Unverified Commit 4eb7881d authored by Giacomo Tirabassi's avatar Giacomo Tirabassi Committed by GitHub

making telegraf-operator work (#92)

* making telegraf-operator work * cutting a new version of the chart * addressed review
parent 21c78bc2
...@@ -31,7 +31,7 @@ type: application ...@@ -31,7 +31,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
version: 1.0.0 version: 1.0.1
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. # incremented each time you make changes to the application.
......
# Telegraf-operator # Telegraf-operator
> Default installation expects cert-manager to be running in the cluster
## Usage ## Usage
```console ```console
...@@ -17,9 +15,16 @@ helm install telegraf-operator influxdata/telegraf-operator ...@@ -17,9 +15,16 @@ helm install telegraf-operator influxdata/telegraf-operator
helm template --namespace=telegraf-operator telegraf-operator . helm template --namespace=telegraf-operator telegraf-operator .
``` ```
Testing CI template Test installation with Kind
```shell ```shell
helm template --namespace=telegraf-operator --values=./ci/values.yaml telegraf-operator . kind create cluster --name=telegraf-operator-test
kubectl config use-context kind-telegraf-operator-test
kubectl apply -f tests/influxdb.yml
helm install telegraf-operator .
kubectl apply -f tests/redis.yml
kind delete cluster --name=telegraf-operator-test
``` ```
## Cert-manager integration
For better security there is already an integration with cert-manger >0.13 that can be enabled but you have to provide your own instalation of cert-manager in the cluster
replicaCount: 3
image:
repository: quay.io/influxdb/telegraf-operator
pullPolicy: IfNotPresent
sidecarImage: "docker.io/library/telegraf:1.14.1"
classes:
secretName: "telegraf-operator-classes"
default: "infra"
data:
infra: |
[[outputs.influxdb]]
urls = ["http://influxdb.influxdb:8086"]
[global_tags]
env = "ci"
hostname = "$HOSTNAME"
nodename = "$NODENAME"
type = "infra"
certManager:
chart:
enable: false
certificate:
enable: false
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Annotations to add to the service account
annotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
nodeSelector: {}
tolerations: []
affinity: {}
...@@ -65,10 +65,49 @@ Create the name of the service account to use ...@@ -65,10 +65,49 @@ Create the name of the service account to use
{{/* {{/*
Generate certificates for telegraf-operator mutating webhook Generate certificates for telegraf-operator mutating webhook
*/}} */}}
{{- define "telegraf-operator.gen-certs" -}} {{- define "telegraf-operator.non_certmanager" -}}
{{- $altNames := list ( printf "%s.%s" (include "telegraf-operator.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "telegraf-operator.name" .) .Release.Namespace ) -}} {{- $altNames := list ( printf "%s.%s" (include "telegraf-operator.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "telegraf-operator.name" .) .Release.Namespace ) -}}
{{- $ca := genCA "telegraf-operator-ca" 365 -}} {{- $ca := genCA "telegraf-operator-ca" 365 -}}
{{- $cert := genSignedCert ( include "telegraf-operator.name" . ) nil $altNames 365 $ca -}} {{- $cert := genSignedCert ( include "telegraf-operator.name" . ) nil $altNames 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }} apiVersion: admissionregistration.k8s.io/v1beta1
tls.key: {{ $cert.Key | b64enc }} kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ .Values.namespace }}/{{ include "telegraf-operator.fullname" . }}"
labels:
{{- include "telegraf-operator.labels" . | nindent 4 }}
name: {{ include "telegraf-operator.fullname" . }}
webhooks:
- clientConfig:
service:
name: {{ include "telegraf-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-pod
caBundle: {{ $ca.Cert | b64enc }}
failurePolicy: Ignore
name: telegraf.influxdata.com
rules:
- apiGroups:
- '*'
apiVersions:
- '*'
operations:
- CREATE
- DELETE
resources:
- pods
---
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: telegraf-operator-tls
labels:
{{- include "telegraf-operator.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation"
data:
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end -}} {{- end -}}
{{- if eq .Values.certManager.enable true -}}
apiVersion: admissionregistration.k8s.io/v1beta1 apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
metadata: metadata:
...@@ -24,3 +25,4 @@ webhooks: ...@@ -24,3 +25,4 @@ webhooks:
- DELETE - DELETE
resources: resources:
- pods - pods
{{- end }}
...@@ -6,18 +6,3 @@ metadata: ...@@ -6,18 +6,3 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
stringData: {{ .Values.classes.data | toYaml | nindent 2 }} stringData: {{ .Values.classes.data | toYaml | nindent 2 }}
{{- end }} {{- end }}
---
{{- if eq .Values.certManager.enable false -}}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: telegraf-operator-tls
labels:
{{- include "telegraf-operator.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation"
data:
{{ ( include "telegraf-operator.gen-certs" . ) | indent 2 }}
{{- end }}
{{- if eq .Values.certManager.enable false -}}
{{ ( include "telegraf-operator.non_certmanager" . ) }}
{{- end }}
apiVersion: v1
kind: Namespace
metadata:
name: influxdb
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: influxdb
namespace: influxdb
spec:
replicas: 1
selector:
matchLabels:
app: influxdb
template:
metadata:
labels:
app: influxdb
spec:
containers:
- name: influxdb
image: influxdb:1.7.9
- name: chronograf
image: chronograf:1.6.2
args: ["--influxdb-url=http://localhost:8086"]
---
apiVersion: v1
kind: Service
metadata:
labels:
app: influxdb
name: influxdb
namespace: influxdb
spec:
ports:
- name: server
port: 8086
- name: chronograf
port: 8888
selector:
app: influxdb
apiVersion: v1
kind: Namespace
metadata:
name: test
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
namespace: test
spec:
selector:
matchLabels:
app: redis
serviceName: redis
template:
metadata:
labels:
app: redis
annotations:
telegraf.influxdata.com/ports: "8080,9090"
spec:
containers:
- name: redis
image: redis:alpine
...@@ -7,7 +7,15 @@ image: ...@@ -7,7 +7,15 @@ image:
classes: classes:
secretName: "telegraf-operator-classes" secretName: "telegraf-operator-classes"
default: "infra" default: "infra"
data: {} data:
infra: |
[[outputs.influxdb]]
urls = ["http://influxdb.influxdb:8086"]
[global_tags]
env = "ci"
hostname = "$HOSTNAME"
nodename = "$NODENAME"
type = "infra"
certManager: certManager:
enable: false enable: false
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment