diff --git a/test/charts/mocked_backend/templates/daemonset.yaml b/test/charts/mocked_backend/templates/daemonset.yaml index bb0c93a1..7ac9158a 100644 --- a/test/charts/mocked_backend/templates/daemonset.yaml +++ b/test/charts/mocked_backend/templates/daemonset.yaml @@ -14,7 +14,6 @@ spec: labels: app: *app spec: - serviceAccountName: read-k8s-api-account initContainers: # Wait for the backend to be up before starting the collector - name: wait-for-validation diff --git a/test/charts/mocked_backend/templates/deployment-collector.yaml b/test/charts/mocked_backend/templates/deployment-collector.yaml deleted file mode 100644 index 4c8c648a..00000000 --- a/test/charts/mocked_backend/templates/deployment-collector.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: &app nrdot-collector-deployment - labels: - app: *app -spec: - replicas: {{ .Values.image.repository | hasSuffix "k8s" | ternary 1 0 }} - selector: - matchLabels: - app: *app - template: - metadata: - labels: - app: *app - spec: - serviceAccountName: read-k8s-api-account - containers: - - name: *app - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - args: ["--config", "/etc/nrdot-collector-k8s/config-deployment.yaml"] - ports: - - name: health - containerPort: 13133 - env: - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: "http://validation-backend:4318" - # mock values - # k8s distro expects this to be present - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NEW_RELIC_LICENSE_KEY - value: "NR_LICENSE_KEY_PLACEHOLDER" - # used to populate k8s.cluster.name - - name: K8S_CLUSTER_NAME - value: {{ .Values.clusterName }} diff --git a/test/charts/mocked_backend/templates/k8s-api-access.yaml b/test/charts/mocked_backend/templates/k8s-api-access.yaml deleted file mode 100644 index 5628d9eb..00000000 --- a/test/charts/mocked_backend/templates/k8s-api-access.yaml +++ /dev/null @@ -1,91 +0,0 @@ -# namespace suffixes to avoid conflicts when installing chart multiple times -apiVersion: v1 -kind: ServiceAccount -metadata: - name: read-k8s-api-account ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: -# namespace suffix to avoid conflicts when installing chart multiple times - name: read-k8s-api-role-{{ .Release.Namespace }} -# if not mentioned otherwise, required rules copied from: -# - k8seventsreceiever: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/k8seventsreceiver/README.md#rbac -rules: - - apiGroups: - - "" - resources: - - events - - endpoints # prometheus/api_server - - namespaces - - namespaces/status - - nodes - - nodes/spec - - pods - - pods/status - - replicationcontrollers - - replicationcontrollers/status - - resourcequotas - - services - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - # kubeletstatsreceiver: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/kubeletstatsreceiver#role-based-access-control - - apiGroups: [ "" ] - resources: [ "nodes/stats" ] - verbs: [ "get" ] - - apiGroups: [ "" ] - resources: [ "nodes/proxy" ] - verbs: [ "get" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: read-k8s-api-binding-{{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: read-k8s-api-role-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: read-k8s-api-account - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/test/charts/nr_backend/Chart.lock b/test/charts/nr_backend/Chart.lock new file mode 100644 index 00000000..986cda78 --- /dev/null +++ b/test/charts/nr_backend/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 5.18.0 +digest: sha256:c32e765ebe122825fcd7be743ab21357dd203d62d56146b00a4e87a3ec64cfe9 +generated: "2025-02-25T11:50:20.535455-08:00" diff --git a/test/charts/nr_backend/Chart.yaml b/test/charts/nr_backend/Chart.yaml index c39f9456..8cd0d86a 100644 --- a/test/charts/nr_backend/Chart.yaml +++ b/test/charts/nr_backend/Chart.yaml @@ -3,3 +3,10 @@ name: nrdot-nr-backend description: A Helm chart for deploying an nrdot collector as a DaemonSet writing to New Relic version: 0.1.0 appVersion: "1.0" + +dependencies: + # supplies required metrics for entity synthesis of most k8s resources + - name: kube-state-metrics + version: 5.18.0 + condition: kube-state-metrics.enabled + repository: https://prometheus-community.github.io/helm-charts diff --git a/test/charts/nr_backend/templates/collector-secrets.yaml b/test/charts/nr_backend/templates/collector-secrets.yaml new file mode 100644 index 00000000..1fcafb9a --- /dev/null +++ b/test/charts/nr_backend/templates/collector-secrets.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: collector-secrets +type: Opaque +data: + backendUrl: {{ .Values.secrets.nrBackendUrl | b64enc }} + nrIngestKey: {{ .Values.secrets.nrIngestKey | b64enc }} diff --git a/test/charts/nr_backend/templates/daemonset.yaml b/test/charts/nr_backend/templates/daemonset.yaml index ddd48bdb..052343db 100644 --- a/test/charts/nr_backend/templates/daemonset.yaml +++ b/test/charts/nr_backend/templates/daemonset.yaml @@ -14,7 +14,9 @@ spec: labels: app: *app spec: + {{- if .Values.image.repository | hasSuffix "k8s" }} serviceAccountName: read-k8s-api-account + {{- end }} initContainers: # Wait for the backend to be up before starting the collector - name: wait-for-validation @@ -30,31 +32,23 @@ spec: - name: health containerPort: 13133 env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - name: OTEL_EXPORTER_OTLP_ENDPOINT valueFrom: secretKeyRef: - name: daemonset-secrets + name: collector-secrets key: backendUrl - name: NEW_RELIC_LICENSE_KEY valueFrom: secretKeyRef: - name: daemonset-secrets + name: collector-secrets key: nrIngestKey - - name: OTEL_RESOURCE_ATTRIBUTES - value: "host.name={{ .Values.collector.hostname }}-$(KUBE_NODE_NAME)" - # used to populate k8s.cluster.name + {{- if .Values.image.repository | hasSuffix "k8s" }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName - name: K8S_CLUSTER_NAME value: {{ .Values.clusterName }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: daemonset-secrets -type: Opaque -data: - backendUrl: {{ .Values.secrets.nrBackendUrl | b64enc }} - nrIngestKey: {{ .Values.secrets.nrIngestKey | b64enc }} + {{- end }} + - name: OTEL_RESOURCE_ATTRIBUTES + value: "host.name={{ .Values.collector.hostname }}-$(KUBE_NODE_NAME)" diff --git a/test/charts/nr_backend/templates/deployment-collector.yaml b/test/charts/nr_backend/templates/deployment-collector.yaml index f06f1810..1402c2b2 100644 --- a/test/charts/nr_backend/templates/deployment-collector.yaml +++ b/test/charts/nr_backend/templates/deployment-collector.yaml @@ -1,3 +1,4 @@ +{{- if .Values.image.repository | hasSuffix "k8s" }} --- apiVersion: apps/v1 kind: Deployment @@ -6,7 +7,7 @@ metadata: labels: app: *app spec: - replicas: {{ .Values.image.repository | hasSuffix "k8s" | ternary 1 0 }} + replicas: 1 selector: matchLabels: app: *app @@ -32,14 +33,14 @@ spec: - name: OTEL_EXPORTER_OTLP_ENDPOINT valueFrom: secretKeyRef: - name: daemonset-secrets + name: collector-secrets key: backendUrl - name: NEW_RELIC_LICENSE_KEY valueFrom: secretKeyRef: - name: daemonset-secrets + name: collector-secrets key: nrIngestKey # used to populate k8s.cluster.name - name: K8S_CLUSTER_NAME value: {{ .Values.clusterName }} - +{{- end }} diff --git a/test/charts/nr_backend/templates/k8s-api-access.yaml b/test/charts/nr_backend/templates/k8s-api-access.yaml index e7e7a446..18a07067 100644 --- a/test/charts/nr_backend/templates/k8s-api-access.yaml +++ b/test/charts/nr_backend/templates/k8s-api-access.yaml @@ -1,3 +1,4 @@ +{{- if .Values.image.repository | hasSuffix "k8s" }} # namespace suffixes to avoid conflicts when installing chart multiple times apiVersion: v1 kind: ServiceAccount @@ -9,73 +10,78 @@ kind: ClusterRole metadata: # namespace suffix to avoid conflicts when installing chart multiple times name: read-k8s-api-role-{{ .Release.Namespace }} -# if not mentioned otherwise, required rules copied from: -# - k8seventsreceiever: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/k8seventsreceiver/README.md#rbac +# if not mentioned otherwise, required rules copied from nr-k8s-otel-collector helm chart: https://github.com/newrelic/helm-charts/blob/3e7dc5d77694c3d661dc6509b2def6076b660c34/charts/nr-k8s-otel-collector/templates/clusterrole.yaml rules: - apiGroups: - "" resources: + # following required for k8s_events, k8s_cluster receiver - events - - endpoints # prometheus/api_server + # following required for k8s_cluster receiver - namespaces - - namespaces/status + # following required for prometheus, k8s_cluster receiver - nodes - - nodes/spec + - nodes/metrics - pods - pods/status - - replicationcontrollers - - replicationcontrollers/status - - resourcequotas - services + - endpoints verbs: - get - list - watch - apiGroups: - - apps + - "" resources: - - daemonsets - - deployments - - replicasets - - statefulsets + # following required for hostmetrics, prometheus receiver + - nodes/spec + - nodes/stats + - nodes/proxy + # following required for filelog receiver + - pods/logs verbs: - get + # following required for prometheus receiver + - apiGroups: + - "" + resources: + - replicationcontrollers + - resourcequotas + verbs: - list - watch + # following required for prometheus receiver - apiGroups: - - extensions + - apps resources: - daemonsets - deployments - replicasets + - statefulsets verbs: - get - list - watch + # following required for prometheus receiver - apiGroups: - batch resources: - jobs - cronjobs verbs: - - get - list - watch + # following required for prometheus receiver - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - - get - list - watch - # kubeletstatsreceiver: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/kubeletstatsreceiver#role-based-access-control - - apiGroups: [ "" ] - resources: [ "nodes/stats" ] - verbs: [ "get" ] - - apiGroups: [ "" ] - resources: [ "nodes/proxy" ] - verbs: [ "get" ] + # following required for prometheus receiver + - nonResourceURLs: ["/metrics"] + verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -88,4 +94,5 @@ roleRef: subjects: - kind: ServiceAccount name: read-k8s-api-account - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/test/charts/nr_backend/values.yaml b/test/charts/nr_backend/values.yaml index 40e700ff..76607fe1 100644 --- a/test/charts/nr_backend/values.yaml +++ b/test/charts/nr_backend/values.yaml @@ -12,3 +12,8 @@ collector: hostname: nrdot-collector-default-hostname clusterName: default-cluster-name + +# provides metrics required for entity synthesis of various k8s resources +kube-state-metrics: + enabled: true + prometheusScrape: false diff --git a/test/e2e/util/helm/helm.go b/test/e2e/util/helm/helm.go index dc3fa53b..451d42f3 100644 --- a/test/e2e/util/helm/helm.go +++ b/test/e2e/util/helm/helm.go @@ -13,6 +13,7 @@ func NewHelmOptions(kubectlOptions *k8s.KubectlOptions, chartValues map[string]s installArg := []string{ "--namespace", kubectlOptions.Namespace, "--create-namespace", + "--dependency-update", } for key, val := range chartValues { installArg = append(installArg, "--set", fmt.Sprintf("%s=%s", key, val))