-
Notifications
You must be signed in to change notification settings - Fork 68
/
rhelemeter-template.yaml
199 lines (199 loc) · 5.36 KB
/
rhelemeter-template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
apiVersion: template.openshift.io/v1
kind: Template
metadata:
name: rhelemeter
objects:
- apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: rhelemeter-server
name: rhelemeter-server-client-info
stringData:
client-info.json: |-
{
"config": {
"common_name_header": "x-rh-certauth-cn",
"issuer_header": "x-rh-certauth-issuer",
"secret_header": "x-rh-rhelemeter-gateway-secret"
},
"secret": "${RHELEMETER_CLIENT_INFO_PSK}"
}
type: Opaque
- apiVersion: apps/v1
kind: Deployment
metadata:
name: rhelemeter-server
spec:
replicas: ${{REPLICAS}}
selector:
matchLabels:
k8s-app: rhelemeter-server
template:
metadata:
labels:
k8s-app: rhelemeter-server
spec:
containers:
- command:
- /usr/bin/rhelemeter-server
- --listen=0.0.0.0:8443
- --listen-internal=0.0.0.0:8081
- --tls-key=/etc/pki/service/tls.key
- --tls-crt=/etc/pki/service/tls.crt
- --internal-tls-key=/etc/pki/service/tls.key
- --internal-tls-crt=/etc/pki/service/tls.crt
- --client-info-data-file=/etc/external/client-info.json
- --oidc-issuer=$(OIDC_ISSUER)
- --client-id=$(CLIENT_ID)
- --client-secret=$(CLIENT_SECRET)
- --whitelist={__name__="system_cpu_logical_count"}
- --log-level=${RHELEMETER_LOG_LEVEL}
- --limit-bytes=5242880
- --tenant-id=${RHELEMETER_TENANT_ID}
- --forward-url=${RHELEMETER_FORWARD_URL}
env:
- name: OIDC_ISSUER
valueFrom:
secretKeyRef:
key: oidc_issuer
name: rhelemeter-server
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: rhelemeter-server
- name: CLIENT_ID
valueFrom:
secretKeyRef:
key: client_id
name: rhelemeter-server
image: ${IMAGE}:${IMAGE_TAG}
livenessProbe:
httpGet:
path: /healthz
port: 8081
scheme: HTTPS
name: rhelemeter-server
ports:
- containerPort: 8443
name: external
- containerPort: 8081
name: internal
readinessProbe:
httpGet:
path: /healthz/ready
port: 8081
scheme: HTTPS
resources:
limits:
cpu: ${RHELEMETER_SERVER_CPU_LIMIT}
memory: ${RHELEMETER_SERVER_MEMORY_LIMIT}
requests:
cpu: ${RHELEMETER_SERVER_CPU_REQUEST}
memory: ${RHELEMETER_SERVER_MEMORY_REQUEST}
volumeMounts:
- mountPath: /etc/pki/service
name: rhelemeter-server-tls
readOnly: false
- mountPath: /etc/external
name: rhelemeter-server-client-info
readOnly: false
serviceAccountName: rhelemeter-server
volumes:
- name: secret-rhelemeter-server
secret:
secretName: rhelemeter-server
- name: rhelemeter-server-tls
secret:
secretName: rhelemeter-server-shared
- name: rhelemeter-server-client-info
secret:
secretName: rhelemeter-server-client-info
- apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: rhelemeter-server
name: rhelemeter-server
stringData:
client_id: ${RHELEMETER_CLIENT_ID}
client_secret: ${RHELEMETER_CLIENT_SECRET}
oidc_issuer: ${RHELEMETER_OIDC_ISSUER}
type: Opaque
- apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.openshift.io/serving-cert-secret-name: rhelemeter-server-shared
labels:
k8s-app: rhelemeter-server
name: rhelemeter-server
spec:
clusterIP: None
ports:
- name: external
port: 8443
targetPort: external
- name: internal
port: 8081
targetPort: internal
selector:
k8s-app: rhelemeter-server
- apiVersion: v1
kind: ServiceAccount
metadata:
name: rhelemeter-server
- apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
endpoint: metrics
k8s-app: rhelemeter-server
prometheus: app-sre
name: rhelemeter-server
spec:
endpoints:
- interval: 60s
port: internal
scheme: https
tlsConfig:
insecureSkipVerify: true
jobLabel: k8s-app
namespaceSelector:
matchNames:
- ${NAMESPACE}
selector:
matchLabels:
k8s-app: rhelemeter-server
parameters:
- name: NAMESPACE
value: rhelemeter
- name: IMAGE_TAG
value: "5923762"
- name: IMAGE
value: quay.io/app-sre/telemeter
- name: REPLICAS
value: "2"
- name: RHELEMETER_TENANT_ID
value: rhel
- name: RHELEMETER_FORWARD_URL
value: ""
- name: RHELEMETER_OIDC_ISSUER
value: https://sso.redhat.com/auth/realms/redhat-external
- name: RHELEMETER_CLIENT_ID
value: ""
- name: RHELEMETER_CLIENT_SECRET
value: ""
- name: RHELEMETER_CLIENT_INFO_PSK
value: ""
- name: RHELEMETER_LOG_LEVEL
value: warn
- name: RHELEMETER_SERVER_CPU_LIMIT
value: "1"
- name: RHELEMETER_SERVER_CPU_REQUEST
value: 100m
- name: RHELEMETER_SERVER_MEMORY_LIMIT
value: 1Gi
- name: RHELEMETER_SERVER_MEMORY_REQUEST
value: 500Mi