diff --git a/.gitignore b/.gitignore index de27e56e..94a35af6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ molecule/maistra-e2e/assets/secret.yaml _output + +# Do not commit any compiled Ansible filter plugins +*.pyc diff --git a/.travis.yml b/.travis.yml index c5848c3f..cdca20cf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,6 +8,14 @@ arch: # So this is disabled for now. We can re-enable if we need this. #- arm64 +# The channel name "chat.freenode.net#kiali" is encrypted to prevent IRC spam from forks +notifications: + irc: + channels: + - secure: D7BiCSh0qJzKsEYmWsCdt2XaQve2yQPqF97LaCVU70nNDUMmzwvd8B24lVp4LcmS0t6jkIMvOiLB4PJldjNk/s5Y6IH23+7id/gRFopKLAI2DynqhLlDs0asRRzeUbzDlqdMP8AtyzIUcKnB0MLExoM1TIoHHHc9z1CbyFFFw3JDS12NWf35Lr5KNf0YojtdU/YSDGse33lGuUlZD8p9JacSI09BEUrzgtfuetD5LInbp9f+283hAlj7kY5psonDVvISQTRavT98GIpimo/7Gq0fesKoWPSOks5Y30MkAB+NVfVmECe6r1iqIeUXrdttjTnT+kqiW0OPQPYek5vO9RCr1N7qjhz8xjEbfV5MM5a1utc0VfniLs+1nwHoMqoYW9G8ke2XGgxvWhJyLi8uX6ATutpMMIbVkHsUIx12Y86rxF30VLnt7EhFMZVagp3zcJaoTUua2aXOhpNue3HA2SBpmUW7uqXQyDMf3H27sosdW0isF/J2utYTK+ENv6lyZ7eqDbNnlJiVRGunMfuQosVe+NT5Fpn7k3d+yw94decCMWfxg7SbWapeRcy3V1GTfDo5lhp4qO040Zf9FKa3GCjTXWQFxsFVipllun8aRELibA7uZJnoXEavJNYoaT5TfSFBgBQVfyRkM2X004B+VuALowE2NOYzOqTLgWHPzS8= + on_success: change + on_failure: change + language: python addons: apt: diff --git a/deploy/kiali-operator-all-in-one.yaml b/deploy/kiali-operator-all-in-one.yaml index 255bfe30..6966c8d4 100644 --- a/deploy/kiali-operator-all-in-one.yaml +++ b/deploy/kiali-operator-all-in-one.yaml @@ -1,6 +1,6 @@ # Kiali Operator 'v1.18.0' All-in-One YAML # This operator will not be able to support deployment.accessible_namespaces=['**']. -# Auto-generated by merge-operator-yaml.sh on Fri May 8 19:27:37 UTC 2020 +# Auto-generated by merge-operator-yaml.sh on Fri May 15 15:27:55 EDT 2020 --- apiVersion: v1 kind: Namespace @@ -377,10 +377,11 @@ spec: name: kiali-operator labels: app: kiali-operator + # required for the operator SDK metric service selector + name: kiali-operator version: v1.18.0 annotations: prometheus.io/scrape: "true" - prometheus.io/port: "8383" spec: serviceAccountName: kiali-operator containers: @@ -405,6 +406,11 @@ spec: value: "kiali-operator" - name: ANSIBLE_DEBUG_LOGS value: "True" + ports: + - name: http-metrics + containerPort: 8383 + - name: cr-metrics + containerPort: 8686 volumes: - name: runner emptyDir: {} diff --git a/deploy/kiali/kiali_cr.yaml b/deploy/kiali/kiali_cr.yaml index f97dc339..2e32ab65 100644 --- a/deploy/kiali/kiali_cr.yaml +++ b/deploy/kiali/kiali_cr.yaml @@ -433,8 +433,7 @@ spec: # istio_identity_domain: The annotation used by Istio to identify domains. # istio_sidecar_annotation: The pod annotation used by Istio to identify the sidecar. # istio_status_enabled: Enable/Disable of istio component status into masthead indicator. It defaults to true. -# url_service_version: The Istio service used to determine the Istio version. -# If empty, assumes it is in the istio namespace at the URL "http://istio-pilot.:8080/version" +# url_service_version: The Istio service used to determine the Istio version. If empty, assumes the URL for the well-known Istio version endpoint. # --- # istio: # istio_identity_domain: "svc.cluster.local" diff --git a/deploy/kiali/kiali_cr_dev.yaml b/deploy/kiali/kiali_cr_dev.yaml index b723fce6..7a8344af 100644 --- a/deploy/kiali/kiali_cr_dev.yaml +++ b/deploy/kiali/kiali_cr_dev.yaml @@ -5,6 +5,7 @@ metadata: annotations: ansible.operator-sdk/verbosity: "1" spec: + istio_namespace: ${ISTIO_NAMESPACE} version: "${KIALI_CR_SPEC_VERSION}" auth: strategy: $AUTH_STRATEGY diff --git a/deploy/kiali/kiali_cr_dev_servicemesh.yaml b/deploy/kiali/kiali_cr_dev_servicemesh.yaml index 1e46d90d..9f229b6c 100644 --- a/deploy/kiali/kiali_cr_dev_servicemesh.yaml +++ b/deploy/kiali/kiali_cr_dev_servicemesh.yaml @@ -5,6 +5,7 @@ metadata: annotations: ansible.operator-sdk/verbosity: "1" spec: + istio_namespace: "${ISTIO_NAMESPACE}" version: "${KIALI_CR_SPEC_VERSION}" auth: strategy: "${AUTH_STRATEGY}" diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 049a1bb4..81d43b03 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -17,10 +17,11 @@ spec: name: kiali-operator labels: app: kiali-operator + # required for the operator SDK metric service selector + name: kiali-operator version: ${OPERATOR_VERSION_LABEL} annotations: prometheus.io/scrape: "true" - prometheus.io/port: "8383" spec: serviceAccountName: kiali-operator containers: @@ -45,6 +46,11 @@ spec: value: "kiali-operator" - name: ANSIBLE_DEBUG_LOGS value: "True" + ports: + - name: http-metrics + containerPort: 8383 + - name: cr-metrics + containerPort: 8686 volumes: - name: runner emptyDir: {} diff --git a/dev-hosts b/dev-hosts index c1a8ad95..9267f9f4 100644 --- a/dev-hosts +++ b/dev-hosts @@ -8,6 +8,12 @@ all: image_version: dev namespace: istio-system + external_services: + istio: + url_service_version: http://istiod.istio-system:15014/version + # For Istio 1.5 and earlier + #url_service_version: http://istio-pilot.istio-system:8080/version + # The Operator SDK creates a "_kiali_io_kiali" variable that # mimics the Kiali CR but maintains camelCase in key names. # This will only be useful for certain cases (e.g. when diff --git a/manifests/kiali-community/1.16.0/kiali.crd.yaml b/manifests/kiali-community/1.18.1/kiali.crd.yaml similarity index 100% rename from manifests/kiali-community/1.16.0/kiali.crd.yaml rename to manifests/kiali-community/1.18.1/kiali.crd.yaml diff --git a/manifests/kiali-community/1.16.0/kiali.monitoringdashboards.crd.yaml b/manifests/kiali-community/1.18.1/kiali.monitoringdashboards.crd.yaml similarity index 100% rename from manifests/kiali-community/1.16.0/kiali.monitoringdashboards.crd.yaml rename to manifests/kiali-community/1.18.1/kiali.monitoringdashboards.crd.yaml diff --git a/manifests/kiali-community/1.16.0/kiali.v1.16.0.clusterserviceversion.yaml b/manifests/kiali-community/1.18.1/kiali.v1.18.1.clusterserviceversion.yaml similarity index 96% rename from manifests/kiali-community/1.16.0/kiali.v1.16.0.clusterserviceversion.yaml rename to manifests/kiali-community/1.18.1/kiali.v1.18.1.clusterserviceversion.yaml index 83231daa..29f32531 100644 --- a/manifests/kiali-community/1.16.0/kiali.v1.16.0.clusterserviceversion.yaml +++ b/manifests/kiali-community/1.18.1/kiali.v1.18.1.clusterserviceversion.yaml @@ -1,17 +1,17 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: - name: kiali-operator.v1.16.0 + name: kiali-operator.v1.18.1 namespace: placeholder annotations: categories: Monitoring,Logging & Tracing certified: "false" - containerImage: quay.io/kiali/kiali-operator:v1.16.0 + containerImage: quay.io/kiali/kiali-operator:v1.18.1 capabilities: Deep Insights support: Kiali description: "Kiali project provides answers to the questions: What microservices are part of my Istio service mesh and how are they connected?" repository: https://github.com/kiali/kiali - createdAt: 2020-03-25T00:00:00Z + createdAt: 2020-05-15T00:00:00Z alm-examples: |- [ { @@ -73,7 +73,7 @@ metadata: } ] spec: - version: 1.16.0 + version: 1.18.1 maturity: stable replaces: kiali-operator.v1.15.1 displayName: Kiali Operator @@ -261,26 +261,16 @@ spec: name: kiali-operator labels: app: kiali-operator - version: v1.16.0 + # required for the operator SDK metric service selector + name: kiali-operator + version: v1.18.1 annotations: prometheus.io/scrape: "true" - prometheus.io/port: "8383" spec: serviceAccountName: kiali-operator containers: - - name: ansible - command: - - /usr/local/bin/ao-logs - - /tmp/ansible-operator/runner - - stdout - image: quay.io/kiali/kiali-operator:v1.16.0 - imagePullPolicy: "IfNotPresent" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - readOnly: true - name: operator - image: quay.io/kiali/kiali-operator:v1.16.0 + image: quay.io/kiali/kiali-operator:v1.18.1 imagePullPolicy: "IfNotPresent" volumeMounts: - mountPath: /tmp/ansible-operator/runner @@ -302,6 +292,11 @@ spec: value: "kiali-operator" - name: ANSIBLE_DEBUG_LOGS value: "True" + ports: + - name: http-metrics + containerPort: 8383 + - name: cr-metrics + containerPort: 8686 volumes: - name: runner emptyDir: {} diff --git a/manifests/kiali-community/kiali.package.yaml b/manifests/kiali-community/kiali.package.yaml index 70495d9e..867c7b3f 100644 --- a/manifests/kiali-community/kiali.package.yaml +++ b/manifests/kiali-community/kiali.package.yaml @@ -1,7 +1,7 @@ packageName: kiali channels: - name: alpha - currentCSV: kiali-operator.v1.16.0 + currentCSV: kiali-operator.v1.18.1 - name: stable - currentCSV: kiali-operator.v1.16.0 + currentCSV: kiali-operator.v1.18.1 defaultChannel: stable diff --git a/manifests/kiali-upstream/1.16.0/kiali.crd.yaml b/manifests/kiali-ossm/1.12.13/kiali.crd.yaml similarity index 100% rename from manifests/kiali-upstream/1.16.0/kiali.crd.yaml rename to manifests/kiali-ossm/1.12.13/kiali.crd.yaml diff --git a/manifests/kiali-upstream/1.16.0/kiali.monitoringdashboards.crd.yaml b/manifests/kiali-ossm/1.12.13/kiali.monitoringdashboards.crd.yaml similarity index 100% rename from manifests/kiali-upstream/1.16.0/kiali.monitoringdashboards.crd.yaml rename to manifests/kiali-ossm/1.12.13/kiali.monitoringdashboards.crd.yaml diff --git a/manifests/kiali-ossm/1.12.13/kiali.v1.12.13.clusterserviceversion.yaml b/manifests/kiali-ossm/1.12.13/kiali.v1.12.13.clusterserviceversion.yaml new file mode 100644 index 00000000..2ce01731 --- /dev/null +++ b/manifests/kiali-ossm/1.12.13/kiali.v1.12.13.clusterserviceversion.yaml @@ -0,0 +1,593 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: kiali-operator.v1.12.13 + namespace: placeholder + annotations: + categories: Monitoring,Logging & Tracing + certified: "false" + containerImage: registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.12.13 + capabilities: Deep Insights + support: Red Hat + description: "Kiali project provides answers to the questions: What microservices are part of my Istio service mesh and how are they connected?" + repository: https://github.com/kiali/kiali + createdAt: 2020-04-27T22:07:13Z + alm-examples: |- + [ + { + "apiVersion": "kiali.io/v1alpha1", + "kind": "Kiali", + "metadata": { + "name": "kiali" + }, + "spec": { + "installation_tag": "My Kiali", + "istio_namespace": "istio-system", + "deployment": { + "namespace": "istio-system", + "verbose_mode": "4", + "view_only_mode": false + }, + "external_services": { + "grafana": { + "url": "" + }, + "prometheus": { + "url": "" + }, + "tracing": { + "url": "" + } + }, + "server": { + "web_root": "/mykiali" + } + } + }, + { + "apiVersion": "monitoring.kiali.io/v1alpha1", + "kind": "MonitoringDashboard", + "metadata": { + "name": "myappdashboard" + }, + "spec": { + "title": "My App Dashboard", + "items": [ + { + "chart": { + "name": "My App Processing Duration", + "unit": "seconds", + "spans": 6, + "metricName": "my_app_duration_seconds", + "dataType": "histogram", + "aggregations": [ + { + "label": "id", + "displayName": "ID" + } + ] + } + } + ] + } + } + ] +spec: + version: 1.12.13 + maturity: stable + replaces: kiali-operator.v1.12.12 + relatedImages: + - name: kiali-v1.0 + annotation: kiali-v1.0 + required: true + image: registry.redhat.io/openshift-service-mesh/kiali-rhel7@sha256:1b9eff98f69d3f4cc7083f558cea07e73f24d7c864a6f956904969368acf4401 + - name: kiali-v1.12 + annotation: kiali-v1.12 + required: true + image: registry.redhat.io/openshift-service-mesh/kiali-rhel7@sha256:e1fb3df10a7f7862e8549ad29e4dad97b22719896c10fe5109cbfb3b98f56900 + displayName: Kiali Operator + description: |- + ## About the managed application + + A Microservice Architecture breaks up the monolith into many smaller pieces + that are composed together. Patterns to secure the communication between + services like fault tolerance (via timeout, retry, circuit breaking, etc.) + have come up as well as distributed tracing to be able to see where calls + are going. + + A service mesh can now provide these services on a platform level and frees + the application writers from those tasks. Routing decisions are done at the + mesh level. + + Kiali works with Istio, in OpenShift or Kubernetes, to visualize the service + mesh topology, to provide visibility into features like circuit breakers, + request rates and more. It offers insights about the mesh components at + different levels, from abstract Applications to Services and Workloads. + + See [https://www.kiali.io](https://www.kiali.io) to read more. + + ### Accessing the UI + + By default, the Kiali operator exposes the Kiali UI as a Route on OpenShift + or Ingress on Kubernetes. + + On OpenShift, the default root context path is '/' and on Kubernetes it is + '/kiali' though you can change this by configuring the 'web_root' setting in + the Kiali CR. + + ## About this Operator + + ### Kiali Custom Resource Configuration Settings + + For quick descriptions of all the settings you can configure in the Kiali + Custom Resource (CR), see the file + [kiali_cr.yaml](https://github.com/kiali/kiali-operator/blob/v1.12/deploy/kiali/kiali_cr.yaml) + + Note that the Kiali operator can be told to restrict Kiali's access to + specific namespaces, or can provide to Kiali cluster-wide access to all + namespaces. + + ## Prerequisites for enabling this Operator + + Today Kiali works with Istio. So before you install Kiali, you must have + already installed Istio. Note that Istio can come pre-bundled with Kiali + (specifically if you installed the Istio demo helm profile or if you + installed Istio with the helm option '--set kiali.enabled=true'). If you + already have the pre-bundled Kiali in your Istio environment and you want to + install Kiali via the Kiali Operator, uninstall the pre-bundled Kiali first. + You can do this via this command, + + kubectl delete --ignore-not-found=true all,secrets,sa,templates,configmaps,deployments,clusterroles,clusterrolebindings,ingresses,customresourcedefinitions --selector="app=kiali" -n istio-system + + When you install Kiali in a non-OpenShift Kubernetes environment, the + authentication strategy will default to `login`. When using the + authentication strategy of `login`, you are required to create a Kubernetes + Secret with a `username` and `passphrase` that you want users to provide in + order to successfully log into Kiali. Here is an example command you can + execute to create such a secret (with a username of `admin` and a passphrase + of `admin`), + + kubectl create secret generic kiali -n istio-system --from-literal "username=admin" --from-literal "passphrase=admin" + + If you wish to use the "ldap" authentication strategy, you must have an LDAP + server available and accessible to Kiali. + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIyLjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCAxMjgwIDEyODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDEyODAgMTI4MDsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMwMTMxNDQ7fQoJLnN0MXtmaWxsOiMwMDkzREQ7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MTAuOSwxODAuOWMtMjUzLjYsMC00NTkuMSwyMDUuNS00NTkuMSw0NTkuMXMyMDUuNSw0NTkuMSw0NTkuMSw0NTkuMVMxMjcwLDg5My42LDEyNzAsNjQwCgkJUzEwNjQuNSwxODAuOSw4MTAuOSwxODAuOXogTTgxMC45LDEwMjkuMmMtMjE1LDAtMzg5LjItMTc0LjMtMzg5LjItMzg5LjJjMC0yMTUsMTc0LjMtMzg5LjIsMzg5LjItMzg5LjJTMTIwMC4xLDQyNSwxMjAwLjEsNjQwCgkJUzEwMjUuOSwxMDI5LjIsODEwLjksMTAyOS4yeiIvPgoJPHBhdGggY2xhc3M9InN0MSIgZD0iTTY1My4zLDI4NGMtMTM2LjQsNjAuNS0yMzEuNiwxOTcuMS0yMzEuNiwzNTZjMCwxNTguOCw5NS4yLDI5NS41LDIzMS42LDM1NmM5OC40LTg3LjEsMTYwLjQtMjE0LjMsMTYwLjQtMzU2CgkJQzgxMy43LDQ5OC4zLDc1MS42LDM3MS4xLDY1My4zLDI4NHoiLz4KCTxwYXRoIGNsYXNzPSJzdDEiIGQ9Ik0zNTEuOCw2NDBjMC0xMDkuOCwzOC42LTIxMC41LDEwMi44LTI4OS41Yy0zOS42LTE4LjItODMuNi0yOC4zLTEzMC0yOC4zQzE1MC45LDMyMi4yLDEwLDQ2NC41LDEwLDY0MAoJCXMxNDAuOSwzMTcuOCwzMTQuNiwzMTcuOGM0Ni4zLDAsOTAuNC0xMC4xLDEzMC0yOC4zQzM5MC4zLDg1MC41LDM1MS44LDc0OS44LDM1MS44LDY0MHoiLz4KPC9nPgo8L3N2Zz4K + mediatype: image/svg+xml + keywords: ['service-mesh', 'observability', 'monitoring', 'maistra', 'istio'] + maintainers: + - name: Kiali Developers Google Group + email: kiali-dev@googlegroups.com + provider: + name: Red Hat + labels: + name: kiali-operator + selector: + matchLabels: + name: kiali-operator + links: + - name: Getting Started Guide + url: https://www.kiali.io/documentation/getting-started/ + - name: Features + url: https://www.kiali.io/documentation/features + - name: Documentation Home + url: https://www.kiali.io/documentation + - name: Blogs and Articles + url: https://medium.com/kialiproject + - name: Server Source Code + url: https://github.com/kiali/kiali + - name: UI Source Code + url: https://github.com/kiali/kiali-ui + installModes: + - type: OwnNamespace + supported: true + - type: SingleNamespace + supported: true + - type: MultiNamespace + supported: false + - type: AllNamespaces + supported: true + customresourcedefinitions: + owned: + - name: kialis.kiali.io + group: kiali.io + description: A configuration file for a Kiali installation. + displayName: Kiali + kind: Kiali + version: v1alpha1 + resources: + - kind: Deployment + version: apps/v1 + - kind: Pod + version: v1 + - kind: Service + version: v1 + - kind: ConfigMap + version: v1 + - kind: OAuthClient + version: oauth.openshift.io/v1 + - kind: Route + version: route.openshift.io/v1 + - kind: Ingress + version: extensions/v1beta1 + specDescriptors: + - displayName: Authentication Strategy + description: "Determines how a user is to log into Kiali. Choose 'login' to use a username and passphrase as defined in a Secret. Choose 'anonymous' to allow full access to Kiali without requiring credentials (use this at your own risk). Choose 'openshift' if on OpenShift to use the OpenShift OAuth login which controls access based on the individual's OpenShift RBAC roles. Default: openshift (when deployed in OpenShift); login (when deployed in Kubernetes)" + path: auth.strategy + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:label' + - displayName: Kiali Namespace + description: "The namespace where Kiali and its associated resources will be created. Default: istio-system" + path: deployment.namespace + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:label' + - displayName: Secret Name + description: "If Kiali is configured with auth.strategy 'login', an admin must create a Secret with credentials ('username' and 'passphrase') which will be used to authenticate users logging into Kiali. This setting defines the name of that secret. Default: kiali" + path: deployment.secret_name + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret' + - displayName: Verbose Mode + description: "Determines the priority levels of log messages Kiali will output. Typical values are '3' for INFO and higher priority messages, '4' for DEBUG and higher priority messages (this makes the logs more noisy). Default: 3" + path: deployment.verbose_mode + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:label' + - displayName: View Only Mode + description: "When true, Kiali will be in 'view only' mode, allowing the user to view and retrieve management and monitoring data for the service mesh, but not allow the user to modify the service mesh. Default: false" + path: deployment.view_only_mode + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:booleanSwitch' + - displayName: Web Root + description: "Defines the root context path for the Kiali console, API endpoints and readiness/liveness probes. Default: / (when deployed on OpenShift; /kiali (when deployed on Kubernetes)" + path: server.web_root + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:label' + - name: monitoringdashboards.monitoring.kiali.io + group: monitoring.kiali.io + description: A configuration file for defining an individual metric dashboard. + displayName: Monitoring Dashboard + kind: MonitoringDashboard + version: v1alpha1 + resources: [] + specDescriptors: + - displayName: Title + description: "The title of the dashboard." + path: title + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:label' + apiservicedefinitions: {} + install: + strategy: deployment + spec: + deployments: + - name: kiali-operator + spec: + replicas: 1 + selector: + matchLabels: + app: kiali-operator + template: + metadata: + name: kiali-operator + labels: + app: kiali-operator + # required for the operator SDK metric service selector + name: kiali-operator + version: v1.12.13 + annotations: + prometheus.io/scrape: "true" + spec: + serviceAccountName: kiali-operator + containers: + - name: ansible + command: + - /usr/local/bin/ao-logs + - /tmp/ansible-operator/runner + - stdout + image: registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator@sha256:e816022618522d3c4cb687f876d93a827cabbfcaf665eb6db11ccf2fe7f80bc0 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + readOnly: true + - name: operator + image: registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator@sha256:e816022618522d3c4cb687f876d93a827cabbfcaf665eb6db11ccf2fe7f80bc0 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: "kiali-operator" + - name: KIALI_IMAGE_default + value: "registry.redhat.io/openshift-service-mesh/kiali-rhel7@sha256:1b9eff98f69d3f4cc7083f558cea07e73f24d7c864a6f956904969368acf4401" + - name: KIALI_IMAGE_v1_0 + value: "registry.redhat.io/openshift-service-mesh/kiali-rhel7@sha256:1b9eff98f69d3f4cc7083f558cea07e73f24d7c864a6f956904969368acf4401" + - name: KIALI_IMAGE_v1_12 + value: "registry.redhat.io/openshift-service-mesh/kiali-rhel7@sha256:e1fb3df10a7f7862e8549ad29e4dad97b22719896c10fe5109cbfb3b98f56900" + ports: + - name: http-metrics + containerPort: 8383 + - name: cr-metrics + containerPort: 8686 + volumes: + - name: runner + emptyDir: {} + clusterPermissions: + - rules: + - apiGroups: [""] + resources: + - configmaps + - endpoints + - events + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: + - namespaces + verbs: + - get + - list + - patch + - apiGroups: [""] + resources: + - secrets + verbs: + - create + - list + - watch + - apiGroups: [""] + resourceNames: + - kiali-signing-key + resources: + - secrets + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["apps"] + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["monitoring.coreos.com"] + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: ["apps"] + resourceNames: + - kiali-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: ["kiali.io"] + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["apiextensions.k8s.io"] + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: ["extensions"] + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["oauth.openshift.io"] + resources: + - oauthclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["config.openshift.io"] + resources: + - clusteroperators + verbs: + - list + - watch + - apiGroups: ["config.openshift.io"] + resourceNames: + - kube-apiserver + resources: + - clusteroperators + verbs: + - get + - apiGroups: ["console.openshift.io"] + resources: + - consolelinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + # The permissions below are for Kiali itself; operator needs these so it can escalate when creating Kiali's roles + - apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch + - apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get + - apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get + - apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list + serviceAccountName: kiali-operator diff --git a/manifests/kiali-ossm/kiali-ossm.package.yaml b/manifests/kiali-ossm/kiali-ossm.package.yaml index a2261810..84c99e22 100644 --- a/manifests/kiali-ossm/kiali-ossm.package.yaml +++ b/manifests/kiali-ossm/kiali-ossm.package.yaml @@ -1,5 +1,5 @@ packageName: kiali-ossm channels: - name: stable - currentCSV: kiali-operator.v1.12.12 + currentCSV: kiali-operator.v1.12.13 defaultChannel: stable diff --git a/manifests/kiali-upstream/1.18.1/kiali.crd.yaml b/manifests/kiali-upstream/1.18.1/kiali.crd.yaml new file mode 100644 index 00000000..d20f087d --- /dev/null +++ b/manifests/kiali-upstream/1.18.1/kiali.crd.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kialis.kiali.io + labels: + app: kiali-operator +spec: + group: kiali.io + names: + kind: Kiali + listKind: KialiList + plural: kialis + singular: kiali + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/manifests/kiali-upstream/1.18.1/kiali.monitoringdashboards.crd.yaml b/manifests/kiali-upstream/1.18.1/kiali.monitoringdashboards.crd.yaml new file mode 100644 index 00000000..9607638e --- /dev/null +++ b/manifests/kiali-upstream/1.18.1/kiali.monitoringdashboards.crd.yaml @@ -0,0 +1,15 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io + labels: + app: kiali +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + version: v1alpha1 diff --git a/manifests/kiali-upstream/1.16.0/kiali.v1.16.0.clusterserviceversion.yaml b/manifests/kiali-upstream/1.18.1/kiali.v1.18.1.clusterserviceversion.yaml similarity index 96% rename from manifests/kiali-upstream/1.16.0/kiali.v1.16.0.clusterserviceversion.yaml rename to manifests/kiali-upstream/1.18.1/kiali.v1.18.1.clusterserviceversion.yaml index 0de3eff1..6d44c752 100644 --- a/manifests/kiali-upstream/1.16.0/kiali.v1.16.0.clusterserviceversion.yaml +++ b/manifests/kiali-upstream/1.18.1/kiali.v1.18.1.clusterserviceversion.yaml @@ -1,17 +1,17 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: - name: kiali-operator.v1.16.0 + name: kiali-operator.v1.18.1 namespace: placeholder annotations: categories: Monitoring,Logging & Tracing certified: "false" - containerImage: quay.io/kiali/kiali-operator:v1.16.0 + containerImage: quay.io/kiali/kiali-operator:v1.18.1 capabilities: Deep Insights support: Kiali description: "Kiali project provides answers to the questions: What microservices are part of my Istio service mesh and how are they connected?" repository: https://github.com/kiali/kiali - createdAt: 2020-03-25T00:00:00Z + createdAt: 2020-05-15T00:00:00Z alm-examples: |- [ { @@ -73,7 +73,7 @@ metadata: } ] spec: - version: 1.16.0 + version: 1.18.1 maturity: stable replaces: kiali-operator.v1.15.1 displayName: Kiali Operator @@ -261,26 +261,16 @@ spec: name: kiali-operator labels: app: kiali-operator - version: v1.16.0 + # required for the operator SDK metric service selector + name: kiali-operator + version: v1.18.1 annotations: prometheus.io/scrape: "true" - prometheus.io/port: "8383" spec: serviceAccountName: kiali-operator containers: - - name: ansible - command: - - /usr/local/bin/ao-logs - - /tmp/ansible-operator/runner - - stdout - image: quay.io/kiali/kiali-operator:v1.16.0 - imagePullPolicy: "IfNotPresent" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - readOnly: true - name: operator - image: quay.io/kiali/kiali-operator:v1.16.0 + image: quay.io/kiali/kiali-operator:v1.18.1 imagePullPolicy: "IfNotPresent" volumeMounts: - mountPath: /tmp/ansible-operator/runner @@ -302,6 +292,11 @@ spec: value: "kiali-operator" - name: ANSIBLE_DEBUG_LOGS value: "True" + ports: + - name: http-metrics + containerPort: 8383 + - name: cr-metrics + containerPort: 8686 volumes: - name: runner emptyDir: {} diff --git a/manifests/kiali-upstream/kiali.package.yaml b/manifests/kiali-upstream/kiali.package.yaml index 70495d9e..867c7b3f 100644 --- a/manifests/kiali-upstream/kiali.package.yaml +++ b/manifests/kiali-upstream/kiali.package.yaml @@ -1,7 +1,7 @@ packageName: kiali channels: - name: alpha - currentCSV: kiali-operator.v1.16.0 + currentCSV: kiali-operator.v1.18.1 - name: stable - currentCSV: kiali-operator.v1.16.0 + currentCSV: kiali-operator.v1.18.1 defaultChannel: stable diff --git a/molecule/common/prepare-prometheus.yml b/molecule/common/prepare-prometheus.yml new file mode 100644 index 00000000..3c18a91e --- /dev/null +++ b/molecule/common/prepare-prometheus.yml @@ -0,0 +1,19 @@ +- name: Get Prometheus HTTP endpoint route (this test requires a HTTP route to the Prometheus endpoint) + k8s_facts: + api_version: route.openshift.io/v1 + kind: Route + name: prometheus + namespace: "{{ istio.control_plane_namespace }}" + register: prometheus_route_raw + until: + - prometheus_route_raw['resources'] is defined + - prometheus_route_raw['resources'][0] is defined + - prometheus_route_raw['resources'][0]['status'] is defined + - prometheus_route_raw['resources'][0]['status']['ingress'] is defined + - prometheus_route_raw['resources'][0]['status']['ingress'][0] is defined + - prometheus_route_raw['resources'][0]['status']['ingress'][0]['host'] is defined + retries: 10 + delay: 6 + +- set_fact: + prometheus_url: "http://{{ prometheus_route_raw['resources'][0]['status']['ingress'][0]['host'] }}/api/v1" diff --git a/molecule/common/query-prometheus.yml b/molecule/common/query-prometheus.yml new file mode 100644 index 00000000..c5a3f5f8 --- /dev/null +++ b/molecule/common/query-prometheus.yml @@ -0,0 +1,19 @@ +# To use this, import the task passing in the variable "prometheus_query" which must be URL encoded correctly. +# If you already imported "prepare-prometheus.yml" you will already have the other var "prometheus_url". +# If successful, the query results are in JSON format in "prometheus_query_results.json". + +- debug: + msg: "Prometheus query to be run: {{ prometheus_query }}" +- name: Query Prometheus + uri: + url: "{{ prometheus_url }}/query?query={{ prometheus_query }}" + method: GET + return_content: yes + body_format: json + register: prometheus_query_results + until: prometheus_query_results.json.status == "success" + retries: 3 + delay: 1 + +- debug: + msg: "Prometheus query [{{ prometheus_query }}] results: {{ prometheus_query_results.json }}" diff --git a/molecule/config-values-test/set-kiali-cr.yml b/molecule/common/set-kiali-cr.yml similarity index 100% rename from molecule/config-values-test/set-kiali-cr.yml rename to molecule/common/set-kiali-cr.yml diff --git a/molecule/config-values-test/set-version-label.yml b/molecule/config-values-test/set-version-label.yml index fcdfa2c1..b5ec9ccb 100644 --- a/molecule/config-values-test/set-version-label.yml +++ b/molecule/config-values-test/set-version-label.yml @@ -4,4 +4,4 @@ set_fact: new_kiali_cr: "{{ current_kiali_cr | combine({'spec': {'deployment': {'version_label': new_version_label }}}, recursive=True) }}" -- import_tasks: set-kiali-cr.yml +- import_tasks: ../common/set-kiali-cr.yml diff --git a/molecule/metrics-test/enable-metrics.yml b/molecule/metrics-test/enable-metrics.yml new file mode 100644 index 00000000..ffbf3f74 --- /dev/null +++ b/molecule/metrics-test/enable-metrics.yml @@ -0,0 +1,7 @@ +- name: Enable metrics in current Kiali CR + vars: + current_kiali_cr: "{{ lookup('k8s', api_version='kiali.io/v1alpha1', kind='Kiali', namespace=cr_namespace, resource_name=custom_resource.metadata.name) }}" + set_fact: + new_kiali_cr: "{{ current_kiali_cr | combine({'spec': {'server': {'metrics_enabled': true }}}, recursive=True) }}" + +- import_tasks: ../common/set-kiali-cr.yml diff --git a/molecule/metrics-test/kiali-cr.yaml b/molecule/metrics-test/kiali-cr.yaml new file mode 100644 index 00000000..3bbbef5a --- /dev/null +++ b/molecule/metrics-test/kiali-cr.yaml @@ -0,0 +1,19 @@ +apiVersion: kiali.io/v1alpha1 +kind: Kiali +metadata: + name: kiali +spec: + version: default + istio_namespace: {{ istio.control_plane_namespace }} + auth: + strategy: {{ kiali.auth_strategy }} + deployment: + namespace: {{ kiali.install_namespace }} + image_name: {{ kiali.image_name }} + image_pull_policy: {{ kiali.image_pull_policy }} + image_version: {{ kiali.image_version }} + accessible_namespaces: {{ kiali.accessible_namespaces }} + service_type: NodePort + server: + # start the test off with metrics disabled + metrics_enabled: false diff --git a/molecule/metrics-test/molecule.yml b/molecule/metrics-test/molecule.yml new file mode 100644 index 00000000..39cd619b --- /dev/null +++ b/molecule/metrics-test/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy +platforms: +- name: default + groups: + - k8s +provisioner: + name: ansible + config_options: + defaults: + callback_whitelist: junit + playbooks: + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + inventory: + group_vars: + all: + kiali_operator_assets_path : "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" + cr_file_path: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/metrics-test/kiali-cr.yaml" + cr_namespace: kiali-operator + istio: + control_plane_namespace: istio-system + kiali: + install_namespace: istio-system + accessible_namespaces: ["**"] + auth_strategy: token + operator_namespace: kiali-operator + operator_image_name: "{{ 'image-registry.openshift-image-registry.svc:5000/kiali/kiali-operator' if lookup('env', 'MOLECULE_KIALI_OPERATOR_IMAGE_NAME') == 'dev' else (lookup('env', 'MOLECULE_KIALI_OPERATOR_IMAGE_NAME')|default('quay.io/kiali/kiali-operator', True)) }}" + operator_version: "{{ lookup('env', 'MOLECULE_KIALI_OPERATOR_IMAGE_VERSION')|default('latest', True) }}" + operator_watch_namespace: kiali-operator + operator_clusterrolebindings: "- clusterrolebindings" + operator_clusterroles: "- clusterroles" + image_name: "{{ 'image-registry.openshift-image-registry.svc:5000/kiali/kiali' if lookup('env', 'MOLECULE_KIALI_IMAGE_NAME') == 'dev' else (lookup('env', 'MOLECULE_KIALI_IMAGE_NAME')|default('quay.io/kiali/kiali', True)) }}" + image_version: "{{ lookup('env', 'MOLECULE_KIALI_IMAGE_VERSION')|default('latest', True) }}" + image_pull_policy: Always +scenario: + name: metrics-test + test_sequence: + - prepare + - converge + - destroy diff --git a/molecule/metrics-test/playbook.yml b/molecule/metrics-test/playbook.yml new file mode 100644 index 00000000..293dde2e --- /dev/null +++ b/molecule/metrics-test/playbook.yml @@ -0,0 +1,71 @@ +- name: Tests + hosts: localhost + connection: local + vars: + custom_resource: "{{ lookup('template', cr_file_path) | from_yaml }}" + tasks: + - import_tasks: ../common/tasks.yml + - import_tasks: ../asserts/pod_asserts.yml + + - name: Send a request into Kiali to ensure metrics from this will not be collected + uri: + url: "{{ kiali_base_url }}/api" + validate_certs: no + - name: Waiting a few seconds to make sure metrics aren't being collected + pause: + seconds: 30 + + - import_tasks: ../common/prepare-prometheus.yml + + - set_fact: + test_start_time: "{{ ansible_date_time.iso8601 }}" + + # Operator metrics are always enabled - make sure we have them + + # an operator http-metric + - import_tasks: ../common/query-prometheus.yml + vars: + prometheus_query: "workqueue_work_duration_seconds_count{app=\"kiali-operator\",namespace=\"{{ kiali.operator_namespace }}\"}&time={{ test_start_time}}" + - assert: + that: + - prometheus_query_results.json.data.result | length > 0 + + # an operator cr-metric + - import_tasks: ../common/query-prometheus.yml + vars: + prometheus_query: "kiali_info{app=\"kiali-operator\",namespace=\"{{ kiali.operator_namespace }}\"}&time={{ test_start_time}}" + - assert: + that: + - prometheus_query_results.json.data.result | length > 0 + + # The test is initialized with Kiali metrics turned off so there should not be any yet + - import_tasks: ../common/query-prometheus.yml + vars: + prometheus_query: "kiali_api_processing_duration_seconds_count{app=\"kiali\",namespace=\"{{ kiali.install_namespace }}\"}&time={{ test_start_time}}" + - assert: + that: + - prometheus_query_results.json.data.result | length == 0 + + # Turn on Kiali metrics + - import_tasks: enable-metrics.yml + - import_tasks: ../common/wait_for_kiali_cr_changes.yml + - import_tasks: ../common/wait_for_kiali_running.yml + - import_tasks: ../common/tasks.yml + - import_tasks: ../asserts/pod_asserts.yml + + - name: Send a request into Kiali to build up metrics + uri: + url: "{{ kiali_base_url }}/api" + validate_certs: no + - name: Waiting a few seconds for metrics to be collected + pause: + seconds: 30 + + # A Kiali metric + - import_tasks: ../common/query-prometheus.yml + vars: + prometheus_query: "kiali_api_processing_duration_seconds_count{app=\"kiali\",namespace=\"{{ kiali.install_namespace }}\"}" + - assert: + that: + - prometheus_query_results.json.data.result | length > 0 + diff --git a/roles/default/kiali-deploy/tasks/main.yml b/roles/default/kiali-deploy/tasks/main.yml index 0b4d2ce2..340f4d93 100644 --- a/roles/default/kiali-deploy/tasks/main.yml +++ b/roles/default/kiali-deploy/tasks/main.yml @@ -198,12 +198,18 @@ when: - kiali_vars.istio_component_namespaces.tracing is not defined or kiali_vars.istio_component_namespaces.tracing == "" -- name: "Set default istio component namespace: pilot" +- name: "Set default istio component namespace: pilot - needed for Istio 1.5 and earlier" set_fact: kiali_vars: "{{ kiali_vars | combine({'istio_component_namespaces': {'pilot': kiali_vars.istio_namespace}}, recursive=True) }}" when: - kiali_vars.istio_component_namespaces.pilot is not defined or kiali_vars.istio_component_namespaces.pilot == "" +- name: "Set default istio component namespace: istiod - needed for Istio 1.6 and later" + set_fact: + kiali_vars: "{{ kiali_vars | combine({'istio_component_namespaces': {'istiod': kiali_vars.istio_namespace}}, recursive=True) }}" + when: + - kiali_vars.istio_component_namespaces.istiod is not defined or kiali_vars.istio_component_namespaces.istiod == "" + - name: "Set default istio component namespace: prometheus" set_fact: kiali_vars: "{{ kiali_vars | combine({'istio_component_namespaces': {'prometheus': kiali_vars.istio_namespace}}, recursive=True) }}" @@ -228,7 +234,25 @@ when: kiali_vars.external_services.tracing.in_cluster_url == "" and is_maistra == False -- name: Set default Istio service that provides version info +- name: Check for the existence of istiod version endpoint + uri: + url: "http://istiod.{{ kiali_vars.istio_component_namespaces.istiod }}:15014/version" + register: istiod_version_url_results_raw + until: istiod_version_url_results_raw.status == 200 + retries: 5 + delay: 1 + ignore_errors: yes + when: + - kiali_vars.external_services.istio.url_service_version == "" + +- name: Set default Istio service that provides version info (istiod for Istio 1.6 and later) + set_fact: + kiali_vars: "{{ kiali_vars | combine({'external_services': {'istio': {'url_service_version': 'http://istiod.' + kiali_vars.istio_component_namespaces.istiod + ':15014/version'}}}, recursive=True) }}" + when: + - kiali_vars.external_services.istio.url_service_version == "" + - istiod_version_url_results_raw.status == 200 + +- name: Fallback to Istio pilot service that provides version info (for Istio 1.5 and earlier) set_fact: kiali_vars: "{{ kiali_vars | combine({'external_services': {'istio': {'url_service_version': 'http://istio-pilot.' + kiali_vars.istio_component_namespaces.pilot + ':8080/version'}}}, recursive=True) }}" when: @@ -403,15 +427,15 @@ - name: Determine all accessible namespaces, expanding regex expressions to matched namespaces set_fact: - all_accessible_namespaces: "{{ ((all_accessible_namespaces | default([ kiali_vars.deployment.namespace ])) + [ item.1 | regex_search(item.0) ]) | unique }}" + all_accessible_namespaces: "{{ ((all_accessible_namespaces | default([ kiali_vars.deployment.namespace, kiali_vars.istio_namespace ])) + [ item.1 | regex_search(item.0) ]) | unique }}" loop: "{{ kiali_vars.deployment.accessible_namespaces | product(all_namespaces) | list }}" when: - '"**" not in kiali_vars.deployment.accessible_namespaces' - item.1 | regex_search(item.0) -- name: If Kiali has not been granted access to any namespaces, just use the deployment namespace +- name: If Kiali has not been granted access to any namespaces, use the deployment namespace and the control plane namespace set_fact: - all_accessible_namespaces: "{{ [ kiali_vars.deployment.namespace ]}}" + all_accessible_namespaces: "{{ [ kiali_vars.deployment.namespace, kiali_vars.istio_namespace ] | unique }}" when: - '"**" not in kiali_vars.deployment.accessible_namespaces' - all_accessible_namespaces is not defined or all_accessible_namespaces | length == 0 @@ -421,6 +445,11 @@ when: - '"**" not in kiali_vars.deployment.accessible_namespaces' - kiali_vars.deployment.namespace not in all_accessible_namespaces +- fail: + msg: "Kiali has not been granted access to the control plane namespace [{{ kiali_vars.istio_namespace }}]. This is explicitly required. Check the deployment.accessible_namespaces setting." + when: + - '"**" not in kiali_vars.deployment.accessible_namespaces' + - kiali_vars.istio_namespace not in all_accessible_namespaces - name: If accessible namespaces list has the special all-namespaces indicator, remove all other namespaces from the list set_fact: diff --git a/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml b/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml index 2f7466db..92bfe0ee 100644 --- a/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml +++ b/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml @@ -26,8 +26,13 @@ spec: app: kiali version: {{ kiali_vars.deployment.version_label }} annotations: +{% if kiali_vars.server.metrics_enabled == True %} prometheus.io/scrape: "true" prometheus.io/port: "{{ kiali_vars.server.metrics_port }}" +{% else %} + prometheus.io/scrape: "false" + prometheus.io/port: null +{% endif %} kiali.io/runtimes: go,kiali operator.kiali.io/last-updated: "{{ deployment_last_updated }}" {% if kiali_vars.deployment.pod_annotations|length > 0 %} @@ -57,6 +62,10 @@ spec: ports: - name: api-port containerPort: {{ kiali_vars.server.port }} +{% if kiali_vars.server.metrics_enabled == True %} + - name: http-metrics + containerPort: {{ kiali_vars.server.metrics_port }} +{% endif %} readinessProbe: httpGet: path: {{ kiali_vars.server.web_root | regex_replace('\\/$', '') }}/healthz diff --git a/roles/default/kiali-deploy/templates/kubernetes/service.yaml b/roles/default/kiali-deploy/templates/kubernetes/service.yaml index 526d2f52..6c4ec197 100644 --- a/roles/default/kiali-deploy/templates/kubernetes/service.yaml +++ b/roles/default/kiali-deploy/templates/kubernetes/service.yaml @@ -20,6 +20,11 @@ spec: - name: {{ 'http' if kiali_vars.identity.cert_file == "" else 'tcp' }} protocol: TCP port: {{ kiali_vars.server.port }} +{% if kiali_vars.server.metrics_enabled == True %} + - name: http-metrics + protocol: TCP + port: {{ kiali_vars.server.metrics_port }} +{% endif %} selector: app: kiali version: {{ kiali_vars.deployment.version_label }} diff --git a/roles/default/kiali-deploy/templates/openshift/deployment.yaml b/roles/default/kiali-deploy/templates/openshift/deployment.yaml index bee8a1e8..ebd26a85 100644 --- a/roles/default/kiali-deploy/templates/openshift/deployment.yaml +++ b/roles/default/kiali-deploy/templates/openshift/deployment.yaml @@ -21,8 +21,13 @@ spec: app: kiali version: {{ kiali_vars.deployment.version_label }} annotations: +{% if kiali_vars.server.metrics_enabled == True %} prometheus.io/scrape: "true" prometheus.io/port: "{{ kiali_vars.server.metrics_port }}" +{% else %} + prometheus.io/scrape: "false" + prometheus.io/port: null +{% endif %} kiali.io/runtimes: go,kiali operator.kiali.io/last-updated: "{{ deployment_last_updated }}" {% if kiali_vars.deployment.pod_annotations|length > 0 %} @@ -57,6 +62,10 @@ spec: ports: - name: api-port containerPort: {{ kiali_vars.server.port }} +{% if kiali_vars.server.metrics_enabled == True %} + - name: http-metrics + containerPort: {{ kiali_vars.server.metrics_port }} +{% endif %} readinessProbe: httpGet: path: {{ kiali_vars.server.web_root | regex_replace('\\/$', '') }}/healthz diff --git a/roles/default/kiali-deploy/templates/openshift/service.yaml b/roles/default/kiali-deploy/templates/openshift/service.yaml index 0bcbd3e2..55506adb 100644 --- a/roles/default/kiali-deploy/templates/openshift/service.yaml +++ b/roles/default/kiali-deploy/templates/openshift/service.yaml @@ -21,6 +21,11 @@ spec: - name: {{ 'http' if kiali_vars.identity.cert_file == "" else 'tcp' }} protocol: TCP port: {{ kiali_vars.server.port }} +{% if kiali_vars.server.metrics_enabled == True %} + - name: http-metrics + protocol: TCP + port: {{ kiali_vars.server.metrics_port }} +{% endif %} selector: app: kiali version: {{ kiali_vars.deployment.version_label }}