2023-03-10 23:07:57 +00:00
{{- if and (not .Values.agent) (not .Values.cloudAgent) }}
2022-11-03 19:29:11 +00:00
{{- $nginxPort := int .Values.service.port | default 9090 -}}
apiVersion : apps/v1
kind : Deployment
metadata :
name : {{ template "cost-analyzer.fullname" . }}
2023-02-07 20:34:08 +00:00
namespace : {{ .Release.Namespace }}
2022-11-03 19:29:11 +00:00
labels :
{{ include "cost-analyzer.commonLabels" . | nindent 4 }}
{{- if .Values.kubecostDeployment }}
{{- with .Values.kubecostDeployment.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
spec :
{{- if .Values.kubecostDeployment }}
replicas : {{ .Values.kubecostDeployment.replicas | default 1 }}
{{- end }}
selector :
matchLabels :
{{ include "cost-analyzer.selectorLabels" . | nindent 8}}
{{- if .Values.kubecostDeployment }}
{{- if .Values.kubecostDeployment.deploymentStrategy }}
{{- with .Values.kubecostDeployment.deploymentStrategy }}
strategy : {{ toYaml . | nindent 4 }}
{{- end }}
{{- else }}
strategy :
rollingUpdate :
maxSurge : 1
maxUnavailable : 1
type : RollingUpdate
{{- end }}
{{- end }}
template :
metadata :
labels :
{{ include "cost-analyzer.selectorLabels" . | nindent 8 }}
{{- if .Values.global.additionalLabels }}
{{ toYaml .Values.global.additionalLabels | nindent 8 }}
{{- end }}
{{- if .Values.kubecostDeployment }}
{{- with .Values.kubecostDeployment.labels }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.global.podAnnotations}}
annotations :
{{- with .Values.global.podAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
spec :
{{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }}
securityContext :
runAsUser : 0
{{- else }}
securityContext :
runAsUser : 1001
runAsGroup : 1001
fsGroup : 1001
{{- end }}
{{- else if lt $nginxPort 1025 }}
securityContext :
runAsUser : 0
{{- else }}
securityContext :
runAsUser : 1001
runAsGroup : 1001
fsGroup : 1001
{{- end }}
restartPolicy : Always
serviceAccountName : {{ template "cost-analyzer.serviceAccountName" . }}
volumes :
{{- if .Values.hosted }}
- name : config-store
secret :
defaultMode : 420
secretName : kubecost-thanos
{{- end }}
2022-12-15 17:25:29 +00:00
- name : tmp
emptyDir : {}
2022-11-03 19:29:11 +00:00
- name : nginx-conf
configMap :
name : nginx-conf
items :
- key : nginx.conf
path : default.conf
2023-02-07 20:34:08 +00:00
{{- /*
If Thanos is enabled, then enable ETL backups by default.
To opt out of ETL backups, set .Values.kubecostModel.etlBucketConfigSecret=""
*/}}
{{- $etlBackupBucketSecret := "" }}
2023-03-10 23:07:57 +00:00
{{- if .Values.global.containerSecuritycontext }}
- name : tmp
emptyDir : { }
- name : cache
emptyDir : { }
{{- end }}
2022-11-03 19:29:11 +00:00
{{- if .Values.kubecostModel.etlBucketConfigSecret }}
2023-02-07 20:34:08 +00:00
{{- $etlBackupBucketSecret = .Values.kubecostModel.etlBucketConfigSecret }}
{{- else if and .Values.global.thanos.enabled (ne (typeOf .Values.kubecostModel.etlBucketConfigSecret) "string") }}
{{- $etlBackupBucketSecret = .Values.thanos.storeSecretName }}
{{- end }}
{{- if $etlBackupBucketSecret }}
2022-11-03 19:29:11 +00:00
- name : etl-bucket-config
secret :
defaultMode : 420
2023-02-07 20:34:08 +00:00
secretName : {{ $etlBackupBucketSecret }}
2022-11-03 19:29:11 +00:00
{{- end }}
{{- if .Values.kubecostModel.federatedStorageConfigSecret }}
- name : federated-storage-config
secret :
defaultMode : 420
secretName : {{ .Values.kubecostModel.federatedStorageConfigSecret }}
{{- end }}
{{- if .Values.kubecostProductConfigs }}
{{- if .Values.kubecostProductConfigs.productKey }}
{{- if .Values.kubecostProductConfigs.productKey.secretname }}
- name : productkey-secret
secret :
secretName : {{ .Values.kubecostProductConfigs.productKey.secretname }}
items :
- key : productkey.json
path : productkey.json
{{- end }}
{{- end -}}
{{- if .Values.kubecostProductConfigs }}
{{- if .Values.kubecostProductConfigs.gcpSecretName }}
- name : gcp-key-secret
secret :
secretName : {{ .Values.kubecostProductConfigs.gcpSecretName }}
items :
- key : compute-viewer-kubecost-key.json
path : service-key.json
{{- end }}
{{- end -}}
{{- if .Values.kubecostProductConfigs.serviceKeySecretName }}
- name : service-key-secret
secret :
secretName : {{ .Values.kubecostProductConfigs.serviceKeySecretName }}
{{- else if .Values.kubecostProductConfigs.createServiceKeySecret }}
- name : service-key-secret
secret :
secretName : cloud-service-key
{{- end }}
{{- if .Values.kubecostProductConfigs.azureStorageSecretName }}
- name : azure-storage-config
secret :
secretName : {{ .Values.kubecostProductConfigs.azureStorageSecretName }}
items :
- key : azure-storage-config.json
path : azure-storage-config.json
{{- else if .Values.kubecostProductConfigs.azureStorageCreateSecret }}
- name : azure-storage-config
secret :
secretName : azure-storage-config
{{- end }}
{{- if .Values.kubecostProductConfigs.cloudIntegrationSecret }}
- name : cloud-integration
secret :
secretName : {{ .Values.kubecostProductConfigs.cloudIntegrationSecret }}
items :
- key : cloud-integration.json
path : cloud-integration.json
{{- end }}
{{- if .Values.kubecostProductConfigs.clusters }}
- name : kubecost-clusters
configMap :
name : kubecost-clusters
{{- range .Values.kubecostProductConfigs.clusters }}
{{- if .auth }}
{{- if .auth.secretName }}
- name : {{ .auth.secretName }}
secret :
secretName : {{ .auth.secretName }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }}
- name : tls
secret :
secretName : {{ .Values.kubecostFrontend.tls.secretName }}
items :
- key : tls.crt
path : kc.crt
- key : tls.key
path : kc.key
{{- end }}
{{- end }}
2023-03-10 23:07:57 +00:00
{{- if .Values.kubecostAdmissionController }}
{{- if .Values.kubecostAdmissionController.enabled }}
{{- if .Values.kubecostAdmissionController.secretName }}
- name : webhook-server-tls
secret :
secretName : {{ .Values.kubecostAdmissionController.secretName }}
items :
- key : tls.crt
path : tls.crt
- key : tls.key
path : tls.key
{{- end }}
{{- end }}
{{- end }}
2022-11-03 19:29:11 +00:00
{{- if .Values.saml }}
{{- if .Values.saml.enabled }}
{{- if .Values.saml.secretName }}
- name : secret-volume
secret :
secretName : {{ .Values.saml.secretName }}
{{- end }}
{{- if .Values.saml.metadataSecretName }}
- name : metadata-secret-volume
secret :
secretName : {{ .Values.saml.metadataSecretName }}
{{- end }}
{{- if .Values.saml.rbac.enabled }}
- name : saml-roles
configMap :
name : {{ template "cost-analyzer.fullname" . }}-saml
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.oidc }}
{{- if .Values.oidc.enabled }}
- name : oidc-config
configMap :
name : {{ template "cost-analyzer.fullname" . }}-oidc
{{- if .Values.oidc.secretName }}
- name : oidc-client-secret
secret :
secretName : {{ .Values.oidc.secretName }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.federatedETL.federator }}
{{- if .Values.federatedETL.federator.enabled }}
- name : federator-config
configMap :
name : {{ template "cost-analyzer.fullname" . }}-federator
{{- end }}
{{- end }}
{{- if .Values.extraVolumes }}
# Extra volume(s)
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
- name : persistent-configs
{{- if .Values.persistentVolume }}
{{- if .Values.persistentVolume.enabled }}
persistentVolumeClaim :
{{- if .Values.persistentVolume.existingClaim }}
claimName : {{ .Values.persistentVolume.existingClaim }}
{{- else }}
claimName : {{ template "cost-analyzer.fullname" . }}
{{- end -}}
{{- else }}
emptyDir : {}
{{- end -}}
{{- else }}
persistentVolumeClaim :
claimName : {{ template "cost-analyzer.fullname" . }}
{{- end }}
{{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }}
- name : persistent-db
{{- if .Values.persistentVolume }}
{{- if .Values.persistentVolume.enabled }}
persistentVolumeClaim :
{{- if .Values.persistentVolume.dbExistingClaim }}
claimName : {{ .Values.persistentVolume.dbExistingClaim }}
{{- else }}
claimName : {{ template "cost-analyzer.fullname" . }}-db
{{- end -}}
{{- else }}
emptyDir : {}
{{- end -}}
{{- else }}
persistentVolumeClaim :
claimName : {{ template "cost-analyzer.fullname" . }}-db
{{- end }}
{{- end }}
initContainers :
{{- if .Values.supportNFS }}
- name : config-db-perms-fix
{{- if .Values.initChownDataImage }}
image : {{ .Values.initChownDataImage }}
{{- else }}
image : busybox
{{- end }}
resources :
{{ toYaml .Values.initChownData.resources | indent 12 }}
{{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }}
command : [ "sh" , "-c" , "/bin/chmod -R 777 /var/configs && /bin/chmod -R 777 /var/db" ]
{{- else }}
command : [ "sh" , "-c" , "/bin/chmod -R 777 /var/configs" ]
{{- end}}
volumeMounts :
- name : persistent-configs
mountPath : /var/configs
{{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }}
- name : persistent-db
mountPath : /var/db
{{- end }}
securityContext :
runAsUser : 0
{{ end }}
containers :
{{- if .Values.global.amp.enabled }}
- name : sigv4proxy
image : {{ .Values.sigV4Proxy.image }}
{{- if .Values.sigV4Proxy.imagePullPolicy }}
imagePullPolicy : {{ .Values.sigV4Proxy.imagePullPolicy }}
{{- else }}
imagePullPolicy : Always
{{- end }}
args :
- --name
- {{ .Values.sigV4Proxy.name }}
- --region
- {{ .Values.sigV4Proxy.region }}
- --host
- {{ .Values.sigV4Proxy.host }}
{{- if .Values.sigV4Proxy.role_arn }}
- --role-arn
- {{ .Values.sigV4Proxy.role_arn }}
{{- end }}
- --port
- : {{ .Values.sigV4Proxy.port }}
ports :
- name : aws-sigv4-proxy
containerPort : {{ .Values.sigV4Proxy.port | int }}
{{- if .Values.sigV4Proxy.extraEnv }}
env :
{{- toYaml .Values.sigV4Proxy.extraEnv | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.kubecostModel }}
{{- if .Values.kubecostModel.openSourceOnly }}
- image : quay.io/kubecost1/kubecost-cost-model:{{ .Values.imageVersion }}
{{- else if .Values.kubecostModel.fullImageName }}
- image : {{ .Values.kubecostModel.fullImageName }}
{{- else if .Values.imageVersion }}
- image : {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }}
{{- else }}
- image : {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }}
{{ end }}
{{- else }}
- image : gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }}
{{ end }}
name : cost-model
{{- if .Values.kubecostModel.extraArgs }}
args :
{{- toYaml .Values.kubecostModel.extraArgs | nindent 12 }}
{{- end }}
2022-12-15 17:25:29 +00:00
{{- if .Values.kubecostModel.securityContext }}
securityContext :
{{- toYaml .Values.kubecostModel.securityContext | nindent 12 -}}
{{ end }}
2022-11-03 19:29:11 +00:00
{{- if .Values.kubecostModel.imagePullPolicy }}
imagePullPolicy : {{ .Values.kubecostModel.imagePullPolicy }}
{{- else }}
imagePullPolicy : Always
{{- end }}
ports :
- name : tcp-model
containerPort : 9003
protocol : TCP
- name : tcp-frontend
containerPort : 9090
protocol : TCP
resources :
{{ toYaml .Values.kubecostModel.resources | indent 12 }}
readinessProbe :
httpGet :
path : /healthz
port : 9003
initialDelaySeconds : 30
periodSeconds : 10
failureThreshold : 200
2023-03-10 23:07:57 +00:00
{{- if .Values.kubecostFrontend.livenessProbe.enabled }}
livenessProbe :
httpGet :
path : /healthz
port : 9003
initialDelaySeconds : 30
periodSeconds : 10
failureThreshold : 200
{{- end }}
{{- if .Values.global.containerSecuritycontext }}
securityContext :
{{- toYaml .Values.global.containerSecuritycontext | nindent 12 }}
{{- end }}
2022-11-03 19:29:11 +00:00
volumeMounts :
{{- if .Values.hosted }}
- name : config-store
mountPath : /var/secrets
readOnly : true
{{- end }}
- name : persistent-configs
mountPath : /var/configs
{{- if .Values.extraVolumeMounts }}
# Extra volume mount(s)
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
2023-02-07 20:34:08 +00:00
{{- if $etlBackupBucketSecret }}
2022-11-03 19:29:11 +00:00
- name : etl-bucket-config
mountPath : /var/configs/etl
readOnly : true
{{- else if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }}
- name : persistent-db
mountPath : /var/db
{{- end }}
{{- if .Values.kubecostModel.federatedStorageConfigSecret }}
- name : federated-storage-config
mountPath : /var/configs/etl/federated
readOnly : true
{{- end }}
2023-03-10 23:07:57 +00:00
{{- if .Values.kubecostAdmissionController }}
{{- if .Values.kubecostAdmissionController.enabled }}
{{- if .Values.kubecostAdmissionController.secretName }}
- name : {{ .Values.kubecostAdmissionController.secretName }}
mountPath : /certs
{{- end }}
{{- end }}
{{- end }}
2022-11-03 19:29:11 +00:00
{{- if .Values.federatedETL }}
{{- if .Values.federatedETL.federator.enabled }}
- name : federator-config
mountPath : /var/configs/federator
{{- end }}
{{- end }}
{{- if .Values.kubecostProductConfigs }}
{{- if .Values.kubecostProductConfigs.productKey }}
{{- if .Values.kubecostProductConfigs.productKey.secretname }}
- name : productkey-secret
mountPath : /var/configs/productkey
{{- end }}
{{- end }}
{{- if .Values.kubecostProductConfigs.gcpSecretName }}
- name : gcp-key-secret
mountPath : /var/secrets
{{- end }}
{{- if or .Values.kubecostProductConfigs.azureStorageSecretName .Values.kubecostProductConfigs.azureStorageCreateSecret }}
- name : azure-storage-config
mountPath : /var/azure-storage-config
{{- end }}
{{- if .Values.kubecostProductConfigs.cloudIntegrationSecret }}
- name : cloud-integration
mountPath : /var/cloud-integration
{{- end }}
{{- if or .Values.kubecostProductConfigs.serviceKeySecretName .Values.kubecostProductConfigs.createServiceKeySecret }}
- name : service-key-secret
mountPath : /var/secrets
{{- end }}
{{- if .Values.kubecostProductConfigs.clusters }}
- name : kubecost-clusters
mountPath : /var/configs/clusters
{{- range .Values.kubecostProductConfigs.clusters }}
{{- if .auth }}
{{- if .auth.secretName }}
- name : {{ .auth.secretName }}
mountPath : /var/secrets/{{ .auth.secretName }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.saml }}
{{- if .Values.saml.enabled }}
{{- if .Values.saml.secretName }}
- name : secret-volume
mountPath : /var/configs/secret-volume
{{- end }}
{{- if .Values.saml.metadataSecretName }}
- name : metadata-secret-volume
mountPath : /var/configs/metadata-secret-volume
{{- end }}
{{- if .Values.saml.rbac.enabled }}
- name : saml-roles
mountPath : /var/configs/saml
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.oidc }}
{{- if .Values.oidc.enabled }}
- name : oidc-config
mountPath : /var/configs/oidc
{{- if .Values.oidc.secretName }}
- name : oidc-client-secret
mountPath : /var/configs/oidc-client-secret
{{- end }}
{{- end }}
{{- end }}
env :
{{- if .Values.global.grafana }}
- name : GRAFANA_ENABLED
value : {{ (quote .Values.global.grafana.enabled) | default (quote false) }}
{{- end}}
{{- if .Values.kubecostModel.extraEnv -}}
{{ toYaml .Values.kubecostModel.extraEnv | nindent 12 }}
{{- end }}
{{- if .Values.reporting }}
{{- if .Values.reporting.valuesReporting }}
- name : HELM_VALUES
value : {{ template "cost-analyzer.filterEnabled" .Values }}
{{- end }}
{{- end }}
{{- if .Values.alertConfigmapName }}
- name : ALERT_CONFIGMAP_NAME
value : {{ .Values.alertConfigmapName }}
{{- end }}
{{- if .Values.productConfigmapName }}
- name : PRODUCT_CONFIGMAP_NAME
value : {{ .Values.productConfigmapName }}
{{- end }}
{{- if .Values.appConfigmapName }}
- name : APP_CONFIGMAP_NAME
value : {{ .Values.appConfigmapName }}
{{- end }}
{{- if .Values.kubecostModel.softMemoryLimit }}
- name : GOMEMLIMIT
value : {{ .Values.kubecostModel.softMemoryLimit }}
{{- end }}
{{- if .Values.assetReportConfigmapName }}
- name : ASSET_REPORT_CONFIGMAP_NAME
value : {{ .Values.assetReportConfigmapName }}
{{- end }}
{{- if .Values.savedReportConfigmapName }}
- name : SAVED_REPORT_CONFIGMAP_NAME
value : {{ .Values.savedReportConfigmapName }}
{{- end }}
{{- if .Values.groupFiltersConfigmapName }}
- name : GROUP_FILTERS_CONFIGMAP_NAME
value : {{ .Values.groupFiltersConfigmapName }}
{{- end }}
{{- if .Values.pricingConfigmapName }}
- name : PRICING_CONFIGMAP_NAME
value : {{ .Values.pricingConfigmapName }}
{{- end }}
{{- if .Values.metricsConfigmapName }}
- name : METRICS_CONFIGMAP_NAME
value : {{ .Values.metricsConfigmapName }}
{{- end }}
- name : READ_ONLY
value : {{ (quote .Values.readonly) | default (quote false) }}
- name : PROMETHEUS_SERVER_ENDPOINT
valueFrom :
configMapKeyRef :
name : {{ template "cost-analyzer.fullname" . }}
key : prometheus-server-endpoint
- name : CLOUD_PROVIDER_API_KEY
2023-02-07 20:34:08 +00:00
value : "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API key.This GCP api key is expected to be here and is limited to accessing google's billing API.
2022-11-03 19:29:11 +00:00
{{- if .Values.kubecostProductConfigs }}
{{- if .Values.kubecostProductConfigs.gcpSecretName }}
2023-02-07 20:34:08 +00:00
2022-11-03 19:29:11 +00:00
- name : GOOGLE_APPLICATION_CREDENTIALS
value : /var/configs/key.json
{{- end }}
{{- end }}
- name : CONFIG_PATH
value : /var/configs/
- name : DB_PATH
value : /var/db/
- name : CLUSTER_PROFILE
{{- if .Values.kubecostProductConfigs }}
value : {{ .Values.kubecostProductConfigs.clusterProfile | default "production" }}
{{- else }}
value : production
{{- end }}
{{- if .Values.kubecostProductConfigs }}
{{- if .Values.kubecostProductConfigs.productKey }}
{{- if .Values.kubecostProductConfigs.productKey.mountPath }}
- name : PRODUCT_KEY_MOUNT_PATH
value : {{ .Values.kubecostProductConfigs.productKey.mountPath }}
{{- end }}
{{- end }}
{{- if .Values.kubecostProductConfigs.ingestPodUID }}
- name : INGEST_POD_UID
value : {{ (quote .Values.kubecostProductConfigs.ingestPodUID) }}
{{- end }}
2023-03-14 21:10:14 +00:00
{{- if .Values.kubecostProductConfigs.regionOverrides }}
- name : REGION_OVERRIDE_LIST
value : {{ (quote .Values.kubecostProductConfigs.regionOverrides) }}
{{- end }}
2022-11-03 19:29:11 +00:00
{{- end }}
- name : REMOTE_WRITE_PASSWORD
value : {{ .Values.remoteWrite.postgres.auth.password }}
{{- if .Values.remoteWrite.postgres.enabled }}
- name : REMOTE_WRITE_ENABLED
value : "true"
{{- end }}
{{- if .Values.global.thanos.queryServiceBasicAuthSecretName}}
- name : MC_BASIC_AUTH_USERNAME
valueFrom :
secretKeyRef :
name : {{ .Values.global.thanos.queryServiceBasicAuthSecretName }}
key : USERNAME
- name : MC_BASIC_AUTH_PW
valueFrom :
secretKeyRef :
name : {{ .Values.global.thanos.queryServiceBasicAuthSecretName }}
key : PASSWORD
{{- end }}
{{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}}
- name : DB_BASIC_AUTH_USERNAME
valueFrom :
secretKeyRef :
name : {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }}
key : USERNAME
- name : DB_BASIC_AUTH_PW
valueFrom :
secretKeyRef :
name : {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }}
key : PASSWORD
{{- end }}
{{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }}
- name : DB_BEARER_TOKEN
valueFrom :
secretKeyRef :
name : {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }}
key : TOKEN
{{- end }}
{{- if .Values.global.thanos.queryServiceBearerTokenSecretName }}
- name : MC_BEARER_TOKEN
valueFrom :
secretKeyRef :
name : {{ .Values.global.thanos.queryServiceBearerTokenSecretName }}
key : TOKEN
{{- end }}
{{- if .Values.global.prometheus.insecureSkipVerify }}
- name : INSECURE_SKIP_VERIFY
value : {{ (quote .Values.global.prometheus.insecureSkipVerify) }}
{{- end }}
{{- if .Values.pricingCsv }}
{{- if .Values.pricingCsv.enabled }}
- name : USE_CSV_PROVIDER
value : "true"
- name : CSV_PATH
value : {{ .Values.pricingCsv.location.URI }}
- name : CSV_REGION
value : {{ .Values.pricingCsv.location.region }}
{{- if eq .Values.pricingCsv.location.provider "AWS"}}
{{- if .Values.pricingCsv.location.csvAccessCredentials }}
- name : AWS_ACCESS_KEY_ID
valueFrom :
secretKeyRef :
name : {{ .Values.pricingCsv.location.csvAccessCredentials }}
key : AWS_ACCESS_KEY_ID
- name : AWS_SECRET_ACCESS_KEY
valueFrom :
secretKeyRef :
name : {{ .Values.pricingCsv.location.csvAccessCredentials }}
key : AWS_SECRET_ACCESS_KEY
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.kubecostMetrics }}
- name : EMIT_POD_ANNOTATIONS_METRIC
value : {{ (quote .Values.kubecostMetrics.emitPodAnnotations) | default (quote false) }}
- name : EMIT_NAMESPACE_ANNOTATIONS_METRIC
value : {{ (quote .Values.kubecostMetrics.emitNamespaceAnnotations) | default (quote false) }}
{{- end }}
{{- if .Values.kubecostMetrics }}
- name : EMIT_KSM_V1_METRICS
value : {{ (quote .Values.kubecostMetrics.emitKsmV1Metrics) | default (quote true) }}
{{- end }}
{{- if .Values.kubecostMetrics }}
- name : EMIT_KSM_V1_METRICS_ONLY # ONLY emit KSM v1 metrics that do not exist in KSM 2 by default
value : {{ (quote .Values.kubecostMetrics.emitKsmV1MetricsOnly) | default (quote false) }}
{{- end }}
{{- if .Values.reporting }}
- name : LOG_COLLECTION_ENABLED
value : {{ (quote .Values.reporting.logCollection) | default (quote true) }}
- name : PRODUCT_ANALYTICS_ENABLED
value : {{ (quote .Values.reporting.productAnalytics) | default (quote true) }}
- name : ERROR_REPORTING_ENABLED
value : {{ (quote .Values.reporting.errorReporting ) | default (quote true) }}
- name : VALUES_REPORTING_ENABLED
value : {{ (quote .Values.reporting.valuesReporting) | default (quote true) }}
{{- if .Values.reporting.errorReporting }}
- name : SENTRY_DSN
value : "https://71964476292e4087af8d5072afe43abd@o394722.ingest.sentry.io/5245431"
{{- end }}
{{- end }}
- name : LEGACY_EXTERNAL_API_DISABLED
value : {{ (quote .Values.kubecostModel.legacyOutOfClusterAPIDisabled) | default (quote false) }}
- name : OUT_OF_CLUSTER_PROM_METRICS_ENABLED
value : {{ (quote .Values.kubecostModel.outOfClusterPromMetricsEnabled) | default (quote false) }}
- name : CACHE_WARMING_ENABLED
value : {{ (quote .Values.kubecostModel.warmCache) | default (quote true) }}
- name : SAVINGS_CACHE_WARMING_ENABLED
value : {{ (quote .Values.kubecostModel.warmSavingsCache) | default (quote true) }}
- name : ETL_ENABLED
value : {{ (quote .Values.kubecostModel.etl) | default (quote true) }}
{{- if .Values.kubecostModel.etlReadOnlyMode }}
- name : ETL_READ_ONLY
value : "true"
{{- end }}
2023-02-07 20:34:08 +00:00
{{- if $etlBackupBucketSecret }}
2022-11-03 19:29:11 +00:00
- name : ETL_TO_DISK_ENABLED
value : "false"
- name : ETL_BUCKET_CONFIG
value : "/var/configs/etl/object-store.yaml"
{{- else }}
- name : ETL_TO_DISK_ENABLED
value : {{ (quote .Values.kubecostModel.etlToDisk) | default (quote true) }}
{{- end }}
{{- if .Values.kubecostModel.federatedStorageConfigSecret }}
- name : FEDERATED_STORE_CONFIG
value : "/var/configs/etl/federated/federated-store.yaml"
{{- end }}
{{- if or .Values.federatedETL.federatedCluster .Values.kubecostModel.federatedStorageConfigSecret }}
- name : FEDERATED_CLUSTER
value : "true"
{{- end}}
{{- if .Values.federatedETL.primaryCluster }}
- name : FEDERATED_PRIMARY_CLUSTER
value : "true"
{{- end}}
{{- if .Values.federatedETL.redirectS3Backup }}
- name : FEDERATED_REDIRECT_BACKUP
value : "true"
{{- end}}
{{- if .Values.federatedETL.useExistingS3Config }}
- name : FEDERATED_USE_EXISTING_CONFIG
value : "true"
{{- end}}
{{- if .Values.federatedETL.federator.enabled }}
- name : FEDERATED_FEDERATOR_ENABLED
value : "true"
{{- end}}
- name : ETL_STORE_READ_ONLY
value : {{ (quote .Values.kubecostModel.etlStoreReadOnly) | default (quote false) }}
- name : ETL_CLOUD_USAGE_ENABLED
{{- if kindIs "bool" .Values.kubecostModel.etlCloudUsage }}
value : {{ (quote .Values.kubecostModel.etlCloudUsage) }}
{{- else if kindIs "bool" .Values.kubecostModel.etlCloudAsset }}
value : {{ (quote .Values.kubecostModel.etlCloudAsset) }}
{{- else }}
value : "true"
{{- end }}
- name : CLOUD_ASSETS_EXCLUDE_PROVIDER_ID
value : {{ (quote .Values.kubecostModel.cloudAssetsExcludeProviderID) | default (quote false) }}
- name : ETL_CLOUD_REFRESH_RATE_HOURS
value : {{ (quote .Values.kubecostModel.etlCloudRefreshRateHours) | default (quote 6) }}
- name : ETL_CLOUD_QUERY_WINDOW_DAYS
value : {{ (quote .Values.kubecostModel.etlCloudQueryWindowDays) | default (quote 7) }}
- name : ETL_CLOUD_RUN_WINDOW_DAYS
value : {{ (quote .Values.kubecostModel.etlCloudRunWindowDays) | default (quote 3) }}
{{- if .Values.persistentVolume.dbPVEnabled }}
- name : ETL_PATH_PREFIX
value : "/var/db"
{{- end }}
- name : ETL_RESOLUTION_SECONDS
value : {{ (quote .Values.kubecostModel.etlResolutionSeconds) | default (quote 300) }}
- name : ETL_MAX_PROMETHEUS_QUERY_DURATION_MINUTES
value : {{ (quote .Values.kubecostModel.maxPrometheusQueryDurationMinutes) | default (quote 1440) }}
- name : ETL_DAILY_STORE_DURATION_DAYS
value : {{ (quote .Values.kubecostModel.etlDailyStoreDurationDays) | default (quote 91) }}
- name : ETL_HOURLY_STORE_DURATION_HOURS
value : {{ (quote .Values.kubecostModel.etlHourlyStoreDurationHours) | default (quote 49) }}
- name : ETL_FILE_STORE_ENABLED
value : {{ (quote .Values.kubecostModel.etlFileStoreEnabled) | default (quote true) }}
- name : ETL_ASSET_RECONCILIATION_ENABLED
value : {{ (quote .Values.kubecostModel.etlAssetReconciliationEnabled) | default (quote true) }}
- name : ETL_USE_UNBLENDED_COST
value : {{ (quote .Values.kubecostModel.etlUseUnblendedClost) | default (quote false) }}
2023-02-07 20:34:08 +00:00
{{- if .Values.kubecostModel }}
{{- if .Values.kubecostModel.allocation }}
{{- if .Values.kubecostModel.allocation.nodeLabels }}
{{- with .Values.kubecostModel.allocation.nodeLabels }}
- name : ALLOCATION_NODE_LABELS_ENABLED
value : {{ (quote .enabled) | default (quote true) }}
- name : ALLOCATION_NODE_LABELS_INCLUDE_LIST
value : {{ (quote .includeList) }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
2022-12-15 17:25:29 +00:00
{{- with .Values.kubecostModel.cloudCost }}
- name : CLOUD_COST_ENABLED
value : {{ (quote .enabled) | default (quote false) }}
{{- with .labelList }}
- name : CLOUD_COST_IS_INCLUDE_LIST
value : {{ (quote .IsIncludeList) | default (quote false) }}
- name : CLOUD_COST_LABEL_LIST
value : {{ (quote .labels) }}
{{- end }}
- name : CLOUD_COST_TOP_N
value : {{ (quote .topNItems) | default (quote 1000) }}
{{- end }}
2022-11-03 19:29:11 +00:00
- name : CONTAINER_STATS_ENABLED
value : {{ (quote .Values.kubecostModel.containerStatsEnabled) | default (quote false) }}
- name : RECONCILE_NETWORK
value : {{ (quote .Values.kubecostModel.reconcileNetwork) | default (quote true) }}
{{- if .Values.systemProxy.enabled }}
- name : HTTP_PROXY
value : {{ .Values.systemProxy.httpProxyUrl }}
- name : http_proxy
value : {{ .Values.systemProxy.httpProxyUrl }}
- name : HTTPS_PROXY
value : {{ .Values.systemProxy.httpsProxyUrl }}
- name : https_proxy
value : {{ .Values.systemProxy.httpsProxyUrl }}
- name : NO_PROXY
value : {{ .Values.systemProxy.noProxy }}
- name : no_proxy
value : {{ .Values.systemProxy.noProxy }}
{{- end }}
{{- if .Values.kubecostMetrics }}
{{- if .Values.kubecostMetrics.exporter }}
- name : KUBECOST_METRICS_POD_ENABLED
value : {{ (quote .Values.kubecostMetrics.exporter.enabled) | default (quote false) }}
{{- end }}
{{- end }}
- name : PV_ENABLED
value : {{ (quote .Values.persistentVolume.enabled) | default (quote true) }}
- name : MAX_QUERY_CONCURRENCY
value : {{ (quote .Values.kubecostModel.maxQueryConcurrency) | default (quote 5) }}
- name : UTC_OFFSET
value : {{ (quote .Values.kubecostModel.utcOffset) | default (quote ) }}
{{- if .Values.networkCosts }}
{{- if .Values.networkCosts.enabled }}
- name : NETWORK_COSTS_PORT
value : {{ quote .Values.networkCosts.port | default (quote 3001) }}
{{- end }}
{{- end }}
{{- /*
If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true
to ensure that the custom query service target is used. The global.thanos.enabled
flag does not have any affect on this behavior.
*/}}
{{- if .Values.global.thanos.queryService }}
- name : THANOS_ENABLED
value : "true"
- name : THANOS_QUERY_URL
value : {{ .Values.global.thanos.queryService }}
- name : THANOS_QUERY_OFFSET
value : {{ .Values.global.thanos.queryOffset | default "3h" }}
- name : THANOS_MAX_SOURCE_RESOLUTION
value : {{ .Values.kubecostModel.maxSourceResolution | default "raw" }}
{{- else if and .Values.global.thanos.enabled .Values.thanos }}
{{- if .Values.thanos.query }}
{{- if .Values.thanos.query.enabled }}
- name : THANOS_ENABLED
{{- if .Values.hosted }}
value : "false"
{{- else }}
value : "true"
{{- end }}
- name : THANOS_QUERY_URL
value : http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }}
- name : THANOS_QUERY_OFFSET
value : {{ .Values.global.thanos.queryOffset | default "3h" }}
- name : THANOS_MAX_SOURCE_RESOLUTION
value : {{ .Values.kubecostModel.maxSourceResolution | default "raw" }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.oidc.enabled }}
- name : OIDC_ENABLED
value : "true"
{{- end}}
{{- if .Values.saml }}
{{- if .Values.saml.enabled }}
- name : SAML_ENABLED
value : "true"
- name : IDP_URL
value : {{ .Values.saml.idpMetadataURL }}
- name : SP_HOST
value : {{ .Values.saml.appRootURL }}
{{- if .Values.saml.audienceURI }}
- name : AUDIENCE_URI
value : {{ .Values.saml.audienceURI }}
{{- end }}
{{- if .Values.saml.isGLUUProvider }}
- name : GLUU_SAML_PROVIDER
value : {{ (quote .Values.saml.isGLUUProvider) }}
{{- end }}
{{- if .Values.saml.nameIDFormat }}
- name : NAME_ID_FORMAT
value : {{ .Values.saml.nameIDFormat }}
{{- end}}
{{- if .Values.saml.authTimeout }}
- name : AUTH_TOKEN_TIMEOUT
value : {{ (quote .Values.saml.authTimeout) }}
{{- end}}
{{- if .Values.saml.redirectURL }}
- name : LOGOUT_REDIRECT_URL
value : {{ .Values.saml.redirectURL }}
{{- end}}
{{- if .Values.saml.rbac.enabled }}
- name : SAML_RBAC_ENABLED
value : "true"
{{- end }}
{{- end }}
{{- end }}
{{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }}
- name : CLUSTER_ID
value : {{ .Values.prometheus.server.global.external_labels.cluster_id }}
{{- end }}
{{- if .Values.prometheus.server.clusterIDConfigmap }}
- name : CLUSTER_ID
valueFrom :
configMapKeyRef :
name : {{ .Values.prometheus.server.clusterIDConfigmap }}
key : CLUSTER_ID
{{- end }}
{{- if .Values.remoteWrite.postgres.installLocal }}
- name : SQL_ADDRESS
value : pgprometheus
{{- else }}
- name : SQL_ADDRESS
value : {{ .Values.remoteWrite.postgres.remotePostgresAddress }}
{{- end }}
{{- if .Values.kubecostModel.promClusterIDLabel }}
- name : PROM_CLUSTER_ID_LABEL
value : {{ .Values.kubecostModel.promClusterIDLabel }}
{{- end }}
{{- if .Values.hosted }}
- name : KUBECOST_CONFIG_BUCKET
value : /var/secrets/object-store.yaml
- name : CLUSTER_INFO_FILE_ENABLED
value : "true"
- name : CLUSTER_CACHE_FILE_ENABLED
value : "true"
{{- end }}
{{- if .Values.reporting.googleAnalyticsTag }}
- name : GOOGLE_ANALYTICS_TAG
value : {{ .Values.reporting.googleAnalyticsTag }}
{{- end }}
2023-03-10 23:07:57 +00:00
{{- if .Values.costEventsAudit }}
- name : COST_EVENTS_AUDIT_ENABLED
value : {{ (quote .Values.costEventsAudit.enabled) | default (quote false) }}
{{- end }}
2022-11-03 19:29:11 +00:00
{{- /*
Leader/Follower has baseline requirements before enabling :
* ETL FileStore Enabled
* Bucket Backup Configured
* Replicas > 1
*/}}
{{- if .Values.kubecostDeployment }}
{{- if .Values.kubecostDeployment.leaderFollower }}
{{- if .Values.kubecostDeployment.leaderFollower.enabled -}}
{{- $etlFileStore := .Values.kubecostModel.etlFileStoreEnabled }}
{{- if not $etlFileStore }}
{{- fail "Leader/Follower requires kubecostModel.etlFileStoreEnabled be true." }}
{{- end -}}
{{- if (eq (quote .Values.kubecostModel.etlBucketConfigSecret) "") }}
{{- fail "Leader/Follower requires kubecostModel.etlBucketConfigSecret be valid." }}
{{- end -}}
{{- $replicas := .Values.kubecostDeployment.replicas | default 1 }}
{{- if not (gt (int $replicas) 1) }}
{{- fail "Leader/Follower should be used with kubecostDeployment.replicas > 1" }}
{{- end }}
{{- /*
Checks to ensure that the named template returns true if we've made it here
*/}}
{{- $result := include "cost-analyzer.leaderFollowerEnabled" . }}
{{- if not $result }}
{{- fail (quote $result) }}
{{- end }}
- name : LEADER_FOLLOWER_ENABLED
value : "true"
{{- end }}
{{- end }}
{{- end }}
- name : RELEASE_NAME
value : {{ .Release.Name }}
- name : KUBECOST_NAMESPACE
value : {{ .Release.Namespace }}
- name : POD_NAME
valueFrom :
fieldRef :
apiVersion : v1
fieldPath : metadata.name
- name : KUBECOST_TOKEN
valueFrom :
configMapKeyRef :
name : {{ template "cost-analyzer.fullname" . }}
key : kubecost-token
{{- if .Values.kubecostFrontend }}
{{- if .Values.kubecostFrontend.fullImageName }}
- image : {{ .Values.kubecostFrontend.fullImageName }}
{{- else if .Values.imageVersion }}
- image : {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }}
{{- else }}
- image : {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }}
{{ end }}
{{- else }}
- image : gcr.io/kubecost1/frontend:prod-{{ $.Chart.AppVersion }}
{{ end }}
{{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }}
command : [ "nginx" , "-g" , "daemon off;" ]
ports :
- containerPort : 443
{{- end }}
{{- end }}
env :
- name : GET_HOSTS_FROM
value : dns
{{- if .Values.kubecostFrontend.extraEnv -}}
{{ toYaml .Values.kubecostFrontend.extraEnv | nindent 12 }}
{{- end }}
name : cost-analyzer-frontend
2022-12-15 17:25:29 +00:00
{{- if .Values.kubecostFrontend.securityContext }}
securityContext :
{{- toYaml .Values.kubecostFrontend.securityContext | nindent 12 }}
{{ end }}
2022-11-03 19:29:11 +00:00
volumeMounts :
2022-12-15 17:25:29 +00:00
- name : tmp
mountPath : /tmp
2022-11-03 19:29:11 +00:00
- name : nginx-conf
mountPath : /etc/nginx/conf.d/
2023-03-10 23:07:57 +00:00
{{- if .Values.global.containerSecuritycontext }}
- mountPath : /var/cache/nginx
name : cache
- mountPath : /var/run
name : tmp
{{- end }}
2022-11-03 19:29:11 +00:00
{{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }}
- name : tls
mountPath : /etc/ssl/certs
{{- end }}
{{- end }}
resources :
{{ toYaml .Values.kubecostFrontend.resources | indent 12 }}
{{- if .Values.kubecostFrontend.imagePullPolicy }}
imagePullPolicy : {{ .Values.kubecostFrontend.imagePullPolicy }}
{{- else }}
imagePullPolicy : Always
{{- end }}
readinessProbe :
httpGet :
path : /healthz
port : 9003
initialDelaySeconds : 30
periodSeconds : 10
failureThreshold : 200
2023-03-10 23:07:57 +00:00
{{- if .Values.kubecostFrontend.livenessProbe.enabled }}
livenessProbe :
httpGet :
path : /healthz
port : 9003
initialDelaySeconds : {{ .Values.kubecostFrontend.livenessProbe.initialDelaySeconds }}
periodSeconds : {{ .Values.kubecostFrontend.livenessProbe.periodSeconds }}
failureThreshold : {{ .Values.kubecostFrontend.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.global.containerSecuritycontext }}
securityContext :
{{- toYaml .Values.global.containerSecuritycontext | nindent 12 }}
{{- end }}
2022-11-03 19:29:11 +00:00
{{- if .Values.imagePullSecrets }}
imagePullSecrets :
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.priority }}
{{- if .Values.priority.enabled }}
{{- if gt (len .Values.priority.name) 0 }}
priorityClassName : {{ .Values.priority.name }}
{{- else }}
priorityClassName : {{ template "cost-analyzer.fullname" . }}-priority
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector :
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations :
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity :
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
