-
Notifications
You must be signed in to change notification settings - Fork 0
/
kubernetes.yml
453 lines (451 loc) · 16.1 KB
/
kubernetes.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
apiVersion: v1
kind: Template
metadata:
name: aws-collector
annotations:
displayName: "AWS Collector"
description: "6fusion Meter Collector for metering AWS infrastructures"
meterVersion: ">=0.11"
objects:
- apiVersion: v1
kind: Namespace
metadata:
name: 6fusion-aws-collector
- apiVersion: v1
kind: Service
metadata:
name: mongo
namespace: aws-collector-mongodb
spec:
ports:
- name: mongodb-port
port: 27017
targetPort: 27017
selector:
6fusion-app: aws-collector-mongodb
- apiVersion: v1
kind: ReplicationController
metadata:
name: mongodb
namespace: 6fusion-aws-collector
labels:
6fusion-app: aws-collector-mongodb
spec:
replicas: 1
selector:
6fusion-app: aws-collector-mongodb
template:
metadata:
name: mongodb
labels:
6fusion-app: aws-collector-mongodb
spec:
containers:
- name: mongodb
image: mongo:3.4.0
- apiVersion: v1
kind: ReplicationController
metadata:
name: aws-collector
namespace: 6fusion-aws-collector
labels:
6fusion-app: aws-collector
spec:
replicas: 1
selector:
6fusion-app: aws-collector
template:
metadata:
name: aws-collector
labels:
6fusion-app: aws-collector
spec:
containers:
- name: aws-collector
image: 6fusion/aws-collector:alpha
imagePullPolicy: IfNotPresent
volumeMounts:
- name: ssl
mountPath: /usr/src/app/.ssl
readOnly: true
env:
- name: LOG_LEVEL
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: log-level
- name: AWS_REGION
value: 'us-east-1'
- name: AWS_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: awsAccessKey
- name: BILLING_REGION
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: billingRegion
- name: AWS_SECRET_KEY
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: awsSecretKey
- name: COLLECTION_ARN
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: collectionARN
- name: BILLING_ARN
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: billingARN
- name: EXTERNAL_ID
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: externalID
- name: COLLECTION_INTERVAL
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: collectionInterval
- name: SAMPLE_GRANULARITY
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: sampleGranularity
- name: DETAILED_REPORT_BUCKET
valueFrom:
secretKeyRef:
name: aws-collector-secret
key: detailedReportBucket
- name: ORGANIZATION_ID
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: organizationID
- name: METER_HOST
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: meterHost
- name: METER_PORT
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: meterPort
- name: INFRASTRUCTURE_NAME
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: infrastructureName
- name: TOKEN
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: token
- name: USE_SSL
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: useSSL
- name: VERIFY_SSL
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: verifySSL
- name: TARGET_UTILIZATION_PERCENT
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: targetUtilizationPercent
- name: TARGET_MACHINES_PER_CORE
valueFrom:
secretKeyRef:
name: 6fusion-meter-secret
key: targetMachinesPerCore
volumes:
- name: ssl
secret:
secretName: collector-ssl-secret
parameters:
# aws config
- name: awsAccessKey
displayName: "AWS Access Key"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
description: "Access Key ID associated with the AWS account roles used for metering"
validations:
required: true
- name: awsSecretKey
displayName: "AWS Secret Key"
description: "AWS Access Secret associated with the AWS account roles used for metering"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
validations:
required: true
- name: collectionARN
displayName: "Collection Role ARN"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
description: "The ARN of the role to use when collecting EC2 and CloudWatch data"
advanced: true
- name: billingARN
displayName: "Billing Role ARN"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
description: "The ARN of the role to use when accessing the billing S3 bucket"
advanced: true
- name: billingRegion
displayName: "Billing S3 Region"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
description: "S3 Region where your billing bucket resides"
- name: detailedReportBucket
displayName: "Billing Report Bucket"
description: "Name of S3 bucket where billing reports are stored"
section: aws-collector-secret
sectionDisplayName: "AWS Collector"
- name: externalID
displayName: "External ID"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
description: "An optional identifier used in an IAM role trust policy to designate who can assume a role"
advanced: true
- name: collectionInterval
displayName: "Metrics Collection Frequency"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
description: "How often the collector will query CloudWatch. AWS fees may apply (https://aws.amazon.com/cloudwatch/pricing)."
advanced: true
value: 15
suffix: "minutes"
- name: sampleGranularity
displayName: "Sample Granularity"
sectionDisplayName: "AWS Collector"
section: aws-collector-secret
description: "The range of time a single sample covers. Smaller times yield higher resolution, at the cost of greater processing requirements for the meter."
advanced: true
value: 15
suffix: "minutes"
validations:
min: 1
max: 60
- name: log-level
displayName: "Log Level"
section: aws-collector-secret
sectionDisplayName: "AWS Collector"
advanced: true
value: info
type: enum
options:
- debug
- info
- warn
- error
- fatal
# meter config
- name: organizationID
displayName: "Organization ID"
description: "ID of an organization, in the 6fusion Meter, to submit under"
expandExpression: ${ORGANIZATION_ID}
sectionDisplayName: "6fusion Meter"
section: 6fusion-meter-secret
validations:
required: true
advanced: true
- name: infrastructureName
displayName: "Infrastructure Name"
description: "A unique name to be applied to the AWS account infrastructure."
sectionDisplayName: "6fusion Meter"
section: 6fusion-meter-secret
validations:
required: true
- name: meterHost
displayName: Host
sectionDisplayName: "6fusion Meter"
section: 6fusion-meter-secret
expandExpression: ${METER_API_HOST}
description: "Address of the 6fusion Meter"
validations:
required: true
advanced: true
- name: meterPort
displayName: Port
section: 6fusion-meter-secret
sectionDisplayName: "6fusion Meter"
type: int
expandExpression: ${METER_API_SSL_PORT}
description: "TCP port of the 6fusion Meter"
validations:
required: true
advanced: true
- name: token
displayName: "Meter API Token"
sectionDisplayName: "6fusion Meter"
section: 6fusion-meter-secret
expandExpression: ${METER_API_TOKEN}
description: "OAuth access token for 6fusion Meter (if enabled)"
advanced: true
- name: useSSL
displayName: "Use SSL?"
type: boolean
value: "1"
sectionDisplayName: "6fusion Meter"
section: 6fusion-meter-secret
advanced: true
- name: verifySSL
displayName: "Verify SSL?"
type: boolean
sectionDisplayName: "6fusion Meter"
section: 6fusion-meter-secret
value: "0"
description: "Validate SSL certificate. Do not enable if using self-signed certificates"
advanced: true
- name: targetUtilizationPercent
displayName: "Target Utilization"
description: "Percentage of infrastructure capacity ideally under load."
section: 6fusion-meter-secret
sectionDisplayName: "6fusion Meter"
value: "100"
suffix: "%"
type: int
advanced: true
- name: targetMachinesPerCore
displayName: "Machines per Core"
description: "Number of instances to allow per CPU core"
section: 6fusion-meter-secret
sectionDisplayName: "6fusion Meter"
value: "10000"
type: int
advanced: true
- name: defaultLANIO
displayName: "Default LAN I/O"
description: "A fallback value for LAN I/O speed, if the collector cannot determine the actual LAN speed"
section: 6fusion-meter-secret
sectionDisplayName: "6fusion Meter"
value: "10"
suffix: "Gbps"
type: string
advanced: true
- name: defaultWANIO
displayName: "Default WAN I/O"
description: "A fallback value for WAN I/O speed, if the collector cannot determine the actual WAN speed"
section: 6fusion-meter-secret
sectionDisplayName: "6fusion Meter"
value: "0.4"
suffix: "Gbps"
type: string
advanced: true
- name: defaultDiskIO
displayName: "Default Disk I/O"
description: "A fallback value for disk I/O speed, if the collector cannot determine the actual disk speed"
section: 6fusion-meter-secret
sectionDisplayName: "6fusion Meter"
value: "2"
suffix: "Gbps"
type: string
advanced: true
- name: 6fusion.openssl
displayName: "SSL Key"
sectionDisplayName: "Collector SSL"
section: collector-ssl-secret
description: "The SSL key to be used by the collector's Kubernetes health-check endpoint"
validations:
required: true
advanced: true
type: multiline
value: |
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAqy1/gPYFM2QynJyBWoSs6c6j467UTC9815Q4hu7azdVYQxk0
a174jL16seatBX98Sn0xab0ZzBLYbXsugVGpzFgXYcmGG0PEvNoDTqOoyD+AtvjH
LUyobmOSHTPE7/IWssnzruZ241WUwVHdC7zlTDO0r/54NyxbD0ezSI3z+tZb7XOh
FNxgNf0X8lSqQexx55GK0j8L8pOOvA7nVcwybtlu6mThN2tPMCGIp/9YEsJD6ebE
1ZBZhroxSj4W4PRnd6UqL0rKHuz0b4/pm3n6yxL0sZ5J8wdotA3YiZu2sO38JArr
XiVaTPzG5jyzMeT4GC2HTPDdsXjwUyWNdhWR02R/kMdvFoblfmPelZ7oMFdvcbir
qY9fLbWDyMGrw858P26qHhGcITEYvU+8mfxNCzPC/0sjWALtkBjgAbrK99POfbmf
eJfirvAJCz1WOWUNFwY6F2UZmxcc7DcnLwht6bShBIVytxOHfKcnK2V7sx0+xIWo
YzN3mVu4C6mnFoLn6U70kPpnK/eQcyTDRPeVRSYxPCqUy1hJNbJCXkpLAXB9GA1U
4DtScvBpWbYf60FRW29/qh/rDbnvF9tYzLH0h5PJZrmiTOHczfh8RlUSh9kwpzGK
2j27c4xu/TvQ5JFyKwYwGes5GrZ9+j6VQoeOIuzwtvxLeOC8jnZYIWZcxxUCAwEA
AQKCAgAJ0MwU6waVUdONI3RPang31/+R2L6Xt8li2z76jcvCLc+n2VQmLAX4nAzj
EqUtQYgxBUjGFW/bQeFjNcMO603fR9XfZ5znB1XKtn2mDsBo6ytIUq+pK1IlMlR4
lDVgxPMEQYxVpSWAF7I1+6m/OI+1dOmRhfgCwepez++541nwMkaHMTA1cAWcUu0C
mlRA/3vwmWnqcG8Q8+Ela31ccB8cOB+iFTLM6LxbuDCL4Zp9SOJ4ESGMVYCstxSI
e1L4h0s/kxr+Jz271D6X/xqYLcBx0J5zaO44n14jpP+btHAfaSYiMvYYKfAppf0J
ysVDwStwx3uQr+cmfBbbzbV05fu8mW60JakWzxcED3CkwS/CmE81kW7M2TfnP/sX
4cBM4b+7GKdcrCNE12x6suhBrIdYYChEDJq2ytobfAOzgpwNTBNQJ9HpPExHpYlR
S50RG+9GkgWR1nlmZNmsIslGy20qGbJFnLWY7dMjKPQ43S3WhtTrULwcfi8AjxVY
LMyDpcjON/ciTiwDjJdlQOK+M/WfVwzyog4aUCB09A7otGEgTuqQILRsZ6fYnhSs
uKbWbmnvaNSXmg5VvmEyDogoxq2OJD55kdLeTl6261y/k4i5+Olf/5t2g4MC3Pq7
/mtmL/cbtfybWZZKfDY5Ql8UH6g2gSrqC26zYaJmC6E++71ZwQKCAQEA0bsUtTjr
em+lZQxW2wHoideKrwgqoX/Ov0W/Dn48/uGgT0AyXQVXnsieLvPKavMGGA+2UUEA
c/ICYwY3i9S9ZdPAjNEgMBWAxfo+FlTKyeKcM4xaYglQQn22oCN73DlezDFXMDLU
53Xv+gj14ldMdexnsyL/Y5AFnJAp51yCWZwzMdDTC00RijQS34tfUXKtfNw7jg+z
N5xbpEp4RtqJYYBB3u961sOb6rnpmrJC1cOmzbgXTke/gkcOev0ZUcfPtWZBIjW3
4YyZbCzzBhfkYVYqCl75Q0wm0KtrAd/4Y5A9gqCeHXlW96luFbNeVbsnR4cS0VDY
KMH+FqCTgfFzfQKCAQEA0PEQjQSuGhi3LRiIe+2nCDDpT16skbilaEELad3q8ir7
MlH85/TdR4/f9Agfwt/iiVT9tfu5aQu+VzexgJncr5tadUhYzMpSsJmTdVIJ2sPa
ySHToBEv1mN3xckk4y6UhcVru8IFFvJIaZVvDCeN+2vUd4zMsutXYqdRvZyz4rDw
gml60EoUZCsRGB9Mmb+6W4SSmGHrJuPR+y0eDsJN0gcetlQnZaF8j+IzqUl61G94
xO4Zyo6/HSlNG4p6pEYA6JBBgDupfVCGsnr+0Z17b/7wnrFjbq6ghfm6v4ASgbhC
dGp4hUrdDWTdUd5QutyCS834NLzavDefW9Bx5TbFeQKCAQAdKc96V5ze3JF6GJon
P/+u0yr0pcUPye7cx/0GLeWbZ5JcEsguCSUi7jCYxMubzYlGZUDr0YcXmEperKmi
pwVjGGvI6Pd52DOc0+w4PLgqFHm17UlQIo1ngYWYhPafK9cTu7Ss/hR+zvZ8pSxT
ueHm7+WHklFC7e7p014QTtvNTBwOTERcaO4McqtBLGcnszOOji011tcL35EaqkRJ
TfAWf7gpINHK9U5D+HAUU79ZbChQqM2M1As8OVc5IOKZbZhjWAGsmR2lnmBjG2j7
quzV4B5ebNBqXDd1grCRhSxL4+25sU3rOUkvjP7Cw7tVXn3aw1yJgJ1eJYOIb/Gy
+vkdAoIBAFC0bHIr1pvZ5BcVHNLRju0JB3VS2lFHAwzr4t63iyKTG4fqR0fJOxeD
KTv3T11UYQouu/jpDErY8GJ77qH/zFBAL4aRtUsU8y+ngl+Ump3XfNCnsjhnqxSi
QwcwlIDz4wZwpRZW8ORWHUY7JDOLq7nrgpvS1NZfNNe0TUxyFMGBGsUkvP1rP8kZ
IXcxz8KrXe4vnPgjClNxOBBO8wc8Yha4DVLb2oPVBmoFM3M2IK2hiQJ3/ZpR3NwE
sfXrXUfKiltKLSK86NCwo/aYr4iDzcQKsyJ43jFIXlShi1Kgw4U7iN+yqG7D5fJg
fWQ7/O7QcbuaCT9Fmy+MRI+QSg4BQ/ECggEBAI/Tblsf6zeA1k1kJsBjvV3FV7e+
/5HURCLtlt5BucvkdEbldroBimNZASKQ8Pkog9IDrAcoUSKYnuLebZz5t2a1dKrj
TAZ4n78V3GTkQ/7dfJsjeTUGyxbHgTge28TLZA2Qo7ve1wK3nvJ9UmKtXf8p9cC1
inT4nILYFhy/ynGfEsEtkP6Cp2iFr5oixaOOqLrVAJ3RE+s0zXK8Hy0VkOuJk9ro
u46h2wunwJyk6UD6Y4GV+qgZBf+J1K2g5dvic13u2+gJCDOBzmOtaYlemPmXVCvs
BWj7hf1jJvLomPCDcnzzTWMvNmuyTJL+iu0E1bPJ5aCoxJkIfORvWlvbvNI=
-----END RSA PRIVATE KEY-----
- name: 6fusion.cer
displayName: "SSL Certificate"
sectionDisplayName: "Collector SSL"
section: collector-ssl-secret
description: "The SSL certificate to be used by the collector's Kubernetes health-check endpoint"
validations:
required: true
type: multiline
advanced: true
value: |
-----BEGIN CERTIFICATE-----
MIIFIDCCAwigAwIBAgIJAJCmpPM2XpdDMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
BAMTCW1ldGVyLWFwaTAeFw0xNjEyMjMxMzU4NDdaFw00NDA1MTAxMzU4NDdaMBQx
EjAQBgNVBAMTCW1ldGVyLWFwaTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAKstf4D2BTNkMpycgVqErOnOo+Ou1EwvfNeUOIbu2s3VWEMZNGte+Iy9erHm
rQV/fEp9MWm9GcwS2G17LoFRqcxYF2HJhhtDxLzaA06jqMg/gLb4xy1MqG5jkh0z
xO/yFrLJ867mduNVlMFR3Qu85UwztK/+eDcsWw9Hs0iN8/rWW+1zoRTcYDX9F/JU
qkHsceeRitI/C/KTjrwO51XMMm7Zbupk4TdrTzAhiKf/WBLCQ+nmxNWQWYa6MUo+
FuD0Z3elKi9Kyh7s9G+P6Zt5+ssS9LGeSfMHaLQN2ImbtrDt/CQK614lWkz8xuY8
szHk+Bgth0zw3bF48FMljXYVkdNkf5DHbxaG5X5j3pWe6DBXb3G4q6mPXy21g8jB
q8POfD9uqh4RnCExGL1PvJn8TQszwv9LI1gC7ZAY4AG6yvfTzn25n3iX4q7wCQs9
VjllDRcGOhdlGZsXHOw3Jy8Ibem0oQSFcrcTh3ynJytle7MdPsSFqGMzd5lbuAup
pxaC5+lO9JD6Zyv3kHMkw0T3lUUmMTwqlMtYSTWyQl5KSwFwfRgNVOA7UnLwaVm2
H+tBUVtvf6of6w257xfbWMyx9IeTyWa5okzh3M34fEZVEofZMKcxito9u3OMbv07
0OSRcisGMBnrORq2ffo+lUKHjiLs8Lb8S3jgvI52WCFmXMcVAgMBAAGjdTBzMB0G
A1UdDgQWBBTWbJLQC6eG93UBGWbkNuR50/h4RTBEBgNVHSMEPTA7gBTWbJLQC6eG
93UBGWbkNuR50/h4RaEYpBYwFDESMBAGA1UEAxMJbWV0ZXItYXBpggkAkKak8zZe
l0MwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAabUkdbknfVsnfU+2
LfX/WoVa6FSwC+FHwFXBizKizax6hbaNldCv9EKNy2oRTXO44uBH+Zmvvwfs1Cbu
J/X0BgDTrH8MR6TF64qme0BZe4kkymlBybWvPpqtG+n2lM/HizhU/8LJwoGKwB8B
jPmNSmgMol5tAhUf45rmWjmqmvAYDnvvNgFlUOWz6Wm4C+bV4sfo0ttjpHhm/TBS
BsKSDbqbdKx7JdeWJO7RwFskfEl1ho2Zsd25+yRFB9+w/HEbEWNLUp7WPJElVjad
UULNqLQkY3U5rM/9bxNPXXD97rKesKJBnFNtXcmSudmVsO/bBrvhCC5xa745Y0xu
v2mx8YpFJVeXlJMNcn9g8aVDglziOboN/WIzUZC/NV7h4+gh/kx7clm4ZzaI6gnH
NzwaSyjaaQ2ASCQme8FRf7maXgidJqKGNdTzv1AR/BeeuopMqy5zmOFL7uMai5oU
E6rgk65RuxPV+CKMntF12WJBKM3YdDSkzDwAH/OpVl2bR73pzLH4GuthDpzX9Kb0
2opbvz1AZtplS8fo8hEy7V4gRQzBRyhUzTw6bN33j2D+ihSMwZBJHRTZNUTc2rpP
Yl68ulVT3O5GvN4YwtlsUEgrJ3hWqTt3lvJadlmYzelem3IAieV6/HdLL0aMqI3G
ejSAT6F78MzuvdnQpU5O7vmquuA=
-----END CERTIFICATE-----