Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sentry: bump to 19.4.0 upstream (unpatched, as used by plural-artifacts now) #20

Merged
merged 1 commit into from
Nov 15, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 0 additions & 21 deletions charts/sentry/Chart.lock

This file was deleted.

36 changes: 23 additions & 13 deletions charts/sentry/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,32 +1,42 @@
apiVersion: v2
appVersion: 21.5.1
appVersion: 23.6.1
dependencies:
- condition: sourcemaps.enabled
name: memcached
repository: oci://registry-1.docker.io/bitnamicharts
version: 6.5.2
- condition: redis.enabled
name: redis
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 9.3.2
repository: oci://registry-1.docker.io/bitnamicharts
version: 17.11.3
- condition: kafka.enabled
name: kafka
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 12.0.0
repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
version: 16.3.2
- condition: clickhouse.enabled
name: clickhouse
repository: https://sentry-kubernetes.github.io/charts
version: 3.0.0
version: 3.3.0
- condition: zookeeper.enabled
name: zookeeper
repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
version: 9.0.0
- alias: rabbitmq
condition: rabbitmq.enabled
name: rabbitmq
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 8.9.1
repository: oci://registry-1.docker.io/bitnamicharts
version: 11.15.3
- condition: postgresql.enabled
name: postgresql
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 10.2.4
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.5.1
- condition: nginx.enabled
name: nginx
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 6.0.5
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.2.2
description: A Helm chart for Kubernetes
maintainers:
- name: sentry-kubernetes
name: sentry
type: application
version: 11.3.3
version: 19.4.0
210 changes: 149 additions & 61 deletions charts/sentry/README.md

Large diffs are not rendered by default.

Binary file removed charts/sentry/charts/clickhouse-3.0.0.tgz
Binary file not shown.
Binary file added charts/sentry/charts/clickhouse-3.3.0.tgz
Binary file not shown.
Binary file removed charts/sentry/charts/kafka-12.0.0.tgz
Binary file not shown.
Binary file added charts/sentry/charts/kafka-16.3.2.tgz
Binary file not shown.
Binary file added charts/sentry/charts/memcached-6.5.2.tgz
Binary file not shown.
Binary file added charts/sentry/charts/nginx-14.2.2.tgz
Binary file not shown.
Binary file removed charts/sentry/charts/nginx-6.0.5.tgz
Binary file not shown.
Binary file removed charts/sentry/charts/postgresql-10.2.4.tgz
Binary file not shown.
Binary file added charts/sentry/charts/postgresql-12.5.1.tgz
Binary file not shown.
Binary file added charts/sentry/charts/rabbitmq-11.15.3.tgz
Binary file not shown.
Binary file removed charts/sentry/charts/rabbitmq-8.9.1.tgz
Binary file not shown.
Binary file added charts/sentry/charts/redis-17.11.3.tgz
Binary file not shown.
Binary file removed charts/sentry/charts/redis-9.3.2.tgz
Binary file not shown.
Binary file added charts/sentry/charts/zookeeper-9.0.0.tgz
Binary file not shown.
85 changes: 85 additions & 0 deletions charts/sentry/docs/UPGRADE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
# Upgrade

## Upgrading from 13.x.x version of this Chart to 14.0.0

ClickHouse was reconfigured with sharding and replication in-mind, If you are using external ClickHouse, you don't need to do anything.

**WARNING**: You will lose current event data<br>
Otherwise, you should delete the old ClickHouse volumes in-order to upgrade to this version.


## Upgrading from 12.x.x version of this Chart to 13.0.0

The service annotions have been moved from the `service` section to the respective service's service sub-section. So what was:

```yaml
service:
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /_health/
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
```

will now be set per service:

```yaml
sentry:
web:
service:
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /_health/
alb.ingress.kubernetes.io/healthcheck-port: traffic-port

relay:
service:
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
```

## Upgrading from 11.x.x version of this Chart to 12.0.0

Redis chart was upgraded to newer version. If you are using external redis, you don't need to do anything.

Otherwise, when upgrading to chart version 12.x.x from 11.x.x you need to either run `helm upgrade` with `--force` flag, or prior to upgrade delete statefulsets for redis master and redis slave. Then run upgrade and it will roll out new statefulsets. Your master redis data will not be lost (PVC is not deleted when you delete statefulset). Your redis slave will now be named redis replica and you can delete PVCs that were used by redis slave after the upgrade.

## Upgrading from 10.x.x version of this Chart to 11.0.0

If you were using clickhouse tabix externally, we disabled it per default.

## Upgrading from deprecated 9.0 -> 10.0 Chart

As this chart runs in helm 3 and also tries its best to follow on from the original Sentry chart. There are some steps that needs to be taken in order to correctly upgrade.

From the previous upgrade, make sure to get the following from your previous installation:

- Redis Password (If Redis auth was enabled)
- Postgresql Password
Both should be in the `secrets` of your original 9.0 release. Make a note of both of these values.

### Upgrade Steps

Due to an issue where transferring from Helm 2 to 3. Statefulsets that use the following: `heritage: {{ .Release.Service }}` in the metadata field will error out with a `Forbidden` error during the upgrade. The only workaround is to delete the existing statefulsets (Don't worry, PVC will be retained):

```shell
kubectl delete --all sts -n <Sentry Namespace>
```

Once the statefulsets are deleted. Next steps is to convert the helm release from version 2 to 3 using the helm 3 plugin:

```shell
helm3 2to3 convert <Sentry Release Name>
```

Finally, it's just a case of upgrading and ensuring the correct params are used:

If Redis auth enabled:

```shell
helm upgrade -n <Sentry namespace> <Sentry Release> . --set redis.usePassword=true --set redis.password=<Redis Password>
```

If Redis auth is disabled:

```shell
helm upgrade -n <Sentry namespace> <Sentry Release> .
```
122 changes: 122 additions & 0 deletions charts/sentry/docs/usage-aws-terraform.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
# Usage with Terraform + AWS

`./templates/sentry_values.yaml` file

```yaml
prefix: ${module_prefix}

user:
create: true
email: ${sentry_email}
password: ${sentry_password}

nginx:
enabled: false

rabbitmq:
enabled: false

sentry:
web:
service:
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /_health/
alb.ingress.kubernetes.io/healthcheck-port: traffic-port

relay:
service:
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/
alb.ingress.kubernetes.io/healthcheck-port: traffic-port

postgresql:
enabled: true
nameOverride: sentry-postgresql
postgresqlUsername: postgres
postgresqlPassword: ${postgres_password}
postgresqlDatabase: sentry
replication:
enabled: false

ingress:
enabled: true
hostname: ${sentry_dns_name}
regexPathStyle: aws-alb
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/tags: ${tags}
alb.ingress.kubernetes.io/inbound-cidrs: ${allowed_cidr_blocks_str}
alb.ingress.kubernetes.io/subnets: ${public_subnet_ids_str}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-redirect: "443"
alb.ingress.kubernetes.io/certificate-arn: ${subdomain_cert_arn}
external-dns.alpha.kubernetes.io/hostname: ${sentry_dns_name}
```

`./helm.tf` file

```terraform
resource "helm_release" "sentry" {
name = "sentry"
chart = "${path.module}/helm_sentry/"
repository = "https://sentry-kubernetes.github.io/charts"
version = "14.0.0"
timeout = 600
wait = false
dependency_update = true

values = [
templatefile(
"${path.module}/templates/sentry_values.yaml",
{
module_prefix = "${var.module_prefix}",
sentry_email = "${var.sentry_email}",
sentry_password = "${var.sentry_password}",

sentry_dns_name = "${local.sentry_dns_name}",
subdomain_cert_arn = "${var.subdomain_cert_arn}",
allowed_cidr_blocks_str = "${join(",", var.allowed_cidr_blocks)}",
private_subnet_ids_str = "${join(",", var.private_subnet_ids)}",
public_subnet_ids_str = "${join(",", var.public_subnet_ids)}",
tags = "environment=${var.env}"
# postgres_db_host = "${module.sentry_rds_pg.this_rds_cluster_endpoint}",
# postgres_db_name = "${local.db_name}",
postgres_username = "${local.db_user}",
postgres_password = "${local.db_pass}",
}
)
]

depends_on = [
helm_release.lb_controller,
helm_release.external_dns,
]
}
```

### Notes

1. Ensure the control plane and node security groups are appropriately configured as documented [here](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#control-plane-worker-node-sgs).
2. Annotations for ingress are as mentioned [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/)
3. `healthcheck-path` and `healthcheck-port` annotations can be setup per target group using the alb annotations in the corresponding services as mentioned [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1056#issuecomment-551585078). For example, here we have:

```yaml
sentry:
web:
service:
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /_health/
alb.ingress.kubernetes.io/healthcheck-port: traffic-port

relay:
service:
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
```

Which are load balancer annotations specified in the service configuration for the load balancer to pick while creating the target groups.

NOTE: AWS ALB Controller's Service annotations don't apply here as we want the `aws-load-balancer-controller` to pick-up the services and apply the appropriate healthcheck-path per service and not create a load balancer for the service itself. The service annotations will only apply when you want the service to be load balanced.
89 changes: 89 additions & 0 deletions charts/sentry/docs/usage-digitalocean.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Usage with DigitalOcean

## Ingress Controller

DigitalOcean does not create an Ingress Controller or LoadBalancer when the sentry chart is installed.
This usage example is for when you want to do SSL termination at LoadBalancer.

#### Create an `ingress.yaml` file with the following content.

```yaml
controller:
name: controller
service:
# This redirects the https request to http port after SSL termination
targetPorts:
http: http
https: http
annotations:
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: {{.DO_CERTIFICATE_ID}}
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
service.beta.kubernetes.io/do-loadbalancer-hostname: {{.SENTRY_HOST}}
service.beta.kubernetes.io/do-loadbalancer-name: {{.SENTRY_HOST}}
config:
use-forwarded-headers: "true"
compute-full-forwarded-for: "true"
use-proxy-protocol: "true"
```

You can obtain the certificate id from doctl or [terraform](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/certificate)

#### Install the ingress controller to your cluster

```shell
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace -f ingress.yaml
```

```shell
doctl compute certificate list
```

## Chart configuration

`values.yaml`
```yaml
prefix:

# Required only when installing
user:
create: true
email: {{.SENTRY_EMAIL}}
password: {{.SENTRY_PASSWORD}}

nginx:
enabled: false

ingress:
enabled: true
hostname: {{.SENTRY_HOST}}
regexPathStyle: nginx
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

system:
url: "https://$SENTRY_HOST"
public: true
secret: {{.SENTRY_SECRET}}

postgresql:
enabled: false

# DigitalOcean managed database uses port 25060 and needs SSL to be enabled
externalPostgresql:
host: {{.SENTRY_DO_DB_HOST}}
port: 25060
database: {{.SENTRY_DO_DB_NAME}}
username: {{.SENTRY_DO_DB_USER}}
password: {{.SENTRY_DO_DB_PASSWORD}}
sslMode: require
```


### Notes

1. Nginx Ingress Service can be configured with [chart values](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx) and [annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/).
2. Annotations for DO Load Balancer are as mentioned [here](https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md)
Loading
Loading