Traefik/mesh
1
0
Fork 0
mirror of https://github.com/traefik/mesh.git synced 2026-05-02 18:32:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial cleanup from Popeye (#173)

Browse Source
This commit is contained in:
Daniel Tomcej
2019-08-07 00:47:00 -06:00
committed by Michael
parent 9a3ddb159e
commit a9d84d1a82
23 changed files with 410 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+4
View File
@@ -36,6 +36,10 @@ To deploy the helm chart, run:
`helm install helm/chart/maesh --namespace maesh --set image.pullPolicy=IfNotPresent --set image.tag=latest`
Note: The chart uses the `local-path` provisioner for k3s, but you can override that using:
`helm install helm/chart/maesh --namespace maesh --set image.pullPolicy=IfNotPresent --set image.tag=latest --set metrics.storageClass=hostpath`
## Usage
To use maesh, instead of referencing services via their normal `<servicename>.<namespace>`, instead use `<servicename>.<namespace>.maesh`.
helm/chart/maesh/charts/metrics/templates/grafana-pdb.yaml
+16
View File
@@ -0,0 +1,16 @@
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: grafana
labels:
app: {{ .Release.Name | quote }}
chart: {{ include "maesh.chartLabel" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
minAvailable: 1
selector:
matchLabels:
app: grafana
component: core
helm/chart/maesh/charts/metrics/templates/grafana.yaml
+14 -6
View File
@@ -18,13 +18,19 @@ spec:
app: grafana
component: core
spec:
serviceAccountName: grafana-k8s
automountServiceAccountToken: false
securityContext:
runAsNonRoot: true
runAsUser: 472
fsGroup: 472
containers:
- image: {{ .Values.image.grafana | quote }}
name: grafana-core
imagePullPolicy: IfNotPresent
ports:
- name: web
containerPort: 3000
resources:
limits:
cpu: 100m
@@ -32,13 +38,15 @@ spec:
requests:
cpu: 100m
memory: 100Mi
# env:
# - name: GF_PATHS_CONFIG
# value: /var/grafana/grafana.ini
readinessProbe:
httpGet:
path: /login
port: 3000
port: web
livenessProbe:
tcpSocket:
port: web
initialDelaySeconds: 5
periodSeconds: 10
volumeMounts:
- name: metrics-storage
mountPath: /var/lib/grafana
@@ -145,8 +153,8 @@ spec:
ports:
- port: 3000
selector:
app: {{ .Release.Name | quote }}
component: grafana
app: grafana
component: core
---
{{- $files := .Files }}
helm/chart/maesh/charts/metrics/templates/prometheus-pdb.yaml
+16
View File
@@ -0,0 +1,16 @@
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: prometheus
labels:
app: {{ .Release.Name | quote }}
chart: {{ include "maesh.chartLabel" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
minAvailable: 1
selector:
matchLabels:
app: prometheus
component: core
helm/chart/maesh/charts/metrics/templates/prometheus.yaml
+12 -2
View File
@@ -86,6 +86,7 @@ spec:
component: core
spec:
serviceAccountName: prometheus-k8s
automountServiceAccountToken: true
securityContext:
fsGroup: 2000
runAsUser: 1000
@@ -101,6 +102,15 @@ spec:
ports:
- name: webui
containerPort: 9090
readinessProbe:
httpGet:
path: "/"
port: webui
initialDelaySeconds: 5
livenessProbe:
tcpSocket:
port: webui
initialDelaySeconds: 5
resources:
requests:
cpu: 500m
@@ -168,5 +178,5 @@ spec:
protocol: TCP
name: webui
selector:
app: {{ .Release.Name | quote }}
component: prometheus
app: prometheus
component: core
helm/chart/maesh/charts/metrics/templates/rbac.yaml
+11
View File
@@ -54,3 +54,14 @@ metadata:
chart: {{ include "maesh.chartLabel" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: grafana-k8s
namespace: {{ .Release.Namespace }}
labels:
chart: {{ include "maesh.chartLabel" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
helm/chart/maesh/charts/metrics/templates/storage.yaml
+2 -2
View File
@@ -14,7 +14,7 @@ spec:
resources:
requests:
storage: 10Gi
storageClassName: local-path
storageClassName: {{ .Values.storageClass }}
---
apiVersion: v1
@@ -32,4 +32,4 @@ spec:
resources:
requests:
storage: 10Gi
storageClassName: local-path
storageClassName: {{ .Values.storageClass }}
helm/chart/maesh/charts/metrics/values.yaml
+1
View File
@@ -1,3 +1,4 @@
image:
prometheus: prom/prometheus:v2.11.1
grafana: grafana/grafana:6.2.5
storageClass: local-path
helm/chart/maesh/charts/tracing/templates/jaeger-deployment.yaml
+93
View File
@@ -0,0 +1,93 @@
#
# Copyright 2017-2019 The Jaeger Authors
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# in compliance with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
# or implied. See the License for the specific language governing permissions and limitations under
# the License.
#
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jaeger
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "16686"
spec:
serviceAccountName: jaeger
automountServiceAccountToken: false
securityContext:
runAsNonRoot: true
runAsUser: 999
containers:
- env:
- name: COLLECTOR_ZIPKIN_HTTP_PORT
value: "9411"
image: {{ .Values.image.jaeger | quote }}
name: jaeger
ports:
- containerPort: 5775
protocol: UDP
name: thrift-legacy
- containerPort: 6831
protocol: UDP
name: compact-thrift
- containerPort: 6832
protocol: UDP
name: binary-thrift
- containerPort: 5778
protocol: TCP
name: serve-configs
- containerPort: 9411
protocol: TCP
name: collector-zip
- containerPort: 14267
protocol: TCP
name: collector-tch
- containerPort: 14268
protocol: TCP
name: collector-http
- containerPort: 14269
protocol: TCP
name: readiness
- containerPort: 16686
protocol: TCP
name: serve-frontend
readinessProbe:
httpGet:
path: "/"
port: readiness
initialDelaySeconds: 5
livenessProbe:
tcpSocket:
port: readiness
initialDelaySeconds: 5
resources:
requests:
memory: "50Mi"
cpu: "100m"
limits:
memory: "100Mi"
cpu: "200m"
helm/chart/maesh/charts/tracing/templates/jaeger-pdb.yaml
+17
View File
@@ -0,0 +1,17 @@
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: jaeger
labels:
app: {{ .Release.Name | quote }}
chart: {{ include "maesh.chartLabel" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
minAvailable: 1
selector:
matchLabels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
helm/chart/maesh/charts/tracing/templates/jaeger-sa.yaml
+13
View File
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jaeger
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name | quote}}
chart: {{ include "maesh.chartLabel" . | quote}}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
automountServiceAccountToken: false
helm/chart/maesh/charts/tracing/templates/jaeger-services.yaml
+103
View File
@@ -0,0 +1,103 @@
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-query
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: query
spec:
ports:
- name: query-http
protocol: TCP
port: 16686
targetPort: serve-frontend
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: collector
spec:
ports:
- name: jaeger-collector-tchannel
port: 14267
protocol: TCP
targetPort: collector-tch
- name: jaeger-collector-http
port: 14268
protocol: TCP
targetPort: collector-http
- name: jaeger-collector-zipkin
port: 9411
protocol: TCP
targetPort: collector-zip
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-agent
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: agent
spec:
ports:
- name: agent-zipkin-thrift
port: 5775
protocol: UDP
targetPort: thrift-legacy
- name: agent-compact
port: 6831
protocol: UDP
targetPort: compact-thrift
- name: agent-binary
port: 6832
protocol: UDP
targetPort: binary-thrift
- name: agent-configs
port: 5778
protocol: TCP
targetPort: serve-configs
clusterIP: None
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
---
apiVersion: v1
kind: Service
metadata:
name: zipkin
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: zipkin
spec:
ports:
- name: jaeger-collector-zipkin
port: 9411
protocol: TCP
targetPort: collector-zip
clusterIP: None
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
helm/chart/maesh/charts/tracing/templates/jaeger.yaml
-165
View File
@@ -1,165 +0,0 @@
#
# Copyright 2017-2019 The Jaeger Authors
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# in compliance with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
# or implied. See the License for the specific language governing permissions and limitations under
# the License.
#
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jaeger
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "16686"
spec:
containers:
- env:
- name: COLLECTOR_ZIPKIN_HTTP_PORT
value: "9411"
image: {{ .Values.image.jaeger | quote }}
name: jaeger
ports:
- containerPort: 5775
protocol: UDP
- containerPort: 6831
protocol: UDP
- containerPort: 6832
protocol: UDP
- containerPort: 5778
protocol: TCP
- containerPort: 16686
protocol: TCP
- containerPort: 9411
protocol: TCP
readinessProbe:
httpGet:
path: "/"
port: 14269
initialDelaySeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-query
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: query
spec:
ports:
- name: query-http
protocol: TCP
port: 16686
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: collector
spec:
ports:
- name: jaeger-collector-tchannel
port: 14267
protocol: TCP
targetPort: 14267
- name: jaeger-collector-http
port: 14268
protocol: TCP
targetPort: 14268
- name: jaeger-collector-zipkin
port: 9411
protocol: TCP
targetPort: 9411
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-agent
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: agent
spec:
ports:
- name: agent-zipkin-thrift
port: 5775
protocol: UDP
targetPort: 5775
- name: agent-compact
port: 6831
protocol: UDP
targetPort: 6831
- name: agent-binary
port: 6832
protocol: UDP
targetPort: 6832
- name: agent-configs
port: 5778
protocol: TCP
targetPort: 5778
clusterIP: None
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
---
apiVersion: v1
kind: Service
metadata:
name: zipkin
namespace: {{ .Release.Namespace }}
labels:
app: jaeger
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: zipkin
spec:
ports:
- name: jaeger-collector-zipkin
port: 9411
protocol: TCP
targetPort: 9411
clusterIP: None
selector:
app.kubernetes.io/name: jaeger
app.kubernetes.io/component: all-in-one
helm/chart/maesh/templates/controller/controller-deployment.yaml
+11 -6
View File
@@ -26,6 +26,10 @@ spec:
prometheus.io/port: "4646"
spec:
serviceAccountName: maesh-controller
automountServiceAccountToken: true
securityContext:
runAsNonRoot: true
runAsUser: 999
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
@@ -66,9 +70,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
resources:
requests:
memory: "50Mi"
cpu: "100m"
limits:
memory: "100Mi"
cpu: "200m"
helm/chart/maesh/templates/controller/controller-pdb.yaml
+17
View File
@@ -0,0 +1,17 @@
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: maesh-controller
labels:
app: {{ .Release.Name | quote }}
chart: {{ include "maesh.chartLabel" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
minAvailable: 1
selector:
matchLabels:
app: {{ .Release.Name | quote }}
component: controller
release: {{ .Release.Name | quote }}
helm/chart/maesh/templates/controller/controller-rbac.yaml
-11
View File
@@ -1,15 +1,4 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: maesh-controller
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name | quote}}
chart: {{ include "maesh.chartLabel" . | quote}}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
helm/chart/maesh/templates/controller/controller-sa.yaml
+11
View File
@@ -0,0 +1,11 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: maesh-controller
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name | quote}}
chart: {{ include "maesh.chartLabel" . | quote}}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
helm/chart/maesh/templates/mesh/mesh-daemonset.yaml
+31 -7
View File
@@ -22,6 +22,10 @@ spec:
release: {{ .Release.Name | quote }}
spec:
serviceAccountName: maesh-mesh
automountServiceAccountToken: false
securityContext:
runAsNonRoot: true
runAsUser: 999
terminationGracePeriodSeconds: 30
{{- if .Values.tracing.enabled }}
initContainers:
@@ -29,6 +33,13 @@ spec:
image: groundnuty/k8s-wait-for:v1.2
imagePullPolicy: Always
args: ["service", "-lapp.kubernetes.io/name=jaeger-agent"]
resources:
requests:
memory: "10Mi"
cpu: "50m"
limits:
memory: "20Mi"
cpu: "100m"
{{- end }}
{{- if .Values.image.pullSecret }}
imagePullSecrets:
@@ -58,15 +69,28 @@ spec:
{{- if .Values.metrics.enabled }}
- "--metrics.prometheus"
{{- end }}
ports:
- name: readiness
containerPort: 1081
- name: liveness
containerPort: 10000
- name: api
containerPort: 8080
readinessProbe:
httpGet:
path: /ping
port: 1081
port: readiness
initialDelaySeconds: 3
periodSeconds: 1
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
livenessProbe:
tcpSocket:
port: liveness
initialDelaySeconds: 3
periodSeconds: 1
resources:
requests:
memory: "50Mi"
cpu: "100m"
limits:
memory: "100Mi"
cpu: "200m"
helm/chart/maesh/templates/mesh/mesh-pdb.yaml
+17
View File
@@ -0,0 +1,17 @@
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: maesh-mesh
labels:
app: {{ .Release.Name | quote }}
chart: {{ include "maesh.chartLabel" . | quote }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
maxUnavailable: 1
selector:
matchLabels:
app: {{ .Release.Name | quote }}
component: maesh-mesh
release: {{ .Release.Name | quote }}
helm/chart/maesh/templates/mesh/mesh-rbac.yaml
-61
View File
@@ -1,61 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: maesh-mesh
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name | quote}}
chart: {{ include "maesh.chartLabel" . | quote}}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: maesh-mesh-role
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name | quote}}
chart: {{ include "maesh.chartLabel" . | quote}}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- namespaces
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: maesh-mesh
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name | quote}}
chart: {{ include "maesh.chartLabel" . | quote}}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: maesh-mesh-role
subjects:
- kind: ServiceAccount
name: maesh-mesh
namespace: {{ .Release.Namespace }}
helm/chart/maesh/templates/mesh/mesh-sa.yaml
+13
View File
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: maesh-mesh
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name | quote}}
chart: {{ include "maesh.chartLabel" . | quote}}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
automountServiceAccountToken: false
helm/chart/maesh/templates/mesh/mesh-service.yaml
+1
View File
@@ -10,5 +10,6 @@ spec:
ports:
- port: 8080
name: mesh-api
targetPort: api
selector:
component: maesh-mesh
spinach.yaml
+7
View File
@@ -0,0 +1,7 @@
# Severities: Ok: 0, Info: 1, Warn: 2, Error: 3
popeye:
codes:
301:
severity: 1 # Set severity level to Info if pod needs to connect to the API.
302:
severity: 1 # Set severity level to Info if pod needs to run as root.