version info added to labels

- to allow gatekeeper rules based on them - label names in alert expressions updated - old (non-standard) labels removed - CHANGELOG.md added selector for service and deployment updated - to use the new label name format Signed-off-by: Birk Bohne <[email protected]>
sapcc · Nov 12, 2024 · 025447f · 025447f
1 parent 83aef27
commit 025447f
Show file tree

Hide file tree

Showing 21 changed files with 119 additions and 94 deletions.
diff --git a/common/mariadb/CHANGELOG.md b/common/mariadb/CHANGELOG.md
@@ -0,0 +1,37 @@
+# Changelog
+
+## v0.15.0 - 2024/10/18
+* MariaDB version bumped to `10.5.27`
+* version info added to labels
+  * to allow gatekeeper rules based on them
+* old (non-standard) labels removed
+* chart version bumped
+
+### label example
+```yaml
+labels:
+  app.kubernetes.io/name: mariadb
+  app.kubernetes.io/instance: keystone-mariadb
+  app.kubernetes.io/component: mariadb-deployment-database
+  app.kubernetes.io/part-of: keystone
+  app.kubernetes.io/version: 10.5.27
+  app.kubernetes.io/managed-by: "helm"
+  helm.sh/chart: mariadb-0.15.0
+```
+### removed labels
+```yaml
+labels:
+  app: keystone-mariadb
+  name: keystone-mariadb
+  component: keystone
+  system: openstack
+  type: database
+  chart: "mariadb-0.15.0"
+  release: "keystone"
+  heritage: "Helm"
+```
+
+### Prometheus label names that must be updated
+These labels must be updated if you use them in your Prometheus alerts definitions.
+- `app` must be `app_kubernetes_io_instance`
+- `component` must be `app_kubernetes_io_name`
diff --git a/common/mariadb/templates/_helpers.tpl b/common/mariadb/templates/_helpers.tpl
@@ -78,10 +78,43 @@
 {{define "RELEASE-NAME_db_host"}}testRelease-mariadb.{{.Release.Namespace}}.svc.kubernetes.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
 {{define "testRelease_db_host"}}testRelease-mariadb.{{.Release.Namespace}}.svc.kubernetes.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
 
-{{- define "sharedservices.labels" }}
-app.kubernetes.io/name: {{ .Chart.Name }}
-app.kubernetes.io/instance: {{ .Chart.Name }}-{{ .Release.Name }}
-app.kubernetes.io/version: {{ .Chart.Version }}
-app.kubernetes.io/component: {{ .Chart.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
+{{/*
+  Generate labels
+  $ = global values
+  version/noversion = enable/disable version fields in labels
+  mariadb = desired component name
+  job = object type
+  config = provided function
+  include "mariadb.labels" (list $ "version" "mariadb" "deployment" "database")
+  include "mariadb.labels" (list $ "version" "mariadb" "job" "config")
+*/}}
+{{- define "mariadb.labels" }}
+{{- $ := index . 0 }}
+{{- $component := index . 2 }}
+{{- $type := index . 3 }}
+{{- $function := index . 4 }}
+app.kubernetes.io/name: {{ $.Chart.Name }}
+app.kubernetes.io/instance: {{ $.Release.Name }}-{{ $.Chart.Name }}
+app.kubernetes.io/component: {{ include "label.component" (list $component $type $function) }}
+app.kubernetes.io/part-of: {{ $.Release.Name }}
+  {{- if eq (index . 1) "version" }}
+app.kubernetes.io/version: {{ $.Values.image | regexFind "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}" }}
+app.kubernetes.io/managed-by: "helm"
+helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
+  {{- end }}
 {{- end }}
+
+{{/*
+  Generate labels
+  mariadb = desired component name
+  job = object type
+  config = provided function
+  include "label.component" (list "mariadb" "deployment" "database")
+  include "label.component" (list "mariadb" "job" "config")
+*/}}
+{{- define "label.component" }}
+{{- $component := index . 0 }}
+{{- $type := index . 1 }}
+{{- $function := index . 2 }}
+{{- $component }}-{{ $type }}-{{ $function }}
+{{- end }}
diff --git a/common/mariadb/templates/alerts.yaml b/common/mariadb/templates/alerts.yaml
@@ -5,12 +5,8 @@ kind: PrometheusRule
 metadata:
   name: {{ include "fullName" . }}-alerts
   labels:
-    app: {{ include "fullName" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
     prometheus: {{ required ".Values.alerts.prometheus missing" .Values.alerts.prometheus | quote }}
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "prometheusrule" "alert") | indent 4 }}
 
 spec:
   groups:
@@ -26,12 +22,8 @@ kind: PrometheusRule
 metadata:
   name: {{ include "fullName" . }}-health-alerts
   labels:
-    app: {{ include "fullName" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
     prometheus: "kubernetes"
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "prometheusrule" "alert") | indent 4 }}
 
 spec:
   groups:

diff --git a/common/mariadb/templates/alerts/_mysql.alerts.tpl b/common/mariadb/templates/alerts/_mysql.alerts.tpl
@@ -1,7 +1,7 @@
 - name: mysql.alerts
   rules:
   - alert: {{ include "alerts.service" . | title }}MariaDBTooManyConnections
-    expr: (mysql_global_variables_max_connections{app=~"{{ include "fullName" . }}"} - mysql_global_status_threads_connected{app=~"{{ include "fullName" . }}"} < 200)
+    expr: (mysql_global_variables_max_connections{app_kubernetes_io_instance=~"{{ include "fullName" . }}"} - mysql_global_status_threads_connected{app_kubernetes_io_instance=~"{{ include "fullName" . }}"} < 200)
     for: 10m
     labels:
       context: datbase
@@ -14,7 +14,7 @@
       summary: {{ include "fullName" . }} has too many connections open.
 
   - alert: {{ include "alerts.service" . | title }}MariaDBSlowQueries
-    expr: (delta(mysql_global_status_slow_queries{app=~"{{ include "fullName" . }}"}[8m]) > 3)
+    expr: (delta(mysql_global_status_slow_queries{app_kubernetes_io_instance=~"{{ include "fullName" . }}"}[8m]) > 3)
     for: 10m
     labels:
       context: database
@@ -28,7 +28,7 @@
       summary: {{ include "fullName" . }} reports slow queries.
 
   - alert: {{ include "alerts.service" . | title }}MariaDBWaitingForLock
-    expr: (mysql_info_schema_processlist_seconds{app=~"{{ include "fullName" . }}", state=~"waiting for lock"} / 1000  > 15)
+    expr: (mysql_info_schema_processlist_seconds{app_kubernetes_io_instance=~"{{ include "fullName" . }}", state=~"waiting for lock"} / 1000  > 15)
     for: 10m
     labels:
       context: database
@@ -41,7 +41,7 @@
       summary: {{ include "fullName" . }} has queries waiting for lock.
 
   - alert: {{ include "alerts.service" . | title }}MariaDBHighRunningThreads
-    expr: (mysql_global_status_threads_running{app=~"{{ include "fullName" . }}"} > 20)
+    expr: (mysql_global_status_threads_running{app_kubernetes_io_instance=~"{{ include "fullName" . }}"} > 20)
     for: 10m
     labels:
       context: database

diff --git a/common/mariadb/templates/backup-etc-secret.yaml b/common/mariadb/templates/backup-etc-secret.yaml
@@ -4,11 +4,7 @@ kind: Secret
 metadata:
   name:  mariadb-backup-{{.Values.name}}-etc
   labels:
-    app: mariadb
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    component: database
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "secret" "database") | indent 4 }}
 data:
   config.yaml: |
 {{ include (print .Template.BasePath "/config/_backup_config.yaml.tpl") . | trim | b64enc | indent 4}}

diff --git a/common/mariadb/templates/backup-ingress.yaml b/common/mariadb/templates/backup-ingress.yaml
@@ -18,6 +18,8 @@ metadata:
     ingress.kubernetes.io/service-upstream: "true"
     nginx.ingress.kubernetes.io/service-upstream: "true"
 {{- end }}
+  labels:
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "ingress" "backup") | indent 4 }}
   name:  {{ include "fullName" . }}-backup
 
 spec:

diff --git a/common/mariadb/templates/backup-v2-deployment.yaml b/common/mariadb/templates/backup-v2-deployment.yaml
@@ -4,24 +4,19 @@ kind: Deployment
 metadata:
   name: {{ include "fullName" . }}-backup
   labels:
-    system: openstack
-    type: database
-    component: {{ .Values.name }}
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "deployment" "backup") | indent 4 }}
 spec:
   replicas: 1
   revisionHistoryLimit: 5
   strategy:
     type: Recreate
   selector:
     matchLabels:
-      app: {{ include "fullName" . }}-backup
+      app.kubernetes.io/component: {{ include "label.component" (list "mariadb" "deployment" "backup") }}
   template:
     metadata:
       labels:
-        app: {{ include "fullName" . }}-backup
-        name: {{ template "fullName" . }}-backup
-        {{- include "sharedservices.labels" . | indent 8 }}
+        {{- include "mariadb.labels" (list $ "version" "mariadb" "deployment" "backup") | indent 8 }}
       annotations:
         checksum/etc: {{ include (print $.Template.BasePath  "/config/_backup_config.yaml.tpl") . | sha256sum }}
 {{- if .Values.metrics.enabled }}

diff --git a/common/mariadb/templates/backup-v2-serviceaccount.yaml b/common/mariadb/templates/backup-v2-serviceaccount.yaml
@@ -3,4 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.name }}-db-backup-v2
+  labels:
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "serviceaccount" "backup") | indent 4 }}
 {{- end }}
diff --git a/common/mariadb/templates/backup-verify-deploy.yaml b/common/mariadb/templates/backup-verify-deploy.yaml
@@ -4,24 +4,19 @@ kind: Deployment
 metadata:
   name: {{ include "fullName" . }}-verification
   labels:
-    system: openstack
-    type: database
-    component: {{ .Values.name }}
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "deployment" "backupverification") | indent 4 }}
 spec:
   replicas: 1
   revisionHistoryLimit: 5
   strategy:
     type: Recreate
   selector:
     matchLabels:
-      app: {{ include "fullName" . }}-verification
+      app.kubernetes.io/component: {{ include "label.component" (list "mariadb" "deployment" "backupverification") }}
   template:
     metadata:
       labels:
-        app: {{ include "fullName" . }}-verification
-        name: {{ template "fullName" . }}-verification
-        {{- include "sharedservices.labels" . | indent 8 }}
+        {{- include "mariadb.labels" (list $ "version" "mariadb" "deployment" "backupverification") | indent 8 }}
       annotations:
 {{- if .Values.metrics.enabled }}
         prometheus.io/scrape: "true"

diff --git a/common/mariadb/templates/client-secret.yaml b/common/mariadb/templates/client-secret.yaml
@@ -3,11 +3,7 @@ kind: Secret
 metadata:
   name: mariadb-{{.Values.name}}-client
   labels:
-    app: mariadb
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    component: database
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "secret" "database") | indent 4 }}
 data:
   .my.cnf: |
 {{ include ( print .Template.BasePath "/config/_client.cnf.tpl" ) . | trim | b64enc | indent 4 }}
diff --git a/common/mariadb/templates/configuredb-configmap.yaml b/common/mariadb/templates/configuredb-configmap.yaml
@@ -3,13 +3,7 @@ kind: ConfigMap
 metadata:
   name: {{ .Values.name }}-configuredb-bin
   labels:
-    app: {{ template "fullName" . }}
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    system: openstack
-    type: configuration
-    component: database
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "configmap" "database") | indent 4 }}
   annotations:
     "helm.sh/hook": pre-upgrade
     "helm.sh/hook-weight": "2"

diff --git a/common/mariadb/templates/db-backup-v2-role.yaml b/common/mariadb/templates/db-backup-v2-role.yaml
@@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ .Values.name }}-db-backup-v2
+  labels:
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "role" "backup") | indent 4 }}
 rules:
 - apiGroups: ["extensions", "apps"]
   resources: ["deployments", "deployments/scale"]

diff --git a/common/mariadb/templates/db-backup-v2-rolebinding.yaml b/common/mariadb/templates/db-backup-v2-rolebinding.yaml
@@ -3,6 +3,8 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Values.name }}-db-backup-v2
+  labels:
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "rolebinding" "backup") | indent 4 }}
 subjects:
 - kind: ServiceAccount
   name: {{ .Values.name }}-db-backup-v2

diff --git a/common/mariadb/templates/db-exec-rbac.yaml b/common/mariadb/templates/db-exec-rbac.yaml
@@ -8,6 +8,8 @@ metadata:
     "helm.sh/hook": pre-upgrade,pre-rollback
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
     "helm.sh/hook-weight": "-50"
+  labels:
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "serviceaccount" "database") | indent 4 }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -18,6 +20,8 @@ metadata:
     "helm.sh/hook": pre-upgrade,pre-rollback
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
     "helm.sh/hook-weight": "-40"
+  labels:
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "role" "database") | indent 4 }}
 rules:
 - apiGroups: ["extensions", "apps"]
   resources: ["deployments"]
@@ -38,6 +42,8 @@ metadata:
     "helm.sh/hook": pre-upgrade,pre-rollback
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
     "helm.sh/hook-weight": "-30"
+  labels:
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "rolebinding" "database") | indent 4 }}
 subjects:
 - kind: ServiceAccount
   name: {{ .Values.name }}-db-exec

diff --git a/common/mariadb/templates/deployment.yaml b/common/mariadb/templates/deployment.yaml
@@ -3,10 +3,7 @@ kind: Deployment
 metadata:
   name: {{ include "fullName" . }}
   labels:
-    system: openstack
-    type: database
-    component: {{ .Values.name }}
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "deployment" "database") | indent 4 }}
 {{- if .Values.vpa.set_main_container }}
   annotations:
     vpa-butler.cloud.sap/main-container: mariadb
@@ -18,13 +15,11 @@ spec:
     type: Recreate
   selector:
     matchLabels:
-      app: {{ include "fullName" . }}
+      app.kubernetes.io/component: {{ include "label.component" (list "mariadb" "deployment" "database") }}
   template:
     metadata:
       labels:
-        app: {{ include "fullName" . }}
-        name: {{ template "fullName" . }}
-        {{- include "sharedservices.labels" . | indent 8 }}
+        {{- include "mariadb.labels" (list $ "version" "mariadb" "deployment" "database") | indent 8 }}
       annotations:
         checksum/secrets: {{ include (print $.Template.BasePath  "/secret.yaml") . | sha256sum }}
         checksum/etc: {{ include (print $.Template.BasePath  "/etc-configmap.yaml") . | sha256sum }}

diff --git a/common/mariadb/templates/etc-configmap.yaml b/common/mariadb/templates/etc-configmap.yaml
@@ -3,11 +3,7 @@ kind: ConfigMap
 metadata:
   name: mariadb-{{.Values.name}}-etc
   labels:
-    app: mariadb
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    component: database
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "configmap" "database") | indent 4 }}
 data:
   mariadb.cnf: |
     [mysqld]

diff --git a/common/mariadb/templates/initdb-secret.yaml b/common/mariadb/templates/initdb-secret.yaml
@@ -4,13 +4,7 @@ kind: Secret
 metadata:
   name: {{ .Values.name }}-initdb
   labels:
-    app: {{ template "fullName" . }}
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    system: openstack
-    type: configuration
-    component: database
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "secret" "database") | indent 4 }}
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-weight": "1"

diff --git a/common/mariadb/templates/pre-change-job.yaml b/common/mariadb/templates/pre-change-job.yaml
@@ -5,8 +5,7 @@ metadata:
   name: "{{ include "fullName" . }}-pre-change"
   namespace:  {{.Release.Namespace}}
   labels:
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    {{- include "sharedservices.labels" . | indent 4 }}
+    {{- include "mariadb.labels" (list $ "version" "mariadb" "job" "database") | indent 4 }}
   annotations:
     "helm.sh/hook": pre-upgrade,pre-rollback
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -19,10 +18,7 @@ spec:
     metadata:
       name: "{{ include "fullName" . }}-pre-change"
       labels:
-        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
-        app.kubernetes.io/instance: {{ .Release.Name | quote }}
-        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-        {{- include "sharedservices.labels" . | indent 8 }}
+        {{- include "mariadb.labels" (list $ "version" "mariadb" "job" "database") | indent 8 }}
     spec:
       restartPolicy: Never
       serviceAccountName: {{ .Values.name }}-db-exec

diff --git a/common/mariadb/templates/pvc.yaml b/common/mariadb/templates/pvc.yaml
@@ -3,6 +3,8 @@ kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
   name: {{ required "Values.persistence_claim.name missing"  .Values.persistence_claim.name }}
+  labels:
+    {{- include "mariadb.labels" (list $ "noversion" "mariadb" "persistentvolumeclaim" "database") | indent 4 }}
 spec:
 {{- if .Values.persistence_claim.access_modes }}
   accessModes: