437c2af"}, - {file = "regex-2022.10.31-cp311-cp311-win_amd64.whl", hash = "sha256:61edbca89aa3f5ef7ecac8c23d975fe7261c12665f1d90a6b1af527bba86ce61"}, - {file = "regex-2022.10.31-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:0a069c8483466806ab94ea9068c34b200b8bfc66b6762f45a831c4baaa9e8cdd"}, - {file = "regex-2022.10.31-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d26166acf62f731f50bdd885b04b38828436d74e8e362bfcb8df221d868b5d9b"}, - {file = "regex-2022.10.31-cp36-cp36m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ac741bf78b9bb432e2d314439275235f41656e189856b11fb4e774d9f7246d81"}, - {file = "regex-2022.10.31-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:75f591b2055523fc02a4bbe598aa867df9e953255f0b7f7715d2a36a9c30065c"}, - {file = "regex-2022.10.31-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6b30bddd61d2a3261f025ad0f9ee2586988c6a00c780a2fb0a92cea2aa702c54"}, - {file = "regex-2022.10.31-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ef4163770525257876f10e8ece1cf25b71468316f61451ded1a6f44273eedeb5"}, - {file = "regex-2022.10.31-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:7b280948d00bd3973c1998f92e22aa3ecb76682e3a4255f33e1020bd32adf443"}, - {file = "regex-2022.10.31-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:d0213671691e341f6849bf33cd9fad21f7b1cb88b89e024f33370733fec58742"}, - {file = "regex-2022.10.31-cp36-cp36m-musllinux_1_1_i686.whl", hash = "sha256:22e7ebc231d28393dfdc19b185d97e14a0f178bedd78e85aad660e93b646604e"}, - {file = "regex-2022.10.31-cp36-cp36m-musllinux_1_1_ppc64le.whl", hash = "sha256:8ad241da7fac963d7573cc67a064c57c58766b62a9a20c452ca1f21050868dfa"}, - {file = "regex-2022.10.31-cp36-cp36m-musllinux_1_1_s390x.whl", hash = "sha256:586b36ebda81e6c1a9c5a5d0bfdc236399ba6595e1397842fd4a45648c30f35e"}, - {file = "regex-2022.10.31-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:0653d012b3bf45f194e5e6a41df9258811ac8fc395579fa82958a8b76286bea4"}, - {file = "regex-2022.10.31-cp36-cp36m-win32.whl", hash = "sha256:144486e029793a733e43b2e37df16a16df4ceb62102636ff3db6033994711066"}, - {file = "regex-2022.10.31-cp36-cp36m-win_amd64.whl", hash = "sha256:c14b63c9d7bab795d17392c7c1f9aaabbffd4cf4387725a0ac69109fb3b550c6"}, - {file = "regex-2022.10.31-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:4cac3405d8dda8bc6ed499557625585544dd5cbf32072dcc72b5a176cb1271c8"}, - {file = "regex-2022.10.31-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:23cbb932cc53a86ebde0fb72e7e645f9a5eec1a5af7aa9ce333e46286caef783"}, - {file = "regex-2022.10.31-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:74bcab50a13960f2a610cdcd066e25f1fd59e23b69637c92ad470784a51b1347"}, - {file = "regex-2022.10.31-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:78d680ef3e4d405f36f0d6d1ea54e740366f061645930072d39bca16a10d8c93"}, - {file = "regex-2022.10.31-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ce6910b56b700bea7be82c54ddf2e0ed792a577dfaa4a76b9af07d550af435c6"}, - {file = "regex-2022.10.31-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:659175b2144d199560d99a8d13b2228b85e6019b6e09e556209dfb8c37b78a11"}, - {file = "regex-2022.10.31-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:1ddf14031a3882f684b8642cb74eea3af93a2be68893901b2b387c5fd92a03ec"}, - {file = "regex-2022.10.31-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:b683e5fd7f74fb66e89a1ed16076dbab3f8e9f34c18b1979ded614fe10cdc4d9"}, - {file = "regex-2022.10.31-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:2bde29cc44fa81c0a0c8686992c3080b37c488df167a371500b2a43ce9f026d1"}, - {file = "regex-2022.10.31-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:4919899577ba37f505aaebdf6e7dc812d55e8f097331312db7f1aab18767cce8"}, - {file = "regex-2022.10.31-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:9c94f7cc91ab16b36ba5ce476f1904c91d6c92441f01cd61a8e2729442d6fcf5"}, - {file = "regex-2022.10.31-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:ae1e96785696b543394a4e3f15f3f225d44f3c55dafe3f206493031419fedf95"}, - {file = "regex-2022.10.31-cp37-cp37m-win32.whl", hash = "sha256:c670f4773f2f6f1957ff8a3962c7dd12e4be54d05839b216cb7fd70b5a1df394"}, - {file = "regex-2022.10.31-cp37-cp37m-win_amd64.whl", hash = "sha256:8e0caeff18b96ea90fc0eb6e3bdb2b10ab5b01a95128dfeccb64a7238decf5f0"}, - {file = "regex-2022.10.31-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:131d4be09bea7ce2577f9623e415cab287a3c8e0624f778c1d955ec7c281bd4d"}, - {file = "regex-2022.10.31-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:e613a98ead2005c4ce037c7b061f2409a1a4e45099edb0ef3200ee26ed2a69a8"}, - {file = "regex-2022.10.31-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:052b670fafbe30966bbe5d025e90b2a491f85dfe5b2583a163b5e60a85a321ad"}, - {file = "regex-2022.10.31-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:aa62a07ac93b7cb6b7d0389d8ef57ffc321d78f60c037b19dfa78d6b17c928ee"}, - {file = "regex-2022.10.31-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5352bea8a8f84b89d45ccc503f390a6be77917932b1c98c4cdc3565137acc714"}, - {file = "regex-2022.10.31-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:20f61c9944f0be2dc2b75689ba409938c14876c19d02f7585af4460b6a21403e"}, - {file = "regex-2022.10.31-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:29c04741b9ae13d1e94cf93fca257730b97ce6ea64cfe1eba11cf9ac4e85afb6"}, - {file = "regex-2022.10.31-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:543883e3496c8b6d58bd036c99486c3c8387c2fc01f7a342b760c1ea3158a318"}, - {file = "regex-2022.10.31-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:b7a8b43ee64ca8f4befa2bea4083f7c52c92864d8518244bfa6e88c751fa8fff"}, - {file = "regex-2022.10.31-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:6a9a19bea8495bb419dc5d38c4519567781cd8d571c72efc6aa959473d10221a"}, - {file = "regex-2022.10.31-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:6ffd55b5aedc6f25fd8d9f905c9376ca44fcf768673ffb9d160dd6f409bfda73"}, - {file = "regex-2022.10.31-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:4bdd56ee719a8f751cf5a593476a441c4e56c9b64dc1f0f30902858c4ef8771d"}, - {file = "regex-2022.10.31-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:8ca88da1bd78990b536c4a7765f719803eb4f8f9971cc22d6ca965c10a7f2c4c"}, - {file = "regex-2022.10.31-cp38-cp38-win32.whl", hash = "sha256:5a260758454580f11dd8743fa98319bb046037dfab4f7828008909d0aa5292bc"}, - {file = "regex-2022.10.31-cp38-cp38-win_amd64.whl", hash = "sha256:5e6a5567078b3eaed93558842346c9d678e116ab0135e22eb72db8325e90b453"}, - {file = "regex-2022.10.31-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:5217c25229b6a85049416a5c1e6451e9060a1edcf988641e309dbe3ab26d3e49"}, - {file = "regex-2022.10.31-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:4bf41b8b0a80708f7e0384519795e80dcb44d7199a35d52c15cc674d10b3081b"}, - {file = "regex-2022.10.31-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0cf0da36a212978be2c2e2e2d04bdff46f850108fccc1851332bcae51c8907cc"}, - {file = "regex-2022.10.31-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d403d781b0e06d2922435ce3b8d2376579f0c217ae491e273bab8d092727d244"}, - {file = "regex-2022.10.31-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a37d51fa9a00d265cf73f3de3930fa9c41548177ba4f0faf76e61d512c774690"}, - {file = "regex-2022.10.31-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e4f781ffedd17b0b834c8731b75cce2639d5a8afe961c1e58ee7f1f20b3af185"}, - {file = "regex-2022.10.31-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d243b36fbf3d73c25e48014961e83c19c9cc92530516ce3c43050ea6276a2ab7"}, - {file = "regex-2022.10.31-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:370f6e97d02bf2dd20d7468ce4f38e173a124e769762d00beadec3bc2f4b3bc4"}, - {file = "regex-2022.10.31-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:597f899f4ed42a38df7b0e46714880fb4e19a25c2f66e5c908805466721760f5"}, - {file = "regex-2022.10.31-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:7dbdce0c534bbf52274b94768b3498abdf675a691fec5f751b6057b3030f34c1"}, - {file = "regex-2022.10.31-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:22960019a842777a9fa5134c2364efaed5fbf9610ddc5c904bd3a400973b0eb8"}, - {file = "regex-2022.10.31-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:7f5a3ffc731494f1a57bd91c47dc483a1e10048131ffb52d901bfe2beb6102e8"}, - {file = "regex-2022.10.31-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:7ef6b5942e6bfc5706301a18a62300c60db9af7f6368042227ccb7eeb22d0892"}, - {file = "regex-2022.10.31-cp39-cp39-win32.whl", hash = "sha256:395161bbdbd04a8333b9ff9763a05e9ceb4fe210e3c7690f5e68cedd3d65d8e1"}, - {file = "regex-2022.10.31-cp39-cp39-win_amd64.whl", hash = "sha256:957403a978e10fb3ca42572a23e6f7badff39aa1ce2f4ade68ee452dc6807692"}, - {file = "regex-2022.10.31.tar.gz", hash = "sha256:a3a98921da9a1bf8457aeee6a551948a83601689e5ecdd736894ea9bbec77e83"}, + {file = "regex-2024.4.28-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:cd196d056b40af073d95a2879678585f0b74ad35190fac04ca67954c582c6b61"}, + {file = "regex-2024.4.28-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:8bb381f777351bd534462f63e1c6afb10a7caa9fa2a421ae22c26e796fe31b1f"}, + {file = "regex-2024.4.28-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:47af45b6153522733aa6e92543938e97a70ce0900649ba626cf5aad290b737b6"}, + {file = "regex-2024.4.28-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:99d6a550425cc51c656331af0e2b1651e90eaaa23fb4acde577cf15068e2e20f"}, + {file = "regex-2024.4.28-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:bf29304a8011feb58913c382902fde3395957a47645bf848eea695839aa101b7"}, + {file = "regex-2024.4.28-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:92da587eee39a52c91aebea8b850e4e4f095fe5928d415cb7ed656b3460ae79a"}, + {file = "regex-2024.4.28-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6277d426e2f31bdbacb377d17a7475e32b2d7d1f02faaecc48d8e370c6a3ff31"}, + {file = "regex-2024.4.28-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:28e1f28d07220c0f3da0e8fcd5a115bbb53f8b55cecf9bec0c946eb9a059a94c"}, + {file = "regex-2024.4.28-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:aaa179975a64790c1f2701ac562b5eeb733946eeb036b5bcca05c8d928a62f10"}, + {file = "regex-2024.4.28-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:6f435946b7bf7a1b438b4e6b149b947c837cb23c704e780c19ba3e6855dbbdd3"}, + {file = "regex-2024.4.28-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:19d6c11bf35a6ad077eb23852827f91c804eeb71ecb85db4ee1386825b9dc4db"}, + {file = "regex-2024.4.28-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:fdae0120cddc839eb8e3c15faa8ad541cc6d906d3eb24d82fb041cfe2807bc1e"}, + {file = "regex-2024.4.28-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:e672cf9caaf669053121f1766d659a8813bd547edef6e009205378faf45c67b8"}, + {file = "regex-2024.4.28-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:f57515750d07e14743db55d59759893fdb21d2668f39e549a7d6cad5d70f9fea"}, + {file = "regex-2024.4.28-cp310-cp310-win32.whl", hash = "sha256:a1409c4eccb6981c7baabc8888d3550df518add6e06fe74fa1d9312c1838652d"}, + {file = "regex-2024.4.28-cp310-cp310-win_amd64.whl", hash = "sha256:1f687a28640f763f23f8a9801fe9e1b37338bb1ca5d564ddd41619458f1f22d1"}, + {file = "regex-2024.4.28-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:84077821c85f222362b72fdc44f7a3a13587a013a45cf14534df1cbbdc9a6796"}, + {file = "regex-2024.4.28-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:b45d4503de8f4f3dc02f1d28a9b039e5504a02cc18906cfe744c11def942e9eb"}, + {file = "regex-2024.4.28-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:457c2cd5a646dd4ed536c92b535d73548fb8e216ebee602aa9f48e068fc393f3"}, + {file = "regex-2024.4.28-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2b51739ddfd013c6f657b55a508de8b9ea78b56d22b236052c3a85a675102dc6"}, + {file = "regex-2024.4.28-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:459226445c7d7454981c4c0ce0ad1a72e1e751c3e417f305722bbcee6697e06a"}, + {file = "regex-2024.4.28-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:670fa596984b08a4a769491cbdf22350431970d0112e03d7e4eeaecaafcd0fec"}, + {file = "regex-2024.4.28-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fe00f4fe11c8a521b173e6324d862ee7ee3412bf7107570c9b564fe1119b56fb"}, + {file = "regex-2024.4.28-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:36f392dc7763fe7924575475736bddf9ab9f7a66b920932d0ea50c2ded2f5636"}, + {file = "regex-2024.4.28-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:23a412b7b1a7063f81a742463f38821097b6a37ce1e5b89dd8e871d14dbfd86b"}, + {file = "regex-2024.4.28-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:f1d6e4b7b2ae3a6a9df53efbf199e4bfcff0959dbdb5fd9ced34d4407348e39a"}, + {file = "regex-2024.4.28-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:499334ad139557de97cbc4347ee921c0e2b5e9c0f009859e74f3f77918339257"}, + {file = "regex-2024.4.28-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:0940038bec2fe9e26b203d636c44d31dd8766abc1fe66262da6484bd82461ccf"}, + {file = "regex-2024.4.28-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:66372c2a01782c5fe8e04bff4a2a0121a9897e19223d9eab30c54c50b2ebeb7f"}, + {file = "regex-2024.4.28-cp311-cp311-win32.whl", hash = "sha256:c77d10ec3c1cf328b2f501ca32583625987ea0f23a0c2a49b37a39ee5c4c4630"}, + {file = "regex-2024.4.28-cp311-cp311-win_amd64.whl", hash = "sha256:fc0916c4295c64d6890a46e02d4482bb5ccf33bf1a824c0eaa9e83b148291f90"}, + {file = "regex-2024.4.28-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:08a1749f04fee2811c7617fdd46d2e46d09106fa8f475c884b65c01326eb15c5"}, + {file = "regex-2024.4.28-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:b8eb28995771c087a73338f695a08c9abfdf723d185e57b97f6175c5051ff1ae"}, + {file = "regex-2024.4.28-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:dd7ef715ccb8040954d44cfeff17e6b8e9f79c8019daae2fd30a8806ef5435c0"}, + {file = "regex-2024.4.28-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:fb0315a2b26fde4005a7c401707c5352df274460f2f85b209cf6024271373013"}, + {file = "regex-2024.4.28-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f2fc053228a6bd3a17a9b0a3f15c3ab3cf95727b00557e92e1cfe094b88cc662"}, + {file = "regex-2024.4.28-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7fe9739a686dc44733d52d6e4f7b9c77b285e49edf8570754b322bca6b85b4cc"}, + {file = "regex-2024.4.28-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a74fcf77d979364f9b69fcf8200849ca29a374973dc193a7317698aa37d8b01c"}, + {file = "regex-2024.4.28-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:965fd0cf4694d76f6564896b422724ec7b959ef927a7cb187fc6b3f4e4f59833"}, + {file = "regex-2024.4.28-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:2fef0b38c34ae675fcbb1b5db760d40c3fc3612cfa186e9e50df5782cac02bcd"}, + {file = "regex-2024.4.28-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bc365ce25f6c7c5ed70e4bc674f9137f52b7dd6a125037f9132a7be52b8a252f"}, + {file = "regex-2024.4.28-cp312-cp312-musllinux_1_1_ppc64le.whl", hash = "sha256:ac69b394764bb857429b031d29d9604842bc4cbfd964d764b1af1868eeebc4f0"}, + {file = "regex-2024.4.28-cp312-cp312-musllinux_1_1_s390x.whl", hash = "sha256:144a1fc54765f5c5c36d6d4b073299832aa1ec6a746a6452c3ee7b46b3d3b11d"}, + {file = "regex-2024.4.28-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:2630ca4e152c221072fd4a56d4622b5ada876f668ecd24d5ab62544ae6793ed6"}, + {file = "regex-2024.4.28-cp312-cp312-win32.whl", hash = "sha256:7f3502f03b4da52bbe8ba962621daa846f38489cae5c4a7b5d738f15f6443d17"}, + {file = "regex-2024.4.28-cp312-cp312-win_amd64.whl", hash = "sha256:0dd3f69098511e71880fb00f5815db9ed0ef62c05775395968299cb400aeab82"}, + {file = "regex-2024.4.28-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:374f690e1dd0dbdcddea4a5c9bdd97632cf656c69113f7cd6a361f2a67221cb6"}, + {file = "regex-2024.4.28-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:25f87ae6b96374db20f180eab083aafe419b194e96e4f282c40191e71980c666"}, + {file = "regex-2024.4.28-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:5dbc1bcc7413eebe5f18196e22804a3be1bfdfc7e2afd415e12c068624d48247"}, + {file = "regex-2024.4.28-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f85151ec5a232335f1be022b09fbbe459042ea1951d8a48fef251223fc67eee1"}, + {file = "regex-2024.4.28-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:57ba112e5530530fd175ed550373eb263db4ca98b5f00694d73b18b9a02e7185"}, + {file = "regex-2024.4.28-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:224803b74aab56aa7be313f92a8d9911dcade37e5f167db62a738d0c85fdac4b"}, + {file = "regex-2024.4.28-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0a54a047b607fd2d2d52a05e6ad294602f1e0dec2291152b745870afc47c1397"}, + {file = "regex-2024.4.28-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0a2a512d623f1f2d01d881513af9fc6a7c46e5cfffb7dc50c38ce959f9246c94"}, + {file = "regex-2024.4.28-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:c06bf3f38f0707592898428636cbb75d0a846651b053a1cf748763e3063a6925"}, + {file = "regex-2024.4.28-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:1031a5e7b048ee371ab3653aad3030ecfad6ee9ecdc85f0242c57751a05b0ac4"}, + {file = "regex-2024.4.28-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:d7a353ebfa7154c871a35caca7bfd8f9e18666829a1dc187115b80e35a29393e"}, + {file = "regex-2024.4.28-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:7e76b9cfbf5ced1aca15a0e5b6f229344d9b3123439ffce552b11faab0114a02"}, + {file = "regex-2024.4.28-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:5ce479ecc068bc2a74cb98dd8dba99e070d1b2f4a8371a7dfe631f85db70fe6e"}, + {file = "regex-2024.4.28-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:7d77b6f63f806578c604dca209280e4c54f0fa9a8128bb8d2cc5fb6f99da4150"}, + {file = "regex-2024.4.28-cp38-cp38-win32.whl", hash = "sha256:d84308f097d7a513359757c69707ad339da799e53b7393819ec2ea36bc4beb58"}, + {file = "regex-2024.4.28-cp38-cp38-win_amd64.whl", hash = "sha256:2cc1b87bba1dd1a898e664a31012725e48af826bf3971e786c53e32e02adae6c"}, + {file = "regex-2024.4.28-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:7413167c507a768eafb5424413c5b2f515c606be5bb4ef8c5dee43925aa5718b"}, + {file = "regex-2024.4.28-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:108e2dcf0b53a7c4ab8986842a8edcb8ab2e59919a74ff51c296772e8e74d0ae"}, + {file = "regex-2024.4.28-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:f1c5742c31ba7d72f2dedf7968998730664b45e38827637e0f04a2ac7de2f5f1"}, + {file = "regex-2024.4.28-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ecc6148228c9ae25ce403eade13a0961de1cb016bdb35c6eafd8e7b87ad028b1"}, + {file = "regex-2024.4.28-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b7d893c8cf0e2429b823ef1a1d360a25950ed11f0e2a9df2b5198821832e1947"}, + {file = "regex-2024.4.28-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4290035b169578ffbbfa50d904d26bec16a94526071ebec3dadbebf67a26b25e"}, + {file = "regex-2024.4.28-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:44a22ae1cfd82e4ffa2066eb3390777dc79468f866f0625261a93e44cdf6482b"}, + {file = "regex-2024.4.28-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fd24fd140b69f0b0bcc9165c397e9b2e89ecbeda83303abf2a072609f60239e2"}, + {file = "regex-2024.4.28-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:39fb166d2196413bead229cd64a2ffd6ec78ebab83fff7d2701103cf9f4dfd26"}, + {file = "regex-2024.4.28-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:9301cc6db4d83d2c0719f7fcda37229691745168bf6ae849bea2e85fc769175d"}, + {file = "regex-2024.4.28-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:7c3d389e8d76a49923683123730c33e9553063d9041658f23897f0b396b2386f"}, + {file = "regex-2024.4.28-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:99ef6289b62042500d581170d06e17f5353b111a15aa6b25b05b91c6886df8fc"}, + {file = "regex-2024.4.28-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:b91d529b47798c016d4b4c1d06cc826ac40d196da54f0de3c519f5a297c5076a"}, + {file = "regex-2024.4.28-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:43548ad74ea50456e1c68d3c67fff3de64c6edb85bcd511d1136f9b5376fc9d1"}, + {file = "regex-2024.4.28-cp39-cp39-win32.whl", hash = "sha256:05d9b6578a22db7dedb4df81451f360395828b04f4513980b6bd7a1412c679cc"}, + {file = "regex-2024.4.28-cp39-cp39-win_amd64.whl", hash = "sha256:3986217ec830c2109875be740531feb8ddafe0dfa49767cdcd072ed7e8927962"}, + {file = "regex-2024.4.28.tar.gz", hash = "sha256:83ab366777ea45d58f72593adf35d36ca911ea8bd838483c1823b883a121b0e4"}, ] [[package]] name = "requests" -version = "2.28.2" +version = "2.31.0" description = "Python HTTP for Humans." optional = false -python-versions = ">=3.7, <4" +python-versions = ">=3.7" files = [ - {file = "requests-2.28.2-py3-none-any.whl", hash = "sha256:64299f4909223da747622c030b781c0d7811e359c37124b4bd368fb8c6518baa"}, - {file = "requests-2.28.2.tar.gz", hash = "sha256:98b1b2782e3c6c4904938b84c0eb932721069dfdb9134313beff7c83c2df24bf"}, + {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"}, + {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"}, ] [package.dependencies] certifi = ">=2017.4.17" charset-normalizer = ">=2,<4" idna = ">=2.5,<4" -urllib3 = ">=1.21.1,<1.27" +urllib3 = ">=1.21.1,<3" [package.extras] socks = ["PySocks (>=1.5.6,!=1.5.7)"] @@ -1791,13 +1652,13 @@ files = [ [[package]] name = "resolvelib" -version = "0.8.1" +version = "1.0.1" description = "Resolve abstract dependencies into concrete ones" optional = false python-versions = "*" files = [ - {file = "resolvelib-0.8.1-py2.py3-none-any.whl", hash = "sha256:d9b7907f055c3b3a2cfc56c914ffd940122915826ff5fb5b1de0c99778f4de98"}, - {file = "resolvelib-0.8.1.tar.gz", hash = "sha256:c6ea56732e9fb6fca1b2acc2ccc68a0b6b8c566d8f3e78e0443310ede61dbd37"}, + {file = "resolvelib-1.0.1-py2.py3-none-any.whl", hash = "sha256:d2da45d1a8dfee81bdd591647783e340ef3bcb104b54c383f70d422ef5cc7dbf"}, + {file = "resolvelib-1.0.1.tar.gz", hash = "sha256:04ce76cbd63fded2078ce224785da6ecd42b9564b1390793f64ddecbe997b309"}, ] [package.extras] @@ -1822,44 +1683,152 @@ idna2008 = ["idna"] [[package]] name = "rich" -version = "13.3.1" +version = "13.7.1" description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" optional = false python-versions = ">=3.7.0" files = [ - {file = "rich-13.3.1-py3-none-any.whl", hash = "sha256:8aa57747f3fc3e977684f0176a88e789be314a99f99b43b75d1e9cb5dc6db9e9"}, - {file = "rich-13.3.1.tar.gz", hash = "sha256:125d96d20c92b946b983d0d392b84ff945461e5a06d3867e9f9e575f8697b67f"}, + {file = "rich-13.7.1-py3-none-any.whl", hash = "sha256:4edbae314f59eb482f54e9e30bf00d33350aaa94f4bfcd4e9e3110e64d0d7222"}, + {file = "rich-13.7.1.tar.gz", hash = "sha256:9be308cb1fe2f1f57d67ce99e95af38a1e2bc71ad9813b0e247cf7ffbcc3a432"}, ] [package.dependencies] -markdown-it-py = ">=2.1.0,<3.0.0" -pygments = ">=2.14.0,<3.0.0" +markdown-it-py = ">=2.2.0" +pygments = ">=2.13.0,<3.0.0" [package.extras] jupyter = ["ipywidgets (>=7.5.1,<9)"] [[package]] name = "rjsonnet" -version = "0.5.2" +version = "0.5.4" description = "Python bindings to Rust jrsonnet crate" optional = false python-versions = "*" files = [ - {file = "rjsonnet-0.5.2-cp37-abi3-macosx_10_7_x86_64.whl", hash = "sha256:f6e72ea6859cd7d64dd04a7c6ba53d7abe6437336b8e51768e482b82f352b380"}, - {file = "rjsonnet-0.5.2-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:162e3a5a01591ccc4b0e589a1afcbbe01abab3762fef110cb25f6dbd5be18b1f"}, - {file = "rjsonnet-0.5.2-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e2fdf3f967b924020a752c45e772c107586f458c71dff1de18977cf5cc84de48"}, - {file = "rjsonnet-0.5.2-cp37-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a3159d1309bbff4e34406e1f0259191bba5d7b7f91021061f6211298bdc22307"}, - {file = "rjsonnet-0.5.2-cp37-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:357a75e5ea45c674c430b7a7146d3be182e64a1b4fcb569ba9878e0ca04e8369"}, - {file = "rjsonnet-0.5.2-cp37-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d14d5245c0448676125556578d489b93c13525ceb4313aa6ddfba9677b5342c5"}, - {file = "rjsonnet-0.5.2-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d5a8b72d318b2f1f24df3f7f5ed5436522f02aaf3ee8b8f4d635417fe863f6a7"}, - {file = "rjsonnet-0.5.2-cp37-abi3-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:4bae1eb251b4e2cd7aadcc57ba99e009f1a0bb257d348095f18e7fb3f882ab36"}, - {file = "rjsonnet-0.5.2-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:6b01c34690d64068fb01ad62356b5b7b40bdc1b8804cfbcc6fa6a80ee86e6905"}, - {file = "rjsonnet-0.5.2-cp37-abi3-musllinux_1_2_armv7l.whl", hash = "sha256:1a8a7e587fcab68253d47bb8b76b7fe75821f649612dbca9bc43caccd8d883b9"}, - {file = "rjsonnet-0.5.2-cp37-abi3-musllinux_1_2_i686.whl", hash = "sha256:1388aeb0b3caa6ce206517f8da95ed22ccca074b6f8eca94a91d526bb76bb392"}, - {file = "rjsonnet-0.5.2-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:e0f5f447ea76fb279d3310ff695cee6fee52c0101d2260bafb62de2abdc44c8d"}, - {file = "rjsonnet-0.5.2-cp37-abi3-win32.whl", hash = "sha256:f402453f6051893ddc83377afbda6bcf6cc2a81613a65090d8dc50327ab8996c"}, - {file = "rjsonnet-0.5.2-cp37-abi3-win_amd64.whl", hash = "sha256:6b7c5d2d1ee0fed32f448681cc011b93bfb718290173a15f5f055124c089ecec"}, - {file = "rjsonnet-0.5.2.tar.gz", hash = "sha256:95062261ffdef831a9e44a35e2d3a97a91d3870dac364ed6beae57d0851eeecd"}, + {file = "rjsonnet-0.5.4-cp37-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl", hash = "sha256:fca45e06abbabf4c6b1f8ec9821e5be355687cbb1e73fbad5ce68c94a66a2154"}, + {file = "rjsonnet-0.5.4-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:97f55f4eb611aaa05f73eb93f318e5d15a7838849be0044adbba0c5bacc575e7"}, + {file = "rjsonnet-0.5.4-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a0eb4ab241206829955108c44d810342f1c19f447a4d7c44a49374e96770c08b"}, + {file = "rjsonnet-0.5.4-cp37-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a8a2e51d319919eb480407fa98a098bec337035d9786c19b03a2b60735433a0e"}, + {file = "rjsonnet-0.5.4-cp37-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e47beb353e4300d67f90803845e83be392346ece0b398dccd15b7576ee1c38db"}, + {file = "rjsonnet-0.5.4-cp37-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:044062aeb90bfc1e205e76d1312c010f4ef02ffed0c7e2a7bb0e78388e676c90"}, + {file = "rjsonnet-0.5.4-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c8d59ad043680b9984ae0328a64b63348f7ff366d1c439117d2c61e2c15c1869"}, + {file = "rjsonnet-0.5.4-cp37-abi3-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:10671a6b58a81da38cb9ae123fb0f9d0c444abdc2d82840465fd72ab09599cbf"}, + {file = "rjsonnet-0.5.4-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:1f4af448bf566880d9072eff10171c34374cdce104046fba601532ad11605f44"}, + {file = "rjsonnet-0.5.4-cp37-abi3-musllinux_1_2_armv7l.whl", hash = "sha256:5044a082187f4172b7df36fa51c15ea87431dcd67260e1b8b8356684698c310e"}, + {file = "rjsonnet-0.5.4-cp37-abi3-musllinux_1_2_i686.whl", hash = "sha256:58b8e058f103010debedc2ded3f957abf63942d08c82c2af69ad736cc28836d5"}, + {file = "rjsonnet-0.5.4-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:b71a0d25380b58c5e0bab0d98afdba19c7351fa7d2f5729b90d7e41759f3f4ae"}, + {file = "rjsonnet-0.5.4-cp37-abi3-win32.whl", hash = "sha256:e8449c8d3636f571854a158c6f6e1308a6e3adfab393f265e0f91950fd9fcd9b"}, + {file = "rjsonnet-0.5.4-cp37-abi3-win_amd64.whl", hash = "sha256:c28f8405e1a9226ba5c03b0802cf3357cb7ac97ef90417fb2f337671a023d3ce"}, + {file = "rjsonnet-0.5.4.tar.gz", hash = "sha256:4e32a8fff9400a9c7df8d8595f2986e86e5bac3544a8eeb70c2630bb16839df6"}, +] + +[[package]] +name = "rpds-py" +version = "0.18.0" +description = "Python bindings to Rust's persistent data structures (rpds)" +optional = false +python-versions = ">=3.8" +files = [ + {file = "rpds_py-0.18.0-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:5b4e7d8d6c9b2e8ee2d55c90b59c707ca59bc30058269b3db7b1f8df5763557e"}, + {file = "rpds_py-0.18.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c463ed05f9dfb9baebef68048aed8dcdc94411e4bf3d33a39ba97e271624f8f7"}, + {file = "rpds_py-0.18.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:01e36a39af54a30f28b73096dd39b6802eddd04c90dbe161c1b8dbe22353189f"}, + {file = "rpds_py-0.18.0-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d62dec4976954a23d7f91f2f4530852b0c7608116c257833922a896101336c51"}, + {file = "rpds_py-0.18.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:dd18772815d5f008fa03d2b9a681ae38d5ae9f0e599f7dda233c439fcaa00d40"}, + {file = "rpds_py-0.18.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:923d39efa3cfb7279a0327e337a7958bff00cc447fd07a25cddb0a1cc9a6d2da"}, + {file = "rpds_py-0.18.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:39514da80f971362f9267c600b6d459bfbbc549cffc2cef8e47474fddc9b45b1"}, + {file = "rpds_py-0.18.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a34d557a42aa28bd5c48a023c570219ba2593bcbbb8dc1b98d8cf5d529ab1434"}, + {file = "rpds_py-0.18.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:93df1de2f7f7239dc9cc5a4a12408ee1598725036bd2dedadc14d94525192fc3"}, + {file = "rpds_py-0.18.0-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:34b18ba135c687f4dac449aa5157d36e2cbb7c03cbea4ddbd88604e076aa836e"}, + {file = "rpds_py-0.18.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:c0b5dcf9193625afd8ecc92312d6ed78781c46ecbf39af9ad4681fc9f464af88"}, + {file = "rpds_py-0.18.0-cp310-none-win32.whl", hash = "sha256:c4325ff0442a12113a6379af66978c3fe562f846763287ef66bdc1d57925d337"}, + {file = "rpds_py-0.18.0-cp310-none-win_amd64.whl", hash = "sha256:7223a2a5fe0d217e60a60cdae28d6949140dde9c3bcc714063c5b463065e3d66"}, + {file = "rpds_py-0.18.0-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:3a96e0c6a41dcdba3a0a581bbf6c44bb863f27c541547fb4b9711fd8cf0ffad4"}, + {file = "rpds_py-0.18.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:30f43887bbae0d49113cbaab729a112251a940e9b274536613097ab8b4899cf6"}, + {file = "rpds_py-0.18.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:fcb25daa9219b4cf3a0ab24b0eb9a5cc8949ed4dc72acb8fa16b7e1681aa3c58"}, + {file = "rpds_py-0.18.0-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d68c93e381010662ab873fea609bf6c0f428b6d0bb00f2c6939782e0818d37bf"}, + {file = "rpds_py-0.18.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b34b7aa8b261c1dbf7720b5d6f01f38243e9b9daf7e6b8bc1fd4657000062f2c"}, + {file = "rpds_py-0.18.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2e6d75ab12b0bbab7215e5d40f1e5b738aa539598db27ef83b2ec46747df90e1"}, + {file = "rpds_py-0.18.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b8612cd233543a3781bc659c731b9d607de65890085098986dfd573fc2befe5"}, + {file = "rpds_py-0.18.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:aec493917dd45e3c69d00a8874e7cbed844efd935595ef78a0f25f14312e33c6"}, + {file = "rpds_py-0.18.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:661d25cbffaf8cc42e971dd570d87cb29a665f49f4abe1f9e76be9a5182c4688"}, + {file = "rpds_py-0.18.0-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:1df3659d26f539ac74fb3b0c481cdf9d725386e3552c6fa2974f4d33d78e544b"}, + {file = "rpds_py-0.18.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:a1ce3ba137ed54f83e56fb983a5859a27d43a40188ba798993812fed73c70836"}, + {file = "rpds_py-0.18.0-cp311-none-win32.whl", hash = "sha256:69e64831e22a6b377772e7fb337533c365085b31619005802a79242fee620bc1"}, + {file = "rpds_py-0.18.0-cp311-none-win_amd64.whl", hash = "sha256:998e33ad22dc7ec7e030b3df701c43630b5bc0d8fbc2267653577e3fec279afa"}, + {file = "rpds_py-0.18.0-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:7f2facbd386dd60cbbf1a794181e6aa0bd429bd78bfdf775436020172e2a23f0"}, + {file = "rpds_py-0.18.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1d9a5be316c15ffb2b3c405c4ff14448c36b4435be062a7f578ccd8b01f0c4d8"}, + {file = "rpds_py-0.18.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cd5bf1af8efe569654bbef5a3e0a56eca45f87cfcffab31dd8dde70da5982475"}, + {file = "rpds_py-0.18.0-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5417558f6887e9b6b65b4527232553c139b57ec42c64570569b155262ac0754f"}, + {file = "rpds_py-0.18.0-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:56a737287efecafc16f6d067c2ea0117abadcd078d58721f967952db329a3e5c"}, + {file = "rpds_py-0.18.0-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8f03bccbd8586e9dd37219bce4d4e0d3ab492e6b3b533e973fa08a112cb2ffc9"}, + {file = "rpds_py-0.18.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4457a94da0d5c53dc4b3e4de1158bdab077db23c53232f37a3cb7afdb053a4e3"}, + {file = "rpds_py-0.18.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:0ab39c1ba9023914297dd88ec3b3b3c3f33671baeb6acf82ad7ce883f6e8e157"}, + {file = "rpds_py-0.18.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:9d54553c1136b50fd12cc17e5b11ad07374c316df307e4cfd6441bea5fb68496"}, + {file = "rpds_py-0.18.0-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:0af039631b6de0397ab2ba16eaf2872e9f8fca391b44d3d8cac317860a700a3f"}, + {file = "rpds_py-0.18.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:84ffab12db93b5f6bad84c712c92060a2d321b35c3c9960b43d08d0f639d60d7"}, + {file = "rpds_py-0.18.0-cp312-none-win32.whl", hash = "sha256:685537e07897f173abcf67258bee3c05c374fa6fff89d4c7e42fb391b0605e98"}, + {file = "rpds_py-0.18.0-cp312-none-win_amd64.whl", hash = "sha256:e003b002ec72c8d5a3e3da2989c7d6065b47d9eaa70cd8808b5384fbb970f4ec"}, + {file = "rpds_py-0.18.0-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:08f9ad53c3f31dfb4baa00da22f1e862900f45908383c062c27628754af2e88e"}, + {file = "rpds_py-0.18.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:c0013fe6b46aa496a6749c77e00a3eb07952832ad6166bd481c74bda0dcb6d58"}, + {file = "rpds_py-0.18.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e32a92116d4f2a80b629778280103d2a510a5b3f6314ceccd6e38006b5e92dcb"}, + {file = "rpds_py-0.18.0-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e541ec6f2ec456934fd279a3120f856cd0aedd209fc3852eca563f81738f6861"}, + {file = "rpds_py-0.18.0-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:bed88b9a458e354014d662d47e7a5baafd7ff81c780fd91584a10d6ec842cb73"}, + {file = "rpds_py-0.18.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2644e47de560eb7bd55c20fc59f6daa04682655c58d08185a9b95c1970fa1e07"}, + {file = "rpds_py-0.18.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8e8916ae4c720529e18afa0b879473049e95949bf97042e938530e072fde061d"}, + {file = "rpds_py-0.18.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:465a3eb5659338cf2a9243e50ad9b2296fa15061736d6e26240e713522b6235c"}, + {file = "rpds_py-0.18.0-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:ea7d4a99f3b38c37eac212dbd6ec42b7a5ec51e2c74b5d3223e43c811609e65f"}, + {file = "rpds_py-0.18.0-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:67071a6171e92b6da534b8ae326505f7c18022c6f19072a81dcf40db2638767c"}, + {file = "rpds_py-0.18.0-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:41ef53e7c58aa4ef281da975f62c258950f54b76ec8e45941e93a3d1d8580594"}, + {file = "rpds_py-0.18.0-cp38-none-win32.whl", hash = "sha256:fdea4952db2793c4ad0bdccd27c1d8fdd1423a92f04598bc39425bcc2b8ee46e"}, + {file = "rpds_py-0.18.0-cp38-none-win_amd64.whl", hash = "sha256:7cd863afe7336c62ec78d7d1349a2f34c007a3cc6c2369d667c65aeec412a5b1"}, + {file = "rpds_py-0.18.0-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:5307def11a35f5ae4581a0b658b0af8178c65c530e94893345bebf41cc139d33"}, + {file = "rpds_py-0.18.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:77f195baa60a54ef9d2de16fbbfd3ff8b04edc0c0140a761b56c267ac11aa467"}, + {file = "rpds_py-0.18.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:39f5441553f1c2aed4de4377178ad8ff8f9d733723d6c66d983d75341de265ab"}, + {file = "rpds_py-0.18.0-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:9a00312dea9310d4cb7dbd7787e722d2e86a95c2db92fbd7d0155f97127bcb40"}, + {file = "rpds_py-0.18.0-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:8f2fc11e8fe034ee3c34d316d0ad8808f45bc3b9ce5857ff29d513f3ff2923a1"}, + {file = "rpds_py-0.18.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:586f8204935b9ec884500498ccc91aa869fc652c40c093bd9e1471fbcc25c022"}, + {file = "rpds_py-0.18.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ddc2f4dfd396c7bfa18e6ce371cba60e4cf9d2e5cdb71376aa2da264605b60b9"}, + {file = "rpds_py-0.18.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:5ddcba87675b6d509139d1b521e0c8250e967e63b5909a7e8f8944d0f90ff36f"}, + {file = "rpds_py-0.18.0-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:7bd339195d84439cbe5771546fe8a4e8a7a045417d8f9de9a368c434e42a721e"}, + {file = "rpds_py-0.18.0-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:d7c36232a90d4755b720fbd76739d8891732b18cf240a9c645d75f00639a9024"}, + {file = "rpds_py-0.18.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:6b0817e34942b2ca527b0e9298373e7cc75f429e8da2055607f4931fded23e20"}, + {file = "rpds_py-0.18.0-cp39-none-win32.whl", hash = "sha256:99f70b740dc04d09e6b2699b675874367885217a2e9f782bdf5395632ac663b7"}, + {file = "rpds_py-0.18.0-cp39-none-win_amd64.whl", hash = "sha256:6ef687afab047554a2d366e112dd187b62d261d49eb79b77e386f94644363294"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:ad36cfb355e24f1bd37cac88c112cd7730873f20fb0bdaf8ba59eedf8216079f"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:36b3ee798c58ace201289024b52788161e1ea133e4ac93fba7d49da5fec0ef9e"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f8a2f084546cc59ea99fda8e070be2fd140c3092dc11524a71aa8f0f3d5a55ca"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e4461d0f003a0aa9be2bdd1b798a041f177189c1a0f7619fe8c95ad08d9a45d7"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:8db715ebe3bb7d86d77ac1826f7d67ec11a70dbd2376b7cc214199360517b641"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:793968759cd0d96cac1e367afd70c235867831983f876a53389ad869b043c948"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:66e6a3af5a75363d2c9a48b07cb27c4ea542938b1a2e93b15a503cdfa8490795"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6ef0befbb5d79cf32d0266f5cff01545602344eda89480e1dd88aca964260b18"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:1d4acf42190d449d5e89654d5c1ed3a4f17925eec71f05e2a41414689cda02d1"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-musllinux_1_2_i686.whl", hash = "sha256:a5f446dd5055667aabaee78487f2b5ab72e244f9bc0b2ffebfeec79051679984"}, + {file = "rpds_py-0.18.0-pp310-pypy310_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:9dbbeb27f4e70bfd9eec1be5477517365afe05a9b2c441a0b21929ee61048124"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-macosx_10_12_x86_64.whl", hash = "sha256:22806714311a69fd0af9b35b7be97c18a0fc2826e6827dbb3a8c94eac6cf7eeb"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-macosx_11_0_arm64.whl", hash = "sha256:b34ae4636dfc4e76a438ab826a0d1eed2589ca7d9a1b2d5bb546978ac6485461"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8c8370641f1a7f0e0669ddccca22f1da893cef7628396431eb445d46d893e5cd"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:c8362467a0fdeccd47935f22c256bec5e6abe543bf0d66e3d3d57a8fb5731863"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:11a8c85ef4a07a7638180bf04fe189d12757c696eb41f310d2426895356dcf05"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b316144e85316da2723f9d8dc75bada12fa58489a527091fa1d5a612643d1a0e"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cf1ea2e34868f6fbf070e1af291c8180480310173de0b0c43fc38a02929fc0e3"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:e546e768d08ad55b20b11dbb78a745151acbd938f8f00d0cfbabe8b0199b9880"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:4901165d170a5fde6f589acb90a6b33629ad1ec976d4529e769c6f3d885e3e80"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-musllinux_1_2_i686.whl", hash = "sha256:618a3d6cae6ef8ec88bb76dd80b83cfe415ad4f1d942ca2a903bf6b6ff97a2da"}, + {file = "rpds_py-0.18.0-pp38-pypy38_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:ed4eb745efbff0a8e9587d22a84be94a5eb7d2d99c02dacf7bd0911713ed14dd"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:6c81e5f372cd0dc5dc4809553d34f832f60a46034a5f187756d9b90586c2c307"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:43fbac5f22e25bee1d482c97474f930a353542855f05c1161fd804c9dc74a09d"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6d7faa6f14017c0b1e69f5e2c357b998731ea75a442ab3841c0dbbbfe902d2c4"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:08231ac30a842bd04daabc4d71fddd7e6d26189406d5a69535638e4dcb88fe76"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:044a3e61a7c2dafacae99d1e722cc2d4c05280790ec5a05031b3876809d89a5c"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3f26b5bd1079acdb0c7a5645e350fe54d16b17bfc5e71f371c449383d3342e17"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:482103aed1dfe2f3b71a58eff35ba105289b8d862551ea576bd15479aba01f66"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:1374f4129f9bcca53a1bba0bb86bf78325a0374577cf7e9e4cd046b1e6f20e24"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:635dc434ff724b178cb192c70016cc0ad25a275228f749ee0daf0eddbc8183b1"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-musllinux_1_2_i686.whl", hash = "sha256:bc362ee4e314870a70f4ae88772d72d877246537d9f8cb8f7eacf10884862432"}, + {file = "rpds_py-0.18.0-pp39-pypy39_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:4832d7d380477521a8c1644bbab6588dfedea5e30a7d967b5fb75977c45fd77f"}, + {file = "rpds_py-0.18.0.tar.gz", hash = "sha256:42821446ee7a76f5d9f71f9e33a4fb2ffd724bb3e7f93386150b61a43115788d"}, ] [[package]] @@ -1896,19 +1865,19 @@ distro = ">=1.3.0" [[package]] name = "setuptools" -version = "67.7.2" +version = "69.5.1" description = "Easily download, build, install, upgrade, and uninstall Python packages" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "setuptools-67.7.2-py3-none-any.whl", hash = "sha256:23aaf86b85ca52ceb801d32703f12d77517b2556af839621c641fca11287952b"}, - {file = "setuptools-67.7.2.tar.gz", hash = "sha256:f104fa03692a2602fa0fec6c6a9e63b6c8a968de13e17c026957dd1f53d80990"}, + {file = "setuptools-69.5.1-py3-none-any.whl", hash = "sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32"}, + {file = "setuptools-69.5.1.tar.gz", hash = "sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987"}, ] [package.extras] -docs = ["furo", "jaraco.packaging (>=9)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-hoverxref (<2)", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (==0.8.3)", "sphinx-reredirects", "sphinxcontrib-towncrier"] -testing = ["build[virtualenv]", "filelock (>=3.4.0)", "flake8 (<5)", "flake8-2020", "ini2toml[lite] (>=0.9)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "pip (>=19.1)", "pip-run (>=8.8)", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=1.3)", "pytest-flake8", "pytest-mypy (>=0.9.1)", "pytest-perf", "pytest-timeout", "pytest-xdist", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"] -testing-integration = ["build[virtualenv]", "filelock (>=3.4.0)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "pytest", "pytest-enabler", "pytest-xdist", "tomli", "virtualenv (>=13.0.0)", "wheel"] +docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier"] +testing = ["build[virtualenv]", "filelock (>=3.4.0)", "importlib-metadata", "ini2toml[lite] (>=0.9)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "mypy (==1.9)", "packaging (>=23.2)", "pip (>=19.1)", "pytest (>=6,!=8.1.1)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-home (>=0.5)", "pytest-mypy", "pytest-perf", "pytest-ruff (>=0.2.1)", "pytest-timeout", "pytest-xdist (>=3)", "tomli", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"] +testing-integration = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "packaging (>=23.2)", "pytest", "pytest-enabler", "pytest-xdist", "tomli", "virtualenv (>=13.0.0)", "wheel"] [[package]] name = "six" @@ -1923,13 +1892,13 @@ files = [ [[package]] name = "stevedore" -version = "4.1.1" +version = "5.2.0" description = "Manage dynamic plugins for Python applications" optional = false python-versions = ">=3.8" files = [ - {file = "stevedore-4.1.1-py3-none-any.whl", hash = "sha256:aa6436565c069b2946fe4ebff07f5041e0c8bf18c7376dd29edf80cf7d524e4e"}, - {file = "stevedore-4.1.1.tar.gz", hash = "sha256:7f8aeb6e3f90f96832c301bff21a7eb5eefbe894c88c506483d355565d88cc1a"}, + {file = "stevedore-5.2.0-py3-none-any.whl", hash = "sha256:1c15d95766ca0569cad14cb6272d4d31dae66b011a929d7c18219c176ea1b5c9"}, + {file = "stevedore-5.2.0.tar.gz", hash = "sha256:46b93ca40e1114cea93d738a6c1e365396981bb6bb78c27045b7587c9473544d"}, ] [package.dependencies] @@ -1961,176 +1930,138 @@ files = [ ] [[package]] -name = "urllib3" -version = "1.26.18" -description = "HTTP library with thread-safe connection pooling, file post, and more." +name = "typing-extensions" +version = "4.11.0" +description = "Backported and Experimental Type Hints for Python 3.8+" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" +python-versions = ">=3.8" files = [ - {file = "urllib3-1.26.18-py2.py3-none-any.whl", hash = "sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07"}, - {file = "urllib3-1.26.18.tar.gz", hash = "sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"}, + {file = "typing_extensions-4.11.0-py3-none-any.whl", hash = "sha256:c1f94d72897edaf4ce775bb7558d5b79d8126906a14ea5ed1635921406c0387a"}, + {file = "typing_extensions-4.11.0.tar.gz", hash = "sha256:83f085bd5ca59c80295fc2a82ab5dac679cbe02b9f33f7d83af68e241bea51b0"}, ] -[package.extras] -brotli = ["brotli (==1.0.9)", "brotli (>=1.0.9)", "brotlicffi (>=0.8.0)", "brotlipy (>=0.6.0)"] -secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)", "urllib3-secure-extra"] -socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"] +[[package]] +name = "tzdata" +version = "2024.1" +description = "Provider of IANA time zone data" +optional = false +python-versions = ">=2" +files = [ + {file = "tzdata-2024.1-py2.py3-none-any.whl", hash = "sha256:9068bc196136463f5245e51efda838afa15aaeca9903f49050dfa2679db4d252"}, + {file = "tzdata-2024.1.tar.gz", hash = "sha256:2674120f8d891909751c38abcdfd386ac0a5a1127954fbc332af6b5ceae07efd"}, +] [[package]] -name = "watchdog" +name = "urllib3" version = "2.2.1" -description = "Filesystem events monitoring" +description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "watchdog-2.2.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a09483249d25cbdb4c268e020cb861c51baab2d1affd9a6affc68ffe6a231260"}, - {file = "watchdog-2.2.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5100eae58133355d3ca6c1083a33b81355c4f452afa474c2633bd2fbbba398b3"}, - {file = "watchdog-2.2.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:e618a4863726bc7a3c64f95c218437f3349fb9d909eb9ea3a1ed3b567417c661"}, - {file = "watchdog-2.2.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:102a60093090fc3ff76c983367b19849b7cc24ec414a43c0333680106e62aae1"}, - {file = "watchdog-2.2.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:748ca797ff59962e83cc8e4b233f87113f3cf247c23e6be58b8a2885c7337aa3"}, - {file = "watchdog-2.2.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:6ccd8d84b9490a82b51b230740468116b8205822ea5fdc700a553d92661253a3"}, - {file = "watchdog-2.2.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:6e01d699cd260d59b84da6bda019dce0a3353e3fcc774408ae767fe88ee096b7"}, - {file = "watchdog-2.2.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8586d98c494690482c963ffb24c49bf9c8c2fe0589cec4dc2f753b78d1ec301d"}, - {file = "watchdog-2.2.1-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:adaf2ece15f3afa33a6b45f76b333a7da9256e1360003032524d61bdb4c422ae"}, - {file = "watchdog-2.2.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:83a7cead445008e880dbde833cb9e5cc7b9a0958edb697a96b936621975f15b9"}, - {file = "watchdog-2.2.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:f8ac23ff2c2df4471a61af6490f847633024e5aa120567e08d07af5718c9d092"}, - {file = "watchdog-2.2.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:d0f29fd9f3f149a5277929de33b4f121a04cf84bb494634707cfa8ea8ae106a8"}, - {file = "watchdog-2.2.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:967636031fa4c4955f0f3f22da3c5c418aa65d50908d31b73b3b3ffd66d60640"}, - {file = "watchdog-2.2.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:96cbeb494e6cbe3ae6aacc430e678ce4b4dd3ae5125035f72b6eb4e5e9eb4f4e"}, - {file = "watchdog-2.2.1-pp37-pypy37_pp73-macosx_10_9_x86_64.whl", hash = "sha256:61fdb8e9c57baf625e27e1420e7ca17f7d2023929cd0065eb79c83da1dfbeacd"}, - {file = "watchdog-2.2.1-pp38-pypy38_pp73-macosx_10_9_x86_64.whl", hash = "sha256:4cb5ecc332112017fbdb19ede78d92e29a8165c46b68a0b8ccbd0a154f196d5e"}, - {file = "watchdog-2.2.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:a480d122740debf0afac4ddd583c6c0bb519c24f817b42ed6f850e2f6f9d64a8"}, - {file = "watchdog-2.2.1-py3-none-manylinux2014_aarch64.whl", hash = "sha256:978a1aed55de0b807913b7482d09943b23a2d634040b112bdf31811a422f6344"}, - {file = "watchdog-2.2.1-py3-none-manylinux2014_armv7l.whl", hash = "sha256:8c28c23972ec9c524967895ccb1954bc6f6d4a557d36e681a36e84368660c4ce"}, - {file = "watchdog-2.2.1-py3-none-manylinux2014_i686.whl", hash = "sha256:c27d8c1535fd4474e40a4b5e01f4ba6720bac58e6751c667895cbc5c8a7af33c"}, - {file = "watchdog-2.2.1-py3-none-manylinux2014_ppc64.whl", hash = "sha256:d6b87477752bd86ac5392ecb9eeed92b416898c30bd40c7e2dd03c3146105646"}, - {file = "watchdog-2.2.1-py3-none-manylinux2014_ppc64le.whl", hash = "sha256:cece1aa596027ff56369f0b50a9de209920e1df9ac6d02c7f9e5d8162eb4f02b"}, - {file = "watchdog-2.2.1-py3-none-manylinux2014_s390x.whl", hash = "sha256:8b5cde14e5c72b2df5d074774bdff69e9b55da77e102a91f36ef26ca35f9819c"}, - {file = "watchdog-2.2.1-py3-none-manylinux2014_x86_64.whl", hash = "sha256:e038be858425c4f621900b8ff1a3a1330d9edcfeaa1c0468aeb7e330fb87693e"}, - {file = "watchdog-2.2.1-py3-none-win32.whl", hash = "sha256:bc43c1b24d2f86b6e1cc15f68635a959388219426109233e606517ff7d0a5a73"}, - {file = "watchdog-2.2.1-py3-none-win_amd64.whl", hash = "sha256:17f1708f7410af92ddf591e94ae71a27a13974559e72f7e9fde3ec174b26ba2e"}, - {file = "watchdog-2.2.1-py3-none-win_ia64.whl", hash = "sha256:195ab1d9d611a4c1e5311cbf42273bc541e18ea8c32712f2fb703cfc6ff006f9"}, - {file = "watchdog-2.2.1.tar.gz", hash = "sha256:cdcc23c9528601a8a293eb4369cbd14f6b4f34f07ae8769421252e9c22718b6f"}, + {file = "urllib3-2.2.1-py3-none-any.whl", hash = "sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d"}, + {file = "urllib3-2.2.1.tar.gz", hash = "sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19"}, ] [package.extras] -watchmedo = ["PyYAML (>=3.10)"] +brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)"] +h2 = ["h2 (>=4,<5)"] +socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"] +zstd = ["zstandard (>=0.18.0)"] [[package]] name = "wcmatch" -version = "8.5" +version = "8.5.1" description = "Wildcard/glob file name matcher." optional = false python-versions = ">=3.8" files = [ - {file = "wcmatch-8.5-py3-none-any.whl", hash = "sha256:14554e409b142edeefab901dc68ad570b30a72a8ab9a79106c5d5e9a6d241bd5"}, - {file = "wcmatch-8.5.tar.gz", hash = "sha256:86c17572d0f75cbf3bcb1a18f3bf2f9e72b39a9c08c9b4a74e991e1882a8efb3"}, + {file = "wcmatch-8.5.1-py3-none-any.whl", hash = "sha256:24c19cedc92bc9c9e27f39db4e1824d72f95bd2cea32b254a47a45b1a1b227ed"}, + {file = "wcmatch-8.5.1.tar.gz", hash = "sha256:c0088c7f6426cf6bf27e530e2b7b734031905f7e490475fd83c7c5008ab581b3"}, ] [package.dependencies] bracex = ">=2.1.1" -[[package]] -name = "websocket-client" -version = "1.5.1" -description = "WebSocket client for Python with low level API options" -optional = false -python-versions = ">=3.7" -files = [ - {file = "websocket-client-1.5.1.tar.gz", hash = "sha256:3f09e6d8230892547132177f575a4e3e73cfdf06526e20cc02aa1c3b47184d40"}, - {file = "websocket_client-1.5.1-py3-none-any.whl", hash = "sha256:cdf5877568b7e83aa7cf2244ab56a3213de587bbe0ce9d8b9600fc77b455d89e"}, -] - -[package.extras] -docs = ["Sphinx (>=3.4)", "sphinx-rtd-theme (>=0.5)"] -optional = ["python-socks", "wsaccel"] -test = ["websockets"] - [[package]] name = "wrapt" -version = "1.15.0" +version = "1.16.0" description = "Module for decorators, wrappers and monkey patching." optional = false -python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" -files = [ - {file = "wrapt-1.15.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:ca1cccf838cd28d5a0883b342474c630ac48cac5df0ee6eacc9c7290f76b11c1"}, - {file = "wrapt-1.15.0-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:e826aadda3cae59295b95343db8f3d965fb31059da7de01ee8d1c40a60398b29"}, - {file = "wrapt-1.15.0-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:5fc8e02f5984a55d2c653f5fea93531e9836abbd84342c1d1e17abc4a15084c2"}, - {file = "wrapt-1.15.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:96e25c8603a155559231c19c0349245eeb4ac0096fe3c1d0be5c47e075bd4f46"}, - {file = "wrapt-1.15.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:40737a081d7497efea35ab9304b829b857f21558acfc7b3272f908d33b0d9d4c"}, - {file = "wrapt-1.15.0-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:f87ec75864c37c4c6cb908d282e1969e79763e0d9becdfe9fe5473b7bb1e5f09"}, - {file = "wrapt-1.15.0-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:1286eb30261894e4c70d124d44b7fd07825340869945c79d05bda53a40caa079"}, - {file = "wrapt-1.15.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:493d389a2b63c88ad56cdc35d0fa5752daac56ca755805b1b0c530f785767d5e"}, - {file = "wrapt-1.15.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:58d7a75d731e8c63614222bcb21dd992b4ab01a399f1f09dd82af17bbfc2368a"}, - {file = "wrapt-1.15.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:21f6d9a0d5b3a207cdf7acf8e58d7d13d463e639f0c7e01d82cdb671e6cb7923"}, - {file = "wrapt-1.15.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:ce42618f67741d4697684e501ef02f29e758a123aa2d669e2d964ff734ee00ee"}, - {file = "wrapt-1.15.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:41d07d029dd4157ae27beab04d22b8e261eddfc6ecd64ff7000b10dc8b3a5727"}, - {file = "wrapt-1.15.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:54accd4b8bc202966bafafd16e69da9d5640ff92389d33d28555c5fd4f25ccb7"}, - {file = "wrapt-1.15.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2fbfbca668dd15b744418265a9607baa970c347eefd0db6a518aaf0cfbd153c0"}, - {file = "wrapt-1.15.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:76e9c727a874b4856d11a32fb0b389afc61ce8aaf281ada613713ddeadd1cfec"}, - {file = "wrapt-1.15.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:e20076a211cd6f9b44a6be58f7eeafa7ab5720eb796975d0c03f05b47d89eb90"}, - {file = "wrapt-1.15.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:a74d56552ddbde46c246b5b89199cb3fd182f9c346c784e1a93e4dc3f5ec9975"}, - {file = "wrapt-1.15.0-cp310-cp310-win32.whl", hash = "sha256:26458da5653aa5b3d8dc8b24192f574a58984c749401f98fff994d41d3f08da1"}, - {file = "wrapt-1.15.0-cp310-cp310-win_amd64.whl", hash = "sha256:75760a47c06b5974aa5e01949bf7e66d2af4d08cb8c1d6516af5e39595397f5e"}, - {file = "wrapt-1.15.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:ba1711cda2d30634a7e452fc79eabcadaffedf241ff206db2ee93dd2c89a60e7"}, - {file = "wrapt-1.15.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:56374914b132c702aa9aa9959c550004b8847148f95e1b824772d453ac204a72"}, - {file = "wrapt-1.15.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a89ce3fd220ff144bd9d54da333ec0de0399b52c9ac3d2ce34b569cf1a5748fb"}, - {file = "wrapt-1.15.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3bbe623731d03b186b3d6b0d6f51865bf598587c38d6f7b0be2e27414f7f214e"}, - {file = "wrapt-1.15.0-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3abbe948c3cbde2689370a262a8d04e32ec2dd4f27103669a45c6929bcdbfe7c"}, - {file = "wrapt-1.15.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:b67b819628e3b748fd3c2192c15fb951f549d0f47c0449af0764d7647302fda3"}, - {file = "wrapt-1.15.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:7eebcdbe3677e58dd4c0e03b4f2cfa346ed4049687d839adad68cc38bb559c92"}, - {file = "wrapt-1.15.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:74934ebd71950e3db69960a7da29204f89624dde411afbfb3b4858c1409b1e98"}, - {file = "wrapt-1.15.0-cp311-cp311-win32.whl", hash = "sha256:bd84395aab8e4d36263cd1b9308cd504f6cf713b7d6d3ce25ea55670baec5416"}, - {file = "wrapt-1.15.0-cp311-cp311-win_amd64.whl", hash = "sha256:a487f72a25904e2b4bbc0817ce7a8de94363bd7e79890510174da9d901c38705"}, - {file = "wrapt-1.15.0-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:4ff0d20f2e670800d3ed2b220d40984162089a6e2c9646fdb09b85e6f9a8fc29"}, - {file = "wrapt-1.15.0-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:9ed6aa0726b9b60911f4aed8ec5b8dd7bf3491476015819f56473ffaef8959bd"}, - {file = "wrapt-1.15.0-cp35-cp35m-manylinux2010_i686.whl", hash = "sha256:896689fddba4f23ef7c718279e42f8834041a21342d95e56922e1c10c0cc7afb"}, - {file = "wrapt-1.15.0-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:75669d77bb2c071333417617a235324a1618dba66f82a750362eccbe5b61d248"}, - {file = "wrapt-1.15.0-cp35-cp35m-win32.whl", hash = "sha256:fbec11614dba0424ca72f4e8ba3c420dba07b4a7c206c8c8e4e73f2e98f4c559"}, - {file = "wrapt-1.15.0-cp35-cp35m-win_amd64.whl", hash = "sha256:fd69666217b62fa5d7c6aa88e507493a34dec4fa20c5bd925e4bc12fce586639"}, - {file = "wrapt-1.15.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:b0724f05c396b0a4c36a3226c31648385deb6a65d8992644c12a4963c70326ba"}, - {file = "wrapt-1.15.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bbeccb1aa40ab88cd29e6c7d8585582c99548f55f9b2581dfc5ba68c59a85752"}, - {file = "wrapt-1.15.0-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:38adf7198f8f154502883242f9fe7333ab05a5b02de7d83aa2d88ea621f13364"}, - {file = "wrapt-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:578383d740457fa790fdf85e6d346fda1416a40549fe8db08e5e9bd281c6a475"}, - {file = "wrapt-1.15.0-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:a4cbb9ff5795cd66f0066bdf5947f170f5d63a9274f99bdbca02fd973adcf2a8"}, - {file = "wrapt-1.15.0-cp36-cp36m-musllinux_1_1_i686.whl", hash = "sha256:af5bd9ccb188f6a5fdda9f1f09d9f4c86cc8a539bd48a0bfdc97723970348418"}, - {file = "wrapt-1.15.0-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:b56d5519e470d3f2fe4aa7585f0632b060d532d0696c5bdfb5e8319e1d0f69a2"}, - {file = "wrapt-1.15.0-cp36-cp36m-win32.whl", hash = "sha256:77d4c1b881076c3ba173484dfa53d3582c1c8ff1f914c6461ab70c8428b796c1"}, - {file = "wrapt-1.15.0-cp36-cp36m-win_amd64.whl", hash = "sha256:077ff0d1f9d9e4ce6476c1a924a3332452c1406e59d90a2cf24aeb29eeac9420"}, - {file = "wrapt-1.15.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:5c5aa28df055697d7c37d2099a7bc09f559d5053c3349b1ad0c39000e611d317"}, - {file = "wrapt-1.15.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3a8564f283394634a7a7054b7983e47dbf39c07712d7b177b37e03f2467a024e"}, - {file = "wrapt-1.15.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:780c82a41dc493b62fc5884fb1d3a3b81106642c5c5c78d6a0d4cbe96d62ba7e"}, - {file = "wrapt-1.15.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e169e957c33576f47e21864cf3fc9ff47c223a4ebca8960079b8bd36cb014fd0"}, - {file = "wrapt-1.15.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:b02f21c1e2074943312d03d243ac4388319f2456576b2c6023041c4d57cd7019"}, - {file = "wrapt-1.15.0-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:f2e69b3ed24544b0d3dbe2c5c0ba5153ce50dcebb576fdc4696d52aa22db6034"}, - {file = "wrapt-1.15.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:d787272ed958a05b2c86311d3a4135d3c2aeea4fc655705f074130aa57d71653"}, - {file = "wrapt-1.15.0-cp37-cp37m-win32.whl", hash = "sha256:02fce1852f755f44f95af51f69d22e45080102e9d00258053b79367d07af39c0"}, - {file = "wrapt-1.15.0-cp37-cp37m-win_amd64.whl", hash = "sha256:abd52a09d03adf9c763d706df707c343293d5d106aea53483e0ec8d9e310ad5e"}, - {file = "wrapt-1.15.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:cdb4f085756c96a3af04e6eca7f08b1345e94b53af8921b25c72f096e704e145"}, - {file = "wrapt-1.15.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:230ae493696a371f1dbffaad3dafbb742a4d27a0afd2b1aecebe52b740167e7f"}, - {file = "wrapt-1.15.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:63424c681923b9f3bfbc5e3205aafe790904053d42ddcc08542181a30a7a51bd"}, - {file = "wrapt-1.15.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d6bcbfc99f55655c3d93feb7ef3800bd5bbe963a755687cbf1f490a71fb7794b"}, - {file = "wrapt-1.15.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c99f4309f5145b93eca6e35ac1a988f0dc0a7ccf9ccdcd78d3c0adf57224e62f"}, - {file = "wrapt-1.15.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:b130fe77361d6771ecf5a219d8e0817d61b236b7d8b37cc045172e574ed219e6"}, - {file = "wrapt-1.15.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:96177eb5645b1c6985f5c11d03fc2dbda9ad24ec0f3a46dcce91445747e15094"}, - {file = "wrapt-1.15.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:d5fe3e099cf07d0fb5a1e23d399e5d4d1ca3e6dfcbe5c8570ccff3e9208274f7"}, - {file = "wrapt-1.15.0-cp38-cp38-win32.whl", hash = "sha256:abd8f36c99512755b8456047b7be10372fca271bf1467a1caa88db991e7c421b"}, - {file = "wrapt-1.15.0-cp38-cp38-win_amd64.whl", hash = "sha256:b06fa97478a5f478fb05e1980980a7cdf2712015493b44d0c87606c1513ed5b1"}, - {file = "wrapt-1.15.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:2e51de54d4fb8fb50d6ee8327f9828306a959ae394d3e01a1ba8b2f937747d86"}, - {file = "wrapt-1.15.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:0970ddb69bba00670e58955f8019bec4a42d1785db3faa043c33d81de2bf843c"}, - {file = "wrapt-1.15.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:76407ab327158c510f44ded207e2f76b657303e17cb7a572ffe2f5a8a48aa04d"}, - {file = "wrapt-1.15.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cd525e0e52a5ff16653a3fc9e3dd827981917d34996600bbc34c05d048ca35cc"}, - {file = "wrapt-1.15.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9d37ac69edc5614b90516807de32d08cb8e7b12260a285ee330955604ed9dd29"}, - {file = "wrapt-1.15.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:078e2a1a86544e644a68422f881c48b84fef6d18f8c7a957ffd3f2e0a74a0d4a"}, - {file = "wrapt-1.15.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:2cf56d0e237280baed46f0b5316661da892565ff58309d4d2ed7dba763d984b8"}, - {file = "wrapt-1.15.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:7dc0713bf81287a00516ef43137273b23ee414fe41a3c14be10dd95ed98a2df9"}, - {file = "wrapt-1.15.0-cp39-cp39-win32.whl", hash = "sha256:46ed616d5fb42f98630ed70c3529541408166c22cdfd4540b88d5f21006b0eff"}, - {file = "wrapt-1.15.0-cp39-cp39-win_amd64.whl", hash = "sha256:eef4d64c650f33347c1f9266fa5ae001440b232ad9b98f1f43dfe7a79435c0a6"}, - {file = "wrapt-1.15.0-py3-none-any.whl", hash = "sha256:64b1df0f83706b4ef4cfb4fb0e4c2669100fd7ecacfb59e091fad300d4e04640"}, - {file = "wrapt-1.15.0.tar.gz", hash = "sha256:d06730c6aed78cee4126234cf2d071e01b44b915e725a6cb439a879ec9754a3a"}, +python-versions = ">=3.6" +files = [ + {file = "wrapt-1.16.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:ffa565331890b90056c01db69c0fe634a776f8019c143a5ae265f9c6bc4bd6d4"}, + {file = "wrapt-1.16.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:e4fdb9275308292e880dcbeb12546df7f3e0f96c6b41197e0cf37d2826359020"}, + {file = "wrapt-1.16.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bb2dee3874a500de01c93d5c71415fcaef1d858370d405824783e7a8ef5db440"}, + {file = "wrapt-1.16.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2a88e6010048489cda82b1326889ec075a8c856c2e6a256072b28eaee3ccf487"}, + {file = "wrapt-1.16.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ac83a914ebaf589b69f7d0a1277602ff494e21f4c2f743313414378f8f50a4cf"}, + {file = "wrapt-1.16.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:73aa7d98215d39b8455f103de64391cb79dfcad601701a3aa0dddacf74911d72"}, + {file = "wrapt-1.16.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:807cc8543a477ab7422f1120a217054f958a66ef7314f76dd9e77d3f02cdccd0"}, + {file = "wrapt-1.16.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:bf5703fdeb350e36885f2875d853ce13172ae281c56e509f4e6eca049bdfb136"}, + {file = "wrapt-1.16.0-cp310-cp310-win32.whl", hash = "sha256:f6b2d0c6703c988d334f297aa5df18c45e97b0af3679bb75059e0e0bd8b1069d"}, + {file = "wrapt-1.16.0-cp310-cp310-win_amd64.whl", hash = "sha256:decbfa2f618fa8ed81c95ee18a387ff973143c656ef800c9f24fb7e9c16054e2"}, + {file = "wrapt-1.16.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:1a5db485fe2de4403f13fafdc231b0dbae5eca4359232d2efc79025527375b09"}, + {file = "wrapt-1.16.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:75ea7d0ee2a15733684badb16de6794894ed9c55aa5e9903260922f0482e687d"}, + {file = "wrapt-1.16.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a452f9ca3e3267cd4d0fcf2edd0d035b1934ac2bd7e0e57ac91ad6b95c0c6389"}, + {file = "wrapt-1.16.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:43aa59eadec7890d9958748db829df269f0368521ba6dc68cc172d5d03ed8060"}, + {file = "wrapt-1.16.0-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:72554a23c78a8e7aa02abbd699d129eead8b147a23c56e08d08dfc29cfdddca1"}, + {file = "wrapt-1.16.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:d2efee35b4b0a347e0d99d28e884dfd82797852d62fcd7ebdeee26f3ceb72cf3"}, + {file = "wrapt-1.16.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:6dcfcffe73710be01d90cae08c3e548d90932d37b39ef83969ae135d36ef3956"}, + {file = "wrapt-1.16.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:eb6e651000a19c96f452c85132811d25e9264d836951022d6e81df2fff38337d"}, + {file = "wrapt-1.16.0-cp311-cp311-win32.whl", hash = "sha256:66027d667efe95cc4fa945af59f92c5a02c6f5bb6012bff9e60542c74c75c362"}, + {file = "wrapt-1.16.0-cp311-cp311-win_amd64.whl", hash = "sha256:aefbc4cb0a54f91af643660a0a150ce2c090d3652cf4052a5397fb2de549cd89"}, + {file = "wrapt-1.16.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:5eb404d89131ec9b4f748fa5cfb5346802e5ee8836f57d516576e61f304f3b7b"}, + {file = "wrapt-1.16.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:9090c9e676d5236a6948330e83cb89969f433b1943a558968f659ead07cb3b36"}, + {file = "wrapt-1.16.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:94265b00870aa407bd0cbcfd536f17ecde43b94fb8d228560a1e9d3041462d73"}, + {file = "wrapt-1.16.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f2058f813d4f2b5e3a9eb2eb3faf8f1d99b81c3e51aeda4b168406443e8ba809"}, + {file = "wrapt-1.16.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:98b5e1f498a8ca1858a1cdbffb023bfd954da4e3fa2c0cb5853d40014557248b"}, + {file = "wrapt-1.16.0-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:14d7dc606219cdd7405133c713f2c218d4252f2a469003f8c46bb92d5d095d81"}, + {file = "wrapt-1.16.0-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:49aac49dc4782cb04f58986e81ea0b4768e4ff197b57324dcbd7699c5dfb40b9"}, + {file = "wrapt-1.16.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:418abb18146475c310d7a6dc71143d6f7adec5b004ac9ce08dc7a34e2babdc5c"}, + {file = "wrapt-1.16.0-cp312-cp312-win32.whl", hash = "sha256:685f568fa5e627e93f3b52fda002c7ed2fa1800b50ce51f6ed1d572d8ab3e7fc"}, + {file = "wrapt-1.16.0-cp312-cp312-win_amd64.whl", hash = "sha256:dcdba5c86e368442528f7060039eda390cc4091bfd1dca41e8046af7c910dda8"}, + {file = "wrapt-1.16.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:d462f28826f4657968ae51d2181a074dfe03c200d6131690b7d65d55b0f360f8"}, + {file = "wrapt-1.16.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a33a747400b94b6d6b8a165e4480264a64a78c8a4c734b62136062e9a248dd39"}, + {file = "wrapt-1.16.0-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b3646eefa23daeba62643a58aac816945cadc0afaf21800a1421eeba5f6cfb9c"}, + {file = "wrapt-1.16.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3ebf019be5c09d400cf7b024aa52b1f3aeebeff51550d007e92c3c1c4afc2a40"}, + {file = "wrapt-1.16.0-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:0d2691979e93d06a95a26257adb7bfd0c93818e89b1406f5a28f36e0d8c1e1fc"}, + {file = "wrapt-1.16.0-cp36-cp36m-musllinux_1_1_i686.whl", hash = "sha256:1acd723ee2a8826f3d53910255643e33673e1d11db84ce5880675954183ec47e"}, + {file = "wrapt-1.16.0-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:bc57efac2da352a51cc4658878a68d2b1b67dbe9d33c36cb826ca449d80a8465"}, + {file = "wrapt-1.16.0-cp36-cp36m-win32.whl", hash = "sha256:da4813f751142436b075ed7aa012a8778aa43a99f7b36afe9b742d3ed8bdc95e"}, + {file = "wrapt-1.16.0-cp36-cp36m-win_amd64.whl", hash = "sha256:6f6eac2360f2d543cc875a0e5efd413b6cbd483cb3ad7ebf888884a6e0d2e966"}, + {file = "wrapt-1.16.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:a0ea261ce52b5952bf669684a251a66df239ec6d441ccb59ec7afa882265d593"}, + {file = "wrapt-1.16.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7bd2d7ff69a2cac767fbf7a2b206add2e9a210e57947dd7ce03e25d03d2de292"}, + {file = "wrapt-1.16.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9159485323798c8dc530a224bd3ffcf76659319ccc7bbd52e01e73bd0241a0c5"}, + {file = "wrapt-1.16.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a86373cf37cd7764f2201b76496aba58a52e76dedfaa698ef9e9688bfd9e41cf"}, + {file = "wrapt-1.16.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:73870c364c11f03ed072dda68ff7aea6d2a3a5c3fe250d917a429c7432e15228"}, + {file = "wrapt-1.16.0-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:b935ae30c6e7400022b50f8d359c03ed233d45b725cfdd299462f41ee5ffba6f"}, + {file = "wrapt-1.16.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:db98ad84a55eb09b3c32a96c576476777e87c520a34e2519d3e59c44710c002c"}, + {file = "wrapt-1.16.0-cp37-cp37m-win32.whl", hash = "sha256:9153ed35fc5e4fa3b2fe97bddaa7cbec0ed22412b85bcdaf54aeba92ea37428c"}, + {file = "wrapt-1.16.0-cp37-cp37m-win_amd64.whl", hash = "sha256:66dfbaa7cfa3eb707bbfcd46dab2bc6207b005cbc9caa2199bcbc81d95071a00"}, + {file = "wrapt-1.16.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1dd50a2696ff89f57bd8847647a1c363b687d3d796dc30d4dd4a9d1689a706f0"}, + {file = "wrapt-1.16.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:44a2754372e32ab315734c6c73b24351d06e77ffff6ae27d2ecf14cf3d229202"}, + {file = "wrapt-1.16.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8e9723528b9f787dc59168369e42ae1c3b0d3fadb2f1a71de14531d321ee05b0"}, + {file = "wrapt-1.16.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:dbed418ba5c3dce92619656802cc5355cb679e58d0d89b50f116e4a9d5a9603e"}, + {file = "wrapt-1.16.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:941988b89b4fd6b41c3f0bfb20e92bd23746579736b7343283297c4c8cbae68f"}, + {file = "wrapt-1.16.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:6a42cd0cfa8ffc1915aef79cb4284f6383d8a3e9dcca70c445dcfdd639d51267"}, + {file = "wrapt-1.16.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:1ca9b6085e4f866bd584fb135a041bfc32cab916e69f714a7d1d397f8c4891ca"}, + {file = "wrapt-1.16.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:d5e49454f19ef621089e204f862388d29e6e8d8b162efce05208913dde5b9ad6"}, + {file = "wrapt-1.16.0-cp38-cp38-win32.whl", hash = "sha256:c31f72b1b6624c9d863fc095da460802f43a7c6868c5dda140f51da24fd47d7b"}, + {file = "wrapt-1.16.0-cp38-cp38-win_amd64.whl", hash = "sha256:490b0ee15c1a55be9c1bd8609b8cecd60e325f0575fc98f50058eae366e01f41"}, + {file = "wrapt-1.16.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:9b201ae332c3637a42f02d1045e1d0cccfdc41f1f2f801dafbaa7e9b4797bfc2"}, + {file = "wrapt-1.16.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:2076fad65c6736184e77d7d4729b63a6d1ae0b70da4868adeec40989858eb3fb"}, + {file = "wrapt-1.16.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c5cd603b575ebceca7da5a3a251e69561bec509e0b46e4993e1cac402b7247b8"}, + {file = "wrapt-1.16.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b47cfad9e9bbbed2339081f4e346c93ecd7ab504299403320bf85f7f85c7d46c"}, + {file = "wrapt-1.16.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f8212564d49c50eb4565e502814f694e240c55551a5f1bc841d4fcaabb0a9b8a"}, + {file = "wrapt-1.16.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:5f15814a33e42b04e3de432e573aa557f9f0f56458745c2074952f564c50e664"}, + {file = "wrapt-1.16.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:db2e408d983b0e61e238cf579c09ef7020560441906ca990fe8412153e3b291f"}, + {file = "wrapt-1.16.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:edfad1d29c73f9b863ebe7082ae9321374ccb10879eeabc84ba3b69f2579d537"}, + {file = "wrapt-1.16.0-cp39-cp39-win32.whl", hash = "sha256:ed867c42c268f876097248e05b6117a65bcd1e63b779e916fe2e33cd6fd0d3c3"}, + {file = "wrapt-1.16.0-cp39-cp39-win_amd64.whl", hash = "sha256:eb1b046be06b0fce7249f1d025cd359b4b80fc1c3e24ad9eca33e0dcdb2e4a35"}, + {file = "wrapt-1.16.0-py3-none-any.whl", hash = "sha256:6906c4100a8fcbf2fa735f6059214bb13b97f75b1a61777fcf6432121ef12ef1"}, + {file = "wrapt-1.16.0.tar.gz", hash = "sha256:5f370f952971e7d17c7d1ead40e49f32345a7f7a5373571ef44d800d06b1899d"}, ] [metadata] lock-version = "2.0" python-versions = "^3.10" -content-hash = "b6bdcfda2961ddc33f23e4c1dd867dc44ef566b1bc1923fea369b8ae315594fb" +content-hash = "a5a74a030e4fb41c99c1201bdaf4c8f9c38eb380df91436cc9d34c5c1588947d" diff --git a/pyproject.toml b/pyproject.toml index 0bebbf420..088f3662d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,15 +30,12 @@ pytest-mock = "^3.8.2" pytest-xdist = "^3.1.0" ruyaml = "^0.91.0" -[tool.poetry.group.docs.dependencies] -mkdocs-material = "^8.5.7" - [build-system] requires = ["poetry-core>=1.0.0", "poetry-dynamic-versioning"] build-backend = "poetry_dynamic_versioning.backend" [tool.poetry-dynamic-versioning] -enable = true +enable = false [tool.isort] profile = "black" diff --git a/roles/kube_prometheus_stack/README.md b/roles/kube_prometheus_stack/README.md index cea325664..8cd1b349d 100644 --- a/roles/kube_prometheus_stack/README.md +++ b/roles/kube_prometheus_stack/README.md @@ -1,269 +1 @@ # `kube_prometheus_stack` - -There is a Grafana deployemnt with a few dashboards that are created by default -and a Prometheus deployment that is used to collect metrics from the cluster -which sends alerts to AlertManager. In addition, Loki is deployed to collect -logs from the cluster using Vector. - -## Philosophy - -Atmosphere's monitoring philosophy is strongly aligned with the principles -outlined in the Google Site Reliability Engineering (SRE) book. Our approach -focuses on alerting on conditions that are symptomatic of issues which directly -impact the service or system health, rather than simply monitoring the state of -individual components. - -### Severity Levels - -Our alerting system classifies incidents into different severity levels based on -their impact on the system and users. - -- **P1** (Critical): This level is used for incidents causing a complete - service disruption or significant loss of functionality across the entire - Atmosphere platform. Immediate response, attention, and action are necessary - regardless of business hours. - -- **P2** (High): This level is for incidents that affect a large group of users - or critical system components. These incidents require swift attention and - action, regardless of business hours, but do not cause a total disruption. - -- **P3** (Moderate): This level is for incidents that affect a smaller group of - users or a single system. These incidents require attention and may necessitate - action during business hours. - -- **P4** (Low): This level is used for minor issues that have a limited impact - on a small subset of users or system functionality. These incidents require - attention and action, if necessary, during standard business hours. - -- **P5** (Informational): This is the lowest level of severity, used for - providing information about normal system activities or minor issues that - don't significantly impact users or system functionality. These incidents - typically do not require immediate attention or action and are addressed - during standard business hours. - -### Alerting Philosophy - -Our alerting philosophy aims to alert the right people at the right time. Most -alerts, if they are affecting a single system, would trigger a lower priority -level (P4 or P5). However, if an issue is affecting the entire control plane of -a specific service, it might escalate to a P3 or P2. And if the whole service -is unavailable, it becomes a P1. - -We believe in minimizing alert noise to ensure that alerts are meaningful and -actionable. Our goal is to have every alert provide enough information to -initiate an immediate and effective response, regardless of business hours for -high priority alerts. - -We continue to refine our monitoring and alerting strategies to ensure that we -are effectively identifying and responding to incidents. The ultimate goal is -to provide a reliable and high-quality service to all our users. - -## Viewing data - -### Grafana dashboard - -By default, an `Ingress` is created for Grafana using the `kube_prometheus_stack_grafana_host` -variable. The default login is `admin` and the password is the value of -`kube_prometheus_stack_grafana_admin_password`. - -You can view the existing dashboards by going to _Manage_ > _Dashboards_. You -can also check any alerts that are currently firing by going to _Alerting_ > -_Alerts_. - -### Prometheus dashboard - -By default, Prometheus dashboard is not enabled. In order to enable this, you -need to configure the following options. `kube_prometheus_stack_prometheus_host` -variable should be defined also or you can replace that with the hostname directly. - -```yaml -kube_prometheus_stack_helm_values: - prometheus: - ingress: - ingressClassName: "{{ kube_prometheus_stack_grafana_ingress_class_name }}" - enabled: true - annotations: - cert-manager.io/cluster-issuer: atmosphere - hosts: - - "{{ kube_prometheus_stack_prometheus_host }}" - tls: - - secretName: prometheus-tls - hosts: - - "{{ kube_prometheus_stack_prometheus_host }}" -``` - -Once this is done and deployed, an `Ingress` is created for Prometheus so you can -access its dashboard. - -You can enable IP whitelisting or basic HTTP authentication by adding proper -annotations in the above configurations. - -- Whitelist source range - -```yaml -kube_prometheus_stack_helm_values: - prometheus: - ingress: - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/24,172.10.0.1" -``` - -- Basic HTTP authentication - -```yaml -kube_prometheus_stack_helm_values: - prometheus: - ingress: - annotations: - nginx.ingress.kubernetes.io/auth-type: basic - nginx.ingress.kubernetes.io/auth-secret: basic-auth-secret-name -``` - -You can find available annotation list [here](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#annotations). - -### Alertmanager dashboard - -By default, Alertmanager dashboard is not enabled. In order to enable this, you -need to configure the following options. `kube_prometheus_stack_alertmanager_host` -variable should be defined also or you can replace that with the hostname directly. - -```yaml -kube_prometheus_stack_helm_values: - alertmanager: - ingress: - ingressClassName: "{{ kube_prometheus_stack_grafana_ingress_class_name }}" - enabled: true - annotations: - cert-manager.io/cluster-issuer: atmosphere - hosts: - - "{{ kube_prometheus_stack_alertmanager_host }}" - tls: - - secretName: alertmanager-tls - hosts: - - "{{ kube_prometheus_stack_alertmanager_host }}" -``` - -Once this is done and deployed, an `Ingress` is created for Alertmanager so you can -access its dashboard. - -## Integrations - -### OpsGenie - -Atmosphere can be integrated with OpsGenie in order to send all alerts to it, -this is useful if you want to have a single place to manage all your alerts. - -In order to get started, you will need to complete the following steps inside -OpsGenie: - -1. Create an integration inside OpsGenie, you can do this by going to - _Settings_ > _Integrations_ > _Add Integration_ and selecting _Prometheus_. -2. Copy the API key that is generated for you and setup correct assignment - rules inside OpsGenie. -3. Create a new heartbeat inside OpsGenie, you can do this by going to - _Settings_ > _Heartbeats_ > _Create Heartbeat_. Set the interval to 1 minute. - -Afterwards, you can configure the following options for the Atmosphere config: - -```yaml -kube_prometheus_stack_helm_values: - alertmanager: - config: - receivers: - - name: "null" - - name: notifier - opsgenie_configs: - - api_key: API_KEY - message: >- - {% raw -%} - {{ .GroupLabels.alertname }} - {%- endraw %} - priority: >- - {% raw -%} - {{- if eq .GroupLabels.severity "critical" -}} - P1 - {{- else if eq .GroupLabels.severity "warning" -}} - P3 - {{- else if eq .GroupLabels.severity "info" -}} - P5 - {{- else -}} - {{ .GroupLabels.severity }} - {{- end -}} - {%- endraw %} - description: |- - {% raw -%} - {{ if gt (len .Alerts.Firing) 0 -}} - Alerts Firing: - {{ range .Alerts.Firing }} - - Message: {{ .Annotations.message }} - Labels: - {{ range .Labels.SortedPairs }} - {{ .Name }} = {{ .Value }} - {{ end }} Annotations: - {{ range .Annotations.SortedPairs }} - {{ .Name }} = {{ .Value }} - {{ end }} Source: {{ .GeneratorURL }} - {{ end }} - {{- end }} - {{ if gt (len .Alerts.Resolved) 0 -}} - Alerts Resolved: - {{ range .Alerts.Resolved }} - - Message: {{ .Annotations.message }} - Labels: - {{ range .Labels.SortedPairs }} - {{ .Name }} = {{ .Value }} - {{ end }} Annotations: - {{ range .Annotations.SortedPairs }} - {{ .Name }} = {{ .Value }} - {{ end }} Source: {{ .GeneratorURL }} - {{ end }} - {{- end }} - {%- endraw %} - - name: heartbeat - webhook_configs: - - url: https://api.opsgenie.com/v2/heartbeats/HEARTBEAT_NAME/ping - send_resolved: false - http_config: - basic_auth: - password: API_KEY -``` - -Once this is done and deployed, you'll start to see alerts inside OpsGenie and -you can also verify that the heartbeat is listed as _ACTIVE_. - -## Alerts - -### Network - -#### `NodeNetworkMulticast` - -This alert is triggered when a node is receiving large volumes of multicast -traffic which can be a sign of a misconfigured network or a malicious actor. - -This can result in high CPU usage on the node and can cause the node to become -unresponsive. Also, it can be the cause of a very high amount of software -interrupts on the node. - -In order to find the root cause of this issue, you can use the following -commands: - -```console -iftop -ni $DEV -f 'multicast and not broadcast' -``` - -With the command above, you're able to see which IP addresses are sending the -multicast traffic. Once you have the IP address, you can use the following -command to find the server behind it: - -```console -openstack server list --all-projects --long -n --ip $IP -``` - -### etcd - -#### `etcdDatabaseHighFragmentationRatio` - -```console -kubectl -n kube-system exec svc/kube-prometheus-stack-kube-etcd -- \ - etcdctl defrag \ - --cluster \ - --cacert /etc/kubernetes/pki/etcd/ca.crt \ - --key /etc/kubernetes/pki/etcd/server.key \ - --cert /etc/kubernetes/pki/etcd/server.crt -``` diff --git a/tox.ini b/tox.ini index 2ae75ad00..87b669feb 100644 --- a/tox.ini +++ b/tox.ini @@ -69,3 +69,21 @@ setenv = ovn: ATMOSPHERE_NETWORK_BACKEND = ovn commands = molecule test -s aio + +[testenv:docs] +envdir = {toxworkdir}/docs +deps = + -r{toxinidir}/doc/requirements.txt +allowlist_externals = + rm +commands = + rm -rf doc/build/html doc/build/doctrees + sphinx-build -W --keep-going -b html -j auto doc/source doc/build/html + +[testenv:docs-serve] +envdir = {[testenv:docs]envdir} +deps = {[testenv:docs]deps} +allowlist_externals = {[testenv:docs]allowlist_externals} +commands = + rm -rf doc/build/html doc/build/doctrees + sphinx-autobuild doc/source doc/build/html diff --git a/zuul.d/container-images/base.yaml b/zuul.d/container-images/base.yaml index f2467fe68..021dbfce5 100644 --- a/zuul.d/container-images/base.yaml +++ b/zuul.d/container-images/base.yaml @@ -23,11 +23,15 @@ - job: name: atmosphere-buildset-registry parent: ci-buildset-registry + irrelevant-files: + - ^doc/ - job: name: atmosphere-build-container-image parent: ci-build-container-image abstract: true + irrelevant-files: + - ^doc/ vars: &image_vars container_command: docker promote_container_image_method: intermediate-registry @@ -41,6 +45,8 @@ name: atmosphere-upload-container-image parent: ci-upload-container-image abstract: true + irrelevant-files: + - ^doc/ secrets: name: container_registry_credentials secret: atmosphere-registry-credentials @@ -50,6 +56,8 @@ - job: name: atmosphere-promote-container-image parent: ci-promote-container-image + irrelevant-files: + - ^doc/ secrets: name: container_registry_credentials secret: atmosphere-registry-credentials diff --git a/zuul.d/docs.yaml b/zuul.d/docs.yaml new file mode 100644 index 000000000..fe627e2d0 --- /dev/null +++ b/zuul.d/docs.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- project: + check: + jobs: + - atmosphere-docs + gate: + jobs: + - atmosphere-docs + +- job: + name: atmosphere-docs + parent: tox-docs + files: + - ^doc/ diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index c78e4f1c5..704fdca55 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -1,17 +1,3 @@ -# Copyright (c) 2024 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - job: name: atmosphere-linters parent: tox-linters @@ -21,6 +7,8 @@ name: atmosphere-build-collection pre-run: zuul.d/playbooks/build-collection/pre.yml run: zuul.d/playbooks/build-collection/run.yml + irrelevant-files: + - ^doc/ - job: name: atmosphere-publish-collection @@ -36,6 +24,8 @@ pre-run: zuul.d/playbooks/molecule/pre.yml run: zuul.d/playbooks/molecule/run.yml post-run: zuul.d/playbooks/molecule/post.yml + irrelevant-files: + - ^doc/ - job: name: atmosphere-molecule-csi From f681c0ab14a7036388ca8cddd82ccc2806f6b39e Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Tue, 30 Apr 2024 19:09:48 -0400 Subject: [PATCH 28/45] [stable/zed] Add Storpool CSI support (#1172) This is an automated cherry-pick of #1153 /assign mnaser --- roles/csi/meta/main.yml | 2 + roles/storpool_csi/README.md | 1 + .../storpool-csi-controllerplugin-rbac.yaml | 86 ++++++++++ .../files/storpool-csi-controllerplugin.yaml | 150 ++++++++++++++++++ .../files/storpool-csi-driver.yaml | 8 + .../files/storpool-csi-nodeplugin-rbac.yaml | 28 ++++ .../files/storpool-csi-nodeplugin.yaml | 102 ++++++++++++ roles/storpool_csi/meta/main.yml | 32 ++++ roles/storpool_csi/tasks/main.yml | 33 ++++ 9 files changed, 442 insertions(+) create mode 100644 roles/storpool_csi/README.md create mode 100644 roles/storpool_csi/files/storpool-csi-controllerplugin-rbac.yaml create mode 100644 roles/storpool_csi/files/storpool-csi-controllerplugin.yaml create mode 100644 roles/storpool_csi/files/storpool-csi-driver.yaml create mode 100644 roles/storpool_csi/files/storpool-csi-nodeplugin-rbac.yaml create mode 100644 roles/storpool_csi/files/storpool-csi-nodeplugin.yaml create mode 100644 roles/storpool_csi/meta/main.yml create mode 100644 roles/storpool_csi/tasks/main.yml diff --git a/roles/csi/meta/main.yml b/roles/csi/meta/main.yml index 4fe8bdd6d..58e6c8b8f 100644 --- a/roles/csi/meta/main.yml +++ b/roles/csi/meta/main.yml @@ -36,3 +36,5 @@ dependencies: when: csi_driver == "rbd" - role: powerstore_csi when: csi_driver == "powerstore" + - role: storpool_csi + when: csi_driver == "storpool" diff --git a/roles/storpool_csi/README.md b/roles/storpool_csi/README.md new file mode 100644 index 000000000..f5c38d5b5 --- /dev/null +++ b/roles/storpool_csi/README.md @@ -0,0 +1 @@ +# `storpool_csi` diff --git a/roles/storpool_csi/files/storpool-csi-controllerplugin-rbac.yaml b/roles/storpool_csi/files/storpool-csi-controllerplugin-rbac.yaml new file mode 100644 index 000000000..323841132 --- /dev/null +++ b/roles/storpool_csi/files/storpool-csi-controllerplugin-rbac.yaml @@ -0,0 +1,86 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: storpool-csi-controller-sa + namespace: kube-system + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-binding +subjects: + - kind: ServiceAccount + name: storpool-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: storpool-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-provisioner-role + apiGroup: rbac.authorization.k8s.io diff --git a/roles/storpool_csi/files/storpool-csi-controllerplugin.yaml b/roles/storpool_csi/files/storpool-csi-controllerplugin.yaml new file mode 100644 index 000000000..cb9f9fd5b --- /dev/null +++ b/roles/storpool_csi/files/storpool-csi-controllerplugin.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: storpool-csi-controllerplugin + namespace: kube-system +spec: + selector: + matchLabels: + name: storpool-csi-controllerplugin + template: + metadata: + labels: + name: storpool-csi-controllerplugin + spec: + serviceAccountName: storpool-csi-controller-sa + containers: + - name: storpool-csi-plugin + image: cts.storpool.com/storpool-csi/release:1.0.0 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: SP_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + volumeMounts: + - name: storpool-conf + mountPath: /etc/storpool.conf + readOnly: true + - name: storpool-dir + mountPath: /usr/lib/storpool + readOnly: true + - name: socket-dir + mountPath: /csi + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0 + args: + - "--csi-address=$(ADDRESS)" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - '--leader-election' + - '--http-endpoint=:8080' + ports: + - name: http-endpoint + containerPort: 8080 + protocol: TCP + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + livenessProbe: + httpGet: + path: /healthz/leader-election + port: http-endpoint + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 10 + periodSeconds: 20 + successThreshold: 1 + failureThreshold: 1 + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.0 + args: + - "--csi-address=$(ADDRESS)" + - '--leader-election' + - '--http-endpoint=:8081' + ports: + - name: http-endpoint + containerPort: 8081 + protocol: TCP + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + livenessProbe: + httpGet: + path: /healthz/leader-election + port: http-endpoint + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 10 + periodSeconds: 20 + successThreshold: 1 + failureThreshold: 1 + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.8.0 + args: + - '--csi-address=$(ADDRESS)' + - '--leader-election' + - '--http-endpoint=:8082' + ports: + - name: http-endpoint + containerPort: 8082 + protocol: TCP + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + livenessProbe: + httpGet: + path: /healthz/leader-election + port: http-endpoint + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 10 + periodSeconds: 20 + successThreshold: 1 + failureThreshold: 1 + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 + args: + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: storpool-conf + hostPath: + path: /etc/storpool.conf + type: File + - name: storpool-dir + hostPath: + path: /usr/lib/storpool + type: Directory + - name: socket-dir + emptyDir: {} diff --git a/roles/storpool_csi/files/storpool-csi-driver.yaml b/roles/storpool_csi/files/storpool-csi-driver.yaml new file mode 100644 index 000000000..f68b0564e --- /dev/null +++ b/roles/storpool_csi/files/storpool-csi-driver.yaml @@ -0,0 +1,8 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.storpool.com +spec: + attachRequired: true + volumeLifecycleModes: + - Persistent diff --git a/roles/storpool_csi/files/storpool-csi-nodeplugin-rbac.yaml b/roles/storpool_csi/files/storpool-csi-nodeplugin-rbac.yaml new file mode 100644 index 000000000..3ee041c18 --- /dev/null +++ b/roles/storpool_csi/files/storpool-csi-nodeplugin-rbac.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: storpool-csi-node-sa + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin-role +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin-binding +subjects: + - kind: ServiceAccount + name: storpool-csi-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-nodeplugin-role + apiGroup: rbac.authorization.k8s.io diff --git a/roles/storpool_csi/files/storpool-csi-nodeplugin.yaml b/roles/storpool_csi/files/storpool-csi-nodeplugin.yaml new file mode 100644 index 000000000..f071927e7 --- /dev/null +++ b/roles/storpool_csi/files/storpool-csi-nodeplugin.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: storpool-csi-nodeplugin + namespace: kube-system +spec: + selector: + matchLabels: + name: storpool-csi-nodeplugin + template: + metadata: + labels: + name: storpool-csi-nodeplugin + spec: + serviceAccountName: storpool-csi-node-sa + nodeSelector: + kubernetes.io/os: linux + containers: + - name: storpool-csi-plugin + image: cts.storpool.com/storpool-csi/release:1.0.0 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: SP_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + securityContext: + privileged: true + capabilities: + add: [ "SYS_ADMIN" ] + allowPrivilegeEscalation: true + volumeMounts: + - name: storpool-conf + mountPath: /etc/storpool.conf + readOnly: true + - name: dev-dir + mountPath: /dev + mountPropagation: HostToContainer + - name: storpool-dir + mountPath: /usr/lib/storpool + readOnly: true + - name: socket-dir + mountPath: /csi + - name: mountpoint-dir + mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + - name: node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0 + args: + - "--csi-address=/csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/csi.storpool.com/csi.sock" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: k8s.gcr.io/sig-storage/livenessprobe:v2.11.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: storpool-conf + hostPath: + path: /etc/storpool.conf + type: File + - name: dev-dir + hostPath: + path: /dev + type: Directory + - name: storpool-dir + hostPath: + path: /usr/lib/storpool + type: Directory + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.storpool.com + type: DirectoryOrCreate + - name: mountpoint-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory diff --git a/roles/storpool_csi/meta/main.yml b/roles/storpool_csi/meta/main.yml new file mode 100644 index 000000000..ff28cf381 --- /dev/null +++ b/roles/storpool_csi/meta/main.yml @@ -0,0 +1,32 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +galaxy_info: + author: VEXXHOST, Inc. + description: Ansible role for Storpool CSI + license: Apache-2.0 + min_ansible_version: 5.5.0 + standalone: false + platforms: + - name: EL + versions: + - "8" + - "9" + - name: Ubuntu + versions: + - focal + - jammy + +dependencies: + - role: defaults diff --git a/roles/storpool_csi/tasks/main.yml b/roles/storpool_csi/tasks/main.yml new file mode 100644 index 000000000..acc3cf9e7 --- /dev/null +++ b/roles/storpool_csi/tasks/main.yml @@ -0,0 +1,33 @@ +--- +- name: Deploy CSI RBAC + kubernetes.core.k8s: + state: present + definition: "{{ lookup('file', 'storpool-csi-' ~ item.name ~ '-rbac.yaml') | from_yaml_all }}" + loop: + - name: controllerplugin + - name: nodeplugin + +- name: Deploy CSI + kubernetes.core.k8s: + state: present + definition: + - "{{ lookup('file', 'storpool-csi-controllerplugin.yaml') | from_yaml }}" + - "{{ lookup('file', 'storpool-csi-driver.yaml') | from_yaml }}" + - "{{ lookup('file', 'storpool-csi-nodeplugin.yaml') | from_yaml }}" + +- name: Create StorageClass + kubernetes.core.k8s: + state: present + definition: + apiVersion: storage.k8s.io/v1 + kind: StorageClass + metadata: + name: general + annotations: + storageclass.kubernetes.io/is-default-class: "true" + provisioner: csi.storpool.com + allowVolumeExpansion: true + volumeBindingMode: WaitForFirstConsumer + reclaimPolicy: Delete + parameters: + template: "{{ storpool_csi_template }}" From 142ca1957fdc07f149d78dc832f155cb8ce9a28d Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Tue, 30 Apr 2024 19:12:04 -0400 Subject: [PATCH 29/45] [stable/zed] Sync uWSGI placement changes (#1171) This is an automated cherry-pick of #1140 /assign mnaser --- charts/placement/templates/configmap-etc.yaml | 3 +++ charts/placement/values.yaml | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/placement/templates/configmap-etc.yaml b/charts/placement/templates/configmap-etc.yaml index e34b2c61d..efd651613 100644 --- a/charts/placement/templates/configmap-etc.yaml +++ b/charts/placement/templates/configmap-etc.yaml @@ -73,5 +73,8 @@ data: policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} placement.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.placement | b64enc }} placement-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.placement_api_uwsgi | b64enc }} +{{- if .Values.manifests.certificates }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-placement.conf" "format" "Secret" ) | indent 2 }} +{{- end }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} {{- end }} diff --git a/charts/placement/values.yaml b/charts/placement/values.yaml index c57526760..0f27a2476 100644 --- a/charts/placement/values.yaml +++ b/charts/placement/values.yaml @@ -138,7 +138,7 @@ conf: datefmt: "%Y-%m-%d %H:%M:%S" placement_api_uwsgi: uwsgi: - processes: 4 + processes: 1 add-header: "Connection: close" buffer-size: 65535 chunked-input-limit: "4096000" @@ -158,7 +158,6 @@ conf: thunder-lock: true worker-reload-mercy: 80 wsgi-file: /var/lib/openstack/bin/placement-api - endpoints: cluster_domain_suffix: cluster.local local_image_registry: From b775bab41a56e181452e2d9794d6e50de855f1ce Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Thu, 2 May 2024 12:04:34 -0400 Subject: [PATCH 30/45] [stable/zed] feat: containerize openstack cli (#1173) This is an automated cherry-pick of #972 /assign mnaser --- images/python-openstackclient/Dockerfile | 36 +++++++++ playbooks/suspend_project.yml | 18 ++++- playbooks/terminate_project.yml | 6 +- roles/barbican/tasks/main.yml | 4 + roles/defaults/vars/main.yml | 1 + roles/octavia/tasks/generate_resources.yml | 4 + roles/octavia/tasks/main.yml | 4 + roles/openstack_cli/defaults/main.yml | 31 ++++---- roles/openstack_cli/meta/main.yml | 10 ++- roles/openstack_cli/tasks/main.yml | 33 +++++--- .../openstack_cli/templates/atmosphere.sh.j2 | 14 ++++ roles/openstack_cli/templates/openrc.j2 | 2 +- roles/openstacksdk/defaults/main.yml | 15 ++++ roles/openstacksdk/tasks/main.yml | 7 +- roles/openstacksdk/templates/clouds.yaml.j2 | 2 +- .../python-openstackclient.yaml | 76 +++++++++++++++++++ 16 files changed, 225 insertions(+), 38 deletions(-) create mode 100644 images/python-openstackclient/Dockerfile create mode 100644 roles/openstack_cli/templates/atmosphere.sh.j2 create mode 100644 roles/openstacksdk/defaults/main.yml create mode 100644 zuul.d/container-images/python-openstackclient.yaml diff --git a/images/python-openstackclient/Dockerfile b/images/python-openstackclient/Dockerfile new file mode 100644 index 000000000..291269955 --- /dev/null +++ b/images/python-openstackclient/Dockerfile @@ -0,0 +1,36 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +ARG RELEASE + +FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build +RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < Date: Thu, 2 May 2024 18:05:41 -0400 Subject: [PATCH 31/45] [stable/zed] ipmi-exporter: Ignore sensor IDs 88/109/111 (Entity Presence) (#1176) This is an automated cherry-pick of #1174 /assign mnaser --- roles/ipmi_exporter/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/ipmi_exporter/defaults/main.yml b/roles/ipmi_exporter/defaults/main.yml index 3b5e77665..4d044dd00 100644 --- a/roles/ipmi_exporter/defaults/main.yml +++ b/roles/ipmi_exporter/defaults/main.yml @@ -30,8 +30,11 @@ ipmi_exporter_config: - 57 # Entity Presence (Dell PowerEdge servers) - 59 # Entity Presence (Dell PowerEdge servers) - 82 + - 88 # Entity Presence (Dell PowerEdge servers) - 89 # BP Presence (Dell PowerEdge servers) - 90 # BP Presence (Dell PowerEdge servers) + - 109 # Entity Presence (Dell PowerEdge servers) + - 111 # Entity Presence (Dell PowerEdge servers) - 164 - 167 # Entity Presence (Dell PowerEdge servers) - 168 From 3408746b36266b24dfde45303108b9eaf83aaca5 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Fri, 10 May 2024 16:49:17 +0100 Subject: [PATCH 32/45] [stable/zed] Add evacuate notes (#1206) This is an automated cherry-pick of #1205 /assign mnaser --- doc/source/admin/maintenance.rst | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/doc/source/admin/maintenance.rst b/doc/source/admin/maintenance.rst index 362b152cd..f1998c826 100644 --- a/doc/source/admin/maintenance.rst +++ b/doc/source/admin/maintenance.rst @@ -5,6 +5,90 @@ Maintenance Guide This guide provides instructions for regular maintenance tasks necessary to ensure the smooth and secure operation of the system. +******************************** +Evacuating Nodes for Maintenance +******************************** + +When you need to perform maintenance on a node, you will need to evacuate the +node to ensure that no workloads are running on it. Depending on the type of +node you are evacuating, you will need to use different commands. + +Control Plane Node +================== + +To evacuate a control plane node, you will need to drain the node. This will +cause all the control plane components to be moved to other nodes in the +cluster. To drain a control plane node, run the following command against +the node you want to drain: + +.. code-block:: console + + $ kubectl drain --ignore-daemonsets --delete-local-data + +In the example above, you would replace ```` with the name of the +node you want to drain. Once this process is complete, you can safely perform +maintenance on the node. + +When you are done with the maintenance, you can uncordon the node by running +the following command: + +.. code-block:: console + + $ kubectl uncordon + +Compute Node +============ + +In order to evacuate a compute node, you will need to start by disabling the +OpenStack compute service on the node. This will prevent new workloads from +being scheduled on the node. To disable the OpenStack compute service, run +the following command against the node you want to evacuate: + +.. code-block:: console + + $ openstack compute service set --disable nova-compute + +In the example above, you would replace ```` with the name of the +node you want to evacuate. Once the OpenStack compute service has been +disabled, you will need to evacuate all the virtual machines running on the +node. To do this, run the following command: + +.. code-block:: console + + $ nova host-evacuate-live + +In the example above, you would replace ```` with the name of the +node you want to evacuate. This command will live migrate all the virtual +machines running on the node to other nodes in the cluster. + +.. admonition:: Note + + It is generally not recommended to use the ``nova`` client however the + ``nova host-evacuate-live`` command is not available in the ``openstack`` + client (see `bug 2055552 `_). + +You can monitor the progress of this operation by seeing if there are any VMs +left on the node by running the following command: + +.. code-block:: console + + $ openstack server list --host + +Once all the virtual machines have been evacuated, you can safely perform +maintenance on the node. When you are done with the maintenance, you can +reenable the OpenStack compute service by running the following command: + +.. code-block:: console + + $ openstack compute service set --enable nova-compute + +.. admonition:: Note + + Once you enable the compute service, the node will start accepting new + VMs but it will not automatically move the VMs back to the node. You will + need to manually move the VMs back to the node if you want them to run + there. + ********************* Renewing Certificates ********************* From 5049bc3b33b51ef619ac289517c527fb7646445f Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Sat, 11 May 2024 23:28:47 +0100 Subject: [PATCH 33/45] [stable/zed] docs/glance: Fix typo in image_format section name for cinder backend (#1207) This is an automated cherry-pick of #1204 /assign mnaser --- doc/source/deploy/glance.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/deploy/glance.rst b/doc/source/deploy/glance.rst index f2f560b75..d4bb78f7f 100644 --- a/doc/source/deploy/glance.rst +++ b/doc/source/deploy/glance.rst @@ -33,7 +33,7 @@ managing images as block storage volumes, apply the following configuration: glance_store: stores: cinder default_store: cinder - image_formats: + image_format: disk_formats: raw This configuration sets Cinder as the default and only storage backend for From aaba759fb3a47de5155963eff4f8a307c9d68c15 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 18 May 2024 22:24:02 +0200 Subject: [PATCH 34/45] ci: fix collection publish --- zuul.d/playbooks/build-collection/publish.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/zuul.d/playbooks/build-collection/publish.yml b/zuul.d/playbooks/build-collection/publish.yml index 0c2f8eb8b..d188da4ca 100644 --- a/zuul.d/playbooks/build-collection/publish.yml +++ b/zuul.d/playbooks/build-collection/publish.yml @@ -51,8 +51,6 @@ ANSIBLE_CONFIG: "{{ _ansiblecfg_tmp.path }}" ansible.builtin.shell: | {{ ansible_galaxy_executable }} collection publish -vvv {{ item.path }} - args: - chdir: "{{ zuul.project.src_dir }}" loop: "{{ result.files }}" always: From 085fcb719e67503e82ee2a55f327b7273d59d7c3 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 18 May 2024 22:26:03 +0200 Subject: [PATCH 35/45] Release 1.11.1 --- .release-please-manifest.json | 2 +- galaxy.yml | 2 +- pyproject.toml | 2 +- roles/defaults/defaults/main.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index cf198b9b3..1b796cf0d 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "1.11.0" + ".": "1.11.1" } diff --git a/galaxy.yml b/galaxy.yml index e2cd762a5..fa7617079 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: vexxhost name: atmosphere -version: 1.11.0 +version: 1.11.1 readme: README.md authors: - Mohammed Naser diff --git a/pyproject.toml b/pyproject.toml index 088f3662d..0d31a9bd7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "atmosphere" -version = "1.11.0" +version = "1.11.1" description = "" authors = ["Mohammed Naser "] readme = "README.md" diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml index b40c227f7..29c18bf4d 100644 --- a/roles/defaults/defaults/main.yml +++ b/roles/defaults/defaults/main.yml @@ -12,7 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. -atmosphere_version: 1.11.0 # x-release-please-version +atmosphere_version: 1.11.1 # x-release-please-version # Ingress atmosphere_ingress_class_name: atmosphere From 4e3bcb34f70faefd2332c06f156fd61b632d83df Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 18 May 2024 22:36:04 +0200 Subject: [PATCH 36/45] add earthlyignore to build_ignore --- galaxy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/galaxy.yml b/galaxy.yml index fa7617079..a49f7c111 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -42,6 +42,7 @@ build_ignore: - molecule - tests - .coveragerc + - .earthlyignore - .flake8 - .gitignore - .markdownlint.yaml From 0e5600e0953f4fbd733670becd9d50f0794877c9 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Sat, 18 May 2024 22:29:42 +0100 Subject: [PATCH 37/45] [stable/zed] fix: use kubelet_hostname instead of inventory_hostname_short (#1213) This is an automated cherry-pick of #1177 /assign mnaser --- roles/kubernetes_node_labels/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kubernetes_node_labels/tasks/main.yml b/roles/kubernetes_node_labels/tasks/main.yml index 774d3e8cc..42a6a776a 100644 --- a/roles/kubernetes_node_labels/tasks/main.yml +++ b/roles/kubernetes_node_labels/tasks/main.yml @@ -17,7 +17,7 @@ kubernetes.core.k8s: state: patched kind: Node - name: "{{ inventory_hostname_short }}" + name: "{{ kubelet_hostname | default(inventory_hostname_short) }}" definition: metadata: labels: "{{ kubernetes_node_labels }}" From 1d1b3080b72aba9f381e10dc6bdd8060c48615cb Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Sun, 19 May 2024 00:41:48 +0100 Subject: [PATCH 38/45] [stable/zed] Add python-ironicclient to Nova image (#1220) This is an automated cherry-pick of #1190 /assign mnaser --- images/nova/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile index 6921c3aa6..5d5ddee2e 100644 --- a/images/nova/Dockerfile +++ b/images/nova/Dockerfile @@ -22,6 +22,7 @@ RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < Date: Mon, 20 May 2024 12:57:16 +0200 Subject: [PATCH 39/45] fix(images): change zed branch name (#1225) zed is unmaintained and the branch name changed from stable/zed to unmaintained/zed --- images/glance/Dockerfile | 2 +- images/horizon/Dockerfile | 16 ++++++++-------- images/neutron/Dockerfile | 2 +- images/octavia/Dockerfile | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/images/glance/Dockerfile b/images/glance/Dockerfile index 3e1756c12..1e2c5d637 100644 --- a/images/glance/Dockerfile +++ b/images/glance/Dockerfile @@ -18,7 +18,7 @@ FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build ARG GLANCE_GIT_REF=06a18202ab52c64803f044b8f848ed1c160905d2 ADD --keep-git-dir=true https://opendev.org/openstack/glance.git#${GLANCE_GIT_REF} /src/glance RUN git -C /src/glance fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/glance_store.git#stable/zed /src/glance_store +ADD --keep-git-dir=true https://opendev.org/openstack/glance_store.git#unmaintained/zed /src/glance_store RUN git -C /src/glance_store fetch --unshallow COPY patches/glance_store /patches/glance_store RUN git -C /src/glance_store apply --verbose /patches/glance_store/* diff --git a/images/horizon/Dockerfile b/images/horizon/Dockerfile index c119e1146..21816a54b 100644 --- a/images/horizon/Dockerfile +++ b/images/horizon/Dockerfile @@ -18,21 +18,21 @@ FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build ARG HORIZON_GIT_REF=5de40f9b222608d35c5a0919117259e966217a86 ADD --keep-git-dir=true https://opendev.org/openstack/horizon.git#${HORIZON_GIT_REF} /src/horizon RUN git -C /src/horizon fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/designate-dashboard.git#stable/zed /src/designate-dashboard +ADD --keep-git-dir=true https://opendev.org/openstack/designate-dashboard.git#unmaintained/zed /src/designate-dashboard RUN git -C /src/designate-dashboard fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/heat-dashboard.git#stable/zed /src/heat-dashboard +ADD --keep-git-dir=true https://opendev.org/openstack/heat-dashboard.git#unmaintained/zed /src/heat-dashboard RUN git -C /src/heat-dashboard fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/ironic-ui.git#stable/zed /src/ironic-ui +ADD --keep-git-dir=true https://opendev.org/openstack/ironic-ui.git#unmaintained/zed /src/ironic-ui RUN git -C /src/ironic-ui fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/magnum-ui.git#stable/zed /src/magnum-ui +ADD --keep-git-dir=true https://opendev.org/openstack/magnum-ui.git#unmaintained/zed /src/magnum-ui RUN git -C /src/magnum-ui fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/manila-ui.git#stable/zed /src/manila-ui +ADD --keep-git-dir=true https://opendev.org/openstack/manila-ui.git#unmaintained/zed /src/manila-ui RUN git -C /src/manila-ui fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas-dashboard.git#stable/zed /src/neutron-vpnaas-dashboard +ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas-dashboard.git#unmaintained/zed /src/neutron-vpnaas-dashboard RUN git -C /src/neutron-vpnaas-dashboard fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/octavia-dashboard.git#stable/zed /src/octavia-dashboard +ADD --keep-git-dir=true https://opendev.org/openstack/octavia-dashboard.git#unmaintained/zed /src/octavia-dashboard RUN git -C /src/octavia-dashboard fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/senlin-dashboard.git#stable/zed /src/senlin-dashboard +ADD --keep-git-dir=true https://opendev.org/openstack/senlin-dashboard.git#unmaintained/zed /src/senlin-dashboard RUN git -C /src/senlin-dashboard fetch --unshallow COPY patches/horizon /patches/horizon RUN git -C /src/horizon apply --verbose /patches/horizon/* diff --git a/images/neutron/Dockerfile b/images/neutron/Dockerfile index 38b3d720a..6d5276398 100644 --- a/images/neutron/Dockerfile +++ b/images/neutron/Dockerfile @@ -18,7 +18,7 @@ FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build ARG NEUTRON_GIT_REF=ca25eb96f16dbe5ff1ca4446534f9a1d12fa7035 ADD --keep-git-dir=true https://opendev.org/openstack/neutron.git#${NEUTRON_GIT_REF} /src/neutron RUN git -C /src/neutron fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas.git#stable/zed /src/neutron-vpnaas +ADD --keep-git-dir=true https://opendev.org/openstack/neutron-vpnaas.git#unmaintained/zed /src/neutron-vpnaas RUN git -C /src/neutron-vpnaas fetch --unshallow COPY patches/neutron /patches/neutron RUN git -C /src/neutron apply --verbose /patches/neutron/* diff --git a/images/octavia/Dockerfile b/images/octavia/Dockerfile index 688ce282f..583dc4a65 100644 --- a/images/octavia/Dockerfile +++ b/images/octavia/Dockerfile @@ -18,7 +18,7 @@ FROM registry.atmosphere.dev/library/openstack-venv-builder:${RELEASE} AS build ARG OCTAVIA_GIT_REF=000b577f3e9c9ff7cb893e9f6e635753017a78c6 ADD --keep-git-dir=true https://opendev.org/openstack/octavia.git#${OCTAVIA_GIT_REF} /src/octavia RUN git -C /src/octavia fetch --unshallow -ADD --keep-git-dir=true https://opendev.org/openstack/ovn-octavia-provider.git#stable/zed /src/ovn-octavia-provider +ADD --keep-git-dir=true https://opendev.org/openstack/ovn-octavia-provider.git#unmaintained/zed /src/ovn-octavia-provider RUN git -C /src/ovn-octavia-provider fetch --unshallow RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private < Date: Mon, 20 May 2024 11:57:18 +0100 Subject: [PATCH 40/45] [stable/zed] feat: add Cloudflare ACME solver (#1221) This is an automated cherry-pick of #1217 /assign mnaser --- roles/cluster_issuer/defaults/main.yml | 4 ++ .../tasks/type/acme/solver/cloudflare.yml | 44 +++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 roles/cluster_issuer/tasks/type/acme/solver/cloudflare.yml diff --git a/roles/cluster_issuer/defaults/main.yml b/roles/cluster_issuer/defaults/main.yml index f66a24697..407acafbe 100644 --- a/roles/cluster_issuer/defaults/main.yml +++ b/roles/cluster_issuer/defaults/main.yml @@ -23,6 +23,10 @@ cluster_issuer_acme_solver: http01 cluster_issuer_acme_http01_ingress_class: "{{ atmosphere_ingress_class_name }}" +cluster_issuer_acme_cloudflare_secret_name: cloudflare-api-token +cluster_issuer_acme_cloudflare_email: "{{ cluster_issuer_acme_email }}" +#cluster_issuer_acme_cloudflare_api_token: + cluster_issuer_acme_rfc2136_secret_name: cert-manager-issuer-tsig-secret-key # cluster_issuer_acme_rfc2136_nameserver: : # cluster_issuer_acme_rfc2136_tsig_algorithm: diff --git a/roles/cluster_issuer/tasks/type/acme/solver/cloudflare.yml b/roles/cluster_issuer/tasks/type/acme/solver/cloudflare.yml new file mode 100644 index 000000000..431b08ea5 --- /dev/null +++ b/roles/cluster_issuer/tasks/type/acme/solver/cloudflare.yml @@ -0,0 +1,44 @@ +# Copyright (c) 2024 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Create ClusterIssuer + kubernetes.core.k8s: + state: present + definition: + - apiVersion: v1 + kind: Secret + metadata: + name: "{{ cluster_issuer_acme_cloudflare_secret_name }}" + namespace: cert-manager + type: Opaque + stringData: + api-token: "{{ cluster_issuer_acme_cloudflare_api_token }}" + + - apiVersion: cert-manager.io/v1 + kind: ClusterIssuer + metadata: + name: "{{ cluster_issuer_name }}" + spec: + acme: + email: "{{ cluster_issuer_acme_email }}" + server: "{{ cluster_issuer_acme_server }}" + privateKeySecretRef: + name: "{{ cluster_issuer_acme_private_key_secret_name }}" + solvers: + - dns01: + cloudflare: + email: "{{ cluster_issuer_acme_cloudflare_email }}" + apiTokenSecretRef: + name: "{{ cluster_issuer_acme_cloudflare_secret_name }}" + key: api-token From de3a8f3458be8ac0324fd4b156fc4e4269b42819 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Mon, 20 May 2024 11:57:20 +0100 Subject: [PATCH 41/45] [stable/zed] fix: Horizon custom logo format error with SVG file (#1222) This is an automated cherry-pick of #1208 /assign ricolin --- .charts.yml | 4 ++ charts/horizon/templates/bin/_horizon.sh.tpl | 27 +++++++++++-- charts/horizon/values.yaml | 1 + doc/source/config/horizon.rst | 42 ++++++++++++++++++++ doc/source/config/index.rst | 1 + 5 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 doc/source/config/horizon.rst diff --git a/.charts.yml b/.charts.yml index 71f4afce2..6b75e0560 100644 --- a/.charts.yml +++ b/.charts.yml @@ -73,6 +73,10 @@ charts: version: 0.3.15 repository: *openstack_helm_repository dependencies: *openstack_helm_dependencies + patches: + gerrit: + review.opendev.org: + - 919480 - name: ingress-nginx version: 4.0.17 repository: diff --git a/charts/horizon/templates/bin/_horizon.sh.tpl b/charts/horizon/templates/bin/_horizon.sh.tpl index 8d2b0be2d..4f4be33c7 100644 --- a/charts/horizon/templates/bin/_horizon.sh.tpl +++ b/charts/horizon/templates/bin/_horizon.sh.tpl @@ -87,9 +87,30 @@ function start () { # Copy custom logo images {{- if .Values.manifests.configmap_logo }} - cp /tmp/favicon.ico ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/favicon.ico - cp /tmp/logo.svg ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/logo.svg - cp /tmp/logo-splash.svg ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/logo-splash.svg + if [ -f /tmp/favicon.ico ]; then + favicon=$(cat /tmp/favicon.ico) + if [[ "$favicon" =~ ^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$ ]]; then + echo $(echo $favicon | base64 --decode) > ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/favicon.ico + else + cp /tmp/favicon.ico ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/favicon.ico + fi + fi + if [ -f /tmp/logo-splash.svg ]; then + logo_splash=$(cat /tmp/logo-splash.svg) + if [[ "$logo_splash" =~ ^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$ ]]; then + echo $(echo $logo_splash | base64 --decode) > ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/logo-splash.svg + else + cp /tmp/logo-splash.svg ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/logo-splash.svg + fi + fi + if [ -f /tmp/logo.svg ]; then + logo=$(cat /tmp/logo.svg) + if [[ "$logo" =~ ^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$ ]]; then + echo $(echo $logo | base64 --decode) > ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/logo.svg + else + cp /tmp/logo.svg ${SITE_PACKAGES_ROOT}/openstack_dashboard/static/dashboard/img/logo.svg + fi + fi {{- end }} # Compress Horizon's assets. diff --git a/charts/horizon/values.yaml b/charts/horizon/values.yaml index 8cfaf5b48..ebc46b2d8 100644 --- a/charts/horizon/values.yaml +++ b/charts/horizon/values.yaml @@ -77,6 +77,7 @@ conf: - status horizon: branding: + # logo, logo_splash and favicon accepts base64 encoded string. logo: logo_splash: favicon: diff --git a/doc/source/config/horizon.rst b/doc/source/config/horizon.rst new file mode 100644 index 000000000..c20344755 --- /dev/null +++ b/doc/source/config/horizon.rst @@ -0,0 +1,42 @@ +####### +Horizon +####### + +The Horizon component serves as the web-based user interface for OpenStack, +allowing users to interact with the cloud infrastructure. + +By default, Horizon is configured to work out of the box with minimal changes +needed. However, it can be extensively customized to fit the branding and +requirements of your organization. + +.. admonition:: Deploying Horizon + + If you make any changes to Horizon only and you want to deploy the Horizon + changes only, you can run the following command: + + .. code-block:: bash + + ansible-playbook vexxhost.atmosphere.openstack -t horizon + +******** +Branding +******** + +To customize the logos used in the Horizon dashboard, you need to update the +Horizon Helm values with your custom logo files. Follow the steps below: + +.. code-block:: yaml + + horizon_helm_values: + conf: + horizon: + branding: + logo: "{{ lookup('file', inventory_dir ~ '/files/logo.svg') | b64encode }}" + logo_splash: "{{ lookup('file', inventory_dir ~ '/files/logo-splash.svg') | b64encode }}" + favicon: "{{ lookup('file', inventory_dir ~ '/files/favicon.svg') | b64encode }}" + manifests: + configmap_logo: true + +It's recommended that you use ``base64`` encoded string for the values since the +content of the files might contain special characters that could be wrongly +handled by Helm, such as SVG files. diff --git a/doc/source/config/index.rst b/doc/source/config/index.rst index 6e6cb56ee..e37c3ba2d 100644 --- a/doc/source/config/index.rst +++ b/doc/source/config/index.rst @@ -6,3 +6,4 @@ Configuration Guide :maxdepth: 2 ingress + horizon From 1cc59944e161baea7f524a37e728e3f6d9c10976 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Mon, 20 May 2024 16:04:26 +0200 Subject: [PATCH 42/45] [stable/zed] fix: Install qemu-block-extra in nova, cinder, ironic images (#1224) This is an automated cherry-pick of #1184 Depends-On: #1225 /assign mnaser --- images/glance/Dockerfile | 2 +- images/ironic/Dockerfile | 2 +- images/nova/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/glance/Dockerfile b/images/glance/Dockerfile index 1e2c5d637..26693279e 100644 --- a/images/glance/Dockerfile +++ b/images/glance/Dockerfile @@ -38,7 +38,7 @@ FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE} RUN < Date: Fri, 24 May 2024 16:40:40 +0200 Subject: [PATCH 43/45] [stable/zed] Ignore ansible-lint warnings about storpool files and zuul.d dir (#1237) This is an automated cherry-pick of #1228 /assign mnaser --- .ansible-lint | 2 ++ galaxy.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.ansible-lint b/.ansible-lint index 99ed62575..c81fa73ed 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -8,6 +8,8 @@ exclude_paths: - plugins/filter - roles/defaults/vars/main.yml - roles/kube_prometheus_stack/files/jsonnet + - roles/storpool_csi/files + - zuul.d mock_roles: - opendev.container_registry diff --git a/galaxy.yml b/galaxy.yml index a49f7c111..22423f747 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -46,6 +46,7 @@ build_ignore: - .flake8 - .gitignore - .markdownlint.yaml + - .mypy_cache - .pre-commit-config.yaml - .python-version - .release-please-manifest.json From d65a2912c0bcc0bddc2acabec5fd1b73b0f849a2 Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Fri, 24 May 2024 16:41:56 +0200 Subject: [PATCH 44/45] [stable/zed] feat: trust private acme CA (#1238) This is an automated cherry-pick of #1233 /assign mnaser --- roles/cluster_issuer/defaults/main.yml | 2 ++ roles/openstack_cli/templates/atmosphere.sh.j2 | 5 ++++- roles/openstack_cli/templates/openrc.j2 | 4 +++- roles/openstacksdk/templates/clouds.yaml.j2 | 4 +++- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/roles/cluster_issuer/defaults/main.yml b/roles/cluster_issuer/defaults/main.yml index 407acafbe..15db6a484 100644 --- a/roles/cluster_issuer/defaults/main.yml +++ b/roles/cluster_issuer/defaults/main.yml @@ -15,6 +15,8 @@ cluster_issuer_name: "{{ atmosphere_ingress_cluster_issuer }}" cluster_issuer_type: acme +cluster_issuer_acme_private_ca: false + cluster_issuer_acme_server: https://acme-v02.api.letsencrypt.org/directory # cluster_issuer_acme_email: cluster_issuer_acme_private_key_secret_name: cert-manager-issuer-account-key diff --git a/roles/openstack_cli/templates/atmosphere.sh.j2 b/roles/openstack_cli/templates/atmosphere.sh.j2 index 416a8253a..00635a1ef 100644 --- a/roles/openstack_cli/templates/atmosphere.sh.j2 +++ b/roles/openstack_cli/templates/atmosphere.sh.j2 @@ -3,7 +3,10 @@ alias osc='nerdctl run --rm --network host \ --volume /etc/openstack:/etc/openstack:ro \ {% if cluster_issuer_type is defined and cluster_issuer_type in ('self-signed', 'ca') %} --volume {{ '/usr/local/share/ca-certificates/atmosphere.crt:/usr/local/share/ca-certificates/atmosphere.crt:ro' if ansible_facts['os_family'] - in ['Debian'] else '/etc/pki/ca-trust/source/anchors/atmosphere.crt:/etc/pki/ca-trust/source/anchors/atmosphere.crt:ro' }} \ + in ['Debian'] else '/etc/pki/ca-trust/source/anchors/atmosphere.crt:/usr/local/share/ca-certificates/atmosphere.crt:ro' }} \ +{% elif cluster_issuer_acme_private_ca is defined and cluster_issuer_acme_private_ca | bool %} + --volume {{ '/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro' if ansible_facts['os_family'] + in ['Debian'] else '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:/etc/ssl/certs/ca-certificates.crt:ro' }} \ {% endif %} --env-file <(env | grep OS_) \ {{ atmosphere_images['openstack_cli'] }}' diff --git a/roles/openstack_cli/templates/openrc.j2 b/roles/openstack_cli/templates/openrc.j2 index 87e5e3407..a5d7acb3e 100644 --- a/roles/openstack_cli/templates/openrc.j2 +++ b/roles/openstack_cli/templates/openrc.j2 @@ -12,5 +12,7 @@ export OS_PROJECT_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin {% if cluster_issuer_type is defined and cluster_issuer_type in ('self-signed', 'ca') %} -export OS_CACERT={{ '/usr/local/share/ca-certificates' if ansible_facts['os_family'] in ['Debian'] else '/etc/pki/ca-trust/source/anchors' }}/atmosphere.crt +export OS_CACERT=/usr/local/share/ca-certificates/atmosphere.crt +{% elif cluster_issuer_acme_private_ca is defined and cluster_issuer_acme_private_ca | bool %} +export OS_CACERT=/etc/ssl/certs/ca-certificates.crt {% endif %} diff --git a/roles/openstacksdk/templates/clouds.yaml.j2 b/roles/openstacksdk/templates/clouds.yaml.j2 index efb224539..5b4787902 100644 --- a/roles/openstacksdk/templates/clouds.yaml.j2 +++ b/roles/openstacksdk/templates/clouds.yaml.j2 @@ -9,5 +9,7 @@ clouds: project_domain_name: Default region_name: "{{ openstack_helm_endpoints_keystone_region_name }}" {% if cluster_issuer_type is defined and cluster_issuer_type in ('self-signed', 'ca') %} - cacert: "{{ '/usr/local/share/ca-certificates' if ansible_facts['os_family'] in ['Debian'] else '/etc/pki/ca-trust/source/anchors' }}/atmosphere.crt" + cacert: "/usr/local/share/ca-certificates/atmosphere.crt" +{% elif cluster_issuer_acme_private_ca is defined and cluster_issuer_acme_private_ca | bool %} + cacert: "/etc/ssl/certs/ca-certificates.crt" {% endif %} From 893f27af17c9bcd8ef96f700472ee5b4dec8d1ad Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Thu, 30 May 2024 13:30:41 -0400 Subject: [PATCH 45/45] [stable/zed] Fix OVN CI stability --- ...fail-on-missing-logical-router-ports.patch | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 images/neutron/patches/neutron/0002-Do-not-fail-on-missing-logical-router-ports.patch diff --git a/images/neutron/patches/neutron/0002-Do-not-fail-on-missing-logical-router-ports.patch b/images/neutron/patches/neutron/0002-Do-not-fail-on-missing-logical-router-ports.patch new file mode 100644 index 000000000..75adbfae1 --- /dev/null +++ b/images/neutron/patches/neutron/0002-Do-not-fail-on-missing-logical-router-ports.patch @@ -0,0 +1,84 @@ +From ece6a9a7acab20d5a39f54784427258d54b72cfd Mon Sep 17 00:00:00 2001 +From: yatinkarel +Date: Tue, 28 May 2024 13:11:58 +0530 +Subject: [PATCH] [stable only] Do not fail on missing logical router ports + +set_gateway_mtu runs for all the gateway ports for a network +and if one of the ports get's deleted in meanwhile +whole transaction fails. + +To handle this we need to add if_exists=True to the transaction +but for that it needs to be supported in ovsdbapp. It's fixed +in ovsdbapp with [1] but would require to bump ovsdbapp +minimal version in requirements.txt which we normally don't +do for stable branches. + +So using "update_lrouter_port" instead as that have the +required option available. Before [2] that was only used +but during the switch if_exists part was missed. + +[1] https://review.opendev.org/q/I56685478214aae7b6d3a2a3187297ad4eb1869a3 +[2] https://review.opendev.org/c/openstack/neutron/+/762695 + +Closes-Bug: #2065701 +Related-Bug: #2060163 +Change-Id: I447990509cdea9830228d3bc92a97062cc57a472 +(cherry picked from commit 5bdd0efb3970a52c60043f166bc728778ac3f395) +Conflicts: + neutron/tests/unit/fake_resources.py +--- + +diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +index 3e7bc5c..266e97f 100644 +--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py ++++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +@@ -2093,7 +2093,8 @@ + for port in ports: + lrp_name = utils.ovn_lrouter_port_name(port['id']) + options = self._gen_router_port_options(port, prov_net) +- commands.append(self._nb_idl.lrp_set_options(lrp_name, **options)) ++ commands.append(self._nb_idl.update_lrouter_port( ++ lrp_name, if_exists=True, **options)) + self._transaction(commands, txn=txn) + + def update_network(self, context, network, original_network=None): +diff --git a/neutron/tests/unit/fake_resources.py b/neutron/tests/unit/fake_resources.py +index 003db6a..bca73ee 100644 +--- a/neutron/tests/unit/fake_resources.py ++++ b/neutron/tests/unit/fake_resources.py +@@ -62,7 +62,6 @@ + self.get_acls_for_lswitches = mock.Mock() + self.create_lrouter = mock.Mock() + self.lrp_del = mock.Mock() +- self.lrp_set_options = mock.Mock() + self.update_lrouter = mock.Mock() + self.delete_lrouter = mock.Mock() + self.add_lrouter_port = mock.Mock() +diff --git a/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py b/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py +index b0c77ec..4c61c946 100644 +--- a/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py ++++ b/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py +@@ -2446,8 +2446,8 @@ + self.mech_driver.update_network_postcommit(fake_ctx) + + lrp_name = ovn_utils.ovn_lrouter_port_name(port['port']['id']) +- self.nb_ovn.lrp_set_options.assert_called_once_with( +- lrp_name, **expected_opts) ++ self.nb_ovn.update_lrouter_port.assert_called_once_with( ++ lrp_name, if_exists=True, **expected_opts) + + def test_update_network_need_to_frag_enabled(self): + ovn_conf.cfg.CONF.set_override('ovn_emit_need_to_frag', True, +diff --git a/neutron/tests/unit/services/ovn_l3/test_plugin.py b/neutron/tests/unit/services/ovn_l3/test_plugin.py +index 53d3957..fb686b3 100644 +--- a/neutron/tests/unit/services/ovn_l3/test_plugin.py ++++ b/neutron/tests/unit/services/ovn_l3/test_plugin.py +@@ -1678,7 +1678,7 @@ + self.l3_inst._nb_ovn.add_lrouter_port.assert_called_once_with( + **fake_router_port_assert) + # Since if_exists = True it will safely return +- self.l3_inst._nb_ovn.lrp_set_options( ++ self.l3_inst._nb_ovn.update_lrouter_port( + name='lrp-router-port-id', if_exists=True, + options=fake_router_port_assert) + # If no if_exists is provided, it is defaulted to true, so this