Merge pull request #20 from maciejp-ro/sentry-19-4-0

sentry: bump to 19.4.0 upstream (unpatched, as used by plural-artifacts now)
pluralsh · Nov 15, 2023 · 5e74b96 · 5e74b96
2 parents c4fd447 + 389370c
commit 5e74b96
Show file tree

Hide file tree

Showing 96 changed files with 7,536 additions and 1,360 deletions.
diff --git a/charts/sentry/Chart.lock b/charts/sentry/Chart.lock
diff --git a/charts/sentry/Chart.yaml b/charts/sentry/Chart.yaml
@@ -1,32 +1,42 @@
 apiVersion: v2
-appVersion: 21.5.1
+appVersion: 23.6.1
 dependencies:
+- condition: sourcemaps.enabled
+  name: memcached
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 6.5.2
 - condition: redis.enabled
   name: redis
-  repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-  version: 9.3.2
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 17.11.3
 - condition: kafka.enabled
   name: kafka
-  repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-  version: 12.0.0
+  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
+  version: 16.3.2
 - condition: clickhouse.enabled
   name: clickhouse
   repository: https://sentry-kubernetes.github.io/charts
-  version: 3.0.0
+  version: 3.3.0
+- condition: zookeeper.enabled
+  name: zookeeper
+  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
+  version: 9.0.0
 - alias: rabbitmq
   condition: rabbitmq.enabled
   name: rabbitmq
-  repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-  version: 8.9.1
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 11.15.3
 - condition: postgresql.enabled
   name: postgresql
-  repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-  version: 10.2.4
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 12.5.1
 - condition: nginx.enabled
   name: nginx
-  repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-  version: 6.0.5
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 14.2.2
 description: A Helm chart for Kubernetes
+maintainers:
+- name: sentry-kubernetes
 name: sentry
 type: application
-version: 11.3.3
+version: 19.4.0
diff --git a/charts/sentry/README.md b/charts/sentry/README.md
diff --git a/charts/sentry/charts/clickhouse-3.0.0.tgz b/charts/sentry/charts/clickhouse-3.0.0.tgz
diff --git a/charts/sentry/charts/clickhouse-3.3.0.tgz b/charts/sentry/charts/clickhouse-3.3.0.tgz
diff --git a/charts/sentry/charts/kafka-12.0.0.tgz b/charts/sentry/charts/kafka-12.0.0.tgz
diff --git a/charts/sentry/charts/kafka-16.3.2.tgz b/charts/sentry/charts/kafka-16.3.2.tgz
diff --git a/charts/sentry/charts/memcached-6.5.2.tgz b/charts/sentry/charts/memcached-6.5.2.tgz
diff --git a/charts/sentry/charts/nginx-14.2.2.tgz b/charts/sentry/charts/nginx-14.2.2.tgz
diff --git a/charts/sentry/charts/nginx-6.0.5.tgz b/charts/sentry/charts/nginx-6.0.5.tgz
diff --git a/charts/sentry/charts/postgresql-10.2.4.tgz b/charts/sentry/charts/postgresql-10.2.4.tgz
diff --git a/charts/sentry/charts/postgresql-12.5.1.tgz b/charts/sentry/charts/postgresql-12.5.1.tgz
diff --git a/charts/sentry/charts/rabbitmq-11.15.3.tgz b/charts/sentry/charts/rabbitmq-11.15.3.tgz
diff --git a/charts/sentry/charts/rabbitmq-8.9.1.tgz b/charts/sentry/charts/rabbitmq-8.9.1.tgz
diff --git a/charts/sentry/charts/redis-17.11.3.tgz b/charts/sentry/charts/redis-17.11.3.tgz
diff --git a/charts/sentry/charts/redis-9.3.2.tgz b/charts/sentry/charts/redis-9.3.2.tgz
diff --git a/charts/sentry/charts/zookeeper-9.0.0.tgz b/charts/sentry/charts/zookeeper-9.0.0.tgz
diff --git a/charts/sentry/docs/UPGRADE.md b/charts/sentry/docs/UPGRADE.md
@@ -0,0 +1,85 @@
+# Upgrade
+
+## Upgrading from 13.x.x version of this Chart to 14.0.0
+
+ClickHouse was reconfigured with sharding and replication in-mind, If you are using external ClickHouse, you don't need to do anything.
+
+**WARNING**: You will lose current event data<br>
+Otherwise, you should delete the old ClickHouse volumes in-order to upgrade to this version.
+
+
+## Upgrading from 12.x.x version of this Chart to 13.0.0
+
+The service annotions have been moved from the `service` section to the respective service's service sub-section. So what was:
+
+```yaml
+service:
+  annotations:
+    alb.ingress.kubernetes.io/healthcheck-path: /_health/
+    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+```
+
+will now be set per service:
+
+```yaml
+sentry:
+  web:
+    service:
+      annotations:
+        alb.ingress.kubernetes.io/healthcheck-path: /_health/
+        alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+
+relay:
+  service:
+    annotations:
+      alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/
+      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+```
+
+## Upgrading from 11.x.x version of this Chart to 12.0.0
+
+Redis chart was upgraded to newer version. If you are using external redis, you don't need to do anything.
+
+Otherwise, when upgrading to chart version 12.x.x from 11.x.x you need to either run `helm upgrade` with `--force` flag, or prior to upgrade delete statefulsets for redis master and redis slave. Then run upgrade and it will roll out new statefulsets. Your master redis data will not be lost (PVC is not deleted when you delete statefulset). Your redis slave will now be named redis replica and you can delete PVCs that were used by redis slave after the upgrade.
+
+## Upgrading from 10.x.x version of this Chart to 11.0.0
+
+If you were using clickhouse tabix externally, we disabled it per default.
+
+## Upgrading from deprecated 9.0 -> 10.0 Chart
+
+As this chart runs in helm 3 and also tries its best to follow on from the original Sentry chart. There are some steps that needs to be taken in order to correctly upgrade.
+
+From the previous upgrade, make sure to get the following from your previous installation:
+
+- Redis Password (If Redis auth was enabled)
+- Postgresql Password
+  Both should be in the `secrets` of your original 9.0 release. Make a note of both of these values.
+
+### Upgrade Steps
+
+Due to an issue where transferring from Helm 2 to 3. Statefulsets that use the following: `heritage: {{ .Release.Service }}` in the metadata field will error out with a `Forbidden` error during the upgrade. The only workaround is to delete the existing statefulsets (Don't worry, PVC will be retained):
+
+```shell
+kubectl delete --all sts -n <Sentry Namespace>
+```
+
+Once the statefulsets are deleted. Next steps is to convert the helm release from version 2 to 3 using the helm 3 plugin:
+
+```shell
+helm3 2to3 convert <Sentry Release Name>
+```
+
+Finally, it's just a case of upgrading and ensuring the correct params are used:
+
+If Redis auth enabled:
+
+```shell
+helm upgrade -n <Sentry namespace> <Sentry Release> . --set redis.usePassword=true --set redis.password=<Redis Password>
+```
+
+If Redis auth is disabled:
+
+```shell
+helm upgrade -n <Sentry namespace> <Sentry Release> .
+```
diff --git a/charts/sentry/docs/usage-aws-terraform.md b/charts/sentry/docs/usage-aws-terraform.md
@@ -0,0 +1,122 @@
+# Usage with Terraform + AWS
+
+`./templates/sentry_values.yaml` file
+
+```yaml
+prefix: ${module_prefix}
+
+user:
+  create: true
+  email: ${sentry_email}
+  password: ${sentry_password}
+
+nginx:
+  enabled: false
+
+rabbitmq:
+  enabled: false
+
+sentry:
+  web:
+    service:
+      annotations:
+        alb.ingress.kubernetes.io/healthcheck-path: /_health/
+        alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+
+relay:
+  service:
+    annotations:
+      alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/
+      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+
+postgresql:
+  enabled: true
+  nameOverride: sentry-postgresql
+  postgresqlUsername: postgres
+  postgresqlPassword: ${postgres_password}
+  postgresqlDatabase: sentry
+  replication:
+    enabled: false
+
+ingress:
+  enabled: true
+  hostname: ${sentry_dns_name}
+  regexPathStyle: aws-alb
+  annotations:
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/tags: ${tags}
+    alb.ingress.kubernetes.io/inbound-cidrs: ${allowed_cidr_blocks_str}
+    alb.ingress.kubernetes.io/subnets: ${public_subnet_ids_str}
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
+    alb.ingress.kubernetes.io/ssl-redirect: "443"
+    alb.ingress.kubernetes.io/certificate-arn: ${subdomain_cert_arn}
+    external-dns.alpha.kubernetes.io/hostname: ${sentry_dns_name}
+```
+
+`./helm.tf` file
+
+```terraform
+resource "helm_release" "sentry" {
+  name  = "sentry"
+  chart = "${path.module}/helm_sentry/"
+  repository = "https://sentry-kubernetes.github.io/charts"
+  version    = "14.0.0"
+  timeout           = 600
+  wait              = false
+  dependency_update = true
+
+  values = [
+    templatefile(
+      "${path.module}/templates/sentry_values.yaml",
+      {
+        module_prefix   = "${var.module_prefix}",
+        sentry_email    = "${var.sentry_email}",
+        sentry_password = "${var.sentry_password}",
+
+        sentry_dns_name         = "${local.sentry_dns_name}",
+        subdomain_cert_arn      = "${var.subdomain_cert_arn}",
+        allowed_cidr_blocks_str = "${join(",", var.allowed_cidr_blocks)}",
+        private_subnet_ids_str  = "${join(",", var.private_subnet_ids)}",
+        public_subnet_ids_str   = "${join(",", var.public_subnet_ids)}",
+        tags                    = "environment=${var.env}"
+        # postgres_db_host        = "${module.sentry_rds_pg.this_rds_cluster_endpoint}",
+        # postgres_db_name        = "${local.db_name}",
+        postgres_username = "${local.db_user}",
+        postgres_password = "${local.db_pass}",
+      }
+    )
+  ]
+
+  depends_on = [
+    helm_release.lb_controller,
+    helm_release.external_dns,
+  ]
+}
+```
+
+### Notes
+
+1. Ensure the control plane and node security groups are appropriately configured as documented [here](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#control-plane-worker-node-sgs).
+2. Annotations for ingress are as mentioned [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/)
+3. `healthcheck-path` and `healthcheck-port` annotations can be setup per target group using the alb annotations in the corresponding services as mentioned [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1056#issuecomment-551585078). For example, here we have:
+
+```yaml
+sentry:
+  web:
+    service:
+      annotations:
+        alb.ingress.kubernetes.io/healthcheck-path: /_health/
+        alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+
+relay:
+  service:
+    annotations:
+      alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/
+      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+```
+
+Which are load balancer annotations specified in the service configuration for the load balancer to pick while creating the target groups.
+
+NOTE: AWS ALB Controller's Service annotations don't apply here as we want the `aws-load-balancer-controller` to pick-up the services and apply the appropriate healthcheck-path per service and not create a load balancer for the service itself. The service annotations will only apply when you want the service to be load balanced.
diff --git a/charts/sentry/docs/usage-digitalocean.md b/charts/sentry/docs/usage-digitalocean.md
@@ -0,0 +1,89 @@
+# Usage with DigitalOcean
+
+## Ingress Controller
+
+DigitalOcean does not create an Ingress Controller or LoadBalancer when the sentry chart is installed.
+This usage example is for when you want to do SSL termination at LoadBalancer.
+
+#### Create an `ingress.yaml` file with the following content.
+
+```yaml
+controller:
+  name: controller
+  service:
+    # This redirects the https request to http port after SSL termination
+    targetPorts:
+      http: http
+      https: http
+    annotations:
+      service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
+      service.beta.kubernetes.io/do-loadbalancer-certificate-id: {{.DO_CERTIFICATE_ID}}
+      service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
+      service.beta.kubernetes.io/do-loadbalancer-hostname: {{.SENTRY_HOST}}
+      service.beta.kubernetes.io/do-loadbalancer-name: {{.SENTRY_HOST}}
+  config:
+    use-forwarded-headers: "true"
+    compute-full-forwarded-for: "true"
+    use-proxy-protocol: "true"
+```
+
+You can obtain the certificate id from doctl or [terraform](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/certificate)
+
+#### Install the ingress controller to your cluster
+
+```shell
+helm upgrade --install ingress-nginx ingress-nginx \
+  --repo https://kubernetes.github.io/ingress-nginx \
+  --namespace ingress-nginx --create-namespace -f ingress.yaml
+```
+
+```shell
+doctl compute certificate list
+```
+
+## Chart configuration
+
+`values.yaml`
+```yaml
+prefix:
+
+# Required only when installing
+user:
+  create: true
+  email: {{.SENTRY_EMAIL}}
+  password: {{.SENTRY_PASSWORD}}
+
+nginx:
+  enabled: false
+
+ingress:
+  enabled: true
+  hostname: {{.SENTRY_HOST}}
+  regexPathStyle: nginx
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+
+system:
+  url: "https://$SENTRY_HOST"
+  public: true
+  secret: {{.SENTRY_SECRET}}
+
+postgresql:
+  enabled: false
+
+# DigitalOcean managed database uses port 25060 and needs SSL to be enabled
+externalPostgresql:
+  host: {{.SENTRY_DO_DB_HOST}}
+  port: 25060
+  database: {{.SENTRY_DO_DB_NAME}}
+  username: {{.SENTRY_DO_DB_USER}}
+  password: {{.SENTRY_DO_DB_PASSWORD}}
+  sslMode: require
+```
+
+
+### Notes
+
+1. Nginx Ingress Service can be configured with [chart values](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx) and [annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/).
+2. Annotations for DO Load Balancer are as mentioned [here](https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md)