diff --git a/charts/keptn-metrics-operator/.helmignore b/charts/keptn-metrics-operator/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/keptn-metrics-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/keptn-metrics-operator/Chart.yaml b/charts/keptn-metrics-operator/Chart.yaml new file mode 100644 index 0000000..9296a77 --- /dev/null +++ b/charts/keptn-metrics-operator/Chart.yaml @@ -0,0 +1,47 @@ +apiVersion: v2 +name: keptn-metrics-operator +description: A Helm chart for Keptn Metrics Operator, a subproject of Keptn +icon: "https://raw.githubusercontent.com/cncf/artwork/master/projects/keptn/icon/color/keptn-icon-color.svg" +home: https://keptn.sh +sources: + - "https://github.com/keptn/lifecycle-toolkit" +keywords: + - cloud-native + - metrics + - keptn + - operator + - analysis +annotations: + artifacthub.io/links: | + - name: support + url: https://github.com/keptn/lifecycle-toolkit/issues/new + - name: community + url: https://slack.keptn.sh/ + artifacthub.io/license: "Apache-2.0" + artifacthub.io/operator: "true" + +kubeVersion: ">= 1.24.0-0" +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.8.3" # x-release-please-version +dependencies: + - name: common + repository: "https://charts.lifecycle.keptn.sh" + version: 0.1.0 diff --git a/charts/keptn-metrics-operator/README.md b/charts/keptn-metrics-operator/README.md new file mode 100644 index 0000000..cc3dd94 --- /dev/null +++ b/charts/keptn-metrics-operator/README.md @@ -0,0 +1,82 @@ +# Keptn Metrics Operator + +Keptn Metrics Operator introduces a more cloud-native approach for handling all metrics related to your application and +infrastructure. +It represents metrics in a uniform format, facilitating the re-usability of this data across multiple components +and allowing the usage of multiple observability platforms. +You can write SLO and SLI based on multiple data coming from multiple sources such as: +Prometheus, Dynatrace, DataDog and K8s metric server... + + + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------- | ------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global container image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.commonLabels` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | + +### Keptn Metrics Operator common + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `operatorService.ports[0]` | webhook port (must correspond to Mutating Webhook Configurations) | | +| `operatorService.ports[1]` | port to integrate with the K8s custom metrics API | | +| `operatorService.ports[2]` | port to integrate with metrics API (e.g. Keda) | | +| `operatorService.ports[0].name` | | `https` | +| `operatorService.ports[0].port` | | `8443` | +| `operatorService.ports[0].protocol` | | `TCP` | +| `operatorService.ports[0].targetPort` | | `https` | +| `operatorService.ports[1].name` | | `custom-metrics` | +| `operatorService.ports[1].port` | | `443` | +| `operatorService.ports[1].targetPort` | | `custom-metrics` | +| `operatorService.ports[2].name` | | `metrics` | +| `operatorService.ports[2].port` | | `9999` | +| `operatorService.ports[2].protocol` | | `TCP` | +| `operatorService.ports[2].targetPort` | | `metrics` | +| `operatorService.type` | | `ClusterIP` | +| `config.health.healthProbeBindAddress` | setup on what address to start the default health handler | `:8081` | +| `config.leaderElection.leaderElect` | decides whether to enable leader election with multiple replicas | `true` | +| `config.leaderElection.resourceName` | defines LeaderElectionID | `3f8532ca.keptn.sh` | +| `config.metrics.bindAddress` | MetricsBindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. | `127.0.0.1:8080` | +| `config.webhook.port` | | `9443` | +| `Mutating` | Webhook Configurations for metrics Operator | | +| `webhookService.ports[0].port` | | `443` | +| `webhookService.ports[0].protocol` | | `TCP` | +| `webhookService.ports[0].targetPort` | | `9443` | +| `webhookService.type` | | `ClusterIP` | +| `nodeSelector` | add custom nodes selector to metrics operator | `{}` | +| `replicas` | customize number of installed metrics operator replicas | `1` | +| `tolerations` | add custom tolerations to metrics operator | `[]` | +| `topologySpreadConstraints` | add custom topology constraints to metrics operator | `[]` | +| `annotations` | add deployment level annotations | `{}` | +| `podAnnotations` | adds pod level annotations | `{}` | +| `kubernetesClusterDomain` | overrides cluster.local | `cluster.local` | + +### Keptn Metrics Operator controller + +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------- | ------------------------ | +| `containerSecurityContext` | Sets security context privileges | | +| `containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `containerSecurityContext.capabilities.drop` | | `["ALL"]` | +| `containerSecurityContext.privileged` | | `false` | +| `containerSecurityContext.runAsGroup` | | `65532` | +| `containerSecurityContext.runAsNonRoot` | | `true` | +| `containerSecurityContext.runAsUser` | | `65532` | +| `containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `env.exposeKeptnMetrics` | enable metrics exporter | `true` | +| `env.enableKeptnAnalysis` | enables/disables the analysis feature | `false` | +| `env.metricsControllerLogLevel` | sets the log level of Metrics Controller | `0` | +| `env.analysisControllerLogLevel` | sets the log level of Analysis Controller | `0` | +| `image.registry` | specify the container registry for the metrics-operator image | `ghcr.io` | +| `image.repository` | specify registry for manager image | `keptn/metrics-operator` | +| `image.tag` | select tag for manager image | `v0.8.3` | +| `imagePullPolicy` | specify pull policy for manager image | `Always` | +| `livenessProbe` | custom livenessprobe for manager container | | +| `readinessProbe` | custom readinessprobe for manager container | | +| `resources` | specify limits and requests for manager container | | diff --git a/charts/keptn-metrics-operator/templates/analysis-crd.yaml b/charts/keptn-metrics-operator/templates/analysis-crd.yaml new file mode 100644 index 0000000..9094856 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/analysis-crd.yaml @@ -0,0 +1,181 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: analyses.metrics.keptn.sh + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + labels: + app.kubernetes.io/part-of: keptn-lifecycle-toolkit + crdGroup: metrics.keptn.sh + keptn.sh/inject-cert: "true" +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + group: metrics.keptn.sh + names: + kind: Analysis + listKind: AnalysisList + plural: analyses + singular: analysis + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.analysisDefinition.name + name: AnalysisDefinition + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.warning + name: Warning + type: string + - jsonPath: .status.pass + name: Pass + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: Analysis is the Schema for the analyses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AnalysisSpec defines the desired state of Analysis + properties: + analysisDefinition: + description: AnalysisDefinition refers to the AnalysisDefinition, + a CRD that stores the AnalysisValuesTemplates + properties: + name: + description: Name defines the name of the referenced object + type: string + namespace: + description: Namespace defines the namespace of the referenced + object + type: string + required: + - name + type: object + args: + additionalProperties: + type: string + description: Args corresponds to a map of key/value pairs that can + be used to substitute placeholders in the AnalysisValueTemplate + query. i.e. for args foo:bar the query could be "query:percentile(95)?scope=tag(my_foo_label:{{.foo}})". + type: object + timeframe: + description: Timeframe specifies the range for the corresponding query + in the AnalysisValueTemplate. Please note that either a combination + of 'from' and 'to' or the 'recent' property may be set. If neither + is set, the Analysis can not be added to the cluster. + properties: + from: + description: From is the time of start for the query. This field + follows RFC3339 time format + format: date-time + type: string + recent: + description: Recent describes a recent timeframe using a duration + string. E.g. Setting this to '5m' provides an Analysis for the + last five minutes + pattern: ^0|([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + to: + description: To is the time of end for the query. This field follows + RFC3339 time format + format: date-time + type: string + type: object + required: + - analysisDefinition + - timeframe + type: object + status: + description: AnalysisStatus stores the status of the overall analysis + returns also pass or warnings + properties: + pass: + description: Pass returns whether the SLO is satisfied + type: boolean + raw: + description: Raw contains the raw result of the SLO computation + type: string + state: + description: State describes the current state of the Analysis (Pending/Progressing/Completed) + type: string + storedValues: + additionalProperties: + description: ProviderResult stores reference of already collected + provider query associated to its objective template + properties: + errMsg: + description: ErrMsg stores any possible error at retrieval time + type: string + objectiveReference: + description: Objective store reference to corresponding objective + template + properties: + name: + description: Name defines the name of the referenced object + type: string + namespace: + description: Namespace defines the namespace of the referenced + object + type: string + required: + - name + type: object + query: + description: Query represents the executed query + type: string + value: + description: Value is the value the provider returned + type: string + type: object + description: StoredValues contains all analysis values that have already + been retrieved successfully + type: object + timeframe: + description: Timeframe describes the time frame which is evaluated + by the Analysis + properties: + from: + description: From is the time of start for the query. This field + follows RFC3339 time format + format: date-time + type: string + recent: + description: Recent describes a recent timeframe using a duration + string. E.g. Setting this to '5m' provides an Analysis for the + last five minutes + pattern: ^0|([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + to: + description: To is the time of end for the query. This field follows + RFC3339 time format + format: date-time + type: string + type: object + warning: + description: Warning returns whether the analysis returned a warning + type: boolean + required: + - state + - timeframe + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/keptn-metrics-operator/templates/analysisdefinition-crd.yaml b/charts/keptn-metrics-operator/templates/analysisdefinition-crd.yaml new file mode 100644 index 0000000..bd901f9 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/analysisdefinition-crd.yaml @@ -0,0 +1,352 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: analysisdefinitions.metrics.keptn.sh + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + labels: + app.kubernetes.io/part-of: keptn-lifecycle-toolkit + crdGroup: metrics.keptn.sh + keptn.sh/inject-cert: "true" +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + group: metrics.keptn.sh + names: + kind: AnalysisDefinition + listKind: AnalysisDefinitionList + plural: analysisdefinitions + singular: analysisdefinition + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AnalysisDefinition is the Schema for the analysisdefinitions + APIs + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AnalysisDefinitionSpec defines the desired state of AnalysisDefinition + properties: + objectives: + description: Objectives defines a list of objectives to evaluate for + an analysis + items: + description: Objective defines an objective for analysis + properties: + analysisValueTemplateRef: + description: AnalysisValueTemplateRef refers to the appropriate + AnalysisValueTemplate + properties: + name: + description: Name defines the name of the referenced object + type: string + namespace: + description: Namespace defines the namespace of the referenced + object + type: string + required: + - name + type: object + keyObjective: + default: false + description: KeyObjective defines whether the whole analysis + fails when this objective's target is not met + type: boolean + target: + description: Target defines failure or warning criteria + properties: + failure: + description: Failure defines limits up to which an analysis + fails + properties: + equalTo: + description: EqualTo represents '==' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + greaterThan: + description: GreaterThan represents '>' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + greaterThanOrEqual: + description: GreaterThanOrEqual represents '>=' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + inRange: + description: InRange represents operator checking the + value is inclusively in the defined range, e.g. 2 + <= x <= 5 + properties: + highBound: + anyOf: + - type: integer + - type: string + description: HighBound defines the higher bound + of the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + lowBound: + anyOf: + - type: integer + - type: string + description: LowBound defines the lower bound of + the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - highBound + - lowBound + type: object + lessThan: + description: LessThan represents '<' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + lessThanOrEqual: + description: LessThanOrEqual represents '<=' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + notInRange: + description: NotInRange represents operator checking + the value is exclusively out of the defined range, + e.g. x < 2 AND x > 5 + properties: + highBound: + anyOf: + - type: integer + - type: string + description: HighBound defines the higher bound + of the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + lowBound: + anyOf: + - type: integer + - type: string + description: LowBound defines the lower bound of + the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - highBound + - lowBound + type: object + type: object + warning: + description: Warning defines limits where the result does + not pass or fail + properties: + equalTo: + description: EqualTo represents '==' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + greaterThan: + description: GreaterThan represents '>' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + greaterThanOrEqual: + description: GreaterThanOrEqual represents '>=' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + inRange: + description: InRange represents operator checking the + value is inclusively in the defined range, e.g. 2 + <= x <= 5 + properties: + highBound: + anyOf: + - type: integer + - type: string + description: HighBound defines the higher bound + of the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + lowBound: + anyOf: + - type: integer + - type: string + description: LowBound defines the lower bound of + the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - highBound + - lowBound + type: object + lessThan: + description: LessThan represents '<' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + lessThanOrEqual: + description: LessThanOrEqual represents '<=' operator + properties: + fixedValue: + anyOf: + - type: integer + - type: string + description: FixedValue defines the value for comparison + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - fixedValue + type: object + notInRange: + description: NotInRange represents operator checking + the value is exclusively out of the defined range, + e.g. x < 2 AND x > 5 + properties: + highBound: + anyOf: + - type: integer + - type: string + description: HighBound defines the higher bound + of the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + lowBound: + anyOf: + - type: integer + - type: string + description: LowBound defines the lower bound of + the range + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - highBound + - lowBound + type: object + type: object + type: object + weight: + default: 1 + description: Weight can be used to emphasize the importance + of one Objective over the others + type: integer + required: + - analysisValueTemplateRef + type: object + type: array + totalScore: + description: TotalScore defines the required score for an analysis + to be successful + properties: + passPercentage: + description: PassPercentage defines the threshold to reach for + an analysis to pass + maximum: 100 + minimum: 0 + type: integer + warningPercentage: + description: WarningPercentage defines the threshold to reach + for an analysis to pass with a 'warning' status + maximum: 100 + minimum: 0 + type: integer + required: + - passPercentage + - warningPercentage + type: object + required: + - totalScore + type: object + status: + description: unused field + type: string + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/analysisvaluetemplate-crd.yaml b/charts/keptn-metrics-operator/templates/analysisvaluetemplate-crd.yaml new file mode 100644 index 0000000..9f0c555 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/analysisvaluetemplate-crd.yaml @@ -0,0 +1,78 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: analysisvaluetemplates.metrics.keptn.sh + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + labels: + app.kubernetes.io/part-of: keptn-lifecycle-toolkit + crdGroup: metrics.keptn.sh + keptn.sh/inject-cert: "true" +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + group: metrics.keptn.sh + names: + kind: AnalysisValueTemplate + listKind: AnalysisValueTemplateList + plural: analysisvaluetemplates + singular: analysisvaluetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.provider.name + name: Provider + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: AnalysisValueTemplate is the Schema for the analysisvaluetemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec contains the specification for the AnalysisValueTemplate + properties: + provider: + description: Provider refers to the KeptnMetricsProvider which should + be used to retrieve the data + properties: + name: + description: Name defines the name of the referenced object + type: string + namespace: + description: Namespace defines the namespace of the referenced + object + type: string + required: + - name + type: object + query: + description: Query represents the query to be run. It can include + placeholders that are defined using the go template syntax. More + info on go templating - https://pkg.go.dev/text/template + type: string + required: + - provider + - query + type: object + status: + description: unused field + type: string + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/keptn-metrics-operator/templates/deployment.yaml b/charts/keptn-metrics-operator/templates/deployment.yaml new file mode 100644 index 0000000..c42e942 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/deployment.yaml @@ -0,0 +1,132 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metrics-operator + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/part-of: keptn-lifecycle-toolkit + app.kubernetes.io/component: metrics-operator + control-plane: metrics-operator + keptn.sh/inject-cert: "true" +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + control-plane: metrics-operator + {{- include "common.selectorLabels" ( dict "context" . ) | nindent 6 }} + template: + metadata: + labels: + control-plane: metrics-operator + {{- include "common.selectorLabels" ( dict "context" . ) | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: metrics-operator + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + containers: + - args: + - webhook-server + - --leader-elect + - --adapter-port=6443 + - --adapter-certs-dir=/tmp/metrics-adapter/serving-certs + - --v=10 + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: EXPOSE_KEPTN_METRICS + value: {{ .Values.env.exposeKeptnMetrics | quote }} + - name: ENABLE_ANALYSIS + value: {{ .Values.env.enableKeptnAnalysis | quote }} + - name: METRICS_CONTROLLER_LOG_LEVEL + value: {{ .Values.env.metricsControllerLogLevel | quote + }} + - name: ANALYSIS_CONTROLLER_LOG_LEVEL + value: {{ .Values.env.analysisControllerLogLevel | quote + }} + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ .Values.kubernetesClusterDomain }} + image: {{- include "common.images.image" ( dict "imageRoot" .Values.image "global" .Values.global ) | indent 1}} + imagePullPolicy: {{ .Values.imagePullPolicy }} + name: metrics-operator + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9999 + name: metrics + protocol: TCP + - containerPort: 6443 + name: custom-metrics + protocol: TCP + resources: {{- toYaml .Values.resources | nindent 10 }} + securityContext: + allowPrivilegeEscalation: {{ .Values.containerSecurityContext.allowPrivilegeEscalation + }} + capabilities: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext.capabilities + "context" $) | nindent 12 }} + privileged: {{ .Values.containerSecurityContext.privileged + }} + runAsGroup: {{ .Values.containerSecurityContext.runAsGroup + }} + runAsNonRoot: {{ .Values.containerSecurityContext.runAsNonRoot + }} + runAsUser: {{ .Values.containerSecurityContext.runAsUser + }} + seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext.seccompProfile + "context" $) | nindent 12 }} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs/ + name: certs-dir + - mountPath: /tmp/metrics-adapter/serving-certs + name: adapter-certs-dir + {{- if .Values.livenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.livenessProbe "context" $) | nindent 10 }} + {{- else }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + {{- end }} + {{- if .Values.readinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readinessProbe "context" $) | nindent 10 }} + {{- else }} + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- end }} + imagePullSecrets: {{- include "common.images.imagePullSecrets" . }} + securityContext: + runAsNonRoot: true + serviceAccountName: metrics-operator + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: certs-dir + - emptyDir: {} + name: adapter-certs-dir +{{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} +{{- end }} +{{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} +{{- end }} diff --git a/charts/keptn-metrics-operator/templates/keptnmetric-crd.yaml b/charts/keptn-metrics-operator/templates/keptnmetric-crd.yaml new file mode 100644 index 0000000..43789ca --- /dev/null +++ b/charts/keptn-metrics-operator/templates/keptnmetric-crd.yaml @@ -0,0 +1,350 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keptnmetrics.metrics.keptn.sh + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + labels: + app.kubernetes.io/part-of: keptn-lifecycle-toolkit + crdGroup: metrics.keptn.sh + keptn.sh/inject-cert: "true" +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: 'metrics-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + group: metrics.keptn.sh + names: + kind: KeptnMetric + listKind: KeptnMetricList + plural: keptnmetrics + singular: keptnmetric + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.provider.name + name: Provider + type: string + - jsonPath: .spec.query + name: Query + type: string + - jsonPath: .status.value + name: Value + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KeptnMetric is the Schema for the keptnmetrics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnMetricSpec defines the desired state of KeptnMetric + properties: + fetchIntervalSeconds: + description: FetchIntervalSeconds represents the update frequency + in seconds that is used to update the metric + type: integer + provider: + description: Provider represents the provider object + properties: + name: + description: Name of the provider + type: string + required: + - name + type: object + query: + description: Query represents the query to be run + type: string + required: + - fetchIntervalSeconds + - provider + - query + type: object + status: + description: KeptnMetricStatus defines the observed state of KeptnMetric + properties: + lastUpdated: + description: LastUpdated represents the time when the status data + was last updated + format: date-time + type: string + rawValue: + description: RawValue represents the resulting value in raw format + format: byte + type: string + value: + description: Value represents the resulting value + type: string + required: + - lastUpdated + - rawValue + - value + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.provider.name + name: Provider + type: string + - jsonPath: .spec.query + name: Query + type: string + - jsonPath: .status.value + name: Value + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: KeptnMetric is the Schema for the keptnmetrics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnMetricSpec defines the desired state of KeptnMetric + properties: + fetchIntervalSeconds: + description: FetchIntervalSeconds represents the update frequency + in seconds that is used to update the metric + type: integer + provider: + description: Provider represents the provider object + properties: + name: + description: Name of the provider + type: string + required: + - name + type: object + query: + description: Query represents the query to be run + type: string + required: + - fetchIntervalSeconds + - provider + - query + type: object + status: + description: KeptnMetricStatus defines the observed state of KeptnMetric + properties: + lastUpdated: + description: LastUpdated represents the time when the status data + was last updated + format: date-time + type: string + rawValue: + description: RawValue represents the resulting value in raw format + format: byte + type: string + value: + description: Value represents the resulting value + type: string + required: + - lastUpdated + - rawValue + - value + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.provider.name + name: Provider + type: string + - jsonPath: .spec.query + name: Query + type: string + - jsonPath: .spec.range.interval + name: Interval + type: string + - jsonPath: .status.value + name: Value + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: KeptnMetric is the Schema for the keptnmetrics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnMetricSpec defines the desired state of KeptnMetric + properties: + fetchIntervalSeconds: + description: FetchIntervalSeconds represents the update frequency + in seconds that is used to update the metric + type: integer + provider: + description: Provider represents the provider object + properties: + name: + description: Name of the provider + type: string + required: + - name + type: object + query: + description: Query represents the query to be run + type: string + range: + description: Range represents the time range for which data is to + be queried + properties: + aggregation: + description: 'Aggregation defines the type of aggregation function + to be applied on the data. Accepted values: p90, p95, p99, max, + min, avg, median' + enum: + - p90 + - p95 + - p99 + - max + - min + - avg + - median + type: string + interval: + default: 5m + description: Interval specifies the duration of the time interval + for the data query + type: string + step: + description: Step represents the query resolution step width for + the data query + type: string + storedResults: + description: StoredResults indicates the upper limit of how many + past results should be stored in the status of a KeptnMetric + maximum: 255 + type: integer + type: object + required: + - fetchIntervalSeconds + - provider + - query + type: object + status: + description: KeptnMetricStatus defines the observed state of KeptnMetric + properties: + errMsg: + description: ErrMsg represents the error details when the query could + not be evaluated + type: string + intervalResults: + description: IntervalResults contain a slice of all the interval results + items: + properties: + errMsg: + description: ErrMsg represents the error details when the query + could not be evaluated + type: string + lastUpdated: + description: LastUpdated represents the time when the status + data was last updated + format: date-time + type: string + range: + description: Range represents the time range for which this + data was queried + properties: + aggregation: + description: 'Aggregation defines the type of aggregation + function to be applied on the data. Accepted values: p90, + p95, p99, max, min, avg, median' + enum: + - p90 + - p95 + - p99 + - max + - min + - avg + - median + type: string + interval: + default: 5m + description: Interval specifies the duration of the time + interval for the data query + type: string + step: + description: Step represents the query resolution step width + for the data query + type: string + storedResults: + description: StoredResults indicates the upper limit of + how many past results should be stored in the status of + a KeptnMetric + maximum: 255 + type: integer + type: object + value: + description: Value represents the resulting value + type: string + required: + - lastUpdated + - range + - value + type: object + type: array + lastUpdated: + description: LastUpdated represents the time when the status data + was last updated + format: date-time + type: string + rawValue: + description: RawValue represents the resulting value in raw format + format: byte + type: string + value: + description: Value represents the resulting value + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/keptnmetricsprovider-crd.yaml b/charts/keptn-metrics-operator/templates/keptnmetricsprovider-crd.yaml new file mode 100644 index 0000000..f5cd43a --- /dev/null +++ b/charts/keptn-metrics-operator/templates/keptnmetricsprovider-crd.yaml @@ -0,0 +1,136 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keptnmetricsproviders.metrics.keptn.sh + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + labels: + app.kubernetes.io/part-of: keptn-lifecycle-toolkit + crdGroup: metrics.keptn.sh + keptn.sh/inject-cert: "true" +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + group: metrics.keptn.sh + names: + kind: KeptnMetricsProvider + listKind: KeptnMetricsProviderList + plural: keptnmetricsproviders + shortNames: + - kmp + singular: keptnmetricsprovider + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: KeptnMetricsProvider is the Schema for the keptnmetricsproviders + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider + properties: + secretKeyRef: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + targetServer: + type: string + required: + - targetServer + type: object + status: + description: unused field + type: string + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha3 + schema: + openAPIV3Schema: + description: KeptnMetricsProvider is the Schema for the keptnmetricsproviders + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider + properties: + secretKeyRef: + description: SecretKeyRef defines an optional secret for access credentials + to the metrics provider. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + targetServer: + description: TargetServer defined the URL at which the metrics provider + is reachable with included port and protocol. + type: string + type: + description: Type represents the provider type. This can be one of + prometheus, dynatrace, datadog, dql. + pattern: prometheus|dynatrace|datadog|dql + type: string + required: + - targetServer + type: object + status: + description: unused field + type: string + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/metrics-manager-config.yaml b/charts/keptn-metrics-operator/templates/metrics-manager-config.yaml new file mode 100644 index 0000000..ade4d59 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-manager-config.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: metrics-operator-config + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + health: + healthProbeBindAddress: {{ .Values.config.health.healthProbeBindAddress + | quote }} + kind: ControllerManagerConfig + leaderElection: + leaderElect: {{ .Values.config.leaderElection.leaderElect + }} + resourceName: {{ .Values.config.leaderElection.resourceName + | quote }} + metrics: + bindAddress: {{ .Values.config.metrics.bindAddress + | quote }} + webhook: + port: {{ .Values.config.webhook.port + }} diff --git a/charts/keptn-metrics-operator/templates/metrics-operator-hpa-controller-rbac.yaml b/charts/keptn-metrics-operator/templates/metrics-operator-hpa-controller-rbac.yaml new file mode 100644 index 0000000..e77ea5f --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-operator-hpa-controller-rbac.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-operator-hpa-controller + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'metrics-operator-server-resources' +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/metrics-operator-leader-election-rbac.yaml b/charts/keptn-metrics-operator/templates/metrics-operator-leader-election-rbac.yaml new file mode 100644 index 0000000..c59624a --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-operator-leader-election-rbac.yaml @@ -0,0 +1,57 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: metrics-operator-leader-election-role + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metrics-operator-leader-election-rolebinding + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: 'metrics-operator-leader-election-role' +subjects: +- kind: ServiceAccount + name: 'metrics-operator' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/metrics-operator-rbac.yaml b/charts/keptn-metrics-operator/templates/metrics-operator-rbac.yaml new file mode 100644 index 0000000..59a4200 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-operator-rbac.yaml @@ -0,0 +1,137 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-operator-role + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - metrics.keptn.sh + resources: + - analyses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - metrics.keptn.sh + resources: + - analyses/finalizers + verbs: + - update + - apiGroups: + - metrics.keptn.sh + resources: + - analyses/status + verbs: + - get + - patch + - update + - apiGroups: + - metrics.keptn.sh + resources: + - analysisdefinitions + verbs: + - get + - list + - watch + - apiGroups: + - metrics.keptn.sh + resources: + - analysisvaluetemplates + verbs: + - get + - list + - watch + - apiGroups: + - metrics.keptn.sh + resources: + - keptnmetrics + verbs: + - get + - list + - watch + - apiGroups: + - metrics.keptn.sh + resources: + - keptnmetrics/finalizers + verbs: + - update + - apiGroups: + - metrics.keptn.sh + resources: + - keptnmetrics/status + verbs: + - get + - patch + - update + - apiGroups: + - metrics.keptn.sh + resources: + - keptnmetricsproviders + verbs: + - get + - list + - watch + - apiGroups: + - metrics.keptn.sh + resources: + - providers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metrics-operator-rolebinding + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: 'metrics-operator-role' +subjects: + - kind: ServiceAccount + name: 'metrics-operator' + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-operator-rolebinding + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'metrics-operator-role' +subjects: + - kind: ServiceAccount + name: 'metrics-operator' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/metrics-operator-server-resources-rbac.yaml b/charts/keptn-metrics-operator/templates/metrics-operator-server-resources-rbac.yaml new file mode 100644 index 0000000..67d2679 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-operator-server-resources-rbac.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-operator-server-resources + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +rules: +- apiGroups: + - custom.metrics.k8s.io + resources: + - '*' + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/metrics-operator-service-account.yaml b/charts/keptn-metrics-operator/templates/metrics-operator-service-account.yaml new file mode 100644 index 0000000..c74e2cf --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-operator-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metrics-operator + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} diff --git a/charts/keptn-metrics-operator/templates/metrics-operator-service.yaml b/charts/keptn-metrics-operator/templates/metrics-operator-service.yaml new file mode 100644 index 0000000..14e8270 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-operator-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: metrics-operator-service + namespace: {{ .Release.Namespace | quote }} + labels: + control-plane: metrics-operator +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + type: {{ .Values.operatorService.type }} + selector: + control-plane: metrics-operator + {{- include "common.selectorLabels" ( dict "context" . ) | nindent 4 }} + ports: + {{- .Values.operatorService.ports | toYaml | nindent 2 -}} diff --git a/charts/keptn-metrics-operator/templates/metrics-validating-webhook-configuration.yaml b/charts/keptn-metrics-operator/templates/metrics-validating-webhook-configuration.yaml new file mode 100644 index 0000000..55cdef5 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-validating-webhook-configuration.yaml @@ -0,0 +1,71 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: metrics-validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + labels: + keptn.sh/inject-cert: "true" +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: 'metrics-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-metrics-keptn-sh-v1alpha3-keptnmetric + failurePolicy: Fail + name: vkeptnmetric.kb.io + rules: + - apiGroups: + - metrics.keptn.sh + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - keptnmetrics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: 'metrics-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-metrics-keptn-sh-v1alpha3-analysis + failurePolicy: Fail + name: vanalysis.kb.io + rules: + - apiGroups: + - metrics.keptn.sh + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - analyses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: 'metrics-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-metrics-keptn-sh-v1alpha3-analysisdefinition + failurePolicy: Fail + name: vanalysisdefinition.kb.io + rules: + - apiGroups: + - metrics.keptn.sh + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - analysisdefinitions + sideEffects: None diff --git a/charts/keptn-metrics-operator/templates/metrics-webhook-service.yaml b/charts/keptn-metrics-operator/templates/metrics-webhook-service.yaml new file mode 100644 index 0000000..47ef09f --- /dev/null +++ b/charts/keptn-metrics-operator/templates/metrics-webhook-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: metrics-webhook-service + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + type: {{ .Values.webhookService.type }} + selector: + control-plane: metrics-operator + {{- include "common.selectorLabels" ( dict "context" . ) | nindent 4 }} + ports: + {{- .Values.webhookService.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/system-auth-delegator-rbac.yaml b/charts/keptn-metrics-operator/templates/system-auth-delegator-rbac.yaml new file mode 100644 index 0000000..b49c591 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/system-auth-delegator-rbac.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-auth-delegator + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: 'metrics-operator' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/v1beta1.custom.metrics.k8s.io.yaml b/charts/keptn-metrics-operator/templates/v1beta1.custom.metrics.k8s.io.yaml new file mode 100644 index 0000000..a0880d9 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/v1beta1.custom.metrics.k8s.io.yaml @@ -0,0 +1,17 @@ +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1beta1.custom.metrics.k8s.io + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + group: custom.metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: 'metrics-operator-service' + namespace: '{{ .Release.Namespace }}' + version: v1beta1 + versionPriority: 100 \ No newline at end of file diff --git a/charts/keptn-metrics-operator/templates/v1beta2.custom.metrics.k8s.io.yaml b/charts/keptn-metrics-operator/templates/v1beta2.custom.metrics.k8s.io.yaml new file mode 100644 index 0000000..672d2b9 --- /dev/null +++ b/charts/keptn-metrics-operator/templates/v1beta2.custom.metrics.k8s.io.yaml @@ -0,0 +1,17 @@ +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1beta2.custom.metrics.k8s.io + namespace: {{ .Release.Namespace | quote }} + labels: +{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} +{{- include "common.annotations" ( dict "context" . ) }} +spec: + group: custom.metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: 'metrics-operator-service' + namespace: '{{ .Release.Namespace }}' + version: v1beta2 + versionPriority: 200 \ No newline at end of file diff --git a/charts/keptn-metrics-operator/values.yaml b/charts/keptn-metrics-operator/values.yaml new file mode 100644 index 0000000..784ef58 --- /dev/null +++ b/charts/keptn-metrics-operator/values.yaml @@ -0,0 +1,170 @@ + +## @section Global parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +global: + ## @param global.imageRegistry Global container image registry + imageRegistry: "" + + ## @param global.imagePullSecrets Global Docker registry secret names as an array + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + ## @param global.commonLabels Common annotations to add to all Keptn resources. Evaluated as a template + ## + commonLabels: { } + ## @param global.commonAnnotations Common annotations to add to all Keptn resources. Evaluated as a template + ## + commonAnnotations: { } + +## @section Keptn Metrics Operator common +## @extra operatorService.ports[0] webhook port (must correspond to Mutating Webhook Configurations) +## @extra operatorService.ports[1] port to integrate with the K8s custom metrics API +## @extra operatorService.ports[2] port to integrate with metrics API (e.g. Keda) +operatorService: + ports: + ## @param operatorService.ports[0].name + - name: https + ## @param operatorService.ports[0].port + port: 8443 + ## @param operatorService.ports[0].protocol + protocol: TCP + ## @param operatorService.ports[0].targetPort + targetPort: https + ## @param operatorService.ports[1].name + - name: custom-metrics + ## @param operatorService.ports[1].port + port: 443 + ## @param operatorService.ports[1].targetPort + targetPort: custom-metrics + ## @param operatorService.ports[2].name + - name: metrics + ## @param operatorService.ports[2].port + port: 9999 + ## @param operatorService.ports[2].protocol + protocol: TCP + ## @param operatorService.ports[2].targetPort + targetPort: metrics + ## @param operatorService.type + type: ClusterIP + + + +config: + health: +## @param config.health.healthProbeBindAddress setup on what address to start the default health handler + healthProbeBindAddress: :8081 + leaderElection: +## @param config.leaderElection.leaderElect decides whether to enable leader election with multiple replicas + leaderElect: true +## @param config.leaderElection.resourceName defines LeaderElectionID + resourceName: 3f8532ca.keptn.sh + metrics: +## @param config.metrics.bindAddress MetricsBindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. + bindAddress: 127.0.0.1:8080 + webhook: +## @param config.webhook.port + port: 9443 +## @extra Mutating Webhook Configurations for metrics Operator +webhookService: + ports: +## @param webhookService.ports[0].port + - port: 443 +## @param webhookService.ports[0].protocol + protocol: TCP +## @param webhookService.ports[0].targetPort + targetPort: 9443 +## @param webhookService.type + type: ClusterIP +## @param nodeSelector add custom nodes selector to metrics operator +nodeSelector: { } +## @param replicas customize number of installed metrics operator replicas +replicas: 1 +## @param tolerations add custom tolerations to metrics operator +tolerations: [ ] +## @param topologySpreadConstraints add custom topology constraints to metrics operator +topologySpreadConstraints: [ ] +## @param annotations add deployment level annotations +annotations: {} +## @param podAnnotations adds pod level annotations +podAnnotations: {} +## @param kubernetesClusterDomain overrides cluster.local +kubernetesClusterDomain: cluster.local + +## @section Keptn Metrics Operator controller +## @extra containerSecurityContext Sets security context privileges +containerSecurityContext: +## @param containerSecurityContext.allowPrivilegeEscalation + allowPrivilegeEscalation: false + capabilities: +## @param containerSecurityContext.capabilities.drop + drop: + - ALL +## @param containerSecurityContext.privileged + privileged: false +## @param containerSecurityContext.runAsGroup + runAsGroup: 65532 +## @param containerSecurityContext.runAsNonRoot + runAsNonRoot: true +## @param containerSecurityContext.runAsUser + runAsUser: 65532 + seccompProfile: +## @param containerSecurityContext.seccompProfile.type + type: RuntimeDefault +env: +## @param env.exposeKeptnMetrics enable metrics exporter + exposeKeptnMetrics: "true" +## @param env.enableKeptnAnalysis enables/disables the analysis feature + enableKeptnAnalysis: "false" +## @param env.metricsControllerLogLevel sets the log level of Metrics Controller + metricsControllerLogLevel: "0" +## @param env.analysisControllerLogLevel sets the log level of Analysis Controller + analysisControllerLogLevel: "0" +image: +## @param image.registry specify the container registry for the metrics-operator image + registry: ghcr.io +## @param image.repository specify registry for manager image + repository: keptn/metrics-operator +## @param image.tag select tag for manager image + tag: v0.8.3 # x-release-please-version +## @param imagePullPolicy specify pull policy for manager image +imagePullPolicy: Always +## @extra livenessProbe custom livenessprobe for manager container +## @skip livenessProbe.httpGet.path +## @skip livenessProbe.httpGet.port +## @skip livenessProbe.initialDelaySeconds +## @skip livenessProbe.periodSeconds +livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + +## @extra readinessProbe custom readinessprobe for manager container +## @skip readinessProbe.httpGet.path +## @skip readinessProbe.httpGet.port +## @skip readinessProbe.initialDelaySeconds +## @skip readinessProbe.periodSeconds +readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + +## @extra resources specify limits and requests for manager container +## @skip resources.limits.cpu +## @skip resources.limits.memory +## @skip resources.requests.cpu +## @skip resources.requests.memory +resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi