make charts

charts/rancher-pushprox/rancher-pushprox/0.1.400/README.md

@@ -24,6 +24,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch
 | ----- | ----------- | ------ |
 | `component` | The component that is being monitored | `kube-etcd`
 | `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://<HOST_IP>:<metricsPort>/metrics`) | `2379` |
+| `namespaceOverride` | The namespace to install the chart | `""`
 
 #### Optional
 | Parameter | Description | Default |
@@ -42,6 +43,9 @@ The following tables list the configurable parameters of the rancher-pushprox ch
 | `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` |
 | `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` |
 | `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` |
+| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` |
+| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` |
+| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` |
 | `clients.resources` | Set resource limits and requests for the client container | `{}` |
 | `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` |
 | `clients.tolerations` | Specify tolerations for clients | `[]` |

charts/rancher-pushprox/rancher-pushprox/0.1.400/templates/_helpers.tpl

@@ -49,7 +49,7 @@ provider: kubernetes
 {{- if .Values.clients.proxyUrl -}}
 {{ printf "%s" .Values.clients.proxyUrl }}
 {{- else -}}
-{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }}
+{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }}
 {{- end -}}{{- end -}}
 
 # Client

charts/rancher-pushprox/rancher-pushprox/0.1.400/templates/pushprox-clients-rbac.yaml

@@ -30,20 +30,20 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ template "pushProxy.client.name" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ include "pushprox.namespace" . }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "pushProxy.client.name" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "pushprox.namespace" . }}
   labels: {{ include "pushProxy.client.labels" . | nindent 4 }}
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
   name: {{ template "pushProxy.client.name" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "pushprox.namespace" . }}
   labels: {{ include "pushProxy.client.labels" . | nindent 4 }}
 spec:
   privileged: false

charts/rancher-pushprox/rancher-pushprox/0.1.400/templates/pushprox-clients.yaml

@@ -1,18 +1,28 @@
 {{- if .Values.clients }}{{- if .Values.clients.enabled }}
 apiVersion: apps/v1
+{{- if .Values.clients.deployment.enabled }}
+kind: Deployment
+{{- else }}
 kind: DaemonSet
+{{- end }}
 metadata:
   name: {{ template "pushProxy.client.name" . }}
   namespace: {{ template "pushprox.namespace" . }}
   labels: {{ include "pushProxy.client.labels" . | nindent 4 }}
     pushprox-exporter: "client"
 spec:
+  {{- if .Values.clients.deployment.enabled }}
+  replicas: {{ .Values.clients.deployment.replicas }}
+  {{- end }}
   selector:
     matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }}
   template:
     metadata:
       labels: {{ include "pushProxy.client.labels" . | nindent 8 }}
     spec:
+      {{- if .Values.clients.affinity }}
+      affinity: {{ toYaml .Values.clients.affinity | nindent 8 }}
+      {{- end }}
       nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
 {{- if .Values.clients.nodeSelector }}
 {{ toYaml .Values.clients.nodeSelector | indent 8 }}

charts/rancher-pushprox/rancher-pushprox/0.1.400/templates/pushprox-proxy-rbac.yaml

@@ -23,20 +23,20 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ template "pushProxy.proxy.name" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ include "pushprox.namespace" . }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "pushProxy.proxy.name" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "pushprox.namespace" . }}
   labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }}
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
   name: {{ template "pushProxy.proxy.name" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "pushprox.namespace" . }}
   labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }}
 spec:
   privileged: false

charts/rancher-pushprox/rancher-pushprox/0.1.400/values.yaml

@@ -16,6 +16,8 @@ global:
   cattle:
     systemDefaultRegistry: ""
 
+namespaceOverride: ""
+
 # The component that is being monitored (i.e. etcd)
 component: "component"
 
@@ -69,6 +71,7 @@ clients:
   # Options to select all nodes to deploy client DaemonSet on
   nodeSelector: {}
   tolerations: []
+  affinity: {}
 
   image:
     repository: rancher/pushprox-client
@@ -79,6 +82,17 @@ clients:
     repository: rancher/mirrored-library-busybox
     tag: 1.31.1
 
+  # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes.
+  # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in
+  # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod.
+  # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment,
+  # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet.
+  # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will
+  # be responsible for upgrading this chart accordingly to the right number of replicas.
+  deployment:
+    enabled: false
+    replicas: 0
+
 proxy:
   enabled: true
   # The port through which PushProx clients will communicate to the proxy