Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(discovery): configurations for KubeAPI discovery #128

Merged
merged 13 commits into from
May 29, 2024
Merged
Show file tree
Hide file tree
Changes from 12 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 33 additions & 25 deletions charts/cryostat/README.md

Large diffs are not rendered by default.

13 changes: 13 additions & 0 deletions charts/cryostat/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -133,3 +133,16 @@ Generate or retrieve a default value for cookieSecret.
{{- $newSecret | quote -}}
{{- end }}
{{- end }}

{{/*
Get sanitinized list or defaults (if not disabled) as comma-separated list
tthvo marked this conversation as resolved.
Show resolved Hide resolved
*/}}
{{- define "cryostat.commaSepList" -}}
{{- $l := index . 0 -}}
{{- $default := index . 1 -}}
{{- $disableDefaults := index . 2 -}}
{{- if and (not $l) (not $disableDefaults) -}}
{{- $l = list $default -}}
{{- end -}}
{{- join "," (default list $l | compact | uniq) | quote -}}
{{- end -}}
12 changes: 12 additions & 0 deletions charts/cryostat/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,18 @@ spec:
value: http://localhost:8800
- name: GRAFANA_DASHBOARD_URL
value: http://localhost:3000
{{- if .Values.core.discovery.kubernetes.enabled }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_ENABLED
value: "true"
{{- with .Values.core.discovery.kubernetes }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_NAMESPACES
value: {{ include "cryostat.commaSepList" (list .namespaces $.Release.Namespace .installNamespaceDisabled) }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_PORT_NAMES
value: {{ include "cryostat.commaSepList" (list .portNames "jmx-jfr" .builtInPortNamesDisabled) }}
tthvo marked this conversation as resolved.
Show resolved Hide resolved
- name: CRYOSTAT_DISCOVERY_KUBERNETES_PORT_NUMBERS
value: {{ include "cryostat.commaSepList" (list .portNumbers 9091 .builtInPortNumbersDisabled) }}
{{- end }}
{{- end }}
ports:
- containerPort: 8181
protocol: TCP
Expand Down
26 changes: 24 additions & 2 deletions charts/cryostat/templates/role.yaml
andrewazores marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
{{- if .Values.rbac.create -}}
{{- define "createRole" -}}
{{- $ns := index . 0 -}}
{{- with index . 1 -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "cryostat.fullname" . }}
namespace: {{ $ns }}
labels:
{{- include "cryostat.labels" . | nindent 4 }}
rules:
Expand Down Expand Up @@ -36,4 +40,22 @@ rules:
- deploymentconfigs
verbs:
- get
{{- end }}
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
{{- end -}}
{{- end -}}

{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}}
{{- $watchNs := compact (default list .Values.core.discovery.kubernetes.namespaces) | uniq -}}
{{- if and (not $watchNs) (not .Values.core.discovery.kubernetes.installNamespaceDisabled) -}}
{{- $watchNs = list .Release.Namespace -}}
{{- end -}}
{{- range $ns := $watchNs }}
{{ include "createRole" (list $ns $) }}
{{- end -}}
{{- end -}}
19 changes: 17 additions & 2 deletions charts/cryostat/templates/rolebinding.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
{{- if .Values.rbac.create -}}
{{- define "createRolebinding" -}}
{{- $ns := index . 0 -}}
{{- with index . 1 -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "cryostat.fullname" . }}
namespace: {{ $ns }}
labels:
{{- include "cryostat.labels" . | nindent 4 }}
roleRef:
Expand All @@ -13,4 +17,15 @@ subjects:
- kind: ServiceAccount
name: {{ include "cryostat.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end -}}
{{- end -}}

{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}}
{{- $watchNs := compact (default list .Values.core.discovery.kubernetes.namespaces) | uniq -}}
{{- if and (not $watchNs) (not .Values.core.discovery.kubernetes.installNamespaceDisabled) -}}
{{- $watchNs = list .Release.Namespace -}}
{{- end -}}
{{- range $ns := $watchNs }}
{{ include "createRolebinding" (list $ns $) }}
{{- end -}}
{{- end -}}
88 changes: 68 additions & 20 deletions charts/cryostat/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -180,32 +180,60 @@
"type": "string",
"description": "Name of the secret to extract password for credentials database.",
"default": ""
},
"discovery": {
"type": "object",
"properties": {
"kubernetes": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enables Kubernetes API discovery mechanism",
"default": true
},
"installNamespaceDisabled": {
"type": "boolean",
"description": "When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`)",
"default": false
},
"namespaces": {
"type": "array",
"description": "List of namespaces whose workloads the Cryostat application should be permitted to access and profile",
"default": [],
"items": {}
},
"builtInPortNamesDisabled": {
"type": "boolean",
"description": "When false and `portNames` is empty, the Cryostat application will use the default port name `jfr-jmx` to look for JMX connectable targets.",
"default": false
},
"portNames": {
"type": "array",
"description": "List of port names that the Cryostat application should look for in order to consider a target as JMX connectable",
"default": [],
"items": {}
},
"builtInPortNumbersDisabled": {
"type": "boolean",
"description": "When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets.",
"default": false
},
"portNumbers": {
"type": "array",
"description": "List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable",
"default": [],
"items": {}
}
}
}
}
}
}
},
"db": {
"type": "object",
"properties": {
"image": {
"type": "object",
"properties": {
"repository": {
"type": "string",
"description": "Repository for the database container image",
"default": "quay.io/cryostat/cryostat-db"
},
"pullPolicy": {
"type": "string",
"description": "Image pull policy for the database container image",
"default": "Always"
},
"tag": {
"type": "string",
"description": "Tag for the database container image",
"default": "latest"
}
}
},
"securityContext": {
"type": "object",
"properties": {
Expand All @@ -231,6 +259,26 @@
}
}
},
"image": {
"type": "object",
"properties": {
"repository": {
"type": "string",
"description": "Repository for the database container image",
"default": "quay.io/cryostat/cryostat-db"
},
"pullPolicy": {
"type": "string",
"description": "Image pull policy for the database container image",
"default": "Always"
},
"tag": {
"type": "string",
"description": "Tag for the database container image",
"default": "latest"
}
}
},
"resources": {
"type": "object",
"description": "Resource requests/limits for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)",
Expand Down
17 changes: 17 additions & 0 deletions charts/cryostat/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,23 @@ core:
- ALL
## @param core.databaseSecretName Name of the secret to extract password for credentials database.
databaseSecretName: ""
## @extra core.discovery Configuration options to the Cryostat application's target discovery mechanisms
discovery:
kubernetes:
## @param core.discovery.kubernetes.enabled Enables Kubernetes API discovery mechanism
enabled: true
## @param core.discovery.kubernetes.installNamespaceDisabled When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`)
installNamespaceDisabled: false
## @param core.discovery.kubernetes.namespaces [array] List of namespaces whose workloads the Cryostat application should be permitted to access and profile
namespaces: []
## @param core.discovery.kubernetes.builtInPortNamesDisabled When false and `portNames` is empty, the Cryostat application will use the default port name `jfr-jmx` to look for JMX connectable targets.
builtInPortNamesDisabled: false
## @param core.discovery.kubernetes.portNames [array] List of port names that the Cryostat application should look for in order to consider a target as JMX connectable
portNames: []
## @param core.discovery.kubernetes.builtInPortNumbersDisabled When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets.
builtInPortNumbersDisabled: false
## @param core.discovery.kubernetes.portNumbers [array] List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable
portNumbers: []
tthvo marked this conversation as resolved.
Show resolved Hide resolved

## @section Database Container
## @extra db Configuration for Cryostat's database
Expand Down