├── charts ├── sentry │ ├── .gitignore │ ├── templates │ │ ├── extra-manifest.yaml │ │ ├── NOTES.txt │ │ ├── symbolicator │ │ │ ├── _helper-symbolicator.tpl │ │ │ ├── configmap-symbolicator.yaml │ │ │ ├── serviceaccount-symbolicator.yaml │ │ │ ├── pvc-symbolicator.yaml │ │ │ └── service-symbolicator.yaml │ │ ├── sentry │ │ │ ├── configmap-sentry.yaml │ │ │ ├── metrics │ │ │ │ ├── serviceaccount-metrics.yaml │ │ │ │ ├── serviceaccount-sentry-metrics-consumer.yaml │ │ │ │ ├── billing │ │ │ │ │ └── serviceaccount-sentry-billing-metrics-consumer.yaml │ │ │ │ ├── generic │ │ │ │ │ └── serviceaccount-sentry-generic-metrics-consumer.yaml │ │ │ │ ├── service-metrics.yaml │ │ │ │ ├── servicemonitor-metrics.yaml │ │ │ │ └── deployment-metrics.yaml │ │ │ ├── cleanup │ │ │ │ └── serviceaccount-sentry-cleanup.yaml │ │ │ ├── web │ │ │ │ ├── serviceaccount-sentry-web.yaml │ │ │ │ ├── service-sentry-web.yaml │ │ │ │ └── hpa-web.yaml │ │ │ ├── cron │ │ │ │ └── serviceaccount-sentry-cron.yaml │ │ │ ├── ingest │ │ │ │ ├── events │ │ │ │ │ ├── serviceaccount-sentry-ingest-consumer-events.yaml │ │ │ │ │ └── hpa-ingest-consumer-events.yaml │ │ │ │ ├── attachments │ │ │ │ │ ├── serviceaccount-sentry-ingest-consumer-attachments.yaml │ │ │ │ │ └── hpa-ingest-consumer-attachments.yaml │ │ │ │ ├── feedback │ │ │ │ │ └── serviceaccount-sentry-ingest-feedback.yaml │ │ │ │ ├── monitors │ │ │ │ │ ├── serviceaccount-sentry-ingest-monitors.yaml │ │ │ │ │ ├── serviceaccount-sentry-monitors-clock-tick.yaml │ │ │ │ │ └── serviceaccount-sentry-monitors-clock-tasks.yaml │ │ │ │ ├── profiles │ │ │ │ │ └── serviceaccount-sentry-ingest-profiles.yaml │ │ │ │ ├── occurrences │ │ │ │ │ └── serviceaccount-sentry-ingest-occurrences.yaml │ │ │ │ ├── replay-recordings │ │ │ │ │ └── serviceaccount-sentry-ingest-replay-recordings.yaml │ │ │ │ └── transactions │ │ │ │ │ ├── serviceaccount-sentry-ingest-consumer-transactions.yaml │ │ │ │ │ └── hpa-ingest-consumer-transactions.yaml │ │ │ ├── vroom │ │ │ │ ├── serviceaccount-sentry-vroom.yaml │ │ │ │ ├── service-vroom.yaml │ │ │ │ ├── pvc-vroom.yaml │ │ │ │ ├── hpa-vroom.yaml │ │ │ │ └── deployment-vroom.yaml │ │ │ ├── worker │ │ │ │ ├── serviceaccount-sentry-worker.yaml │ │ │ │ ├── hpa-worker.yaml │ │ │ │ ├── hpa-worker-events.yaml │ │ │ │ └── hpa-worker-transactions.yaml │ │ │ ├── process │ │ │ │ ├── spans │ │ │ │ │ └── serviceaccount-sentry-process-spans.yaml │ │ │ │ └── segments │ │ │ │ │ └── serviceaccount-sentry-process-segments.yaml │ │ │ ├── uptime │ │ │ │ └── serviceaccount-sentry-uptime-results.yaml │ │ │ ├── post-process-forwarder │ │ │ │ ├── errors │ │ │ │ │ └── serviceaccount-sentry-post-process-forwarder-errors.yaml │ │ │ │ ├── transactions │ │ │ │ │ └── serviceaccount-sentry-post-process-forwarder-transactions.yaml │ │ │ │ └── issue-platform │ │ │ │ │ └── serviceaccount-sentry-post-process-forwarder-issue-platform.yaml │ │ │ └── subscription-consumer │ │ │ │ ├── events │ │ │ │ └── serviceaccount-sentry-subscription-consumer-events.yaml │ │ │ │ ├── results-eap │ │ │ │ └── serviceaccount-sentry-subscription-results-eap-items.yaml │ │ │ │ ├── metrics │ │ │ │ └── serviceaccount-sentry-subscription-consumer-metrics.yaml │ │ │ │ ├── transactions │ │ │ │ └── serviceaccount-sentry-subscription-consumer-transactions.yaml │ │ │ │ └── generic-metrics │ │ │ │ └── serviceaccount-sentry-subscription-consumer-generic-metrics.yaml │ │ ├── configmap-memcached.yaml │ │ ├── geoip │ │ │ ├── serviceaccount-geoip.yaml │ │ │ ├── secret-geoip-env.yaml │ │ │ ├── pvc-geoip.yaml │ │ │ └── deployment-geoip-job.yaml │ │ ├── snuba │ │ │ ├── configmap-snuba.yaml │ │ │ ├── cleanup │ │ │ │ └── serviceaccount-clickhouse-cleanup.yaml │ │ │ ├── serviceaccount-snuba.yaml │ │ │ ├── secret-snuba-env.yaml │ │ │ ├── service-snuba.yaml │ │ │ ├── hpa-snuba-api.yaml │ │ │ ├── _helper-snuba.tpl │ │ │ ├── deployment-snuba-api.yaml │ │ │ └── deployment-snuba-replacer.yaml │ │ ├── relay │ │ │ ├── configmap-relay.yaml │ │ │ ├── serviceaccount-relay.yaml │ │ │ ├── service-relay.yaml │ │ │ ├── hpa-relay.yaml │ │ │ └── _helper-sentry-relay.tpl │ │ ├── uptime-checker │ │ │ ├── serviceaccount-uptime-checker.yaml │ │ │ └── deployment-uptime-checker.yaml │ │ ├── pgbouncer │ │ │ ├── pgbouncer-service.yaml │ │ │ ├── pgbouncer-pdb.yaml │ │ │ └── pgbouncer-deployment.yaml │ │ ├── hooks │ │ │ ├── sentry-secret-create.yaml │ │ │ ├── sentry-db-init.job.yaml │ │ │ ├── snuba-migrate.job.yaml │ │ │ ├── snuba-db-init.job.yaml │ │ │ └── user-create.yaml │ │ ├── pvc.yaml │ │ ├── gke │ │ │ ├── backendconfig-sentry-relay.yaml │ │ │ └── backendconfig-sentry-web.yaml │ │ └── configmap-nginx.yaml │ ├── .helmignore │ ├── ci │ │ └── kind-values.yaml │ ├── Chart.lock │ ├── Chart.yaml │ └── docs │ │ ├── usage-digitalocean.md │ │ ├── UPGRADE.md │ │ └── usage-aws-terraform.md ├── sentry-kubernetes │ ├── templates │ │ ├── NOTES.txt │ │ ├── serviceaccount.yaml │ │ ├── secret.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── clusterrole.yaml │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── CHANGELOG.md │ └── values.yaml └── clickhouse │ ├── templates │ ├── serviceaccount-clickhouse.yaml │ ├── serviceaccount-clickhouse-replica.yaml │ ├── serviceaccount-clickhouse-tabix.yaml │ ├── svc-tabix.yaml │ ├── svc-clickhouse.yaml │ ├── svc-clickhouse-headless.yaml │ ├── prometheus-rule.yaml │ ├── svc-clickhouse-replica.yaml │ ├── svc-clickhouse-replica-headless.yaml │ ├── ingress-tabix.yaml │ ├── svc-clickhouse-metrics.yaml │ ├── ingress-clickhouse.yaml │ ├── svc-clickhouse-replica-metrics.yaml │ ├── NOTES.txt │ ├── servicemonitor-clickhouse.yaml │ ├── servicemonitor-clickhouse-replica.yaml │ ├── _helpers.tpl │ ├── configmap-users.yaml │ ├── deployment-tabix.yaml │ └── configmap-metrika.yaml │ ├── .helmignore │ └── Chart.yaml ├── .gitignore ├── docs └── logo.png ├── artifacthub-repo.yml ├── .release-please-manifest.json ├── .editorconfig ├── .github ├── workflows │ ├── release.yaml │ ├── stale.yaml │ ├── auto-label-conflicts.yaml │ ├── conventional-commits-check.yaml │ ├── lint-test.yaml │ └── push.yaml └── ISSUE_TEMPLATE │ └── bug.yml ├── release-please-config.json ├── renovate.json └── LICENCE /charts/sentry/.gitignore: -------------------------------------------------------------------------------- 1 | test.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .idea 3 | **.tgz 4 | 5 | -------------------------------------------------------------------------------- /docs/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sentry-kubernetes/charts/HEAD/docs/logo.png -------------------------------------------------------------------------------- /artifacthub-repo.yml: -------------------------------------------------------------------------------- 1 | owners: 2 | - name: Mokto 3 | email: tmathieu.github@fastmail.com 4 | -------------------------------------------------------------------------------- /.release-please-manifest.json: -------------------------------------------------------------------------------- 1 | {"charts/clickhouse":"4.1.1","charts/sentry":"27.10.0","charts/sentry-kubernetes":"0.4.0"} 2 | -------------------------------------------------------------------------------- /charts/sentry/templates/extra-manifest.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.extraManifests }} 2 | --- 3 | {{ tpl (toYaml .) $ }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | sentry-kubernetes has been installed! 2 | 3 | If your dsn was correct you should start seeing events in Sentry! 4 | -------------------------------------------------------------------------------- /charts/sentry/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ if not (.Values.kafka.enabled) }} 2 | * Sentry use external kafka: 3 | 4 | {{ template "sentry.kafka.bootstrap_servers_string" . }} 5 | {{ end -}} 6 | -------------------------------------------------------------------------------- /charts/sentry/templates/symbolicator/_helper-symbolicator.tpl: -------------------------------------------------------------------------------- 1 | {{- define "sentry.symbolicator.config" -}} 2 | config.yml: {{ toYaml .Values.symbolicator.api.config }} 3 | {{- end -}} 4 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | indent_style = space 5 | indent_size = 2 6 | end_of_line = lf 7 | charset = utf-8 8 | trim_trailing_whitespace = true 9 | insert_final_newline = true 10 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: {{ include "sentry-kubernetes.labels" . | indent 4 }} 6 | name: {{ template "sentry-kubernetes.serviceAccountName" . }} 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if (include "sentry-kubernetes.createSecret" .) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | labels: {{ include "sentry-kubernetes.labels" . | indent 4 }} 6 | name: {{ template "sentry-kubernetes.fullname" . }} 7 | type: Opaque 8 | data: 9 | sentry.dsn: {{ .Values.sentry.dsn | b64enc | quote }} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/serviceaccount-clickhouse.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }} 6 | {{- if .Values.serviceAccount.annotations }} 7 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 8 | {{- end }} 9 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 10 | {{- end }} -------------------------------------------------------------------------------- /charts/clickhouse/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/serviceaccount-clickhouse-replica.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-replica 6 | {{- if .Values.serviceAccount.annotations }} 7 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 8 | {{- end }} 9 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 10 | {{- end }} -------------------------------------------------------------------------------- /charts/sentry-kubernetes/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /charts/sentry/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/configmap-sentry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "sentry.fullname" . }}-sentry 5 | labels: 6 | app: sentry 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | {{- include "sentry.labels" . | nindent 4 }} 11 | data: 12 | {{ include "sentry.config" . | nindent 2 }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/configmap-memcached.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.sourcemaps.enabled }} 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-memcached 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "memcached" "ctx" .) | nindent 4 }} 9 | data: 10 | MEMCACHED_MEMORY_LIMIT: "{{ .Values.memcached.memoryLimit }}" 11 | MEMCACHED_MAX_ITEM_SIZE: "{{ .Values.memcached.maxItemSize }}" 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/serviceaccount-clickhouse-tabix.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.tabix.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-tabix 6 | {{- if .Values.serviceAccount.annotations }} 7 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 8 | {{- end }} 9 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 10 | {{- end }} -------------------------------------------------------------------------------- /charts/sentry/templates/geoip/serviceaccount-geoip.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.geodata.accountID .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-geoip 6 | {{- if .Values.serviceAccount.annotations }} 7 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 8 | {{- end }} 9 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 10 | {{- end }} 11 | 12 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Please 2 | 3 | on: 4 | push: 5 | branches: 6 | - develop 7 | 8 | permissions: 9 | contents: write 10 | pull-requests: write 11 | 12 | jobs: 13 | release-please: 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Release Please Action 17 | uses: google-github-actions/release-please-action@v4 18 | with: 19 | token: ${{ secrets.PERSONAL_TOKEN }} 20 | config-file: release-please-config.json 21 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/configmap-snuba.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "sentry.fullname" . }}-snuba 5 | labels: 6 | app: sentry 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | {{- include "sentry.component.labels" (dict "component" "snuba" "ctx" .) | nindent 4 }} 11 | data: 12 | {{ include "sentry.snuba.config" . | nindent 2 }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/cleanup/serviceaccount-clickhouse-cleanup.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.snuba.cleanup.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-clickhouse-cleanup 6 | {{- if .Values.serviceAccount.annotations }} 7 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 8 | {{- end }} 9 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /release-please-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", 3 | "packages": { 4 | "charts/clickhouse": { 5 | "release-type": "helm", 6 | "changelog-path": "CHANGELOG.md" 7 | }, 8 | "charts/sentry": { 9 | "release-type": "helm", 10 | "changelog-path": "CHANGELOG.md" 11 | }, 12 | "charts/sentry-kubernetes": { 13 | "release-type": "helm", 14 | "changelog-path": "CHANGELOG.md" 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /charts/sentry/ci/kind-values.yaml: -------------------------------------------------------------------------------- 1 | profiles: 2 | - errors-only 3 | 4 | kafka: 5 | enabled: true 6 | kraft: 7 | enabled: true 8 | provisioning: 9 | replicationFactor: 1 10 | controller: 11 | replicaCount: 1 12 | broker: 13 | replicaCount: 1 14 | 15 | redis: 16 | enabled: true 17 | master.persistence.enabled: false 18 | replica.replicaCount: 0 19 | 20 | rabbitmq: 21 | enabled: false 22 | 23 | clickhouse: 24 | enabled: true 25 | replicaCount: 1 26 | shards: 1 27 | keeper: 28 | replicaCount: 1 29 | -------------------------------------------------------------------------------- /charts/clickhouse/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "23.8.16.16" 3 | description: ClickHouse is an open source column-oriented database management 4 | system capable of real time generation of analytical data reports using SQL 5 | queries 6 | home: https://clickhouse.yandex/ 7 | icon: https://clickhouse.yandex/images/logo.png 8 | keywords: 9 | - clickhouse 10 | - olap 11 | - database 12 | name: clickhouse 13 | sources: 14 | - https://github.com/sentry-kubernetes/charts 15 | version: 4.1.1 16 | maintainers: 17 | - name: sentry-kubernetes 18 | -------------------------------------------------------------------------------- /charts/sentry/templates/relay/configmap-relay.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.relay.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-relay 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- include "sentry.component.labels" (dict "component" "relay" "ctx" .) | nindent 4 }} 12 | data: 13 | {{ include "sentry.relay.config" . | nindent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/metrics/serviceaccount-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-metrics 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "metrics" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/cleanup/serviceaccount-sentry-cleanup.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-cleanup 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "cleanup" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/relay/serviceaccount-relay.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.relay.enabled .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-relay 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "relay" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/serviceaccount-snuba.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.snuba.api.enabled .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-snuba 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "snuba" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/symbolicator/configmap-symbolicator.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.symbolicator.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-symbolicator 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- include "sentry.component.labels" (dict "component" "symbolicator" "ctx" .) | nindent 4 }} 12 | data: 13 | {{ include "sentry.symbolicator.config" . | nindent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/symbolicator/serviceaccount-symbolicator.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-symbolicator-api 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "symbolicator" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/web/serviceaccount-sentry-web.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.sentry.web.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-web 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "web" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: {{ include "sentry-kubernetes.labels" . | indent 4 }} 6 | name: {{ template "sentry-kubernetes.fullname" . }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: {{ template "sentry-kubernetes.fullname" . }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "sentry-kubernetes.serviceAccountName" . }} 14 | namespace: {{ .Release.Namespace }} 15 | {{- end -}} -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/cron/serviceaccount-sentry-cron.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.sentry.cron.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-cron 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "cron" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: sentry-kubernetes 3 | description: A Helm chart for sentry-kubernetes 4 | (https://github.com/getsentry/sentry-kubernetes) 5 | type: application 6 | version: 0.4.0 7 | appVersion: latest 8 | home: https://github.com/getsentry/sentry-kubernetes 9 | icon: https://sentry-brand.storage.googleapis.com/sentry-glyph-white.png 10 | keywords: 11 | - sentry 12 | - report kubernetes events 13 | sources: 14 | - https://github.com/getsentry/sentry-kubernetes 15 | - https://github.com/sentry-kubernetes/charts 16 | maintainers: 17 | - name: sentry-kubernetes 18 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: {{ include "sentry-kubernetes.labels" . | indent 4 }} 6 | name: {{ template "sentry-kubernetes.fullname" . }} 7 | rules: 8 | # Custom rules inclusion 9 | {{ if .Values.rbac.custom_rules }} 10 | {{- toYaml .Values.rbac.custom_rules | nindent 4 }} 11 | {{ else }} 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - events 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | {{ end }} 21 | {{- end -}} -------------------------------------------------------------------------------- /charts/clickhouse/templates/svc-tabix.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tabix.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }}-tabix 6 | labels: 7 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-tabix 8 | app.kubernetes.io/instance: {{ .Release.Name }}-tabix 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | ports: 12 | - port: 80 13 | targetPort: http 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-tabix 18 | app.kubernetes.io/instance: {{ .Release.Name }}-tabix 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/sentry/templates/geoip/secret-geoip-env.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.geodata.accountID }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-geoip-env 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | type: Opaque 12 | data: 13 | GEOIPUPDATE_ACCOUNT_ID: {{ .Values.geodata.accountID | b64enc | quote }} 14 | GEOIPUPDATE_LICENSE_KEY: {{ .Values.geodata.licenseKey | b64enc | quote }} 15 | GEOIPUPDATE_EDITION_IDS: {{ .Values.geodata.editionIDs | b64enc | quote }} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/events/serviceaccount-sentry-ingest-consumer-events.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.sentry.ingestConsumerEvents.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | {{- include "sentry.component.labels" (dict "component" "ingest-consumer-events" "ctx" .) | nindent 4 }} 7 | name: {{ .Values.serviceAccount.name }}-ingest-consumer-events 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/vroom/serviceaccount-sentry-vroom.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.features.enableProfiling }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-vroom 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "vroom" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/worker/serviceaccount-sentry-worker.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled ( or .Values.sentry.worker.enabled .Values.sentry.workerEvents.enabled .Values.sentry.workerTransactions.enabled ) }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-worker 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "worker" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/attachments/serviceaccount-sentry-ingest-consumer-attachments.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.sentry.ingestConsumerAttachments.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-ingest-consumer-attachments 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "ingest-consumer-attachments" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/metrics/serviceaccount-sentry-metrics-consumer.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.metricsConsumer.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-metrics-consumer 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "metrics" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/uptime-checker/serviceaccount-uptime-checker.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.features.enableUptime }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-uptime-checker 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "sentry-uptime-checker" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/process/spans/serviceaccount-sentry-process-spans.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.processSpans.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-process-spans 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "sentry-process-spans" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/uptime/serviceaccount-sentry-uptime-results.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.uptimeResults.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-uptime-results 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "sentry-uptime-results" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/feedback/serviceaccount-sentry-ingest-feedback.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.ingestMonitors.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-ingest-feedback 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "ingest-feedback" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/monitors/serviceaccount-sentry-ingest-monitors.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.ingestMonitors.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-ingest-monitors 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "ingest-monitors" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/profiles/serviceaccount-sentry-ingest-profiles.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.features.enableProfiling }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-ingest-profiles 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "ingest-profiles" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/post-process-forwarder/errors/serviceaccount-sentry-post-process-forwarder-errors.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.sentry.postProcessForwardErrors.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-post-process-forwarder-errors 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "sentry-post-process-forward-errors" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/subscription-consumer/events/serviceaccount-sentry-subscription-consumer-events.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.sentry.subscriptionConsumerEvents.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-subscription-consumer-events 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "sentry-subscription-consumer-events" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/process/segments/serviceaccount-sentry-process-segments.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.processSegments.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-process-segments 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "sentry-process-segments" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/monitors/serviceaccount-sentry-monitors-clock-tick.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.monitorsClockTick.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-monitors-clock-tick 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "monitors-clock-tick" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/occurrences/serviceaccount-sentry-ingest-occurrences.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.ingestOccurrences.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-ingest-occurrences 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "ingest-occurrences" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/monitors/serviceaccount-sentry-monitors-clock-tasks.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.monitorsClockTasks.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-monitors-clock-tasks 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "monitors-clock-tasks" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/pgbouncer/pgbouncer-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pgbouncer.enabled }} 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-pgbouncer 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "pgbouncer" "ctx" .) | nindent 4 }} 9 | spec: 10 | selector: 11 | app: {{ template "sentry.fullname" . }}-pgbouncer 12 | ports: 13 | - name: pgbouncer 14 | port: 5432 15 | targetPort: 5432 16 | sessionAffinity: {{ .Values.pgbouncer.service.sessionAffinity }} 17 | {{- if .Values.pgbouncer.service.sessionAffinityConfig }} 18 | sessionAffinityConfig: {{ toYaml .Values.pgbouncer.service.sessionAffinityConfig | nindent 4 }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/subscription-consumer/results-eap/serviceaccount-sentry-subscription-results-eap-items.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.enabled .Values.sentry.subscriptionConsumerResultsEapItems.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }}-subscription-consumer-results-eap-items 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "sentry-subscription-consumer-eap-spans" "ctx" .) | nindent 4 }} 8 | {{- if .Values.serviceAccount.annotations }} 9 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 10 | {{- end }} 11 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/metrics/billing/serviceaccount-sentry-billing-metrics-consumer.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.billingMetricsConsumer.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-billing-metrics-consumer 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "billing-metrics-consumer" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/metrics/generic/serviceaccount-sentry-generic-metrics-consumer.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.genericMetricsConsumer.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-generic-metrics-consumer 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "generic-metrics-consumer" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:recommended", 4 | ":rebaseStalePrs", 5 | "docker:disable", 6 | "customManagers:helmChartYamlAppVersions" 7 | ], 8 | "enabled": true, 9 | "prConcurrentLimit": 30, 10 | "enabledManagers": [ 11 | "helmv3", 12 | "github-actions" 13 | ], 14 | "schedule": [ 15 | "before 5am on Monday" 16 | ], 17 | "packageRules": [ 18 | { 19 | "updateTypes": [ 20 | "patch", 21 | "minor" 22 | ], 23 | "schedule": [ 24 | "before 5am on Monday" 25 | ] 26 | }, 27 | { 28 | "updateTypes": [ 29 | "major" 30 | ], 31 | "schedule": [ 32 | "before 5am on the first day of the month" 33 | ] 34 | } 35 | ] 36 | } 37 | -------------------------------------------------------------------------------- /charts/sentry/templates/hooks/sentry-secret-create.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.sentry.existingSecret -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-sentry-secret 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | annotations: 12 | {{- if .Values.useArgoCdCompatibleAnnotations }} 13 | "argocd.argoproj.io/hook": "Sync" 14 | "argocd.argoproj.io/sync-wave": "-1" 15 | {{- else }} 16 | "helm.sh/hook": "pre-install" 17 | "helm.sh/hook-weight": "3" 18 | {{- end }} 19 | type: Opaque 20 | data: 21 | key: {{ randAlphaNum 50 | b64enc | quote }} 22 | {{- end -}} 23 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/replay-recordings/serviceaccount-sentry-ingest-replay-recordings.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.ingestReplayRecordings.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-ingest-replay-recordings 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "ingest-replay-recordings" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/transactions/serviceaccount-sentry-ingest-consumer-transactions.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.ingestConsumerTransactions.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-ingest-consumer-transactions 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "ingest-consumer-transactions" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/subscription-consumer/metrics/serviceaccount-sentry-subscription-consumer-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.subscriptionConsumerMetrics.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-subscription-consumer-metrics 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "subscription-consumer-metrics" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /.github/workflows/stale.yaml: -------------------------------------------------------------------------------- 1 | name: Close inactive issues 2 | on: 3 | schedule: 4 | - cron: "30 1 * * *" 5 | 6 | jobs: 7 | close-issues: 8 | runs-on: ubuntu-latest 9 | permissions: 10 | issues: write 11 | pull-requests: write 12 | steps: 13 | - uses: actions/stale@v9 14 | with: 15 | days-before-issue-stale: 30 16 | days-before-issue-close: 14 17 | stale-issue-label: "stale" 18 | stale-issue-message: "This issue is stale because it has been open for 30 days with no activity." 19 | close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale." 20 | days-before-pr-stale: -1 21 | days-before-pr-close: -1 22 | repo-token: ${{ secrets.PERSONAL_TOKEN }} -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/post-process-forwarder/transactions/serviceaccount-sentry-post-process-forwarder-transactions.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.postProcessForwardTransactions.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-post-process-forwarder-transactions 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "sentry-post-process-forward-transactions" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/subscription-consumer/transactions/serviceaccount-sentry-subscription-consumer-transactions.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.subscriptionConsumerTransactions.enabled}} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-subscription-consumer-transactions 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "sentry-subscription-consumer-transactions" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/subscription-consumer/generic-metrics/serviceaccount-sentry-subscription-consumer-generic-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.subscriptionConsumerGenericMetrics.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-subscription-consumer-generic-metrics 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "subscription-consumer-generic-metrics" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/post-process-forwarder/issue-platform/serviceaccount-sentry-post-process-forwarder-issue-platform.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.serviceAccount.enabled .Values.sentry.postProcessForwardIssuePlatform.enabled }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ .Values.serviceAccount.name }}-post-process-forwarder-issue-platform 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "sentry-post-process-forward-issue-platform" "ctx" .) | nindent 4 }} 9 | {{- if .Values.serviceAccount.annotations }} 10 | annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /.github/workflows/auto-label-conflicts.yaml: -------------------------------------------------------------------------------- 1 | name: Auto Label Conflicts 2 | on: 3 | push: 4 | branches: [develop] 5 | 6 | concurrency: 7 | group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} 8 | cancel-in-progress: true 9 | 10 | jobs: 11 | auto-label: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: prince-chrismc/label-merge-conflicts-action@v3 15 | with: 16 | conflict_label_name: "conflicts" 17 | github_token: ${{ secrets.PERSONAL_TOKEN }} 18 | detect_merge_changes: false # or true to handle as conflicts 19 | conflict_comment: | 20 | :wave: Hi, @${author}, 21 | I detected conflicts against the base branch :speak_no_evil: 22 | You'll want to sync :arrows_counterclockwise: your branch with upstream! 23 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/svc-clickhouse.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "clickhouse.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "clickhouse.name" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | spec: 10 | ports: 11 | - port: {{ .Values.clickhouse.tcp_port }} 12 | targetPort: tcp-port 13 | protocol: TCP 14 | name: tcp-port 15 | - port: {{ .Values.clickhouse.http_port }} 16 | targetPort: http-port 17 | protocol: TCP 18 | name: http-port 19 | - port: {{ .Values.clickhouse.interserver_http_port }} 20 | targetPort: inter-http-port 21 | protocol: TCP 22 | name: inter-http-port 23 | selector: 24 | app.kubernetes.io/name: {{ include "clickhouse.name" . }} 25 | app.kubernetes.io/instance: {{ .Release.Name }} 26 | -------------------------------------------------------------------------------- /charts/sentry/templates/pgbouncer/pgbouncer-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pgbouncer.enabled }} 2 | {{- if .Values.pgbouncer.podDisruptionBudget.enabled }} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ template "sentry.fullname" . }}-pgbouncer 8 | labels: 9 | {{- include "sentry.component.labels" (dict "component" "pgbouncer" "ctx" .) | nindent 4 }} 10 | spec: 11 | {{- if and .Values.pgbouncer.podDisruptionBudget.minAvailable (not (hasKey .Values.pgbouncer.podDisruptionBudget "maxUnavailable")) }} 12 | minAvailable: {{ .Values.pgbouncer.podDisruptionBudget.minAvailable }} 13 | {{- else if .Values.pgbouncer.podDisruptionBudget.maxUnavailable }} 14 | maxUnavailable: {{ .Values.pgbouncer.podDisruptionBudget.maxUnavailable }} 15 | {{- end }} 16 | selector: 17 | matchLabels: 18 | app: {{ template "sentry.fullname" . }}-pgbouncer 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/svc-clickhouse-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "clickhouse.fullname" . }}-headless 5 | labels: 6 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-headless 7 | app.kubernetes.io/instance: {{ .Release.Name }}-headless 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | spec: 10 | clusterIP: "None" 11 | ports: 12 | - port: {{ .Values.clickhouse.tcp_port }} 13 | targetPort: tcp-port 14 | protocol: TCP 15 | name: tcp-port 16 | - port: {{ .Values.clickhouse.http_port }} 17 | targetPort: http-port 18 | protocol: TCP 19 | name: http-port 20 | - port: {{ .Values.clickhouse.interserver_http_port }} 21 | targetPort: inter-http-port 22 | protocol: TCP 23 | name: inter-http-port 24 | selector: 25 | app.kubernetes.io/name: {{ include "clickhouse.name" . }} 26 | app.kubernetes.io/instance: {{ .Release.Name }} 27 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/prometheus-rule.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.clickhouse.metrics.enabled .Values.clickhouse.metrics.prometheusRule.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }} 6 | {{- if .Values.clickhouse.metrics.prometheusRule.namespace }} 7 | namespace: {{ .Values.clickhouse.metrics.prometheusRule.namespace }} 8 | {{- end }} 9 | labels: 10 | app.kubernetes.io/name: {{ include "clickhouse.name" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- with .Values.clickhouse.metrics.prometheusRule.additionalLabels }} 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | {{- with .Values.clickhouse.metrics.prometheusRule.rules }} 18 | groups: 19 | - name: {{ include "clickhouse.fullname" $ }} 20 | rules: {{- tpl (toYaml .) $ | nindent 8 }} 21 | {{- end }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/sentry/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: memcached 3 | repository: oci://registry-1.docker.io/bitnamicharts 4 | version: 7.5.2 5 | - name: redis 6 | repository: oci://registry-1.docker.io/bitnamicharts 7 | version: 17.11.3 8 | - name: kafka 9 | repository: oci://registry-1.docker.io/bitnamicharts 10 | version: 29.3.14 11 | - name: clickhouse 12 | repository: https://sentry-kubernetes.github.io/charts 13 | version: 4.1.1 14 | - name: zookeeper 15 | repository: oci://registry-1.docker.io/bitnamicharts 16 | version: 11.4.11 17 | - name: rabbitmq 18 | repository: oci://registry-1.docker.io/bitnamicharts 19 | version: 11.16.2 20 | - name: postgresql 21 | repository: oci://registry-1.docker.io/bitnamicharts 22 | version: 12.5.1 23 | - name: nginx 24 | repository: oci://registry-1.docker.io/bitnamicharts 25 | version: 22.3.9 26 | digest: sha256:b7b9fb77f0a668f85a7a6b6be055982865cdca4fe29c841d91fb07ed55732e2a 27 | generated: "2025-12-18T09:31:26.003568+01:00" 28 | -------------------------------------------------------------------------------- /charts/sentry/templates/geoip/pvc-geoip.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.geodata.accountID }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: data-sentry-geoip 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | spec: 12 | accessModes: 13 | {{- range .Values.geodata.persistence.accessModes }} 14 | - {{ . | quote }} 15 | {{- end }} 16 | resources: 17 | requests: 18 | storage: {{ .Values.geodata.persistence.size }} 19 | {{- if and (.Values.geodata.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" .Release.Namespace "data-sentry-geoip") }} 20 | volumeName: {{ (lookup "v1" "PersistentVolumeClaim" .Release.Namespace "data-sentry-geoip").spec.volumeName }} 21 | {{- end }} 22 | {{- if .Values.geodata.persistence.storageClass }} 23 | storageClassName: {{ .Values.geodata.persistence.storageClass | quote }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/svc-clickhouse-replica.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.configmap.remote_servers.replica.backup.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }}-replica 6 | labels: 7 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica 8 | app.kubernetes.io/instance: {{ .Release.Name }}-replica 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | ports: 12 | - port: {{ .Values.clickhouse.tcp_port }} 13 | targetPort: tcp-port 14 | protocol: TCP 15 | name: tcp-port 16 | - port: {{ .Values.clickhouse.http_port }} 17 | targetPort: http-port 18 | protocol: TCP 19 | name: http-port 20 | - port: {{ .Values.clickhouse.interserver_http_port }} 21 | targetPort: inter-http-port 22 | protocol: TCP 23 | name: inter-http-port 24 | selector: 25 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica 26 | app.kubernetes.io/instance: {{ .Release.Name }}-replica 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/svc-clickhouse-replica-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.configmap.remote_servers.replica.backup.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }}-replica-headless 6 | labels: 7 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica-headless 8 | app.kubernetes.io/instance: {{ .Release.Name }}-replica-headless 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | clusterIP: "None" 12 | ports: 13 | - port: {{ .Values.clickhouse.tcp_port }} 14 | targetPort: tcp-port 15 | protocol: TCP 16 | name: tcp-port 17 | - port: {{ .Values.clickhouse.http_port }} 18 | targetPort: http-port 19 | protocol: TCP 20 | name: http-port 21 | - port: {{ .Values.clickhouse.interserver_http_port }} 22 | targetPort: inter-http-port 23 | protocol: TCP 24 | name: inter-http-port 25 | selector: 26 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica 27 | app.kubernetes.io/instance: {{ .Release.Name }}-replica 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /LICENCE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /charts/sentry-kubernetes/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## [0.4.0](https://github.com/sentry-kubernetes/charts/compare/sentry-kubernetes-v0.3.4...sentry-kubernetes-v0.4.0) (2024-09-26) 4 | 5 | 6 | ### Features 7 | 8 | * switch to go version of sentry-kubernetes with first minimal version of the chart ([#1395](https://github.com/sentry-kubernetes/charts/issues/1395)) ([e643ff6](https://github.com/sentry-kubernetes/charts/commit/e643ff6c742f3b8f88a88fdfec21c769b2c0fbb3)) 9 | 10 | ## [0.3.4](https://github.com/sentry-kubernetes/charts/compare/sentry-kubernetes-v0.3.3...sentry-kubernetes-v0.3.4) (2024-04-12) 11 | 12 | 13 | ### Bug Fixes 14 | 15 | * make ingress, rbac compatible with latest k8s versions ([#114](https://github.com/sentry-kubernetes/charts/issues/114)) ([8d2f319](https://github.com/sentry-kubernetes/charts/commit/8d2f3196fe797a301ba6ebb21b793f3030d70962)) 16 | 17 | ## 0.3.3 (2024-04-12) 18 | 19 | 20 | ### Bug Fixes 21 | 22 | * make ingress, rbac compatible with latest k8s versions ([#114](https://github.com/sentry-kubernetes/charts/issues/114)) ([8d2f319](https://github.com/sentry-kubernetes/charts/commit/8d2f3196fe797a301ba6ebb21b793f3030d70962)) 23 | -------------------------------------------------------------------------------- /charts/sentry/templates/relay/service-relay.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.relay.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-relay 6 | annotations: 7 | {{- range $key, $value := .Values.relay.service.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | {{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} 11 | cloud.google.com/backend-config: '{"ports": {"{{ template "relay.port" . }}":"{{ include "sentry.fullname" . }}-relay"}}' 12 | {{- end }} 13 | labels: 14 | app: {{ template "sentry.fullname" . }} 15 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 16 | release: "{{ .Release.Name }}" 17 | heritage: "{{ .Release.Service }}" 18 | {{- include "sentry.component.labels" (dict "component" "relay" "ctx" .) | nindent 4 }} 19 | spec: 20 | type: {{ .Values.service.type }} 21 | ports: 22 | - port: {{ template "relay.port" . }} 23 | targetPort: {{ template "relay.port" }} 24 | protocol: TCP 25 | name: {{ .Values.service.name }}-relay 26 | selector: 27 | app: {{ template "sentry.fullname" . }} 28 | role: relay 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/metrics/service-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-metrics 6 | {{- if .Values.metrics.service.annotations }} 7 | annotations: {{ toYaml .Values.metrics.service.annotations | nindent 4 }} 8 | {{- end }} 9 | labels: 10 | app: {{ template "sentry.fullname" . }}-metrics 11 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 12 | release: "{{ .Release.Name }}" 13 | heritage: "{{ .Release.Service }}" 14 | role: metrics 15 | {{- include "sentry.component.labels" (dict "component" "metrics" "ctx" .) | nindent 4 }} 16 | {{- if .Values.metrics.service.additionalLabels }} 17 | {{ toYaml .Values.metrics.service.additionalLabels | indent 4 }} 18 | {{- end }} 19 | spec: 20 | type: {{ .Values.metrics.service.type }} 21 | ports: 22 | - port: 9102 23 | targetPort: 9102 24 | protocol: TCP 25 | name: metrics 26 | - port: 9125 27 | targetPort: 9125 28 | protocol: UDP 29 | name: statsd 30 | selector: 31 | app: {{ template "sentry.fullname" . }}-metrics 32 | release: {{ .Release.Name }} 33 | role: metrics 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/ingress-tabix.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tabix.enabled }} 2 | {{- if .Values.tabix.ingress.enabled}} 3 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 4 | apiVersion: networking.k8s.io/v1 5 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 6 | apiVersion: networking.k8s.io/v1beta1 7 | {{- else -}} 8 | apiVersion: extensions/v1beta1 9 | {{- end }} 10 | kind: Ingress 11 | metadata: 12 | name: {{ include "clickhouse.fullname" . }}-tabix 13 | labels: 14 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-tabix 15 | app.kubernetes.io/instance: {{ .Release.Name }}-tabix 16 | app.kubernetes.io/managed-by: {{ .Release.Service }} 17 | spec: 18 | rules: 19 | - host: {{ .Values.tabix.ingress.host }} 20 | http: 21 | paths: 22 | - path: {{ .Values.tabix.ingress.path }} 23 | backend: 24 | serviceName: {{ include "clickhouse.fullname" . }}-tabix 25 | servicePort: http 26 | {{- if .Values.tabix.ingress.tls.enabled }} 27 | tls: 28 | - hosts: 29 | {{- range .Values.tabix.ingress.tls.hosts }} 30 | - {{ . | quote }} 31 | {{- end }} 32 | secretName: {{ .Values.tabix.ingress.tls.secretName }} 33 | {{- end }} 34 | {{- end }} 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/svc-clickhouse-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.metrics.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }}-metrics 6 | labels: 7 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-metrics 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | {{- if .Values.clickhouse.metrics.service.labels -}} 11 | {{- toYaml .Values.clickhouse.metrics.service.labels | nindent 4 }} 12 | {{- end -}} 13 | {{- if .Values.clickhouse.metrics.service.annotations }} 14 | annotations: {{- toYaml .Values.clickhouse.metrics.service.annotations | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | type: {{ .Values.clickhouse.metrics.service.type }} 18 | {{ if and (eq .Values.clickhouse.metrics.service.type "LoadBalancer") .Values.clickhouse.metrics.service.loadBalancerIP }} 19 | loadBalancerIP: {{ .Values.clickhouse.metrics.service.loadBalancerIP }} 20 | {{- end }} 21 | ports: 22 | - port: {{ .Values.clickhouse.metrics.port }} 23 | targetPort: metrics 24 | name: metrics 25 | selector: 26 | app.kubernetes.io/name: {{ include "clickhouse.name" . }} 27 | app.kubernetes.io/instance: {{ .Release.Name }} 28 | --- 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/vroom/service-vroom.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if .Values.sentry.features.enableProfiling }} 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-vroom 7 | annotations: 8 | {{- range $key, $value := .Values.vroom.service.annotations }} 9 | {{ $key }}: {{ $value | quote }} 10 | {{- end }} 11 | {{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} 12 | cloud.google.com/backend-config: '{"ports": {"{{ template "vroom.port" . }}":"{{ include "sentry.fullname" . }}-vroom"}}' 13 | {{- end }} 14 | labels: 15 | app: {{ template "sentry.fullname" . }} 16 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 17 | release: "{{ .Release.Name }}" 18 | heritage: "{{ .Release.Service }}" 19 | {{- include "sentry.component.labels" (dict "component" "vroom" "ctx" .) | nindent 4 }} 20 | spec: 21 | type: {{ .Values.service.type }} 22 | ports: 23 | - port: {{ template "vroom.port" . }} 24 | targetPort: {{ template "vroom.port" }} 25 | protocol: TCP 26 | name: {{ .Values.service.name }}-vroom 27 | selector: 28 | app: {{ template "sentry.fullname" . }} 29 | role: vroom 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/secret-snuba-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "sentry.fullname" . }}-snuba-env 5 | labels: 6 | app: sentry 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 8 | release: "{{ .Release.Name }}" 9 | heritage: "{{ .Release.Service }}" 10 | {{- include "sentry.component.labels" (dict "component" "snuba" "ctx" .) | nindent 4 }} 11 | type: Opaque 12 | data: 13 | CLICKHOUSE_PORT: {{ include "sentry.clickhouse.port" . | b64enc | quote }} 14 | CLICKHOUSE_DATABASE: {{ include "sentry.clickhouse.database" . | b64enc | quote }} 15 | CLICKHOUSE_USER: {{ include "sentry.clickhouse.username" . | b64enc | quote }} 16 | {{- if not .Values.externalClickhouse.existingSecret }} 17 | CLICKHOUSE_PASSWORD: {{ include "sentry.clickhouse.password" . | b64enc | quote }} 18 | {{- end }} 19 | {{- if .Values.externalClickhouse.secure }} 20 | CLICKHOUSE_SECURE: {{ include "sentry.clickhouse.secure" . | b64enc | quote }} 21 | {{- end }} 22 | {{- if .Values.externalClickhouse.ca_certs }} 23 | CLICKHOUSE_CA_CERTS: {{ include "sentry.clickhouse.ca_certs" . | b64enc | quote }} 24 | {{- end }} 25 | {{- if .Values.externalClickhouse.verify }} 26 | CLICKHOUSE_VERIFY: {{ include "sentry.clickhouse.verify" . | b64enc | quote }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/sentry/templates/symbolicator/pvc-symbolicator.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.symbolicator.enabled }} 2 | {{- if .Values.symbolicator.api.usedeployment }} 3 | {{- if .Values.symbolicator.api.persistence.enabled }} 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: sentry-symbolicator-pvc 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | app: {{ template "sentry.fullname" . }} 11 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 12 | release: "{{ .Release.Name }}" 13 | heritage: "{{ .Release.Service }}" 14 | component: symbolicator 15 | spec: 16 | accessModes: 17 | {{- range .Values.symbolicator.api.persistence.accessModes }} 18 | - {{ . | quote }} 19 | {{- end }} 20 | resources: 21 | requests: 22 | storage: {{ .Values.symbolicator.api.persistence.size | quote }} 23 | {{- if and (.Values.symbolicator.api.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" .Release.Namespace "sentry-symbolicator-pvc") }} 24 | volumeName: {{ (lookup "v1" "PersistentVolumeClaim" .Release.Namespace "sentry-symbolicator-pvc").spec.volumeName }} 25 | {{- end }} 26 | {{- if .Values.symbolicator.api.persistence.storageClassName }} 27 | storageClassName: {{ .Values.symbolicator.api.persistence.storageClassName | quote }} 28 | {{- end }} 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | 33 | 34 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/ingress-clickhouse.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.ingress.enabled}} 2 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 3 | apiVersion: networking.k8s.io/v1 4 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ include "clickhouse.fullname" . }} 12 | labels: 13 | app.kubernetes.io/name: {{ include "clickhouse.name" . }} 14 | app.kubernetes.io/instance: {{ .Release.Name }} 15 | app.kubernetes.io/managed-by: {{ .Release.Service }} 16 | annotations: 17 | {{- range $key, $value := .Values.clickhouse.ingress.annotations }} 18 | {{ $key }}: {{ $value | quote }} 19 | {{- end }} 20 | spec: 21 | rules: 22 | - host: {{ .Values.clickhouse.ingress.host }} 23 | http: 24 | paths: 25 | - path: {{ .Values.clickhouse.ingress.path }} 26 | backend: 27 | serviceName: {{ include "clickhouse.fullname" . }} 28 | servicePort: http-port 29 | {{- if .Values.clickhouse.ingress.tls.enabled }} 30 | tls: 31 | - hosts: 32 | {{- range .Values.clickhouse.ingress.tls.hosts }} 33 | - {{ . | quote }} 34 | {{- end }} 35 | secretName: {{ .Values.clickhouse.ingress.tls.secretName }} 36 | {{- end }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /charts/sentry/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.filestore.backend "filesystem" -}} 2 | {{- if and .Values.filestore.filesystem.persistence.enabled (not .Values.filestore.filesystem.persistence.existingClaim) -}} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-data 7 | labels: 8 | app: sentry 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | spec: 13 | accessModes: 14 | - {{ .Values.filestore.filesystem.persistence.accessMode | quote }} 15 | resources: 16 | requests: 17 | storage: {{ .Values.filestore.filesystem.persistence.size | quote }} 18 | {{- if and (.Values.filestore.filesystem.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" .Release.Namespace (printf "%s-data" (include "sentry.fullname" .))) }} 19 | volumeName: {{ (lookup "v1" "PersistentVolumeClaim" .Release.Namespace (printf "%s-data" (include "sentry.fullname" .))).spec.volumeName }} 20 | {{- end }} 21 | {{- if .Values.filestore.filesystem.persistence.storageClass }} 22 | {{- if (eq "-" .Values.filestore.filesystem.persistence.storageClass) }} 23 | storageClassName: "" 24 | {{- else }} 25 | storageClassName: "{{ .Values.filestore.filesystem.persistence.storageClass }}" 26 | {{- end }} 27 | {{- end }} 28 | {{- end -}} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/svc-clickhouse-replica-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.configmap.remote_servers.replica.backup.enabled }} 2 | {{- if .Values.clickhouse.metrics.enabled }} 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ include "clickhouse.fullname" . }}-replica-metrics 7 | labels: 8 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica-metrics 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | {{- if .Values.clickhouse.metrics.service.labels -}} 12 | {{- toYaml .Values.clickhouse.metrics.service.labels | nindent 4 }} 13 | {{- end -}} 14 | {{- if .Values.clickhouse.metrics.service.annotations }} 15 | annotations: {{- toYaml .Values.clickhouse.metrics.service.annotations | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | type: {{ .Values.clickhouse.metrics.service.type }} 19 | {{ if and (eq .Values.clickhouse.metrics.service.type "LoadBalancer") .Values.clickhouse.metrics.service.loadBalancerIP }} 20 | loadBalancerIP: {{ .Values.clickhouse.metrics.service.loadBalancerIP }} 21 | {{- end }} 22 | ports: 23 | - port: {{ .Values.clickhouse.metrics.port }} 24 | targetPort: metrics 25 | name: metrics 26 | selector: 27 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica 28 | app.kubernetes.io/instance: {{ .Release.Name }}-replica 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/sentry/templates/symbolicator/service-symbolicator.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.symbolicator.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-symbolicator 6 | annotations: 7 | {{- range $key, $value := .Values.service.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | labels: 11 | app: {{ template "sentry.fullname" . }} 12 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 13 | release: "{{ .Release.Name }}" 14 | heritage: "{{ .Release.Service }}" 15 | {{- include "sentry.component.labels" (dict "component" "symbolicator" "ctx" .) | nindent 4 }} 16 | spec: 17 | type: {{ .Values.service.type }} 18 | ports: 19 | - port: {{ template "symbolicator.port" }} 20 | targetPort: {{ template "symbolicator.port" }} 21 | protocol: TCP 22 | name: {{ .Values.service.name }} 23 | {{- if and (.Values.service.nodePort) (eq .Values.service.type "NodePort") }} 24 | nodePort: {{ .Values.service.nodePort }} 25 | {{- end }} 26 | {{- if .Values.service.externalIPs }} 27 | externalIPs: 28 | {{ toYaml .Values.service.externalIPs | indent 4 }} 29 | {{- end }} 30 | selector: 31 | app: {{ template "sentry.fullname" . }} 32 | role: symbolicator-api 33 | {{- with .Values.service.loadBalancerSourceRanges }} 34 | loadBalancerSourceRanges: 35 | {{- toYaml . | nindent 4 }} 36 | {{- end }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /charts/sentry/templates/gke/backendconfig-sentry-relay.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} 2 | apiVersion: cloud.google.com/v1 3 | kind: BackendConfig 4 | metadata: 5 | name: {{ include "sentry.fullname" . }}-relay 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "sentry.fullname" . }} 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | spec: 13 | {{- if .Values.relay.customResponseHeaders }} 14 | customResponseHeaders: 15 | headers: 16 | {{- if .Values.ingress.tls }} 17 | - "strict-transport-security: max-age=31536000; includeSubDomains" 18 | {{- end -}} 19 | {{ toYaml .Values.relay.customResponseHeaders | nindent 6 }} 20 | {{- end }} 21 | healthCheck: 22 | checkIntervalSec: {{ .Values.relay.probePeriodSeconds }} 23 | timeoutSec: {{ .Values.relay.probeTimeoutSeconds }} 24 | healthyThreshold: {{ .Values.relay.probeSuccessThreshold }} 25 | unhealthyThreshold: {{ .Values.relay.probeFailureThreshold }} 26 | type: HTTP 27 | requestPath: {{ template "relay.healthCheck.requestPath" }} 28 | port: {{ template "relay.port" . }} 29 | {{- if .Values.relay.securityPolicy }} 30 | securityPolicy: 31 | name: {{ .Values.relay.securityPolicy }} 32 | {{- end }} 33 | {{- end }} -------------------------------------------------------------------------------- /charts/clickhouse/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | ** Please be patient while the chart is being deployed ** 2 | 3 | 1. Get the Clickhouse URL by running: 4 | 5 | {{- if .Values.clickhouse.ingress.enabled }} 6 | 7 | export HOSTNAME=$(kubectl get ingress --namespace {{ .Release.Namespace }} {{ template "clickhouse.fullname" . }} -o jsonpath='{.spec.rules[0].host}') 8 | echo "Clickhouse URL: http://$HOSTNAME/" 9 | 10 | {{- else }} 11 | 12 | echo URL : http://127.0.0.1:8080/ 13 | echo Management URL : http://127.0.0.1:8080/manager 14 | kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "clickhouse.fullname" . }} 8123:{{ .Values.clickhouse.http_port }} 15 | kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "clickhouse.fullname" . }} 9000:{{ .Values.clickhouse.tcp_port }} 16 | kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "clickhouse.fullname" . }} 9009:{{ .Values.clickhouse.interserver_http_port }} 17 | 18 | {{- end }} 19 | 20 | 2. Get the Tabix URL by running: 21 | 22 | {{- if .Values.tabix.ingress.enabled }} 23 | 24 | export HOSTNAME=$(kubectl get ingress --namespace {{ .Release.Namespace }} {{ template "clickhouse.fullname" . }}-tabix -o jsonpath='{.spec.rules[0].host}') 25 | echo "Tabix URL: http://$HOSTNAME/" 26 | 27 | {{- else }} 28 | 29 | kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "clickhouse.fullname" . }}-tabix 80 30 | 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/sentry/templates/gke/backendconfig-sentry-web.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} 2 | apiVersion: cloud.google.com/v1 3 | kind: BackendConfig 4 | metadata: 5 | name: {{ include "sentry.fullname" . }}-web 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | app: {{ template "sentry.fullname" . }} 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | spec: 13 | {{- if .Values.sentry.web.customResponseHeaders }} 14 | customResponseHeaders: 15 | headers: 16 | {{- if .Values.ingress.tls }} 17 | - "strict-transport-security: max-age=31536000; includeSubDomains" 18 | {{- end -}} 19 | {{ toYaml .Values.sentry.web.customResponseHeaders | nindent 6 }} 20 | {{- end }} 21 | healthCheck: 22 | checkIntervalSec: {{ .Values.sentry.web.probePeriodSeconds }} 23 | timeoutSec: {{ .Values.sentry.web.probeTimeoutSeconds }} 24 | healthyThreshold: {{ .Values.sentry.web.probeSuccessThreshold }} 25 | unhealthyThreshold: {{ .Values.sentry.web.probeFailureThreshold }} 26 | type: HTTP 27 | requestPath: {{ template "sentry.healthCheck.requestPath" }} 28 | port: {{ .Values.service.externalPort }} 29 | {{- if .Values.sentry.web.securityPolicy }} 30 | securityPolicy: 31 | name: {{ .Values.sentry.web.securityPolicy }} 32 | {{- end }} 33 | {{- end }} -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/service-snuba.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.snuba.api.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-snuba 6 | annotations: 7 | {{- range $key, $value := .Values.service.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | {{- range $key, $value := .Values.snuba.api.service.annotations }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | labels: 14 | app: {{ template "sentry.fullname" . }} 15 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 16 | release: "{{ .Release.Name }}" 17 | heritage: "{{ .Release.Service }}" 18 | {{- include "sentry.component.labels" (dict "component" "snuba" "ctx" .) | nindent 4 }} 19 | spec: 20 | type: {{ .Values.service.type }} 21 | ports: 22 | - port: {{ template "snuba.port" }} 23 | targetPort: {{ template "snuba.port" }} 24 | protocol: TCP 25 | name: {{ .Values.service.name }} 26 | {{- if and (.Values.service.nodePort) (eq .Values.service.type "NodePort") }} 27 | nodePort: {{ .Values.service.nodePort }} 28 | {{- end }} 29 | {{- if .Values.service.externalIPs }} 30 | externalIPs: 31 | {{ toYaml .Values.service.externalIPs | indent 4 }} 32 | {{- end }} 33 | selector: 34 | app: {{ template "sentry.fullname" . }} 35 | role: snuba-api 36 | {{- with .Values.service.loadBalancerSourceRanges }} 37 | loadBalancerSourceRanges: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/servicemonitor-clickhouse.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }} 6 | {{- if .Values.clickhouse.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.clickhouse.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: 10 | app.kubernetes.io/name: {{ include "clickhouse.name" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- if .Values.clickhouse.metrics.serviceMonitor.selector}} 14 | {{- toYaml .Values.clickhouse.metrics.serviceMonitor.selector | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | namespaceSelector: 18 | matchNames: 19 | - {{ .Release.Namespace }} 20 | selector: 21 | matchLabels: 22 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-metrics 23 | endpoints: 24 | - port: metrics 25 | path: /metrics 26 | {{- if .Values.clickhouse.metrics.serviceMonitor.interval }} 27 | interval: {{ .Values.clickhouse.metrics.serviceMonitor.interval }} 28 | {{- end }} 29 | {{- if .Values.clickhouse.metrics.serviceMonitor.metricRelabelings }} 30 | metricRelabelings: 31 | {{ toYaml .Values.clickhouse.metrics.serviceMonitor.metricRelabelings | indent 6 }} 32 | {{- end }} 33 | {{- if .Values.clickhouse.metrics.serviceMonitor.relabelings }} 34 | relabelings: 35 | {{ toYaml .Values.clickhouse.metrics.serviceMonitor.relabelings | nindent 6 }} 36 | {{- end }} 37 | --- 38 | {{- end}} 39 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/vroom/pvc-vroom.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if .Values.sentry.features.enableProfiling }} 3 | {{- if .Values.vroom.persistence.enabled }} 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: sentry-vroom-pvc 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | app: {{ template "sentry.fullname" . }} 11 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 12 | release: "{{ .Release.Name }}" 13 | heritage: "{{ .Release.Service }}" 14 | component: vroom 15 | {{- include "sentry.component.labels" (dict "component" "vroom" "ctx" .) | nindent 4 }} 16 | {{- if .Values.asHook }} 17 | annotations: 18 | meta.helm.sh/release-name: "{{ .Release.Name }}" 19 | meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" 20 | "helm.sh/hook": "post-install,post-upgrade" 21 | "helm.sh/hook-weight": "25" 22 | {{- end }} 23 | spec: 24 | accessModes: 25 | {{- range .Values.vroom.persistence.accessModes }} 26 | - {{ . | quote }} 27 | {{- end }} 28 | resources: 29 | requests: 30 | storage: {{ .Values.vroom.persistence.size | quote }} 31 | {{- if and (.Values.vroom.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" .Release.Namespace "sentry-vroom-pvc") }} 32 | volumeName: {{ (lookup "v1" "PersistentVolumeClaim" .Release.Namespace "sentry-vroom-pvc").spec.volumeName }} 33 | {{- end }} 34 | {{- if .Values.vroom.persistence.storageClassName }} 35 | storageClassName: {{ .Values.vroom.persistence.storageClassName | quote }} 36 | {{- end }} 37 | {{- end }} 38 | {{- end }} 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/web/service-sentry-web.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.sentry.web.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-web 6 | annotations: 7 | {{- range $key, $value := .Values.sentry.web.service.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | {{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} 11 | cloud.google.com/backend-config: '{"ports": {"{{ .Values.service.externalPort }}":"{{ include "sentry.fullname" . }}-web"}}' 12 | {{- end }} 13 | labels: 14 | app: {{ template "sentry.fullname" . }} 15 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 16 | release: "{{ .Release.Name }}" 17 | heritage: "{{ .Release.Service }}" 18 | {{- include "sentry.component.labels" (dict "component" "web" "ctx" .) | nindent 4 }} 19 | spec: 20 | type: {{ .Values.service.type }} 21 | ports: 22 | - port: {{ .Values.service.externalPort }} 23 | targetPort: {{ template "sentry.port" }} 24 | protocol: TCP 25 | name: {{ .Values.service.name }} 26 | {{- if and (.Values.service.nodePort) (eq .Values.service.type "NodePort") }} 27 | nodePort: {{ .Values.service.nodePort }} 28 | {{- end }} 29 | {{- if .Values.service.externalIPs }} 30 | externalIPs: 31 | {{ toYaml .Values.service.externalIPs | indent 4 }} 32 | {{- end }} 33 | selector: 34 | app: {{ template "sentry.fullname" . }} 35 | role: web 36 | {{- with .Values.service.loadBalancerSourceRanges }} 37 | loadBalancerSourceRanges: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/sentry/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: sentry 3 | description: A Helm chart for Kubernetes 4 | type: application 5 | version: 27.10.0 6 | # renovate image=ghcr.io/getsentry/sentry 7 | appVersion: 25.9.0 8 | dependencies: 9 | - name: memcached 10 | repository: oci://registry-1.docker.io/bitnamicharts 11 | version: 7.5.2 12 | condition: sourcemaps.enabled 13 | - name: redis 14 | repository: oci://registry-1.docker.io/bitnamicharts 15 | version: 17.11.3 16 | condition: redis.enabled 17 | - name: kafka 18 | repository: oci://registry-1.docker.io/bitnamicharts 19 | version: 29.3.14 20 | condition: kafka.enabled 21 | - name: clickhouse 22 | repository: https://sentry-kubernetes.github.io/charts 23 | version: 4.1.1 24 | condition: clickhouse.enabled 25 | - name: zookeeper 26 | repository: oci://registry-1.docker.io/bitnamicharts 27 | version: 11.4.11 28 | condition: zookeeper.enabled 29 | - name: rabbitmq 30 | repository: oci://registry-1.docker.io/bitnamicharts 31 | version: 11.16.2 32 | alias: rabbitmq 33 | condition: rabbitmq.enabled 34 | - name: postgresql 35 | repository: oci://registry-1.docker.io/bitnamicharts 36 | version: 12.5.1 37 | condition: postgresql.enabled 38 | - name: nginx 39 | repository: oci://registry-1.docker.io/bitnamicharts 40 | version: 22.3.9 41 | condition: nginx.enabled 42 | maintainers: 43 | - name: sentry-kubernetes 44 | icon: https://raw.githubusercontent.com/sentry-kubernetes/charts/refs/heads/develop/docs/logo.png 45 | home: https://github.com/sentry-kubernetes/charts 46 | sources: 47 | - https://github.com/sentry-kubernetes/charts/tree/develop/charts/sentry 48 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/web/hpa-web.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentry.web.enabled .Values.sentry.web.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-sentry-web 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "web" "ctx" .) | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "sentry.fullname" . }}-web 13 | minReplicas: {{ .Values.sentry.web.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.sentry.web.autoscaling.maxReplicas }} 15 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 16 | targetCPUUtilizationPercentage: {{ .Values.sentry.web.autoscaling.targetCPUUtilizationPercentage }} 17 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 18 | metrics: 19 | - type: ContainerResource 20 | containerResource: 21 | container: {{ .Chart.Name }}-web 22 | name: cpu 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.sentry.web.autoscaling.targetCPUUtilizationPercentage }} 26 | {{- else }} 27 | metrics: 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ .Values.sentry.web.autoscaling.targetCPUUtilizationPercentage }} 34 | {{- end }} 35 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 36 | {{- with .Values.sentry.web.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/hpa-snuba-api.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.snuba.api.enabled .Values.snuba.api.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-snuba-api 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "snuba-api" "ctx" .) | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "sentry.fullname" . }}-snuba-api 13 | minReplicas: {{ .Values.snuba.api.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.snuba.api.autoscaling.maxReplicas }} 15 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 16 | targetCPUUtilizationPercentage: {{ .Values.snuba.api.autoscaling.targetCPUUtilizationPercentage }} 17 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 18 | metrics: 19 | - type: ContainerResource 20 | containerResource: 21 | container: {{ .Chart.Name }}-snuba 22 | name: cpu 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.snuba.api.autoscaling.targetCPUUtilizationPercentage }} 26 | {{- else }} 27 | metrics: 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ .Values.snuba.api.autoscaling.targetCPUUtilizationPercentage }} 34 | {{- end }} 35 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 36 | {{- with .Values.snuba.api.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/servicemonitor-clickhouse-replica.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.configmap.remote_servers.replica.backup.enabled }} 2 | {{- if .Values.clickhouse.metrics.serviceMonitor.enabled }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | name: {{ include "clickhouse.fullname" . }}-replica 7 | {{- if .Values.clickhouse.metrics.serviceMonitor.namespace }} 8 | namespace: {{ .Values.clickhouse.metrics.serviceMonitor.namespace }} 9 | {{- end }} 10 | labels: 11 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica 12 | app.kubernetes.io/instance: {{ .Release.Name }}-replica 13 | app.kubernetes.io/managed-by: {{ .Release.Service }} 14 | {{- if .Values.clickhouse.metrics.serviceMonitor.selector}} 15 | {{- toYaml .Values.clickhouse.metrics.serviceMonitor.selector | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | namespaceSelector: 19 | matchNames: 20 | - {{ .Release.Namespace }} 21 | selector: 22 | matchLabels: 23 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-replica-metrics 24 | endpoints: 25 | - port: metrics 26 | path: /metrics 27 | {{- if .Values.clickhouse.metrics.serviceMonitor.interval }} 28 | interval: {{ .Values.clickhouse.metrics.serviceMonitor.interval }} 29 | {{- end }} 30 | {{- if .Values.clickhouse.metrics.serviceMonitor.metricRelabelings }} 31 | metricRelabelings: 32 | {{ toYaml .Values.clickhouse.metrics.serviceMonitor.metricRelabelings | indent 6 }} 33 | {{- end }} 34 | {{- if .Values.clickhouse.metrics.serviceMonitor.relabelings }} 35 | relabelings: 36 | {{ toYaml .Values.clickhouse.metrics.serviceMonitor.relabelings | nindent 6 }} 37 | {{- end }} 38 | --- 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/vroom/hpa-vroom.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if .Values.vroom.autoscaling.enabled }} 3 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-vroom 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "vroom" "ctx" .) | nindent 4 }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: {{ template "sentry.fullname" . }}-vroom 14 | minReplicas: {{ .Values.vroom.autoscaling.minReplicas }} 15 | maxReplicas: {{ .Values.vroom.autoscaling.maxReplicas }} 16 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 17 | targetCPUUtilizationPercentage: {{ .Values.vroom.autoscaling.targetCPUUtilizationPercentage }} 18 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 19 | metrics: 20 | - type: ContainerResource 21 | containerResource: 22 | container: {{ .Chart.Name }}-vroom 23 | name: cpu 24 | target: 25 | type: Utilization 26 | averageUtilization: {{ .Values.vroom.autoscaling.targetCPUUtilizationPercentage }} 27 | {{- else }} 28 | metrics: 29 | - type: Resource 30 | resource: 31 | name: cpu 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.vroom.autoscaling.targetCPUUtilizationPercentage }} 35 | {{- end }} 36 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 37 | {{- with .Values.vroom.autoscaling.behavior }} 38 | behavior: 39 | {{- toYaml . | nindent 4 }} 40 | {{- end }} 41 | {{- end }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/worker/hpa-worker.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentry.worker.enabled .Values.sentry.worker.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-sentry-worker 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "worker" "ctx" .) | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "sentry.fullname" . }}-worker 13 | minReplicas: {{ .Values.sentry.worker.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.sentry.worker.autoscaling.maxReplicas }} 15 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 16 | targetCPUUtilizationPercentage: {{ .Values.sentry.worker.autoscaling.targetCPUUtilizationPercentage }} 17 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 18 | metrics: 19 | - type: ContainerResource 20 | containerResource: 21 | container: {{ .Chart.Name }}-worker 22 | name: cpu 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.sentry.worker.autoscaling.targetCPUUtilizationPercentage }} 26 | {{- else }} 27 | metrics: 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ .Values.sentry.worker.autoscaling.targetCPUUtilizationPercentage }} 34 | {{- end }} 35 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 36 | {{- with .Values.sentry.worker.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/worker/hpa-worker-events.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentry.workerEvents.enabled .Values.sentry.workerEvents.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-sentry-worker-events 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "worker-events" "ctx" .) | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "sentry.fullname" . }}-worker-events 13 | minReplicas: {{ .Values.sentry.workerEvents.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.sentry.workerEvents.autoscaling.maxReplicas }} 15 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 16 | targetCPUUtilizationPercentage: {{ .Values.sentry.workerEvents.autoscaling.targetCPUUtilizationPercentage }} 17 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 18 | metrics: 19 | - type: ContainerResource 20 | containerResource: 21 | container: {{ .Chart.Name }}-worker 22 | name: cpu 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.sentry.workerEvents.autoscaling.targetCPUUtilizationPercentage }} 26 | {{- else }} 27 | metrics: 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ .Values.sentry.workerEvents.autoscaling.targetCPUUtilizationPercentage }} 34 | {{- end }} 35 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 36 | {{- with .Values.sentry.workerEvents.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /.github/workflows/conventional-commits-check.yaml: -------------------------------------------------------------------------------- 1 | name: Conventional Commits Check 2 | 3 | on: 4 | pull_request: 5 | types: [opened, synchronize, reopened, edited] 6 | 7 | jobs: 8 | check-conventional-commits: 9 | name: Conventional Commits 10 | runs-on: ubuntu-latest 11 | permissions: 12 | pull-requests: read 13 | steps: 14 | - uses: actions/checkout@v4 15 | with: 16 | fetch-depth: 0 17 | 18 | - name: Check Commit Conventions 19 | uses: webiny/action-conventional-commits@v1.3.0 20 | 21 | - name: Check Semantic Pull Request title 22 | uses: amannn/action-semantic-pull-request@v5 23 | id: lint_pr_title 24 | env: 25 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 26 | 27 | - uses: marocchino/sticky-pull-request-comment@v2 28 | # When the previous steps fails, the workflow would stop. By adding this 29 | # condition you can continue the execution with the populated error message. 30 | if: always() && (steps.lint_pr_title.outputs.error_message != null) 31 | with: 32 | header: pr-title-lint-error 33 | message: | 34 | Hey there and thank you for opening this pull request! 👋🏼 35 | 36 | We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. 37 | 38 | Details: 39 | 40 | ``` 41 | ${{ steps.lint_pr_title.outputs.error_message }} 42 | ``` 43 | 44 | # Delete a previous comment when the issue has been resolved 45 | - if: ${{ steps.lint_pr_title.outputs.error_message == null }} 46 | uses: marocchino/sticky-pull-request-comment@v2 47 | with: 48 | header: pr-title-lint-error 49 | delete: true 50 | -------------------------------------------------------------------------------- /charts/sentry/templates/relay/hpa-relay.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.relay.enabled .Values.relay.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-relay 6 | annotations: 7 | meta.helm.sh/release-name: "{{ .Release.Name }}" 8 | meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" 9 | "helm.sh/hook": "post-install,post-upgrade" 10 | "helm.sh/hook-weight": "25" 11 | labels: 12 | {{- include "sentry.component.labels" (dict "component" "relay" "ctx" .) | nindent 4 }} 13 | spec: 14 | scaleTargetRef: 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | name: {{ template "sentry.fullname" . }}-relay 18 | minReplicas: {{ .Values.relay.autoscaling.minReplicas }} 19 | maxReplicas: {{ .Values.relay.autoscaling.maxReplicas }} 20 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 21 | targetCPUUtilizationPercentage: {{ .Values.relay.autoscaling.targetCPUUtilizationPercentage }} 22 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 23 | metrics: 24 | - type: ContainerResource 25 | containerResource: 26 | container: {{ .Chart.Name }}-relay 27 | name: cpu 28 | target: 29 | type: Utilization 30 | averageUtilization: {{ .Values.relay.autoscaling.targetCPUUtilizationPercentage }} 31 | {{- else }} 32 | metrics: 33 | - type: Resource 34 | resource: 35 | name: cpu 36 | target: 37 | type: Utilization 38 | averageUtilization: {{ .Values.relay.autoscaling.targetCPUUtilizationPercentage }} 39 | {{- end }} 40 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 41 | {{- with .Values.relay.autoscaling.behavior }} 42 | behavior: 43 | {{- toYaml . | nindent 4 }} 44 | {{- end }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /.github/workflows/lint-test.yaml: -------------------------------------------------------------------------------- 1 | name: Lint and Test Charts 2 | 3 | on: pull_request 4 | 5 | concurrency: 6 | group: ${{ github.workflow }}-${{ github.ref }} 7 | cancel-in-progress: true 8 | 9 | jobs: 10 | lint-test: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v4 15 | with: 16 | fetch-depth: 0 17 | 18 | - name: Set up Helm 19 | uses: azure/setup-helm@v4.3.0 20 | with: 21 | version: v3.14.4 22 | 23 | - uses: actions/setup-python@v5 24 | with: 25 | python-version: '3.9' 26 | check-latest: true 27 | 28 | - name: Set up chart-testing 29 | uses: helm/chart-testing-action@v2.7.0 30 | 31 | - name: Add Helm Repositories 32 | run: | 33 | helm repo add sentry-kubernetes https://sentry-kubernetes.github.io/charts 34 | helm repo add bitnami https://charts.bitnami.com/bitnami 35 | helm repo update 36 | 37 | - name: Run chart-testing (list-changed) 38 | id: list-changed 39 | run: | 40 | changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) 41 | if [[ -n "$changed" ]]; then 42 | echo "changed=true" >> "$GITHUB_OUTPUT" 43 | fi 44 | 45 | - name: Run chart-testing (lint) 46 | if: steps.list-changed.outputs.changed == 'true' 47 | run: ct lint --target-branch ${{ github.event.repository.default_branch }} --check-version-increment=false 48 | 49 | - name: Create kind cluster 50 | if: steps.list-changed.outputs.changed == 'true' 51 | uses: helm/kind-action@v1.12.0 52 | 53 | - name: Run chart-testing (install) 54 | if: steps.list-changed.outputs.changed == 'true' 55 | run: ct install --debug --target-branch ${{ github.event.repository.default_branch }} --helm-extra-args "--timeout 1000s" 56 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/worker/hpa-worker-transactions.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentry.workerTransactions.enabled .Values.sentry.workerTransactions.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-sentry-worker-transactions 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "worker-transactions" "ctx" .) | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "sentry.fullname" . }}-worker-transactions 13 | minReplicas: {{ .Values.sentry.workerTransactions.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.sentry.workerTransactions.autoscaling.maxReplicas }} 15 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 16 | targetCPUUtilizationPercentage: {{ .Values.sentry.workerTransactions.autoscaling.targetCPUUtilizationPercentage }} 17 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 18 | metrics: 19 | - type: ContainerResource 20 | containerResource: 21 | container: {{ .Chart.Name }}-worker 22 | name: cpu 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.sentry.workerTransactions.autoscaling.targetCPUUtilizationPercentage }} 26 | {{- else }} 27 | metrics: 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ .Values.sentry.workerTransactions.autoscaling.targetCPUUtilizationPercentage }} 34 | {{- end }} 35 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 36 | {{- with .Values.sentry.workerTransactions.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/metrics/servicemonitor-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-metrics 6 | {{- if .Values.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: 10 | app: {{ template "sentry.fullname" . }} 11 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 12 | release: "{{ .Release.Name }}" 13 | heritage: "{{ .Release.Service }}" 14 | {{- include "sentry.component.labels" (dict "component" "metrics" "ctx" .) | nindent 4 }} 15 | {{- if .Values.metrics.serviceMonitor.additionalLabels }} 16 | {{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} 17 | {{- end }} 18 | spec: 19 | endpoints: 20 | - port: metrics 21 | interval: {{ .Values.metrics.serviceMonitor.scrapeInterval }} 22 | {{- if .Values.metrics.serviceMonitor.honorLabels }} 23 | honorLabels: true 24 | {{- end }} 25 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }} 26 | metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} 27 | {{- end }} 28 | {{- if .Values.metrics.serviceMonitor.relabelings }} 29 | relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} 30 | {{- end }} 31 | {{- if .Values.metrics.serviceMonitor.namespaceSelector }} 32 | namespaceSelector: 33 | {{ toYaml .Values.metrics.serviceMonitor.namespaceSelector | indent 4 -}} 34 | {{ else }} 35 | namespaceSelector: 36 | matchNames: 37 | - {{ .Release.Namespace }} 38 | {{- end }} 39 | selector: 40 | matchLabels: 41 | app: {{ template "sentry.fullname" . }}-metrics 42 | release: "{{ .Release.Name }}" 43 | role: metrics 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/events/hpa-ingest-consumer-events.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentry.ingestConsumerEvents.enabled .Values.sentry.ingestConsumerEvents.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-sentry-ingest-consumer-events 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "ingest-consumer-events" "ctx" .) | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "sentry.fullname" . }}-ingest-consumer-events 13 | minReplicas: {{ .Values.sentry.ingestConsumerEvents.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.sentry.ingestConsumerEvents.autoscaling.maxReplicas }} 15 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 16 | targetCPUUtilizationPercentage: {{ .Values.sentry.ingestConsumerEvents.autoscaling.targetCPUUtilizationPercentage }} 17 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 18 | metrics: 19 | - type: ContainerResource 20 | containerResource: 21 | container: {{ .Chart.Name }}-ingest-consumer-events 22 | name: cpu 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.sentry.ingestConsumerEvents.autoscaling.targetCPUUtilizationPercentage }} 26 | {{- else }} 27 | metrics: 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ .Values.sentry.ingestConsumerEvents.autoscaling.targetCPUUtilizationPercentage }} 34 | {{- end }} 35 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 36 | {{- with .Values.sentry.ingestConsumerEvents.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "clickhouse.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "clickhouse.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "clickhouse.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Create clickhouse path. 36 | if .Values.clickhouse.path is empty, default value "/var/lib/clickhouse". 37 | */}} 38 | {{- define "clickhouse.fullpath" -}} 39 | {{- if .Values.clickhouse.path -}} 40 | {{- .Values.clickhouse.path | trunc 63 | trimSuffix "-" -}} 41 | {{- else -}} 42 | {{- printf "%s" "/var/lib/clickhouse" -}} 43 | {{- end -}} 44 | {{- end -}} 45 | 46 | {{/* 47 | Create clickhouse log path. 48 | if .Values.clickhouse.configmap.logger.path is empty, default value "/var/log/clickhouse-server". 49 | */}} 50 | {{- define "clickhouse.logpath" -}} 51 | {{- if .Values.clickhouse.configmap.logger.path -}} 52 | {{- .Values.clickhouse.configmap.logger.path | trunc 63 | trimSuffix "-" -}} 53 | {{- else -}} 54 | {{- printf "%s" "/var/log/clickhouse-server" -}} 55 | {{- end -}} 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /charts/sentry/templates/geoip/deployment-geoip-job.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.geodata.accountID }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: geoip-install-job 6 | annotations: 7 | "helm.sh/hook": "post-install,post-upgrade" 8 | "helm.sh/hook-weight": "9" 9 | spec: 10 | template: 11 | metadata: 12 | {{- if .Values.geodata.annotations }} 13 | annotations: 14 | {{ toYaml .Values.geodata.annotations | indent 8 }} 15 | {{- end }} 16 | spec: 17 | {{- if .Values.serviceAccount.enabled }} 18 | serviceAccountName: {{ .Values.serviceAccount.name }}-geoip 19 | {{- end }} 20 | initContainers: 21 | - name: init-create-geoip-dir 22 | image: busybox 23 | command: ['sh', '-c', 'mkdir -p /usr/share/GeoIP'] 24 | volumeMounts: 25 | - name: {{ .Values.geodata.volumeName }} 26 | mountPath: {{ .Values.geodata.mountPath }} 27 | - name: init-geoip-conf 28 | image: busybox 29 | command: ['sh', '-c', 'echo -e "AccountID $(echo $GEOIPUPDATE_ACCOUNT_ID)\nLicenseKey $(echo $GEOIPUPDATE_LICENSE_KEY)\nEditionIDs $(echo $GEOIPUPDATE_EDITION_IDS)" > /usr/share/GeoIP/GeoIP.conf'] 30 | envFrom: 31 | - secretRef: 32 | name: {{ template "sentry.fullname" . }}-geoip-env 33 | volumeMounts: 34 | - name: {{ .Values.geodata.volumeName }} 35 | mountPath: {{ .Values.geodata.mountPath }} 36 | containers: 37 | - name: geoipupdate 38 | image: ghcr.io/maxmind/geoipupdate:v7.0.1 39 | envFrom: 40 | - secretRef: 41 | name: {{ template "sentry.fullname" . }}-geoip-env 42 | volumeMounts: 43 | - name: {{ .Values.geodata.volumeName }} 44 | mountPath: {{ .Values.geodata.mountPath }} 45 | volumes: 46 | - name: {{ .Values.geodata.volumeName }} 47 | persistentVolumeClaim: 48 | claimName: data-sentry-geoip 49 | restartPolicy: OnFailure 50 | {{- end }} 51 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/attachments/hpa-ingest-consumer-attachments.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentry.ingestConsumerAttachments.enabled .Values.sentry.ingestConsumerAttachments.autoscaling.enabled }} 2 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-sentry-ingest-consumer-attachments 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "ingest-consumer-attachments" "ctx" .) | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "sentry.fullname" . }}-ingest-consumer-attachments 13 | minReplicas: {{ .Values.sentry.ingestConsumerAttachments.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.sentry.ingestConsumerAttachments.autoscaling.maxReplicas }} 15 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 16 | targetCPUUtilizationPercentage: {{ .Values.sentry.ingestConsumerAttachments.autoscaling.targetCPUUtilizationPercentage }} 17 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 18 | metrics: 19 | - type: ContainerResource 20 | containerResource: 21 | container: {{ .Chart.Name }}-ingest-consumer-attachments 22 | name: cpu 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ .Values.sentry.ingestConsumerAttachments.autoscaling.targetCPUUtilizationPercentage }} 26 | {{- else }} 27 | metrics: 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ .Values.sentry.ingestConsumerAttachments.autoscaling.targetCPUUtilizationPercentage }} 34 | {{- end }} 35 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 36 | {{- with .Values.sentry.ingestConsumerAttachments.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for sentry-kubernetes. 2 | 3 | sentry: 4 | dsn: 5 | # environment: production 6 | # release: "1.0.0" 7 | # logLevel: info 8 | # watchNamespaces: "default,production" 9 | # watchHistorical: "1" 10 | # clusterConfigType: auto 11 | # kubeconfigPath: "/path/to/kubeconfig" 12 | # monitorCronjobs: "1" 13 | # customDsns: "1" 14 | # This can be use to add custom env var to the pod if not yet supported by the chart. 15 | # appendEnv: 16 | # - name: SENTRY_NEW_ENV_1 17 | # value: "newvalues" 18 | # - name: SENTRY_NEW_ENV_2 19 | # value: "newvalues" 20 | 21 | # Sentry DSN config using an existing secret: 22 | # existingSecret: 23 | image: 24 | repository: ghcr.io/getsentry/sentry-kubernetes 25 | # Tag should be set in hard in the charts when getsentry will do the job of releasing version. 26 | tag: latest 27 | pullPolicy: Always 28 | resources: {} 29 | # limits: 30 | # cpu: 100m 31 | # memory: 128Mi 32 | # requests: 33 | # cpu: 100m 34 | # memory: 128Mi 35 | 36 | serviceAccount: 37 | # Specifies whether a ServiceAccount should be created 38 | create: true 39 | # The name of the ServiceAccount to use. 40 | # If not set and create is true, a name is generated using the fullname template 41 | name: 42 | # if your need more specific cluster_roles for security reason, custom will be used in place 43 | 44 | rbac: 45 | # Specifies whether RBAC resources should be created 46 | create: true 47 | # Exemple of custom rules necessary for cronjob and other issues catching. 48 | # custom_rules: 49 | # - verbs: 50 | # - get 51 | # - list 52 | # - watch 53 | # apiGroups: 54 | # - 'apps' 55 | # - 'batch' 56 | # - '' 57 | # resources: 58 | # - events 59 | # - jobs 60 | # - deployments 61 | # - replicasets 62 | # - cronjobs 63 | # - pods 64 | 65 | # Set priorityCLassName in deployment 66 | # priorityClassName: "" 67 | 68 | podLabels: {} 69 | podAnnotations: {} 70 | -------------------------------------------------------------------------------- /charts/sentry/templates/configmap-nginx.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.nginx.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-nginx 6 | labels: 7 | {{- include "sentry.component.labels" (dict "component" "nginx" "ctx" .) | nindent 4 }} 8 | data: 9 | server-block.conf: | 10 | {{ if .Values.relay.enabled }} 11 | upstream relay { 12 | server {{ template "sentry.fullname" . }}-relay:{{ template "relay.port" }}; 13 | } 14 | {{ end -}} 15 | 16 | upstream sentry { 17 | server {{ template "sentry.fullname" . }}-web:{{ template "sentry.port" }}; 18 | } 19 | 20 | server { 21 | listen {{ template "nginx.port" }}; 22 | {{- if .Values.ipv6 }} 23 | listen [::]:{{ template "nginx.port" }}; 24 | {{- end }} 25 | 26 | proxy_redirect off; 27 | proxy_buffer_size 128k; 28 | proxy_buffers 4 256k; 29 | proxy_busy_buffers_size 256k; 30 | proxy_set_header Host $host; 31 | 32 | {{ if .Values.relay.enabled }} 33 | location /api/store/ { 34 | proxy_pass http://relay; 35 | } 36 | 37 | location ~ ^/api/[1-9]\d*/ { 38 | proxy_pass http://relay; 39 | } 40 | 41 | location ^~ /api/0/relays/ { 42 | proxy_pass http://relay; 43 | } 44 | {{ end -}} 45 | 46 | {{ if or .Values.nginx.metrics.enabled .Values.nginx.metrics.serviceMonitor.enabled -}} 47 | location = /status/ { 48 | stub_status on; 49 | access_log off; 50 | } 51 | 52 | {{ end -}} 53 | 54 | location / { 55 | proxy_pass http://sentry; 56 | } 57 | 58 | location /_assets/ { 59 | proxy_pass http://sentry/_static/dist/sentry/; 60 | proxy_hide_header Content-Disposition; 61 | } 62 | 63 | location /_static/ { 64 | proxy_pass http://sentry; 65 | proxy_hide_header Content-Disposition; 66 | } 67 | 68 | {{- if .Values.nginx.extraLocationSnippet }} 69 | {{ .Values.nginx.extraLocationSnippet | nindent 6 }} 70 | {{- end }} 71 | 72 | } 73 | {{- end }} 74 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/ingest/transactions/hpa-ingest-consumer-transactions.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if and .Values.sentry.ingestConsumerTransactions.enabled .Values.sentry.ingestConsumerTransactions.autoscaling.enabled }} 3 | apiVersion: {{ template "sentry.autoscaling.apiVersion" . }} 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-sentry-ingest-consumer-transactions 7 | labels: 8 | {{- include "sentry.component.labels" (dict "component" "ingest-consumer-transactions" "ctx" .) | nindent 4 }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: {{ template "sentry.fullname" . }}-ingest-consumer-transactions 14 | minReplicas: {{ .Values.sentry.ingestConsumerTransactions.autoscaling.minReplicas }} 15 | maxReplicas: {{ .Values.sentry.ingestConsumerTransactions.autoscaling.maxReplicas }} 16 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v1" }} 17 | targetCPUUtilizationPercentage: {{ .Values.sentry.ingestConsumerTransactions.autoscaling.targetCPUUtilizationPercentage }} 18 | {{- else if semverCompare ">=1.27-0" .Capabilities.KubeVersion.GitVersion }} 19 | metrics: 20 | - type: ContainerResource 21 | containerResource: 22 | container: {{ .Chart.Name }}-ingest-consumer-transactions 23 | name: cpu 24 | target: 25 | type: Utilization 26 | averageUtilization: {{ .Values.sentry.ingestConsumerTransactions.autoscaling.targetCPUUtilizationPercentage }} 27 | {{- else }} 28 | metrics: 29 | - type: Resource 30 | resource: 31 | name: cpu 32 | target: 33 | type: Utilization 34 | averageUtilization: {{ .Values.sentry.ingestConsumerTransactions.autoscaling.targetCPUUtilizationPercentage }} 35 | {{- end }} 36 | {{- if eq (include "sentry.autoscaling.apiVersion" .) "autoscaling/v2" }} 37 | {{- with .Values.sentry.ingestConsumerTransactions.autoscaling.behavior }} 38 | behavior: 39 | {{- toYaml . | nindent 4 }} 40 | {{- end }} 41 | {{- end }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /.github/workflows/push.yaml: -------------------------------------------------------------------------------- 1 | name: Build and push Chart 2 | 3 | on: 4 | push: 5 | tags: 6 | - '*' 7 | 8 | jobs: 9 | build-push: 10 | runs-on: ubuntu-latest 11 | steps: 12 | 13 | - uses: actions/checkout@v4 14 | with: 15 | path: 'main' 16 | 17 | - uses: actions/checkout@v4 18 | with: 19 | path: 'gh-pages' 20 | 21 | - run: | 22 | cd gh-pages 23 | git config --local user.email "action@github.com" 24 | git config --local user.name "GitHub Action" 25 | git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/* 26 | git checkout gh-pages 27 | 28 | - name: Build clickhouse chart 29 | uses: WyriHaximus/github-action-helm3@v4 30 | with: 31 | exec: helm package -u main/charts/clickhouse --destination gh-pages/charts 32 | 33 | - name: Build sentry chart 34 | uses: WyriHaximus/github-action-helm3@v4 35 | with: 36 | exec: helm package -u main/charts/sentry --destination gh-pages/charts 37 | 38 | - name: Build sentry-kubernetes chart 39 | uses: WyriHaximus/github-action-helm3@v4 40 | with: 41 | exec: helm package -u main/charts/sentry-kubernetes --destination gh-pages/charts 42 | 43 | - name: Build sentry-kubernetes chart 44 | uses: WyriHaximus/github-action-helm3@v4 45 | with: 46 | exec: helm repo index --url https://sentry-kubernetes.github.io/charts ./gh-pages/charts 47 | 48 | - name: Commit files 49 | run: | 50 | cd gh-pages 51 | git add . 52 | git commit -m "Add changes" -a 53 | 54 | - name: Push changes 55 | uses: ad-m/github-push-action@9870d48124da805820c70ebc6ba563c715551019 56 | with: 57 | github_token: ${{ secrets.GITHUB_TOKEN }} 58 | branch: gh-pages 59 | directory: gh-pages 60 | 61 | - name: Deploy 62 | uses: peaceiris/actions-gh-pages@v2 63 | env: 64 | PERSONAL_TOKEN: ${{ secrets.PERSONAL_TOKEN }} 65 | PUBLISH_BRANCH: gh-pages 66 | PUBLISH_DIR: ./gh-pages/charts 67 | with: 68 | keepFiles: true 69 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/configmap-users.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.configmap.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }}-users 6 | labels: 7 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-users 8 | app.kubernetes.io/instance: {{ .Release.Name }}-users 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | data: 11 | users.xml: |- 12 | 13 | 14 | {{- if .Values.clickhouse.configmap.profiles.enabled }} 15 | 16 | {{- range .Values.clickhouse.configmap.profiles.profile }} 17 | {{- with . }} 18 | <{{ .name }}> 19 | {{- range $k_1, $v_1 := .config }} 20 | <{{ $k_1 }}>{{ $v_1 }} 21 | {{- end }} 22 | 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{- end }} 27 | 28 | {{- if .Values.clickhouse.configmap.users.enabled }} 29 | 30 | {{- range $key, $value := .Values.clickhouse.configmap.users.user }} 31 | {{- with . }} 32 | <{{ .name }}> 33 | {{- range $k_1, $v_1 := .config }} 34 | {{- if (eq "networks" $k_1) }} 35 | 36 | {{- range $v_1 }} 37 | {{- with .}} 38 | {{ . }} 39 | {{- end }} 40 | {{- end }} 41 | 42 | {{- else }} 43 | <{{ $k_1 }}>{{ $v_1 }} 44 | {{- end }} 45 | {{- end }} 46 | 47 | {{- end }} 48 | {{- end }} 49 | 50 | {{- end }} 51 | 52 | {{- if .Values.clickhouse.configmap.quotas.enabled }} 53 | 54 | {{- range $key, $value := .Values.clickhouse.configmap.quotas.quota }} 55 | {{- with . }} 56 | <{{ .name }}> 57 | {{- range $val := .config }} 58 | {{- range $k_1, $v_1 := $val }} 59 | <{{ $k_1 }}>{{ $v_1 }} 60 | {{- end }} 61 | {{- end }} 62 | 63 | {{- end }} 64 | {{- end }} 65 | 66 | {{- end }} 67 | 68 | {{- end }} 69 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "sentry-kubernetes.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "sentry-kubernetes.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "sentry-kubernetes.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* Generate basic labels */}} 35 | {{- define "sentry-kubernetes.labels" }} 36 | app: {{ template "sentry-kubernetes.name" . }} 37 | heritage: {{.Release.Service }} 38 | release: {{.Release.Name }} 39 | chart: {{ template "sentry-kubernetes.chart" . }} 40 | {{- if .Values.podLabels}} 41 | {{ toYaml .Values.podLabels }} 42 | {{- end }} 43 | {{- end }} 44 | 45 | {{/* 46 | Create the name of the service account to use 47 | */}} 48 | {{- define "sentry-kubernetes.serviceAccountName" -}} 49 | {{- if .Values.serviceAccount.create -}} 50 | {{ default (include "sentry-kubernetes.fullname" .) .Values.serviceAccount.name }} 51 | {{- else -}} 52 | {{ default "default" .Values.serviceAccount.name }} 53 | {{- end -}} 54 | {{- end -}} 55 | 56 | {{/* 57 | Get the DSN 58 | */}} 59 | {{- define "sentry-kubernetes.secretName" -}} 60 | {{- if .Values.existingSecret -}} 61 | {{- printf "%s" .Values.existingSecret -}} 62 | {{- else -}} 63 | {{- printf "%s" (include "sentry-kubernetes.fullname" .) -}} 64 | {{- end -}} 65 | {{- end -}} 66 | 67 | {{/* 68 | Return true if a secret object should be created 69 | */}} 70 | {{- define "sentry-kubernetes.createSecret" -}} 71 | {{- if .Values.existingSecret -}} 72 | {{- else -}} 73 | {{- true -}} 74 | {{- end -}} 75 | {{- end -}} 76 | -------------------------------------------------------------------------------- /charts/sentry/templates/pgbouncer/pgbouncer-deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pgbouncer.enabled }} 2 | --- 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-pgbouncer 7 | labels: 8 | app: {{ template "sentry.fullname" . }}-pgbouncer 9 | {{- include "sentry.component.labels" (dict "component" "pgbouncer" "ctx" .) | nindent 4 }} 10 | spec: 11 | replicas: {{ .Values.pgbouncer.replicas }} 12 | selector: 13 | matchLabels: 14 | app: {{ template "sentry.fullname" . }}-pgbouncer 15 | {{- if .Values.pgbouncer.updateStrategy }} 16 | strategy: 17 | {{ toYaml .Values.pgbouncer.updateStrategy | nindent 4 }} 18 | {{- end }} 19 | template: 20 | metadata: 21 | labels: 22 | app: {{ template "sentry.fullname" . }}-pgbouncer 23 | {{- include "sentry.component.labels" (dict "component" "pgbouncer" "ctx" .) | nindent 8 }} 24 | spec: 25 | containers: 26 | - name: pgbouncer 27 | image: {{ .Values.pgbouncer.image.repository }}:{{ .Values.pgbouncer.image.tag }} 28 | imagePullPolicy: {{ .Values.pgbouncer.image.pullPolicy }} 29 | resources: 30 | {{ toYaml .Values.pgbouncer.resources | nindent 10 }} 31 | env: 32 | {{- if .Values.pgbouncer.env }} 33 | {{ toYaml .Values.pgbouncer.env | nindent 10 }} 34 | {{- end }} 35 | {{ include "sentry.pgbouncer.env" . | nindent 10 }} 36 | - name: PGBOUNCER_PORT 37 | value: "5432" 38 | - name: PGBOUNCER_AUTH_TYPE 39 | value: {{ .Values.pgbouncer.authType | quote }} 40 | - name: PGBOUNCER_MAX_CLIENT_CONN 41 | value: {{ .Values.pgbouncer.maxClientConn | quote }} 42 | - name: PGBOUNCER_DEFAULT_POOL_SIZE 43 | value: {{ .Values.pgbouncer.poolSize | quote }} 44 | - name: PGBOUNCER_POOL_MODE 45 | value: {{ .Values.pgbouncer.poolMode | quote }} 46 | ports: 47 | - containerPort: 5432 48 | name: pgbouncer 49 | protocol: TCP 50 | {{- if .Values.pgbouncer.nodeSelector }} 51 | nodeSelector: 52 | {{ toYaml .Values.pgbouncer.nodeSelector | nindent 8 }} 53 | {{- end }} 54 | {{- if .Values.pgbouncer.tolerations }} 55 | tolerations: 56 | {{ toYaml .Values.pgbouncer.tolerations | nindent 8 }} 57 | {{- end }} 58 | {{- if .Values.pgbouncer.affinity }} 59 | affinity: 60 | {{ toYaml .Values.pgbouncer.affinity | nindent 8 }} 61 | {{- end }} 62 | {{- if .Values.pgbouncer.topologySpreadConstraints }} 63 | topologySpreadConstraints: 64 | {{ toYaml .Values.pgbouncer.topologySpreadConstraints | nindent 8 }} 65 | {{- end }} 66 | {{- if .Values.pgbouncer.priorityClassName }} 67 | priorityClassName: "{{ .Values.pgbouncer.priorityClassName }}" 68 | {{- end }} 69 | terminationGracePeriodSeconds: 10 70 | {{- end }} 71 | -------------------------------------------------------------------------------- /charts/sentry/docs/usage-digitalocean.md: -------------------------------------------------------------------------------- 1 | # Usage with DigitalOcean 2 | 3 | ## Ingress Controller 4 | 5 | DigitalOcean does not create an Ingress Controller or LoadBalancer when the sentry chart is installed. 6 | This usage example is for when you want to do SSL termination at LoadBalancer. 7 | 8 | #### Create an `ingress.yaml` file with the following content. 9 | 10 | ```yaml 11 | controller: 12 | name: controller 13 | service: 14 | # This redirects the https request to http port after SSL termination 15 | targetPorts: 16 | http: http 17 | https: http 18 | annotations: 19 | service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true" 20 | service.beta.kubernetes.io/do-loadbalancer-certificate-id: {{.DO_CERTIFICATE_ID}} 21 | service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" 22 | service.beta.kubernetes.io/do-loadbalancer-hostname: {{.SENTRY_HOST}} 23 | service.beta.kubernetes.io/do-loadbalancer-name: {{.SENTRY_HOST}} 24 | config: 25 | use-forwarded-headers: "true" 26 | compute-full-forwarded-for: "true" 27 | use-proxy-protocol: "true" 28 | ``` 29 | 30 | You can obtain the certificate id from doctl or [terraform](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/certificate) 31 | 32 | #### Install the ingress controller to your cluster 33 | 34 | ```shell 35 | helm upgrade --install ingress-nginx ingress-nginx \ 36 | --repo https://kubernetes.github.io/ingress-nginx \ 37 | --namespace ingress-nginx --create-namespace -f ingress.yaml 38 | ``` 39 | 40 | ```shell 41 | doctl compute certificate list 42 | ``` 43 | 44 | ## Chart configuration 45 | 46 | `values.yaml` 47 | ```yaml 48 | prefix: 49 | 50 | # Required only when installing 51 | user: 52 | create: true 53 | email: {{.SENTRY_EMAIL}} 54 | password: {{.SENTRY_PASSWORD}} 55 | 56 | nginx: 57 | enabled: false 58 | 59 | ingress: 60 | enabled: true 61 | hostname: {{.SENTRY_HOST}} 62 | regexPathStyle: nginx 63 | annotations: 64 | kubernetes.io/ingress.class: "nginx" 65 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 66 | 67 | system: 68 | url: "https://$SENTRY_HOST" 69 | public: true 70 | secret: {{.SENTRY_SECRET}} 71 | 72 | postgresql: 73 | enabled: false 74 | 75 | # DigitalOcean managed database uses port 25060 and needs SSL to be enabled 76 | externalPostgresql: 77 | host: {{.SENTRY_DO_DB_HOST}} 78 | port: 25060 79 | database: {{.SENTRY_DO_DB_NAME}} 80 | username: {{.SENTRY_DO_DB_USER}} 81 | password: {{.SENTRY_DO_DB_PASSWORD}} 82 | sslMode: require 83 | ``` 84 | 85 | 86 | ### Notes 87 | 88 | 1. Nginx Ingress Service can be configured with [chart values](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx) and [annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/). 89 | 2. Annotations for DO Load Balancer are as mentioned [here](https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md) 90 | -------------------------------------------------------------------------------- /charts/sentry/docs/UPGRADE.md: -------------------------------------------------------------------------------- 1 | # Upgrade 2 | 3 | ## Upgrading from 13.x.x version of this Chart to 14.0.0 4 | 5 | ClickHouse was reconfigured with sharding and replication in-mind, If you are using external ClickHouse, you don't need to do anything. 6 | 7 | **WARNING**: You will lose current event data
8 | Otherwise, you should delete the old ClickHouse volumes in-order to upgrade to this version. 9 | 10 | 11 | ## Upgrading from 12.x.x version of this Chart to 13.0.0 12 | 13 | The service annotions have been moved from the `service` section to the respective service's service sub-section. So what was: 14 | 15 | ```yaml 16 | service: 17 | annotations: 18 | alb.ingress.kubernetes.io/healthcheck-path: /_health/ 19 | alb.ingress.kubernetes.io/healthcheck-port: traffic-port 20 | ``` 21 | 22 | will now be set per service: 23 | 24 | ```yaml 25 | sentry: 26 | web: 27 | service: 28 | annotations: 29 | alb.ingress.kubernetes.io/healthcheck-path: /_health/ 30 | alb.ingress.kubernetes.io/healthcheck-port: traffic-port 31 | 32 | relay: 33 | service: 34 | annotations: 35 | alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/ 36 | alb.ingress.kubernetes.io/healthcheck-port: traffic-port 37 | ``` 38 | 39 | ## Upgrading from 11.x.x version of this Chart to 12.0.0 40 | 41 | Redis chart was upgraded to newer version. If you are using external redis, you don't need to do anything. 42 | 43 | Otherwise, when upgrading to chart version 12.x.x from 11.x.x you need to either run `helm upgrade` with `--force` flag, or prior to upgrade delete statefulsets for redis master and redis slave. Then run upgrade and it will roll out new statefulsets. Your master redis data will not be lost (PVC is not deleted when you delete statefulset). Your redis slave will now be named redis replica and you can delete PVCs that were used by redis slave after the upgrade. 44 | 45 | ## Upgrading from 10.x.x version of this Chart to 11.0.0 46 | 47 | If you were using clickhouse tabix externally, we disabled it per default. 48 | 49 | ## Upgrading from deprecated 9.0 -> 10.0 Chart 50 | 51 | As this chart runs in helm 3 and also tries its best to follow on from the original Sentry chart. There are some steps that needs to be taken in order to correctly upgrade. 52 | 53 | From the previous upgrade, make sure to get the following from your previous installation: 54 | 55 | - Redis Password (If Redis auth was enabled) 56 | - Postgresql Password 57 | Both should be in the `secrets` of your original 9.0 release. Make a note of both of these values. 58 | 59 | ### Upgrade Steps 60 | 61 | Due to an issue where transferring from Helm 2 to 3. Statefulsets that use the following: `heritage: {{ .Release.Service }}` in the metadata field will error out with a `Forbidden` error during the upgrade. The only workaround is to delete the existing statefulsets (Don't worry, PVC will be retained): 62 | 63 | ```shell 64 | kubectl delete --all sts -n 65 | ``` 66 | 67 | Once the statefulsets are deleted. Next steps is to convert the helm release from version 2 to 3 using the helm 3 plugin: 68 | 69 | ```shell 70 | helm3 2to3 convert 71 | ``` 72 | 73 | Finally, it's just a case of upgrading and ensuring the correct params are used: 74 | 75 | If Redis auth enabled: 76 | 77 | ```shell 78 | helm upgrade -n . --set redis.usePassword=true --set redis.password= 79 | ``` 80 | 81 | If Redis auth is disabled: 82 | 83 | ```shell 84 | helm upgrade -n . 85 | ``` 86 | -------------------------------------------------------------------------------- /charts/sentry-kubernetes/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: {{ include "sentry-kubernetes.labels" . | indent 4 }} 5 | name: {{ template "sentry-kubernetes.fullname" . }} 6 | spec: 7 | replicas: {{ .Values.replicaCount }} 8 | selector: 9 | matchLabels: 10 | app: {{ template "sentry-kubernetes.name" . }} 11 | template: 12 | metadata: 13 | annotations: 14 | checksum/secrets: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} 15 | {{- if .Values.podAnnotations }} 16 | {{ toYaml .Values.podAnnotations | indent 8 }} 17 | {{- end }} 18 | labels: 19 | app: {{ template "sentry-kubernetes.name" . }} 20 | release: {{ .Release.Name }} 21 | {{- if .Values.podLabels }} 22 | {{ toYaml .Values.podLabels | indent 8 }} 23 | {{- end }} 24 | spec: 25 | {{- if .Values.priorityClassName }} 26 | priorityClassName: "{{ .Values.priorityClassName }}" 27 | {{- end }} 28 | containers: 29 | - name: {{ .Chart.Name }} 30 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 31 | imagePullPolicy: {{ .Values.image.pullPolicy }} 32 | env: 33 | {{ if .Values.sentry.dsn }} 34 | - name: SENTRY_DSN 35 | valueFrom: 36 | secretKeyRef: 37 | name: {{ template "sentry-kubernetes.secretName" . }} 38 | key: sentry.dsn 39 | {{ end }} 40 | {{ if .Values.sentry.environment }} 41 | - name: SENTRY_ENVIRONMENT 42 | value: {{ .Values.sentry.environment | quote }} 43 | {{ end }} 44 | {{ if .Values.sentry.release }} 45 | - name: SENTRY_RELEASE 46 | value: {{ .Values.sentry.release | quote}} 47 | {{ end }} 48 | {{ if .Values.sentry.logLevel }} 49 | - name: SENTRY_K8S_LOG_LEVEL 50 | value: {{ .Values.sentry.logLevel | quote}} 51 | {{ end }} 52 | {{ if .Values.sentry.watchNamespaces }} 53 | - name: SENTRY_K8S_WATCH_NAMESPACES 54 | value: {{ .Values.sentry.watchNamespaces | quote}} 55 | {{ end }} 56 | {{ if .Values.sentry.watchHistorical }} 57 | - name: SENTRY_K8S_WATCH_HISTORICAL 58 | value: {{ .Values.sentry.watchHistorical | quote}} 59 | {{ end }} 60 | {{ if .Values.sentry.clusterConfigType }} 61 | - name: SENTRY_K8S_CLUSTER_CONFIG_TYPE 62 | value: {{ .Values.sentry.clusterConfigType | quote}} 63 | {{ end }} 64 | {{ if .Values.sentry.kubeconfigPath }} 65 | - name: SENTRY_K8S_KUBECONFIG_PATH 66 | value: {{ .Values.sentry.kubeconfigPath | quote}} 67 | {{ end }} 68 | {{ if .Values.sentry.monitorCronjobs }} 69 | - name: SENTRY_K8S_MONITOR_CRONJOBS 70 | value: {{ .Values.sentry.monitorCronjobs | quote}} 71 | {{ end }} 72 | {{ if .Values.sentry.customDsns }} 73 | - name: SENTRY_K8S_CUSTOM_DSNS 74 | value: {{ .Values.sentry.customDsns | quote}} 75 | {{ end }} 76 | {{ if .Values.sentry.appendEnv }} 77 | {{- toYaml .Values.sentry.appendEnv | nindent 10 }} 78 | {{ end }} 79 | resources: 80 | {{- toYaml .Values.resources | nindent 10 }} 81 | {{- if .Values.nodeSelector }} 82 | nodeSelector: 83 | {{- toYaml .Values.nodeSelector | nindent 8 }} 84 | {{- end }} 85 | {{- if .Values.tolerations }} 86 | tolerations: 87 | {{- toYaml .Values.tolerations | nindent 8 }} 88 | {{- end }} 89 | serviceAccountName: {{ template "sentry-kubernetes.serviceAccountName" . }} 90 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug.yml: -------------------------------------------------------------------------------- 1 | name: "\U0001F41E Bug report" 2 | description: File a bug report 3 | labels: ["status/triage", "type/bug"] 4 | assignees: [] 5 | 6 | body: 7 | - type: checkboxes 8 | id: terms 9 | attributes: 10 | label: Issue submitter TODO list 11 | description: By you checking these checkboxes we can be sure you've done the essential things. 12 | options: 13 | - label: I've searched for an already existing issues [here](https://github.com/sentry-kubernetes/charts/issues) 14 | required: true 15 | 16 | - type: textarea 17 | attributes: 18 | label: Describe the bug (actual behavior) 19 | description: | 20 | A clear and concise description of what the bug is. Use a list, if there is more than one problem. 21 | ```markdown 22 | 23 | ``` 24 | validations: 25 | required: true 26 | 27 | - type: textarea 28 | attributes: 29 | label: Expected behavior 30 | description: | 31 | A clear and concise description of what you expected to happen. 32 | ```markdown 33 | 34 | ``` 35 | validations: 36 | required: false 37 | 38 | - type: textarea 39 | attributes: 40 | label: values.yaml 41 | description: | 42 | Please provide the relevant part of your `values.yaml` file. 43 | ```yaml 44 | 45 | ``` 46 | validations: 47 | required: true 48 | 49 | - type: textarea 50 | attributes: 51 | label: Helm chart version 52 | description: | 53 | Please provide the version of the Helm chart you are using. 54 | ```markdown 55 | 56 | ``` 57 | validations: 58 | required: true 59 | 60 | - type: textarea 61 | attributes: 62 | label: Steps to reproduce 63 | description: | 64 | Please write down the order of the actions required to reproduce the issue. 65 | For the advanced setups/complicated issue, we might need you to provide 66 | a minimal [reproducible example](https://stackoverflow.com/help/minimal-reproducible-example). 67 | ```markdown 68 | 69 | ``` 70 | validations: 71 | required: true 72 | 73 | - type: textarea 74 | attributes: 75 | label: Screenshots 76 | description: | 77 | If applicable, add screenshots to help explain your problem. 78 | ```markdown 79 | 80 | ``` 81 | validations: 82 | required: false 83 | 84 | - type: textarea 85 | attributes: 86 | label: Logs 87 | description: | 88 | If applicable, *upload* logs to help explain your problem. 89 | ```markdown 90 | 91 | ``` 92 | validations: 93 | required: false 94 | 95 | - type: textarea 96 | attributes: 97 | label: Additional context 98 | description: | 99 | Add any other context about the problem here. E.G.: 100 | 1. Are there any alternative scenarios (different data/methods/configuration/setup) you have tried? 101 | Were they successful or the same issue occurred? Please provide steps as well. 102 | 2. Related issues (if there are any). 103 | 3. Logs (if available) 104 | 4. Is there any serious impact or behaviour on the end-user because of this issue, that can be overlooked? 105 | ```markdown 106 | 107 | ``` 108 | validations: 109 | required: false 110 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/_helper-snuba.tpl: -------------------------------------------------------------------------------- 1 | {{- define "sentry.snuba.config" -}} 2 | {{- $redisPass := include "sentry.redis.password" . -}} 3 | {{- $redisSsl := include "sentry.redis.ssl" . -}} 4 | settings.py: | 5 | import os 6 | 7 | from snuba.settings import * 8 | 9 | env = os.environ.get 10 | 11 | DEBUG = env("DEBUG", "0").lower() in ("1", "true") 12 | 13 | {{- if .Values.kafka.enabled -}} 14 | {{ if .Values.kafka.provisioning.enabled }} 15 | 16 | # Set partition counts for provisioning topics from kafka chart. 17 | TOPIC_PARTITION_COUNTS = { 18 | {{- $numPartitions := .Values.kafka.provisioning.numPartitions -}} 19 | {{- range .Values.kafka.provisioning.topics }} 20 | {{ .name | quote }}: {{ default $numPartitions .partitions }}, 21 | {{- end }} 22 | } 23 | {{- end -}} 24 | {{- end }} 25 | 26 | {{- if ((.Values.kafkaTopicOverrides).prefix) }} 27 | SENTRY_CHARTS_KAFKA_TOPIC_PREFIX = {{ .Values.kafkaTopicOverrides.prefix | quote }} 28 | 29 | from snuba.utils.streams.topics import Topic 30 | for topic in Topic: 31 | KAFKA_TOPIC_MAP[topic.value] = f"{SENTRY_CHARTS_KAFKA_TOPIC_PREFIX}{topic.value}" 32 | {{- end }} 33 | 34 | # Clickhouse Options 35 | CLUSTERS = [ 36 | { 37 | "host": env("CLICKHOUSE_HOST", {{ include "sentry.clickhouse.host" . | quote }}), 38 | "port": int({{ include "sentry.clickhouse.port" . }}), 39 | "secure": env("CLICKHOUSE_SECURE", False), 40 | "ca_certs": env("CLICKHOUSE_CA_CERTS", None), 41 | "verify": env("CLICKHOUSE_VERIFY", False), 42 | "user": env("CLICKHOUSE_USER", "default"), 43 | "password": env("CLICKHOUSE_PASSWORD", ""), 44 | "max_connections": int(os.environ.get("CLICKHOUSE_MAX_CONNECTIONS", 100)), 45 | "database": env("CLICKHOUSE_DATABASE", "default"), 46 | "http_port": {{ include "sentry.clickhouse.http_port" . }}, 47 | "storage_sets": { 48 | "cdc", 49 | "discover", 50 | "eap_items", 51 | "events", 52 | "events_ro", 53 | "metrics", 54 | "migrations", 55 | "outcomes", 56 | "querylog", 57 | "sessions", 58 | "transactions", 59 | "profiles", 60 | "functions", 61 | "replays", 62 | "generic_metrics_sets", 63 | "generic_metrics_distributions", 64 | "search_issues", 65 | "generic_metrics_counters", 66 | "spans", 67 | "events_analytics_platform", 68 | "group_attributes", 69 | "generic_metrics_gauges", 70 | "metrics_summaries", 71 | "profile_chunks", 72 | }, 73 | {{- /* 74 | The default clickhouse installation runs in distributed mode, while the external 75 | clickhouse configured can be configured any way you choose 76 | */}} 77 | {{- if and .Values.externalClickhouse.singleNode (not .Values.clickhouse.enabled) }} 78 | "single_node": True, 79 | {{- else }} 80 | "single_node": False, 81 | {{- end }} 82 | {{- if or .Values.clickhouse.enabled (not .Values.externalClickhouse.singleNode) }} 83 | "cluster_name": {{ include "sentry.clickhouse.cluster.name" . | quote }}, 84 | "distributed_cluster_name": {{ include "sentry.clickhouse.distributed.cluster.name" . | quote }}, 85 | {{- end }} 86 | }, 87 | ] 88 | 89 | # Redis Options 90 | REDIS_HOST = {{ include "sentry.redis.host" . | quote }} 91 | REDIS_PORT = {{ include "sentry.redis.port" . }} 92 | {{- if or (not ($redisPass)) (.Values.externalRedis.existingSecret) (.Values.redis.auth.existingSecret) }} 93 | REDIS_PASSWORD = env("REDIS_PASSWORD", "") 94 | {{- else if $redisPass }} 95 | REDIS_PASSWORD = {{ $redisPass | quote }} 96 | {{- end }} 97 | 98 | {{- if .Values.redis.enabled }} 99 | REDIS_DB = int(env("REDIS_DB", {{ default 1 .Values.redis.db }})) 100 | {{- else }} 101 | REDIS_DB = int(env("REDIS_DB", {{ default 1 .Values.externalRedis.db }})) 102 | {{- end }} 103 | 104 | {{- if eq $redisSsl "true" }} 105 | REDIS_SSL = True 106 | {{- end }} 107 | 108 | {{- if .Values.metrics.enabled }} 109 | DOGSTATSD_HOST = "{{ template "sentry.fullname" . }}-metrics" 110 | DOGSTATSD_PORT = 9125 111 | {{- end }} 112 | 113 | {{ .Values.config.snubaSettingsPy | nindent 2 }} 114 | {{- end -}} 115 | -------------------------------------------------------------------------------- /charts/sentry/docs/usage-aws-terraform.md: -------------------------------------------------------------------------------- 1 | # Usage with Terraform + AWS 2 | 3 | `./templates/sentry_values.yaml` file 4 | 5 | ```yaml 6 | prefix: ${module_prefix} 7 | 8 | user: 9 | create: true 10 | email: ${sentry_email} 11 | password: ${sentry_password} 12 | 13 | nginx: 14 | enabled: false 15 | 16 | rabbitmq: 17 | enabled: false 18 | 19 | sentry: 20 | web: 21 | service: 22 | annotations: 23 | alb.ingress.kubernetes.io/healthcheck-path: /_health/ 24 | alb.ingress.kubernetes.io/healthcheck-port: traffic-port 25 | 26 | relay: 27 | service: 28 | annotations: 29 | alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/ 30 | alb.ingress.kubernetes.io/healthcheck-port: traffic-port 31 | 32 | postgresql: 33 | enabled: true 34 | nameOverride: sentry-postgresql 35 | postgresqlUsername: postgres 36 | postgresqlPassword: ${postgres_password} 37 | postgresqlDatabase: sentry 38 | replication: 39 | enabled: false 40 | 41 | ingress: 42 | enabled: true 43 | hostname: ${sentry_dns_name} 44 | regexPathStyle: aws-alb 45 | annotations: 46 | kubernetes.io/ingress.class: alb 47 | alb.ingress.kubernetes.io/scheme: internet-facing 48 | alb.ingress.kubernetes.io/target-type: ip 49 | alb.ingress.kubernetes.io/tags: ${tags} 50 | alb.ingress.kubernetes.io/inbound-cidrs: ${allowed_cidr_blocks_str} 51 | alb.ingress.kubernetes.io/subnets: ${public_subnet_ids_str} 52 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' 53 | alb.ingress.kubernetes.io/ssl-redirect: "443" 54 | alb.ingress.kubernetes.io/certificate-arn: ${subdomain_cert_arn} 55 | external-dns.alpha.kubernetes.io/hostname: ${sentry_dns_name} 56 | ``` 57 | 58 | `./helm.tf` file 59 | 60 | ```terraform 61 | resource "helm_release" "sentry" { 62 | name = "sentry" 63 | chart = "${path.module}/helm_sentry/" 64 | repository = "https://sentry-kubernetes.github.io/charts" 65 | version = "14.0.0" 66 | timeout = 600 67 | wait = false 68 | dependency_update = true 69 | 70 | values = [ 71 | templatefile( 72 | "${path.module}/templates/sentry_values.yaml", 73 | { 74 | module_prefix = "${var.module_prefix}", 75 | sentry_email = "${var.sentry_email}", 76 | sentry_password = "${var.sentry_password}", 77 | 78 | sentry_dns_name = "${local.sentry_dns_name}", 79 | subdomain_cert_arn = "${var.subdomain_cert_arn}", 80 | allowed_cidr_blocks_str = "${join(",", var.allowed_cidr_blocks)}", 81 | private_subnet_ids_str = "${join(",", var.private_subnet_ids)}", 82 | public_subnet_ids_str = "${join(",", var.public_subnet_ids)}", 83 | tags = "environment=${var.env}" 84 | # postgres_db_host = "${module.sentry_rds_pg.this_rds_cluster_endpoint}", 85 | # postgres_db_name = "${local.db_name}", 86 | postgres_username = "${local.db_user}", 87 | postgres_password = "${local.db_pass}", 88 | } 89 | ) 90 | ] 91 | 92 | depends_on = [ 93 | helm_release.lb_controller, 94 | helm_release.external_dns, 95 | ] 96 | } 97 | ``` 98 | 99 | ### Notes 100 | 101 | 1. Ensure the control plane and node security groups are appropriately configured as documented [here](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#control-plane-worker-node-sgs). 102 | 2. Annotations for ingress are as mentioned [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/) 103 | 3. `healthcheck-path` and `healthcheck-port` annotations can be setup per target group using the alb annotations in the corresponding services as mentioned [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1056#issuecomment-551585078). For example, here we have: 104 | 105 | ```yaml 106 | sentry: 107 | web: 108 | service: 109 | annotations: 110 | alb.ingress.kubernetes.io/healthcheck-path: /_health/ 111 | alb.ingress.kubernetes.io/healthcheck-port: traffic-port 112 | 113 | relay: 114 | service: 115 | annotations: 116 | alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/ 117 | alb.ingress.kubernetes.io/healthcheck-port: traffic-port 118 | ``` 119 | 120 | Which are load balancer annotations specified in the service configuration for the load balancer to pick while creating the target groups. 121 | 122 | NOTE: AWS ALB Controller's Service annotations don't apply here as we want the `aws-load-balancer-controller` to pick-up the services and apply the appropriate healthcheck-path per service and not create a load balancer for the service itself. The service annotations will only apply when you want the service to be load balanced. 123 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/deployment-tabix.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tabix.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }}-tabix 6 | labels: 7 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-tabix 8 | app.kubernetes.io/instance: {{ .Release.Name }}-tabix 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | replicas: {{ .Values.tabix.replicas }} 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-tabix 15 | app.kubernetes.io/instance: {{ .Release.Name }}-tabix 16 | {{- if .Values.tabix.updateStrategy }} 17 | strategy: 18 | type: {{ .Values.tabix.updateStrategy.type }} 19 | rollingUpdate: 20 | maxSurge: {{ .Values.tabix.updateStrategy.maxSurge }} 21 | maxUnavailable: {{ .Values.tabix.updateStrategy.maxUnavailable }} 22 | {{- end }} 23 | template: 24 | metadata: 25 | {{- if .Values.clickhouse.podAnnotations }} 26 | annotations: 27 | {{- range $key, $value := .Values.clickhouse.podAnnotations }} 28 | {{ $key }}: {{ $value | quote }} 29 | {{- end }} 30 | {{- end }} 31 | labels: 32 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-tabix 33 | app.kubernetes.io/instance: {{ .Release.Name }}-tabix 34 | {{- if .Values.clickhouse.podLabels }} 35 | {{- range $key, $value := .Values.clickhouse.podLabels }} 36 | {{ $key }}: {{ $value | quote }} 37 | {{- end }} 38 | {{- end }} 39 | spec: 40 | {{- if .Values.affinity }} 41 | affinity: 42 | {{ toYaml .Values.affinity | indent 8 }} 43 | {{- end }} 44 | {{- if .Values.tolerations }} 45 | tolerations: 46 | {{ toYaml .Values.tolerations | indent 8 }} 47 | {{- end }} 48 | {{- if .Values.tabix.imagePullSecrets }} 49 | imagePullSecrets: 50 | {{- range .Values.tabix.imagePullSecrets }} 51 | - name: {{ . | quote }} 52 | {{- end }} 53 | {{- end }} 54 | containers: 55 | - name: {{ include "clickhouse.name" . }}-tabix 56 | image: {{ .Values.tabix.image }}:{{ .Values.tabix.imageVersion }} 57 | imagePullPolicy: {{ .Values.tabix.imagePullPolicy }} 58 | ports: 59 | - name: http 60 | containerPort: 80 61 | {{- if .Values.tabix.volumeMounts }} 62 | volumeMounts: 63 | {{ toYaml .Values.tabix.volumeMounts | indent 8 }} 64 | {{- end }} 65 | env: 66 | {{- if .Values.tabix.security }} 67 | - name: USER 68 | value: {{ .Values.tabix.security.user }} 69 | - name: PASSWORD 70 | value: {{ .Values.tabix.security.password }} 71 | {{- end }} 72 | {{- if .Values.tabix.automaticConnection }} 73 | - name: CH_NAME 74 | value: {{ .Values.tabix.automaticConnection.chName }} 75 | - name: CH_HOST 76 | value: {{ .Values.tabix.automaticConnection.chHost }} 77 | - name: CH_LOGIN 78 | value: {{ .Values.tabix.automaticConnection.chLogin }} 79 | - name: CH_PASSWORD 80 | value: {{ .Values.tabix.automaticConnection.chPassword }} 81 | - name: CH_PARAMS 82 | value: {{ .Values.tabix.automaticConnection.chParams }} 83 | {{- end }} 84 | {{- if .Values.tabix.livenessProbe.enabled }} 85 | livenessProbe: 86 | tcpSocket: 87 | port: 80 88 | initialDelaySeconds: {{ .Values.tabix.livenessProbe.initialDelaySeconds }} 89 | periodSeconds: {{ .Values.tabix.livenessProbe.periodSeconds }} 90 | timeoutSeconds: {{ .Values.tabix.livenessProbe.timeoutSeconds }} 91 | failureThreshold: {{ .Values.tabix.livenessProbe.failureThreshold }} 92 | successThreshold: {{ .Values.tabix.livenessProbe.successThreshold }} 93 | {{- end }} 94 | {{- if .Values.tabix.readinessProbe.enabled }} 95 | readinessProbe: 96 | tcpSocket: 97 | port: 80 98 | initialDelaySeconds: {{ .Values.tabix.readinessProbe.initialDelaySeconds }} 99 | periodSeconds: {{ .Values.tabix.readinessProbe.periodSeconds }} 100 | timeoutSeconds: {{ .Values.tabix.readinessProbe.timeoutSeconds }} 101 | failureThreshold: {{ .Values.tabix.readinessProbe.failureThreshold }} 102 | successThreshold: {{ .Values.tabix.readinessProbe.successThreshold }} 103 | {{- end }} 104 | {{- if .Values.tabix.resources }} 105 | resources: 106 | {{ toYaml .Values.tabix.resources | indent 10 }} 107 | {{- end }} 108 | {{- if .Values.tabix.volumes }} 109 | volumes: 110 | {{ toYaml .Values.tabix.volumes | indent 6 }} 111 | {{- end }} 112 | {{- if .Values.serviceAccount.enabled }} 113 | serviceAccountName: {{ .Values.serviceAccount.name }}-tabix 114 | {{- end }} 115 | {{- end }} 116 | -------------------------------------------------------------------------------- /charts/sentry/templates/uptime-checker/deployment-uptime-checker.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if .Values.sentry.features.enableUptime }} 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-uptime-checker 7 | labels: 8 | app: {{ template "sentry.fullname" . }} 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | {{- include "sentry.component.labels" (dict "component" "uptime-checker" "ctx" .) | nindent 4 }} 13 | {{- if .Values.asHook }} 14 | {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} 15 | annotations: 16 | meta.helm.sh/release-name: "{{ .Release.Name }}" 17 | meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" 18 | "helm.sh/hook": "post-install,post-upgrade" 19 | "helm.sh/hook-weight": "25" 20 | {{- end }} 21 | spec: 22 | selector: 23 | matchLabels: 24 | app: {{ template "sentry.fullname" . }} 25 | release: "{{ .Release.Name }}" 26 | role: uptime-checker 27 | replicas: {{ .Values.uptimeChecker.replicas }} 28 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 29 | template: 30 | metadata: 31 | annotations: 32 | {{- if .Values.uptimeChecker.annotations }} 33 | {{ toYaml .Values.uptimeChecker.annotations | indent 8 }} 34 | {{- end }} 35 | labels: 36 | app: {{ template "sentry.fullname" . }} 37 | release: "{{ .Release.Name }}" 38 | role: uptime-checker 39 | {{- include "sentry.component.labels" (dict "component" "uptime-checker" "ctx" .) | nindent 8 }} 40 | {{- if .Values.uptimeChecker.podLabels }} 41 | {{ toYaml .Values.uptimeChecker.podLabels | indent 8 }} 42 | {{- end }} 43 | spec: 44 | affinity: 45 | {{- if .Values.uptimeChecker.affinity }} 46 | {{ toYaml .Values.uptimeChecker.affinity | indent 8 }} 47 | {{- end }} 48 | {{- if .Values.uptimeChecker.nodeSelector }} 49 | nodeSelector: 50 | {{ toYaml .Values.uptimeChecker.nodeSelector | indent 8 }} 51 | {{- else if .Values.global.nodeSelector }} 52 | nodeSelector: 53 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 54 | {{- end }} 55 | {{- if .Values.uptimeChecker.tolerations }} 56 | tolerations: 57 | {{ toYaml .Values.uptimeChecker.tolerations | indent 8 }} 58 | {{- else if .Values.global.tolerations }} 59 | tolerations: 60 | {{ toYaml .Values.global.tolerations | indent 8 }} 61 | {{- end }} 62 | {{- if .Values.uptimeChecker.topologySpreadConstraints }} 63 | topologySpreadConstraints: 64 | {{ toYaml .Values.uptimeChecker.topologySpreadConstraints | indent 8 }} 65 | {{- end }} 66 | {{- if .Values.images.uptimeChecker.imagePullSecrets }} 67 | imagePullSecrets: 68 | {{ toYaml .Values.images.uptimeChecker.imagePullSecrets | indent 8 }} 69 | {{- end }} 70 | {{- if .Values.uptimeChecker.securityContext }} 71 | securityContext: 72 | {{ toYaml .Values.uptimeChecker.securityContext | indent 8 }} 73 | {{- end }} 74 | containers: 75 | - name: {{ .Chart.Name }}-uptime-checker 76 | {{- if .Values.uptimeChecker.args }} 77 | args: 78 | {{ toYaml .Values.uptimeChecker.args | indent 10 }} 79 | {{- else }} 80 | args: ["run"] 81 | {{- end }} 82 | image: "{{ template "uptimeChecker.image" . }}" 83 | imagePullPolicy: {{ default "IfNotPresent" .Values.images.uptimeChecker.pullPolicy }} 84 | env: 85 | {{- include "uptimeChecker.env" . | nindent 8 }} 86 | {{- if .Values.uptimeChecker.env }} 87 | {{ toYaml .Values.uptimeChecker.env | indent 8 }} 88 | {{- end }} 89 | {{- if .Values.uptimeChecker.volumeMounts }} 90 | {{ toYaml .Values.uptimeChecker.volumeMounts | indent 8 }} 91 | {{- end }} 92 | resources: 93 | {{ toYaml .Values.uptimeChecker.resources | indent 12 }} 94 | {{- if .Values.uptimeChecker.containerSecurityContext }} 95 | securityContext: 96 | {{ toYaml .Values.uptimeChecker.containerSecurityContext | indent 12 }} 97 | {{- end }} 98 | {{- if .Values.uptimeChecker.sidecars }} 99 | {{ toYaml .Values.uptimeChecker.sidecars | indent 6 }} 100 | {{- end }} 101 | {{- if .Values.global.sidecars }} 102 | {{ toYaml .Values.global.sidecars | indent 6 }} 103 | {{- end }} 104 | {{- if .Values.serviceAccount.enabled }} 105 | serviceAccountName: {{ .Values.serviceAccount.name }}-uptime-checker 106 | {{- end }} 107 | volumes: 108 | {{- if .Values.uptimeChecker.volumes }} 109 | {{ toYaml .Values.uptimeChecker.volumes | indent 6 }} 110 | {{- end }} 111 | {{- if .Values.global.volumes }} 112 | {{ toYaml .Values.global.volumes | indent 6 }} 113 | {{- end }} 114 | {{- if .Values.uptimeChecker.priorityClassName }} 115 | priorityClassName: "{{ .Values.uptimeChecker.priorityClassName }}" 116 | {{- end }} 117 | {{- end }} 118 | {{- end }} 119 | -------------------------------------------------------------------------------- /charts/sentry/templates/hooks/sentry-db-init.job.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.hooks.enabled .Values.hooks.dbInit.enabled -}} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-db-init 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | annotations: 12 | # This is what defines this resource as a hook. Without this line, the 13 | # job is considered part of the release. 14 | "helm.sh/hook": "post-install,{{ if .Values.hooks.preUpgrade }}pre-upgrade{{ else }}post-upgrade{{ end }}" 15 | "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" 16 | "helm.sh/hook-weight": "6" 17 | spec: 18 | {{- if .Values.hooks.activeDeadlineSeconds }} 19 | activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} 20 | {{- end}} 21 | template: 22 | metadata: 23 | name: {{ template "sentry.fullname" . }}-db-init 24 | annotations: 25 | checksum/configmap.yaml: {{ include "sentry.config" . | sha256sum }} 26 | {{- if .Values.sentry.worker.annotations }} 27 | {{ toYaml .Values.sentry.worker.annotations | indent 8 }} 28 | {{- end }} 29 | {{- if .Values.hooks.dbInit.podAnnotations }} 30 | {{ toYaml .Values.hooks.dbInit.podAnnotations | indent 8 }} 31 | {{- end }} 32 | labels: 33 | app: sentry 34 | release: "{{ .Release.Name }}" 35 | {{- if .Values.sentry.worker.podLabels }} 36 | {{ toYaml .Values.sentry.worker.podLabels | indent 8 }} 37 | {{- end }} 38 | {{- if .Values.hooks.dbInit.podLabels }} 39 | {{ toYaml .Values.hooks.dbInit.podLabels | indent 8 }} 40 | {{- end }} 41 | spec: 42 | {{- if .Values.hooks.dbInit.affinity }} 43 | affinity: 44 | {{ toYaml .Values.hooks.dbInit.affinity | indent 8 }} 45 | {{- end }} 46 | {{- if .Values.hooks.dbInit.nodeSelector }} 47 | nodeSelector: 48 | {{ toYaml .Values.hooks.dbInit.nodeSelector | indent 8 }} 49 | {{- else if .Values.global.nodeSelector }} 50 | nodeSelector: 51 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 52 | {{- end }} 53 | {{- if .Values.hooks.dbInit.tolerations }} 54 | tolerations: 55 | {{ toYaml .Values.hooks.dbInit.tolerations | indent 8 }} 56 | {{- else if .Values.global.tolerations }} 57 | tolerations: 58 | {{ toYaml .Values.global.tolerations | indent 8 }} 59 | {{- end }} 60 | restartPolicy: Never 61 | {{- if .Values.images.sentry.imagePullSecrets }} 62 | imagePullSecrets: 63 | {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} 64 | {{- end }} 65 | {{- if .Values.dnsPolicy }} 66 | dnsPolicy: {{ .Values.dnsPolicy | quote }} 67 | {{- end }} 68 | {{- if .Values.dnsConfig }} 69 | dnsConfig: 70 | {{ toYaml .Values.dnsConfig | indent 8 }} 71 | {{- end }} 72 | {{- if .Values.hooks.dbInit.securityContext }} 73 | securityContext: 74 | {{ toYaml .Values.hooks.dbInit.securityContext | indent 8 }} 75 | {{- else }} 76 | {{- if .Values.hooks.securityContext }} 77 | securityContext: 78 | {{ toYaml .Values.hooks.securityContext | indent 8 }} 79 | {{- end }} 80 | {{- end }} 81 | containers: 82 | - name: db-init-job 83 | image: "{{ template "sentry.image" . }}" 84 | imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} 85 | command: ["sentry","upgrade","--noinput"] 86 | env: 87 | {{ include "sentry.env" . | indent 8 }} 88 | {{- if .Values.hooks.dbInit.env }} 89 | {{ toYaml .Values.hooks.dbInit.env | indent 8 }} 90 | {{- end }} 91 | volumeMounts: 92 | - mountPath: /etc/sentry 93 | name: config 94 | readOnly: true 95 | {{- if .Values.hooks.dbInit.volumeMounts }} 96 | {{ toYaml .Values.hooks.dbInit.volumeMounts | indent 8 }} 97 | {{- end }} 98 | resources: 99 | {{ toYaml .Values.hooks.dbInit.resources | indent 10 }} 100 | {{- if .Values.hooks.dbInit.containerSecurityContext }} 101 | securityContext: 102 | {{ toYaml .Values.hooks.dbInit.containerSecurityContext | indent 10 }} 103 | {{- end }} 104 | {{- if .Values.hooks.dbInit.sidecars }} 105 | {{ toYaml .Values.hooks.dbInit.sidecars | indent 6 }} 106 | {{- end }} 107 | {{- if .Values.global.sidecars }} 108 | {{ toYaml .Values.global.sidecars | indent 6 }} 109 | {{- end }} 110 | volumes: 111 | - name: config 112 | configMap: 113 | name: {{ template "sentry.fullname" . }}-sentry 114 | {{- if .Values.hooks.dbInit.volumes }} 115 | {{ toYaml .Values.hooks.dbInit.volumes | indent 6 }} 116 | {{- end }} 117 | {{- if .Values.global.volumes }} 118 | {{ toYaml .Values.global.volumes | indent 6 }} 119 | {{- end }} 120 | {{- if .Values.hooks.shareProcessNamespace }} 121 | shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} 122 | {{- end }} 123 | {{- end -}} 124 | -------------------------------------------------------------------------------- /charts/clickhouse/templates/configmap-metrika.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clickhouse.configmap.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "clickhouse.fullname" . }}-metrica 6 | labels: 7 | app.kubernetes.io/name: {{ include "clickhouse.name" . }}-metrica 8 | app.kubernetes.io/instance: {{ .Release.Name }}-metrica 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | data: 11 | metrica.xml: |- 12 | 13 | 14 | {{- if .Values.clickhouse.configmap.zookeeper_servers.enabled }} 15 | 16 | {{- range .Values.clickhouse.configmap.zookeeper_servers.config }} 17 | {{- with . }} 18 | 19 | {{- if .hostTemplate }} 20 | {{ tpl .hostTemplate $ }} 21 | {{- else }} 22 | {{ .host }} 23 | {{- end }} 24 | {{ .port }} 25 | 26 | {{- end }} 27 | {{- end }} 28 | {{ .Values.clickhouse.configmap.zookeeper_servers.session_timeout_ms }} 29 | {{ .Values.clickhouse.configmap.zookeeper_servers.operation_timeout_ms }} 30 | {{ .Values.clickhouse.configmap.zookeeper_servers.root }} 31 | {{ .Values.clickhouse.configmap.zookeeper_servers.identity }} 32 | 33 | {{- end }} 34 | 35 | {{- if .Values.clickhouse.configmap.remote_servers.enabled }} 36 | 37 | <{{ include "clickhouse.fullname" . }}> 38 | {{- range untilStep 0 (int .Values.clickhouse.replicas) 1 }} 39 | 40 | {{ $.Values.clickhouse.configmap.remote_servers.internal_replication | default "false" }} 41 | 42 | {{ include "clickhouse.fullname" $ }}-{{ . }}.{{ include "clickhouse.fullname" $ }}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} 43 | {{ $.Values.clickhouse.tcp_port}} 44 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.user }} 45 | {{ $.Values.clickhouse.configmap.remote_servers.replica.user }} 46 | {{- end }} 47 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.password }} 48 | {{ $.Values.clickhouse.configmap.remote_servers.replica.password }} 49 | {{- end }} 50 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.secure }} 51 | {{ $.Values.clickhouse.configmap.remote_servers.replica.secure }} 52 | {{- end }} 53 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.compression }} 54 | {{ $.Values.clickhouse.configmap.remote_servers.replica.compression }} 55 | {{- end }} 56 | 57 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.backup.enabled }} 58 | 59 | {{ include "clickhouse.fullname" $ }}-replica-{{ . }}.{{ include "clickhouse.fullname" $ }}-replica-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} 60 | {{ $.Values.clickhouse.tcp_port}} 61 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.user }} 62 | {{ $.Values.clickhouse.configmap.remote_servers.replica.user }} 63 | {{- end }} 64 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.password }} 65 | {{ $.Values.clickhouse.configmap.remote_servers.replica.password }} 66 | {{- end }} 67 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.secure }} 68 | {{ $.Values.clickhouse.configmap.remote_servers.replica.secure }} 69 | {{- end }} 70 | {{- if $.Values.clickhouse.configmap.remote_servers.replica.compression }} 71 | {{ $.Values.clickhouse.configmap.remote_servers.replica.compression }} 72 | {{- end }} 73 | 74 | {{- end }} 75 | 76 | {{- end }} 77 | 78 | 79 | {{- end }} 80 | 81 | 82 | 83 | 84 | 85 | 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /charts/sentry/templates/hooks/snuba-migrate.job.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.hooks.enabled .Values.hooks.snubaMigrate.enabled -}} 2 | {{- $clickhouseHost := include "sentry.clickhouse.host" . -}} 3 | apiVersion: batch/v1 4 | kind: Job 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-snuba-migrate 7 | labels: 8 | app: sentry 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | annotations: 13 | # This is what defines this resource as a hook. Without this line, the 14 | # job is considered part of the release. 15 | "helm.sh/hook": "post-install,{{ if .Values.hooks.preUpgrade }}pre-upgrade{{ else }}post-upgrade{{ end }}" 16 | "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" 17 | "helm.sh/hook-weight": "5" 18 | spec: 19 | {{- if .Values.hooks.activeDeadlineSeconds }} 20 | activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} 21 | {{- end}} 22 | template: 23 | metadata: 24 | name: {{ template "sentry.fullname" . }}-snuba-migrate 25 | annotations: 26 | checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} 27 | checksum/config.yaml: {{ include "sentry.snuba.config" . | sha256sum }} 28 | {{- if .Values.snuba.annotations }} 29 | {{ toYaml .Values.snuba.annotations | indent 8 }} 30 | {{- end }} 31 | {{- if .Values.hooks.snubaInit.podAnnotations }} 32 | {{ toYaml .Values.hooks.snubaInit.podAnnotations | indent 8 }} 33 | {{- end }} 34 | labels: 35 | app: sentry 36 | release: "{{ .Release.Name }}" 37 | {{- if .Values.snuba.podLabels }} 38 | {{ toYaml .Values.snuba.podLabels | indent 8 }} 39 | {{- end }} 40 | {{- if .Values.hooks.snubaMigrate.podLabels }} 41 | {{ toYaml .Values.hooks.snubaMigrate.podLabels | indent 8 }} 42 | {{- end }} 43 | spec: 44 | {{- if .Values.hooks.snubaInit.affinity }} 45 | affinity: 46 | {{ toYaml .Values.hooks.snubaInit.affinity | indent 8 }} 47 | {{- end }} 48 | {{- if .Values.hooks.snubaInit.nodeSelector }} 49 | nodeSelector: 50 | {{ toYaml .Values.hooks.snubaInit.nodeSelector | indent 8 }} 51 | {{- else if .Values.global.nodeSelector }} 52 | nodeSelector: 53 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 54 | {{- end }} 55 | {{- if .Values.hooks.snubaInit.tolerations }} 56 | tolerations: 57 | {{ toYaml .Values.hooks.snubaInit.tolerations | indent 8 }} 58 | {{- else if .Values.global.tolerations }} 59 | tolerations: 60 | {{ toYaml .Values.global.tolerations | indent 8 }} 61 | {{- end }} 62 | restartPolicy: Never 63 | {{- if .Values.images.snuba.imagePullSecrets }} 64 | imagePullSecrets: 65 | {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} 66 | {{- end }} 67 | {{- if .Values.dnsPolicy }} 68 | dnsPolicy: {{ .Values.dnsPolicy | quote }} 69 | {{- end }} 70 | {{- if .Values.dnsConfig }} 71 | dnsConfig: 72 | {{ toYaml .Values.dnsConfig | indent 8 }} 73 | {{- end }} 74 | {{- if .Values.hooks.snubaMigrate.securityContext }} 75 | securityContext: 76 | {{ toYaml .Values.hooks.snubaMigrate.securityContext | indent 8 }} 77 | {{- else }} 78 | {{- if .Values.hooks.securityContext }} 79 | securityContext: 80 | {{ toYaml .Values.hooks.securityContext | indent 8 }} 81 | {{- end }} 82 | {{- end }} 83 | containers: 84 | - name: snuba-migrate 85 | image: "{{ template "snuba.image" . }}" 86 | command: [snuba, migrations, migrate, --force] 87 | env: 88 | - name: LOG_LEVEL 89 | value: debug 90 | {{ include "sentry.snuba.env" . | indent 8 }} 91 | {{- if .Values.snuba.migrateJob.env }} 92 | {{ toYaml .Values.snuba.migrateJob.env | indent 8 }} 93 | {{- end }} 94 | envFrom: 95 | - secretRef: 96 | name: {{ template "sentry.fullname" . }}-snuba-env 97 | volumeMounts: 98 | - mountPath: /etc/snuba 99 | name: config 100 | readOnly: true 101 | {{- if .Values.hooks.snubaInit.volumeMounts }} 102 | {{ toYaml .Values.hooks.snubaInit.volumeMounts | indent 8 }} 103 | {{- end }} 104 | resources: 105 | {{ toYaml .Values.hooks.snubaInit.resources | indent 10 }} 106 | {{- if .Values.hooks.snubaMigrate.containerSecurityContext }} 107 | securityContext: 108 | {{ toYaml .Values.hooks.snubaMigrate.containerSecurityContext | indent 10 }} 109 | {{- end }} 110 | {{- if .Values.hooks.snubaMigrate.sidecars }} 111 | {{ toYaml .Values.hooks.snubaMigrate.sidecars | indent 6 }} 112 | {{- end }} 113 | {{- if .Values.global.sidecars }} 114 | {{ toYaml .Values.global.sidecars | indent 6 }} 115 | {{- end }} 116 | volumes: 117 | - name: config 118 | configMap: 119 | name: {{ template "sentry.fullname" . }}-snuba 120 | {{- if .Values.hooks.snubaInit.volumes }} 121 | {{ toYaml .Values.hooks.snubaInit.volumes | indent 6 }} 122 | {{- end }} 123 | {{- if .Values.global.volumes }} 124 | {{ toYaml .Values.global.volumes | indent 6 }} 125 | {{- end }} 126 | {{- if .Values.hooks.shareProcessNamespace }} 127 | shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} 128 | {{- end }} 129 | {{- end }} 130 | -------------------------------------------------------------------------------- /charts/sentry/templates/hooks/snuba-db-init.job.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.hooks.enabled .Values.hooks.snubaInit.enabled -}} 2 | {{- $clickhouseHost := include "sentry.clickhouse.host" . -}} 3 | apiVersion: batch/v1 4 | kind: Job 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-snuba-db-init 7 | labels: 8 | app: sentry 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | annotations: 13 | # This is what defines this resource as a hook. Without this line, the 14 | # job is considered part of the release. 15 | "helm.sh/hook": "post-install,{{ if .Values.hooks.preUpgrade }}pre-upgrade{{ else }}post-upgrade{{ end }}" 16 | "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" 17 | "helm.sh/hook-weight": "3" 18 | spec: 19 | {{- if .Values.hooks.activeDeadlineSeconds }} 20 | activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} 21 | {{- end}} 22 | template: 23 | metadata: 24 | name: {{ template "sentry.fullname" . }}-snuba-db-init 25 | annotations: 26 | checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} 27 | checksum/config.yaml: {{ include "sentry.snuba.config" . | sha256sum }} 28 | {{- if .Values.snuba.annotations }} 29 | {{ toYaml .Values.snuba.annotations | indent 8 }} 30 | {{- end }} 31 | {{- if .Values.hooks.snubaInit.podAnnotations }} 32 | {{ toYaml .Values.hooks.snubaInit.podAnnotations | indent 8 }} 33 | {{- end }} 34 | labels: 35 | app: sentry 36 | release: "{{ .Release.Name }}" 37 | {{- if .Values.snuba.podLabels }} 38 | {{ toYaml .Values.snuba.podLabels | indent 8 }} 39 | {{- end }} 40 | {{- if .Values.hooks.snubaInit.podLabels }} 41 | {{ toYaml .Values.hooks.snubaInit.podLabels | indent 8 }} 42 | {{- end }} 43 | spec: 44 | {{- if .Values.hooks.snubaInit.affinity }} 45 | affinity: 46 | {{ toYaml .Values.hooks.snubaInit.affinity | indent 8 }} 47 | {{- end }} 48 | {{- if .Values.hooks.snubaInit.nodeSelector }} 49 | nodeSelector: 50 | {{ toYaml .Values.hooks.snubaInit.nodeSelector | indent 8 }} 51 | {{- else if .Values.global.nodeSelector }} 52 | nodeSelector: 53 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 54 | {{- end }} 55 | {{- if .Values.hooks.snubaInit.tolerations }} 56 | tolerations: 57 | {{ toYaml .Values.hooks.snubaInit.tolerations | indent 8 }} 58 | {{- else if .Values.global.tolerations }} 59 | tolerations: 60 | {{ toYaml .Values.global.tolerations | indent 8 }} 61 | {{- end }} 62 | restartPolicy: Never 63 | {{- if .Values.images.snuba.imagePullSecrets }} 64 | imagePullSecrets: 65 | {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} 66 | {{- end }} 67 | {{- if .Values.dnsPolicy }} 68 | dnsPolicy: {{ .Values.dnsPolicy | quote }} 69 | {{- end }} 70 | {{- if .Values.dnsConfig }} 71 | dnsConfig: 72 | {{ toYaml .Values.dnsConfig | indent 8 }} 73 | {{- end }} 74 | {{- if .Values.hooks.snubaInit.securityContext }} 75 | securityContext: 76 | {{ toYaml .Values.hooks.snubaInit.securityContext | indent 8 }} 77 | {{- else }} 78 | {{- if .Values.hooks.securityContext }} 79 | securityContext: 80 | {{ toYaml .Values.hooks.securityContext | indent 8 }} 81 | {{- end }} 82 | {{- end }} 83 | containers: 84 | - name: snuba-init 85 | image: "{{ template "snuba.image" . }}" 86 | command: 87 | - snuba 88 | - bootstrap 89 | - --no-migrate 90 | {{- if .Values.hooks.snubaInit.kafka.enabled }} 91 | - --kafka 92 | {{- else }} 93 | - --no-kafka 94 | {{- end }} 95 | - --force 96 | env: 97 | - name: LOG_LEVEL 98 | value: debug 99 | {{ include "sentry.snuba.env" . | indent 8 }} 100 | {{- if .Values.snuba.dbInitJob.env }} 101 | {{ toYaml .Values.snuba.dbInitJob.env | indent 8 }} 102 | {{- end }} 103 | envFrom: 104 | - secretRef: 105 | name: {{ template "sentry.fullname" . }}-snuba-env 106 | volumeMounts: 107 | - mountPath: /etc/snuba 108 | name: config 109 | readOnly: true 110 | {{- if .Values.hooks.snubaInit.volumeMounts }} 111 | {{ toYaml .Values.hooks.snubaInit.volumeMounts | indent 8 }} 112 | {{- end }} 113 | resources: 114 | {{ toYaml .Values.hooks.snubaInit.resources | indent 10 }} 115 | {{- if .Values.hooks.snubaInit.containerSecurityContext }} 116 | securityContext: 117 | {{ toYaml .Values.hooks.snubaInit.containerSecurityContext | indent 10 }} 118 | {{- end }} 119 | {{- if .Values.hooks.snubaInit.sidecars }} 120 | {{ toYaml .Values.hooks.snubaInit.sidecars | indent 6 }} 121 | {{- end }} 122 | {{- if .Values.global.sidecars }} 123 | {{ toYaml .Values.global.sidecars | indent 6 }} 124 | {{- end }} 125 | volumes: 126 | - name: config 127 | configMap: 128 | name: {{ template "sentry.fullname" . }}-snuba 129 | {{- if .Values.hooks.snubaInit.volumes }} 130 | {{ toYaml .Values.hooks.snubaInit.volumes | indent 6 }} 131 | {{- end }} 132 | {{- if .Values.global.volumes }} 133 | {{ toYaml .Values.global.volumes | indent 6 }} 134 | {{- end }} 135 | {{- if .Values.hooks.shareProcessNamespace }} 136 | shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} 137 | {{- end }} 138 | {{- end }} 139 | -------------------------------------------------------------------------------- /charts/sentry/templates/hooks/user-create.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.user.create .Values.hooks.enabled -}} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-user-create 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | annotations: 12 | "helm.sh/hook": "post-install,{{ if .Values.hooks.preUpgrade }}pre-upgrade{{ else }}post-upgrade{{ end }}" 13 | "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" 14 | "helm.sh/hook-weight": "9" 15 | spec: 16 | {{- if .Values.hooks.activeDeadlineSeconds }} 17 | activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} 18 | {{- end}} 19 | template: 20 | metadata: 21 | name: {{ template "sentry.fullname" . }}-user-create 22 | annotations: 23 | checksum/configmap.yaml: {{ include "sentry.config" . | sha256sum }} 24 | {{- if .Values.sentry.worker.annotations }} 25 | {{ toYaml .Values.sentry.worker.annotations | indent 8 }} 26 | {{- end }} 27 | {{- if .Values.hooks.dbInit.podAnnotations }} 28 | {{ toYaml .Values.hooks.dbInit.podAnnotations | indent 8 }} 29 | {{- end }} 30 | labels: 31 | app: sentry 32 | release: "{{ .Release.Name }}" 33 | {{- if .Values.sentry.worker.podLabels }} 34 | {{ toYaml .Values.sentry.worker.podLabels | indent 8 }} 35 | {{- end }} 36 | spec: 37 | {{- if .Values.hooks.dbInit.affinity }} 38 | affinity: 39 | {{ toYaml .Values.hooks.dbInit.affinity | indent 8 }} 40 | {{- end }} 41 | {{- if .Values.hooks.dbInit.nodeSelector }} 42 | nodeSelector: 43 | {{ toYaml .Values.hooks.dbInit.nodeSelector | indent 8 }} 44 | {{- else if .Values.global.nodeSelector }} 45 | nodeSelector: 46 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 47 | {{- end }} 48 | restartPolicy: Never 49 | {{- if .Values.hooks.dbInit.tolerations }} 50 | tolerations: 51 | {{ toYaml .Values.hooks.dbInit.tolerations | indent 8 }} 52 | {{- else if .Values.global.tolerations }} 53 | tolerations: 54 | {{ toYaml .Values.global.tolerations | indent 8 }} 55 | {{- end }} 56 | {{- if .Values.images.sentry.imagePullSecrets }} 57 | imagePullSecrets: 58 | {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} 59 | {{- end }} 60 | {{- if .Values.dnsPolicy }} 61 | dnsPolicy: {{ .Values.dnsPolicy | quote }} 62 | {{- end }} 63 | {{- if .Values.dnsConfig }} 64 | dnsConfig: 65 | {{ toYaml .Values.dnsConfig | indent 8 }} 66 | {{- end }} 67 | {{- if .Values.hooks.dbInit.securityContext }} 68 | securityContext: 69 | {{ toYaml .Values.hooks.dbInit.securityContext | indent 8 }} 70 | {{- else }} 71 | {{- if .Values.hooks.securityContext }} 72 | securityContext: 73 | {{ toYaml .Values.hooks.securityContext | indent 8 }} 74 | {{- end }} 75 | {{- end }} 76 | containers: 77 | - name: user-create-job 78 | image: "{{ template "sentry.image" . }}" 79 | imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} 80 | command: 81 | - "/bin/bash" 82 | - "-c" 83 | # Create user but do not exit 1 when user already exists (exit code 3 from createuser command) 84 | # https://docs.sentry.io/server/cli/createuser/ 85 | - | 86 | sentry createuser \ 87 | --no-input \ 88 | --superuser \ 89 | --email "{{ .Values.user.email }}" \ 90 | --password "$ADMIN_PASSWORD" || true; \ 91 | if [ $? -eq 0 ] || [ $? -eq 3 ]; then \ 92 | exit 0; \ 93 | else \ 94 | exit 1; \ 95 | fi 96 | env: 97 | {{ include "sentry.env" . | indent 8 }} 98 | {{- if .Values.user.existingSecret }} 99 | - name: ADMIN_PASSWORD 100 | valueFrom: 101 | secretKeyRef: 102 | name: {{ .Values.user.existingSecret }} 103 | key: {{ default "admin-password" .Values.user.existingSecretKey }} 104 | {{- else if .Values.user.password }} 105 | - name: ADMIN_PASSWORD 106 | value: {{ .Values.user.password | quote }} 107 | {{- end }} 108 | {{- if .Values.hooks.dbInit.env }} 109 | {{ toYaml .Values.hooks.dbInit.env | indent 8 }} 110 | {{- end }} 111 | volumeMounts: 112 | - mountPath: /etc/sentry 113 | name: config 114 | readOnly: true 115 | {{- if .Values.hooks.dbInit.volumeMounts }} 116 | {{ toYaml .Values.hooks.dbInit.volumeMounts | indent 8 }} 117 | {{- end }} 118 | resources: 119 | {{ toYaml .Values.hooks.dbInit.resources | indent 10 }} 120 | {{- if .Values.hooks.dbInit.containerSecurityContext }} 121 | securityContext: 122 | {{ toYaml .Values.hooks.dbInit.containerSecurityContext | indent 10 }} 123 | {{- end }} 124 | {{- if .Values.hooks.dbInit.sidecars }} 125 | {{ toYaml .Values.hooks.dbInit.sidecars | indent 6 }} 126 | {{- end }} 127 | {{- if .Values.global.sidecars }} 128 | {{ toYaml .Values.global.sidecars | indent 6 }} 129 | {{- end }} 130 | volumes: 131 | - name: config 132 | configMap: 133 | name: {{ template "sentry.fullname" . }}-sentry 134 | {{- if .Values.hooks.dbInit.volumes }} 135 | {{ toYaml .Values.hooks.dbInit.volumes | indent 6 }} 136 | {{- end }} 137 | {{- if .Values.global.volumes }} 138 | {{ toYaml .Values.global.volumes | indent 6 }} 139 | {{- end }} 140 | {{- if .Values.hooks.shareProcessNamespace }} 141 | shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} 142 | {{- end }} 143 | {{- end -}} 144 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/metrics/deployment-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-metrics 6 | labels: 7 | app: {{ template "sentry.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- include "sentry.component.labels" (dict "component" "metrics" "ctx" .) | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | app: {{ template "sentry.fullname" . }}-metrics 16 | release: "{{ .Release.Name }}" 17 | role: metrics 18 | replicas: 1 19 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 20 | template: 21 | metadata: 22 | annotations: 23 | checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} 24 | checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} 25 | checksum/config.yaml: {{ include "sentry.config" . | sha256sum }} 26 | {{- if .Values.metrics.podAnnotations }} 27 | {{ toYaml .Values.metrics.podAnnotations | indent 8 }} 28 | {{- end }} 29 | labels: 30 | app: {{ template "sentry.fullname" . }}-metrics 31 | release: "{{ .Release.Name }}" 32 | role: metrics 33 | {{- include "sentry.component.labels" (dict "component" "metrics" "ctx" .) | nindent 8 }} 34 | {{- if .Values.metrics.podLabels }} 35 | {{ toYaml .Values.metrics.podLabels | indent 8 }} 36 | {{- end }} 37 | spec: 38 | {{- if .Values.metrics.affinity }} 39 | affinity: 40 | {{ toYaml .Values.metrics.affinity | indent 8 }} 41 | {{- end }} 42 | {{- if .Values.metrics.nodeSelector }} 43 | nodeSelector: 44 | {{ toYaml .Values.metrics.nodeSelector | indent 8 }} 45 | {{- else if .Values.global.nodeSelector }} 46 | nodeSelector: 47 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 48 | {{- end }} 49 | {{- if .Values.metrics.tolerations }} 50 | tolerations: 51 | {{ toYaml .Values.metrics.tolerations | indent 8 }} 52 | {{- else if .Values.global.tolerations }} 53 | tolerations: 54 | {{ toYaml .Values.global.tolerations | indent 8 }} 55 | {{- end }} 56 | {{- if .Values.metrics.schedulerName }} 57 | schedulerName: "{{ .Values.metrics.schedulerName }}" 58 | {{- end }} 59 | {{- if .Values.dnsPolicy }} 60 | dnsPolicy: {{ .Values.dnsPolicy | quote }} 61 | {{- end }} 62 | {{- if .Values.dnsConfig }} 63 | dnsConfig: 64 | {{ toYaml .Values.dnsConfig | indent 8 }} 65 | {{- end }} 66 | {{- if .Values.metrics.image.imagePullSecrets }} 67 | imagePullSecrets: 68 | {{ toYaml .Values.metrics.image.imagePullSecrets | indent 8 }} 69 | {{- end }} 70 | {{- if .Values.metrics.securityContext }} 71 | securityContext: 72 | {{ toYaml .Values.metrics.securityContext | indent 8 }} 73 | {{- end }} 74 | containers: 75 | - name: {{ .Chart.Name }}-metrics 76 | args: 77 | - "--statsd.listen-udp=:9125" 78 | - "--web.listen-address=:9102" 79 | image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" 80 | imagePullPolicy: {{ .Values.metrics.image.pullPolicy }} 81 | ports: 82 | - name: statsd 83 | containerPort: 9125 84 | - name: metrics 85 | containerPort: 9102 86 | {{- if .Values.metrics.volumeMounts }} 87 | volumeMounts: 88 | {{ toYaml .Values.metrics.volumeMounts | indent 8 }} 89 | {{- end }} 90 | {{- if .Values.metrics.livenessProbe.enabled }} 91 | livenessProbe: 92 | httpGet: 93 | path: /metrics 94 | port: 9102 95 | scheme: HTTP 96 | initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} 97 | periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} 98 | timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} 99 | successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} 100 | failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} 101 | {{- end }} 102 | {{- if .Values.metrics.readinessProbe.enabled }} 103 | readinessProbe: 104 | httpGet: 105 | path: /metrics 106 | port: 9102 107 | scheme: HTTP 108 | initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} 109 | periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} 110 | timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} 111 | successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} 112 | failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} 113 | {{- end }} 114 | resources: 115 | {{ toYaml .Values.metrics.resources | indent 10 }} 116 | {{- if .Values.metrics.containerSecurityContext }} 117 | securityContext: 118 | {{ toYaml .Values.metrics.containerSecurityContext | indent 10 }} 119 | {{- end }} 120 | {{- if .Values.metrics.sidecars }} 121 | {{ toYaml .Values.metrics.sidecars | indent 6 }} 122 | {{- end }} 123 | {{- if .Values.global.sidecars }} 124 | {{ toYaml .Values.global.sidecars | indent 6 }} 125 | {{- end }} 126 | {{- if or .Values.metrics.volumes .Values.global.volumes }} 127 | volumes: 128 | {{- if .Values.metrics.volumes }} 129 | {{ toYaml .Values.metrics.volumes | indent 6 }} 130 | {{- end }} 131 | {{- if .Values.global.volumes }} 132 | {{ toYaml .Values.global.volumes | indent 6 }} 133 | {{- end }} 134 | {{- end }} 135 | 136 | {{- if .Values.serviceAccount.enabled }} 137 | serviceAccountName: {{ .Values.serviceAccount.name }}-metrics 138 | {{- end }} 139 | {{- end }} 140 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/deployment-snuba-api.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.snuba.api.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-snuba-api 6 | labels: 7 | app: sentry 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- include "sentry.component.labels" (dict "component" "snuba-api" "ctx" .) | nindent 4 }} 12 | spec: 13 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 14 | selector: 15 | matchLabels: 16 | app: {{ template "sentry.fullname" . }} 17 | release: "{{ .Release.Name }}" 18 | role: snuba-api 19 | {{- if not .Values.snuba.api.autoscaling.enabled }} 20 | replicas: {{ .Values.snuba.api.replicas }} 21 | {{- end }} 22 | template: 23 | metadata: 24 | annotations: 25 | checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} 26 | checksum/config.yaml: {{ include "sentry.snuba.config" . | sha256sum }} 27 | {{- if .Values.snuba.api.annotations }} 28 | {{ toYaml .Values.snuba.api.annotations | indent 8 }} 29 | {{- end }} 30 | labels: 31 | app: {{ template "sentry.fullname" . }} 32 | release: "{{ .Release.Name }}" 33 | role: snuba-api 34 | {{- include "sentry.component.labels" (dict "component" "snuba-api" "ctx" .) | nindent 8 }} 35 | {{- if .Values.snuba.api.podLabels }} 36 | {{ toYaml .Values.snuba.api.podLabels | indent 8 }} 37 | {{- end }} 38 | spec: 39 | affinity: 40 | {{- if .Values.snuba.api.affinity }} 41 | {{ toYaml .Values.snuba.api.affinity | indent 8 }} 42 | {{- end }} 43 | {{- if .Values.snuba.api.nodeSelector }} 44 | nodeSelector: 45 | {{ toYaml .Values.snuba.api.nodeSelector | indent 8 }} 46 | {{- else if .Values.global.nodeSelector }} 47 | nodeSelector: 48 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 49 | {{- end }} 50 | {{- if .Values.snuba.api.tolerations }} 51 | tolerations: 52 | {{ toYaml .Values.snuba.api.tolerations | indent 8 }} 53 | {{- else if .Values.global.tolerations }} 54 | tolerations: 55 | {{ toYaml .Values.global.tolerations | indent 8 }} 56 | {{- end }} 57 | {{- if .Values.snuba.api.topologySpreadConstraints }} 58 | topologySpreadConstraints: 59 | {{ toYaml .Values.snuba.api.topologySpreadConstraints | indent 8 }} 60 | {{- end }} 61 | {{- if .Values.images.snuba.imagePullSecrets }} 62 | imagePullSecrets: 63 | {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} 64 | {{- end }} 65 | {{- if .Values.dnsPolicy }} 66 | dnsPolicy: {{ .Values.dnsPolicy | quote }} 67 | {{- end }} 68 | {{- if .Values.dnsConfig }} 69 | dnsConfig: 70 | {{ toYaml .Values.dnsConfig | indent 8 }} 71 | {{- end }} 72 | {{- if .Values.snuba.api.securityContext }} 73 | securityContext: 74 | {{ toYaml .Values.snuba.api.securityContext | indent 8 }} 75 | {{- end }} 76 | containers: 77 | - name: {{ .Chart.Name }}-snuba 78 | image: "{{ template "snuba.image" . }}" 79 | imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} 80 | {{- if .Values.snuba.api.command }} 81 | command: 82 | {{ toYaml .Values.snuba.api.command | indent 8 }} 83 | {{- end }} 84 | ports: 85 | - containerPort: {{ template "snuba.port" }} 86 | env: 87 | {{ include "sentry.snuba.env" . | indent 8 }} 88 | {{- if .Values.snuba.api.env }} 89 | {{ toYaml .Values.snuba.api.env | indent 8 }} 90 | {{- end }} 91 | envFrom: 92 | - secretRef: 93 | name: {{ template "sentry.fullname" . }}-snuba-env 94 | volumeMounts: 95 | - mountPath: /etc/snuba 96 | name: config 97 | readOnly: true 98 | {{- if .Values.snuba.api.volumeMounts }} 99 | {{ toYaml .Values.snuba.api.volumeMounts | indent 8 }} 100 | {{- end }} 101 | livenessProbe: 102 | failureThreshold: 5 103 | httpGet: 104 | path: /health 105 | port: {{ template "snuba.port" }} 106 | scheme: HTTP 107 | initialDelaySeconds: {{ .Values.snuba.api.probeInitialDelaySeconds }} 108 | periodSeconds: 10 109 | successThreshold: 1 110 | timeoutSeconds: {{ .Values.snuba.api.liveness.timeoutSeconds }} 111 | readinessProbe: 112 | failureThreshold: 10 113 | httpGet: 114 | path: /health 115 | port: {{ template "snuba.port" }} 116 | scheme: HTTP 117 | initialDelaySeconds: {{ .Values.snuba.api.probeInitialDelaySeconds }} 118 | periodSeconds: 10 119 | successThreshold: 1 120 | timeoutSeconds: {{ .Values.snuba.api.readiness.timeoutSeconds }} 121 | resources: 122 | {{ toYaml .Values.snuba.api.resources | indent 12 }} 123 | {{- if .Values.snuba.api.containerSecurityContext }} 124 | securityContext: 125 | {{ toYaml .Values.snuba.api.containerSecurityContext | indent 12 }} 126 | {{- end }} 127 | {{- if .Values.snuba.api.sidecars }} 128 | {{ toYaml .Values.snuba.api.sidecars | indent 6 }} 129 | {{- end }} 130 | {{- if .Values.global.sidecars }} 131 | {{ toYaml .Values.global.sidecars | indent 6 }} 132 | {{- end }} 133 | {{- if .Values.serviceAccount.enabled }} 134 | serviceAccountName: {{ .Values.serviceAccount.name }}-snuba 135 | {{- end }} 136 | volumes: 137 | - name: config 138 | configMap: 139 | name: {{ template "sentry.fullname" . }}-snuba 140 | {{- if .Values.snuba.api.volumes }} 141 | {{ toYaml .Values.snuba.api.volumes | indent 8 }} 142 | {{- end }} 143 | {{- if .Values.global.volumes }} 144 | {{ toYaml .Values.global.volumes | indent 8 }} 145 | {{- end }} 146 | {{- end }} 147 | -------------------------------------------------------------------------------- /charts/sentry/templates/relay/_helper-sentry-relay.tpl: -------------------------------------------------------------------------------- 1 | {{- define "sentry.relay.config" -}} 2 | {{- $redisHost := include "sentry.redis.host" . -}} 3 | {{- $redisPort := include "sentry.redis.port" . -}} 4 | {{- $redisPass := include "sentry.redis.password" . -}} 5 | {{- $redisDb := include "sentry.redis.db" . -}} 6 | {{- $redisProto := ternary "rediss" "redis" (eq (include "sentry.redis.ssl" .) "true") -}} 7 | config.yml: |- 8 | relay: 9 | {{- if .Values.relay.mode }} 10 | mode: {{ .Values.relay.mode }} 11 | {{- end }} 12 | upstream: "http://{{ template "sentry.fullname" . }}-web:{{ .Values.service.externalPort }}/" 13 | {{- if .Values.ipv6 }} 14 | host: "::" 15 | {{- else }} 16 | host: 0.0.0.0 17 | {{- end }} 18 | port: {{ template "relay.port" }} 19 | 20 | {{- if .Values.relay.cache }} 21 | {{- if .Values.relay.cache.envelopeBufferSize }} 22 | cache: 23 | envelope_buffer_size: {{ int64 .Values.relay.cache.envelopeBufferSize | quote }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | {{- if .Values.relay.logging }} 28 | logging: 29 | {{- if .Values.relay.logging.level }} 30 | level: {{ .Values.relay.logging.level }} 31 | {{- end }} 32 | {{- if .Values.relay.logging.format }} 33 | format: {{ .Values.relay.logging.format }} 34 | {{- end }} 35 | {{- end }} 36 | 37 | processing: 38 | enabled: true 39 | {{- if .Values.geodata.path }} 40 | geoip_path: {{ .Values.geodata.path | quote }} 41 | {{- end }} 42 | 43 | kafka_config: 44 | - name: "bootstrap.servers" 45 | value: {{ (include "sentry.kafka.bootstrap_servers_string" .) | quote }} 46 | {{- if .Values.relay.processing.kafkaConfig.messageMaxBytes }} 47 | - name: "message.max.bytes" 48 | value: {{ int64 .Values.relay.processing.kafkaConfig.messageMaxBytes | quote }} 49 | {{- end }} 50 | {{- if .Values.relay.processing.kafkaConfig.messageTimeoutMs }} 51 | - name: "message.timeout.ms" 52 | value: {{ int64 .Values.relay.processing.kafkaConfig.messageTimeoutMs | quote }} 53 | {{- end }} 54 | {{- if .Values.relay.processing.kafkaConfig.requestTimeoutMs }} 55 | - name: "request.timeout.ms" 56 | value: {{ int64 .Values.relay.processing.kafkaConfig.requestTimeoutMs | quote }} 57 | {{- end }} 58 | {{- if .Values.relay.processing.kafkaConfig.deliveryTimeoutMs }} 59 | - name: "delivery.timeout.ms" 60 | value: {{ int64 .Values.relay.processing.kafkaConfig.deliveryTimeoutMs | quote }} 61 | {{- end }} 62 | {{- if .Values.relay.processing.kafkaConfig.apiVersionRequestTimeoutMs }} 63 | - name: "api.version.request.timeout.ms" 64 | value: {{ int64 .Values.relay.processing.kafkaConfig.apiVersionRequestTimeoutMs | quote }} 65 | {{- end }} 66 | {{- $sentryKafkaSaslMechanism := include "sentry.kafka.sasl_mechanism" . -}} 67 | {{- if not (eq "None" $sentryKafkaSaslMechanism) }} 68 | - name: "sasl.mechanism" 69 | value: {{ $sentryKafkaSaslMechanism | quote }} 70 | {{- end }} 71 | {{- $sentryKafkaSaslUsername := include "sentry.kafka.sasl_username" . -}} 72 | {{- if not (eq "None" $sentryKafkaSaslUsername) }} 73 | - name: "sasl.username" 74 | value: {{ $sentryKafkaSaslUsername | quote }} 75 | {{- end }} 76 | {{- $sentryKafkaSaslPassword := include "sentry.kafka.sasl_password" . -}} 77 | {{- if not (eq "None" $sentryKafkaSaslPassword) }} 78 | - name: "sasl.password" 79 | value: {{ $sentryKafkaSaslPassword | quote }} 80 | {{- end }} 81 | {{- $sentryKafkaSecurityProtocol := include "sentry.kafka.security_protocol" . -}} 82 | {{- if not (eq "plaintext" $sentryKafkaSecurityProtocol) }} 83 | - name: security.protocol 84 | value: {{ $sentryKafkaSecurityProtocol | quote }} 85 | {{- end }} 86 | {{- if .Values.relay.processing.additionalKafkaConfig }} 87 | {{ toYaml .Values.relay.processing.additionalKafkaConfig | nindent 6 }} 88 | {{- end }} 89 | 90 | {{- if $redisPass }} 91 | {{- if and (not .Values.externalRedis.existingSecret) (not .Values.redis.auth.existingSecret)}} 92 | redis: "{{ $redisProto }}://:{{ $redisPass }}@{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}" 93 | {{- end }} 94 | {{- else }} 95 | redis: "{{ $redisProto }}://{{ $redisHost }}:{{ $redisPort }}/{{ $redisDb }}" 96 | {{- end }} 97 | 98 | {{- if ((.Values.kafkaTopicOverrides).prefix) }} 99 | topics: 100 | metrics_sessions: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-metrics" 101 | events: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-attachments" 102 | transactions: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-transactions" 103 | outcomes: "{{ default "" .Values.kafkaTopicOverrides.prefix }}outcomes" 104 | outcomes_billing: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-outcomes" 105 | metrics_generic: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-performance-metrics" 106 | profiles: "{{ default "" .Values.kafkaTopicOverrides.prefix }}profiles" 107 | replay_events: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-replay-events" 108 | replay_recordings: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-replay-recordings" 109 | monitors: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-monitors" 110 | spans: "{{ default "" .Values.kafkaTopicOverrides.prefix }}snuba-spans" 111 | metrics_summaries: "{{ default "" .Values.kafkaTopicOverrides.prefix }}snuba-metrics-summaries" 112 | cogs: "{{ default "" .Values.kafkaTopicOverrides.prefix }}shared-resources-usage" 113 | feedback: "{{ default "" .Values.kafkaTopicOverrides.prefix }}ingest-feedback-events" 114 | {{- else }} 115 | topics: 116 | metrics_sessions: "ingest-metrics" 117 | {{- end }} 118 | 119 | {{ .Values.config.relay | nindent 2 }} 120 | {{- end -}} 121 | -------------------------------------------------------------------------------- /charts/sentry/templates/sentry/vroom/deployment-vroom.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "feature-complete" .Values.profiles }} 2 | {{- if .Values.sentry.features.enableProfiling }} 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ template "sentry.fullname" . }}-vroom 7 | labels: 8 | app: {{ template "sentry.fullname" . }} 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | {{- include "sentry.component.labels" (dict "component" "vroom" "ctx" .) | nindent 4 }} 13 | {{- if .Values.asHook }} 14 | {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} 15 | annotations: 16 | meta.helm.sh/release-name: "{{ .Release.Name }}" 17 | meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" 18 | "helm.sh/hook": "post-install,post-upgrade" 19 | "helm.sh/hook-weight": "25" 20 | {{- end }} 21 | spec: 22 | selector: 23 | matchLabels: 24 | app: {{ template "sentry.fullname" . }} 25 | release: "{{ .Release.Name }}" 26 | role: vroom 27 | {{- if not .Values.vroom.autoscaling.enabled }} 28 | replicas: {{ .Values.vroom.replicas }} 29 | {{- end }} 30 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 31 | template: 32 | metadata: 33 | annotations: 34 | {{- if .Values.vroom.annotations }} 35 | {{ toYaml .Values.vroom.annotations | indent 8 }} 36 | {{- end }} 37 | labels: 38 | app: {{ template "sentry.fullname" . }} 39 | release: "{{ .Release.Name }}" 40 | role: vroom 41 | {{- include "sentry.component.labels" (dict "component" "vroom" "ctx" .) | nindent 8 }} 42 | {{- if .Values.vroom.podLabels }} 43 | {{ toYaml .Values.vroom.podLabels | indent 8 }} 44 | {{- end }} 45 | spec: 46 | affinity: 47 | {{- if .Values.vroom.affinity }} 48 | {{ toYaml .Values.vroom.affinity | indent 8 }} 49 | {{- end }} 50 | {{- if .Values.vroom.nodeSelector }} 51 | nodeSelector: 52 | {{ toYaml .Values.vroom.nodeSelector | indent 8 }} 53 | {{- else if .Values.global.nodeSelector }} 54 | nodeSelector: 55 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 56 | {{- end }} 57 | {{- if .Values.vroom.tolerations }} 58 | tolerations: 59 | {{ toYaml .Values.vroom.tolerations | indent 8 }} 60 | {{- else if .Values.global.tolerations }} 61 | tolerations: 62 | {{ toYaml .Values.global.tolerations | indent 8 }} 63 | {{- end }} 64 | {{- if .Values.vroom.topologySpreadConstraints }} 65 | topologySpreadConstraints: 66 | {{ toYaml .Values.vroom.topologySpreadConstraints | indent 8 }} 67 | {{- end }} 68 | {{- if .Values.images.vroom.imagePullSecrets }} 69 | imagePullSecrets: 70 | {{ toYaml .Values.images.vroom.imagePullSecrets | indent 8 }} 71 | {{- end }} 72 | {{- if .Values.vroom.securityContext }} 73 | securityContext: 74 | {{ toYaml .Values.vroom.securityContext | indent 8 }} 75 | {{- end }} 76 | containers: 77 | - name: {{ .Chart.Name }}-vroom 78 | {{- if .Values.vroom.args }} 79 | args: 80 | {{ toYaml .Values.vroom.args | indent 10 }} 81 | {{- end }} 82 | image: "{{ template "vroom.image" . }}" 83 | imagePullPolicy: {{ default "IfNotPresent" .Values.images.vroom.pullPolicy }} 84 | ports: 85 | - containerPort: {{ template "vroom.port" }} 86 | env: 87 | - name: VROOM_PORT 88 | value: '{{ template "vroom.port" }}' 89 | {{- include "vroom.env" . | nindent 8 }} 90 | {{- if .Values.vroom.env }} 91 | {{ toYaml .Values.vroom.env | indent 8 }} 92 | {{- end }} 93 | volumeMounts: 94 | - name: vroom-storage 95 | mountPath: /var/vroom/sentry-profiles 96 | {{- if .Values.vroom.volumeMounts }} 97 | {{ toYaml .Values.vroom.volumeMounts | indent 8 }} 98 | {{- end }} 99 | livenessProbe: 100 | failureThreshold: {{ .Values.vroom.probeFailureThreshold }} 101 | httpGet: 102 | path: /health 103 | port: {{ template "vroom.port" }} 104 | scheme: HTTP 105 | initialDelaySeconds: {{ .Values.vroom.probeInitialDelaySeconds }} 106 | periodSeconds: {{ .Values.vroom.probePeriodSeconds }} 107 | successThreshold: {{ .Values.vroom.probeSuccessThreshold }} 108 | timeoutSeconds: {{ .Values.vroom.probeTimeoutSeconds }} 109 | readinessProbe: 110 | failureThreshold: {{ .Values.vroom.probeFailureThreshold }} 111 | httpGet: 112 | path: /health 113 | port: {{ template "vroom.port" }} 114 | scheme: HTTP 115 | initialDelaySeconds: {{ .Values.vroom.probeInitialDelaySeconds }} 116 | periodSeconds: {{ .Values.vroom.probePeriodSeconds }} 117 | successThreshold: {{ .Values.vroom.probeSuccessThreshold }} 118 | timeoutSeconds: {{ .Values.vroom.probeTimeoutSeconds }} 119 | resources: 120 | {{ toYaml .Values.vroom.resources | indent 12 }} 121 | {{- if .Values.vroom.containerSecurityContext }} 122 | securityContext: 123 | {{ toYaml .Values.vroom.containerSecurityContext | indent 12 }} 124 | {{- end }} 125 | {{- if .Values.vroom.sidecars }} 126 | {{ toYaml .Values.vroom.sidecars | indent 6 }} 127 | {{- end }} 128 | {{- if .Values.global.sidecars }} 129 | {{ toYaml .Values.global.sidecars | indent 6 }} 130 | {{- end }} 131 | {{- if .Values.serviceAccount.enabled }} 132 | serviceAccountName: {{ .Values.serviceAccount.name }}-vroom 133 | {{- end }} 134 | volumes: 135 | {{- if .Values.vroom.persistence.enabled }} 136 | - name: vroom-storage 137 | persistentVolumeClaim: 138 | claimName: sentry-vroom-pvc 139 | {{- else }} 140 | - name: vroom-storage 141 | emptyDir: {} 142 | {{- end }} 143 | {{- if .Values.vroom.volumes }} 144 | {{ toYaml .Values.vroom.volumes | indent 6 }} 145 | {{- end }} 146 | {{- if .Values.global.volumes }} 147 | {{ toYaml .Values.global.volumes | indent 6 }} 148 | {{- end }} 149 | {{- if .Values.vroom.priorityClassName }} 150 | priorityClassName: "{{ .Values.vroom.priorityClassName }}" 151 | {{- end }} 152 | {{- end }} 153 | {{- end }} 154 | -------------------------------------------------------------------------------- /charts/sentry/templates/snuba/deployment-snuba-replacer.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.snuba.replacer.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "sentry.fullname" . }}-snuba-replacer 6 | labels: 7 | app: {{ template "sentry.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | {{- include "sentry.component.labels" (dict "component" "snuba-replacer" "ctx" .) | nindent 4 }} 12 | {{- if .Values.asHook }} 13 | {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} 14 | annotations: 15 | meta.helm.sh/release-name: "{{ .Release.Name }}" 16 | meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" 17 | "helm.sh/hook": "post-install,post-upgrade" 18 | "helm.sh/hook-weight": "18" 19 | {{- end }} 20 | spec: 21 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 22 | selector: 23 | matchLabels: 24 | app: {{ template "sentry.fullname" . }} 25 | release: "{{ .Release.Name }}" 26 | role: snuba-replacer 27 | replicas: {{ .Values.snuba.replacer.replicas }} 28 | template: 29 | metadata: 30 | annotations: 31 | checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} 32 | checksum/config.yaml: {{ include "sentry.snuba.config" . | sha256sum }} 33 | {{- if .Values.snuba.replacer.annotations }} 34 | {{ toYaml .Values.snuba.replacer.annotations | indent 8 }} 35 | {{- end }} 36 | labels: 37 | app: {{ template "sentry.fullname" . }} 38 | release: "{{ .Release.Name }}" 39 | role: snuba-replacer 40 | {{- include "sentry.component.labels" (dict "component" "snuba-replacer" "ctx" .) | nindent 8 }} 41 | {{- if .Values.snuba.replacer.podLabels }} 42 | {{ toYaml .Values.snuba.replacer.podLabels | indent 8 }} 43 | {{- end }} 44 | spec: 45 | affinity: 46 | {{- if .Values.snuba.replacer.affinity }} 47 | {{ toYaml .Values.snuba.replacer.affinity | indent 8 }} 48 | {{- end }} 49 | {{- if .Values.snuba.replacer.nodeSelector }} 50 | nodeSelector: 51 | {{ toYaml .Values.snuba.replacer.nodeSelector | indent 8 }} 52 | {{- else if .Values.global.nodeSelector }} 53 | nodeSelector: 54 | {{ toYaml .Values.global.nodeSelector | indent 8 }} 55 | {{- end }} 56 | {{- if .Values.snuba.replacer.tolerations }} 57 | tolerations: 58 | {{ toYaml .Values.snuba.replacer.tolerations | indent 8 }} 59 | {{- else if .Values.global.tolerations }} 60 | tolerations: 61 | {{ toYaml .Values.global.tolerations | indent 8 }} 62 | {{- end }} 63 | {{- if .Values.snuba.replacer.topologySpreadConstraints }} 64 | topologySpreadConstraints: 65 | {{ toYaml .Values.snuba.replacer.topologySpreadConstraints | indent 8 }} 66 | {{- end }} 67 | {{- if .Values.images.snuba.imagePullSecrets }} 68 | imagePullSecrets: 69 | {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} 70 | {{- end }} 71 | {{- if .Values.dnsPolicy }} 72 | dnsPolicy: {{ .Values.dnsPolicy | quote }} 73 | {{- end }} 74 | {{- if .Values.dnsConfig }} 75 | dnsConfig: 76 | {{ toYaml .Values.dnsConfig | indent 8 }} 77 | {{- end }} 78 | {{- if .Values.snuba.replacer.securityContext }} 79 | securityContext: 80 | {{ toYaml .Values.snuba.replacer.securityContext | indent 8 }} 81 | {{- end }} 82 | containers: 83 | - name: {{ .Chart.Name }}-snuba 84 | image: "{{ template "snuba.image" . }}" 85 | imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} 86 | command: 87 | - "snuba" 88 | - "replacer" 89 | - "--storage" 90 | - "errors" 91 | {{- if .Values.snuba.replacer.autoOffsetReset }} 92 | - "--auto-offset-reset" 93 | - "{{ .Values.snuba.replacer.autoOffsetReset }}" 94 | {{- end }} 95 | {{- if .Values.snuba.replacer.noStrictOffsetReset }} 96 | - "--no-strict-offset-reset" 97 | {{- end }} 98 | {{- if .Values.snuba.replacer.maxBatchTimeMs }} 99 | - "--max-batch-time-ms" 100 | - "{{ .Values.snuba.replacer.maxBatchTimeMs }}" 101 | {{- end }} 102 | {{- if .Values.snuba.replacer.queuedMaxMessagesKbytes }} 103 | - "--queued-max-messages-kbytes" 104 | - "{{ .Values.snuba.replacer.queuedMaxMessagesKbytes }}" 105 | {{- end }} 106 | {{- if .Values.snuba.replacer.queuedMinMessages }} 107 | - "--queued-min-messages" 108 | - "{{ .Values.snuba.replacer.queuedMinMessages }}" 109 | {{- if .Values.snuba.replacer.noStrictOffsetReset }} 110 | - "--no-strict-offset-reset" 111 | {{- end }} 112 | {{- end }} 113 | ports: 114 | - containerPort: {{ template "snuba.port" }} 115 | env: 116 | {{ include "sentry.snuba.env" . | indent 8 }} 117 | {{- if .Values.snuba.replacer.env }} 118 | {{ toYaml .Values.snuba.replacer.env | indent 8 }} 119 | {{- end }} 120 | envFrom: 121 | - secretRef: 122 | name: {{ template "sentry.fullname" . }}-snuba-env 123 | volumeMounts: 124 | - mountPath: /etc/snuba 125 | name: config 126 | readOnly: true 127 | {{- if .Values.snuba.replacer.volumeMounts }} 128 | {{ toYaml .Values.snuba.replacer.volumeMounts | indent 8 }} 129 | {{- end }} 130 | resources: 131 | {{ toYaml .Values.snuba.replacer.resources | indent 12 }} 132 | {{- if .Values.snuba.replacer.containerSecurityContext }} 133 | securityContext: 134 | {{ toYaml .Values.snuba.replacer.containerSecurityContext | indent 12 }} 135 | {{- end }} 136 | {{- if .Values.snuba.replacer.sidecars }} 137 | {{ toYaml .Values.snuba.replacer.sidecars | indent 6 }} 138 | {{- end }} 139 | {{- if .Values.global.sidecars }} 140 | {{ toYaml .Values.global.sidecars | indent 6 }} 141 | {{- end }} 142 | {{- if .Values.serviceAccount.enabled }} 143 | serviceAccountName: {{ .Values.serviceAccount.name }}-snuba 144 | {{- end }} 145 | volumes: 146 | - name: config 147 | configMap: 148 | name: {{ template "sentry.fullname" . }}-snuba 149 | {{- if .Values.snuba.replacer.volumes }} 150 | {{ toYaml .Values.snuba.replacer.volumes | indent 6 }} 151 | {{- end }} 152 | {{- if .Values.global.volumes }} 153 | {{ toYaml .Values.global.volumes | indent 6 }} 154 | {{- end }} 155 | {{- end }} 156 | --------------------------------------------------------------------------------