diff --git a/charts/operator/Chart.yaml b/charts/operator/Chart.yaml index 64d5a53..0a64f75 100644 --- a/charts/operator/Chart.yaml +++ b/charts/operator/Chart.yaml @@ -1,11 +1,11 @@ apiVersion: v2 type: application -version: 0.1.0-rc2 +version: 0.1.1 # used as the default value for .Values.operator.image.tag -appVersion: 0.1.0-rc1 +appVersion: 0.1.1 name: operator description: | - TODO description + A Helm chart for the operator that instruments your k8s cluster home: https://velocity.tech # icon: '' keywords: [] @@ -19,6 +19,6 @@ dependencies: - bitnami-common version: 2.20.3 sources: - - https://github.com/techvelocity/helm-charts/tree/main/charts/operator - https://github.com/techvelocity/starlink/tree/main/operator + - https://github.com/techvelocity/helm-charts/tree/main/charts/operator - https://github.com/bitnami/charts/tree/main/bitnami/common diff --git a/charts/operator/README.md b/charts/operator/README.md index 32869aa..d879553 100644 --- a/charts/operator/README.md +++ b/charts/operator/README.md @@ -1,225 +1,97 @@ -# TODO(dror): edit this readme +# Velocity Operator - +## Installation -# velocity-operator +```bash +helm repo add velocity https://helm-charts.velocity.tech +helm repo update -%%DESCRIPTION%% (check existing examples) - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/velocity-operator +helm upgrade --install operator velocity/operator --version \ + --namespace=velocity-system \ + --create-namespace ``` -Looking to use velocity-operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -%%INTRODUCTION%% (check existing examples) - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/velocity-operator -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys velocity-operator on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### External database support - -%%IF NEEDED%% - -You may want to have velocity-operator connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: - -```console -mariadb.enabled=false -externalDatabase.host=myexternalhost -externalDatabase.user=myuser -externalDatabase.password=mypassword -externalDatabase.database=mydatabase -externalDatabase.port=3306 -``` - -### Ingress - -%%IF NEEDED%% - -This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. - -The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. - -However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. - -> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. - -Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. - -[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). - -### TLS secrets - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -For example: - -First, create the secret with the certificates files: - -```console -kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem -``` - -Then, use the following parameters: - -```console -tls.enabled="true" -tls.existingSecret="certificates-tls-secret" -tls.certFilename="cert.pem" -tls.certKeyFilename="cert.key" -tls.certCAFilename="ca.pem" -``` - -### %%OTHER_SECTIONS%% - -### Additional environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. +In order for the sidecar to work, users must create a secret with the following schema: ```yaml -velocity-operator: - extraEnvVars: - - name: LOG_LEVEL - value: error +PGHOST: "velocity-postgres.c748cme8k8yr.eu-central-1.rds.amazonaws.com" +PGPORT: "5432" +PGUSER: "postgres" +PGPASSWORD: "***" +PGSSLMODE: "require" +PGDATABASE: "postgres" +PGSCHEMA: "public" +PGAPPNAME: "telegraf-sidecar" ``` -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. +The secret name defaults to the name of the operator (when using this chart). +If you want to use a different secret name, you can set the `sidecar.secretName` value. -### Sidecars +### Configuration and Replication -If additional containers are needed in the same pod as velocity-operator (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. +Note that the telegraf configuration and secret must be in the same namespace as the sidecar. +This means that users must recreate the secret and copy-paste the configmap to the correct namespace. +Users can use projects like [Reflector](https://github.com/emberstack/kubernetes-reflector) to automate this process. -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` +#### Manual steps -If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: +make sure to relace placholders and check all the values make sense for your setup: -```yaml -service: - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` +> 💡💡 See [demo-customer.values.yaml](../../demo-customer.values.yaml) for the appropriate values structure. -> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. +##### Creating a initial secret -If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: +```bash +# we use the clipboard to avoid storing the password in the shell history or a local file +# COPY PASSWORD TO CLIPBOARD, AND THEN: +export PGPASSWORD=$(pbpaste) -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 +cat < to create the table - -The above parameters map to the env variables defined in [bitnami/velocity-operator](https://github.com/bitnami/containers/tree/main/bitnami/velocity-operator). For more information please refer to the [bitnami/velocity-operator](https://github.com/bitnami/containers/tree/main/bitnami/velocity-operator) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set velocity-operatorUsername=admin \ - --set velocity-operatorPassword=password \ - --set mariadb.auth.rootPassword=secretpassword \ - oci://REGISTRY_NAME/REPOSITORY_NAME/velocity-operator +```bash +export NEW_NAMESPACE= +kubectl -n velocity-system get secret velocity-postgres-config -o yaml | \ + sed 's/namespace: velocity-system/namespace: '$NEW_NAMESPACE'/' | \ + kubectl apply -f - ``` -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command sets the velocity-operator administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. +##### Create an initial configmap -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. +> THIS IS A WAY TO OVERRIDE THE DEFAULT CONFIGMAP. YOU CAN SKIP THIS STEP AND USE THE EXITING ONE. -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, +```bash +export PATH_TO_TELEGRAF_CONF=sidecarsensor/telegraf.conf -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/velocity-operator +# read the note in all caps above before running this command +kubectl -n velocity-system create configmap velocity-config \ + --from-file="telegraf.conf=$PATH_TO_TELEGRAF_CONF" ``` -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/CHART_NAME/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). +##### Replicate the configmap -## License +```bash +export NEW_NAMESPACE= -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. +# adjust the configmap name if you've you're using the default one from the helm installtion +kubectl -n velocity-system get configmap velocity-config -o yaml | \ + sed 's/namespace: velocity-system/namespace: '$NEW_NAMESPACE'/' | \ + kubectl apply -f - +``` diff --git a/charts/operator/templates/_helpers.tpl b/charts/operator/templates/_helpers.tpl index 5eb6d96..7f2eb74 100644 --- a/charts/operator/templates/_helpers.tpl +++ b/charts/operator/templates/_helpers.tpl @@ -80,4 +80,24 @@ Compile all warnings into a single message. {{- if and .Values.operator.admissionWebhook.autoSelfSignedCertificate (not (empty .Values.operator.admissionWebhook.existingCertificateSecretName)) -}} {{- fail "admissionWebhook.autoSelfSignedCertificate is enabled, but so does admissionWebhook.existingCertificateSecretName. Only one of them is allowed at a time" -}} {{- end -}} +{{- end -}} + +{{- define "sidecar.image" -}} +{{- .Values.sidecar.image | default "ghcr.io/techvelocity/velocity-sensor:0.1.1" -}} +{{- end -}} + +{{- define "sidecar.secretName" -}} +{{- if .Values.sidecar.secretName -}} +{{- .Values.sidecar.secretName -}} +{{- else -}} +{{ template "common.names.fullname" . }} +{{- end -}} +{{- end -}} + +{{- define "sidecar.configmapName" -}} +{{- if .Values.sidecar.configmapName -}} +{{- .Values.sidecar.configmapName -}} +{{- else -}} +{{ template "common.names.fullname" . }} +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/operator/templates/admissionwebhook.yaml b/charts/operator/templates/admissionwebhook.yaml index ea086dd..632170e 100644 --- a/charts/operator/templates/admissionwebhook.yaml +++ b/charts/operator/templates/admissionwebhook.yaml @@ -21,12 +21,15 @@ webhooks: port: 9443 failurePolicy: Ignore rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods + - apiGroups: + - "" + apiVersions: + - v1 + resources: + - pods + operations: + - CREATE + objectSelector: # TODO(dror): this is taken from the operator codebase, under pkg/api/labels.go. We should automate this change if it's frequent + matchLabels: + alpha.velocity.tech/mutate-pod: "enabled" sideEffects: None diff --git a/charts/operator/templates/deployment.yaml b/charts/operator/templates/deployment.yaml index daecafb..65d7c88 100644 --- a/charts/operator/templates/deployment.yaml +++ b/charts/operator/templates/deployment.yaml @@ -20,9 +20,9 @@ spec: template: metadata: annotations: {{- if not (empty .Values.operator.podAnnotations) }}{{- include "common.tplvalues.render" (dict "value" .Values.operator.podAnnotations "context" $) | nindent 8 }}{{ end }} - kubectl.kubernetes.io/default-container: operator + kubectl.kubernetes.io/default-container: operator {{- if .Values.operator.admissionWebhook.autoSelfSignedCertificate }} - checksum/auto-generated-cert-secret: {{ include (print $.Template.BasePath "/webhook-cert.yaml") . | sha256sum }} + checksum/auto-generated-cert-secret: {{ include (print $.Template.BasePath "/webhook-cert.yaml") . | sha256sum }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: operator @@ -65,7 +65,7 @@ spec: initContainers: {{- if .Values.operator.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.operator.initContainers "context" $) | nindent 8 }} - {{- end }} + {{- end }} containers: - name: operator image: {{ template "operator.image" . }} @@ -86,7 +86,7 @@ spec: {{- else if .Values.operator.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.operator.args "context" $) | nindent 12 }} {{- else }} - args: + args: {{- if .Values.operator.leaderElection.enabled }} - --leader-elect {{- end }} @@ -94,6 +94,9 @@ spec: {{- if .Values.metrics.enabled }} - --metrics-bind-address=:8080 {{- end }} + - --sidecar-image={{ include "sidecar.image" . }} + - --sidecar-configmap-name={{ include "sidecar.configmapName" . }} + - --sidecar-secret-name={{ include "sidecar.secretName" . }} {{- end }} env: - name: VELOCITY_DEBUG @@ -158,5 +161,5 @@ spec: defaultMode: 420 secretName: {{ include "operator.webhook.certificate.secret-name" . }} {{- if .Values.operator.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.operator.extraVolumes "context" $) | nindent 8 }} + {{- include "common.tplvalues.render" (dict "value" .Values.operator.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/charts/operator/templates/extra-list.yaml b/charts/operator/templates/extra-list.yaml index d0a093d..ea29879 100644 --- a/charts/operator/templates/extra-list.yaml +++ b/charts/operator/templates/extra-list.yaml @@ -1,6 +1,4 @@ - - {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} + {{- end }} diff --git a/charts/operator/templates/leader_election_role.yaml b/charts/operator/templates/leader_election_role.yaml index d53059d..91b7870 100644 --- a/charts/operator/templates/leader_election_role.yaml +++ b/charts/operator/templates/leader_election_role.yaml @@ -9,37 +9,37 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -55,7 +55,7 @@ roleRef: kind: Role name: leader-election-{{ template "common.names.fullname" . }} subjects: -- kind: ServiceAccount - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} -{{- end -}} + - kind: ServiceAccount + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- end -}} diff --git a/charts/operator/templates/role.yaml b/charts/operator/templates/role.yaml index f75a0c7..fe7c6b1 100644 --- a/charts/operator/templates/role.yaml +++ b/charts/operator/templates/role.yaml @@ -1,5 +1,3 @@ - - {{ if .Values.rbac.create }} kind: Role apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} @@ -11,8 +9,8 @@ metadata: {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} -rules: [] +rules: [ ] {{- if .Values.rbac.rules }} {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} {{- end }} -{{- end }} + {{- end }} diff --git a/charts/operator/templates/service-account.yaml b/charts/operator/templates/service-account.yaml index 724b638..635f1da 100644 --- a/charts/operator/templates/service-account.yaml +++ b/charts/operator/templates/service-account.yaml @@ -11,4 +11,4 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} + {{- end }} diff --git a/charts/operator/templates/service.yaml b/charts/operator/templates/service.yaml index 3bfa4b2..9989be3 100644 --- a/charts/operator/templates/service.yaml +++ b/charts/operator/templates/service.yaml @@ -1,5 +1,3 @@ - - apiVersion: v1 kind: Service metadata: diff --git a/charts/operator/templates/servicemonitor.yaml b/charts/operator/templates/servicemonitor.yaml index f7e2d3e..aa7e7ce 100644 --- a/charts/operator/templates/servicemonitor.yaml +++ b/charts/operator/templates/servicemonitor.yaml @@ -1,5 +1,3 @@ - - {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -40,5 +38,5 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ include "common.names.namespace" . | quote }} -{{- end }} + - {{ include "common.names.namespace" . | quote }} + {{- end }} diff --git a/charts/operator/templates/sidecar-config.yaml b/charts/operator/templates/sidecar-config.yaml new file mode 100644 index 0000000..e1240c3 --- /dev/null +++ b/charts/operator/templates/sidecar-config.yaml @@ -0,0 +1,189 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "sidecar.configmapName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +data: + telegraf.conf: | + [agent] + interval = "3s" + flush_interval = "3s" + flush_jitter = "0s" + collection_jitter = "0s" + hostname = "$HOSTNAME" + metric_batch_size = 1000 + metric_buffer_limit = 10000 + omit_hostname = false + precision = "" + round_interval = true + debug = false + quiet = false + + [global_tags] + nodename = "${ANNOTATE_KUBERNETES_NODE_NAME}" + + # inputs + + [[inputs.diskio]] + [[inputs.kernel]] + collect = ["ksm", "psi"] + + [[inputs.mem]] + [[inputs.net]] + ignore_protocol_stats = true + [[inputs.processes]] + [[inputs.swap]] + [[inputs.system]] + [[inputs.cpu]] + percpu = true # false + totalcpu = true + collect_cpu_time = true # false + #report_active = true + core_tags = true + [[inputs.disk]] + ignore_fs = [ + "tmpfs", + "devtmpfs", + "devfs", + "iso9660", + "overlay", + "aufs", + "squashfs" + ] + + [[inputs.amd_rocm_smi]] + startup_error_behavior = "ignore" + + [[inputs.nvidia_smi]] + startup_error_behavior = "ignore" + + [[inputs.procstat]] + pattern = "stress-ng" + + [[inputs.nstat]] + + [[inputs.netstat]] + + [[inputs.socketstat]] + + [[inputs.ethtool]] + down_interfaces = "skip" + + [[inputs.internal]] + + #[[inputs.mdstat]] + + [[inputs.linux_sysctl_fs]] + + #[[inputs.linux_cpu]] + #metrics = ["cpufreq", "thermal"] + + [[inputs.kernel_vmstat]] + + [[inputs.interrupts]] + cpu_as_tag = true + + [[inputs.nfsclient]] + fullstat = true + + # outputs + + [[outputs.file]] + files = ["stdout"] + + # Publishes metrics to a postgresql database + # official plugin docs: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/postgresql#configuration + [[outputs.postgresql]] + startup_error_behavior = "ignore" + ## Specify connection address via the standard libpq connection string: + ## host=... user=... password=... sslmode=... dbname=... + ## Or a URL: + ## postgres://[user[:password]]@localhost[/dbname]?sslmode=[disable|verify-ca|verify-full] + ## See https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING + ## + ## All connection parameters are optional. Environment vars are also supported. + ## e.g. PGPASSWORD, PGHOST, PGUSER, PGDATABASE + ## All supported vars can be found here: + ## https://www.postgresql.org/docs/current/libpq-envars.html + ## + ## Non-standard parameters: + ## pool_max_conns (default: 1) - Maximum size of connection pool for parallel (per-batch per-table) inserts. + ## pool_min_conns (default: 0) - Minimum size of connection pool. + ## pool_max_conn_lifetime (default: 0s) - Maximum age of a connection before closing. + ## pool_max_conn_idle_time (default: 0s) - Maximum idle time of a connection before closing. + ## pool_health_check_period (default: 0s) - Duration between health checks on idle connections. + # connection = "" + + ## Postgres schema to use. + schema = "${PGSCHEMA}" + + ## Store tags as foreign keys in the metrics table. Default is false. + # tags_as_foreign_keys = false + + ## Suffix to append to table name (measurement name) for the foreign tag table. + # tag_table_suffix = "_tag" + + ## Deny inserting metrics if the foreign tag can't be inserted. + # foreign_tag_constraint = false + + ## Store all tags as a JSONB object in a single 'tags' column. + # tags_as_jsonb = false + + ## Store all fields as a JSONB object in a single 'fields' column. + # fields_as_jsonb = false + + ## Name of the timestamp column + ## NOTE: Some tools (e.g. Grafana) require the default name so be careful! + # timestamp_column_name = "time" + + ## Type of the timestamp column + ## Currently, "timestamp without time zone" and "timestamp with time zone" + ## are supported + # timestamp_column_type = "timestamp without time zone" + + ## Templated statements to execute when creating a new table. + # create_templates = [ + # '''CREATE TABLE {{ .table }} ({{ .columns }})''', + # ] + + ## Templated statements to execute when adding columns to a table. + ## Set to an empty list to disable. Points containing tags for which there is no column will be skipped. Points + ## containing fields for which there is no column will have the field omitted. + # add_column_templates = [ + # '''ALTER TABLE {{ .table }} ADD COLUMN IF NOT EXISTS {{ .columns|join ", ADD COLUMN IF NOT EXISTS " }}''', + # ] + + ## Templated statements to execute when creating a new tag table. + # tag_table_create_templates = [ + # '''CREATE TABLE {{ .table }} ({{ .columns }}, PRIMARY KEY (tag_id))''', + # ] + + ## Templated statements to execute when adding columns to a tag table. + ## Set to an empty list to disable. Points containing tags for which there is no column will be skipped. + # tag_table_add_column_templates = [ + # '''ALTER TABLE {{ .table }} ADD COLUMN IF NOT EXISTS {{ .columns|join ", ADD COLUMN IF NOT EXISTS " }}''', + # ] + + ## The postgres data type to use for storing unsigned 64-bit integer values (Postgres does not have a native + ## unsigned 64-bit integer type). + ## The value can be one of: + ## numeric - Uses the PostgreSQL "numeric" data type. + ## uint8 - Requires pguint extension (https://github.com/petere/pguint) + # uint64_type = "numeric" + + ## When using pool_max_conns>1, and a temporary error occurs, the query is retried with an incremental backoff. This + ## controls the maximum backoff duration. + # retry_max_backoff = "15s" + + ## Approximate number of tag IDs to store in in-memory cache (when using tags_as_foreign_keys). + ## This is an optimization to skip inserting known tag IDs. + ## Each entry consumes approximately 34 bytes of memory. + # tag_cache_size = 100000 + + ## Enable & set the log level for the Postgres driver. + # log_level = "warn" # trace, debug, info, warn, error, none diff --git a/charts/operator/templates/webhook-cert.yaml b/charts/operator/templates/webhook-cert.yaml index c8c89e9..9a49f14 100644 --- a/charts/operator/templates/webhook-cert.yaml +++ b/charts/operator/templates/webhook-cert.yaml @@ -11,4 +11,4 @@ metadata: {{- end }} type: Opaque data: {{- include "operator.webhook.certificate.self-signed.generated-cert" . | nindent 2 -}} -{{- end -}} \ No newline at end of file + {{- end -}} \ No newline at end of file diff --git a/charts/operator/values.yaml b/charts/operator/values.yaml index 895db99..61d9354 100644 --- a/charts/operator/values.yaml +++ b/charts/operator/values.yaml @@ -14,7 +14,7 @@ global: ## imagePullSecrets: ## - myRegistryKeySecretName ## - imagePullSecrets: [] + imagePullSecrets: [ ] storageClass: "" ## Compatibility adaptations for Kubernetes platforms ## @@ -38,22 +38,21 @@ nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" -# TODO(dror): Set namespace inside the chart ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" ## @param commonLabels Labels to add to all deployed objects ## -commonLabels: {} +commonLabels: { } ## @param commonAnnotations Annotations to add to all deployed objects ## -commonAnnotations: {} +commonAnnotations: { } ## @param clusterDomain Kubernetes cluster domain name ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## -extraDeploy: [] +extraDeploy: [ ] ## Diagnostic mode ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## @param diagnosticMode.command Command to override all containers in the chart release @@ -66,6 +65,17 @@ diagnosticMode: args: - infinity +## @section sidecar Parameters +## +sidecar: + ## @param sidecar.image [default: ghcr.io/techvelocity/velocity-sensor:0.1.1] velocity sidecar image + image: "" + ## @param sidecar.secretName velocity sidecar secret name + secretName: "" + ## @param sidecar.configmapName velocity sidecar configmap name + configmapName: "" + + ## @section operator Parameters ## operator: @@ -95,7 +105,7 @@ operator: ## pullSecrets: ## - myRegistryKeySecretName ## - pullSecrets: [] + pullSecrets: [ ] debug: false ## @param operator.replicaCount Number of operator replicas to deploy ## @@ -123,7 +133,7 @@ operator: ## - name: myservice ## containerPort: 9090 ## - extraContainerPorts: [] + extraContainerPorts: [ ] ## Configure extra options for operator containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param operator.livenessProbe.enabled Enable livenessProbe on operator containers @@ -156,13 +166,13 @@ operator: successThreshold: 1 ## @param operator.customLivenessProbe Custom livenessProbe that overrides the default one ## - customLivenessProbe: {} + customLivenessProbe: { } ## @param operator.customReadinessProbe Custom readinessProbe that overrides the default one ## - customReadinessProbe: {} + customReadinessProbe: { } ## @param operator.customStartupProbe Custom startupProbe that overrides the default one ## - customStartupProbe: {} + customStartupProbe: { } ## operator resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param operator.resourcesPreset Set operator container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production). @@ -179,7 +189,7 @@ operator: ## cpu: 3 ## memory: 1024Mi ## - resources: {} + resources: { } ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param operator.podSecurityContext.enabled Enable operator pods' Security Context @@ -191,8 +201,8 @@ operator: podSecurityContext: enabled: true fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] + sysctls: [ ] + supplementalGroups: [ ] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container @@ -208,7 +218,7 @@ operator: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: { } runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true @@ -216,7 +226,7 @@ operator: privileged: false allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: [ "ALL" ] seccompProfile: type: "RuntimeDefault" @@ -225,29 +235,29 @@ operator: existingConfigmap: ## @param operator.command Override default operator container command (useful when using custom images) ## - command: [] + command: [ ] ## @param operator.args Override default operator container args (useful when using custom images) ## - args: [] + args: [ ] ## @param operator.automountServiceAccountToken Mount Service Account token in operator pods ## automountServiceAccountToken: true ## @param operator.hostAliases operator pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## - hostAliases: [] + hostAliases: [ ] ## @param operator.deploymentAnnotations Annotations for operator deployment ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## - deploymentAnnotations: {} + deploymentAnnotations: { } ## @param operator.statefulsetAnnotations Annotations for operator statefulset ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## - podLabels: {} + podLabels: { } ## @param operator.podAnnotations Annotations for operator pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## - podAnnotations: {} + podAnnotations: { } ## @param operator.podAffinityPreset Pod affinity preset. Ignored if `operator.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @@ -272,20 +282,20 @@ operator: ## - e2e-az1 ## - e2e-az2 ## - values: [] + values: [ ] ## @param operator.affinity Affinity for operator pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `operator.podAffinityPreset`, `operator.podAntiAffinityPreset`, and `operator.nodeAffinityPreset` will be ignored when it's set ## - affinity: {} + affinity: { } ## @param operator.nodeSelector Node labels for operator pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## - nodeSelector: {} + nodeSelector: { } ## @param operator.tolerations Tolerations for operator pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## - tolerations: [] + tolerations: [ ] ## @param operator.updateStrategy.type operator deployment strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: @@ -298,7 +308,7 @@ operator: ## @param operator.topologySpreadConstraints Topology Spread Constraints for operator pod assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## - topologySpreadConstraints: [] + topologySpreadConstraints: [ ] ## @param operator.schedulerName Name of the k8s scheduler (other than default) for operator pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -309,14 +319,14 @@ operator: terminationGracePeriodSeconds: 5 ## @param operator.lifecycleHooks for operator containers to automate configuration before or after startup ## - lifecycleHooks: {} + lifecycleHooks: { } ## @param operator.extraEnvVars Array with extra environment variables to add to operator containers ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## - extraEnvVars: [] + extraEnvVars: [ ] ## @param operator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for operator containers ## extraEnvVarsCM: "" @@ -325,10 +335,10 @@ operator: extraEnvVarsSecret: "" ## @param operator.extraVolumes Optionally specify extra list of additional volumes for the operator pods ## - extraVolumes: [] + extraVolumes: [ ] ## @param operator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the operator containers ## - extraVolumeMounts: [] + extraVolumeMounts: [ ] ## @param operator.sidecars Add additional sidecar containers to the operator pods ## e.g: ## sidecars: @@ -339,7 +349,7 @@ operator: ## - name: portname ## containerPort: 1234 ## - sidecars: [] + sidecars: [ ] ## @param operator.initContainers Add additional init containers to the operator pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: @@ -349,7 +359,7 @@ operator: ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## - initContainers: [] + initContainers: [ ] ## @section Traffic Exposure Parameters ## @@ -386,17 +396,17 @@ service: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## - loadBalancerSourceRanges: [] + loadBalancerSourceRanges: [ ] ## @param service.externalTrafficPolicy operator service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## @param service.annotations Additional custom annotations for operator service ## - annotations: {} + annotations: { } ## @param service.extraPorts Extra ports to expose in operator service (normally used with the `sidecars` value) ## - extraPorts: [] + extraPorts: [ ] ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ @@ -407,7 +417,7 @@ service: ## clientIP: ## timeoutSeconds: 300 ## - sessionAffinityConfig: {} + sessionAffinityConfig: { } ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -443,7 +453,7 @@ networkPolicy: ## operator: In ## values: ## - frontend - extraIngress: [] + extraIngress: [ ] ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) ## e.g: ## extraEgress: @@ -460,18 +470,18 @@ networkPolicy: ## values: ## - frontend ## - extraEgress: [] + extraEgress: [ ] ## @param networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true. ## e.g: ## ingressPodMatchLabels: ## my-client: "true" # - ingressPodMatchLabels: {} + ingressPodMatchLabels: { } ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} + ingressNSMatchLabels: { } + ingressNSPodMatchLabels: { } ## @section Other Parameters ## @@ -493,7 +503,7 @@ rbac: ## - get ## - list ## - rules: [] + rules: [ ] ## ServiceAccount configuration ## @@ -507,7 +517,7 @@ serviceAccount: name: "" ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## - annotations: {} + annotations: { } ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## automountServiceAccountToken: true @@ -529,10 +539,10 @@ metrics: namespace: "" ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor ## - annotations: {} + annotations: { } ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor ## - labels: {} + labels: { } ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus ## jobLabel: "" @@ -553,13 +563,13 @@ metrics: scrapeTimeout: "" ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics ## - metricRelabelings: [] + metricRelabelings: [ ] ## @param metrics.serviceMonitor.relabelings Specify general relabeling ## - relabelings: [] + relabelings: [ ] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: ## prometheus: my-prometheus ## - selector: {} + selector: { }