From 3a7b13b1a4b850b52a282ddd2473686a605c5ada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20T=C3=B3th?= Date: Wed, 1 Nov 2023 13:57:08 +0100 Subject: [PATCH] Helm chart container image related parameters modified. * image url * image pull secret * image pull policy --- charts/logan/README.md | 4 ++-- charts/logan/templates/fluentd-daemonset.yaml | 7 ++----- charts/logan/templates/fluentd-deployment.yaml | 7 ++----- charts/logan/values.yaml | 6 +++--- charts/mgmt-agent/README.md | 5 +++-- .../mgmt-agent/templates/mgmt-agent-secrets.yaml | 14 -------------- .../templates/mgmt-agent-statefulset.yaml | 3 ++- charts/mgmt-agent/values.yaml | 7 ++++--- charts/oci-onm/README.md | 2 +- charts/oci-onm/values.yaml | 5 ++++- .../logs-collection/fluentd-daemonset.yaml | 7 ++----- .../objects-collection/fluentd-deployment.yaml | 7 ++----- terraform/modules/helm/helm.tf | 4 ++-- 13 files changed, 29 insertions(+), 49 deletions(-) diff --git a/charts/logan/README.md b/charts/logan/README.md index 6e1d6f3b..c8e72aa0 100644 --- a/charts/logan/README.md +++ b/charts/logan/README.md @@ -58,8 +58,8 @@ Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Object | fluentd.tailPlugin | object | `{"flushInterval":60,"readFromHead":true}` | Config for Logs Collection using fluentd tail plugin | | global.namespace | string | `"oci-onm"` | Kubernetes Namespace for creating monitoring resources. Ignored if oci-kubernetes-monitoring-common.createNamespace set to false. | | global.resourceNamePrefix | string | `"oci-onm"` | Resource names prefix used, where allowed. | -| image.imagePullPolicy | string | `"Always"` | Image pull policy | -| image.imagePullSecrets | string | `nil` | | +| image.imagePullPolicy | string | `"Always"` | Container image pull policy. | +| image.imagePullSecret | string | `nil` | Image pull secret name to use for pulling container image | | image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0"` | Replace this value with actual docker image url | | kubernetesClusterID | string | `nil` | OKE Cluster OCID e.g. ocid1.cluster.oc1.phx.aaaaaaaahhbadf3rxa62faaeixanvr7vftmkg6hupycbf4qszctf2wbmqqxq | | kubernetesClusterName | string | `nil` | Kubernetes Cluster name. Need not be the OKE Cluster display name. e.g. production-cluster | diff --git a/charts/logan/templates/fluentd-daemonset.yaml b/charts/logan/templates/fluentd-daemonset.yaml index 276f2d04..f01dc268 100644 --- a/charts/logan/templates/fluentd-daemonset.yaml +++ b/charts/logan/templates/fluentd-daemonset.yaml @@ -3,7 +3,6 @@ --- {{- $authtype := .Values.authtype | lower }} -{{- $imagePullSecrets := .Values.image.imagePullSecrets }} {{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }} apiVersion: apps/v1 kind: DaemonSet @@ -33,14 +32,12 @@ spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - {{- if $imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.imagePullSecrets }} - {{- end}} + - name: {{ .Values.image.imagePullSecret }} containers: - name: {{ $resourceNamePrefix }}-fluentd image: {{ .Values.image.url }} - imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.image.imagePullPolicy }} env: - name: FLUENTD_CONF value: {{ .Values.fluentd.path }}/{{ .Values.fluentd.file }} diff --git a/charts/logan/templates/fluentd-deployment.yaml b/charts/logan/templates/fluentd-deployment.yaml index d9d5c38d..a244379c 100644 --- a/charts/logan/templates/fluentd-deployment.yaml +++ b/charts/logan/templates/fluentd-deployment.yaml @@ -3,7 +3,6 @@ --- {{- $authtype := .Values.authtype | lower }} -{{- $imagePullSecrets := .Values.image.imagePullSecrets }} {{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }} apiVersion: apps/v1 kind: Deployment @@ -30,14 +29,12 @@ spec: version: v1 spec: serviceAccountName: {{ include "logan.serviceAccount" . }} - {{- if $imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.imagePullSecrets }} - {{- end}} + - name: {{ .Values.image.imagePullSecret }} containers: - name: {{ $resourceNamePrefix }}-fluentd image: {{ .Values.image.url }} - imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.image.imagePullPolicy }} env: - name: FLUENTD_CONF value: {{ .Values.fluentd.path }}/{{ .Values.fluentd.file }} diff --git a/charts/logan/values.yaml b/charts/logan/values.yaml index 0561df70..63e3cb85 100644 --- a/charts/logan/values.yaml +++ b/charts/logan/values.yaml @@ -45,12 +45,12 @@ resourceNamePrefix: "{{ .Values.global.resourceNamePrefix }}" # -- Kubernetes ServiceAccount serviceAccount: "{{ .Values.global.resourceNamePrefix }}" image: - # Image pull secrets for. Secret must be in the namespace defined by namespace - imagePullSecrets: # -- Replace this value with actual docker image url url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0 + # Image pull secrets for. Secret must be in the namespace defined by namespace + imagePullSecret: "" # -- Image pull policy - imagePullPolicy: Always + imagePullPolicy: IfNotPresent # -- Logging Analytics namespace. Can be found in OCI console --> Logging Analytics --> Administration --> Service ociLANamespace: diff --git a/charts/mgmt-agent/README.md b/charts/mgmt-agent/README.md index bb1e6ee0..c7fdae54 100644 --- a/charts/mgmt-agent/README.md +++ b/charts/mgmt-agent/README.md @@ -20,8 +20,9 @@ A Helm chart for collecting Kubernetes Metrics using OCI Management Agent into O | kubernetesCluster.compartmentId | string | `nil` | OCI Compartment Id to push Kubernetes Monitoring metrics. If not specified default is same as Agent compartment | | kubernetesCluster.name | string | `nil` | Kubernetes cluster name | | kubernetesCluster.namespace | string | `"*"` | Kubernetes cluster namespace(s) to monitor. This can be a comma-separated list of namespaces or '*' to monitor all the namespaces | -| mgmtagent.image.secret | string | `nil` | Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file) | -| mgmtagent.image.url | string | `nil` | Replace this value with actual docker image URL for Management Agent | +| mgmtagent.image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-management-agent:1.0.0"` | Replace this value with actual docker image URL for Management Agent | +| mgmtagent.image.imagePullPolicy | string | `IfNotPresent` | Container image pull policy. | +| mgmtagent.image.imagePullSecret | string | `""` | Image pull secret name to use for pulling container image | | mgmtagent.installKey | string | `"resources/input.rsp"` | Copy the downloaded Management Agent Install Key file under root helm directory as resources/input.rsp | | mgmtagent.installKeyFileContent | string | `nil` | Provide the base64 encoded content of the Management Agent Install Key file | | namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes namespace to create and install this helm chart in | diff --git a/charts/mgmt-agent/templates/mgmt-agent-secrets.yaml b/charts/mgmt-agent/templates/mgmt-agent-secrets.yaml index b8545b9d..cdeb08aa 100644 --- a/charts/mgmt-agent/templates/mgmt-agent-secrets.yaml +++ b/charts/mgmt-agent/templates/mgmt-agent-secrets.yaml @@ -14,17 +14,3 @@ data: {{ else }} {{ .Files.Get .Values.mgmtagent.installKey | b64enc }} {{- end }} - ---- -{{- if .Values.mgmtagent.image.secret }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-container-registry-key - namespace: {{ include "mgmt-agent.namespace" . }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: | - {{ .Values.mgmtagent.image.secret }} -{{- end }} diff --git a/charts/mgmt-agent/templates/mgmt-agent-statefulset.yaml b/charts/mgmt-agent/templates/mgmt-agent-statefulset.yaml index 239c5f9b..b26e4b9d 100644 --- a/charts/mgmt-agent/templates/mgmt-agent-statefulset.yaml +++ b/charts/mgmt-agent/templates/mgmt-agent-statefulset.yaml @@ -25,10 +25,11 @@ spec: fsGroup: {{ default 0 .Values.deployment.security.fsGroup }} serviceAccountName: {{ include "mgmt-agent.serviceAccount" . }} imagePullSecrets: - - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-container-registry-key + - name: {{ .Values.mgmtagent.image.imagePullSecret }} restartPolicy: Always containers: - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent + imagePullPolicy: {{ .Values.mgmtagent.image.imagePullPolicy }} image: {{ .Values.mgmtagent.image.url }} resources: requests: diff --git a/charts/mgmt-agent/values.yaml b/charts/mgmt-agent/values.yaml index 56b5c372..d92cd472 100644 --- a/charts/mgmt-agent/values.yaml +++ b/charts/mgmt-agent/values.yaml @@ -29,9 +29,10 @@ mgmtagent: # Follow steps documented at https://github.com/oracle/docker-images/tree/main/OracleManagementAgent to build docker image. image: # -- Replace this value with actual docker image URL for Management Agent - url: + url: container-registry.oracle.com/oci_observability_management/oci-management-agent:1.0.0 # -- Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file) - secret: + imagePullSecret: "" + imagePullPolicy: IfNotPresent # -- Kubernetes namespace to create and install this helm chart in namespace: "{{ .Values.global.namespace }}" @@ -76,6 +77,6 @@ deployment: cpuCore: 500m # specify the memory memory: 1Gi - + # Provide the storage class for StatefulSet's PVC. If not provided then the Cluster's default storage class will be used. storageClass: diff --git a/charts/oci-onm/README.md b/charts/oci-onm/README.md index 8184698c..5019cf50 100644 --- a/charts/oci-onm/README.md +++ b/charts/oci-onm/README.md @@ -34,7 +34,7 @@ Helm chart for collecting Kubernetes logs & objects and metrics using Fluentd an | oci-onm-logan.ociLANamespace | string | `nil` | | | oci-onm-logan.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | | | oci-onm-mgmt-agent.kubernetesCluster.name | string | `"{{ .Values.global.kubernetesClusterName }}"` | | -| oci-onm-mgmt-agent.mgmtagent.image.secret | string | `nil` | | +| oci-onm-mgmt-agent.mgmtagent.image.imagePullSecret | string | `nil` | | | oci-onm-mgmt-agent.mgmtagent.image.url | string | `nil` | | | oci-onm-mgmt-agent.mgmtagent.installKey | string | `"resources/input.rsp"` | | | oci-onm-mgmt-agent.mgmtagent.installKeyFileContent | string | `nil` | | diff --git a/charts/oci-onm/values.yaml b/charts/oci-onm/values.yaml index dcd56c10..737ae4ca 100644 --- a/charts/oci-onm/values.yaml +++ b/charts/oci-onm/values.yaml @@ -32,6 +32,8 @@ oci-onm-logan: kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}" image: url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0 + imagePullSecret: + imagePullPolicy: IfNotPresent # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value. ociLANamespace: # OCI Logging Analytics Default Log Group OCID @@ -52,4 +54,5 @@ oci-onm-mgmt-agent: # Replace this value with actual docker image URL for Management Agent url: container-registry.oracle.com/oci_observability_management/oci-management-agent:1.0.0 # Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file) - secret: \ No newline at end of file + imagePullSecret: + imagePullPolicy: IfNotPresent diff --git a/logan/kubernetes-resources/logs-collection/fluentd-daemonset.yaml b/logan/kubernetes-resources/logs-collection/fluentd-daemonset.yaml index dcf20a2b..00ac4fbd 100644 --- a/logan/kubernetes-resources/logs-collection/fluentd-daemonset.yaml +++ b/logan/kubernetes-resources/logs-collection/fluentd-daemonset.yaml @@ -61,11 +61,8 @@ spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - ## Uncomment the following section if a secret is associated to pull the image - #imagePullSecrets: - # Replace this value with actual image pull secrets. - # Make sure the secret is in the same namespace as defined above. - #- name: + imagePullSecrets: + - name: {{ .Values.image.imagePullSecret }} containers: - name: oci-la-fluentd-logs # Replace this value with actual docker image url diff --git a/logan/kubernetes-resources/objects-collection/fluentd-deployment.yaml b/logan/kubernetes-resources/objects-collection/fluentd-deployment.yaml index 57dfdc9d..94fcb995 100644 --- a/logan/kubernetes-resources/objects-collection/fluentd-deployment.yaml +++ b/logan/kubernetes-resources/objects-collection/fluentd-deployment.yaml @@ -68,11 +68,8 @@ spec: version: v1 spec: serviceAccountName: oci-la-fluentd-serviceaccount - ## Uncomment the following section if a secret is associated to pull the image - #imagePullSecrets: - # Replace this value with actual image pull secrets. - # Make sure the secret is in the same namespace as defined above. - #- name: + imagePullSecrets: + - name: {{ .Values.image.imagePullSecret }} containers: - name: oci-la-fluentd-objects # Replace this value with actual docker image url diff --git a/terraform/modules/helm/helm.tf b/terraform/modules/helm/helm.tf index 9d63d28e..eec32893 100644 --- a/terraform/modules/helm/helm.tf +++ b/terraform/modules/helm/helm.tf @@ -18,12 +18,12 @@ locals { # oci-onm-logan "oci-onm-logan.ociLANamespace" = var.oci_la_namespace "oci-onm-logan.ociLALogGroupID" = var.oci_la_logGroup_id - "oci-onm-logan.image.url" = var.logan_container_image_url + "oci-onm-logan.image.url" = var.logan_container_image_url "oci-onm-logan.fluentd.baseDir" = var.fluentd_baseDir_path #oci-onm-mgmt-agent "oci-onm-mgmt-agent.mgmtagent.installKeyFileContent" = var.mgmt_agent_install_key_content - "oci-onm-mgmt-agent.mgmtagent.image.url" = var.mgmt_agent_container_image_url + "oci-onm-mgmt-agent.mgmtagent.image.url" = var.mgmt_agent_container_image_url "oci-onm-mgmt-agent.deployMetricServer" = var.opt_deploy_metric_server }