diff --git a/charts/reports-server/Chart.yaml b/charts/reports-server/Chart.yaml index 305e801..9f7c1e6 100644 --- a/charts/reports-server/Chart.yaml +++ b/charts/reports-server/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: reports-server type: application -version: 0.1.0-alpha.1-n4k.2 -appVersion: v0.1.0-alpha.1-n4k.2 +version: 0.1.0 +appVersion: v0.1.0 keywords: - kubernetes - policy reports storage diff --git a/charts/reports-server/README.md b/charts/reports-server/README.md index 0ddf371..db94383 100644 --- a/charts/reports-server/README.md +++ b/charts/reports-server/README.md @@ -1,6 +1,6 @@ # reports-server -![Version: 0.1.0-alpha.1-n4k.2](https://img.shields.io/badge/Version-0.1.0--alpha.1--n4k.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.0-alpha.1-n4k.2](https://img.shields.io/badge/AppVersion-v0.1.0--alpha.1--n4k.2-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square) TODO @@ -44,6 +44,13 @@ helm install reports-server --namespace reports-server --create-namespace report | securityContext | object | See [values.yaml](values.yaml) | Container security context | | livenessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/livez","port":"https","scheme":"HTTPS"},"initialDelaySeconds":20,"periodSeconds":10}` | Liveness probe | | readinessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/readyz","port":"https","scheme":"HTTPS"},"initialDelaySeconds":30,"periodSeconds":10}` | Readiness probe | +| metrics.enabled | bool | `true` | Enable prometheus metrics | +| metrics.serviceMonitor.enabled | bool | `false` | Enable service monitor for scraping prometheus metrics | +| metrics.serviceMonitor.additionalLabels | object | `{}` | Service monitor additional labels | +| metrics.serviceMonitor.interval | string | `""` | Service monitor scrape interval | +| metrics.serviceMonitor.metricRelabelings | list | `[]` | Service monitor metric relabelings | +| metrics.serviceMonitor.relabelings | list | `[]` | Service monitor relabelings | +| metrics.serviceMonitor.scrapeTimeout | string | `""` | Service monitor scrape timeout | | resources.limits | string | `nil` | Container resource limits | | resources.requests | string | `nil` | Container resource requests | | autoscaling.enabled | bool | `false` | Enable autoscaling | diff --git a/charts/reports-server/templates/deployment.yaml b/charts/reports-server/templates/deployment.yaml index e8dbb0a..5e68bc2 100644 --- a/charts/reports-server/templates/deployment.yaml +++ b/charts/reports-server/templates/deployment.yaml @@ -51,6 +51,9 @@ spec: {{- end }} - --cert-dir=/tmp - --secure-port=4443 + {{- if .Values.metrics.enabled }} + - --authorization-always-allow-paths=/metrics + {{- end }} {{- if .Values.config.db.secretName }} env: - name: DB_HOST diff --git a/charts/reports-server/templates/service-monitor.yaml b/charts/reports-server/templates/service-monitor.yaml new file mode 100644 index 0000000..74e5fe8 --- /dev/null +++ b/charts/reports-server/templates/service-monitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "reports-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "reports-server.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "reports-server.selectorLabels" . | nindent 6 }} + endpoints: + - port: https + path: /metrics + scheme: https + tlsConfig: + insecureSkipVerify: true + {{- if .Values.metrics.serviceMonitor.interval}} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout}} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end -}} diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml index 78b06fd..c8920d3 100644 --- a/charts/reports-server/values.yaml +++ b/charts/reports-server/values.yaml @@ -98,6 +98,29 @@ readinessProbe: port: https scheme: HTTPS +metrics: + # -- Enable prometheus metrics + enabled: true + + serviceMonitor: + # -- Enable service monitor for scraping prometheus metrics + enabled: false + + # -- Service monitor additional labels + additionalLabels: {} + + # -- Service monitor scrape interval + interval: "" + + # -- Service monitor metric relabelings + metricRelabelings: [] + + # -- Service monitor relabelings + relabelings: [] + + # -- Service monitor scrape timeout + scrapeTimeout: "" + # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following diff --git a/config/install-inmemory.yaml b/config/install-inmemory.yaml index 3d79b30..14a4d1c 100644 --- a/config/install-inmemory.yaml +++ b/config/install-inmemory.yaml @@ -10,10 +10,10 @@ metadata: name: reports-server namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm --- apiVersion: rbac.authorization.k8s.io/v1 @@ -24,10 +24,10 @@ metadata: rbac.authorization.k8s.io/aggregate-to-admin: 'true' rbac.authorization.k8s.io/aggregate-to-edit: 'true' rbac.authorization.k8s.io/aggregate-to-view: 'true' - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -87,10 +87,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -107,10 +107,10 @@ metadata: name: reports-server namespace: kube-system labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -127,10 +127,10 @@ metadata: name: reports-server namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -149,10 +149,10 @@ metadata: name: reports-server namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -179,6 +179,7 @@ spec: - --debug - --cert-dir=/tmp - --secure-port=4443 + - --authorization-always-allow-paths=/metrics securityContext: allowPrivilegeEscalation: false capabilities: @@ -228,10 +229,10 @@ metadata: name: v1alpha2.wgpolicyk8s.io namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm kube-aggregator.kubernetes.io/automanaged: "false" annotations: @@ -252,10 +253,10 @@ metadata: name: v1.reports.kyverno.io namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm kube-aggregator.kubernetes.io/automanaged: "false" annotations: diff --git a/config/install.yaml b/config/install.yaml index 0c8e1ff..1360f30 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -23,10 +23,10 @@ metadata: name: reports-server namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm --- apiVersion: v1 @@ -53,10 +53,10 @@ metadata: rbac.authorization.k8s.io/aggregate-to-admin: 'true' rbac.authorization.k8s.io/aggregate-to-edit: 'true' rbac.authorization.k8s.io/aggregate-to-view: 'true' - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -116,10 +116,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -136,10 +136,10 @@ metadata: name: reports-server namespace: kube-system labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -215,10 +215,10 @@ metadata: name: reports-server namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -237,10 +237,10 @@ metadata: name: reports-server namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -274,6 +274,7 @@ spec: - --dbsslcert= - --cert-dir=/tmp - --secure-port=4443 + - --authorization-always-allow-paths=/metrics securityContext: allowPrivilegeEscalation: false capabilities: @@ -492,10 +493,10 @@ metadata: name: v1alpha2.wgpolicyk8s.io namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm kube-aggregator.kubernetes.io/automanaged: "false" annotations: @@ -516,10 +517,10 @@ metadata: name: v1.reports.kyverno.io namespace: reports-server labels: - helm.sh/chart: reports-server-0.1.0-alpha.1-n4k.2 + helm.sh/chart: reports-server-0.1.0 app.kubernetes.io/name: reports-server app.kubernetes.io/instance: reports-server - app.kubernetes.io/version: "v0.1.0-alpha.1-n4k.2" + app.kubernetes.io/version: "v0.1.0" app.kubernetes.io/managed-by: Helm kube-aggregator.kubernetes.io/automanaged: "false" annotations: