[CP-23429] merge insights-controller into main chart

charts/cloudzero-agent/Chart.lock

@@ -2,8 +2,8 @@ dependencies:
 - name: kube-state-metrics
   repository: https://prometheus-community.github.io/helm-charts
   version: 5.15.3
-- name: cloudzero-insights-controller
-  repository: https://cloudzero.github.io/cloudzero-charts/beta
-  version: 1.0.1-beta
-digest: sha256:3518ffb88382f3e613cc9b21aac6dc474d634b316aa69cfe7f4e85474844e54b
-generated: "2024-11-21T00:05:12.882895449Z"
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.15.3
+digest: sha256:6135d395ad03a38895bd8f1d71fb84856d76b89978b5b4250f6d154c6e33b128
+generated: "2024-12-06T14:53:41.361206-05:00"

charts/cloudzero-agent/Chart.yaml

@@ -13,8 +13,8 @@ dependencies:
     repository: https://prometheus-community.github.io/helm-charts
     condition: kubeStateMetrics.enabled
     alias: kubeStateMetrics
-  - name: cloudzero-insights-controller
-    version: "1.0.1-beta"
-    repository: https://cloudzero.github.io/cloudzero-charts/beta
-    condition: cloudzero-insights-controller.enabled
-    alias: tags
+  - name: cert-manager
+    version: v1.15.3
+    repository: https://charts.jetstack.io
+    alias: cert-manager
+    condition: cert-manager.enabled

charts/cloudzero-agent/README.md

@@ -40,9 +40,9 @@ helm repo update
 2. Ensure that required CRDs are installed for certifiacte management. If you have more specific requirements around managing TLS certificates, see the [Certificate Management](https://github.com/Cloudzero/cloudzero-charts/tree/develop/charts/cloudzero-insights-controller#deployment-configurations-and-certificate-management) section in the `cloudzero-insights-controller` subchart.
 ```console
 helm install <RELEASE_NAME> cloudzero/cloudzero-agent \
-    --set tags.webhook.issuer.enabled=false \
-    --set tags.webhook.certificate.enabled=false \
-    --set tags.cert-manager.installCRDs=true
+    --set insightsController.webhook.issuer.enabled=false \
+    --set insightsController.webhook.certificate.enabled=false \
+    --set insightsController.cert-manager.installCRDs=true
 ```
 
 3. Fill out all required fields in the `configuration.example.yaml` file in this directory. Rename the file as necessary. Below is an example of a completed configuration file:
@@ -104,8 +104,8 @@ There are several mandatory values that must be specified for the chart to insta
 | cloudAccountId    | string | `nil`                 | Account ID in AWS or Subscription ID in Azure or Project Number in GCP where the cluster is running. Must be a string due to Helm limitations.  |
 | clusterName       | string | `nil`                 | Name of the cluster. Must be RFC 1123 compliant.                                                                         |
 | host              | string | `"api.cloudzero.com"` | CloudZero host to send metrics to.                                                                                      |
-| global.apiKey            | string | `nil`                 | The CloudZero API key to use for exporting metrics. Only used if `global.existingSecretName` is not set.                       |
-| global.existingSecretName| string | `nil`                 | Name of the secret that contains the CloudZero API key. Required if not providing the API key via `apiKey`.             |
+| apiKey            | string | `nil`                 | The CloudZero API key to use for exporting metrics. Only used if `global.existingSecretName` is not set.                       |
+| existingSecretName| string | `nil`                 | Name of the secret that contains the CloudZero API key. Required if not providing the API key via `apiKey`.             |
 | region            | string | `nil`                 | Region where the cluster is running (e.g., `us-east-1`, `eastus`). For more information, see AWS or Azure documentation. |
 | tags.labels.enabled            | string | `nil`                 | If enabled, labels for pods, deployments, statefulsets, daemonsets, cronjobs, jobs, nodes, and namespaces |
 | tags.labels.patterns            | string | `nil`                 | An array of regular expressions, which are used to match specific label keys |

charts/cloudzero-agent/configuration.example.yaml

@@ -12,7 +12,7 @@ global:
   existingSecretName: null
 
 # label and annotation configuration:
-tags:
+insightsController:
   # -- By default, a ValidatingAdmissionWebhook will be deployed that records all created labels and annotations
   enabled: true
   labels:

charts/cloudzero-agent/templates/_helpers.tpl

@@ -14,22 +14,25 @@ Create chart name and version as used by the chart label.
 
 {{/* Define the secret name which holds the CloudZero API key */}}
 {{ define "cloudzero-agent.secretName" -}}
-{{ .Values.global.existingSecretName | default (printf "%s-api-key" .Release.Name) }}
+{{ .Values.existingSecretName | default (printf "%s-api-key" .Release.Name) }}
 {{- end}}
 
 {{/* Define the path and filename on the container filesystem which holds the CloudZero API key */}}
 {{ define "cloudzero-agent.secretFileFullPath" -}}
-{{ printf "%s%s" .Values.server.containerSecretFilePath .Values.server.containerSecretFileName }}
+{{ printf "%s%s" .Values.serverConfig.containerSecretFilePath .Values.serverConfig.containerSecretFileName }}
 {{- end}}
 
+{{/*
+Name for the validating webhook
+*/}}
+{{- define "cloudzero-agent.validatingWebhookName" -}}
+{{- printf "%s.%s.svc" (include "cloudzero-agent.validatingWebhookConfigName" .) .Release.Namespace }}
+{{- end }}
+
 {{ define "cloudzero-agent.configMapName" -}}
 {{ .Values.configMapNameOverride | default (printf "%s-configuration" .Release.Name) }}
 {{- end}}
 
-{{ define "cloudzero-agent.cloudzeroConfigMapName" -}}
-{{ .Values.cloudzeroConfigMapNameOverride | default (printf "%s-cloudzero-configuration" .Release.Name) }}
-{{- end}}
-
 {{ define "cloudzero-agent.validatorConfigMapName" -}}
 {{- printf "%s-validator-configuration" .Release.Name -}}
 {{- end}}
@@ -75,7 +78,6 @@ app.kubernetes.io/part-of: {{ include "cloudzero-agent.name" . }}
 {{ include "cloudzero-agent.common.metaLabels" . }}
 {{- end -}}
 
-
 {{/*
 Define the cloudzero-agent.namespace template if set with forceNamespace or .Release.Namespace is set
 */}}
@@ -86,11 +88,11 @@ Define the cloudzero-agent.namespace template if set with forceNamespace or .Rel
 {{/*
 Create the name of the service account to use for the server component
 */}}
-{{- define "cloudzero-agent.serviceAccountName.server" -}}
-{{- if .Values.serviceAccounts.server.create -}}
-    {{ default (include "cloudzero-agent.server.fullname" .) .Values.serviceAccounts.server.name }}
+{{- define "cloudzero-agent.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "cloudzero-agent.server.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
-    {{ default "default" .Values.serviceAccounts.server.name }}
+    {{ default "default" .Values.server.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 
@@ -153,3 +155,122 @@ Required metric labels
 {{- $result := join "|" $total -}}
 {{- $result -}}
 {{- end -}}
+
+
+{{/*
+Insights Controller
+*/}}
+
+{{/*
+Create common matchLabels for webhook server
+*/}}
+{{- define "cloudzero-agent.insightsController.common.matchLabels" -}}
+app.kubernetes.io/name: {{ include "cloudzero-agent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{- define "cloudzero-agent.insightsController.server.matchLabels" -}}
+app.kubernetes.io/component: {{ .Values.insightsController.server.name }}
+{{ include "cloudzero-agent.common.matchLabels" . }}
+{{- end -}}
+
+{{- define "cloudzero-agent.insightsController.initJob.matchLabels" -}}
+app.kubernetes.io/component: {{ include "cloudzero-agent.initJobName" . }}
+{{ include "cloudzero-agent.common.matchLabels" . }}
+{{- end -}}
+
+{{/*
+Service selector labels
+*/}}
+{{- define "cloudzero-agent.selectorLabels" -}}
+{{ include "cloudzero-agent.common.matchLabels" . }}
+{{ include "cloudzero-agent.insightsController.server.matchLabels" . }}
+{{- end }}
+
+{{- define "cloudzero-agent.insightsController.labels" -}}
+{{ include "cloudzero-agent.insightsController.server.matchLabels" . }}
+{{ include "cloudzero-agent.common.metaLabels" . }}
+{{- end -}}
+
+{{/*
+Create a fully qualified webhook server name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "cloudzero-agent.insightsController.server.webhookFullname" -}}
+{{- if .Values.server.fullnameOverride -}}
+{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}}-webhook
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.insightsController.server.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.insightsController.server.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Name for the webhook server service
+*/}}
+{{- define "cloudzero-agent.serviceName" -}}
+{{- printf "%s-svc" (include "cloudzero-agent.insightsController.server.webhookFullname" .) }}
+{{- end }}
+
+{{/*
+Name for the validating webhook configuration resource
+*/}}
+{{- define "cloudzero-agent.validatingWebhookConfigName" -}}
+{{- printf "%s-webhook" (include "cloudzero-agent.insightsController.server.webhookFullname" .) }}
+{{- end }}
+
+{{/*
+Name for the certificate secret
+*/}}
+{{- define "cloudzero-agent.tlsSecretName" -}}
+{{- printf "%s-tls" (include "cloudzero-agent.insightsController.server.webhookFullname" .) }}
+{{- end }}
+
+
+{{ define "cloudzero-agent.webhookConfigMapName" -}}
+{{ .Values.insightsController.ConfigMapNameOverride | default (printf "%s-webhook-configuration" .Release.Name) }}
+{{- end}}
+
+{{/*
+Mount path for the insights server configuration file
+*/}}
+{{- define "cloudzero-agent.insightsController.configurationMountPath" -}}
+{{- default .Values.insightsController.configurationMountPath (printf "/etc/%s-insights" .Chart.Name)  }}
+{{- end }}
+
+{{/*
+Name for the issuer resource
+*/}}
+{{- define "cloudzero-agent.issuerName" -}}
+{{- printf "%s-issuer" (include "cloudzero-agent.insightsController.server.webhookFullname" .) }}
+{{- end }}
+
+{{/*
+Name for the job resource
+*/}}
+{{- define "cloudzero-agent.initJobName" -}}
+{{- printf "%s-init" (include "cloudzero-agent.insightsController.server.webhookFullname" .) }}
+{{- end }}
+
+{{/*
+Annotations for the webhooks
+*/}}
+{{- define "cloudzero-agent.webhooks.annotations" -}}
+{{- if .Values.webhooks.annotations }}
+{{ toYaml .Values.webhook.annotations }}
+{{- end }}
+{{- if and .Values.webhook.certificate.enabled .Values.webhook.issuer.enabled }}
+cert-manager.io/inject-ca-from: {{ .Values.webhook.caInjection | default (printf "%s/%s" .Release.Namespace (include "cloudzero-agent.certificateName" .)) }}
+{{- end }}
+{{- end }}
+
+{{/*
+Name for the certificate resource
+*/}}
+{{- define "cloudzero-agent.certificateName" -}}
+{{- printf "%s-certificate" (include "cloudzero-agent.insightsController.server.webhookFullname" .) }}
+{{- end }}

charts/cloudzero-agent/templates/certificate.yaml

@@ -0,0 +1,28 @@
+{{ if .Values.insightsController.webhooks.certificate.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "cloudzero-agent.certificateName" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: {{ include "cloudzero-agent.tlsSecretName" .}}
+  secretTemplate:
+    {{- with .Values.secretAnnotations }}
+    annotations:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    labels:
+      {{- include "cloudzero-agent.insightsController.labels" . | nindent 6 }}
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+    - {{ include "cloudzero-agent.serviceName" . }}.{{ .Release.Namespace }}.svc
+  issuerRef:
+    name: {{ include "cloudzero-agent.issuerName" . }}
+    kind: Issuer
+{{ end }}

charts/cloudzero-agent/templates/clusterrole.yaml

@@ -6,10 +6,28 @@ metadata:
     {{- include "cloudzero-agent.server.labels" . | nindent 4 }}
   name: {{ include "cloudzero-agent.clusterRoleName" . }}
 rules:
+  - apiGroups:
+      - "apps"
+    resources:
+      - "deployments"
+      - "statefulsets"
+      - "daemonsets"
+    verbs:
+      - "get"
+      - "list"
+  - apiGroups:
+      - "batch"
+    resources:
+      - "jobs"
+      - "cronjobs"
+    verbs:
+      - "get"
+      - "list"
   - apiGroups:
       - ""
     resources:
       - endpoints
+      - namespaces
       - nodes
       - nodes/proxy
       - nodes/metrics

charts/cloudzero-agent/templates/clusterrolebinding.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.create (empty .Values.server.namespaces) (empty .Values.server.useExistingClusterRoleName) -}}
+{{- if and .Values.rbac.create -}}
 apiVersion: {{ template "cloudzero-agent.rbac.apiVersion" . }}
 kind: ClusterRoleBinding
 metadata:
@@ -7,7 +7,7 @@ metadata:
   name: {{ include "cloudzero-agent.clusterRoleName" . }}
 subjects:
   - kind: ServiceAccount
-    name: {{ template "cloudzero-agent.serviceAccountName.server" . }}
+    name: {{ template "cloudzero-agent.serviceAccountName" . }}
     namespace: {{ include "cloudzero-agent.namespace" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io

charts/cloudzero-agent/templates/cm.yaml

@@ -133,23 +133,64 @@ data:
             action: keep
         metadata_config:
           send: false
-{{- if .Values.tags.enabled }}
+{{- if .Values.insightsController.enabled }}
 ---
+{{- with .Values.insightsController }}
+{{- if not (and .labels.enabled .labels.patterns) }}
+{{- $msg := "\n\nThe required field(s) 'insightsController.labels.enabled' and/or 'insightsController.labels.patterns' is not set! See the README.md for more information." }}
+{{- $enabledMsg:=""}}
+{{- $patternMsg:=""}}
+{{- if not .labels.enabled  }}
+{{- $enabledMsg = "Ensure that 'insightsController.labels.enabled' is a boolean (true or false). Set 'true' to enable exporting labels."}}
+{{- end }}
+{{- if not .labels.patterns }}
+{{- $patternMsg = "The required field 'labels.patterns' is not set or set incorrectly. It must be an array of regular expressions that match label keys to be exported."}}
+{{- end }}
+{{- fail (printf "\n %s \n %s \n %s" $msg $enabledMsg $patternMsg) }}
+{{- end }}
+{{- end }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   labels:
     {{- include "cloudzero-agent.server.labels" . | nindent 4 }}
-  name: {{ include "cloudzero-agent.cloudzeroConfigMapName" . }}
+  name: {{ include "cloudzero-agent.webhookConfigMapName" . }}
   namespace: {{ include "cloudzero-agent.namespace" . }}
   {{- with .Values.prometheusConfig.configMapAnnotations }}
   annotations:
   {{- toYaml . | nindent 4 }}
   {{- end }}
 data:
-  cloudzero-config.yaml: |-
+  server-config.yaml: |-
     cloud_account_id: {{ .Values.cloudAccountId }}
     region: {{ .Values.region }}
     cluster_name: {{ .Values.clusterName }}
     host: {{ .Values.host }}
+    remote_write:
+      send_interval: 1m
+      max_bytes_per_send: 500000
+      send_timeout: 10s
+      max_retries: 3
+    k8s_client:
+      timeout: 30s
+    database:
+      retention_time: 24h
+      cleanup_interval: 3h
+      batch_update_size: 500
+    api_key_path: {{ include "cloudzero-agent.secretFileFullPath" . }}
+    {{- with .Values.insightsController.server }}
+    certificate:
+      key: {{ .tls.mountPath }}/tls.key
+      cert: {{ .tls.mountPath }}/tls.crt
+    server:
+      port: {{ .port }}
+      read_timeout: {{ .read_timeout }}
+      write_timeout: {{ .write_timeout }}
+      idle_timeout: {{ .idle_timeout }}
+    {{- end }}
+    filters:
+      labels:
+        {{- .Values.insightsController.labels | toYaml | nindent 8 }}
+      annotations:
+        {{- .Values.insightsController.annotations | toYaml | nindent 8 }}
 {{- end }}