├── .github └── workflows │ ├── helmchart-publish.yml │ └── release.yml ├── LICENSE ├── README.md └── charts ├── cnpg-cluster ├── .helmignore ├── Chart.yaml ├── README.md ├── README.md.gotmpl ├── templates │ ├── _helpers.tpl │ ├── backup.secret.yaml │ ├── cluster.cnpg.yaml │ ├── custom-any.service.yaml │ ├── custom-r.service.yaml │ ├── custom-ro.service.yaml │ ├── custom-rw.service.yaml │ ├── pooler.cnpg.yaml │ ├── registry-credentials.secret.yaml │ └── scheduledbackup.cnpg.yaml └── values.yaml ├── cnpg-monitoring ├── .helmignore ├── Chart.lock ├── Chart.yaml └── values.yaml ├── configmap2http ├── Chart.yaml ├── templates │ ├── deployment.yaml │ ├── ingress.yaml │ └── service.yaml └── values.yaml ├── eck-exporter ├── .helmignore ├── Chart.yaml ├── README.md ├── README.md.gotmpl ├── fixtures │ ├── sandbox-filebeat.beat.yaml │ ├── sandbox-fleet-server.agent.yaml │ ├── sandbox.apmserver.yaml │ ├── sandbox.elasticmapsserver.yaml │ ├── sandbox.elasticsearch.yaml │ ├── sandbox.enterprisesearch.yaml │ ├── sandbox.kibana.yaml │ └── sandbox.logstash.yaml ├── templates │ ├── _capabilities.tpl │ ├── _helpers.tpl │ ├── clusterrole.yaml │ ├── clusterrolebinding.yaml │ ├── configmap.yaml │ ├── deployment.yaml │ ├── extra.yaml │ ├── podmonitor.yaml │ ├── prometheusrule.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── servicemonitor.yaml └── values.yaml ├── kube-packetloss-exporter ├── .helmignore ├── Chart.yaml ├── files │ └── kube-packetloss-exporter-dashboard.json ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── daemonset.yaml │ ├── dashboard.configmap.yaml │ ├── role.yaml │ ├── rolebinding.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── servicemonitor.yaml └── values.yaml ├── kube-router ├── .helmignore ├── Chart.yaml ├── README.md ├── README.md.gotmpl ├── templates │ ├── NOTES.txt │ ├── _capabilities.tpl │ ├── _helpers.tpl │ ├── clusterrole.yaml │ ├── clusterrolebinding.yaml │ ├── configmap.yaml │ ├── daemonset.yaml │ ├── podmonitor.yaml │ └── serviceaccount.yaml └── values.yaml ├── monitoring-proxy ├── .helmignore ├── Chart.yaml ├── templates │ ├── _helpers.tpl │ ├── configmap.yaml │ ├── cp-daemonset.yaml │ ├── cp-service.yaml │ ├── kube-proxy-daemonset.yaml │ ├── kube-proxy-service.yaml │ ├── rbac.yaml │ └── serviceaccount.yaml └── values.yaml ├── rancher-monitoring-proxy ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── configmap.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── service.yaml │ └── serviceaccount.yaml └── values.yaml ├── san-iscsi-csi ├── .helmignore ├── Chart.yaml ├── LICENSE ├── README.md ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── daemonset.yaml │ ├── deployment.yaml │ ├── podmonitor.yaml │ ├── psp.yaml │ ├── rbac.yaml │ └── servicemonitor.yaml └── values.yaml └── swift-exporter ├── .helmignore ├── Chart.yaml ├── README.md ├── README.md.gotmpl ├── templates ├── _helpers.tpl ├── deployment.yaml ├── service.yaml ├── servicemonitor.yaml └── tests │ └── test-connection.yaml └── values.yaml /.github/workflows/helmchart-publish.yml: -------------------------------------------------------------------------------- 1 | name: Publish OCI charts 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | index_path: 7 | description: 'OCI index-latest.yaml path, without registry hostname' 8 | required: true 9 | 10 | env: 11 | REGISTRY: quay.io 12 | 13 | jobs: 14 | helmchart-publish: 15 | runs-on: ubuntu-latest 16 | 17 | permissions: 18 | contents: write 19 | 20 | steps: 21 | - name: Checkout 22 | uses: actions/checkout@v4 23 | with: 24 | ref: gh-pages 25 | fetch-depth: 0 26 | 27 | - name: Setup Oras 28 | uses: oras-project/setup-oras@v1 29 | 30 | - name: Download index-latest.yaml from workflow input 31 | #uses: mikefarah/yq@master 32 | run: | 33 | oras pull ${REGISTRY}/${{ inputs.index_path }} 34 | cat index-latest.yaml 35 | 36 | - name: Get index-latest.yaml chart name 37 | id: get_chart_name 38 | uses: mikefarah/yq@master 39 | with: 40 | cmd: yq '.entries | to_entries[0] | (.key)' index-latest.yaml 41 | 42 | - name: Get index-latest.yaml chart version 43 | id: get_chart_version 44 | uses: mikefarah/yq@master 45 | with: 46 | cmd: yq '.entries | to_entries[0] | (.value[0].version)' index-latest.yaml 47 | 48 | - name: Remove potential duplicate prior to merge 49 | uses: mikefarah/yq@master 50 | with: 51 | cmd: yq -i 'del(.entries.["${{ steps.get_chart_name.outputs.result }}"][] | select(.version == "${{ steps.get_chart_version.outputs.result }}"))' index.yaml 52 | 53 | - name: Merge index-latest.yaml into index.yaml 54 | uses: mikefarah/yq@master 55 | with: 56 | cmd: yq -i eval-all 'select(fi == 0) *++ select(fi == 1) | select(fi == 0)' index.yaml index-latest.yaml 57 | 58 | - name: Commit changes 59 | uses: stefanzweifel/git-auto-commit-action@v5 60 | with: 61 | commit_message: Publish chart ${{ steps.get_chart_name.outputs.result }} version ${{ steps.get_chart_version.outputs.result }} 62 | branch: gh-pages 63 | file_pattern: 'index.yaml' 64 | skip_fetch: true 65 | skip_checkout: true 66 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | workflow_dispatch: 5 | repository_dispatch: 6 | push: 7 | branches: 8 | - master 9 | paths-ignore: 10 | - '.github/**' 11 | - 'README.md' 12 | 13 | jobs: 14 | release: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v2 19 | with: 20 | fetch-depth: 0 21 | 22 | - name: Configure Git 23 | run: | 24 | git config user.name "$GITHUB_ACTOR" 25 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 26 | 27 | # https://github.com/helm/helm/issues/8036 28 | # https://github.com/helm/chart-releaser-action/issues/74 29 | - name: Checkout repositories for dependencies 30 | run: | 31 | helm repo add bitnami https://charts.bitnami.com/bitnami 32 | helm repo add prometheus-community https://prometheus-community.github.io/helm-charts 33 | 34 | - name: Run CI script if present 35 | run: | 36 | for chart in charts/*; do 37 | [ -e "$chart" ] || continue 38 | 39 | if [ -f "$chart/ci.sh" ]; then 40 | cd "$chart" 41 | echo "Running custom CI script for $chart" 42 | ./ci.sh "${{ github.event.client_payload.ref }}" "${{ github.event.client_payload.notes }}" "${{ github.event.client_payload.contains_security_updates }}" 43 | cd - > /dev/null 44 | fi 45 | done 46 | 47 | - name: Run chart-releaser index.yaml 48 | uses: helm/chart-releaser-action@v1.7.0 49 | env: 50 | CR_TOKEN: '${{ secrets.CR_TOKEN }}' 51 | 52 | - name: Run chart-releaser OCI 53 | uses: bitdeps/helm-oci-charts-releaser@v0.1.3 54 | with: 55 | oci_registry: quay.io/enix/charts 56 | oci_username: ${{ secrets.QUAY_USERNAME }} 57 | oci_password: ${{ secrets.QUAY_PASSWORD }} 58 | github_token: ${{ secrets.GITHUB_TOKEN }} 59 | skip_existing: false 60 | skip_helm_install: true 61 | skip_dependencies: true 62 | skip_gh_release: true 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # The Enix Package collection for Kubernetes 2 | 3 |

4 | 5 | 6 | 7 | 8 | 9 | 10 |

11 | 12 | A collection of [Helm](https://helm.sh) packages brought to you by [Enix Monkeys](https://enix.io) :monkey_face:. 13 | 14 | ## TL;DR 15 | 16 | ```bash 17 | $ helm repo add enix https://charts.enix.io/ 18 | $ helm search repo enix 19 | $ helm install my-release enix/ 20 | ``` 21 | 22 | ## Charts collection 23 | 24 | The following helm charts are maintained: 25 | * [kube-image-keeper](https://github.com/enix/kube-image-keeper/tree/main/helm/kube-image-keeper) ([Artifacthub](https://artifacthub.io/packages/helm/enix/kube-image-keeper)) 26 | * [x509-certificate-exporter](https://github.com/enix/x509-certificate-exporter/tree/main/deploy/charts/x509-certificate-exporter) ([Artifacthub](https://artifacthub.io/packages/helm/enix/x509-certificate-exporter)) 27 | * [kube-router](https://github.com/enix/helm-charts/tree/master/charts/kube-router) ([Artifacthub](https://artifacthub.io/packages/helm/enix/kube-router)) 28 | * [eck-exporter](https://github.com/enix/helm-charts/tree/master/charts/eck-exporter) ([Artifacthub](https://artifacthub.io/packages/helm/enix/eck-exporter)) 29 | * [san-iscsi-csi](https://github.com/enix/helm-charts/tree/master/charts/san-iscsi-csi) ([Artifacthub](https://artifacthub.io/packages/helm/enix/san-iscsi-csi)) 30 | 31 | Please refer to each individual documentation! 32 | 33 | # License 34 | 35 | ``` 36 | Copyright (c) 2022, 2023 ENIX 37 | 38 | Licensed under the Apache License, Version 2.0 (the "License"); 39 | you may not use this file except in compliance with the License. 40 | You may obtain a copy of the License at 41 | 42 | http://www.apache.org/licenses/LICENSE-2.0 43 | 44 | Unless required by applicable law or agreed to in writing, software 45 | distributed under the License is distributed on an "AS IS" BASIS, 46 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 47 | See the License for the specific language governing permissions and 48 | limitations under the License. 49 | ``` -------------------------------------------------------------------------------- /charts/cnpg-cluster/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/cnpg-cluster/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cnpg-cluster 3 | description: A Helm chart to create cloudnative-pg.io clusters 4 | type: application 5 | version: 2.0.1 6 | appVersion: "14.5-6" 7 | -------------------------------------------------------------------------------- /charts/cnpg-cluster/README.md: -------------------------------------------------------------------------------- 1 | # cnpg-cluster 2 | 3 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/enix)](https://artifacthub.io/packages/search?repo=enix) 4 |

5 | 6 | 7 | 8 | 9 |

10 | 11 | A Helm chart to create cloudnative-pg.io clusters 12 | 13 | ## TL;DR; 14 | 15 | ```bash 16 | $ helm repo add enix https://charts.enix.io/ 17 | $ helm install my-release enix/cnpg-cluster 18 | ``` 19 | 20 | ## Installing the Chart 21 | 22 | To install the chart with the release name `my-release`: 23 | 24 | ```bash 25 | $ helm install my-release enix/cnpg-cluster 26 | ``` 27 | 28 | The command deploys a CNPG cluster on the Kubernetes cluster in the default configuration. The [Chart Values](#chart-values) section lists the parameters that can be configured during installation. 29 | 30 | > **Tip**: List all releases using `helm list` 31 | 32 | ## Uninstalling the Chart 33 | 34 | To uninstall/delete the `my-release` deployment: 35 | 36 | ```bash 37 | $ helm delete my-release 38 | ``` 39 | 40 | The command removes all the Kubernetes components associated with the chart and deletes the release. 41 | 42 | ## Values 43 | 44 | | Key | Type | Default | Description | 45 | |-----|------|---------|-------------| 46 | | backup.azureCredentials | object | `nil` | The credentials to use to upload data to Azure Blob Storage See: https://cloudnative-pg.io/documentation/1.17/api_reference/#AzureCredentials | 47 | | backup.data | object | `{}` | Configuration of the backup of the data directory See: https://cloudnative-pg.io/documentation/1.17/api_reference/#DataBackupConfiguration | 48 | | backup.destinationPath | string | `""` | The path where to store the backup (i.e. s3://bucket/path/to/folder) this path, with different destination folders, will be used for WALs and for data -- | 49 | | backup.enabled | bool | `false` | Enable backups | 50 | | backup.endpointCA | string | `nil` | EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed certificates to avoid errors with certificate issuer and barman-cloud-wal-archive | 51 | | backup.endpointURL | string | `nil` | Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery | 52 | | backup.googleCredentials | object | `nil` | The credentials to use to upload data to Google Cloud Storage See: https://cloudnative-pg.io/documentation/1.17/api_reference/#GoogleCredentials | 53 | | backup.historyTags | object | `{}` | | 54 | | backup.retentionPolicy | string | `"30d"` | RetentionPolicy is the retention policy to be used for backups and WALs (i.e. '60d'). The retention policy is expressed in the form of XXu where XX is a positive integer and u is in [dwm] - days, weeks, months. | 55 | | backup.s3Credentials | object | `nil` | The credentials to use to upload data to S3 See: https://cloudnative-pg.io/documentation/1.17/api_reference/#S3Credentials | 56 | | backup.secretName | string | `nil` | Override secret name for the backup credentials | 57 | | backup.serverName | string | `nil` | The server name on S3, the cluster name is used if this parameter is omitted | 58 | | backup.tags | object | `{}` | | 59 | | backup.volumeSnapshot | object | `{}` | The configuration for the execution of volume snapshot backups. See: https://cloudnative-pg.io/documentation/1.22/cloudnative-pg.v1/#postgresql-cnpg-io-v1-VolumeSnapshotConfiguration | 60 | | backup.wal | object | `{}` | Configuration of the backup of the WAL stream See: https://cloudnative-pg.io/documentation/1.17/api_reference/#walbackupconfiguration | 61 | | clusterExtraSpec | object | `{}` | Extra configuration for Cluster resource. See: https://cloudnative-pg.io/documentation/1.17/api_reference/#clusterspec | 62 | | customServices | object | `{"any":{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"},"r":{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"},"ro":{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"},"rw":{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"}}` | Custom services to create | 63 | | customServices.any | object | `{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"}` | Custom services for any member | 64 | | customServices.r | object | `{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"}` | Custom services for readable members | 65 | | customServices.ro | object | `{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"}` | Custom services for read-only (replicas) members | 66 | | customServices.rw | object | `{"annotations":{},"enabled":false,"externalIPs":[],"type":"ClusterIP"}` | Custom services for read-write (primary) member | 67 | | extraAffinity | object | `{}` | Extra configuration for Cluster's affinity resource, see: https://cloudnative-pg.io/documentation/1.17/api_reference/#AffinityConfiguration | 68 | | fullnameOverride | string | `""` | String to fully override cnpg-cluster.fullname template with a string | 69 | | image.pullPolicy | string | `"IfNotPresent"` | Postgres image pull policy | 70 | | image.repository | string | `"ghcr.io/cloudnative-pg/postgresql"` | Postgres image repository. Keep empty to use operator's default image. See: https://cloudnative-pg.io/documentation/1.17/operator_capability_levels/#override-of-operand-images-through-the-crd | 71 | | image.tag | string | `""` | Override the Postgres image tag | 72 | | imagePullSecrets | list | `[]` | Docker-registry secret names as an array | 73 | | nameOverride | string | `""` | String to partially override cnpg-cluster.fullname template with a string (will prepend the release name) | 74 | | nodeSelector | object | `{}` | Postgres instances labels for pod assignment | 75 | | persistence.pvcTemplate | object | `{}` | Template to be used to generate the Persistent Volume Claim | 76 | | persistence.resizeInUseVolumes | string | `nil` | Resize existent PVCs, defaults to true | 77 | | persistence.size | string | `"1Gi"` | Size of each instance storage volume | 78 | | persistence.storageClass | string | `""` | StorageClass to use for database data, Applied after evaluating the PVC template, if available. If not specified, generated PVCs will be satisfied by the default storage class | 79 | | poolers | object | `{}` | Poller resources to create for this Cluster resource See: https://cloudnative-pg.io/documentation/1.17/api_reference/#PoolerSpec | 80 | | registryCredentials | string | `nil` | Create a docker-registry secret and use it as imagePullSecrets | 81 | | replicaCount | int | `1` | Number of Postgres instances in the cluster | 82 | | resources | object | `{}` | CPU/Memory resource requests/limits | 83 | | scheduledBackups | object | `{}` | ScheduledBackup resources to create for this Cluster resource See: https://cloudnative-pg.io/documentation/1.17/api_reference/#ScheduledBackupSpec | 84 | | tolerations | list | `[]` | Postgres instances labels for tolerations pod assignment | 85 | 86 | ## Upgrading 87 | 88 | ### To 2.0.0 89 | 90 | This major bump changes the following backup settings: 91 | * fix a discrepancy between doc and template, the parameter `secretName` previously a root value is now under `backup`: `backup.secretName`. 92 | * remove `backup.createSecret` parameter, secret is created by default unless `backup.secretName` is provided. 93 | 94 | ## License 95 | 96 | Copyright (c) 2022 ENIX 97 | 98 | Licensed under the Apache License, Version 2.0 (the "License"); 99 | you may not use this file except in compliance with the License. 100 | You may obtain a copy of the License at 101 | 102 | http://www.apache.org/licenses/LICENSE-2.0 103 | 104 | Unless required by applicable law or agreed to in writing, software 105 | distributed under the License is distributed on an "AS IS" BASIS, 106 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 107 | See the License for the specific language governing permissions and 108 | limitations under the License. 109 | -------------------------------------------------------------------------------- /charts/cnpg-cluster/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "chart.header" . }} 2 | 3 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/enix)](https://artifacthub.io/packages/search?repo=enix) 4 |

5 | 6 | 7 | 8 | 9 |

10 | 11 | {{ template "chart.description" . }} 12 | 13 | ## TL;DR; 14 | 15 | ```bash 16 | $ helm repo add enix https://charts.enix.io/ 17 | $ helm install my-release enix/cnpg-cluster 18 | ``` 19 | 20 | {{ template "chart.homepageLine" . }} 21 | 22 | {{ template "chart.requirementsSection" . }} 23 | 24 | ## Installing the Chart 25 | 26 | To install the chart with the release name `my-release`: 27 | 28 | ```bash 29 | $ helm install my-release enix/cnpg-cluster 30 | ``` 31 | 32 | The command deploys a CNPG cluster on the Kubernetes cluster in the default configuration. The [Chart Values](#chart-values) section lists the parameters that can be configured during installation. 33 | 34 | > **Tip**: List all releases using `helm list` 35 | 36 | ## Uninstalling the Chart 37 | 38 | To uninstall/delete the `my-release` deployment: 39 | 40 | ```bash 41 | $ helm delete my-release 42 | ``` 43 | 44 | The command removes all the Kubernetes components associated with the chart and deletes the release. 45 | 46 | {{ template "chart.valuesSection" . }} 47 | 48 | ## Upgrading 49 | 50 | ### To 2.0.0 51 | 52 | This major bump changes the following backup settings: 53 | * fix a discrepancy between doc and template, the parameter `secretName` previously a root value is now under `backup`: `backup.secretName`. 54 | * remove `backup.createSecret` parameter, secret is created by default unless `backup.secretName` is provided. 55 | 56 | ## License 57 | 58 | Copyright (c) 2022 ENIX 59 | 60 | Licensed under the Apache License, Version 2.0 (the "License"); 61 | you may not use this file except in compliance with the License. 62 | You may obtain a copy of the License at 63 | 64 | http://www.apache.org/licenses/LICENSE-2.0 65 | 66 | Unless required by applicable law or agreed to in writing, software 67 | distributed under the License is distributed on an "AS IS" BASIS, 68 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 69 | See the License for the specific language governing permissions and 70 | limitations under the License. 71 | -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "cnpg-cluster.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "cnpg-cluster.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "cnpg-cluster.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "cnpg-cluster.labels" -}} 37 | helm.sh/chart: {{ include "cnpg-cluster.chart" . }} 38 | {{ include "cnpg-cluster.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "cnpg-cluster.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "cnpg-cluster.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Backup secret name 55 | */}} 56 | {{- define "cnpg-cluster.backupSecretName" -}} 57 | {{ or .Values.backup.secretName (print (include "cnpg-cluster.fullname" .) `-backup`) }} 58 | {{- end }} 59 | -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/backup.secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.backup.enabled (not .Values.backup.secretName) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "cnpg-cluster.backupSecretName" . }} 6 | labels: 7 | {{- include "cnpg-cluster.labels" . | nindent 4 }} 8 | type: opaque 9 | data: 10 | {{- if .Values.backup.s3Credentials }} 11 | {{- with .Values.backup.s3Credentials.accessKeyId }} 12 | accessKeyId: {{ . | b64enc }} 13 | {{- end }} 14 | {{- with .Values.backup.s3Credentials.secretAccessKey }} 15 | secretAccessKey: {{ . | b64enc }} 16 | {{- end }} 17 | {{- with .Values.backup.s3Credentials.region }} 18 | region: {{ . | b64enc }} 19 | {{- end }} 20 | {{- with .Values.backup.s3Credentials.sessionToken }} 21 | sessionToken: {{ . | b64enc }} 22 | {{- end }} 23 | {{- else if .Values.backup.googleCredentials }} 24 | {{- with .Values.backup.googleCredentials.applicationCredentials }} 25 | applicationCredentials: {{ . | b64enc }} 26 | {{- end }} 27 | {{- else if .Values.backup.azureCredentials }} 28 | {{- with .Values.backup.azureCredentials.connectionString }} 29 | connectionString: {{ . | b64enc }} 30 | {{- end }} 31 | {{- with .Values.backup.azureCredentials.storageAccount }} 32 | storageAccount: {{ . | b64enc }} 33 | {{- end }} 34 | {{- with .Values.backup.azureCredentials.storageKey }} 35 | storageKey: {{ . | b64enc }} 36 | {{- end }} 37 | {{- with .Values.backup.azureCredentials.storageSasToken }} 38 | storageSasToken: {{ . | b64enc }} 39 | {{- end }} 40 | {{- else }} 41 | {{- end }} 42 | {{- end }} 43 | -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/cluster.cnpg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: postgresql.cnpg.io/v1 2 | kind: Cluster 3 | metadata: 4 | name: {{ include "cnpg-cluster.fullname" . }} 5 | labels: 6 | {{- include "cnpg-cluster.labels" . | nindent 4 }} 7 | spec: 8 | instances: {{ .Values.replicaCount }} 9 | {{- if .Values.image.repository }} 10 | imageName: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 11 | {{- end }} 12 | imagePullPolicy: {{ .Values.image.pullPolicy }} 13 | {{- if or .Values.imagePullSecrets .Values.registryCredentials }} 14 | imagePullSecrets: 15 | {{- with .Values.imagePullSecrets }} 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | {{- range $name, $settings := .Values.registryCredentials }} 19 | - name: "{{ include "cnpg-cluster.fullname" $ }}-{{ $name }}" 20 | {{- end }} 21 | {{- end }} 22 | 23 | {{- with .Values.resources }} 24 | resources: 25 | {{- toYaml . | nindent 4 }} 26 | {{- end }} 27 | 28 | {{- if or .Values.nodeSelector .Values.tolerations .Values.extraAffinity }} 29 | affinity: 30 | {{- with .Values.nodeSelector }} 31 | nodeSelector: 32 | {{- toYaml . | nindent 6 }} 33 | {{- end }} 34 | {{- with .Values.tolerations }} 35 | tolerations: 36 | {{- toYaml . | nindent 6 }} 37 | {{- end }} 38 | {{- with .Values.extraAffinity }} 39 | {{- toYaml . | nindent 4 }} 40 | {{- end }} 41 | {{- end }} 42 | 43 | storage: 44 | size: {{ .Values.persistence.size | quote }} 45 | {{- with .Values.persistence.resizeInUseVolumes }} 46 | resizeInUseVolumes: {{ . | quote }} 47 | {{- end }} 48 | {{- if .Values.persistence.storageClass }} 49 | {{- if (eq "-" .Values.persistence.storageClass) }} 50 | storageClass: "" 51 | {{- else }} 52 | storageClass: "{{ .Values.persistence.storageClass }}" 53 | {{- end }} 54 | {{- end }} 55 | {{- with .Values.persistence.pvcTemplate }} 56 | pvcTemplate: 57 | {{- toYaml . | nindent 6 }} 58 | {{- end }} 59 | 60 | {{- if .Values.backup.enabled }} 61 | backup: 62 | retentionPolicy: "{{ .Values.backup.retentionPolicy }}" 63 | barmanObjectStore: 64 | {{- with .Values.backup.endpointURL }} 65 | endpointURL: "{{ . }}" 66 | {{- end }} 67 | {{- with .Values.backup.endpointCA }} 68 | endpointCA: "{{ . }}" 69 | {{- end }} 70 | destinationPath: {{ .Values.backup.destinationPath }} 71 | {{- with .Values.backup.serverName }} 72 | serverName: "{{ . }}" 73 | {{- end }} 74 | {{- with .Values.backup.wal }} 75 | wal: 76 | {{- toYaml . | nindent 8 }} 77 | {{- end }} 78 | {{- with .Values.backup.data }} 79 | data: 80 | {{- toYaml . | nindent 8 }} 81 | {{- end }} 82 | {{- with .Values.backup.tags }} 83 | tags: 84 | {{- toYaml . | nindent 8 }} 85 | {{- end }} 86 | {{- with .Values.backup.historyTags }} 87 | historyTags: 88 | {{- toYaml . | nindent 8 }} 89 | {{- end }} 90 | {{- if .Values.backup.s3Credentials }} 91 | s3Credentials: 92 | {{- with .Values.backup.s3Credentials.accessKeyId }} 93 | accessKeyId: 94 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 95 | key: "accessKeyId" 96 | {{- end }} 97 | {{- with .Values.backup.s3Credentials.secretAccessKey }} 98 | secretAccessKey: 99 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 100 | key: "secretAccessKey" 101 | {{- end }} 102 | {{- with .Values.backup.s3Credentials.region }} 103 | region: 104 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 105 | key: "region" 106 | {{- end }} 107 | {{- with .Values.backup.s3Credentials.sessionToken }} 108 | sessionToken: 109 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 110 | key: "sessionToken" 111 | {{- end }} 112 | {{- with .Values.backup.s3Credentials.inheritFromIAMRole }} 113 | inheritFromIAMRole: {{ . }} 114 | {{- end }} 115 | {{- else if .Values.backup.googleCredentials }} 116 | googleCredentials: 117 | {{- with .Values.backup.googleCredentials.gkeEnvironment }} 118 | gkeEnvironment: {{ . }} 119 | {{- end }} 120 | {{- with .Values.backup.googleCredentials.applicationCredentials }} 121 | applicationCredentials: 122 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 123 | key: "applicationCredentials" 124 | {{- end }} 125 | {{- else if .Values.backup.azureCredentials }} 126 | azureCredentials: 127 | {{- with .Values.backup.azureCredentials.connectionString }} 128 | connectionString: 129 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 130 | key: "connectionString" 131 | {{- end }} 132 | {{- with .Values.backup.azureCredentials.storageAccount }} 133 | storageAccount: 134 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 135 | key: "storageAccount" 136 | {{- end }} 137 | {{- with .Values.backup.azureCredentials.storageKey }} 138 | storageKey: 139 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 140 | key: "storageKey" 141 | {{- end }} 142 | {{- with .Values.backup.azureCredentials.storageSasToken }} 143 | storageSasToken: 144 | name: {{ include "cnpg-cluster.backupSecretName" $ }} 145 | key: "storageSasToken" 146 | {{- end }} 147 | {{- with .Values.backup.azureCredentials.inheritFromAzureAD }} 148 | inheritFromAzureAD: {{ . }} 149 | {{- end }} 150 | {{- else }} 151 | {{- end }} 152 | {{- with .Values.backup.volumeSnapshot }} 153 | volumeSnapshot: 154 | {{- toYaml . | nindent 6 }} 155 | {{- end }} 156 | {{- end }} 157 | 158 | {{- with .Values.clusterExtraSpec }} 159 | {{- toYaml . | nindent 2 }} 160 | {{- end }} -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/custom-any.service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.customServices.any.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- with .Values.customServices.any.annotations }} 6 | annotations: 7 | {{- toYaml . | nindent 4 }} 8 | {{- end }} 9 | name: {{ include "cnpg-cluster.fullname" . }}-custom-any 10 | spec: 11 | type: {{ .Values.customServices.any.type }} 12 | internalTrafficPolicy: Cluster 13 | ports: 14 | - name: postgres 15 | port: 5432 16 | protocol: TCP 17 | targetPort: 5432 18 | publishNotReadyAddresses: true 19 | selector: 20 | postgresql: {{ include "cnpg-cluster.fullname" . }} 21 | {{- with .Values.customServices.any.externalIPs }} 22 | externalIPs: 23 | {{- toYaml . | nindent 4 }} 24 | {{- end }} 25 | {{- end }} -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/custom-r.service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.customServices.any.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- with .Values.customServices.r.annotations }} 6 | annotations: 7 | {{- toYaml . | nindent 4 }} 8 | {{- end }} 9 | name: {{ include "cnpg-cluster.fullname" . }}-custom-r 10 | spec: 11 | type: {{ .Values.customServices.r.type }} 12 | internalTrafficPolicy: Cluster 13 | ports: 14 | - name: postgres 15 | port: 5432 16 | protocol: TCP 17 | targetPort: 5432 18 | selector: 19 | cnpg.io/cluster: {{ include "cnpg-cluster.fullname" . }} 20 | cnpg.io/podRole: instance 21 | {{- with .Values.customServices.r.externalIPs }} 22 | externalIPs: 23 | {{- toYaml . | nindent 4 }} 24 | {{- end }} 25 | {{- end }} -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/custom-ro.service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.customServices.ro.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- with .Values.customServices.ro.annotations }} 6 | annotations: 7 | {{- toYaml . | nindent 4 }} 8 | {{- end }} 9 | name: {{ include "cnpg-cluster.fullname" . }}-custom-ro 10 | spec: 11 | type: {{ .Values.customServices.ro.type }} 12 | internalTrafficPolicy: Cluster 13 | ports: 14 | - name: postgres 15 | port: 5432 16 | protocol: TCP 17 | targetPort: 5432 18 | selector: 19 | cnpg.io/cluster: {{ include "cnpg-cluster.fullname" . }} 20 | role: replica 21 | {{- with .Values.customServices.ro.externalIPs }} 22 | externalIPs: 23 | {{- toYaml . | nindent 4 }} 24 | {{- end }} 25 | {{- end }} -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/custom-rw.service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.customServices.rw.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- with .Values.customServices.rw.annotations }} 6 | annotations: 7 | {{- toYaml . | nindent 4 }} 8 | {{- end }} 9 | name: {{ include "cnpg-cluster.fullname" . }}-custom-rw 10 | spec: 11 | type: {{ .Values.customServices.rw.type }} 12 | internalTrafficPolicy: Cluster 13 | ports: 14 | - name: postgres 15 | port: 5432 16 | protocol: TCP 17 | targetPort: 5432 18 | publishNotReadyAddresses: true 19 | selector: 20 | cnpg.io/cluster: {{ include "cnpg-cluster.fullname" . }} 21 | role: primary 22 | {{- with .Values.customServices.rw.externalIPs }} 23 | externalIPs: 24 | {{- toYaml . | nindent 4 }} 25 | {{- end }} 26 | {{- end }} -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/pooler.cnpg.yaml: -------------------------------------------------------------------------------- 1 | {{- range $name, $spec := .Values.poolers }} 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: Pooler 4 | metadata: 5 | name: {{ include "cnpg-cluster.fullname" $ }}-{{ $name }} 6 | labels: 7 | {{- include "cnpg-cluster.labels" $ | nindent 4 }} 8 | spec: 9 | cluster: 10 | name: {{ include "cnpg-cluster.fullname" $ }} 11 | {{- toYaml $spec | nindent 2 }} 12 | {{- end }} -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/registry-credentials.secret.yaml: -------------------------------------------------------------------------------- 1 | {{- range $name, $settings := .Values.registryCredentials }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "cnpg-cluster.fullname" $ }}-{{ $name }} 6 | labels: 7 | {{- include "cnpg-cluster.labels" $ | nindent 4 }} 8 | type: kubernetes.io/dockerconfigjson 9 | data: 10 | .dockerconfigjson: "{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" $settings.registry $settings.username $settings.password $settings.email (printf "%s:%s" $settings.username $settings.password | b64enc) | b64enc }}" 11 | --- 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/cnpg-cluster/templates/scheduledbackup.cnpg.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.backup.enabled }} 2 | {{- range $name, $spec := .Values.scheduledBackups }} 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: {{ include "cnpg-cluster.fullname" $ }}-{{ $name }} 7 | labels: 8 | {{- include "cnpg-cluster.labels" $ | nindent 4 }} 9 | spec: 10 | cluster: 11 | name: {{ include "cnpg-cluster.fullname" $ }} 12 | {{- toYaml $spec | nindent 2 }} 13 | {{- end }} 14 | {{- end }} -------------------------------------------------------------------------------- /charts/cnpg-cluster/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for cnpg-cluster. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # -- Number of Postgres instances in the cluster 6 | replicaCount: 1 7 | 8 | image: 9 | # -- Postgres image repository. Keep empty to use operator's default image. See: https://cloudnative-pg.io/documentation/1.17/operator_capability_levels/#override-of-operand-images-through-the-crd 10 | repository: "ghcr.io/cloudnative-pg/postgresql" 11 | # -- Postgres image pull policy 12 | pullPolicy: IfNotPresent 13 | # -- Override the Postgres image tag 14 | tag: "" 15 | 16 | # -- Docker-registry secret names as an array 17 | imagePullSecrets: [] 18 | # -- Create a docker-registry secret and use it as imagePullSecrets 19 | registryCredentials: 20 | # Eg: 21 | # mygitlab: 22 | # registry: gitlab-registry.example.org 23 | # email: foo@example.org 24 | # username: foobar 25 | # password: secret 26 | # -- String to partially override cnpg-cluster.fullname template with a string (will prepend the release name) 27 | nameOverride: "" 28 | # -- String to fully override cnpg-cluster.fullname template with a string 29 | fullnameOverride: "" 30 | 31 | # -- CPU/Memory resource requests/limits 32 | resources: {} 33 | # We usually recommend not to specify default resources and to leave this as a conscious 34 | # choice for the user. This also increases chances charts run on environments with little 35 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 36 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 37 | # limits: 38 | # cpu: 100m 39 | # memory: 128Mi 40 | # requests: 41 | # cpu: 100m 42 | # memory: 128Mi 43 | 44 | # -- Postgres instances labels for pod assignment 45 | nodeSelector: {} 46 | 47 | # -- Postgres instances labels for tolerations pod assignment 48 | tolerations: [] 49 | 50 | # -- Extra configuration for Cluster's affinity resource, 51 | # see: https://cloudnative-pg.io/documentation/1.17/api_reference/#AffinityConfiguration 52 | extraAffinity: {} 53 | 54 | persistence: 55 | # -- Size of each instance storage volume 56 | size: 1Gi 57 | # -- Resize existent PVCs, defaults to true 58 | resizeInUseVolumes: 59 | # persistence.storageClass -- StorageClass to use for database data, 60 | # Applied after evaluating the PVC template, if available. 61 | # If not specified, generated PVCs will be satisfied by the default storage class 62 | storageClass: "" 63 | # persistence.pvcTemplate -- Template to be used to generate the Persistent Volume Claim 64 | pvcTemplate: {} 65 | 66 | backup: 67 | # -- Enable backups 68 | enabled: false 69 | 70 | # -- The path where to store the backup (i.e. s3://bucket/path/to/folder) this path, 71 | # with different destination folders, will be used for WALs and for data -- 72 | destinationPath: "" 73 | 74 | # -- RetentionPolicy is the retention policy to be used for backups and WALs (i.e. '60d'). 75 | # The retention policy is expressed in the form of XXu where XX is a positive integer and 76 | # u is in [dwm] - days, weeks, months. 77 | retentionPolicy: 30d 78 | 79 | # -- (string) Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery 80 | endpointURL: 81 | 82 | # -- (string) EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed 83 | # certificates to avoid errors with certificate issuer and barman-cloud-wal-archive 84 | endpointCA: 85 | 86 | # -- (string) The server name on S3, the cluster name is used if this parameter is omitted 87 | serverName: 88 | 89 | # -- Configuration of the backup of the WAL stream 90 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#walbackupconfiguration 91 | wal: {} 92 | 93 | # -- Configuration of the backup of the data directory 94 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#DataBackupConfiguration 95 | data: {} 96 | 97 | # -- Tags is a list of key value pairs that will be passed to the Barman --tags option 98 | tags: {} 99 | 100 | # -- HistoryTags is a list of key value pairs that will be passed to the Barman --history-tags option 101 | historyTags: {} 102 | 103 | # -- Override secret name for the backup credentials 104 | secretName: 105 | 106 | # -- (object) The credentials to use to upload data to Google Cloud Storage 107 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#GoogleCredentials 108 | googleCredentials: 109 | #gkeEnvironment: 110 | #applicationCredentials: 111 | 112 | # -- (object) The credentials to use to upload data to S3 113 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#S3Credentials 114 | s3Credentials: 115 | # accessKeyId: 116 | # secretAccessKey: 117 | # region: 118 | # sessionToken: 119 | # inheritFromIAMRole: 120 | 121 | # -- (object) The credentials to use to upload data to Azure Blob Storage 122 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#AzureCredentials 123 | azureCredentials: 124 | # connectionString: 125 | # storageAccount: 126 | # storageKey: 127 | # storageSasToken: 128 | # inheritFromAzureAD: 129 | 130 | # -- (object) The configuration for the execution of volume snapshot backups. 131 | # See: https://cloudnative-pg.io/documentation/1.22/cloudnative-pg.v1/#postgresql-cnpg-io-v1-VolumeSnapshotConfiguration 132 | volumeSnapshot: {} 133 | 134 | # -- Extra configuration for Cluster resource. 135 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#clusterspec 136 | clusterExtraSpec: {} 137 | 138 | # -- ScheduledBackup resources to create for this Cluster resource 139 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#ScheduledBackupSpec 140 | scheduledBackups: {} 141 | # Eg: 142 | # daily: 143 | # schedule: "0 0 0 * * *" 144 | 145 | # -- Poller resources to create for this Cluster resource 146 | # See: https://cloudnative-pg.io/documentation/1.17/api_reference/#PoolerSpec 147 | poolers: {} 148 | # Eg: 149 | # rw: 150 | # instances: 3 151 | # type: rw 152 | # pgbouncer: 153 | # poolMode: session 154 | # parameters: 155 | # max_client_conn: "1000" 156 | # default_pool_size: "10" 157 | 158 | # -- Custom services to create 159 | customServices: 160 | # -- Custom services for any member 161 | any: 162 | enabled: False 163 | type: ClusterIP 164 | annotations: {} 165 | externalIPs: [] 166 | # -- Custom services for readable members 167 | r: 168 | enabled: False 169 | type: ClusterIP 170 | annotations: {} 171 | externalIPs: [] 172 | # -- Custom services for read-only (replicas) members 173 | ro: 174 | enabled: False 175 | type: ClusterIP 176 | annotations: {} 177 | externalIPs: [] 178 | # -- Custom services for read-write (primary) member 179 | rw: 180 | enabled: False 181 | type: ClusterIP 182 | annotations: {} 183 | externalIPs: [] -------------------------------------------------------------------------------- /charts/cnpg-monitoring/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/cnpg-monitoring/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: kube-state-metrics 3 | repository: https://prometheus-community.github.io/helm-charts 4 | version: 5.26.0 5 | digest: sha256:ecfd19f26e126a0147f4c329fc5af51e3477fbb6ba4459768a1fa61b1c08dbc8 6 | generated: "2024-10-22T11:54:50.777825054+02:00" 7 | -------------------------------------------------------------------------------- /charts/cnpg-monitoring/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cnpg-monitoring 3 | description: A kube-state-metrics to generate and expose CNPG resources metrics 4 | type: application 5 | version: 0.2.0 6 | dependencies: 7 | - name: kube-state-metrics 8 | version: "5.26.*" 9 | repository: https://prometheus-community.github.io/helm-charts 10 | -------------------------------------------------------------------------------- /charts/cnpg-monitoring/values.yaml: -------------------------------------------------------------------------------- 1 | kube-state-metrics: 2 | prometheus: 3 | monitor: 4 | enabled: true 5 | jobLabel: "app.kubernetes.io/instance" 6 | collectors: [ ] 7 | extraArgs: 8 | - --custom-resource-state-only=true 9 | rbac: 10 | extraRules: 11 | - apiGroups: 12 | - postgresql.cnpg.io 13 | resources: 14 | - clusters 15 | - poolers 16 | - scheduledbackups 17 | verbs: [ "list", "watch" ] 18 | 19 | customResourceState: 20 | enabled: true 21 | config: 22 | spec: 23 | resources: 24 | - groupVersionKind: 25 | group: postgresql.cnpg.io 26 | version: v1 27 | kind: Cluster 28 | metricNamePrefix: cnpg_resource_cluster 29 | metrics: 30 | - name: info 31 | help: Information about CNPG Cluster 32 | each: 33 | type: Info 34 | info: 35 | labelsFromPath: 36 | cnpg_commit_hash: [status, cloudNativePGCommitHash] 37 | primary_update_method: [spec, primaryUpdateMethod] 38 | primary_update_strategy: [spec, primaryUpdateStrategy] 39 | - name: condition 40 | help: The condition of a CNPG Cluster 41 | each: 42 | type: Gauge 43 | gauge: 44 | path: [status, conditions] 45 | labelsFromPath: 46 | type: [type] 47 | reason: [reason] 48 | valueFrom: [status] 49 | - name: spec_instances 50 | help: Number of desired instances for a CNPG Cluster 51 | each: 52 | type: Gauge 53 | gauge: 54 | path: [spec, instances] 55 | - name: status_instances 56 | help: Number of instances per CNPG Cluster 57 | each: 58 | type: Gauge 59 | gauge: 60 | path: [status, instances] 61 | - name: status_ready_instances 62 | help: Number of ready instances per CNPG Cluster 63 | each: 64 | type: Gauge 65 | gauge: 66 | path: [status, readyInstances] 67 | - name: primary 68 | help: CNPG pod primary state 69 | each: 70 | type: Gauge 71 | gauge: 72 | path: [status, instancesReportedState] 73 | labelFromKey: pod 74 | valueFrom: [isPrimary] 75 | - name: timeline_id 76 | help: CNPG pod timeline id 77 | each: 78 | type: Gauge 79 | gauge: 80 | path: [status, instancesReportedState] 81 | labelFromKey: pod 82 | valueFrom: [timeLineID] 83 | labelsFromPath: 84 | name: [metadata, name] 85 | namespace: [metadata, namespace] 86 | cnpg_cluster: [metadata, name] 87 | - groupVersionKind: 88 | group: postgresql.cnpg.io 89 | version: v1 90 | kind: Pooler 91 | metricNamePrefix: cnpg_resource_pooler 92 | metrics: 93 | - name: info 94 | help: Information about CNPG Pooler 95 | each: 96 | type: Info 97 | info: 98 | labelsFromPath: 99 | type: [spec, type] 100 | paused: [spec, pgbouncer, paused] 101 | pool_mode: [spec, pgbouncer, poolMode] 102 | - name: spec_instances 103 | help: Number of desired instances for a CNPG Pooler 104 | each: 105 | type: Gauge 106 | gauge: 107 | path: [spec, instances] 108 | - name: status_instances 109 | help: Number of instances per CNPG Pooler 110 | each: 111 | type: Gauge 112 | gauge: 113 | path: [status, instances] 114 | labelsFromPath: 115 | name: [metadata, name] 116 | namespace: [metadata, namespace] 117 | cnpg_cluster: [spec, cluster, name] 118 | -------------------------------------------------------------------------------- /charts/configmap2http/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | type: application 3 | name: configmap2http 4 | description: expose a configmap through an ingress 5 | version: 3737.0.4 6 | appVersion: 3737.0.0 7 | -------------------------------------------------------------------------------- /charts/configmap2http/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: configmap2httpd 5 | labels: 6 | app.kubernetes.io/name: "{{ .Chart.Name }}" 7 | app.kubernetes.io/instance: "{{ .Release.Name }}" 8 | app.kubernetes.io/component: httpd 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: "{{ .Chart.Name }}" 14 | app.kubernetes.io/instance: "{{ .Release.Name }}" 15 | app.kubernetes.io/component: httpd 16 | template: 17 | metadata: 18 | labels: 19 | app.kubernetes.io/name: "{{ .Chart.Name }}" 20 | app.kubernetes.io/instance: "{{ .Release.Name }}" 21 | app.kubernetes.io/version: "{{ .Chart.AppVersion }}" 22 | app.kubernetes.io/component: httpd 23 | spec: 24 | containers: 25 | - name: httpd 26 | image: nginxinc/nginx-unprivileged:1.18 27 | ports: 28 | - name: http 29 | containerPort: 8080 30 | protocol: TCP 31 | volumeMounts: 32 | - mountPath: /usr/share/nginx/html 33 | name: public-data 34 | readOnly: yes 35 | volumes: 36 | - name: public-data 37 | configMap: 38 | name: "{{ .Values.configMap }}" -------------------------------------------------------------------------------- /charts/configmap2http/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: {{ .Release.Name }} 5 | annotations: 6 | kubernetes.io/ingress.class: "{{ .Values.ingress.class }}" 7 | labels: 8 | app.kubernetes.io/name: "{{ .Chart.Name }}" 9 | app.kubernetes.io/instance: "{{ .Release.Name }}" 10 | app.kubernetes.io/component: httpd 11 | spec: 12 | rules: 13 | - host: {{ .Values.ingress.hostname }} 14 | http: 15 | paths: 16 | - backend: 17 | serviceName: {{ .Release.Name }} 18 | servicePort: 80 -------------------------------------------------------------------------------- /charts/configmap2http/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Release.Name }} 5 | labels: 6 | app.kubernetes.io/name: "{{ .Chart.Name }}" 7 | app.kubernetes.io/instance: "{{ .Release.Name }}" 8 | app.kubernetes.io/component: httpd 9 | spec: 10 | ports: 11 | - port: 80 12 | protocol: TCP 13 | targetPort: 8080 14 | selector: 15 | app.kubernetes.io/name: {{ .Chart.Name }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | type: ClusterIP -------------------------------------------------------------------------------- /charts/configmap2http/values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | class: 3 | hostname: 4 | configMap: public -------------------------------------------------------------------------------- /charts/eck-exporter/.helmignore: -------------------------------------------------------------------------------- 1 | fixtures/ -------------------------------------------------------------------------------- /charts/eck-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | version: 1.9.0 2 | appVersion: "2.15.0" 3 | annotations: 4 | artifacthub.io/prerelease: "false" 5 | artifacthub.io/license: MIT 6 | artifacthub.io/links: | 7 | - name: Chart Sources 8 | url: https://github.com/enix/helm-charts/tree/master/charts/eck-exporter 9 | - name: Helm Repository 10 | url: https://charts.enix.io 11 | - name: Application Sources 12 | url: https://github.com/kubernetes/kube-state-metrics 13 | # https://artifacthub.io/docs/topics/annotations/helm/ 14 | artifacthub.io/changes: | 15 | - kind: added 16 | description: "Configurable container healchecks" 17 | - kind: added 18 | description: "Support for PodMonitor (disabled by default)" 19 | - kind: added 20 | description: "Self monitoring of kube-state-metrics (telemetry endpoint). Only scraped with PodMonitor." 21 | artifacthub.io/containsSecurityUpdates: "false" 22 | 23 | apiVersion: v2 24 | name: eck-exporter 25 | type: application 26 | description: A Prometheus exporter for the ECK operator custom resources. Based on kube-state-metrics. 27 | keywords: 28 | - Prometheus 29 | - exporter 30 | - operator 31 | - ECK 32 | - Elasticsearch 33 | - Kibana 34 | home: https://github.com/enix/helm-charts/tree/master/charts/eck-exporter 35 | icon: https://github.githubassets.com/images/icons/emoji/unicode/1fae7.png 36 | sources: 37 | - https://github.com/enix/helm-charts/tree/master/charts/eck-exporter 38 | maintainers: 39 | - name: Enix 40 | email: contact@enix.fr 41 | url: https://github.com/enixsas 42 | - name: Thibault Vincent 43 | email: root@devcat.org 44 | url: https://github.com/npdgm 45 | -------------------------------------------------------------------------------- /charts/eck-exporter/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | # 🫧 ECK Exporter 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | [![Brought by Enix](https://img.shields.io/badge/Brought%20to%20you%20by-ENIX-%23377dff?labelColor=888&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAQAAAC1QeVaAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQfkBAkQIg/iouK/AAABZ0lEQVQY0yXBPU8TYQDA8f/zcu1RSDltKliD0BKNECYZmpjgIAOLiYtubn4EJxI/AImzg3E1+AGcYDIMJA7lxQQQQRAiSSFG2l457+655x4Gfz8B45zwipWJ8rPCQ0g3+p9Pj+AlHxHjnLHAbvPW2+GmLoBN+9/+vNlfGeU2Auokd8Y+VeYk/zk6O2fP9fcO8hGpN/TUbxpiUhJiEorTgy+6hUlU5N1flK+9oIJHiKNCkb5wMyOFw3V9o+zN69o0Exg6ePh4/GKr6s0H72Tc67YsdXbZ5gENNjmigaXbMj0tzEWrZNtqigva5NxjhFP6Wfw1N1pjqpFaZQ7FAY6An6zxTzHs0BGqY/NQSnxSBD6WkDRTf3O0wG2Ztl/7jaQEnGNxZMdy2yET/B2xfGlDagQE1OgRRvL93UOHqhLnesPKqJ4NxLLn2unJgVka/HBpbiIARlHFq1n/cWlMZMne1ZfyD5M/Aa4BiyGSwP4Jl3UAAAAldEVYdGRhdGU6Y3JlYXRlADIwMjAtMDQtMDlUMTQ6MzQ6MTUrMDI6MDDBq8/nAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDIwLTA0LTA5VDE0OjM0OjE1KzAyOjAwsPZ3WwAAAABJRU5ErkJggg==)](https://enix.io) 5 | 6 | A Prometheus exporter for [Elastic Cloud on Kubernetes (ECK)](https://github.com/elastic/cloud-on-k8s), put together with [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) and a custom configuration. 7 | It exposes metrics on the operator's Custom Resources and their current statuses and reconciliation progress. A configurable set of Prometheus alerts is provided for convenience. 8 | 9 | Supported CRDs: 10 | * Elasticsearch 11 | * Kibana 12 | * Agent 13 | * ApmServer 14 | * Beat 15 | * Logstash 16 | * ElasticMapsServer 17 | * EnterpriseSearch 18 | 19 | The following metrics are available: 20 | * `eck_elasticsearch_info` (version, desired_version) 21 | * `eck_elasticsearch_health` (red, yellow, green, unknown) 22 | * `eck_elasticsearch_phase` (Ready, ApplyingChanges, MigratingData, Stalled, Invalid) 23 | * `eck_elasticsearch_condition` (ReconciliationComplete, RunningDesiredVersion, ElasticsearchIsReachable, ResourcesAwareManagement) 24 | * `eck_kibana_info` (version, desired_version) 25 | * `eck_kibana_health` (red, yellow, green, unknown) 26 | * `eck_agent_info` (version, desired_version) 27 | * `eck_agent_health` (red, yellow, green, unknown) 28 | * `eck_apmserver_info` (version, desired_version) 29 | * `eck_apmserver_health` (red, yellow, green, unknown) 30 | * `eck_beat_info` (version, desired_version) 31 | * `eck_beat_health` (red, yellow, green, unknown) 32 | * `eck_logstash_info` (version, desired_version) 33 | * `eck_logstash_health` (red, yellow, green, unknown) 34 | * `eck_elasticmapsserver_info` (version, desired_version) 35 | * `eck_elasticmapsserver_health` (red, yellow, green, unknown) 36 | * `eck_enterprisesearch_info` (version, desired_version) 37 | * `eck_enterprisesearch_health` (red, yellow, green, unknown) 38 | 39 | Shipped with Prometheus alerts: 40 | * `EckElasticsearchHealth` 41 | * `EckElasticsearchPhase` 42 | * `EckElasticsearchUnreachable` 43 | * `EckElasticsearchReconciliationTooLong` 44 | * `EckElasticsearchUpgradeTooLong` 45 | * `EckElasticsearchApplyingChangesTooLong` 46 | * `EckElasticsearchMigratingDataTooLong` 47 | * `EckKibanaHealth` 48 | * `EckAgentHealth` 49 | * `EckApmServerHealth` 50 | * `EckBeatHealth` 51 | * `EckLogstashHealth` 52 | * `EckElasticMapsServerHealth` 53 | * `EckEnterpriseSearchHealth` 54 | 55 | [Chart values](#⚙️-values) offer knobs to disable or customize default alerts, and even inject your own. 56 | 57 | ## 🏃 Installation 58 | 59 | It only takes two commands to install if you're running prometheus-operator (kube-prometheus-stack). 60 | 61 | Add our Charts repository: 62 | ```console 63 | $ helm repo add enix https://charts.enix.io 64 | ``` 65 | Install eck-exporter: 66 | ```console 67 | $ helm install eck-exporter enix/eck-exporter 68 | ``` 69 | 70 | If installation failed or you can't get new metrics in Prometheus, please review [Chart values](#⚙️-values). 71 | With clusters that don't use the Prometheus operator at all — missing the CRDs — disable resource creation and perhaps add Pod 72 | annotations for scrapping with classic Kubernetes service discovery: 73 | ```yaml 74 | podAnnotations: 75 | prometheus.io/port: "8080" 76 | prometheus.io/scrape: "true" 77 | service: 78 | create: false 79 | serviceMonitor: 80 | create: false 81 | prometheusRules: 82 | create: false 83 | ``` 84 | 85 | ## ❓ FAQ 86 | 87 | > Why not simply use [elasticsearch_exporter](https://github.com/prometheus-community/elasticsearch_exporter)? 88 | 89 | Yes you should! This project is in no way a substitute for the Elasticsearch exporter which provides vast amounts of metrics. 90 | 91 | Our only goal was to bridge the gap of not having visibility on ECK reconciliation loops. It also brings a little observability of other applications managed by the operator. Some it's difficult to get statuses for in a Prometheus centric supervision. 92 | 93 | With that being said, if not having elasticsearch_exporter installed at all, this ECK exporter will still bring you basic health informations for bare minimum alerting. With little effort as there is no need to configure authentication. Then when an alert is raised, further investigations can be conducted using native Elastic APIs and metrics. 94 | 95 | > Could you add a metric for XYZ, please? 96 | 97 | Before submitting a request for a new metric, please be aware of the very limited scope of eck-exporter. 98 | Firstly there are limitations with the use of kube-state-metrics, which has a declarative model to create metrics and does not permit any processing. This means we basically can only extract data as presented in ECK resources already. And no direct communication is made with the running operator. 99 | Going back to the goal for this project, we also don't want to become too redundant with elasticsearch_exporter and Kubernetes Pod metrics. 100 | 101 | > Why make a dedicated chart? I already run [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) and could use your `--custom-resource-state-config-file`. 102 | 103 | We wanted to provide the same experience as installing a full-fledged and well packaged exporter, with all prometheus-operator facilities ready in seconds. It's also better for continuous improvement and testing, as it's a convenient platform to receive contributions on. 104 | Should this project evolve to a dedicated codebase — whatever the reason would be — we'll be able to offer a clear and smooth transition to existing users. 105 | 106 | > How do you manage GVR version bumps in ECK's CRDs? 107 | 108 | Great question... To be answered when the need arises 😅 109 | 110 | ## ⚙️ Values 111 | 112 | {{ template "chart.valuesTable" . }} 113 | {{ template "helm-docs.versionFooter" . }} 114 | 115 | ## ⚖️ License 116 | 117 | ``` 118 | Copyright (c) 2023 ENIX 119 | 120 | Permission is hereby granted, free of charge, to any person obtaining a copy 121 | of this software and associated documentation files (the "Software"), to deal 122 | in the Software without restriction, including without limitation the rights 123 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 124 | copies of the Software, and to permit persons to whom the Software is 125 | furnished to do so, subject to the following conditions: 126 | 127 | The above copyright notice and this permission notice shall be included in all 128 | copies or substantial portions of the Software. 129 | 130 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 131 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 132 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 133 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 134 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 135 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 136 | SOFTWARE. 137 | ``` 138 | -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox-filebeat.beat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: beat.k8s.elastic.co/v1beta1 2 | kind: Beat 3 | metadata: 4 | namespace: sandbox 5 | name: sandbox-filebeat 6 | spec: 7 | version: 8.13.0 8 | type: filebeat 9 | elasticsearchRef: 10 | name: sandbox 11 | kibanaRef: 12 | name: sandbox 13 | monitoring: 14 | metrics: 15 | elasticsearchRefs: 16 | - name: sandbox 17 | logs: 18 | elasticsearchRefs: 19 | - name: sandbox 20 | config: 21 | filebeat.inputs: 22 | - type: container 23 | paths: 24 | - /var/log/containers/*.log 25 | deployment: 26 | replicas: 1 27 | podTemplate: 28 | spec: 29 | automountServiceAccountToken: true 30 | serviceAccountName: sandbox-elastic-agent 31 | securityContext: 32 | runAsUser: 0 -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox-fleet-server.agent.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: agent.k8s.elastic.co/v1alpha1 3 | kind: Agent 4 | metadata: 5 | namespace: sandbox 6 | name: sandbox-fleet-server 7 | spec: 8 | version: 8.13.0 9 | mode: fleet 10 | fleetServerEnabled: true 11 | policyID: eck-fleet-server 12 | elasticsearchRefs: 13 | - name: sandbox 14 | kibanaRef: 15 | name: sandbox 16 | deployment: 17 | replicas: 1 18 | podTemplate: 19 | spec: 20 | automountServiceAccountToken: true 21 | serviceAccountName: sandbox-elastic-agent 22 | securityContext: 23 | runAsUser: 0 24 | 25 | --- 26 | apiVersion: rbac.authorization.k8s.io/v1 27 | kind: ClusterRole 28 | metadata: 29 | name: sandbox-elastic-agent 30 | rules: 31 | - apiGroups: [""] 32 | resources: 33 | - namespaces 34 | - pods 35 | - nodes 36 | - nodes/metrics 37 | - nodes/proxy 38 | - nodes/stats 39 | - events 40 | verbs: 41 | - get 42 | - watch 43 | - list 44 | - apiGroups: 45 | - apps 46 | resources: 47 | - deployments 48 | - replicasets 49 | - statefulsetsstatefulsets 50 | verbs: 51 | - get 52 | - watch 53 | - list 54 | - apiGroups: 55 | - batch 56 | resources: 57 | - cronjobs 58 | - jobs 59 | verbs: 60 | - get 61 | - watch 62 | - list 63 | - apiGroups: 64 | - coordination.k8s.io 65 | resources: 66 | - leases 67 | verbs: 68 | - get 69 | - watch 70 | - list 71 | - delete 72 | - update 73 | - create 74 | - nonResourceURLs: 75 | - /metrics 76 | verbs: 77 | - get 78 | - watch 79 | - list 80 | 81 | --- 82 | apiVersion: v1 83 | kind: ServiceAccount 84 | metadata: 85 | name: sandbox-elastic-agent 86 | namespace: sandbox 87 | 88 | --- 89 | apiVersion: rbac.authorization.k8s.io/v1 90 | kind: ClusterRoleBinding 91 | metadata: 92 | name: sandbox-elastic-agent 93 | subjects: 94 | - kind: ServiceAccount 95 | name: sandbox-elastic-agent 96 | namespace: sandbox 97 | roleRef: 98 | kind: ClusterRole 99 | name: sandbox-elastic-agent 100 | apiGroup: rbac.authorization.k8s.io -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox.apmserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apm.k8s.elastic.co/v1 2 | kind: ApmServer 3 | metadata: 4 | namespace: sandbox 5 | name: sandbox 6 | spec: 7 | version: 8.13.0 8 | count: 1 9 | elasticsearchRef: 10 | name: sandbox 11 | kibanaRef: 12 | name: sandbox -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox.elasticmapsserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: maps.k8s.elastic.co/v1alpha1 2 | kind: ElasticMapsServer 3 | metadata: 4 | name: sandbox 5 | namespace: sandbox 6 | spec: 7 | version: 8.13.0 8 | count: 1 9 | elasticsearchRef: 10 | name: sandbox -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox.elasticsearch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | namespace: sandbox 6 | name: sandbox-es-users 7 | stringData: 8 | # sandbox:sandbox 9 | users: |- 10 | sandbox:{PBKDF2}10000$zLczbWAo964urOETwyAQ6yJDZauS3DI9/jhJgvlheJA=$lvcX0QgHC9tdWU6U3Zk4zdMYhiT2mTchfmCPtqO+lHc= 11 | users_roles: |- 12 | superuser:sandbox 13 | 14 | --- 15 | apiVersion: elasticsearch.k8s.elastic.co/v1 16 | kind: Elasticsearch 17 | metadata: 18 | name: sandbox 19 | namespace: sandbox 20 | spec: 21 | version: 8.13.0 22 | auth: 23 | fileRealm: 24 | - secretName: sandbox-es-users 25 | monitoring: 26 | metrics: 27 | elasticsearchRefs: 28 | - name: sandbox 29 | logs: 30 | elasticsearchRefs: 31 | - name: sandbox 32 | nodeSets: 33 | - name: node 34 | count: 3 35 | volumeClaimTemplates: 36 | - metadata: 37 | name: elasticsearch-data 38 | spec: 39 | accessModes: 40 | - ReadWriteOnce 41 | resources: 42 | requests: 43 | storage: 20Gi 44 | -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox.enterprisesearch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: enterprisesearch.k8s.elastic.co/v1 2 | kind: EnterpriseSearch 3 | metadata: 4 | namespace: sandbox 5 | name: sandbox 6 | spec: 7 | version: 8.13.0 8 | count: 1 9 | elasticsearchRef: 10 | name: sandbox -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox.kibana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kibana.k8s.elastic.co/v1 2 | kind: Kibana 3 | metadata: 4 | name: sandbox 5 | namespace: sandbox 6 | spec: 7 | version: 8.13.0 8 | count: 1 9 | elasticsearchRef: 10 | name: sandbox 11 | monitoring: 12 | metrics: 13 | elasticsearchRefs: 14 | - name: sandbox 15 | logs: 16 | elasticsearchRefs: 17 | - name: sandbox 18 | config: 19 | telemetry.optIn: false 20 | telemetry.allowChangingOptInStatus: false 21 | monitoring.ui.ccs.enabled: false 22 | #server.publicBaseUrl: 23 | #xpack.fleet.agents.elasticsearch.host: 24 | xpack.fleet.agents.fleet_server.hosts: 25 | - "https://sandbox-fleet-server-agent-http.sandbox.svc.cluster.local:8220" 26 | xpack.fleet.packages: 27 | - name: system 28 | version: latest 29 | - name: elastic_agent 30 | version: latest 31 | - name: fleet_server 32 | version: latest 33 | - name: apm 34 | version: latest 35 | xpack.fleet.agentPolicies: 36 | - name: Fleet Server on ECK policy 37 | id: eck-fleet-server 38 | namespace: default 39 | monitoring_enabled: 40 | - logs 41 | - metrics 42 | unenroll_timeout: 900 43 | package_policies: 44 | - name: fleet_server-1 45 | id: fleet_server-1 46 | package: 47 | name: fleet_server 48 | - name: Elastic Agent on ECK policy 49 | id: eck-agent 50 | namespace: default 51 | monitoring_enabled: 52 | - logs 53 | - metrics 54 | unenroll_timeout: 900 55 | is_default: true 56 | package_policies: 57 | - name: system-1 58 | id: system-1 59 | package: 60 | name: system 61 | -------------------------------------------------------------------------------- /charts/eck-exporter/fixtures/sandbox.logstash.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: logstash.k8s.elastic.co/v1alpha1 2 | kind: Logstash 3 | metadata: 4 | name: sandbox 5 | namespace: sandbox 6 | spec: 7 | version: 8.13.0 8 | count: 1 9 | elasticsearchRefs: 10 | - name: sandbox 11 | clusterName: sandbox 12 | monitoring: 13 | metrics: 14 | elasticsearchRefs: 15 | - name: sandbox 16 | logs: 17 | elasticsearchRefs: 18 | - name: sandbox 19 | pipelines: 20 | - pipeline.id: main 21 | config.string: | 22 | input { 23 | beats { 24 | port => 5044 25 | } 26 | } 27 | output { 28 | elasticsearch { 29 | hosts => [ "sandbox-es-http" ] 30 | user => "sandbox" 31 | password => "sandbox" 32 | } 33 | } 34 | services: 35 | - name: beats 36 | service: 37 | spec: 38 | type: ClusterIP 39 | ports: 40 | - port: 5044 41 | name: filebeat 42 | protocol: TCP 43 | targetPort: 5044 -------------------------------------------------------------------------------- /charts/eck-exporter/templates/_capabilities.tpl: -------------------------------------------------------------------------------- 1 | {{- define "capabilities.kubeVersion" -}} 2 | {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} 3 | {{- end -}} 4 | 5 | {{- define "capabilities.deployment.apiVersion" -}} 6 | {{- if semverCompare "<1.14-0" (include "capabilities.kubeVersion" .) -}} 7 | {{- print "extensions/v1beta1" -}} 8 | {{- else -}} 9 | {{- print "apps/v1" -}} 10 | {{- end -}} 11 | {{- end -}} 12 | 13 | {{- define "capabilities.rbac.apiVersion" -}} 14 | {{- if semverCompare "<1.17-0" (include "capabilities.kubeVersion" .) -}} 15 | {{- print "rbac.authorization.k8s.io/v1beta1" -}} 16 | {{- else -}} 17 | {{- print "rbac.authorization.k8s.io/v1" -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "eck-exporter.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "eck-exporter.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "eck-exporter.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "eck-exporter.labels" -}} 37 | helm.sh/chart: {{ include "eck-exporter.chart" . }} 38 | {{ include "eck-exporter.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "eck-exporter.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "eck-exporter.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "eck-exporter.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "eck-exporter.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | 64 | {{/* 65 | Return the proper eck-exporter image name 66 | */}} 67 | {{- define "eck-exporter.image" -}} 68 | {{- $tag := printf "%s%s" ( default (printf "v%s" .Chart.AppVersion) .Values.image.tag | toString ) ( default "" .Values.image.tagSuffix | toString ) -}} 69 | {{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository $tag -}} 70 | {{- end -}} 71 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: {{ include "capabilities.rbac.apiVersion" . }} 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ include "eck-exporter.fullname" . }} 6 | labels: 7 | {{- include "eck-exporter.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: ["apiextensions.k8s.io"] 10 | resources: ["customresourcedefinitions"] 11 | verbs: ["list", "watch"] 12 | {{- if .Values.eckResources.agents }} 13 | - apiGroups: ["agent.k8s.elastic.co"] 14 | resources: ["agents"] 15 | verbs: ["list", "watch"] 16 | {{- end }} 17 | {{- if .Values.eckResources.apmservers }} 18 | - apiGroups: ["apm.k8s.elastic.co"] 19 | resources: ["apmservers"] 20 | verbs: ["list", "watch"] 21 | {{- end }} 22 | {{- if .Values.eckResources.beats }} 23 | - apiGroups: ["beat.k8s.elastic.co"] 24 | resources: ["beats"] 25 | verbs: ["list", "watch"] 26 | {{- end }} 27 | {{- if .Values.eckResources.elasticmapsservers }} 28 | - apiGroups: ["maps.k8s.elastic.co"] 29 | resources: ["elasticmapsservers"] 30 | verbs: ["list", "watch"] 31 | {{- end }} 32 | {{- if .Values.eckResources.elasticsearches }} 33 | - apiGroups: ["elasticsearch.k8s.elastic.co"] 34 | resources: ["elasticsearches"] 35 | verbs: ["list", "watch"] 36 | {{- end }} 37 | {{- if .Values.eckResources.enterprisesearches }} 38 | - apiGroups: ["enterprisesearch.k8s.elastic.co"] 39 | resources: ["enterprisesearches"] 40 | verbs: ["list", "watch"] 41 | {{- end }} 42 | {{- if .Values.eckResources.kibanas }} 43 | - apiGroups: ["kibana.k8s.elastic.co"] 44 | resources: ["kibanas"] 45 | verbs: ["list", "watch"] 46 | {{- end }} 47 | {{- if .Values.eckResources.logstashes }} 48 | - apiGroups: ["logstash.k8s.elastic.co"] 49 | resources: ["logstashes"] 50 | verbs: ["list", "watch"] 51 | {{- end }} 52 | {{- end }} 53 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: {{ include "capabilities.rbac.apiVersion" . }} 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ include "eck-exporter.fullname" . }} 6 | labels: 7 | {{- include "eck-exporter.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ include "eck-exporter.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "eck-exporter.fullname" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "eck-exporter.fullname" . }} 5 | labels: 6 | {{- include "eck-exporter.labels" . | nindent 4 }} 7 | data: 8 | config.yaml: | 9 | spec: 10 | resources: 11 | {{- if .Values.eckResources.agents }} 12 | # 13 | # Agent 14 | # 15 | - groupVersionKind: 16 | group: agent.k8s.elastic.co 17 | kind: Agent 18 | version: v1alpha1 19 | metricNamePrefix: eck_agent 20 | labelsFromPath: 21 | name: 22 | - metadata 23 | - name 24 | namespace: 25 | - metadata 26 | - namespace 27 | metrics: 28 | - name: info 29 | each: 30 | type: Info 31 | info: 32 | labelsFromPath: 33 | desired_version: [ spec, version ] 34 | version: [ status, version ] 35 | - name: health 36 | each: 37 | type: StateSet 38 | stateSet: 39 | labelName: health 40 | path: [ status, health ] 41 | list: [ red, yellow, green, unknown ] 42 | {{- end }} 43 | {{- if .Values.eckResources.apmservers }} 44 | # 45 | # ApmServer 46 | # 47 | - groupVersionKind: 48 | group: apm.k8s.elastic.co 49 | kind: ApmServer 50 | version: v1 51 | metricNamePrefix: eck_apmserver 52 | labelsFromPath: 53 | name: 54 | - metadata 55 | - name 56 | namespace: 57 | - metadata 58 | - namespace 59 | metrics: 60 | - name: info 61 | each: 62 | type: Info 63 | info: 64 | labelsFromPath: 65 | desired_version: [ spec, version ] 66 | version: [ status, version ] 67 | - name: health 68 | each: 69 | type: StateSet 70 | stateSet: 71 | labelName: health 72 | path: [ status, health ] 73 | list: [ red, yellow, green, unknown ] 74 | {{- end }} 75 | {{- if .Values.eckResources.beats }} 76 | # 77 | # Beat 78 | # 79 | - groupVersionKind: 80 | group: beat.k8s.elastic.co 81 | kind: Beat 82 | version: v1beta1 83 | metricNamePrefix: eck_beat 84 | labelsFromPath: 85 | name: 86 | - metadata 87 | - name 88 | namespace: 89 | - metadata 90 | - namespace 91 | metrics: 92 | - name: info 93 | each: 94 | type: Info 95 | info: 96 | labelsFromPath: 97 | desired_version: [ spec, version ] 98 | version: [ status, version ] 99 | - name: health 100 | each: 101 | type: StateSet 102 | stateSet: 103 | labelName: health 104 | path: [ status, health ] 105 | list: [ red, yellow, green, unknown ] 106 | {{- end }} 107 | {{- if .Values.eckResources.elasticmapsservers }} 108 | # 109 | # ElasticMapsServer 110 | # 111 | - groupVersionKind: 112 | group: maps.k8s.elastic.co 113 | kind: ElasticMapsServer 114 | version: v1alpha1 115 | metricNamePrefix: eck_elasticmapsserver 116 | labelsFromPath: 117 | name: 118 | - metadata 119 | - name 120 | namespace: 121 | - metadata 122 | - namespace 123 | metrics: 124 | - name: info 125 | each: 126 | type: Info 127 | info: 128 | labelsFromPath: 129 | desired_version: [ spec, version ] 130 | version: [ status, version ] 131 | - name: health 132 | each: 133 | type: StateSet 134 | stateSet: 135 | labelName: health 136 | path: [ status, health ] 137 | list: [ red, yellow, green, unknown ] 138 | {{- end }} 139 | {{- if .Values.eckResources.elasticsearches }} 140 | # 141 | # Elasticsearch 142 | # 143 | - groupVersionKind: 144 | group: elasticsearch.k8s.elastic.co 145 | kind: Elasticsearch 146 | version: v1 147 | metricNamePrefix: eck_elasticsearch 148 | labelsFromPath: 149 | name: 150 | - metadata 151 | - name 152 | namespace: 153 | - metadata 154 | - namespace 155 | metrics: 156 | - name: info 157 | each: 158 | type: Info 159 | info: 160 | labelsFromPath: 161 | desired_version: [ spec, version ] 162 | version: [ status, version ] 163 | - name: health 164 | each: 165 | type: StateSet 166 | stateSet: 167 | labelName: health 168 | path: [ status, health ] 169 | list: [ red, yellow, green, unknown ] 170 | - name: phase 171 | each: 172 | type: StateSet 173 | stateSet: 174 | labelName: phase 175 | path: [ status, phase ] 176 | list: [ Ready, ApplyingChanges, MigratingData, Stalled, Invalid ] 177 | - name: condition 178 | each: 179 | type: Gauge 180 | gauge: 181 | path: [ status, conditions ] 182 | labelsFromPath: 183 | type: [ type ] 184 | valueFrom: [ status ] 185 | {{- end }} 186 | {{- if .Values.eckResources.enterprisesearches }} 187 | # 188 | # EnterpriseSearch 189 | # 190 | - groupVersionKind: 191 | group: enterprisesearch.k8s.elastic.co 192 | kind: EnterpriseSearch 193 | version: v1 194 | metricNamePrefix: eck_enterprisesearch 195 | labelsFromPath: 196 | name: 197 | - metadata 198 | - name 199 | namespace: 200 | - metadata 201 | - namespace 202 | metrics: 203 | - name: info 204 | each: 205 | type: Info 206 | info: 207 | labelsFromPath: 208 | desired_version: [ spec, version ] 209 | version: [ status, version ] 210 | - name: health 211 | each: 212 | type: StateSet 213 | stateSet: 214 | labelName: health 215 | path: [ status, health ] 216 | list: [ red, yellow, green, unknown ] 217 | {{- end }} 218 | {{- if .Values.eckResources.kibanas }} 219 | # 220 | # Kibana 221 | # 222 | - groupVersionKind: 223 | group: kibana.k8s.elastic.co 224 | kind: Kibana 225 | version: v1 226 | metricNamePrefix: eck_kibana 227 | labelsFromPath: 228 | name: 229 | - metadata 230 | - name 231 | namespace: 232 | - metadata 233 | - namespace 234 | metrics: 235 | - name: info 236 | each: 237 | type: Info 238 | info: 239 | labelsFromPath: 240 | desired_version: [ spec, version ] 241 | version: [ status, version ] 242 | - name: health 243 | each: 244 | type: StateSet 245 | stateSet: 246 | labelName: health 247 | path: [ status, health ] 248 | list: [ red, yellow, green, unknown ] 249 | {{- end }} 250 | {{- if .Values.eckResources.logstashes }} 251 | # 252 | # Logstash 253 | # 254 | - groupVersionKind: 255 | group: logstash.k8s.elastic.co 256 | kind: Logstash 257 | version: v1alpha1 258 | metricNamePrefix: eck_logstash 259 | labelsFromPath: 260 | name: 261 | - metadata 262 | - name 263 | namespace: 264 | - metadata 265 | - namespace 266 | metrics: 267 | - name: info 268 | each: 269 | type: Info 270 | info: 271 | labelsFromPath: 272 | desired_version: [ spec, version ] 273 | version: [ status, version ] 274 | - name: health 275 | each: 276 | type: StateSet 277 | stateSet: 278 | labelName: health 279 | path: [ status, health ] 280 | list: [ red, yellow, green, unknown ] 281 | {{- end }} 282 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: {{ include "capabilities.deployment.apiVersion" . }} 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "eck-exporter.fullname" . }} 5 | labels: 6 | {{- include "eck-exporter.labels" . | nindent 4 }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | {{- include "eck-exporter.selectorLabels" . | nindent 6 }} 11 | replicas: {{ .Values.replicaCount | int }} 12 | template: 13 | metadata: 14 | labels: 15 | {{- include "eck-exporter.labels" . | nindent 8 }} 16 | {{- with .Values.podExtraLabels }} 17 | {{- . | toYaml | trim | nindent 8 }} 18 | {{- end }} 19 | annotations: 20 | checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} 21 | {{- with .Values.podAnnotations }} 22 | {{- toYaml . | trim | nindent 8 }} 23 | {{- end }} 24 | spec: 25 | {{- with .Values.imagePullSecrets }} 26 | imagePullSecrets: 27 | {{- toYaml . | trim | nindent 8 }} 28 | {{- end }} 29 | {{- with .Values.affinity }} 30 | affinity: 31 | {{- toYaml . | trim | nindent 8 }} 32 | {{- end }} 33 | {{- with .Values.tolerations }} 34 | tolerations: 35 | {{- toYaml . | trim | nindent 6 }} 36 | {{- end }} 37 | {{- with .Values.nodeSelector }} 38 | nodeSelector: 39 | {{- toYaml . | trim | nindent 8 }} 40 | {{- end }} 41 | {{- with .Values.podSecurityContext }} 42 | securityContext: 43 | {{- toYaml . | trim | nindent 8 }} 44 | {{- end }} 45 | serviceAccountName: {{ include "eck-exporter.serviceAccountName" . }} 46 | {{- with .Values.priorityClassName }} 47 | priorityClassName: {{ . | quote }} 48 | {{- end }} 49 | containers: 50 | - name: {{ .Chart.Name }} 51 | {{- with .Values.securityContext }} 52 | securityContext: 53 | {{- toYaml . | trim | nindent 10 }} 54 | {{- end }} 55 | {{- with .Values.resources }} 56 | resources: 57 | {{- . | toYaml | trim | nindent 10 }} 58 | {{- end }} 59 | {{- if .Values.enableHealthProbes }} 60 | livenessProbe: 61 | httpGet: 62 | path: /livez 63 | port: metrics 64 | {{- toYaml .Values.livenessProbe | nindent 10 }} 65 | readinessProbe: 66 | httpGet: 67 | path: /readyz 68 | port: telemetry 69 | {{- toYaml .Values.readinessProbe | nindent 10 }} 70 | {{- end }} 71 | image: {{ include "eck-exporter.image" . }} 72 | imagePullPolicy: {{ .Values.image.pullPolicy | quote }} 73 | args: 74 | - --port={{ int .Values.podListenPort }} 75 | - --telemetry-port={{ int .Values.podTelemetryListenPort }} 76 | {{- if .Values.podMonitor.selfMonitor }} 77 | - --telemetry-host=0.0.0.0 78 | {{- end }} 79 | - --custom-resource-state-only 80 | - --custom-resource-state-config-file=/etc/eckresourcestate/config.yaml 81 | {{- if .Values.autoGoMemLimit.enabled }} 82 | - --auto-gomemlimit 83 | {{- with .Values.autoGoMemLimit.ratio }} 84 | - --auto-gomemlimit-ratio={{ . }} 85 | {{- end }} 86 | {{- end }} 87 | {{- if .Values.env }} 88 | env: 89 | {{- toYaml .Values.env | trim | nindent 8 }} 90 | {{- end }} 91 | ports: 92 | - name: metrics 93 | containerPort: {{ int .Values.podListenPort }} 94 | - name: telemetry 95 | containerPort: {{ int .Values.podTelemetryListenPort }} 96 | volumeMounts: 97 | - name: eckresourcestate-config 98 | mountPath: /etc/eckresourcestate 99 | readOnly: true 100 | volumes: 101 | - name: eckresourcestate-config 102 | configMap: 103 | defaultMode: 420 104 | name: {{ include "eck-exporter.fullname" . }} 105 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/extra.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.extraDeploy }} 2 | --- 3 | {{- if typeIs "string" . }} 4 | {{- tpl . $ }} 5 | {{- else }} 6 | {{- tpl (. | toYaml) $ }} 7 | {{- end }} 8 | {{- end }} 9 | {{- range .Values.extraDeployVerbatim }} 10 | --- 11 | {{- if typeIs "string" . }} 12 | {{- . }} 13 | {{- else }} 14 | {{- . | toYaml }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.podMonitor.create .Values.service.create }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: {{ include "eck-exporter.fullname" . }} 6 | namespace: {{ default .Release.Namespace .Values.podMonitor.namespace | quote }} 7 | labels: 8 | {{- include "eck-exporter.labels" . | nindent 4 }} 9 | {{- with .Values.podMonitor.extraLabels }} 10 | {{- . | toYaml | trim | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | jobLabel: {{ .Values.podMonitor.jobLabel | quote }} 14 | selector: 15 | matchLabels: 16 | {{- include "eck-exporter.selectorLabels" . | nindent 6 }} 17 | podMetricsEndpoints: 18 | - port: metrics 19 | {{- if .Values.podMonitor.interval }} 20 | interval: {{ .Values.podMonitor.interval }} 21 | {{- end }} 22 | {{- if .Values.podMonitor.scrapeTimeout }} 23 | scrapeTimeout: {{ .Values.podMonitor.scrapeTimeout }} 24 | {{- end }} 25 | {{- if .Values.podMonitor.honorLabels }} 26 | honorLabels: {{ .Values.podMonitor.honorLabels }} 27 | {{- end }} 28 | {{- if .Values.podMonitor.relabelings }} 29 | relabelings: 30 | {{- .Values.podMonitor.relabelings | toYaml | nindent 4 }} 31 | {{- end }} 32 | {{- if .Values.podMonitor.metricRelabelings }} 33 | metricRelabelings: 34 | {{- .Values.podMonitor.metricRelabelings | toYaml | nindent 4 }} 35 | {{- end }} 36 | {{- if .Values.podMonitor.extraParameters }} 37 | {{- toYaml .Values.podMonitor.extraParameters | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.podMonitor.selfMonitor }} 40 | - port: telemetry 41 | {{- if .Values.podMonitor.interval }} 42 | interval: {{ .Values.podMonitor.interval }} 43 | {{- end }} 44 | {{- if .Values.podMonitor.scrapeTimeout }} 45 | scrapeTimeout: {{ .Values.podMonitor.scrapeTimeout }} 46 | {{- end }} 47 | {{- if .Values.podMonitor.honorLabels }} 48 | honorLabels: {{ .Values.podMonitor.honorLabels }} 49 | {{- end }} 50 | {{- if .Values.podMonitor.relabelings }} 51 | relabelings: 52 | {{- .Values.podMonitor.relabelings | toYaml | nindent 4 }} 53 | {{- end }} 54 | {{- if .Values.podMonitor.metricRelabelings }} 55 | metricRelabelings: 56 | {{- .Values.podMonitor.metricRelabelings | toYaml | nindent 4 }} 57 | {{- end }} 58 | {{- if .Values.podMonitor.extraParameters }} 59 | {{- toYaml .Values.podMonitor.extraParameters | nindent 4 }} 60 | {{- end }} 61 | {{- end }} 62 | namespaceSelector: 63 | matchNames: 64 | - {{ .Release.Namespace }} 65 | {{- end }} 66 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.service.create }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "eck-exporter.fullname" . }} 6 | labels: 7 | {{- include "eck-exporter.labels" . | nindent 4 }} 8 | {{- with .Values.service.extraLabels }} 9 | {{- . | toYaml | trim | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.service.annotations }} 12 | annotations: 13 | {{- . | toYaml | trim | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: {{ .Values.service.type | quote }} 17 | {{- with .Values.service.clusterIP }} 18 | clusterIP: {{ . | quote }} 19 | {{- end }} 20 | ports: 21 | - name: metrics 22 | port: {{ .Values.service.port | int }} 23 | targetPort: metrics 24 | selector: 25 | {{- include "eck-exporter.selectorLabels" . | nindent 4 }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "eck-exporter.serviceAccountName" . }} 6 | labels: 7 | {{- include "eck-exporter.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/eck-exporter/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceMonitor.create .Values.service.create }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "eck-exporter.fullname" . }} 6 | namespace: {{ default .Release.Namespace .Values.serviceMonitor.namespace | quote }} 7 | labels: 8 | {{- include "eck-exporter.labels" . | nindent 4 }} 9 | {{- with .Values.serviceMonitor.extraLabels }} 10 | {{- . | toYaml | trim | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | jobLabel: {{ .Values.serviceMonitor.jobLabel | quote }} 14 | selector: 15 | matchLabels: 16 | {{- include "eck-exporter.selectorLabels" . | nindent 6 }} 17 | endpoints: 18 | - port: metrics 19 | {{- if .Values.serviceMonitor.interval }} 20 | interval: {{ .Values.serviceMonitor.interval }} 21 | {{- end }} 22 | {{- if .Values.serviceMonitor.scrapeTimeout }} 23 | scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} 24 | {{- end }} 25 | {{- if .Values.serviceMonitor.honorLabels }} 26 | honorLabels: {{ .Values.serviceMonitor.honorLabels }} 27 | {{- end }} 28 | {{- if .Values.serviceMonitor.relabelings }} 29 | relabelings: 30 | {{- .Values.serviceMonitor.relabelings | toYaml | nindent 4 }} 31 | {{- end }} 32 | {{- if .Values.serviceMonitor.metricRelabelings }} 33 | metricRelabelings: 34 | {{- .Values.serviceMonitor.metricRelabelings | toYaml | nindent 4 }} 35 | {{- end }} 36 | {{- if .Values.serviceMonitor.extraParameters }} 37 | {{- toYaml .Values.serviceMonitor.extraParameters | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.serviceMonitor.selfMonitor }} 40 | - port: telemetry 41 | {{- if .Values.serviceMonitor.interval }} 42 | interval: {{ .Values.serviceMonitor.interval }} 43 | {{- end }} 44 | {{- if .Values.serviceMonitor.scrapeTimeout }} 45 | scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} 46 | {{- end }} 47 | {{- if .Values.serviceMonitor.honorLabels }} 48 | honorLabels: {{ .Values.serviceMonitor.honorLabels }} 49 | {{- end }} 50 | {{- if .Values.serviceMonitor.relabelings }} 51 | relabelings: 52 | {{- .Values.serviceMonitor.relabelings | toYaml | nindent 4 }} 53 | {{- end }} 54 | {{- if .Values.serviceMonitor.metricRelabelings }} 55 | metricRelabelings: 56 | {{- .Values.serviceMonitor.metricRelabelings | toYaml | nindent 4 }} 57 | {{- end }} 58 | {{- if .Values.serviceMonitor.extraParameters }} 59 | {{- toYaml .Values.serviceMonitor.extraParameters | nindent 4 }} 60 | {{- end }} 61 | {{- end }} 62 | namespaceSelector: 63 | matchNames: 64 | - {{ .Release.Namespace }} 65 | {{- end }} 66 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: kube-packetloss-exporter 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "v0.7.1" 25 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/files/kube-packetloss-exporter-dashboard.json: -------------------------------------------------------------------------------- 1 | { 2 | "__inputs": [ 3 | { 4 | "name": "DS_PROMETHEUS", 5 | "label": "prometheus", 6 | "description": "", 7 | "type": "datasource", 8 | "pluginId": "prometheus", 9 | "pluginName": "Prometheus" 10 | } 11 | ], 12 | "annotations": { 13 | "list": [ 14 | { 15 | "builtIn": 1, 16 | "datasource": { 17 | "type": "datasource", 18 | "uid": "${DS_PROMETHEUS}" 19 | }, 20 | "enable": true, 21 | "hide": true, 22 | "iconColor": "rgba(0, 211, 255, 1)", 23 | "name": "Annotations & Alerts", 24 | "target": { 25 | "limit": 100, 26 | "matchAny": false, 27 | "tags": [], 28 | "type": "dashboard" 29 | }, 30 | "type": "dashboard" 31 | } 32 | ] 33 | }, 34 | "description": "Smoke Ping using https://github.com/SuperQ/smokeping_prober\r\nwith \r\nlatency heatmap\r\nlatency graph\r\npacket loss gragh\r\n", 35 | "editable": true, 36 | "fiscalYearStartMonth": 0, 37 | "gnetId": 11335, 38 | "graphTooltip": 0, 39 | "id": 2312, 40 | "links": [], 41 | "liveNow": false, 42 | "panels": [ 43 | { 44 | "collapsed": false, 45 | "gridPos": { 46 | "h": 1, 47 | "w": 24, 48 | "x": 0, 49 | "y": 0 50 | }, 51 | "id": 2, 52 | "panels": [], 53 | "repeat": "destination", 54 | "repeatDirection": "h", 55 | "title": "Destination : ${destination}", 56 | "type": "row" 57 | }, 58 | { 59 | "datasource": { 60 | "type": "prometheus", 61 | "uid": "${DS_PROMETHEUS}" 62 | }, 63 | "description": "", 64 | "fieldConfig": { 65 | "defaults": { 66 | "color": { 67 | "fixedColor": "super-light-blue", 68 | "mode": "fixed", 69 | "seriesBy": "last" 70 | }, 71 | "custom": { 72 | "axisCenteredZero": false, 73 | "axisColorMode": "text", 74 | "axisLabel": "", 75 | "axisPlacement": "auto", 76 | "barAlignment": 0, 77 | "drawStyle": "line", 78 | "fillOpacity": 7, 79 | "gradientMode": "none", 80 | "hideFrom": { 81 | "legend": false, 82 | "tooltip": false, 83 | "viz": false 84 | }, 85 | "lineInterpolation": "linear", 86 | "lineStyle": { 87 | "fill": "solid" 88 | }, 89 | "lineWidth": 1, 90 | "pointSize": 5, 91 | "scaleDistribution": { 92 | "type": "linear" 93 | }, 94 | "showPoints": "auto", 95 | "spanNulls": false, 96 | "stacking": { 97 | "group": "A", 98 | "mode": "none" 99 | }, 100 | "thresholdsStyle": { 101 | "mode": "off" 102 | } 103 | }, 104 | "mappings": [], 105 | "thresholds": { 106 | "mode": "absolute", 107 | "steps": [ 108 | { 109 | "color": "semi-dark-green", 110 | "value": null 111 | } 112 | ] 113 | }, 114 | "unit": "s" 115 | }, 116 | "overrides": [ 117 | { 118 | "matcher": { 119 | "id": "byFrameRefID", 120 | "options": "B" 121 | }, 122 | "properties": [ 123 | { 124 | "id": "color", 125 | "value": { 126 | "fixedColor": "red", 127 | "mode": "fixed" 128 | } 129 | }, 130 | { 131 | "id": "unit", 132 | "value": "pps" 133 | }, 134 | { 135 | "id": "custom.fillOpacity", 136 | "value": 0 137 | } 138 | ] 139 | } 140 | ] 141 | }, 142 | "gridPos": { 143 | "h": 10, 144 | "w": 24, 145 | "x": 0, 146 | "y": 1 147 | }, 148 | "id": 8, 149 | "options": { 150 | "legend": { 151 | "calcs": [], 152 | "displayMode": "list", 153 | "placement": "bottom", 154 | "showLegend": true 155 | }, 156 | "tooltip": { 157 | "mode": "single", 158 | "sort": "none" 159 | } 160 | }, 161 | "targets": [ 162 | { 163 | "datasource": { 164 | "type": "prometheus", 165 | "uid": "${DS_PROMETHEUS}" 166 | }, 167 | "editorMode": "code", 168 | "exemplar": false, 169 | "expr": "rate(smokeping_response_duration_seconds_sum{cluster=\"$cluster\", instance=\"$source:9374\", host=~\"$destination\"}[$__rate_interval]) / rate(smokeping_response_duration_seconds_count{cluster=\"$cluster\", instance=\"$source:9374\", host=~\"$destination\"}[$__rate_interval])", 170 | "instant": false, 171 | "legendFormat": "RTT (seconds)", 172 | "range": true, 173 | "refId": "A" 174 | }, 175 | { 176 | "datasource": { 177 | "type": "prometheus", 178 | "uid": "${DS_PROMETHEUS}" 179 | }, 180 | "editorMode": "code", 181 | "expr": "rate(smokeping_requests_total{cluster=\"$cluster\", instance=\"$source:9374\", host=~\"$destination\"}[$__rate_interval]) - rate(smokeping_response_duration_seconds_count{cluster=\"$cluster\", instance=\"$source:9374\", host=~\"$destination\"}[$__rate_interval])", 182 | "hide": false, 183 | "interval": "", 184 | "legendFormat": "Packet loss (packets/second)", 185 | "range": true, 186 | "refId": "B" 187 | } 188 | ], 189 | "title": "RTT and packet loss from $source towards $destination", 190 | "type": "timeseries" 191 | } 192 | ], 193 | "refresh": "1m", 194 | "schemaVersion": 38, 195 | "style": "dark", 196 | "tags": [], 197 | "templating": { 198 | "list": [ 199 | { 200 | "current": { 201 | "selected": false, 202 | "text": "default", 203 | "value": "default" 204 | }, 205 | "hide": 0, 206 | "includeAll": false, 207 | "label": "datasource", 208 | "multi": false, 209 | "name": "DS_PROMETHEUS", 210 | "options": [], 211 | "query": "prometheus", 212 | "refresh": 1, 213 | "regex": "", 214 | "skipUrlSync": false, 215 | "type": "datasource" 216 | }, 217 | { 218 | "current": { 219 | "selected": false, 220 | "text": "default", 221 | "value": "default" 222 | }, 223 | "datasource": { 224 | "type": "prometheus", 225 | "uid": "${DS_PROMETHEUS}" 226 | }, 227 | "definition": "label_values(smokeping_prober_build_info, cluster)", 228 | "hide": 0, 229 | "includeAll": false, 230 | "label": "Cluster", 231 | "multi": false, 232 | "name": "cluster", 233 | "options": [], 234 | "query": { 235 | "query": "label_values(smokeping_prober_build_info, cluster)", 236 | "refId": "StandardVariableQuery" 237 | }, 238 | "refresh": 1, 239 | "regex": "", 240 | "skipUrlSync": false, 241 | "sort": 0, 242 | "type": "query" 243 | }, 244 | { 245 | "current": { 246 | "selected": false, 247 | "text": "10.245.166.23", 248 | "value": "10.245.166.23" 249 | }, 250 | "datasource": { 251 | "type": "prometheus", 252 | "uid": "${DS_PROMETHEUS}" 253 | }, 254 | "definition": "label_values(smokeping_requests_total{cluster=\"$cluster\"}, instance)", 255 | "hide": 0, 256 | "includeAll": false, 257 | "label": "Source", 258 | "multi": false, 259 | "name": "source", 260 | "options": [], 261 | "query": { 262 | "query": "label_values(smokeping_requests_total{cluster=\"$cluster\"}, instance)", 263 | "refId": "StandardVariableQuery" 264 | }, 265 | "refresh": 1, 266 | "regex": "/(?.*):.*/", 267 | "skipUrlSync": false, 268 | "sort": 1, 269 | "type": "query" 270 | }, 271 | { 272 | "current": { 273 | "selected": false, 274 | "text": "All", 275 | "value": "$__all" 276 | }, 277 | "datasource": { 278 | "type": "prometheus", 279 | "uid": "${DS_PROMETHEUS}" 280 | }, 281 | "definition": "label_values(smokeping_requests_total{cluster=\"$cluster\"}, host)", 282 | "hide": 0, 283 | "includeAll": true, 284 | "label": "Destination", 285 | "multi": true, 286 | "name": "destination", 287 | "options": [], 288 | "query": { 289 | "query": "label_values(smokeping_requests_total{cluster=\"$cluster\"}, host)", 290 | "refId": "StandardVariableQuery" 291 | }, 292 | "refresh": 1, 293 | "regex": "", 294 | "skipUrlSync": false, 295 | "sort": 1, 296 | "type": "query" 297 | } 298 | ] 299 | }, 300 | "time": { 301 | "from": "now-30m", 302 | "to": "now" 303 | }, 304 | "timepicker": { 305 | "refresh_intervals": [ 306 | "5s", 307 | "10s", 308 | "30s", 309 | "1m", 310 | "5m", 311 | "15m", 312 | "30m", 313 | "1h", 314 | "2h", 315 | "1d" 316 | ], 317 | "time_options": [ 318 | "5m", 319 | "15m", 320 | "1h", 321 | "6h", 322 | "12h", 323 | "24h", 324 | "2d", 325 | "7d", 326 | "30d" 327 | ] 328 | }, 329 | "timezone": "", 330 | "title": "Kube packetloss exporter", 331 | "uid": "XKAKA134k", 332 | "version": 10, 333 | "weekStart": "" 334 | } 335 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/enix/helm-charts/9a6d7b24c1420ee4a935ddb9e509bc976a053952/charts/kube-packetloss-exporter/templates/NOTES.txt -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "kube-packetloss-exporter.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "kube-packetloss-exporter.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "kube-packetloss-exporter.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "kube-packetloss-exporter.labels" -}} 37 | helm.sh/chart: {{ include "kube-packetloss-exporter.chart" . }} 38 | {{ include "kube-packetloss-exporter.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "kube-packetloss-exporter.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "kube-packetloss-exporter.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "kube-packetloss-exporter.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "kube-packetloss-exporter.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: {{ include "kube-packetloss-exporter.fullname" . }} 5 | labels: 6 | {{- include "kube-packetloss-exporter.labels" . | nindent 4 }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | {{- include "kube-packetloss-exporter.selectorLabels" . | nindent 6 }} 11 | template: 12 | metadata: 13 | {{- with .Values.podAnnotations }} 14 | annotations: 15 | {{- toYaml . | nindent 8 }} 16 | {{- end }} 17 | labels: 18 | {{- include "kube-packetloss-exporter.selectorLabels" . | nindent 8 }} 19 | spec: 20 | {{- with .Values.imagePullSecrets }} 21 | imagePullSecrets: 22 | {{- toYaml . | nindent 8 }} 23 | {{- end }} 24 | serviceAccountName: {{ include "kube-packetloss-exporter.serviceAccountName" . }} 25 | securityContext: 26 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 27 | shareProcessNamespace: true 28 | containers: 29 | - name: {{ .Chart.Name }} 30 | securityContext: 31 | {{- toYaml .Values.securityContext | nindent 12 }} 32 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 33 | imagePullPolicy: {{ .Values.image.pullPolicy }} 34 | command: 35 | - "/bin/sh" 36 | - "-c" 37 | - | 38 | while [ ! -f {{ .Values.configFile }} ]; do 39 | echo 'waiting for configfile'; 40 | sleep 1; 41 | done; 42 | while smokeping_prober $@; EC=$?; [ ${EC} -eq 0 ] || [ ${EC} -eq 143 ]; do 43 | echo 'restarting....'; 44 | done; 45 | exit ${EC} 46 | - "--" 47 | args: 48 | - "--config.file={{ .Values.configFile }}" 49 | ports: 50 | - name: http 51 | containerPort: {{ .Values.service.port }} 52 | protocol: TCP 53 | livenessProbe: 54 | httpGet: 55 | path: /metrics 56 | port: http 57 | readinessProbe: 58 | httpGet: 59 | path: /metrics 60 | port: http 61 | resources: 62 | {{- toYaml .Values.resources | nindent 12 }} 63 | volumeMounts: 64 | - name: config 65 | mountPath: {{ .Values.configDir | default (osDir .Values.configFile) }} 66 | - name: config-reloader 67 | securityContext: 68 | {{- toYaml .Values.configReloader.securityContext | nindent 12 }} 69 | image: {{ .Values.configReloader.image.repository }}:{{ .Values.configReloader.image.tag | default (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) }} 70 | imagePullPolicy: {{ .Values.configReloader.image.pullPolicy }} 71 | command: 72 | - "/bin/sh" 73 | - "-c" 74 | args: 75 | - | 76 | SERVICE_NAME="{{ tpl .Values.lookupService . }}" 77 | CONFIG_FILE="{{ .Values.configFile }}" 78 | SAMPLE_NODE="{{ .Values.sampleNode }}" 79 | 80 | mk_config () { 81 | TMP_CONFIG=$(mktemp -p $(dirname "${CONFIG_FILE}")) 82 | ALL_HOSTS=$(kubectl get ep "${SERVICE_NAME}" -o jsonpath="{range .subsets[*].addresses[*]}{.ip}{'\n'}{end}") 83 | if [ "${SAMPLE_NODE}" = "all" ]; then 84 | RETAIN_HOSTS=$(echo "${ALL_HOSTS}"|grep -v "${POD_IP}") 85 | else 86 | RETAIN_HOSTS=$( (echo "${ALL_HOSTS}";echo "${ALL_HOSTS}")|grep "${POD_IP}" -m 1 -A "${SAMPLE_NODE}"|grep -v "${POD_IP}") 87 | fi; 88 | if [ -z "${RETAIN_HOSTS}" ]; then 89 | echo "No hosts to create config..." 90 | return 1 91 | fi 92 | (echo "targets:" 93 | echo "- interval: ${PING_INTERVAL}" 94 | echo " hosts:" 95 | for IP in ${RETAIN_HOSTS}; do 96 | echo " - ${IP}"; 97 | done) > "${TMP_CONFIG}"; 98 | if ! diff --new-file "${TMP_CONFIG}" "${CONFIG_FILE}" > /dev/null; then 99 | echo "Installing new config" 100 | mv "${TMP_CONFIG}" "${CONFIG_FILE}" 101 | cat ${CONFIG_FILE} 102 | echo "Restart exporter ($(pgrep 'smokeping'))" 103 | kill $(pgrep 'smokeping') 104 | else 105 | rm "${TMP_CONFIG}" 106 | fi 107 | } 108 | while true; do 109 | while mk_config; do 110 | kubectl get ep "${SERVICE_NAME}" --watch-only | while read line; do 111 | mk_config 112 | done 113 | done 114 | sleep 1 115 | done 116 | volumeMounts: 117 | - name: config 118 | mountPath: {{ .Values.configDir | default (osDir .Values.configFile) }} 119 | env: 120 | - name: PING_INTERVAL 121 | value: "{{ .Values.pingInterval }}" 122 | - name: POD_IP 123 | valueFrom: 124 | fieldRef: 125 | fieldPath: status.podIP 126 | {{- with .Values.configReloader.resources }} 127 | resources: 128 | {{- toYaml . | nindent 12 }} 129 | {{- end }} 130 | volumes: 131 | - name: config 132 | emptyDir: 133 | hostNetwork: {{ .Values.hostNetwork }} 134 | {{- with .Values.nodeSelector }} 135 | nodeSelector: 136 | {{- toYaml . | nindent 8 }} 137 | {{- end }} 138 | {{- with .Values.affinity }} 139 | affinity: 140 | {{- toYaml . | nindent 8 }} 141 | {{- end }} 142 | {{- with .Values.tolerations }} 143 | tolerations: 144 | {{- toYaml . | nindent 8 }} 145 | {{- end }} 146 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/dashboard.configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dashboard.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "kube-packetloss-exporter.fullname" . }}-dashboard 6 | namespace: {{ .Values.dashboard.namespace | default .Release.Namespace }} 7 | {{- with .Values.dashboard.labels }} 8 | labels: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | data: 12 | kube-packetloss-exporter.json: |- 13 | {{- .Files.Get "files/kube-packetloss-exporter-dashboard.json" | nindent 4 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ include "kube-packetloss-exporter.serviceAccountName" . }}-config-reloader 5 | rules: 6 | - apiGroups: [""] # "" indicates the core API group 7 | resources: ["endpoints"] 8 | verbs: ["get", "watch", "list"] 9 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "kube-packetloss-exporter.serviceAccountName" . }}-config-reloader 6 | subjects: 7 | - kind: ServiceAccount 8 | name: {{ include "kube-packetloss-exporter.serviceAccountName" . }} 9 | roleRef: 10 | kind: Role 11 | name: {{ include "kube-packetloss-exporter.serviceAccountName" . }}-config-reloader 12 | apiGroup: rbac.authorization.k8s.io 13 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.service.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "kube-packetloss-exporter.fullname" . }} 6 | labels: 7 | {{- include "kube-packetloss-exporter.labels" . | nindent 4 }} 8 | {{ with .Values.service.annotations }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | type: {{ .Values.service.type }} 13 | ports: 14 | - port: {{ .Values.service.port }} 15 | targetPort: http 16 | protocol: TCP 17 | name: http 18 | publishNotReadyAddresses: {{ .Values.service.publishNotReadyAddresses }} 19 | selector: 20 | {{- include "kube-packetloss-exporter.selectorLabels" . | nindent 4 }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "kube-packetloss-exporter.serviceAccountName" . }} 6 | labels: 7 | {{- include "kube-packetloss-exporter.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "kube-packetloss-exporter.fullname" . }} 6 | labels: 7 | {{- include "kube-packetloss-exporter.labels" . | nindent 4 }} 8 | spec: 9 | endpoints: 10 | - path: /metrics 11 | port: http 12 | scheme: http 13 | scrapeTimeout: 30s 14 | selector: 15 | matchLabels: 16 | {{- include "kube-packetloss-exporter.labels" . | nindent 6 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/kube-packetloss-exporter/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for kube-packetloss-exporter. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: quay.io/superq/smokeping-prober 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "" 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # Annotations to add to the service account 21 | annotations: {} 22 | # The name of the service account to use. 23 | # If not set and create is true, a name is generated using the fullname template 24 | name: "" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: 29 | runAsUser: 0 30 | # fsGroup: 2000 31 | 32 | securityContext: {} 33 | # capabilities: 34 | # drop: 35 | # - ALL 36 | # readOnlyRootFilesystem: true 37 | # runAsNonRoot: true 38 | # runAsUser: 1000 39 | 40 | service: 41 | enabled: true 42 | type: ClusterIP 43 | port: 9374 44 | publishNotReadyAddresses: true 45 | 46 | configDir: 47 | configFile: /etc/kube-packetloss-exporter/config.yaml 48 | lookupService: "{{ include \"kube-packetloss-exporter.fullname\" . }}" 49 | pingInterval: "0.5s" 50 | sampleNode: "3" # or "all" 51 | 52 | hostNetwork: false 53 | 54 | configReloader: 55 | image: 56 | repository: bitnami/kubectl 57 | pullPolicy: IfNotPresent 58 | tag: "" 59 | resources: {} 60 | securityContext: {} 61 | 62 | serviceMonitor: 63 | enabled: false 64 | 65 | dashboard: 66 | enabled: false 67 | labels: 68 | grafana_dashboard: "1" 69 | namespace: 70 | 71 | resources: {} 72 | # We usually recommend not to specify default resources and to leave this as a conscious 73 | # choice for the user. This also increases chances charts run on environments with little 74 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 75 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 76 | # limits: 77 | # cpu: 100m 78 | # memory: 128Mi 79 | # requests: 80 | # cpu: 100m 81 | # memory: 128Mi 82 | 83 | autoscaling: 84 | enabled: false 85 | minReplicas: 1 86 | maxReplicas: 100 87 | targetCPUUtilizationPercentage: 80 88 | # targetMemoryUtilizationPercentage: 80 89 | 90 | nodeSelector: {} 91 | 92 | tolerations: 93 | - key: node-role.kubernetes.io/control-plane 94 | operator: Exists 95 | effect: NoSchedule 96 | - key: node-role.kubernetes.io/master 97 | operator: Exists 98 | effect: NoSchedule 99 | 100 | 101 | affinity: {} 102 | -------------------------------------------------------------------------------- /charts/kube-router/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/kube-router/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: kube-router 3 | description: A turnkey solution for Kubernetes networking with aim to provide operational simplicity and high performance. 4 | type: application 5 | version: 1.10.0 6 | appVersion: v1.6.0 7 | 8 | icon: https://cdn.rawgit.com/cloudnativelabs/kube-router/64f7700e/Documentation/img/logo-full.svg 9 | home: https://www.kube-router.io/ 10 | sources: 11 | - https://github.com/enix/helm-charts/tree/master/charts/kube-router 12 | - https://github.com/cloudnativelabs/kube-router 13 | maintainers: 14 | - name: Enix 15 | email: contact@enix.fr 16 | url: https://github.com/enixsas 17 | - name: Antoine Millet 18 | email: antoine@inaps.org 19 | url: https://github.com/NaPs 20 | - name: Alexandre Buisine 21 | email: alexandre.buisine@enix.fr 22 | url: https://github.com/abuisine 23 | -------------------------------------------------------------------------------- /charts/kube-router/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "chart.header" . }} 2 | 3 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/enix)](https://artifacthub.io/packages/search?repo=enix) 4 |

5 | 6 | 7 | 8 | 9 |

10 | 11 | {{ template "chart.description" . }} 12 | 13 | ## TL;DR; 14 | 15 | ```bash 16 | $ helm repo add enix https://charts.enix.io/ 17 | $ helm install my-release enix/kube-router 18 | ``` 19 | 20 | {{ template "chart.sourceLinkLine" . }} 21 | 22 | {{ template "chart.requirementsSection" . }} 23 | 24 | ## Installing the Chart 25 | 26 | To install the chart with the release name `my-release`: 27 | 28 | ```bash 29 | $ helm install my-release enix/kube-router 30 | ``` 31 | 32 | The command deploys Kube-Router on the Kubernetes cluster in the default configuration. The [Chart Values](#chart-values) section lists the parameters that can be configured during installation. 33 | 34 | > **Tip**: List all releases using `helm list` 35 | 36 | ## Uninstalling the Chart 37 | 38 | To uninstall/delete the `my-release` deployment: 39 | 40 | ```bash 41 | $ helm delete my-release 42 | ``` 43 | 44 | The command removes all the Kubernetes components associated with the chart and deletes the release. 45 | 46 | {{ template "chart.valuesSection" . }} 47 | 48 | ## License 49 | 50 | Copyright (c) 2021 ENIX 51 | 52 | Licensed under the Apache License, Version 2.0 (the "License"); 53 | you may not use this file except in compliance with the License. 54 | You may obtain a copy of the License at 55 | 56 | http://www.apache.org/licenses/LICENSE-2.0 57 | 58 | Unless required by applicable law or agreed to in writing, software 59 | distributed under the License is distributed on an "AS IS" BASIS, 60 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 61 | See the License for the specific language governing permissions and 62 | limitations under the License. -------------------------------------------------------------------------------- /charts/kube-router/templates/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/enix/helm-charts/9a6d7b24c1420ee4a935ddb9e509bc976a053952/charts/kube-router/templates/NOTES.txt -------------------------------------------------------------------------------- /charts/kube-router/templates/_capabilities.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the target Kubernetes version 3 | */}} 4 | {{- define "capabilities.kubeVersion" -}} 5 | {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} 6 | {{- end -}} 7 | 8 | {{/* 9 | Return the appropriate apiVersion for RBAC resources. 10 | */}} 11 | {{- define "capabilities.rbac.apiVersion" -}} 12 | {{- if semverCompare "<1.17-0" (include "capabilities.kubeVersion" .) -}} 13 | {{- print "rbac.authorization.k8s.io/v1beta1" -}} 14 | {{- else -}} 15 | {{- print "rbac.authorization.k8s.io/v1" -}} 16 | {{- end -}} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/kube-router/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "kube-router.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "kube-router.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "kube-router.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "kube-router.labels" -}} 38 | helm.sh/chart: {{ include "kube-router.chart" . }} 39 | {{ include "kube-router.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "kube-router.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "kube-router.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "kube-router.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "kube-router.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /charts/kube-router/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: {{ include "capabilities.rbac.apiVersion" . }} 3 | metadata: 4 | name: {{ include "kube-router.fullname" . }} 5 | labels: 6 | {{- include "kube-router.labels" . | nindent 4 }} 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - namespaces 12 | - pods 13 | - services 14 | - nodes 15 | - endpoints 16 | verbs: 17 | - list 18 | - get 19 | - watch 20 | - apiGroups: 21 | - "networking.k8s.io" 22 | resources: 23 | - networkpolicies 24 | verbs: 25 | - list 26 | - get 27 | - watch 28 | - apiGroups: 29 | - extensions 30 | resources: 31 | - networkpolicies 32 | verbs: 33 | - get 34 | - list 35 | - watch 36 | -------------------------------------------------------------------------------- /charts/kube-router/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: {{ include "capabilities.rbac.apiVersion" . }} 3 | metadata: 4 | name: {{ include "kube-router.fullname" . }} 5 | labels: 6 | {{- include "kube-router.labels" . | nindent 4 }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: {{ include "kube-router.fullname" . }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ include "kube-router.fullname" . }} 14 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /charts/kube-router/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "kube-router.fullname" . }}-cfg 5 | labels: 6 | {{- include "kube-router.labels" . | nindent 4 }} 7 | data: 8 | cni-conf.json: | 9 | {{- .Values.kubeRouter.cni.config | nindent 4 }} -------------------------------------------------------------------------------- /charts/kube-router/templates/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: {{ include "kube-router.fullname" . }} 6 | labels: 7 | {{- include "kube-router.labels" . | nindent 4 }} 8 | spec: 9 | selector: 10 | matchLabels: 11 | {{- include "kube-router.selectorLabels" . | nindent 6 }} 12 | podMetricsEndpoints: 13 | - port: metrics 14 | {{- end }} -------------------------------------------------------------------------------- /charts/kube-router/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ include "kube-router.fullname" . }} 5 | labels: 6 | {{- include "kube-router.labels" . | nindent 4 }} 7 | -------------------------------------------------------------------------------- /charts/kube-router/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for kube-router. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | image: 6 | # image.repository -- Kube-Router image 7 | repository: docker.io/cloudnativelabs/kube-router 8 | # image.pullPolicy -- Kube-Router image pull policy 9 | pullPolicy: IfNotPresent 10 | 11 | # image.tag -- Override the kube-router image tag 12 | tag: 13 | 14 | # imagePullSecrets -- Docker-registry secret names as an array 15 | imagePullSecrets: [] 16 | 17 | # nameOverride -- String to partially override kube-router.fullname template with a string (will prepend the release name) 18 | nameOverride: "" 19 | 20 | # fullnameOverride -- String to fully override mosquitto.fullname template with a string 21 | fullnameOverride: "" 22 | 23 | # livenessProbe -- Liveness probe for the kube-router workload 24 | livenessProbe: 25 | httpGet: 26 | path: /healthz 27 | port: 20244 28 | initialDelaySeconds: 10 29 | periodSeconds: 3 30 | 31 | # readinessProbe -- Readiness probe for the kube-router workload 32 | readinessProbe: 33 | exec: 34 | command: 35 | - sh 36 | - -c 37 | - "neighbors=\"$(/usr/local/bin/gobgp neighbor 2>/dev/null | tail -n +2)\"; test $(echo \"$neighbors\" | wc -l) -ge 1; test $(echo \"$neighbors\" | grep -v ' Establ ' | wc -l) -eq 0" 38 | initialDelaySeconds: 5 39 | periodSeconds: 3 40 | 41 | # updateStrategy -- Update strategy to use when upgrading workload 42 | updateStrategy: 43 | type: RollingUpdate 44 | rollingUpdate: 45 | maxUnavailable: 1 46 | 47 | kubeRouter: 48 | # kubeRouter.apiServerUrl -- URL of the API server. If you use Kube-Router as service-proxy, use a reliable way to contact your masters 49 | apiServerUrl: 50 | 51 | # kubeRouter.enablePprof -- Enables pprof for debugging performance and memory leak issues 52 | enablePprof: 53 | 54 | # kubeRouter.cacheSyncTimeout -- The timeout for cache synchronization (e.g. '5s', '1m'). Must be greater than 0 55 | cacheSyncTimeout: 56 | 57 | # kubeRouter.healthPort -- Health check port, 0 = Disabled 58 | healthPort: 59 | 60 | # kubeRouter.extraArgs -- Extra arguments to pass to kube-router 61 | extraArgs: [] 62 | 63 | cni: 64 | # cni.install -- Install the CNI plugins tools 65 | install: false 66 | 67 | # cni.version -- Version of the CNI plugins tools to install 68 | version: v0.7.5 69 | 70 | # cni.installPath -- Path to install the CNI plugins tools 71 | installPath: /opt/cni/bin 72 | 73 | # cni.downloadUrl -- CNI plugins tools download URL 74 | downloadUrl: https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz 75 | 76 | # cni.config -- Set CNI configuration 77 | config: | 78 | { 79 | "cniVersion":"0.3.0", 80 | "name":"mynet", 81 | "plugins":[ 82 | { 83 | "name":"kubernetes", 84 | "type":"bridge", 85 | "bridge":"kube-bridge", 86 | "isDefaultGateway":true, 87 | "hairpinMode":true, 88 | "ipam":{ 89 | "type":"host-local" 90 | } 91 | }, 92 | { 93 | "type":"portmap", 94 | "capabilities":{ 95 | "snat":true, 96 | "portMappings":true 97 | } 98 | } 99 | ] 100 | } 101 | 102 | metrics: 103 | # kubeRouter.metrics.path -- Prometheus metrics path 104 | path: 105 | # kubeRouter.metrics.port -- Prometheus metrics port (set 0 to disable) 106 | port: 107 | 108 | router: 109 | # kubeRouter.router.enabled -- Enables Pod Networking, Advertises and learns the routes to Pods via iBGP 110 | enabled: true 111 | 112 | # kubeRouter.router.bgpRouterId -- BGP router-id. Must be specified in a ipv6 only cluster 113 | bgpRouterId: 114 | 115 | # kubeRouter.router.routesSyncPeriod -- The delay between route updates and advertisements (e.g. '5s', '1m', '2h22m'). Must be greater than 0 116 | routesSyncPeriod: 117 | 118 | # kubeRouter.router.injectedRoutesSyncPeriod -- The delay between route table synchronizations (e.g. '5s', '1m', '2h22m'). Must be greater than 0 119 | injectedRoutesSyncPeriod: 120 | 121 | # kubeRouter.router.peers -- List of external BGP peers, see values.yaml for example 122 | peers: [] 123 | # Only "ip" and "asn" keys are required on all peers. Other options can be set where necessary. 124 | # - ip: "1.2.3.4" 125 | # asn: 65000 126 | # password: "" 127 | # port: 179 128 | 129 | # kubeRouter.router.peerRouterMultihopTtl -- Enable eBGP multihop supports (Relevant only if ttl >= 2) 130 | peerRouterMultihopTtl: 131 | 132 | # kubeRouter.router.overrideNexthop -- Override the next-hop in bgp routes sent to peers with the local ip 133 | overrideNexthop: 134 | 135 | # kubeRouter.router.overlayType -- Topology of overlay network. Possible values: subnet or full. 136 | overlayType: 137 | 138 | # kubeRouter.router.nodesFullMesh -- Each node in the cluster will setup BGP peering with rest of the nodes (true or false) 139 | nodesFullMesh: 140 | 141 | # kubeRouter.router.enablePodEgress -- SNAT traffic from Pods to destinations outside the cluster (true or false) 142 | enablePodEgress: 143 | 144 | # kubeRouter.router.enableOverlay -- Enable IP-in-IP tunneling for pod-to-pod networking across nodes in different subnets (true or false) 145 | enableOverlay: 146 | 147 | # kubeRouter.router.enableIbgp -- Enables peering with nodes with the same ASN, if disabled will only peer with external BGP peers (true or false) 148 | enableIbgp: 149 | 150 | # kubeRouter.router.enableCni -- Enable CNI plugin. Disable if you want to use kube-router features alongside another CNI plugin (true or false) 151 | enableCni: 152 | 153 | # kubeRouter.router.disableSourceDestCheck -- Disable the source-dest-check attribute for AWS EC2 instances. When this option is false, it must be set some other way (true or false) 154 | disableSourceDestCheck: 155 | 156 | # kubeRouter.router.clusterAsn -- ASN number under which cluster nodes will run iBGP 157 | clusterAsn: 158 | 159 | # kubeRouter.router.bgpPort -- The port open for incoming BGP connections and to use for connecting with other BGP peers 160 | bgpPort: 161 | 162 | # kubeRouter.router.bgpGracefulRestartDeferralTime -- BGP Graceful restart deferral time according to RFC4724 4.1, maximum 18h 163 | bgpGracefulRestartDeferralTime: 164 | 165 | # kubeRouter.router.bgpGracefulRestart -- Enables the BGP Graceful Restart capability so that routes are preserved on unexpected restarts 166 | bgpGracefulRestart: 167 | 168 | # kubeRouter.router.advertisePodCidr -- Add Node's POD cidr to the RIB so that it gets advertised to the BGP peers (true or false) 169 | advertisePodCidr: 170 | 171 | # kubeRouter.router.advertiseLoadbalancerIp -- Add LoadbBalancer IP of service status as set by the LB provider to the RIB so that it gets advertised to the BGP peers (true or false) 172 | advertiseLoadbalancerIp: 173 | 174 | # kubeRouter.router.advertiseExternalIp -- Add External IP of service to the RIB so that it gets advertised to the BGP peers (true or false) 175 | advertiseExternalIp: 176 | 177 | # kubeRouter.router.advertiseClusterIp -- Add Cluster IP of the service to the RIB so that it gets advertises to the BGP peers (true or false) 178 | advertiseClusterIp: 179 | 180 | firewall: 181 | # kubeRouter.firewall.enabled -- Enables Network Policy, sets up iptables to provide ingress firewall for pods 182 | enabled: true 183 | 184 | # kubeRouter.firewall.iptablesSyncPeriod -- The delay between iptables rule synchronizations (e.g. '5s', '1m'). Must be greater than 0 185 | iptablesSyncPeriod: 186 | 187 | serviceProxy: 188 | # kubeRouter.serviceProxy.enabled -- Enables Service Proxy, sets up IPVS for Kubernetes Services 189 | enabled: false 190 | 191 | # kubeRouter.serviceProxy.nodeportBindonAllIp -- For service of NodePort type create IPVS service that listens on all IP's of the node (true or false) 192 | nodeportBindonAllIp: 193 | 194 | # kubeRouter.serviceProxy.masqueradeAll -- SNAT all traffic to cluster IP/node port (true or false) 195 | masqueradeAll: 196 | 197 | # kubeRouter.serviceProxy.ipvsSyncPeriod -- The delay between ipvs config synchronizations (e.g. '5s', '1m', '2h22m'). Must be greater than 0 198 | ipvsSyncPeriod: 199 | 200 | # kubeRouter.serviceProxy.ipvsPermitAll -- Enables rule to accept all incoming traffic to service VIP's on the node (true or false) 201 | ipvsPermitAll: 202 | 203 | # kubeRouter.serviceProxy.ipvsGracefulTermination -- Enables the experimental IPVS graceful terminaton capability (true or false) 204 | ipvsGracefulTermination: 205 | 206 | # kubeRouter.serviceProxy.ipvsGracefulPeriod -- The graceful period before removing destinations from IPVS services (e.g. '5s', '1m', '2h22m'). Must be greater than 0 207 | ipvsGracefulPeriod: 208 | 209 | # kubeRouter.serviceProxy.hairpinMode -- Add iptables rules for every Service Endpoint to support hairpin traffic (true or false) 210 | hairpinMode: 211 | 212 | # kubeRouter.serviceProxy.excludedCidrs -- Excluded CIDRs are used to exclude IPVS rules from deletion 213 | excludedCidrs: 214 | 215 | # kubeRouter.serviceProxy.runtimeEndpoint -- Path to CRI compatible container runtime socket (used for DSR mode). 216 | runtimeEndpoint: 217 | 218 | podMonitor: 219 | # podMonitor.enabled -- Set a Prometheus operator PodMonitor ressource (true or false) 220 | enabled: false 221 | 222 | # resources -- CPU/Memory resource requests/limits 223 | resources: 224 | requests: 225 | cpu: 250m 226 | memory: 250Mi 227 | limits: 228 | cpu: 250m 229 | memory: 250Mi 230 | 231 | # nodeSelector -- Kube-Router labels for pod assignment 232 | nodeSelector: {} 233 | 234 | # tolerations -- Kube-Router labels for tolerations pod assignment 235 | tolerations: 236 | - effect: NoSchedule 237 | operator: Exists 238 | - key: CriticalAddonsOnly 239 | operator: Exists 240 | - effect: NoExecute 241 | operator: Exists -------------------------------------------------------------------------------- /charts/monitoring-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: monitoring-proxy 3 | description: Expose control-plane and kube-proxy metrics for monitoring, with auth when required 4 | type: application 5 | version: 0.3.0 6 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "monitoring-proxy.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "monitoring-proxy.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "monitoring-proxy.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "monitoring-proxy.labels" -}} 37 | helm.sh/chart: {{ include "monitoring-proxy.chart" . }} 38 | {{ include "monitoring-proxy.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "monitoring-proxy.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "monitoring-proxy.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "monitoring-proxy.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "monitoring-proxy.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controlPlane.enabled }} 2 | {{- if or .Values.kubeControllerManager.enabled .Values.kubeScheduler.enabled }} 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "monitoring-proxy.fullname" . }}-haproxy 7 | data: 8 | haproxy.cfg: | 9 | defaults 10 | mode tcp 11 | 12 | {{- if .Values.kubeControllerManager.enabled }} 13 | frontend kube-controller-manager 14 | bind ${POD_IP}:{{ .Values.kubeControllerManager.port }} 15 | default_backend kube-controller-manager 16 | backend kube-controller-manager 17 | server kube-controller-manager 127.0.0.1:{{ .Values.kubeControllerManager.port }} 18 | {{- end }} 19 | 20 | {{- if .Values.kubeScheduler.enabled }} 21 | frontend kube-scheduler 22 | bind ${POD_IP}:{{ .Values.kubeScheduler.port }} 23 | default_backend kube-scheduler 24 | backend kube-scheduler 25 | server kube-scheduler 127.0.0.1:{{ .Values.kubeScheduler.port }} 26 | {{- end }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/cp-daemonset.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.controlPlane.enabled }} 2 | {{- if or .Values.kubeControllerManager.enabled .Values.kubeScheduler.enabled .Values.etcd.enabled }} 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: {{ include "monitoring-proxy.fullname" . }} 7 | labels: 8 | {{- include "monitoring-proxy.labels" . | nindent 4 }} 9 | app.kubernetes.io/component: control-plane 10 | spec: 11 | selector: 12 | matchLabels: 13 | {{- include "monitoring-proxy.selectorLabels" . | nindent 6 }} 14 | app.kubernetes.io/component: control-plane 15 | template: 16 | metadata: 17 | {{- with .Values.podAnnotations }} 18 | annotations: 19 | {{- toYaml . | nindent 8 }} 20 | {{- end }} 21 | labels: 22 | {{- include "monitoring-proxy.labels" . | nindent 8 }} 23 | {{- with .Values.podLabels }} 24 | {{- toYaml . | nindent 8 }} 25 | {{- end }} 26 | app.kubernetes.io/component: control-plane 27 | spec: 28 | serviceAccountName: {{ include "monitoring-proxy.serviceAccountName" . }} 29 | hostNetwork: true 30 | {{- if or .Values.kubeControllerManager.enabled .Values.kubeScheduler.enabled }} 31 | volumes: 32 | - name: config-haproxy 33 | configMap: 34 | name: {{ include "monitoring-proxy.fullname" . }}-haproxy 35 | {{- end }} 36 | nodeSelector: 37 | {{- if .Values.controlPlane.overrideNodeSelector }} 38 | {{- toYaml .Values.controlPlane.overrideNodeSelector | nindent 8 }} 39 | {{- else }} 40 | {{- toYaml .Values.controlPlane.nodeSelector | nindent 8 }} 41 | {{- end }} 42 | tolerations: 43 | {{- toYaml .Values.controlPlane.tolerations | nindent 8 }} 44 | {{- with default .Values.priorityClassName .Values.controlPlane.priorityClassName }} 45 | priorityClassName: {{ . | quote }} 46 | {{- end }} 47 | containers: 48 | {{- if or .Values.kubeControllerManager.enabled .Values.kubeScheduler.enabled }} 49 | - name: haproxy 50 | image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }} 51 | volumeMounts: 52 | - name: config-haproxy 53 | mountPath: /usr/local/etc/haproxy 54 | readOnly: true 55 | env: 56 | - name: POD_IP 57 | valueFrom: 58 | fieldRef: 59 | apiVersion: v1 60 | fieldPath: status.podIP 61 | resources: 62 | {{- toYaml .Values.haproxy.resources | nindent 12 }} 63 | ports: 64 | - containerPort: {{ .Values.kubeControllerManager.port }} 65 | name: kube-c-m 66 | - containerPort: {{ .Values.kubeScheduler.port }} 67 | name: kube-scheduler 68 | securityContext: 69 | allowPrivilegeEscalation: false 70 | {{- else }} 71 | {{- if .Values.controlPlane.service.enabled }} 72 | - name: placeholder 73 | image: registry.k8s.io/pause 74 | ports: 75 | - containerPort: {{ .Values.kubeControllerManager.port }} 76 | name: kube-c-m 77 | - containerPort: {{ .Values.kubeScheduler.port }} 78 | name: kube-scheduler 79 | {{- end }} 80 | {{- end }} 81 | {{- if .Values.etcd.enabled }} 82 | - name: kube-rbac-proxy 83 | image: {{ .Values.kubeRbacProxy.image.repository }}:{{ .Values.kubeRbacProxy.image.tag }} 84 | args: 85 | {{- if .Values.etcd.https }} 86 | - "--secure-listen-address=$(POD_IP):{{ .Values.etcd.port }}" 87 | {{- else }} 88 | - "--insecure-listen-address=$(POD_IP):{{ .Values.etcd.port }}" 89 | {{- end }} 90 | - "--upstream={{ .Values.etcd.upstreamScheme }}://127.0.0.1:{{ .Values.etcd.port }}/" 91 | - "--auth-header-fields-enabled" 92 | - "--allow-paths=/metrics" 93 | env: 94 | - name: POD_IP 95 | valueFrom: 96 | fieldRef: 97 | apiVersion: v1 98 | fieldPath: status.podIP 99 | resources: 100 | {{- toYaml .Values.kubeRbacProxy.resources | nindent 12 }} 101 | ports: 102 | - containerPort: {{ .Values.etcd.port }} 103 | name: etcd 104 | securityContext: 105 | allowPrivilegeEscalation: false 106 | {{- else }} 107 | {{- if .Values.controlPlane.service.enabled }} 108 | - name: placeholder-etcd 109 | image: registry.k8s.io/pause 110 | ports: 111 | - containerPort: {{ .Values.etcd.port }} 112 | name: etcd 113 | {{- end }} 114 | {{- end }} 115 | {{- end }} 116 | {{- end }} 117 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/cp-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controlPlane.service.enabled }} 2 | {{- if or .Values.kubeControllerManager.enabled .Values.kubeScheduler.enabled .Values.etcd.enabled }} 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ include "monitoring-proxy.fullname" . }} 7 | labels: 8 | {{- include "monitoring-proxy.labels" . | nindent 4 }} 9 | app.kubernetes.io/component: control-plane 10 | spec: 11 | type: ClusterIP 12 | clusterIP: None 13 | ports: 14 | - port: {{ .Values.kubeControllerManager.port }} 15 | targetPort: kube-c-m 16 | protocol: TCP 17 | name: kube-c-m 18 | - port: {{ .Values.kubeScheduler.port }} 19 | targetPort: kube-scheduler 20 | protocol: TCP 21 | name: kube-scheduler 22 | - port: {{ .Values.etcd.port }} 23 | targetPort: etcd 24 | protocol: TCP 25 | name: etcd 26 | selector: 27 | {{- include "monitoring-proxy.selectorLabels" . | nindent 4 }} 28 | app.kubernetes.io/component: control-plane 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/kube-proxy-daemonset.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubeProxy.enabled }} 2 | apiVersion: apps/v1 3 | kind: DaemonSet 4 | metadata: 5 | name: {{ include "monitoring-proxy.fullname" . }}-kube-proxy 6 | labels: 7 | {{- include "monitoring-proxy.labels" . | nindent 4 }} 8 | app.kubernetes.io/component: kube-proxy 9 | spec: 10 | selector: 11 | matchLabels: 12 | {{- include "monitoring-proxy.selectorLabels" . | nindent 6 }} 13 | app.kubernetes.io/component: kube-proxy 14 | template: 15 | metadata: 16 | {{- with .Values.podAnnotations }} 17 | annotations: 18 | {{- toYaml . | nindent 8 }} 19 | {{- end }} 20 | labels: 21 | {{- include "monitoring-proxy.labels" . | nindent 8 }} 22 | {{- with .Values.podLabels }} 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | app.kubernetes.io/component: kube-proxy 26 | spec: 27 | serviceAccountName: {{ include "monitoring-proxy.serviceAccountName" . }} 28 | hostNetwork: true 29 | tolerations: 30 | {{- toYaml .Values.kubeProxy.tolerations | nindent 8 }} 31 | {{- with default .Values.priorityClassName .Values.kubeProxy.priorityClassName }} 32 | priorityClassName: {{ . | quote }} 33 | {{- end }} 34 | containers: 35 | - name: kube-rbac-proxy 36 | image: {{ .Values.kubeRbacProxy.image.repository }}:{{ .Values.kubeRbacProxy.image.tag }} 37 | args: 38 | {{- if .Values.kubeProxy.https }} 39 | - "--secure-listen-address=$(POD_IP):{{ .Values.kubeProxy.port }}" 40 | {{- else }} 41 | - "--insecure-listen-address=$(POD_IP):{{ .Values.kubeProxy.port }}" 42 | {{- end }} 43 | - "--upstream={{ .Values.kubeProxy.upstreamScheme }}://127.0.0.1:{{ .Values.kubeProxy.port }}/" 44 | - "--auth-header-fields-enabled" 45 | - "--allow-paths=/metrics" 46 | env: 47 | - name: POD_IP 48 | valueFrom: 49 | fieldRef: 50 | apiVersion: v1 51 | fieldPath: status.podIP 52 | resources: 53 | {{- toYaml .Values.kubeRbacProxy.resources | nindent 12 }} 54 | ports: 55 | - containerPort: {{ .Values.kubeProxy.port }} 56 | name: kube-proxy 57 | securityContext: 58 | allowPrivilegeEscalation: false 59 | {{- end }} 60 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/kube-proxy-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubeProxy.service.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "monitoring-proxy.fullname" . }}-kube-proxy 6 | labels: 7 | {{- include "monitoring-proxy.labels" . | nindent 4 }} 8 | app.kubernetes.io/component: kube-proxy 9 | spec: 10 | type: ClusterIP 11 | clusterIP: None 12 | ports: 13 | - port: {{ .Values.kubeProxy.port }} 14 | targetPort: kube-proxy 15 | protocol: TCP 16 | name: kube-proxy 17 | selector: 18 | {{- include "monitoring-proxy.selectorLabels" . | nindent 4 }} 19 | app.kubernetes.io/component: kube-proxy 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ include "monitoring-proxy.fullname" . }} 6 | rules: 7 | - apiGroups: ["authentication.k8s.io"] 8 | resources: 9 | - tokenreviews 10 | verbs: ["create"] 11 | - apiGroups: ["authorization.k8s.io"] 12 | resources: 13 | - subjectaccessreviews 14 | verbs: ["create"] 15 | --- 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | kind: ClusterRoleBinding 18 | metadata: 19 | name: {{ include "monitoring-proxy.fullname" . }} 20 | roleRef: 21 | apiGroup: rbac.authorization.k8s.io 22 | kind: ClusterRole 23 | name: {{ include "monitoring-proxy.fullname" . }} 24 | subjects: 25 | - kind: ServiceAccount 26 | name: {{ include "monitoring-proxy.serviceAccountName" . }} 27 | namespace: {{ .Release.Namespace }} 28 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "monitoring-proxy.serviceAccountName" . }} 6 | labels: 7 | {{- include "monitoring-proxy.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automount }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/monitoring-proxy/values.yaml: -------------------------------------------------------------------------------- 1 | nameOverride: "" 2 | fullnameOverride: "" 3 | 4 | serviceAccount: 5 | create: true 6 | automount: true 7 | annotations: {} 8 | name: "" 9 | 10 | podAnnotations: {} 11 | podLabels: {} 12 | 13 | priorityClassName: "" 14 | 15 | haproxy: 16 | enabled: true 17 | image: 18 | repository: haproxy 19 | tag: "2.9.6" 20 | resources: 21 | requests: 22 | cpu: 1m 23 | memory: 100Mi 24 | limits: 25 | cpu: 200m 26 | memory: 256Mi 27 | 28 | kubeRbacProxy: 29 | image: 30 | repository: quay.io/brancz/kube-rbac-proxy 31 | tag: "v0.16.0" 32 | resources: 33 | requests: 34 | cpu: 1m 35 | memory: 10Mi 36 | limits: 37 | cpu: 200m 38 | memory: 256Mi 39 | 40 | controlPlane: 41 | enabled: true 42 | priorityClassName: "" 43 | service: 44 | enabled: false 45 | nodeSelector: 46 | node-role.kubernetes.io/control-plane: "" 47 | overrideNodeSelector: {} 48 | tolerations: 49 | - key: node-role.kubernetes.io/control-plane 50 | operator: Exists 51 | effect: NoSchedule 52 | - key: node-role.kubernetes.io/master 53 | operator: Exists 54 | effect: NoSchedule 55 | 56 | etcd: 57 | enabled: true 58 | port: 2381 59 | https: false 60 | upstreamScheme: http 61 | kubeControllerManager: 62 | enabled: true 63 | port: 10257 64 | kubeScheduler: 65 | enabled: true 66 | port: 10259 67 | 68 | kubeProxy: 69 | enabled: true 70 | priorityClassName: "" 71 | service: 72 | enabled: false 73 | port: 10249 74 | https: false 75 | upstreamScheme: http 76 | tolerations: 77 | - effect: NoSchedule 78 | operator: Exists 79 | - key: CriticalAddonsOnly 80 | operator: Exists 81 | - effect: NoExecute 82 | operator: Exists 83 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: rancher-monitoring-proxy 3 | description: Access to your Rancher monitoring from the outside 4 | type: application 5 | version: 0.1.2 6 | appVersion: 1.19.1-alpine 7 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/templates/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/enix/helm-charts/9a6d7b24c1420ee4a935ddb9e509bc976a053952/charts/rancher-monitoring-proxy/templates/NOTES.txt -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "rancher-monitoring-proxy.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 7 | {{- end }} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "rancher-monitoring-proxy.fullname" -}} 15 | {{- if .Values.fullnameOverride }} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 17 | {{- else }} 18 | {{- $name := default .Chart.Name .Values.nameOverride }} 19 | {{- if contains $name .Release.Name }} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 21 | {{- else }} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "rancher-monitoring-proxy.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 32 | {{- end }} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "rancher-monitoring-proxy.labels" -}} 38 | helm.sh/chart: {{ include "rancher-monitoring-proxy.chart" . }} 39 | {{ include "rancher-monitoring-proxy.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end }} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "rancher-monitoring-proxy.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "rancher-monitoring-proxy.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end }} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "rancher-monitoring-proxy.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create }} 59 | {{- default (include "rancher-monitoring-proxy.fullname" .) .Values.serviceAccount.name }} 60 | {{- else }} 61 | {{- default "default" .Values.serviceAccount.name }} 62 | {{- end }} 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "rancher-monitoring-proxy.fullname" . }}-config 5 | labels: 6 | {{- include "rancher-monitoring-proxy.labels" . | nindent 4 }} 7 | data: 8 | default.conf: | 9 | server { 10 | listen 80; 11 | server_name localhost; 12 | 13 | location / { 14 | proxy_pass http://access-prometheus; 15 | } 16 | 17 | location /_status { 18 | stub_status; 19 | allow all; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "rancher-monitoring-proxy.fullname" . }} 5 | labels: 6 | {{- include "rancher-monitoring-proxy.labels" . | nindent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | {{- include "rancher-monitoring-proxy.selectorLabels" . | nindent 6 }} 12 | template: 13 | metadata: 14 | {{- with .Values.podAnnotations }} 15 | annotations: 16 | {{- toYaml . | nindent 8 }} 17 | {{- end }} 18 | labels: 19 | {{- include "rancher-monitoring-proxy.selectorLabels" . | nindent 8 }} 20 | spec: 21 | {{- with .Values.imagePullSecrets }} 22 | imagePullSecrets: 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | serviceAccountName: {{ include "rancher-monitoring-proxy.serviceAccountName" . }} 26 | securityContext: 27 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 28 | containers: 29 | - name: {{ .Chart.Name }} 30 | securityContext: 31 | {{- toYaml .Values.securityContext | nindent 12 }} 32 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 33 | imagePullPolicy: {{ .Values.image.pullPolicy }} 34 | ports: 35 | - name: http 36 | containerPort: 80 37 | protocol: TCP 38 | livenessProbe: 39 | httpGet: 40 | path: /_status 41 | port: http 42 | readinessProbe: 43 | httpGet: 44 | path: /_status 45 | port: http 46 | resources: 47 | {{- toYaml .Values.resources | nindent 12 }} 48 | volumeMounts: 49 | - name: config 50 | mountPath: /etc/nginx/conf.d/ 51 | {{- with .Values.nodeSelector }} 52 | nodeSelector: 53 | {{- toYaml . | nindent 8 }} 54 | {{- end }} 55 | {{- with .Values.affinity }} 56 | affinity: 57 | {{- toYaml . | nindent 8 }} 58 | {{- end }} 59 | {{- with .Values.tolerations }} 60 | tolerations: 61 | {{- toYaml . | nindent 8 }} 62 | {{- end }} 63 | volumes: 64 | - configMap: 65 | defaultMode: 420 66 | name: {{ include "rancher-monitoring-proxy.fullname" . }}-config 67 | name: config 68 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "rancher-monitoring-proxy.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "rancher-monitoring-proxy.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "rancher-monitoring-proxy.fullname" . }} 5 | labels: 6 | {{- include "rancher-monitoring-proxy.labels" . | nindent 4 }} 7 | {{- with .Values.service.annotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | type: {{ .Values.service.type }} 13 | ports: 14 | - port: {{ .Values.service.port }} 15 | targetPort: http 16 | protocol: TCP 17 | name: http 18 | selector: 19 | {{- include "rancher-monitoring-proxy.selectorLabels" . | nindent 4 }} 20 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "rancher-monitoring-proxy.serviceAccountName" . }} 6 | labels: 7 | {{- include "rancher-monitoring-proxy.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/rancher-monitoring-proxy/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for rancher-monitoring-proxy. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: nginx 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "" 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # Annotations to add to the service account 21 | annotations: {} 22 | # The name of the service account to use. 23 | # If not set and create is true, a name is generated using the fullname template 24 | name: "" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: {} 29 | # fsGroup: 2000 30 | 31 | securityContext: {} 32 | # capabilities: 33 | # drop: 34 | # - ALL 35 | # readOnlyRootFilesystem: true 36 | # runAsNonRoot: true 37 | # runAsUser: 1000 38 | 39 | service: 40 | type: LoadBalancer 41 | port: 80 42 | annotations: {} 43 | 44 | ingress: 45 | enabled: false 46 | annotations: {} 47 | # kubernetes.io/ingress.class: nginx 48 | # kubernetes.io/tls-acme: "true" 49 | hosts: 50 | - host: chart-example.local 51 | paths: [] 52 | tls: [] 53 | # - secretName: chart-example-tls 54 | # hosts: 55 | # - chart-example.local 56 | 57 | resources: {} 58 | # We usually recommend not to specify default resources and to leave this as a conscious 59 | # choice for the user. This also increases chances charts run on environments with little 60 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 61 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 62 | # limits: 63 | # cpu: 100m 64 | # memory: 128Mi 65 | # requests: 66 | # cpu: 100m 67 | # memory: 128Mi 68 | 69 | nodeSelector: {} 70 | 71 | tolerations: [] 72 | 73 | affinity: {} 74 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/.helmignore: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Alexandre Buisine 18 | 19 | # Patterns to ignore when building packages. 20 | # This supports shell glob matching, relative path matching, and 21 | # negation (prefixed with !). Only one pattern per line. 22 | .DS_Store 23 | # Common VCS dirs 24 | .git/ 25 | .gitignore 26 | .bzr/ 27 | .bzrignore 28 | .hg/ 29 | .hgignore 30 | .svn/ 31 | # Common backup files 32 | *.swp 33 | *.bak 34 | *.tmp 35 | *.orig 36 | *~ 37 | # Various IDEs 38 | .project 39 | .idea/ 40 | *.tmproj 41 | .vscode/ 42 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Alexandre Buisine 18 | 19 | apiVersion: v2 20 | name: san-iscsi-csi 21 | version: 4.0.2 22 | appVersion: v4.0.2 23 | description: A dynamic persistent volume (PV) provisioner for iSCSI-compatible SAN based storage systems. 24 | type: application 25 | home: https://github.com/enix/san-iscsi-csi 26 | sources: 27 | - https://github.com/enix/san-iscsi-csi/tree/main/helm/san-iscsi-csi 28 | keywords: 29 | - storage 30 | - iscsi 31 | - plugin 32 | - csi 33 | maintainers: 34 | - name: Enix 35 | email: contact@enix.fr 36 | url: https://github.com/enixsas 37 | - name: Paul Laffitte 38 | email: paul.laffitte@enix.fr 39 | url: https://blog.plaffitt.com 40 | - name: Alexandre Buisine 41 | email: alexandre.buisine@enix.fr 42 | - name: Arthur Chaloin 43 | email: arthur.chaloin@enix.fr 44 | annotations: 45 | artifacthub.io/images: | 46 | - name: san-iscsi-csi 47 | image: enix/san-iscsi-csi:v4.0.2 48 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/README.md: -------------------------------------------------------------------------------- 1 | # san-iscsi-csi 2 | 3 | A dynamic persistent volume (PV) provisioner for iSCSI-compatible SAN based storage systems. 4 | 5 | ![Version: 4.0.2](https://img.shields.io/badge/Version-4.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.0.2](https://img.shields.io/badge/AppVersion-v4.0.2-informational?style=flat-square) 6 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/enix)](https://artifacthub.io/packages/search?repo=enix) 7 | 8 | # Introduction 9 | As of version `4.0.0`, this `csi` driver and its helm chart are released as open-source projects under the Apache 2.0 license. 10 | 11 | Your contribution is obviously most welcomed ! 12 | 13 | **Homepage:** 14 | 15 | ## This helm chart 16 | Is part of the project and is published on [Enix](https://enix.io)'s charts repository. 17 | 18 | ## Source Code 19 | 20 | * 21 | 22 | # Installing the Chart 23 | 24 | Create a file named `san-iscsi-csi.values.yaml` with your values, with the help of [Chart Values](#values). 25 | 26 | Add our Charts repository: 27 | ``` 28 | $ helm repo add enix https://charts.enix.io 29 | ``` 30 | 31 | Install the san-iscsi-csi with release name `san-iscsi-csi` in the `san-iscsi-csi-system` namespace: 32 | ``` 33 | $ helm install -n san-iscsi-csi-system san-iscsi-csi enix/san-iscsi-csi --values san-iscsi-csi.values.yaml 34 | ``` 35 | 36 | The `upgrade` command is used to change configuration when values are modified: 37 | ``` 38 | $ helm upgrade -n san-iscsi-csi-system san-iscsi-csi enix/san-iscsi-csi --values san-iscsi-csi.values.yaml 39 | ``` 40 | 41 | # Upgrading the Chart 42 | 43 | Update Helm repositories: 44 | ``` 45 | $ helm repo update 46 | ``` 47 | 48 | Upgrade release names `san-iscsi-csi` to the latest version: 49 | ``` 50 | $ helm upgrade san-iscsi-csi enix/san-iscsi-csi 51 | ``` 52 | 53 | # Creating a storage class 54 | 55 | In order to dynamically provision persistants volumes, you first need to create a storage class. To do so, please refer to the project [documentation](https://github.com/enix/san-iscsi-csi). 56 | 57 | ## Maintainers 58 | 59 | | Name | Email | Url | 60 | | ---- | ------ | --- | 61 | | Enix | contact@enix.fr | https://github.com/enixsas | 62 | | Paul Laffitte | paul.laffitte@enix.fr | https://blog.plaffitt.com | 63 | | Alexandre Buisine | alexandre.buisine@enix.fr | | 64 | | Arthur Chaloin | arthur.chaloin@enix.fr | | 65 | 66 | ## Values 67 | 68 | | Key | Type | Default | Description | 69 | |-----|------|---------|-------------| 70 | | controller.extraArgs | list | `[]` | Extra arguments for san-iscsi-csi-controller container | 71 | | csiAttacher | object | `{"extraArgs":[],"image":{"repository":"k8s.gcr.io/sig-storage/csi-attacher","tag":"v2.2.1"},"timeout":"30s"}` | Controller sidecar for attachment handling | 72 | | csiAttacher.extraArgs | list | `[]` | Extra arguments for csi-attacher controller sidecar | 73 | | csiAttacher.timeout | string | `"30s"` | Timeout for gRPC calls from the csi-attacher to the controller | 74 | | csiNodeRegistrar | object | `{"extraArgs":[],"image":{"repository":"k8s.gcr.io/sig-storage/csi-node-driver-registrar","tag":"v2.1.0"}}` | Node sidecar for plugin registration | 75 | | csiNodeRegistrar.extraArgs | list | `[]` | Extra arguments for csi-node-registrar node sidecar | 76 | | csiProvisioner | object | `{"extraArgs":[],"image":{"repository":"k8s.gcr.io/sig-storage/csi-provisioner","tag":"v2.1.0"},"timeout":"30s"}` | Controller sidecar for provisionning | 77 | | csiProvisioner.extraArgs | list | `[]` | Extra arguments for csi-provisioner controller sidecar | 78 | | csiProvisioner.timeout | string | `"30s"` | Timeout for gRPC calls from the csi-provisioner to the controller | 79 | | csiResizer | object | `{"extraArgs":[],"image":{"repository":"k8s.gcr.io/sig-storage/csi-resizer","tag":"v1.1.0"}}` | Controller sidecar for volume expansion | 80 | | csiResizer.extraArgs | list | `[]` | Extra arguments for csi-resizer controller sidecar | 81 | | csiSnapshotter | object | `{"extraArgs":[],"image":{"repository":"k8s.gcr.io/sig-storage/csi-snapshotter","tag":"v4.0.0"}}` | Controller sidecar for snapshots handling | 82 | | csiSnapshotter.extraArgs | list | `[]` | Extra arguments for csi-snapshotter controller sidecar | 83 | | image.repository | string | `"docker.io/enix/san-iscsi-csi"` | Docker repository to use for nodes and controller | 84 | | image.tag | string | The chart will use the appVersion value by default if not given. | Tag to use for nodes and controller | 85 | | kubeletPath | string | `"/var/lib/kubelet"` | Path to kubelet | 86 | | node.extraArgs | list | `[]` | Extra arguments for san-iscsi-csi-node containers | 87 | | nodeLivenessProbe | object | `{"extraArgs":[],"image":{"repository":"quay.io/k8scsi/livenessprobe","tag":"v2.2.0"}}` | Container that convert CSI liveness probe to kubernetes liveness/readiness probe | 88 | | nodeLivenessProbe.extraArgs | list | `[]` | Extra arguments for the node's liveness probe containers | 89 | | nodeServer.nodeAffinity | string | `nil` | Kubernetes nodeAffinity field for san-iscsi-csi-node-server Pod | 90 | | nodeServer.nodeSelector | string | `nil` | Kubernetes nodeSelector field for san-iscsi-csi-node-server Pod | 91 | | podMonitor.enabled | bool | `false` | Set a Prometheus operator PodMonitor ressource (true or false) | 92 | | pspAdmissionControllerEnabled | bool | `false` | Wether psp admission controller has been enabled in the cluster or not | 93 | | serviceMonitor.enabled | bool | `false` | Set a Prometheus operator ServiceMonitor ressource (true or false) | 94 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for using SAN iSCSI CSI driver. It will be soon up and running. 2 | 3 | In order to dynamically provide a persistant volume, you have to create a storage class first. Please refer to this example to do so: https://github.com/enix/san-iscsi-csi/blob/main/example/storage-class.yaml 4 | Don't forget to install packages open-iscsi and multipath-tools on your hosts if it's not done yet, make sure iscsid and multipathd are running and that you added the configuration file for multipathd given in the README.md file, available in the github repository (https://github.com/enix/san-iscsi-csi/blob/main/README.md#multipathd-additionnal-configuration). 5 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Alexandre Buisine 18 | 19 | {{- define "san-iscsi-csi.labels" -}} 20 | app.kubernetes.io/name: {{ .Chart.Name | kebabcase }} 21 | app.kubernetes.io/instance: {{ .Release.Name }} 22 | {{- end -}} 23 | 24 | {{- define "san-iscsi-csi.extraArgs" -}} 25 | {{- range .extraArgs }} 26 | - {{ toYaml . }} 27 | {{- end }} 28 | {{- end -}} 29 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Arthur Chaloin 18 | # Alexandre Buisine 19 | 20 | apiVersion: apps/v1 21 | kind: DaemonSet 22 | metadata: 23 | name: san-iscsi-csi-node-server 24 | labels: 25 | app.kubernetes.io/version: {{ .Chart.Version }} 26 | app.kubernetes.io/component: dynamic-provisionning-node 27 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 28 | 29 | spec: 30 | selector: 31 | matchLabels: 32 | name: san-iscsi-csi-node-server 33 | {{ include "san-iscsi-csi.labels" . | indent 6 }} 34 | template: 35 | metadata: 36 | labels: 37 | name: san-iscsi-csi-node-server 38 | {{ include "san-iscsi-csi.labels" . | indent 8 }} 39 | spec: 40 | hostNetwork: true 41 | hostIPC: true 42 | {{ if .Values.pspAdmissionControllerEnabled }}serviceAccount: csi-node-registrar{{ end }} 43 | {{- if .Values.nodeServer.nodeAffinity }} 44 | affinity: 45 | nodeAffinity: 46 | {{ toYaml .Values.nodeServer.nodeAffinity | indent 10 }} 47 | {{- end }} 48 | {{- if .Values.nodeServer.nodeSelector }} 49 | nodeSelector: 50 | {{ toYaml .Values.nodeServer.nodeSelector | indent 8 }} 51 | {{- end }} 52 | containers: 53 | - name: san-iscsi-csi-node 54 | image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} 55 | command: 56 | - san-iscsi-csi-node 57 | - -bind=unix://{{ .Values.kubeletPath }}/plugins/san-iscsi.csi.enix.io/csi.sock 58 | - -chroot=/host 59 | {{- include "san-iscsi-csi.extraArgs" .Values.node | indent 10 }} 60 | securityContext: 61 | privileged: true 62 | volumeMounts: 63 | - name: plugin-dir 64 | mountPath: {{ .Values.kubeletPath }}/plugins/san-iscsi.csi.enix.io 65 | - name: mountpoint-dir 66 | mountPath: {{ .Values.kubeletPath }}/pods 67 | mountPropagation: Bidirectional 68 | - name: san-iscsi-csi-run-dir 69 | mountPath: /var/run/san-iscsi.csi.enix.io 70 | - name: device-dir 71 | mountPath: /dev 72 | - name: iscsi-dir 73 | mountPath: /etc/iscsi 74 | - name: host 75 | mountPath: /host 76 | mountPropagation: Bidirectional 77 | ports: 78 | - containerPort: 9808 79 | name: healthz 80 | protocol: TCP 81 | - containerPort: 9842 82 | name: metrics 83 | protocol: TCP 84 | livenessProbe: 85 | httpGet: 86 | path: /healthz 87 | port: healthz 88 | periodSeconds: 60 89 | - name: liveness-probe 90 | image: {{.Values.nodeLivenessProbe.image.repository }}:{{ .Values.nodeLivenessProbe.image.tag }} 91 | args: 92 | - --csi-address=/csi/csi.sock 93 | {{- include "san-iscsi-csi.extraArgs" .Values.nodeLivenessProbe | indent 10 }} 94 | volumeMounts: 95 | - name: plugin-dir 96 | mountPath: /csi 97 | - name: driver-registrar 98 | image: {{ .Values.csiNodeRegistrar.image.repository }}:{{ .Values.csiNodeRegistrar.image.tag }} 99 | args: 100 | - --csi-address=/csi/csi.sock 101 | - --kubelet-registration-path={{ .Values.kubeletPath }}/plugins/san-iscsi.csi.enix.io/csi.sock 102 | {{- include "san-iscsi-csi.extraArgs" .Values.csiNodeRegistrar | indent 10 }} 103 | volumeMounts: 104 | - name: plugin-dir 105 | mountPath: /csi 106 | - name: registration-dir 107 | mountPath: /registration 108 | volumes: 109 | - name: registration-dir 110 | hostPath: 111 | path: {{ .Values.kubeletPath }}/plugins_registry/ 112 | - name: mountpoint-dir 113 | hostPath: 114 | path: {{ .Values.kubeletPath }}/pods 115 | - name: plugin-dir 116 | hostPath: 117 | path: {{ .Values.kubeletPath }}/plugins/san-iscsi.csi.enix.io 118 | type: DirectoryOrCreate 119 | - name: iscsi-dir 120 | hostPath: 121 | path: /etc/iscsi 122 | - name: device-dir 123 | hostPath: 124 | path: /dev 125 | - name: san-iscsi-csi-run-dir 126 | hostPath: 127 | path: /var/run/san-iscsi.csi.enix.io 128 | - name: host 129 | hostPath: 130 | path: / 131 | - name: init-node 132 | configMap: 133 | name: init-node 134 | defaultMode: 0700 135 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Arthur Chaloin 18 | # Alexandre Buisine 19 | 20 | kind: Deployment 21 | apiVersion: apps/v1 22 | metadata: 23 | name: san-iscsi-csi-controller-server 24 | labels: 25 | app.kubernetes.io/version: {{ .Chart.Version }} 26 | app.kubernetes.io/component: dynamic-provisionning-controller 27 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 28 | 29 | spec: 30 | replicas: 1 31 | strategy: 32 | type: Recreate 33 | selector: 34 | matchLabels: 35 | app: san-iscsi-csi-controller-server 36 | {{ include "san-iscsi-csi.labels" . | indent 6 }} 37 | template: 38 | metadata: 39 | labels: 40 | app: san-iscsi-csi-controller-server 41 | {{ include "san-iscsi-csi.labels" . | indent 8 }} 42 | spec: 43 | serviceAccount: csi-provisioner 44 | containers: 45 | - name: san-iscsi-csi-controller 46 | image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} 47 | command: 48 | - san-iscsi-csi-controller 49 | - -bind=unix:///csi/csi.sock 50 | {{- include "san-iscsi-csi.extraArgs" .Values.controller | indent 10 }} 51 | volumeMounts: 52 | - name: socket-dir 53 | mountPath: /csi 54 | ports: 55 | - containerPort: 9842 56 | name: metrics 57 | protocol: TCP 58 | - name: csi-provisioner 59 | image: {{ .Values.csiProvisioner.image.repository }}:{{ .Values.csiProvisioner.image.tag }} 60 | args: 61 | - --csi-address=/csi/csi.sock 62 | - --worker-threads=1 63 | - --timeout={{ .Values.csiProvisioner.timeout }} 64 | {{- include "san-iscsi-csi.extraArgs" .Values.csiProvisioner | indent 10 }} 65 | imagePullPolicy: IfNotPresent 66 | volumeMounts: 67 | - name: socket-dir 68 | mountPath: /csi 69 | - name: csi-attacher 70 | image: {{ .Values.csiAttacher.image.repository }}:{{ .Values.csiAttacher.image.tag }} 71 | args: 72 | - --csi-address=/csi/csi.sock 73 | - --worker-threads=1 74 | - --timeout={{ .Values.csiAttacher.timeout }} 75 | {{- include "san-iscsi-csi.extraArgs" .Values.csiAttacher | indent 10 }} 76 | imagePullPolicy: IfNotPresent 77 | volumeMounts: 78 | - name: socket-dir 79 | mountPath: /csi 80 | - name: csi-resizer 81 | image: {{ .Values.csiResizer.image.repository }}:{{ .Values.csiResizer.image.tag }} 82 | args: 83 | - --csi-address=/csi/csi.sock 84 | {{- include "san-iscsi-csi.extraArgs" .Values.csiResizer | indent 10 }} 85 | imagePullPolicy: IfNotPresent 86 | volumeMounts: 87 | - name: socket-dir 88 | mountPath: /csi 89 | - name: csi-snapshotter 90 | image: {{ .Values.csiSnapshotter.image.repository }}:{{ .Values.csiSnapshotter.image.tag }} 91 | args: 92 | - --csi-address=/csi/csi.sock 93 | {{- include "san-iscsi-csi.extraArgs" .Values.csiSnapshotter | indent 10 }} 94 | imagePullPolicy: IfNotPresent 95 | volumeMounts: 96 | - name: socket-dir 97 | mountPath: /csi 98 | volumes: 99 | - name: socket-dir 100 | emptyDir: 101 | medium: Memory 102 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Alexandre Buisine 18 | 19 | {{- if .Values.podMonitor.enabled }} 20 | apiVersion: monitoring.coreos.com/v1 21 | kind: PodMonitor 22 | metadata: 23 | name: san-iscsi-csi-node-exporter 24 | labels: 25 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 26 | spec: 27 | selector: 28 | matchLabels: 29 | name: san-iscsi-csi-node-server 30 | podMetricsEndpoints: 31 | - port: metrics 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Alexandre Buisine 18 | 19 | {{ if .Values.pspAdmissionControllerEnabled -}} 20 | apiVersion: policy/v1beta1 21 | kind: PodSecurityPolicy 22 | metadata: 23 | name: san-iscsi-csi 24 | spec: 25 | privileged: true 26 | hostNetwork: true 27 | hostIPC: true 28 | hostPID: true 29 | seLinux: 30 | rule: RunAsAny 31 | supplementalGroups: 32 | rule: RunAsAny 33 | runAsUser: 34 | rule: RunAsAny 35 | fsGroup: 36 | rule: RunAsAny 37 | hostPorts: 38 | - min: 0 39 | max: 65535 40 | volumes: 41 | - '*' 42 | allowedCapabilities: 43 | - '*' 44 | {{ end }} 45 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Arthur Chaloin 18 | # Alexandre Buisine 19 | 20 | # This YAML file contains all RBAC objects that are necessary to run external 21 | # CSI provisioner. 22 | # 23 | # In production, each CSI driver deployment has to be customized: 24 | # - to avoid conflicts, use non-default namespace and different names 25 | # for non-namespaced entities like the ClusterRole 26 | # - decide whether the deployment replicates the external CSI 27 | # provisioner, in which case leadership election must be enabled; 28 | # this influences the RBAC setup, see below 29 | 30 | apiVersion: v1 31 | kind: ServiceAccount 32 | metadata: 33 | name: csi-provisioner 34 | labels: 35 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 36 | 37 | --- 38 | kind: ClusterRole 39 | apiVersion: rbac.authorization.k8s.io/v1 40 | metadata: 41 | name: external-provisioner-runner-san-iscsi-csi 42 | labels: 43 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 44 | rules: 45 | - apiGroups: [""] 46 | resources: ["secrets"] 47 | verbs: ["get", "list"] 48 | - apiGroups: [""] 49 | resources: ["persistentvolumes"] 50 | verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 51 | - apiGroups: [""] 52 | resources: ["persistentvolumeclaims"] 53 | verbs: ["get", "list", "watch", "update"] 54 | - apiGroups: [""] 55 | resources: ["persistentvolumeclaims/status"] 56 | verbs: ["update", "patch"] 57 | - apiGroups: ["storage.k8s.io"] 58 | resources: ["storageclasses"] 59 | verbs: ["get", "list", "watch"] 60 | - apiGroups: [""] 61 | resources: ["events"] 62 | verbs: ["list", "watch", "create", "update", "patch"] 63 | - apiGroups: ["snapshot.storage.k8s.io"] 64 | resources: ["volumesnapshots"] 65 | verbs: ["get", "list"] 66 | - apiGroups: ["snapshot.storage.k8s.io"] 67 | resources: ["volumesnapshotclasses"] 68 | verbs: ["get", "list", "watch"] 69 | - apiGroups: ["snapshot.storage.k8s.io"] 70 | resources: ["volumesnapshotcontents"] 71 | verbs: ["create", "get", "list", "watch", "update", "delete"] 72 | - apiGroups: ["snapshot.storage.k8s.io"] 73 | resources: ["volumesnapshotcontents/status"] 74 | verbs: ["update"] 75 | - apiGroups: ["storage.k8s.io"] 76 | resources: ["csinodes"] 77 | verbs: ["get", "list", "watch"] 78 | - apiGroups: [""] 79 | resources: ["nodes"] 80 | verbs: ["get", "list", "watch"] 81 | - apiGroups: ["storage.k8s.io"] 82 | resources: ["volumeattachments"] 83 | verbs: ["get", "list", "watch", "update", "patch"] 84 | - apiGroups: [""] 85 | resources: ["pods"] 86 | verbs: ["get", "list", "watch"] 87 | 88 | --- 89 | kind: ClusterRoleBinding 90 | apiVersion: rbac.authorization.k8s.io/v1 91 | metadata: 92 | name: csi-provisioner-role-san-iscsi-csi 93 | labels: 94 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 95 | subjects: 96 | - kind: ServiceAccount 97 | name: csi-provisioner 98 | namespace: {{ .Release.Namespace }} 99 | roleRef: 100 | kind: ClusterRole 101 | name: external-provisioner-runner-san-iscsi-csi 102 | apiGroup: rbac.authorization.k8s.io 103 | 104 | --- 105 | # Provisioner must be able to work with endpoints in current namespace 106 | # if (and only if) leadership election is enabled 107 | kind: Role 108 | apiVersion: rbac.authorization.k8s.io/v1 109 | metadata: 110 | name: external-provisioner-cfg-san-iscsi-csi 111 | labels: 112 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 113 | rules: 114 | # Only one of the following rules for endpoints or leases is required based on 115 | # what is set for `--leader-election-type`. Endpoints are deprecated in favor of Leases. 116 | - apiGroups: [""] 117 | resources: ["endpoints"] 118 | verbs: ["get", "watch", "list", "delete", "update", "create"] 119 | - apiGroups: ["coordination.k8s.io"] 120 | resources: ["leases"] 121 | verbs: ["get", "watch", "list", "delete", "update", "create"] 122 | {{ if .Values.pspAdmissionControllerEnabled }} 123 | - apiGroups: ["policy"] 124 | resources: ["podsecuritypolicies"] 125 | verbs: ["use"] 126 | resourceNames: 127 | - san-iscsi-csi 128 | {{ end }} 129 | 130 | --- 131 | kind: RoleBinding 132 | apiVersion: rbac.authorization.k8s.io/v1 133 | metadata: 134 | name: csi-provisioner-role-cfg-san-iscsi-csi 135 | labels: 136 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 137 | subjects: 138 | - kind: ServiceAccount 139 | name: csi-provisioner 140 | roleRef: 141 | kind: Role 142 | name: external-provisioner-cfg-san-iscsi-csi 143 | apiGroup: rbac.authorization.k8s.io 144 | 145 | {{ if .Values.pspAdmissionControllerEnabled }} 146 | --- 147 | apiVersion: v1 148 | kind: ServiceAccount 149 | metadata: 150 | name: csi-node-registrar 151 | labels: 152 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 153 | 154 | --- 155 | kind: Role 156 | apiVersion: rbac.authorization.k8s.io/v1 157 | metadata: 158 | name: csi-node-registrar-cfg-san-iscsi-csi 159 | labels: 160 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 161 | rules: 162 | - apiGroups: ["policy"] 163 | resources: ["podsecuritypolicies"] 164 | verbs: ["use"] 165 | resourceNames: 166 | - san-iscsi-csi 167 | 168 | --- 169 | kind: RoleBinding 170 | apiVersion: rbac.authorization.k8s.io/v1 171 | metadata: 172 | name: csi-node-registrar-role-cfg-san-iscsi-csi 173 | labels: 174 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 175 | subjects: 176 | - kind: ServiceAccount 177 | name: csi-node-registrar 178 | roleRef: 179 | kind: Role 180 | name: csi-node-registrar-cfg-san-iscsi-csi 181 | apiGroup: rbac.authorization.k8s.io 182 | {{ end }} 183 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Alexandre Buisine 18 | 19 | {{- if .Values.serviceMonitor.enabled }} 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: san-iscsi-csi-controller-metrics 24 | labels: 25 | name: san-iscsi-csi-controller-metrics 26 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 27 | spec: 28 | ports: 29 | - name: metrics 30 | port: 9842 31 | targetPort: metrics 32 | protocol: TCP 33 | selector: 34 | app: san-iscsi-csi-controller-server 35 | --- 36 | apiVersion: monitoring.coreos.com/v1 37 | kind: ServiceMonitor 38 | metadata: 39 | name: san-iscsi-csi-controller-exporter 40 | labels: 41 | {{ include "san-iscsi-csi.labels" . | indent 4 }} 42 | spec: 43 | selector: 44 | matchLabels: 45 | name: san-iscsi-csi-controller-metrics 46 | endpoints: 47 | - port: metrics 48 | interval: 1s 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/san-iscsi-csi/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Enix, SAS 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 12 | # or implied. See the License for the specific language governing 13 | # permissions and limitations under the License. 14 | # 15 | # Authors: 16 | # Paul Laffitte 17 | # Alexandre Buisine 18 | 19 | # Default values for san-iscsi-csi. 20 | # This is a YAML-formatted file. 21 | # Declare variables to be passed into your templates. 22 | 23 | # -- Path to kubelet 24 | kubeletPath: /var/lib/kubelet 25 | # -- Wether psp admission controller has been enabled in the cluster or not 26 | pspAdmissionControllerEnabled: false 27 | 28 | image: 29 | # -- Docker repository to use for nodes and controller 30 | repository: docker.io/enix/san-iscsi-csi 31 | # -- Tag to use for nodes and controller 32 | # @default -- The chart will use the appVersion value by default if not given. 33 | tag: "" 34 | 35 | # -- Controller sidecar for provisionning 36 | csiProvisioner: 37 | image: 38 | repository: k8s.gcr.io/sig-storage/csi-provisioner 39 | tag: v2.1.0 40 | # -- Timeout for gRPC calls from the csi-provisioner to the controller 41 | timeout: 30s 42 | # -- Extra arguments for csi-provisioner controller sidecar 43 | extraArgs: [] 44 | 45 | # -- Controller sidecar for attachment handling 46 | csiAttacher: 47 | image: 48 | repository: k8s.gcr.io/sig-storage/csi-attacher 49 | tag: v2.2.1 50 | # -- Timeout for gRPC calls from the csi-attacher to the controller 51 | timeout: 30s 52 | # -- Extra arguments for csi-attacher controller sidecar 53 | extraArgs: [] 54 | 55 | # -- Controller sidecar for volume expansion 56 | csiResizer: 57 | image: 58 | repository: k8s.gcr.io/sig-storage/csi-resizer 59 | tag: v1.1.0 60 | # -- Extra arguments for csi-resizer controller sidecar 61 | extraArgs: [] 62 | 63 | # -- Controller sidecar for snapshots handling 64 | csiSnapshotter: 65 | image: 66 | repository: k8s.gcr.io/sig-storage/csi-snapshotter 67 | tag: v4.0.0 68 | # -- Extra arguments for csi-snapshotter controller sidecar 69 | extraArgs: [] 70 | 71 | # -- Node sidecar for plugin registration 72 | csiNodeRegistrar: 73 | image: 74 | repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar 75 | tag: v2.1.0 76 | # -- Extra arguments for csi-node-registrar node sidecar 77 | extraArgs: [] 78 | 79 | controller: 80 | # -- Extra arguments for san-iscsi-csi-controller container 81 | extraArgs: [] 82 | 83 | node: 84 | # -- Extra arguments for san-iscsi-csi-node containers 85 | extraArgs: [] 86 | 87 | # -- Container that convert CSI liveness probe to kubernetes liveness/readiness probe 88 | nodeLivenessProbe: 89 | image: 90 | repository: quay.io/k8scsi/livenessprobe 91 | tag: v2.2.0 92 | # -- Extra arguments for the node's liveness probe containers 93 | extraArgs: [] 94 | 95 | nodeServer: 96 | # -- Kubernetes nodeSelector field for san-iscsi-csi-node-server Pod 97 | nodeSelector: 98 | # -- Kubernetes nodeAffinity field for san-iscsi-csi-node-server Pod 99 | nodeAffinity: 100 | 101 | podMonitor: 102 | # -- Set a Prometheus operator PodMonitor ressource (true or false) 103 | enabled: false 104 | 105 | serviceMonitor: 106 | # -- Set a Prometheus operator ServiceMonitor ressource (true or false) 107 | enabled: false 108 | -------------------------------------------------------------------------------- /charts/swift-exporter/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/swift-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: swift-exporter 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | appVersion: 1.16.0 24 | -------------------------------------------------------------------------------- /charts/swift-exporter/README.md: -------------------------------------------------------------------------------- 1 | # :rotating_light: Swift Exporter 2 | 3 | A Prometheus exporter for Swift Object Storage focusing on authentification monitoring, written in Python. Designed to be used within Kubernetes clusters, however it can also be used as a standalone exporter. 4 | 5 | ![Grafana Dashboard]([./docs/grafana-dashboard.png](https://raw.githubusercontent.com/enix/swift-exporter/master/docs/grafana-dashboard.png)) 6 | 7 | ## 🏃 TL; DR 8 | 9 | It only takes two commands to install swift-exporter, however you should read the instructions in the next section to 10 | take advantage of all the features! 11 | 12 | Add our Charts repository : 13 | ``` 14 | $ helm repo add enix https://charts.enix.io 15 | ``` 16 | Install swift-exporter for TLS Secrets monitoring with prometheus-operator support : 17 | ``` 18 | $ helm install swift-exporter enix/swift-exporter 19 | ``` 20 | 21 | ## Values 22 | 23 | | Key | Type | Default | Description | 24 | |-----|------|---------|-------------| 25 | | exporter.request_rate | int | `5` | Defines the exporter's request rate in seconds. | 26 | | exporter.timeout | int | `3` | Exporter's allowed time in seconds to make a request. If this count down reaches 0 a timout exception is raised | 27 | | image.pullPolicy | string | `"IfNotPresent"` | swift-exporter image pull policy | 28 | | image.registry | string | `"docker.io"` | swift-exporter image registry | 29 | | image.repository | string | `"enix/swift-exporter"` | swift-exporter image repository | 30 | | image.tag | string | `nil` | swift-exporter image tag (defaults to Chart appVersion) | 31 | | podAnnotations | object | `{"prometheus.io/port":"8000","prometheus.io/scrape":"true"}` | Annotations added to all Pods | 32 | | podExtraLabels | object | `{}` | | 33 | | podListenPort | int | `8000` | TCP port to expose Pods on | 34 | | prometheusPodMonitor.create | bool | `false` | Should a PodMonitor ressource be installed to scrape this exporter. For prometheus-operator (kube-prometheus) users. | 35 | | prometheusPodMonitor.extraLabels | object | `{}` | Extra labels to add on PodMonitor ressources | 36 | | prometheusPodMonitor.relabelings | object | `{}` | Relabel config for the PodMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig | 37 | | prometheusPodMonitor.scrapeInterval | string | `"15s"` | Target scrape interval set in the PodMonitor | 38 | | prometheusServiceMonitor.create | bool | `true` | Should a ServiceMonitor ressource be installed to scrape this exporter. For prometheus-operator (kube-prometheus) users. | 39 | | prometheusServiceMonitor.extraLabels | object | `{"release":"prometheus-operator","serviceapp":"coredns-servicemonitor"}` | Extra labels to add on ServiceMonitor ressources | 40 | | prometheusServiceMonitor.relabelings | object | `{}` | Relabel config for the ServiceMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig | 41 | | prometheusServiceMonitor.scrapeInterval | string | `"15s"` | Target scrape interval set in the ServiceMonitor | 42 | | service.annotations | object | `{"prometheus.io/port":"8000","prometheus.io/scrape":"true"}` | Annotations to add to the Service | 43 | | service.create | bool | `true` | Should a headless Service be installed, targets all instances Deployment (required for ServiceMonitor) | 44 | | service.extraLabels | object | `{}` | Extra labels to add to the Service | 45 | | service.port | int | `8000` | TCP port to expose the Service on | 46 | | swift.domain | string | `"Default"` | Swift domain | 47 | | swift.project | string | `nil` | The Swift project | 48 | | swift.project_domain | string | `"Default"` | Swift project domain | 49 | | swift.url | string | `nil` | A Swift authentication url to target | 50 | | swift.usr | string | `nil` | A Swift user | 51 | | swiftExporter.nodeSelector | object | `{}` | Node selector for Pods of the Swift Exporter | 52 | | swiftExporter.podAnnotations | object | `{}` | Annotations added to Pods of the Swift Exporter | 53 | | swiftExporter.podExtraLabels | object | `{}` | Extra labels added to Pods of the Swift Exporter | 54 | | swiftExporter.podSecurityContext | object | `{}` | PodSecurityContext for Pods of the Swift Exporter | 55 | | swiftExporter.replicas | int | `1` | Desired number of Swift Exporter Pod | 56 | | swiftExporter.resources | object | see values.yaml | ResourceRequirements for containers of the Swift Exporter | 57 | | swiftExporter.restartPolicy | string | `"Always"` | restartPolicy for Pods of the Swift Exporter | 58 | | swiftExporter.securityContext | object | see values.yaml | SecurityContext for containers of the Swift Exporter | 59 | 60 | -------------------------------------------------------------------------------- /charts/swift-exporter/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | # :rotating_light: Swift Exporter 2 | 3 | A Prometheus exporter for Swift Object Storage focusing on authentification monitoring, written in Python. Designed to be used within Kubernetes clusters, however it can also be used as a standalone exporter. 4 | 5 | 6 | ![Grafana Dashboard]([./docs/grafana-dashboard.png](https://raw.githubusercontent.com/enix/swift-exporter/master/docs/grafana-dashboard.png)) 7 | 8 | 9 | ## 🏃 TL; DR 10 | 11 | It only takes two commands to install swift-exporter, however you should read the instructions in the next section to 12 | take advantage of all the features! 13 | 14 | Add our Charts repository : 15 | ``` 16 | $ helm repo add enix https://charts.enix.io 17 | ``` 18 | Install swift-exporter for TLS Secrets monitoring with prometheus-operator support : 19 | ``` 20 | $ helm install swift-exporter enix/swift-exporter 21 | ``` 22 | 23 | {{ template "chart.valuesSection" . }} 24 | 25 | -------------------------------------------------------------------------------- /charts/swift-exporter/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "swift-exporter.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "swift-exporter.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "swift-exporter.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "swift-exporter.labels" -}} 37 | helm.sh/chart: {{ include "swift-exporter.chart" . }} 38 | {{ include "swift-exporter.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "swift-exporter.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "swift-exporter.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Return the proper x509-certificate-exporter image name 55 | */}} 56 | {{- define "x509-certificate-exporter.image" -}} 57 | {{- $registryName := .Values.image.registry -}} 58 | {{- $repositoryName := .Values.image.repository -}} 59 | {{- $tag := default .Chart.AppVersion .Values.image.tag | toString -}} -------------------------------------------------------------------------------- /charts/swift-exporter/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "swift-exporter.fullname" . }} 5 | labels: 6 | {{- include "swift-exporter.labels" . | nindent 4 }} 7 | {{- with .Values.extraLabels }} 8 | {{- . | toYaml | trim | nindent 4 }} 9 | {{- end }} 10 | spec: 11 | selector: 12 | matchLabels: 13 | {{- include "swift-exporter.selectorLabels" . | nindent 6 }} 14 | {{- with .Values.swiftExporter.replicas }} 15 | replicas: {{ . }} 16 | {{- end }} 17 | template: 18 | metadata: 19 | labels: 20 | {{- include "swift-exporter.selectorLabels" . | nindent 8 }} 21 | {{- with .Values.podExtraLabels }} 22 | {{- . | toYaml | trim | nindent 8 }} 23 | {{- end }} 24 | {{- with .Values.swiftExporter.podExtraLabels }} 25 | {{- . | toYaml | trim | nindent 8 }} 26 | {{- end }} 27 | {{- if or .Values.podAnnotations .Values.swiftExporter.podAnnotations }} 28 | annotations: 29 | {{- with .Values.podAnnotations }} 30 | {{- toYaml . | trim | nindent 8 }} 31 | {{- end }} 32 | {{- with .Values.swiftExporter.podAnnotations }} 33 | {{- toYaml . | trim | nindent 8 }} 34 | {{- end }} 35 | {{- end }} 36 | spec: 37 | {{- with .Values.imagePullSecrets }} 38 | imagePullSecrets: 39 | {{- toYaml . | nindent 8 }} 40 | {{- end }} 41 | securityContext: 42 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 43 | containers: 44 | - name: {{ .Chart.Name }} 45 | {{- with .Values.swiftExporter.securityContext }} 46 | securityContext: 47 | {{- toYaml . | trim | nindent 12 }} 48 | {{- end }} 49 | {{- with .Values.swiftExporter.resources }} 50 | resources: 51 | {{- . | toYaml | trim | nindent 12 }} 52 | {{- end }} 53 | image: {{ include "swift-exporter.image" . }} 54 | imagePullPolicy: {{ .Values.image.pullPolicy }} 55 | env: 56 | - name: SWIFT_AUTH_URL 57 | value: "{{ .Values.swift.url }}" 58 | - name: SWIFT_USERNAME 59 | value: "{{ .Values.swift.usr }}" 60 | - name: SWIFT_PASSWORD 61 | valueFrom: 62 | secretKeyRef: 63 | name: swift-auth 64 | key: password 65 | - name: SWIFT_DOMAIN_NAME 66 | value: "{{ .Values.swift.domain }}" 67 | - name: SWIFT_PROJECT_NAME 68 | value: "{{ .Values.swift.project }}" 69 | - name: SWIFT_PROJECT_DOMAINE_NAME 70 | value: "{{ .Values.swift.project_domain }}" 71 | - name: EXPORTER_TIMOUT_SEC 72 | value: "{{ .Values.exporter.timeout }}" 73 | - name: EXPORTER_REQUEST_RATE_SEC 74 | value: "{{ .Values.exporter.request_rate }}" 75 | ports: 76 | - name: merics 77 | containerPort: {{ .Values.podListenPort }} 78 | protocol: TCP 79 | livenessProbe: 80 | httpGet: 81 | path: / 82 | port: {{ .Values.podListenPort }} 83 | readinessProbe: 84 | httpGet: 85 | path: / 86 | port: {{ .Values.podListenPort }} 87 | resources: 88 | {{- toYaml .Values.resources | nindent 12 }} 89 | {{- with .Values.nodeSelector }} 90 | nodeSelector: 91 | {{- toYaml . | nindent 8 }} 92 | {{- end }} 93 | {{- with .Values.affinity }} 94 | affinity: 95 | {{- toYaml . | nindent 8 }} 96 | {{- end }} 97 | {{- with .Values.tolerations }} 98 | tolerations: 99 | {{- toYaml . | nindent 8 }} 100 | {{- end }} 101 | -------------------------------------------------------------------------------- /charts/swift-exporter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "swift-exporter.fullname" . }}-headless 5 | labels: 6 | {{- include "swift-exporter.labels" . | nindent 4 }} 7 | {{- with .Values.extraLabels }} 8 | {{ . | toYaml | trim | nindent 4 }} 9 | {{- end }} 10 | {{- with .Values.service.extraLabels }} 11 | {{- . | toYaml | trim | nindent 4 }} 12 | {{- end }} 13 | {{- with .Values.service.annotations }} 14 | annotations: 15 | {{- . | toYaml | trim | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | type: ClusterIP 19 | ports: 20 | - port: {{ .Values.service.port }} 21 | targetPort: {{ .Values.podListenPort }} 22 | name: metrics 23 | protocol: TCP 24 | selector: 25 | {{- include "swift-exporter.selectorLabels" . | nindent 4 }} 26 | -------------------------------------------------------------------------------- /charts/swift-exporter/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheusServiceMonitor.create }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "swift-exporter.fullname" . }} 6 | labels: 7 | {{- include "swift-exporter.labels" . | nindent 4 }} 8 | {{- with .Values.extraLabels }} 9 | {{ . | toYaml | trim | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.prometheusServiceMonitor.extraLabels }} 12 | {{- . | toYaml | trim | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | selector: 16 | matchLabels: 17 | {{- include "swift-exporter.selectorLabels" . | nindent 6 }} 18 | endpoints: 19 | - port: metrics 20 | interval: {{ .Values.prometheusServiceMonitor.scrapeInterval }} 21 | {{- with .Values.prometheusServiceMonitor.relabelings }} 22 | relabelings: 23 | {{ . | toYaml | nindent 6 }} 24 | {{- end }} 25 | {{- end }} -------------------------------------------------------------------------------- /charts/swift-exporter/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "swift-exporter.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "swift-exporter.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "swift-exporter.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/swift-exporter/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default values for swift-exporter. 3 | 4 | # -- Extra labels to add on chart resources 5 | podExtraLabels: {} 6 | 7 | # -- Annotations added to all Pods 8 | podAnnotations: { 9 | prometheus.io/port: "8000", 10 | prometheus.io/scrape: "true" 11 | } 12 | 13 | # -- TCP port to expose Pods on 14 | podListenPort: 8000 15 | 16 | 17 | image: 18 | # -- swift-exporter image registry 19 | registry: docker.io 20 | # -- swift-exporter image repository 21 | repository: enix/swift-exporter 22 | # -- swift-exporter image tag (defaults to Chart appVersion) 23 | tag: 24 | # -- swift-exporter image pull policy 25 | pullPolicy: IfNotPresent 26 | 27 | 28 | swiftExporter: 29 | # -- Desired number of Swift Exporter Pod 30 | replicas: 1 31 | # -- restartPolicy for Pods of the Swift Exporter 32 | restartPolicy: Always 33 | # -- ResourceRequirements for containers of the Swift Exporter 34 | # @default -- see values.yaml 35 | resources: 36 | limits: 37 | cpu: 200m 38 | memory: 100Mi 39 | requests: 40 | cpu: 10m 41 | memory: 20Mi 42 | # -- Node selector for Pods of the Swift Exporter 43 | nodeSelector: {} 44 | # -- Extra labels added to Pods of the Swift Exporter 45 | podExtraLabels: {} 46 | # -- Annotations added to Pods of the Swift Exporter 47 | podAnnotations: {} 48 | # -- PodSecurityContext for Pods of the Swift Exporter 49 | podSecurityContext: {} 50 | # -- SecurityContext for containers of the Swift Exporter 51 | # @default -- see values.yaml 52 | securityContext: {} 53 | 54 | service: 55 | # -- Should a headless Service be installed, targets all instances Deployment (required for ServiceMonitor) 56 | create: true 57 | # -- TCP port to expose the Service on 58 | port: 8000 59 | # -- Annotations to add to the Service 60 | annotations: { 61 | prometheus.io/port: "8000", 62 | prometheus.io/scrape: "true" 63 | } 64 | # -- Extra labels to add to the Service 65 | extraLabels: {} 66 | 67 | prometheusServiceMonitor: 68 | # -- Should a ServiceMonitor ressource be installed to scrape this exporter. For prometheus-operator (kube-prometheus) users. 69 | create: true 70 | # -- Target scrape interval set in the ServiceMonitor 71 | scrapeInterval: 15s 72 | # -- Extra labels to add on ServiceMonitor ressources 73 | extraLabels: { 74 | release: prometheus-operator, 75 | serviceapp: coredns-servicemonitor 76 | } 77 | # -- Relabel config for the ServiceMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig 78 | relabelings: {} 79 | 80 | prometheusPodMonitor: 81 | # -- Should a PodMonitor ressource be installed to scrape this exporter. For prometheus-operator (kube-prometheus) users. 82 | create: false 83 | # -- Target scrape interval set in the PodMonitor 84 | scrapeInterval: 15s 85 | # -- Extra labels to add on PodMonitor ressources 86 | extraLabels: {} 87 | # -- Relabel config for the PodMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig 88 | relabelings: {} 89 | 90 | 91 | swift: 92 | # -- A Swift authentication url to target 93 | url: 94 | # -- A Swift user 95 | usr: 96 | # -- The Swift project 97 | project: 98 | # -- Swift domain 99 | domain: Default 100 | # -- Swift project domain 101 | project_domain: Default 102 | 103 | exporter: 104 | # -- Exporter's allowed time in seconds to make a request. If this count down reaches 0 a timout exception is raised 105 | timeout: 3 106 | # -- Defines the exporter's request rate in seconds. 107 | request_rate: 5 --------------------------------------------------------------------------------