From 22ebf743884858441150813c18ba0751771e0eed Mon Sep 17 00:00:00 2001 From: Chandru Date: Wed, 2 Jun 2021 17:16:37 +0530 Subject: [PATCH] Issue-ID: RICAPP-169 - Inclusion of InfluxDB helm chart for KPIMON, AD, TS, QP xApps Added 3rdparty influxdb templates Signed-off-by: Chandru Change-Id: Ifec3ad83c405ffeea8f413019ee7adbfa38cb0bf --- helm/3rdparty/influxdb/.helmignore | 21 ++ helm/3rdparty/influxdb/Chart.yaml | 23 ++ helm/3rdparty/influxdb/LICENSE | 21 ++ helm/3rdparty/influxdb/OWNERS | 10 + helm/3rdparty/influxdb/README.md | 328 ++++++++++++++++++++ .../influxdb/files/backup-retention-script.sh | 66 ++++ helm/3rdparty/influxdb/templates/NOTES.txt | 42 +++ helm/3rdparty/influxdb/templates/_helpers.tpl | 63 ++++ .../influxdb/templates/backup-cronjob.yaml | 156 ++++++++++ helm/3rdparty/influxdb/templates/backup-pvc.yaml | 21 ++ .../templates/backup-retention-configmap.yaml | 11 + .../templates/backup-retention-cronjob.yaml | 75 +++++ helm/3rdparty/influxdb/templates/configmap.yaml | 184 +++++++++++ helm/3rdparty/influxdb/templates/ingress.yaml | 28 ++ helm/3rdparty/influxdb/templates/init-config.yaml | 10 + .../influxdb/templates/meta-configmap.yaml | 35 +++ helm/3rdparty/influxdb/templates/meta-service.yaml | 25 ++ .../influxdb/templates/meta-statefulset.yaml | 132 ++++++++ .../influxdb/templates/post-install-set-auth.yaml | 49 +++ helm/3rdparty/influxdb/templates/secret.yaml | 17 ++ helm/3rdparty/influxdb/templates/service.yaml | 53 ++++ .../influxdb/templates/serviceaccount.yaml | 12 + helm/3rdparty/influxdb/templates/statefulset.yaml | 180 +++++++++++ helm/3rdparty/influxdb/values.yaml | 337 +++++++++++++++++++++ helm/influxdb | 1 + 25 files changed, 1900 insertions(+) create mode 100644 helm/3rdparty/influxdb/.helmignore create mode 100644 helm/3rdparty/influxdb/Chart.yaml create mode 100644 helm/3rdparty/influxdb/LICENSE create mode 100644 helm/3rdparty/influxdb/OWNERS create mode 100644 helm/3rdparty/influxdb/README.md create mode 100644 helm/3rdparty/influxdb/files/backup-retention-script.sh create mode 100644 helm/3rdparty/influxdb/templates/NOTES.txt create mode 100644 helm/3rdparty/influxdb/templates/_helpers.tpl create mode 100644 helm/3rdparty/influxdb/templates/backup-cronjob.yaml create mode 100644 helm/3rdparty/influxdb/templates/backup-pvc.yaml create mode 100644 helm/3rdparty/influxdb/templates/backup-retention-configmap.yaml create mode 100644 helm/3rdparty/influxdb/templates/backup-retention-cronjob.yaml create mode 100644 helm/3rdparty/influxdb/templates/configmap.yaml create mode 100644 helm/3rdparty/influxdb/templates/ingress.yaml create mode 100644 helm/3rdparty/influxdb/templates/init-config.yaml create mode 100644 helm/3rdparty/influxdb/templates/meta-configmap.yaml create mode 100644 helm/3rdparty/influxdb/templates/meta-service.yaml create mode 100644 helm/3rdparty/influxdb/templates/meta-statefulset.yaml create mode 100644 helm/3rdparty/influxdb/templates/post-install-set-auth.yaml create mode 100644 helm/3rdparty/influxdb/templates/secret.yaml create mode 100644 helm/3rdparty/influxdb/templates/service.yaml create mode 100644 helm/3rdparty/influxdb/templates/serviceaccount.yaml create mode 100644 helm/3rdparty/influxdb/templates/statefulset.yaml create mode 100644 helm/3rdparty/influxdb/values.yaml create mode 120000 helm/influxdb diff --git a/helm/3rdparty/influxdb/.helmignore b/helm/3rdparty/influxdb/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/helm/3rdparty/influxdb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/3rdparty/influxdb/Chart.yaml b/helm/3rdparty/influxdb/Chart.yaml new file mode 100644 index 0000000..59d0e18 --- /dev/null +++ b/helm/3rdparty/influxdb/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +name: influxdb +version: 4.9.14 +appVersion: 1.8.4 +description: Scalable datastore for metrics, events, and real-time analytics. +keywords: + - influxdb + - database + - timeseries + - influxdata +home: https://www.influxdata.com/time-series-platform/influxdb/ +sources: + - https://github.com/influxdata/influxdb +maintainers: + - name: rawkode + email: rawkode@influxdata.com + - name: gitirabassi + email: giacomo@influxdata.com + - name: aisuko + email: urakiny@gmail.com + - name: naseemkullah + email: naseem@transit.app +engine: gotpl diff --git a/helm/3rdparty/influxdb/LICENSE b/helm/3rdparty/influxdb/LICENSE new file mode 100644 index 0000000..4012a86 --- /dev/null +++ b/helm/3rdparty/influxdb/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 InfluxData + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/helm/3rdparty/influxdb/OWNERS b/helm/3rdparty/influxdb/OWNERS new file mode 100644 index 0000000..926c046 --- /dev/null +++ b/helm/3rdparty/influxdb/OWNERS @@ -0,0 +1,10 @@ +approvers: +- rawkode +- gitirabassi +- aisuko +- naseemkullah +reviewers: +- rawkode +- gitirabassi +- aisuko +- naseemkullah diff --git a/helm/3rdparty/influxdb/README.md b/helm/3rdparty/influxdb/README.md new file mode 100644 index 0000000..5cb0f22 --- /dev/null +++ b/helm/3rdparty/influxdb/README.md @@ -0,0 +1,328 @@ +# InfluxDB Helm chart + +[InfluxDB](https://github.com/influxdata/influxdb) is an open source time series database with no external dependencies. It's useful for recording metrics, events, and performing analytics. + +The InfluxDB Helm chart uses the [Helm](https://helm.sh) package manager to bootstrap an InfluxDB StatefulSet and service on a [Kubernetes](http://kubernetes.io) cluster. + +> **Note:** ### If you're using the InfluxDB Enterprise Helm chart, check out [InfluxDB Enterprise Helm chart](#influxdb-enterprise-helm-chart). + +## Prerequisites + +- Helm v2 or later +- Kubernetes 1.4+ +- (Optional) PersistentVolume (PV) provisioner support in the underlying infrastructure + +## Install the chart + +1. Add the InfluxData Helm repository: + + ```bash + helm repo add influxdata https://helm.influxdata.com/ + ``` + +2. Run the following command, providing a name for your release: + + ```bash + helm upgrade --install my-release influxdata/influxdb + ``` + + > **Tip**: `--install` can be shortened to `-i`. + + This command deploys InfluxDB on the Kubernetes cluster using the default configuration. To find parameters you can configure during installation, see [Configure the chart](#configure-the-chart). + + > **Tip**: To view all Helm chart releases, run `helm list`. + +## Uninstall the chart + +To uninstall the `my-release` deployment, use the following command: + +```bash +helm uninstall my-release +``` + +This command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configure the chart + +The following table lists configurable parameters, their descriptions, and their default values stored in `values.yaml`. + +| Parameter | Description | Default | +|---|---|---| +| image.repository | Image repository url | influxdb | +| image.tag | Image tag | 1.8.0-alpine | +| image.pullPolicy | Image pull policy | IfNotPresent | +| image.pullSecrets | It will store the repository's credentials to pull image | nil | +| serviceAccount.create | It will create service account | true | +| serviceAccount.name | Service account name | "" | +| serviceAccount.annotations | Service account annotations | {} | +| livenessProbe | Health check for pod | {} | +| readinessProbe | Health check for pod | {} | +| startupProbe | Health check for pod | {} | +| service.type | Kubernetes service type | ClusterIP | +| service.loadBalancerIP | A user-specified IP address for service type LoadBalancer to use as External IP (if supported) | nil | +| service.externalIPs | A user-specified list of externalIPs to add to the service | nil | +| service.externalTrafficPolicy | A user specified external traffic policy | nil | +| persistence.enabled | Boolean to enable and disable persistance | true | +| persistence.existingClaim | An existing PersistentVolumeClaim, ignored if enterprise.enabled=true | nil | +| persistence.storageClass | If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack | | +| persistence.annotations | Annotations for volumeClaimTemplates | nil | +| persistence.accessMode | Access mode for the volume | ReadWriteOnce | +| persistence.size | Storage size | 8Gi | +| podAnnotations | Annotations for pod | {} | +| podLabels | Labels for pod | {} | +| ingress.enabled | Boolean flag to enable or disable ingress | false | +| ingress.tls | Boolean to enable or disable tls for ingress. If enabled provide a secret in `ingress.secretName` containing TLS private key and certificate. | false | +| ingress.secretName | Kubernetes secret containing TLS private key and certificate. It is `only` required if `ingress.tls` is enabled. | nil | +| ingress.hostname | Hostname for the ingress | influxdb.foobar.com | +| ingress.annotations | ingress annotations | nil | +| schedulerName | Use an [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/), e.g. "stork". | nil | +| nodeSelector | Node labels for pod assignment | {} | +| affinity | [Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) for pod assignment | {| +| tolerations | [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) for pod assignment | [] | +| securityContext | [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pod | {} | +| env | environment variables for influxdb container | {} | +| volumes | `volumes` stanza(s) to be used in the main container | nil | +| mountPoints | `volumeMount` stanza(s) to be used in the main container | nil | +| extraContainers | Additional containers to be added to the pod | {} | +| config.reporting_disabled | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#reporting-disabled-false) | false | +| config.rpc | RPC address for backup and storage | {} | +| config.meta | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#meta) | {} | +| config.data | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#data) | {} | +| config.coordinator | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#coordinator) | {} | +| config.retention | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#retention) | {} | +| config.shard_precreation | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#shard-precreation) | {} | +| config.monitor | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#monitor) | {} | +| config.http | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#http) | {} | +| config.logging | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#logging) | {} | +| config.subscriber | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#subscriber) | {} | +| config.graphite | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#graphite) | {} | +| config.collectd | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#collectd) | {} | +| config.opentsdb | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#opentsdb) | {} | +| config.udp | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#udp) | {} | +| config.continous_queries | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#continuous-queries) | {} | +| config.tls | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#tls) | {} | +| initScripts.enabled | Boolean flag to enable and disable initscripts. If the container finds any files with the extensions .sh or .iql inside of the /docker-entrypoint-initdb.d folder, it will execute them. The order they are executed in is determined by the shell. This is usually alphabetical order. | false | +| initScripts.scripts | Init scripts | {} | +| backup.enabled | Enable backups, if `true` must configure one of the storage providers | `false` | +| backup.gcs | Google Cloud Storage config | `nil` +| backup.azure | Azure Blob Storage config | `nil` +| backup.s3 | Amazon S3 (or compatible) config | `nil` +| backup.schedule | Schedule to run jobs in cron format | `0 0 * * *` | +| backup.startingDeadlineSeconds | Deadline in seconds for starting the job if it misses its scheduled time for any reason | `nil` | +| backup.annotations | Annotations for backup cronjob | {} | +| backup.podAnnotations | Annotations for backup cronjob pods | {} | +| backup.persistence.enabled | Boolean to enable and disable persistance | false | +| backup.persistence.storageClass | If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack | | +| backup.persistence.annotations | Annotations for volumeClaimTemplates | nil | +| backup.persistence.accessMode | Access mode for the volume | ReadWriteOnce | +| backup.persistence.size | Storage size | 8Gi | +| backup.resources | Resources requests and limits for `backup` pods | `ephemeral-storage: 8Gi` | + +To configure the chart, do either of the following: + +- Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade --install`. For example: + + ```bash + helm upgrade --install my-release \ + --set persistence.enabled=true,persistence.size=200Gi \ + influxdata/influxdb + ``` + + This command enables persistence and changes the size of the requested data volume to 200GB. + +- Provide a YAML file that specifies the parameter values while installing the chart. For example, use the following command: + + ```bash + helm upgrade --install my-release -f values.yaml influxdata/influxdb + ``` + + > **Tip**: Use the default [values.yaml](values.yaml). + +For information about running InfluxDB in Docker, see the [full image documentation](https://hub.docker.com/_/influxdb/). + +### InfluxDB Enterprise Helm chart + +[InfluxDB Enterprise](https://www.influxdata.com/products/influxdb-enterprise/) includes features designed for production workloads, including high availability and horizontal scaling. InfluxDB Enterprise requires an InfluxDB Enterprise license. + +#### Configure the InfluxDB Enterprise chart + +To enable InfluxDB Enterprise, set the following keys and values in a values file provided to Helm. + +| Key | Description | Recommended value | +| --- | --- | --- | +| `livenessProbe.initalDelaySeconds` | Used to allow enough time to join meta nodes to a cluster | `3600` | +| `image.tag` | Set to a `data` image. See https://hub.docker.com/_/influxdb for details | `data` | +| `service.ClusterIP` | Use a headless service for StatefulSets | `"None"` | +| `env.name[_HOSTNAME]` | Used to provide a unique `name.service` for InfluxDB. See [values.yaml]() for an example | `valueFrom.fieldRef.fieldPath: metadata.name` | +| `enterprise.enabled` | Create StatefulSets for use with `influx-data` and `influx-meta` images | `true` | +| `enterprise.licensekey` | License for InfluxDB Enterprise | | +| `enterprise.clusterSize` | Replicas for `influx` StatefulSet | Dependent on license | +| `enterprise.meta.image.tag` | Set to an `meta` image. See https://hub.docker.com/_/influxdb for details | `meta` | +| `enterprise.meta.clusterSize` | Replicas for `influxdb-meta` StatefulSet. | `3` | +| `enterprise.meta.resources` | Resources requests and limits for meta `influxdb-meta` pods | See `values.yaml` | + +#### Join pods to InfluxDB Enterprise cluster + +Meta and data pods must be joined using the command `influxd-ctl` found on meta pods. +We recommend running `influxd-ctl` on one and only one meta pod and joining meta pods together before data pods. For each meta pod, run `influxd-ctl`. + +In the following examples, we use the pod names `influxdb-meta-0` and `influxdb-0` and the service name `influxdb`. + +For example, using the default settings, your script should look something like this: + +```shell script +kubectl exec influxdb-meta-0 influxd-ctl add-meta influxdb-meta-0.influxdb-meta:8091 +``` + +From the same meta pod, for each data pod, run `influxd-ctl`. With default settings, your script should look something like this: + +```shell script +kubectl exec influxdb-meta-0 influxd-ctl add-data influxdb-0.influxdb:8088 +``` + +When using `influxd-ctl`, use the appropriate DNS name for your pods, following the naming scheme of `pod.service`. + +## Persistence + +The [InfluxDB](https://hub.docker.com/_/influxdb/) image stores data in the `/var/lib/influxdb` directory in the container. + +If persistence is enabled, a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) associated with StatefulSet is provisioned. The volume is created using dynamic volume provisioning. In case of a disruption (for example, a node drain), Kubernetes ensures that the same volume is reattached to the Pod, preventing any data loss. However, when persistence is **not enabled**, InfluxDB data is stored in an empty directory, so if a Pod restarts, data is lost. + +## Start with authentication + +In `values.yaml`, change `.Values.config.http.auth-enabled` to `true`. + +> **Note:** To enforce authentication, InfluxDB requires an admin user to be set up. For details, see [Set up authentication](https://docs.influxdata.com/influxdb/v1.2/query_language/authentication_and_authorization/#set-up-authentication). + +To handle this set up during startup, enable a job in `values.yaml` by setting `.Values.setDefaultUser.enabled` to `true`. + +Make sure to uncomment or configure the job settings after enabling it. If a password is not set, a random password will be generated. + +Alternatively, if `.Values.setDefaultUser.user.existingSecret` is set the user and password are obtained from an existing Secret, the expected keys are `influxdb-user` and `influxdb-password`. Use this variable if you need to check in the `values.yaml` in a repository to avoid exposing your secrets. + +## Back up and restore + +Before proceeding, please read [Backing up and restoring in InfluxDB OSS](https://docs.influxdata.com/influxdb/v1.7/administration/backup_and_restore/). While the chart offers backups by means of the [`backup-cronjob`](./templates/backup-cronjob.yaml), restores do not fall under the chart's scope today but can be achieved by one-off kubernetes jobs. + +### Backups + +When enabled, the[`backup-cronjob`](./templates/backup-cronjob.yaml) runs on the configured schedule. One can create a job from the backup cronjob on demand as follows: + +```sh +kubectl create job --from=cronjobs/influxdb-backup influx-backup-$(date +%Y%m%d%H%M%S) +``` + +#### Backup Storage + +The backup process consists of an init-container that writes the backup to a +local volume, which is by default an `emptyDir`, shared to the runtime container +which uploads the backup to the configured object store. + +In order to avoid filling the node's disk space, it is recommended to set a sufficient +`ephemeral-storage` request or enable persistence, which allocates a PVC. + +Furthermore, if no object store provider is available, one can simply use the +PVC as the final storage destination when `persistence` is enabled. + +### Restores + +It is up to the end user to configure their own one-off restore jobs. Below is just an example, which assumes that the backups are stored in GCS and that all dbs in the backup already exist and should be restored. It is to be used as a reference only; configure the init-container and the command and of the `influxdb-restore` container as well as both containers' resources to suit your needs. + +```yaml +apiVersion: batch/v1 +kind: Job +metadata: + generateName: influxdb-restore- + namespace: monitoring +spec: + template: + spec: + volumes: + - name: backup + emptyDir: {} + serviceAccountName: influxdb + initContainers: + - name: init-gsutil-cp + image: google/cloud-sdk:alpine + command: + - /bin/sh + args: + - "-c" + - | + gsutil -m cp -r gs:///* /backup + volumeMounts: + - name: backup + mountPath: /backup + resources: + requests: + cpu: 1 + memory: 4Gi + limits: + cpu: 2 + memory: 8Gi + containers: + - name: influxdb-restore + image: influxdb:1.7-alpine + volumeMounts: + - name: backup + mountPath: /backup + command: + - /bin/sh + args: + - "-c" + - | + #!/bin/sh + INFLUXDB_HOST=influxdb.monitoring.svc + for db in $(influx -host $INFLUXDB_HOST -execute 'SHOW DATABASES' | tail -n +5); do + influxd restore -host $INFLUXDB_HOST:8088 -portable -db "$db" -newdb "$db"_bak /backup + done + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + restartPolicy: OnFailure +``` + +At which point the data from the new `_bak` dbs would have to be side loaded into the original dbs. +Please see [InfluxDB documentation for more restore examples](https://docs.influxdata.com/influxdb/v1.7/administration/backup_and_restore/#restore-examples). + +## Mounting Extra Volumes + +Extra volumes can be mounted by providing the `volumes` and `mountPoints` keys, consistent +with the behavior of other charts provided by Influxdata. + +```yaml +volumes: +- name: ssl-cert-volume + secret: + secretName: secret-name +mountPoints: +- name: ssl-cert-volume + mountPath: /etc/ssl/certs/selfsigned/ + readOnly: true +``` + +## Upgrading + +### From < 1.0.0 To >= 1.0.0 + +Values `.Values.config.bind_address` and `.Values.exposeRpc` no longer exist. They have been replaced with `.Values.config.rpc.bind_address` and `.Values.config.rpc.enabled` respectively. Please adjust your values file accordingly. + +### From < 1.5.0 to >= 2.0.0 + +The Kubernetes API change to support 1.160 may not be backwards compatible and may require the chart to be uninstalled in order to upgrade. See [this issue](https://github.com/helm/helm/issues/6583) for some background. + +### From < 3.0.0 to >= 3.0.0 + +Since version 3.0.0 this chart uses a StatefulSet instead of a Deployment. As part of this update the existing persistent volume (and all data) is deleted and a new one is created. Make sure to backup and restore the data manually. + +### From < 4.0.0 to >= 4.0.0 + +Labels are changed in accordance with [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/\#labels). This change also removes the ability to configure clusterIP value to avoid `Error: UPGRADE FAILED: failed to replace object: Service "my-influxdb" is invalid: spec.clusterIP: Invalid value: "": field is immutable` type errors. For more information on this error and why it's important to avoid this error, please see [this Github issue](https://github.com/helm/helm/issues/6378#issuecomment-582764215). + +Due to the significance of the changes, we recommend uninstalling and reinstalling the chart (although the PVC shouldn't be deleted during this process, we highly recommended backing up your data beforehand). + +Check out our [Slack channel](https://www.influxdata.com/slack) for support and information. diff --git a/helm/3rdparty/influxdb/files/backup-retention-script.sh b/helm/3rdparty/influxdb/files/backup-retention-script.sh new file mode 100644 index 0000000..913794a --- /dev/null +++ b/helm/3rdparty/influxdb/files/backup-retention-script.sh @@ -0,0 +1,66 @@ +#! /usr/bin/env bash + +set -e + +# This script wants these variable to be set. + +## S3_BUCKET <- The name of the bucket where the backups are stored +## S3_ENDPOINT <- The endpoint of the S3 service +## AWS_ACCESS_KEY_ID <- Access credentials +## AWS_SECRET_ACCESS_KEY <- Access credentials +## DAYS_TO_RETAIN <- The TTL for the backups === number of backups to keep. + +# Sanity check to avoid removing all backups. +[[ "$DAYS_TO_RETAIN" -lt 1 ]] && DAYS_TO_RETAIN=1 + +function get_records { + before_date="$1" + + aws s3api list-objects \ + --bucket ${S3_BUCKET} \ + --endpoint-url ${S3_ENDPOINT} \ + --query "Contents[?LastModified<='${before_date}'][].{Key: Key}" +} + +function remove_old_backups { + before_date=$(date --iso-8601=seconds -d "-${DAYS_TO_RETAIN} days") + now=$(date --iso-8601=seconds) + + del_records=$(get_records "${before_date}") + all_records=$(get_records "${now}") + + del_paths=() + all_paths=() + + function _jq { + echo ${row} | base64 --decode | jq -r ${1} + } + + for row in $(echo "${del_records}" | jq -r '.[] | @base64'); do + del_paths+=($(_jq '.Key')) + done + + for row in $(echo "${all_records}" | jq -r '.[] | @base64'); do + all_paths+=($(_jq '.Key')) + done + + # Number of backups left if all old backups are removed. + left=$((${#all_paths[@]} - ${#del_paths[@]})) + + # We ALWAYS keep N backups even if their TTL has expired! + if (( ${left} < ${DAYS_TO_RETAIN} )); then + num_to_delete=$((${#all_paths[@]} - ${DAYS_TO_RETAIN})) + else + num_to_delete=${#del_paths[@]} + fi + + for path in "${del_paths[@]::${num_to_delete}}"; do + aws s3 rm "s3://${S3_BUCKET}/${path}" \ + --endpoint-url "${S3_ENDPOINT}" + done +} + +# Installs jq. +yum install -y jq + +remove_old_backups diff --git a/helm/3rdparty/influxdb/templates/NOTES.txt b/helm/3rdparty/influxdb/templates/NOTES.txt new file mode 100644 index 0000000..41ffa05 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/NOTES.txt @@ -0,0 +1,42 @@ +InfluxDB can be accessed via port {{ .Values.config.http.bind_address | default 8086 }} on the following DNS name from within your cluster: + + http://{{ include "influxdb.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.config.http.bind_address | default 8086 }} + +You can connect to the remote instance with the influx CLI. To forward the API port to localhost:8086, run the following: + + kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') 8086:{{ .Values.config.http.bind_address | default 8086 }} + +You can also connect to the influx CLI from inside the container. To open a shell session in the InfluxDB pod, run the following: + + kubectl exec -i -t --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{.items[0].metadata.name}') /bin/sh + +To view the logs for the InfluxDB pod, run the following: + + kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') + +{{- if .Values.setDefaultUser.enabled }} + +To retrieve the default user name: + +{{- if .Values.setDefaultUser.user.existingSecret }} + + echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode) + +{{- else }} + + echo $(kubectl get secret {{ include "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode) + +{{- end }} + +To retrieve the default user password: + +{{- if .Values.setDefaultUser.user.existingSecret }} + + echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode) + +{{- else }} + + echo $(kubectl get secret {{ include "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode) + +{{- end }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/_helpers.tpl b/helm/3rdparty/influxdb/templates/_helpers.tpl new file mode 100644 index 0000000..4866664 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "influxdb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "influxdb.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "influxdb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "influxdb.labels" -}} +helm.sh/chart: {{ include "influxdb.chart" . }} +{{ include "influxdb.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "influxdb.selectorLabels" -}} +app.kubernetes.io/name: {{ include "influxdb.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "influxdb.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "influxdb.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/helm/3rdparty/influxdb/templates/backup-cronjob.yaml b/helm/3rdparty/influxdb/templates/backup-cronjob.yaml new file mode 100644 index 0000000..fed2d18 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/backup-cronjob.yaml @@ -0,0 +1,156 @@ +{{- if .Values.backup.enabled }} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ include "influxdb.fullname" . }}-backup + labels: + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernetes.io/component: backup + annotations: + {{- toYaml .Values.backup.annotations | nindent 4 }} +spec: + schedule: {{ .Values.backup.schedule | quote }} + startingDeadlineSeconds: {{ .Values.backup.startingDeadlineSeconds }} + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + metadata: + {{- if .Values.backup.podAnnotations }} + annotations: + {{ toYaml .Values.backup.podAnnotations | nindent 12 }} + {{- end }} + labels: + {{- include "influxdb.selectorLabels" . | nindent 12 }} + spec: + restartPolicy: OnFailure + volumes: + - name: backup + {{- if .Values.backup.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "influxdb.fullname" . }}-backup + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.backup.gcs }} + {{- if .Values.backup.gcs.serviceAccountSecret }} + - name: google-cloud-key + secret: + secretName: {{ .Values.backup.gcs.serviceAccountSecret | quote }} + {{- end }} + {{- end }} + {{- if .Values.backup.s3 }} + {{- if .Values.backup.s3.credentialsSecret }} + - name: aws-credentials-secret + secret: + secretName: {{ .Values.backup.s3.credentialsSecret | quote }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} + initContainers: + - name: influxdb-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + - name: backup + mountPath: /backup + command: + - /bin/sh + args: + - '-c' + - | + influxd backup \ + -host {{ include "influxdb.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.config.rpc.bind_address | default 8088 }} \ + -portable /backup/"$(date +%Y%m%d%H%M%S)" + resources: + {{- toYaml .Values.backup.resources | nindent 14 }} + containers: + {{- if .Values.backup.gcs }} + - name: gsutil-cp + image: google/cloud-sdk:alpine + command: + - /bin/sh + args: + - '-c' + - '-e' + - | + if [ -n "$KEY_FILE" ]; then + gcloud auth activate-service-account --key-file $KEY_FILE + fi + gsutil -m cp -r /backup/* "$DST_URL" + rm -rf /backup/* + volumeMounts: + - name: backup + mountPath: /backup + {{- if .Values.backup.gcs.serviceAccountSecretKey}} + - name: google-cloud-key + mountPath: /var/secrets/google/ + {{- end }} + env: + - name: DST_URL + value: {{ .Values.backup.gcs.destination}} + {{- if .Values.backup.gcs.serviceAccountSecretKey}} + - name: KEY_FILE + value: /var/secrets/google/{{ .Values.backup.gcs.serviceAccountSecretKey }} + {{- end }} + resources: + {{- toYaml .Values.backup.resources | nindent 14 }} + {{- end }} + {{- if .Values.backup.azure }} + - name: azure-cli + image: microsoft/azure-cli + command: + - /bin/sh + args: + - '-c' + - '-e' + - | + az storage container create --name "$DST_CONTAINER" + az storage blob upload-batch --destination "$DST_CONTAINER" --destination-path "$DST_PATH" --source "$SRC_URL" + rm -rf /backup/* + volumeMounts: + - name: backup + mountPath: /backup + env: + - name: SRC_URL + value: /backup + - name: DST_CONTAINER + value: {{ .Values.backup.azure.destination_container }} + - name: DST_PATH + value: {{ .Values.backup.azure.destination_path }} + - name: AZURE_STORAGE_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ .Values.backup.azure.storageAccountSecret }} + key: connection-string + resources: + {{- toYaml .Values.backup.resources | nindent 14 }} + {{- end }} + {{- if .Values.backup.s3 }} + - name: aws-cli + image: amazon/aws-cli + command: + - /bin/sh + args: + - '-c' + - '-e' + - | + aws {{- if .Values.backup.s3.endpointUrl }} --endpoint-url={{ .Values.backup.s3.endpointUrl }} {{- end }} s3 cp --recursive "$SRC_URL" "$DST_URL" + rm -rf /backup/* + volumeMounts: + - name: backup + mountPath: /backup + {{- if .Values.backup.s3.credentialsSecret}} + - name: aws-credentials-secret + mountPath: /var/secrets/aws/ + {{- end }} + env: + - name: AWS_CONFIG_FILE + value: /var/secrets/aws/credentials + - name: SRC_URL + value: /backup + - name: DST_URL + value: {{ .Values.backup.s3.destination }} + resources: + {{- toYaml .Values.backup.resources | nindent 14 }} + {{- end }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/backup-pvc.yaml b/helm/3rdparty/influxdb/templates/backup-pvc.yaml new file mode 100644 index 0000000..ebf4ba1 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/backup-pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.backup.enabled .Values.backup.persistence.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "influxdb.fullname" . }}-backup + labels: + {{- include "influxdb.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.backup.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.backup.persistence.size | quote }} +{{- if .Values.backup.persistence.storageClass }} +{{- if (eq "-" .Values.backup.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.backup.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/backup-retention-configmap.yaml b/helm/3rdparty/influxdb/templates/backup-retention-configmap.yaml new file mode 100644 index 0000000..d158eb5 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/backup-retention-configmap.yaml @@ -0,0 +1,11 @@ +{{- if .Values.backupRetention.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "influxdb.fullname" . }}-backup-retention + labels: + {{- include "influxdb.labels" . | nindent 4 }} +data: + backup-retention.sh: |- + {{- .Files.Get "files/backup-retention-script.sh" | nindent 4 }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/backup-retention-cronjob.yaml b/helm/3rdparty/influxdb/templates/backup-retention-cronjob.yaml new file mode 100644 index 0000000..388c62d --- /dev/null +++ b/helm/3rdparty/influxdb/templates/backup-retention-cronjob.yaml @@ -0,0 +1,75 @@ +{{- if .Values.backupRetention.enabled }} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ include "influxdb.fullname" . }}-backup-retention + labels: + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernetes.io/component: backup-retention + annotations: + {{- toYaml .Values.backupRetention.annotations | nindent 4 }} +spec: + schedule: {{ .Values.backupRetention.schedule | quote }} + startingDeadlineSeconds: {{ .Values.backupRetention.startingDeadlineSeconds }} + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + metadata: + {{- if .Values.backupRetention.podAnnotations }} + annotations: + {{ toYaml .Values.backupRetention.podAnnotations | nindent 12 }} + {{- end }} + labels: + {{- include "influxdb.selectorLabels" . | nindent 12 }} + spec: + restartPolicy: OnFailure + volumes: + - name: scripts + configMap: + name: {{ include "influxdb.fullname" . }}-backup-retention + {{- if .Values.backupRetention.gcs }} + {{- if .Values.backupRetention.gcs.serviceAccountSecret }} + - name: google-cloud-key + secret: + secretName: {{ .Values.backupRetention.gcs.serviceAccountSecret | quote }} + {{- end }} + {{- end }} + {{- if .Values.backupRetention.s3 }} + {{- if .Values.backupRetention.s3.credentialsSecret }} + - name: aws-credentials-secret + secret: + secretName: {{ .Values.backupRetention.s3.credentialsSecret | quote }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} + containers: + {{- if .Values.backupRetention.gcs }} + {{- end }} + {{- if .Values.backupRetention.azure }} + {{- end }} + {{- if .Values.backupRetention.s3 }} + - name: aws-cli + image: amazon/aws-cli + command: ['/bin/bash'] + args: ['/scripts/backup-retention.sh'] + volumeMounts: + - name: scripts + mountPath: /scripts + {{- if .Values.backupRetention.s3.credentialsSecret}} + - name: aws-credentials-secret + mountPath: /var/secrets/aws/ + {{- end }} + env: + - name: AWS_CONFIG_FILE + value: /var/secrets/aws/credentials + - name: DAYS_TO_RETAIN + value: {{ .Values.backupRetention.daysToRetain | quote }} + - name: S3_BUCKET + value: {{ .Values.backupRetention.s3.bucketName }} + - name: S3_ENDPOINT + value: {{ .Values.backupRetention.s3.endpointUrl }} + resources: + {{- toYaml .Values.backupRetention.resources | nindent 14 }} + {{- end }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/configmap.yaml b/helm/3rdparty/influxdb/templates/configmap.yaml new file mode 100644 index 0000000..ec7677b --- /dev/null +++ b/helm/3rdparty/influxdb/templates/configmap.yaml @@ -0,0 +1,184 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "influxdb.fullname" . }} + labels: + {{- include "influxdb.labels" . | nindent 4 }} +data: + influxdb.conf: |+ + reporting-disabled = {{ .Values.config.reporting_disabled | default false }} + bind-address = ":{{ .Values.config.rpc.bind_address | default 8088 }}" + + [meta] + dir = "/var/lib/influxdb/meta" + {{- range $key, $value := index .Values.config.meta }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + {{- if .Values.enterprise.enabled }} + internal-shared-secret = "{{ sha256sum .Values.enterprise.meta.seed }}" + meta-auth-enabled = {{ .Values.config.meta.authEnabled }} + {{- end }} + + [data] + dir = "/var/lib/influxdb/data" + wal-dir = "/var/lib/influxdb/wal" + {{- range $key, $value := index .Values.config.data }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [coordinator] + {{- range $key, $value := index .Values.config.coordinator }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [retention] + {{- range $key, $value := index .Values.config.retention }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [shard-precreation] + {{- range $key, $value := index .Values.config.shard_precreation }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [monitor] + {{- range $key, $value := index .Values.config.monitor }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [subscriber] + {{- range $key, $value := index .Values.config.subscriber }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [http] + {{- range $key, $value := index .Values.config.http }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + # TODO: allow multiple graphite listeners + + [[graphite]] + {{- range $key, $value := index .Values.config.graphite }} + {{- if ne $key "templates"}} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.config.graphite.templates }} + templates = [ + {{- range .Values.config.graphite.templates }} + {{ quote . }}, + {{- end }} + ] + {{- end }} + + # TODO: allow multiple collectd listeners with templates + + [[collectd]] + {{- range $key, $value := index .Values.config.collectd }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + # TODO: allow multiple opentsdb listeners with templates + + [[opentsdb]] + {{- range $key, $value := index .Values.config.opentsdb }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + # TODO: allow multiple udp listeners with templates + + [[udp]] + {{- range $key, $value := index .Values.config.udp }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [continuous_queries] + {{- range $key, $value := index .Values.config.continuous_queries }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + [logging] + {{- range $key, $value := index .Values.config.logging }} + {{- $tp := typeOf $value }} + {{- if eq $tp "string" }} + {{ $key }} = {{ $value | quote }} + {{- else }} + {{ $key }} = {{ $value }} + {{- end }} + {{- end }} + + {{ if .Values.enterprise.enabled -}} + [enterprise] + license-key = {{ .Values.enterprise.licensekey | quote }} + + [hinted-handoff] + enabled = true + dir = "/var/lib/influxdb/hh" + {{- end }} diff --git a/helm/3rdparty/influxdb/templates/ingress.yaml b/helm/3rdparty/influxdb/templates/ingress.yaml new file mode 100644 index 0000000..bc0a341 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/ingress.yaml @@ -0,0 +1,28 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "influxdb.fullname" . }} + labels: + {{- include "influxdb.labels" . | nindent 4 }} + annotations: +{{ toYaml .Values.ingress.annotations | indent 4 }} +spec: +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ .Values.ingress.secretName }} +{{- end }} +{{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} +{{- end }} + rules: + - host: {{ .Values.ingress.hostname }} + http: + paths: + - path: {{ .Values.ingress.path }} + backend: + serviceName: {{ include "influxdb.fullname" . }} + servicePort: 8086 +{{- end -}} diff --git a/helm/3rdparty/influxdb/templates/init-config.yaml b/helm/3rdparty/influxdb/templates/init-config.yaml new file mode 100644 index 0000000..5f60898 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/init-config.yaml @@ -0,0 +1,10 @@ +{{- if .Values.initScripts.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "influxdb.fullname" . }}-init + labels: + {{- include "influxdb.labels" . | nindent 4 }} +data: +{{ toYaml .Values.initScripts.scripts | indent 2 }} +{{- end -}} diff --git a/helm/3rdparty/influxdb/templates/meta-configmap.yaml b/helm/3rdparty/influxdb/templates/meta-configmap.yaml new file mode 100644 index 0000000..8e312d1 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/meta-configmap.yaml @@ -0,0 +1,35 @@ +{{ if .Values.enterprise.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "influxdb.fullname" . }}-meta + labels: + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernetes.io/component: meta +data: + influxdb-meta.conf: |+ + reporting-disabled = {{ .Values.config.reporting_disabled | default false }} + bind-address = ":{{ .Values.config.meta.bind_address | default 8091 }}" + + [enterprise] + license-key = {{ .Values.enterprise.licensekey | quote }} + + [meta] + dir = "/var/lib/influxdb/meta" + {{- range $key, $value := index .Values.config.meta }} + {{ $key }} = {{ $value }} + {{- end }} + {{- if .Values.enterprise.enabled }} + meta-auth-enabled = {{ .Values.config.meta.authEnabled }} + {{- end }} + + [logging] + {{- range $key, $value := index .Values.config.logging }} + {{ $key }} = {{ $value }} + {{- end }} + + [tls] + {{- range $key, $value := index .Values.config.tls }} + {{ $key }} = {{ $value }} + {{- end }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/meta-service.yaml b/helm/3rdparty/influxdb/templates/meta-service.yaml new file mode 100644 index 0000000..78d18e5 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/meta-service.yaml @@ -0,0 +1,25 @@ +{{ if .Values.enterprise.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + name: {{ include "influxdb.fullname" . }}-meta + labels: + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernets.io/component: meta +spec: + type: ClusterIP + clusterIP: None + # publishNotReadyAddresses is used for service discovery of meta and data nodes by querying the service's SRV record. + publishNotReadyAddresses: true + ports: + - name: meta + port: {{ .Values.config.meta.bind_address | default 8091 }} + targetPort: meta + selector: + {{- include "influxdb.selectorLabels" . | nindent 4 }} + app.kubernets.io/component: meta +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/meta-statefulset.yaml b/helm/3rdparty/influxdb/templates/meta-statefulset.yaml new file mode 100644 index 0000000..16b35c4 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/meta-statefulset.yaml @@ -0,0 +1,132 @@ +{{- if .Values.enterprise.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "influxdb.fullname" . }}-meta + labels: + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernetes.io/component: meta +spec: + replicas: {{ .Values.enterprise.meta.clusterSize }} + selector: + matchLabels: + {{- include "influxdb.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: meta + serviceName: "{{ include "influxdb.fullname" . }}-meta" + template: + metadata: + labels: + {{- include "influxdb.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: meta + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} + containers: + - name: "{{ include "influxdb.fullname" . }}-meta" + image: "{{ .Values.image.repository }}:{{ .Values.enterprise.meta.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + resources: +{{ toYaml .Values.enterprise.meta.resources | indent 10 }} + ports: + - name: udp + containerPort: {{ .Values.config.udp.bind_address | default 8089 }} + - name: rpc + containerPort: {{ .Values.config.rpc.bind_address | default 8088 }} + - name: meta + containerPort: {{ .Values.config.meta.bind_address | default 8091 }} + {{- if .Values.env }} + env: +{{ toYaml .Values.env | indent 10 }} + # Values.env's HOSTNAME isn't fundamentally different from $HOSTNAME, but this way we get a distinguished name for InfluxDB at runtime. + - name: INFLUXDB_HOSTNAME + value: "$(_HOSTNAME).{{ include "influxdb.fullname" . }}-meta" + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.livenessProbe.path | default "/ping" }} + port: meta + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5 }} + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.path | default "/ping" }} + port: meta + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 5 }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 1 }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.startupProbe.path | default "/ping" }} + port: meta + failureThreshold: {{ .Values.startupProbe.failureThreshold | default 6 }} + periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} + {{- end }} + volumeMounts: + - name: {{ include "influxdb.fullname" . }}-meta + mountPath: /var/lib/influxdb + - name: config + mountPath: /etc/influxdb + {{- if .Values.initScripts.enabled }} + - name: init + mountPath: /docker-entrypoint-initdb.d + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "influxdb.fullname" . }}-meta + {{- if .Values.initScripts.enabled }} + - name: init + configMap: + name: {{ include "influxdb.fullname" . }}-init + {{- end }} + {{- if (not .Values.persistence.enabled ) }} + - name: {{ include "influxdb.fullname" . }}-meta + emptyDir: {} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "influxdb.fullname" . }}-meta + annotations: + {{- range $key, $value := .Values.persistence.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote}} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/post-install-set-auth.yaml b/helm/3rdparty/influxdb/templates/post-install-set-auth.yaml new file mode 100644 index 0000000..aa77667 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/post-install-set-auth.yaml @@ -0,0 +1,49 @@ +{{- if .Values.setDefaultUser.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "influxdb.fullname" . }}-set-auth + labels: + {{- include "influxdb.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-delete-policy": {{ .Values.setDefaultUser.hookDeletePolicy }} +spec: + activeDeadlineSeconds: {{ .Values.setDefaultUser.activeDeadlineSeconds }} + backoffLimit: {{ .Values.setDefaultUser.backoffLimit }} + template: + metadata: + labels: + {{- include "influxdb.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ include "influxdb.fullname" . }}-set-auth + image: "{{ .Values.setDefaultUser.image }}" + env: + - name: INFLUXDB_USER + valueFrom: + secretKeyRef: + {{- if .Values.setDefaultUser.user.existingSecret }} + name: {{ .Values.setDefaultUser.user.existingSecret -}} + {{ else }} + name: {{ include "influxdb.fullname" . }}-auth + {{- end }} + key: influxdb-user + - name: INFLUXDB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.setDefaultUser.user.existingSecret }} + name: {{ .Values.setDefaultUser.user.existingSecret -}} + {{ else }} + name: {{ include "influxdb.fullname" . }}-auth + {{- end }} + key: influxdb-password + args: + - "/bin/sh" + - "-c" + - | + curl -X POST http://{{ include "influxdb.fullname" . }}:{{ .Values.config.http.bind_address | default 8086 }}/query \ + --data-urlencode \ + "q=CREATE USER \"${INFLUXDB_USER}\" WITH PASSWORD '${INFLUXDB_PASSWORD}' {{ .Values.setDefaultUser.user.privileges }}" + restartPolicy: {{ .Values.setDefaultUser.restartPolicy }} +{{- end -}} diff --git a/helm/3rdparty/influxdb/templates/secret.yaml b/helm/3rdparty/influxdb/templates/secret.yaml new file mode 100644 index 0000000..c6390f1 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/secret.yaml @@ -0,0 +1,17 @@ +{{- if .Values.setDefaultUser.enabled -}} +{{- if not (.Values.setDefaultUser.user.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "influxdb.fullname" . }}-auth + labels: + {{- include "influxdb.labels" . | nindent 4 }} +data: + {{- if .Values.setDefaultUser.user.password }} + influxdb-password: {{ .Values.setDefaultUser.user.password | b64enc | quote }} + {{- else }} + influxdb-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + influxdb-user: {{ .Values.setDefaultUser.user.username | b64enc | quote }} +{{- end -}} +{{- end -}} diff --git a/helm/3rdparty/influxdb/templates/service.yaml b/helm/3rdparty/influxdb/templates/service.yaml new file mode 100644 index 0000000..c5121e5 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/service.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + name: {{ include "influxdb.fullname" . }} + labels: + {{- include "influxdb.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: api + port: {{ .Values.config.http.bind_address | default 8086 }} + targetPort: api + - name: rpc + port: {{ .Values.config.rpc.bind_address | default 8088 }} + targetPort: rpc + {{- if .Values.config.graphite.enabled }} + - name: graphite + port: {{ .Values.config.graphite.bind_address | default 2003 }} + targetPort: graphite + {{- end }} + {{- if .Values.config.collectd.enabled }} + - name: collectd + port: {{ .Values.config.collectd.bind_address | default 25826 }} + protocol: UDP + targetPort: collectd + {{- end }} + {{- if .Values.config.udp.enabled }} + - name: udp + port: {{ .Values.config.udp.bind_address | default 8089 }} + protocol: UDP + targetPort: udp + {{- end }} + {{- if .Values.config.opentsdb.enabled }} + - name: opentsdb + port: {{ .Values.config.opentsdb.bind_address | default 4242 }} + targetPort: opentsdb + {{- end }} + selector: + {{- include "influxdb.selectorLabels" . | nindent 4 }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} +{{- end }} diff --git a/helm/3rdparty/influxdb/templates/serviceaccount.yaml b/helm/3rdparty/influxdb/templates/serviceaccount.yaml new file mode 100644 index 0000000..c496696 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "influxdb.serviceAccountName" . }} + labels: + {{- include "influxdb.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/helm/3rdparty/influxdb/templates/statefulset.yaml b/helm/3rdparty/influxdb/templates/statefulset.yaml new file mode 100644 index 0000000..13eda03 --- /dev/null +++ b/helm/3rdparty/influxdb/templates/statefulset.yaml @@ -0,0 +1,180 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "influxdb.fullname" . }} + labels: + {{- include "influxdb.labels" . | nindent 4 }} +spec: + {{- if .Values.enterprise.enabled }} + replicas: {{ .Values.enterprise.clusterSize }} + {{ else }} + replicas: 1 + {{- end}} + selector: + matchLabels: + {{- include "influxdb.selectorLabels" . | nindent 6 }} + serviceName: "{{ include "influxdb.fullname" . }}" + template: + metadata: + labels: + {{- include "influxdb.selectorLabels" . | nindent 8 }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} + containers: + - name: {{ include "influxdb.fullname" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - name: api + containerPort: {{ .Values.config.http.bind_address | default 8086 }} + {{- if .Values.config.graphite.enabled }} + - name: graphite + containerPort: {{ .Values.config.graphite.bind_address | default 2003 }} + {{- end }} + {{- if .Values.config.collectd.enabled }} + - name: collectd + containerPort: {{ .Values.config.collectd.bind_address | default 25826 }} + protocol: UDP + {{- end }} + {{- if .Values.config.udp.enabled }} + - name: udp + containerPort: {{ .Values.config.udp.bind_address | default 8089 }} + protocol: UDP + {{- end }} + {{- if .Values.config.opentsdb.enabled }} + - name: opentsdb + containerPort: {{ .Values.config.opentsdb.bind_address | default 4242 }} + {{- end }} + - name: rpc + containerPort: {{ .Values.config.rpc.bind_address | default 8088 }} + {{- if .Values.enterprise.enabled }} + - name: meta + containerPort: {{ .Values.config.meta.bind_address | default 8091 }} + {{- end }} + {{- if .Values.env }} + env: +{{ toYaml .Values.env | indent 10 }} + {{- if .Values.enterprise.enabled }} + - name: INFLUXDB_HOSTNAME # Values.env's HOSTNAME isn't fundamentally different from $HOSTNAME, but this way weg get a distinguished name at runtime. + value: "$(_HOSTNAME).{{ include "influxdb.fullname" . }}" + {{- end }} + {{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ .Values.envFromSecret }} + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.livenessProbe.path | default "/ping" }} + port: api + scheme: {{ .Values.livenessProbe.scheme | default "HTTP" }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5 }} + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.path | default "/ping" }} + port: api + scheme: {{ .Values.readinessProbe.scheme | default "HTTP" }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 5 }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 1 }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.startupProbe.path | default "/ping" }} + port: api + scheme: {{ .Values.startupProbe.scheme | default "HTTP" }} + failureThreshold: {{ .Values.startupProbe.failureThreshold | default 6 }} + periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} + {{- end }} + volumeMounts: + - name: {{ include "influxdb.fullname" . }}-data + mountPath: /var/lib/influxdb + - name: config + mountPath: /etc/influxdb + {{- if .Values.initScripts.enabled }} + - name: init + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if .Values.mountPoints }} +{{ toYaml .Values.mountPoints | indent 8 }} + {{- end }} + {{- if .Values.extraContainers }} +{{ toYaml .Values.extraContainers | indent 6}} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "influxdb.fullname" . }} + {{- if .Values.initScripts.enabled }} + - name: init + configMap: + name: {{ include "influxdb.fullname" . }}-init + {{- end }} + {{- if (not .Values.persistence.enabled ) }} + - name: {{ include "influxdb.fullname" . }}-data + emptyDir: {} + {{- end }} + # Cannot use existing claim in enterprise mode + {{- if and .Values.persistence.enabled .Values.persistence.existingClaim (not .Values.enterprise.enabled) }} + - name: {{ include "influxdb.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} + {{- end }} + {{- if .Values.volumes }} +{{ toYaml .Values.volumes | indent 6 }} + {{- end }} + # Must use volume claim template in enterprise mode + {{- if and .Values.persistence.enabled (or (not .Values.persistence.existingClaim) .Values.enterprise.enabled) }} + volumeClaimTemplates: + - metadata: + name: {{ include "influxdb.fullname" . }}-data + annotations: + {{- range $key, $value := .Values.persistence.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote}} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/helm/3rdparty/influxdb/values.yaml b/helm/3rdparty/influxdb/values.yaml new file mode 100644 index 0000000..2b494a4 --- /dev/null +++ b/helm/3rdparty/influxdb/values.yaml @@ -0,0 +1,337 @@ +## influxdb image version +## ref: https://hub.docker.com/r/library/influxdb/tags/ +image: + repository: "influxdb" + tag: "1.8.0-alpine" + pullPolicy: IfNotPresent + ## If specified, use these secrets to access the images + # pullSecrets: + # - registry-secret + + +serviceAccount: + create: true + name: + annotations: {} + +## Customize liveness, readiness and startup probes +## ref: https://docs.influxdata.com/influxdb/v1.7/tools/api/#ping-http-endpoint +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +## +livenessProbe: {} + # path: "/ping" + # initialDelaySeconds: 30 + # timeoutSeconds: 5 + # scheme: HTTP + +readinessProbe: {} + # path: "/ping" + # initialDelaySeconds: 5 + # timeoutSeconds: 1 + # scheme: HTTP + +securityContext: {} + # runAsUser: 999 + # runAsGroup: 999 + +startupProbe: + enabled: false + # path: "/ping" + # failureThreshold: 6 + # periodSeconds: 5 + # scheme: HTTP + +## Specify a service type +## NodePort is default +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + ## Add annotations to service + # annotations: {} + type: ClusterIP + # externalIPs: [] + # externalTrafficPolicy: "" + +## Persist data to a persistent volume +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + ## influxdb data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + annotations: + accessMode: ReadWriteOnce + size: 8Gi + +## Deploy InfluxDB Enterprise - License required +## ref: https://www.influxdata.com/products/influxdb-enterprise/ +enterprise: + enabled: false + licensekey: {} + clusterSize: 4 + meta: + image: + ## This image contains the enterprise meta node package for clustering. + ## It is meant to be used in conjunction with the influxdb:data package of the same version. + ## ref: https://hub.docker.com/_/influxdb + tag: meta + clusterSize: 3 + ## seed is hashed and used as `internal-shared-secret` for Meta service. + seed: dead-beef-cafe-bae + ## Configure resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + resources: {} + # resources: + # requests: + # memory: 512Mi + # cpu: 2 + # limits: + # memory: 1Gi + # cpu: 4 + +## Create default user through Kubernetes job +## Defaults indicated below +## +setDefaultUser: + enabled: false + + ## Image of the container used for job + ## Default: appropriate/curl:latest + ## + image: appropriate/curl:latest + + ## Deadline for job so it does not retry forever. + ## Default: activeDeadline: 300 + ## + activeDeadline: 300 + + ## Specify the number of retries before considering job as failed. + ## https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#pod-backoff-failure-policy + ## + backoffLimit: 6 + + ## Hook delete policy for helm. + ## Default: hookDeletePolicy: hook-succeeded + ## + hookDeletePolicy: hook-succeeded + + ## Restart policy for job + ## Default: OnFailure + restartPolicy: OnFailure + + user: + + ## The user name + ## Default: "admin" + username: "admin" + + ## User password + ## single quotes must be escaped (\') + ## Default: (Randomly generated 10 characters of AlphaNum) + # password: + + ## The user name and password are obtained from an existing secret. The expected + ## keys are `influxdb-user` and `influxdb-password`. + ## If set, the username and password values above are ignored. + # existingSecret: influxdb-auth + + ## User privileges + ## Default: "WITH ALL PRIVILEGES" + privileges: "WITH ALL PRIVILEGES" + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +resources: {} +# requests: +# memory: 256Mi +# cpu: 0.1 +# limits: +# memory: 16Gi +# cpu: 8 + +# Annotations to be added to InfluxDB pods +podAnnotations: {} + +# Labels to be added to InfluxDB pods +podLabels: {} + +ingress: + enabled: false + tls: false + # secretName: my-tls-cert # only needed if tls above is true + hostname: influxdb.foobar.com + className: null + annotations: {} + # kubernetes.io/ingress.class: "nginx" + # kubernetes.io/tls-acme: "true" + path: / + + +## Add custom volume and volumeMounts +# volumes: +# - name: ssl-cert-volume +# secret: +# secretName: secret-name +# mountPoints: +# - name: ssl-cert-volume +# mountPath: /etc/ssl/certs/selfsigned/ +# readOnly: true + +## Additional containers to be added to the pod. +extraContainers: {} +# - name: my-sidecar +# image: nginx:latest + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +# - key: "key" +# operator: "Equal|Exists" +# value: "value" +# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + +## The InfluxDB image uses several environment variables to automatically +## configure certain parts of the server. +## Ref: https://hub.docker.com/_/influxdb/ +env: {} + # - name: INFLUXDB_DB + # value: "demo" + +## The name of a secret in the same kubernetes namespace which contain values +## to be added to the environment. +## This can be used, for example, to set the INFLUXDB_HTTP_SHARED_SECRET +## environment variable. +envFromSecret: {} + +## InfluxDB configuration +## ref: https://docs.influxdata.com/influxdb/v1.7/administration/config +config: + reporting_disabled: false + rpc: {} + meta: {} + data: {} + coordinator: {} + retention: {} + shard_precreation: {} + monitor: {} + http: {} + logging: {} + subscriber: {} + graphite: {} + collectd: {} + opentsdb: {} + udp: {} + continuous_queries: {} + tls: {} + +# Allow executing custom init scripts +# +# If the container finds any files with the extensions .sh or .iql inside of the +# /docker-entrypoint-initdb.d folder, it will execute them. The order they are +# executed in is determined by the shell. This is usually alphabetical order. +initScripts: + enabled: false + scripts: + init.iql: |+ + CREATE DATABASE "telegraf" WITH DURATION 30d REPLICATION 1 NAME "rp_30d" + +backup: + enabled: false + ## By default emptyDir is used as a transitory volume before uploading to object store. + ## As such, ensure that a sufficient ephemeral storage request is set to prevent node disk filling completely. + resources: + requests: + # memory: 512Mi + # cpu: 2 + ephemeral-storage: "8Gi" + # limits: + # memory: 1Gi + # cpu: 4 + # ephemeral-storage: "16Gi" + ## If backup destination is PVC, or want to use intermediate PVC before uploading to object store. + persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + annotations: + accessMode: ReadWriteOnce + size: 8Gi + schedule: "0 0 * * *" + startingDeadlineSeconds: "" + annotations: {} + podAnnotations: {} + + ## Google Cloud Storage + # gcs: + # serviceAccountSecret: influxdb-backup-key + # serviceAccountSecretKey: key.json + # destination: gs://bucket/influxdb + + ## Azure + ## Secret is expected to have connection string stored in `connection-string` field + ## Existing container will be used or private one withing storage account will be created. + # azure: + # storageAccountSecret: influxdb-backup-azure-key + # destination_container: influxdb-container + # destination_path: "" + + ## Amazon S3 or compatible + ## Secret is expected to have AWS (or compatible) credentials stored in `credentials` field. + ## Please look at https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-where + ## for the credentials format. + ## The bucket should already exist. + # s3: + # credentialsSecret: aws-credentials-secret + # destination: s3://bucket/path + # ## Optional. Specify if you're using an alternate S3 endpoint. + # # endpointUrl: "" + +backupRetention: + enabled: false + resources: + requests: + # memory: 512Mi + # cpu: 2 + # limits: + # memory: 1Gi + # cpu: 4 + schedule: "0 0 * * *" + startingDeadlineSeconds: + annotations: {} + podAnnotations: {} + daysToRetain: 7 + # s3: + # credentialsSecret: aws-credentials-secret + # bucketName: bucket + # ## Optional. Specify if you're using an alternate S3 endpoint. + # # endpointUrl: "" diff --git a/helm/influxdb b/helm/influxdb new file mode 120000 index 0000000..05397ac --- /dev/null +++ b/helm/influxdb @@ -0,0 +1 @@ +3rdparty/influxdb \ No newline at end of file -- 2.16.6