Merge branch 'monitoring' into 'master'

refactor `kube-prometheus-stack` into `monitoring` chart * refactor to `monitoring` chart * point monitoring to `master` * remove flimsy conditional check for IPS and just _always_ set IPS, rely on IPS graceful fallbacks (to system creds) if not present * lint See merge request platform-one/big-bang/umbrella!29

Merge branch 'monitoring' into 'master'
a8c7db58 · joshwolf · 2c2fac96 · 7d8b0620 · a8c7db58 · a8c7db58
Commit a8c7db58 authored 4 years ago by joshwolf
--- a/chart/templates/clusterauditor/clusterauditor-helmrelease.yaml
+++ b/chart/templates/clusterauditor/clusterauditor-helmrelease.yaml
@@ -14,6 +14,7 @@ spec:
        kind: GitRepository
        name: cluster-auditor
        namespace: {{ .Release.Namespace }}
+
  {{- with .Values.flux }}
  interval: {{ .interval }}
  test:
@@ -30,15 +31,16 @@ spec:
    timeout: {{ .rollback.timeout }}
    cleanupOnFail: {{ .rollback.cleanupOnFail }}
  {{- end }}
+
+  valuesFrom:
+    - name: values
+      kind: Secret
+      valuesKey: "clusterauditor.yaml"
+
  values:
    #conversion from umbrella values to package values
-    {{- if and (ne .Values.registryCredentials.username "") (ne .Values.registryCredentials.password "") }}
    imagePullSecrets: [ private-registry ]
-    {{- end }}
-  valuesFrom:
-  - name: values
-    kind: Secret
-    valuesKey: "clusterauditor.yaml"
+
  dependsOn:
  - name: ek
    namespace: {{ .Release.Namespace }}

--- a/chart/templates/clusterauditor/clusterauditor-policies-helmrelease.yaml
+++ b/chart/templates/clusterauditor/clusterauditor-policies-helmrelease.yaml
@@ -31,10 +31,12 @@ spec:
    timeout: {{ .rollback.timeout }}
    cleanupOnFail: {{ .rollback.cleanupOnFail }}
  {{- end }}
+
  valuesFrom:
  - name: values
    kind: Secret
    valuesKey: "clusterauditor.yaml"
+
  {{- if .Values.gatekeeper.enabled }}
  dependsOn:
  - name: gatekeeper

--- a/chart/templates/gatekeeper/gatekeeper-helmrelease.yaml
+++ b/chart/templates/gatekeeper/gatekeeper-helmrelease.yaml
@@ -43,7 +43,6 @@ spec:
      release: v3.1.2
    disableValidatingWebhook: true
    createNamespace: false
-    {{- if and (ne .Values.registryCredentials.username "") (ne .Values.registryCredentials.password "") }}
-    imagePullSecrets: [ private-registry ]
-    {{- end }}
+    imagePullSecrets:
+      - name: private-registry
 {{- end }}
\ No newline at end of file
--- a/chart/templates/istio/istio-controlplane-helmrelease.yaml
+++ b/chart/templates/istio/istio-controlplane-helmrelease.yaml
@@ -36,12 +36,12 @@ spec:
    - name: values
      kind: Secret
      valuesKey: "istio.yaml"
+
  values:
    hostname: {{ .Values.hostname }}

-    {{- if and (ne .Values.registryCredentials.username "") (ne .Values.registryCredentials.password "") }}
-    imagePullSecrets: [ private-registry ]
-    {{- end }}
+    imagePullSecrets:
+      - private-registry

  dependsOn:
    - name: istio-operator

--- a/chart/templates/istio/istio-operator-helmrelease.yaml
+++ b/chart/templates/istio/istio-operator-helmrelease.yaml
@@ -37,9 +37,8 @@ spec:
    tag: 1.7.3
    createNamespace: false

-    {{- if and (ne .Values.registryCredentials.username "") (ne .Values.registryCredentials.password "") }}
-    imagePullSecrets: [ private-registry ]
-    {{- end }}
+    imagePullSecrets:
+      - name: private-registry

  {{- if .Values.gatekeeper.enabled }}
  dependsOn:

--- a/chart/templates/logging/ek-helmrelease.yaml
+++ b/chart/templates/logging/ek-helmrelease.yaml
@@ -43,18 +43,14 @@ spec:
    kibana:
      version: 7.9.2

-      {{- if and (ne .Values.registryCredentials.username "") (ne .Values.registryCredentials.password "") }}
      imagePullSecrets:
        - name: private-registry
-      {{- end }}

    elasticsearch:
      version: 7.9.2

-      {{- if and (ne .Values.registryCredentials.username "") (ne .Values.registryCredentials.password "") }}
      imagePullSecrets:
        - name: private-registry
-      {{- end }}

  {{/* ECK and Logging _always_ depend on .Values.logging being enabled, so can assume they exist here */}}
  dependsOn:

--- a/chart/templates/logging/fluentbit-helmrelease.yaml
+++ b/chart/templates/logging/fluentbit-helmrelease.yaml
@@ -38,10 +38,8 @@ spec:
      password:
        secret: "logging-ek-es-elastic-user"

-    {{- if and (ne .Values.registryCredentials.username "") (ne .Values.registryCredentials.password "") }}
    imagePullSecrets:
      - name: private-registry
-    {{- end }}

  {{/* ECK and Logging _always_ depend on .Values.logging being enabled, so can assume they exist here */}}
  dependsOn:

--- a/chart/templates/monitoring/kube-prometheus-stack-helmrelease.yaml
+++ b/chart/templates/monitoring/kube-prometheus-stack-helmrelease.yaml
@@ -8,7 +8,7 @@ spec:
  targetNamespace: monitoring
  chart:
    spec:
-      chart: charts/kube-prometheus-stack
+      chart: chart
      interval: 5m
      sourceRef:
        kind: GitRepository
@@ -38,50 +38,29 @@ spec:
      valuesKey: "monitoring.yaml"

  values:
-    fullnameOverride: monitoring
-
    global:
      imagePullSecrets:
        - name: private-registry

-    alertmanager:
-      alertmanagerSpec:
-        image:
-          repository: registry1.dsop.io/ironbank/opensource/prometheus/alertmanager
-          tag: v0.21.0
-      enabled: true
-
    grafana:
-    # https://github.com/grafana/helm-charts/blob/main/charts/grafana/templates/_pod.tpl#L148-L151
-
      image:
-        repository: registry1.dsop.io/ironbank/opensource/grafana/grafana
-        tag: 7.1.3-1
        pullSecrets:
        - private-registry
-      enabled: true
-
-    prometheus:
-      enabled: true
-      prometheusSpec:
-        # service port naming conventions
-        portName: http-web

    prometheusOperator:
-      image:
-        repository: registry1.dsop.io/ironbank/opensource/coreos/prometheus-operator
-        tag: v0.42.1
-      configmapReloadImage:
-        repository: registry1.dsop.io/ironbank/opensource/jimmidyson/configmap-reload
-        tag: v0.4.0
      createCustomResource: true
-      enabled: true
      manageCrds: true

  # TODO: DRY this up
-  {{- if .Values.gatekeeper.enabled }}
+  {{- if or .Values.gatekeeper.enabled .Values.istio.enabled }}
  dependsOn:
+  {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.gatekeeper.enabled }}
    - name: gatekeeper
      namespace: {{ .Release.Namespace }}
  {{- end }}
+  {{- end }}
 {{- end }}
\ No newline at end of file
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -62,7 +62,7 @@ monitoring:
  enabled: true
  git:
    repo: https://repo1.dsop.io/platform-one/big-bang/apps/core/monitoring.git
-    branch: release-v0.2.x
+    branch: master
    # commit: ""
    # tag: ""
  values: {}

--- a/examples/complete/envs/dev/kustomization.yaml
+++ b/examples/complete/envs/dev/kustomization.yaml
@@ -8,11 +8,3 @@ resources:

 patchesStrategicMerge:
  - patch-bigbang.yaml
-  - |-
-    apiVersion: source.toolkit.fluxcd.io/v1beta1
-    kind: GitRepository
-    metadata:
-      name: bigbang
-    spec:
-      ref:
-        branch: valuesfrom
\ No newline at end of file
--- a/examples/complete/envs/dev/patch-bigbang.yaml
+++ b/examples/complete/envs/dev/patch-bigbang.yaml
@@ -14,6 +14,10 @@ spec:
      rollback:
        cleanupOnFail: false

+    # clusterAuditor:
+
+#    monitoring:
+
    logging:
      # Directly modify chart values for dev workloads
      values: