diff --git a/assets/kasten/k10-6.5.1201.tgz b/assets/kasten/k10-6.5.1201.tgz new file mode 100644 index 000000000..13f71efb1 Binary files /dev/null and b/assets/kasten/k10-6.5.1201.tgz differ diff --git a/charts/kasten/k10/Chart.lock b/charts/kasten/k10/Chart.lock index 10852c0c5..3dd4bf512 100644 --- a/charts/kasten/k10/Chart.lock +++ b/charts/kasten/k10/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 7.3.2 - name: prometheus repository: "" - version: 25.12.0 -digest: sha256:f3e6926f6a711f61ab0e6598105cbee8806113bb02992529f05c3645fe99161c -generated: "2024-04-06T01:13:26.749949259Z" + version: 25.18.0 +digest: sha256:e35117c8aba9f6bde24ae45b5e05b0342b03029dfb2676236c389572cc502066 +generated: "2024-04-20T03:47:20.475656567Z" diff --git a/charts/kasten/k10/Chart.yaml b/charts/kasten/k10/Chart.yaml index 4b7f18a09..4a7a91418 100644 --- a/charts/kasten/k10/Chart.yaml +++ b/charts/kasten/k10/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 6.5.11 +appVersion: 6.5.12 dependencies: - condition: grafana.enabled name: grafana @@ -13,7 +13,7 @@ dependencies: - condition: prometheus.server.enabled name: prometheus repository: file://./charts/prometheus - version: 25.12.0 + version: 25.18.0 description: Kasten’s K10 Data Management Platform home: https://kasten.io/ icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png @@ -21,4 +21,4 @@ maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 6.5.1101 +version: 6.5.1201 diff --git a/charts/kasten/k10/README.md b/charts/kasten/k10/README.md index 7a1929c7a..f03e250cc 100644 --- a/charts/kasten/k10/README.md +++ b/charts/kasten/k10/README.md @@ -69,13 +69,22 @@ Parameter | Description | Default `serviceAccount.create`| Specifies whether a ServiceAccount should be created | `true` `serviceAccount.name` | The name of the ServiceAccount to use. If not set, a name is derived using the release and chart names. | `None` `ingress.create` | Specifies whether the K10 dashboard should be exposed via ingress | `false` +`ingress.name` | Optional name of the Ingress object for the K10 dashboard. If not set, the name is formed using the release name. | `{Release.Name}-ingress` `ingress.class` | Cluster ingress controller class: `nginx`, `GCE` | `None` `ingress.host` | FQDN (e.g., `k10.example.com`) for name-based virtual host | `None` `ingress.urlPath` | URL path for K10 Dashboard (e.g., `/k10`) | `Release.Name` +`ingress.pathType` | Specifies the path type for the ingress resource | `ImplementationSpecific` `ingress.annotations` | Additional Ingress object annotations | `{}` `ingress.tls.enabled` | Configures a TLS use for `ingress.host` | `false` `ingress.tls.secretName` | Specifies a name of TLS secret | `None` -`ingress.pathType` | Specifies the path type for the ingress resource | `ImplementationSpecific` +`ingress.defaultBackend.service.enabled` | Configures the default backend backed by a service for the K10 dashboard Ingress (mutually exclusive setting with `ingress.defaultBackend.resource.enabled`). | `false` +`ingress.defaultBackend.service.name` | The name of a service referenced by the default backend (required if the service-backed default backend is used). | `None` +`ingress.defaultBackend.service.port.name` | The port name of a service referenced by the default backend (mutually exclusive setting with port `number`, required if the service-backed default backend is used). | `None` +`ingress.defaultBackend.service.port.number` | The port number of a service referenced by the default backend (mutually exclusive setting with port `name`, required if the service-backed default backend is used). | `None` +`ingress.defaultBackend.resource.enabled` | Configures the default backend backed by a resource for the K10 dashboard Ingress (mutually exclusive setting with `ingress.defaultBackend.service.enabled`). | `false` +`ingress.defaultBackend.resource.apiGroup` | Optional API group of a resource backing the default backend. | `''` +`ingress.defaultBackend.resource.kind` | The type of a resource being referenced by the default backend (required if the resource default backend is used). | `None` +`ingress.defaultBackend.resource.name` | The name of a resource being referenced by the default backend (required if the resource default backend is used). | `None` `global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi` `global.persistence.catalog.size` | Size of a volume for catalog service | `global.persistence.size` `global.persistence.jobs.size` | Size of a volume for jobs service | `global.persistence.size` @@ -99,6 +108,7 @@ Parameter | Description | Default `secrets.azureTenantId` | Azure tenant ID (required for Azure deployment) | `None` `secrets.azureClientId` | Azure Service App ID | `None` `secrets.azureClientSecret` | Azure Service APP secret | `None` +`secrets.azureClientSecretName` | The secret that contains ClientID, ClientSecret and TenantID for Azure | `None` `secrets.azureResourceGroup` | Resource Group name that was created for the Kubernetes cluster | `None` `secrets.azureSubscriptionID` | Subscription ID in your Azure tenant | `None` `secrets.azureResourceMgrEndpoint` | Resource management endpoint for the Azure Stack instance | `None` @@ -194,6 +204,10 @@ Parameter | Description | Default `gateway.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for gateway pod | `{}` `gateway.service.externalPort` | Specifies the gateway services external port | `80` `genericVolumeSnapshot.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for Generic Volume Snapshot restore pods | `{}` +`multicluster.enabled` | Choose whether to enable the multi-cluster system components and capabilities | `true` +`multicluster.primary.create` | Choose whether to setup cluster as a multi-cluster primary | `false` +`multicluster.primary.name` | Primary cluster name | `''` +`multicluster.primary.ingressURL` | Primary cluster dashboard URL | `''` `prometheus.k10image.registry` | (optional) Set Prometheus image registry. | `gcr.io` `prometheus.k10image.repository` | (optional) Set Prometheus image repository. | `kasten-images` `prometheus.rbac.create` | (optional) Whether to create Prometheus RBAC configuration. Warning - this action will allow prometheus to scrape pods in all k8s namespaces | `false` @@ -239,6 +253,7 @@ Parameter | Description | Default `limiter.genericVolumeRestores` | Limit of concurrent generic volume snapshot restore operations | `10` `limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10` `limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10` +`limiter.imageCopies` | Limit of concurrent image copy operations | `10` `cluster.domainName` | Specifies the domain name of the cluster | `cluster.local` `kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45` `kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600` @@ -265,6 +280,7 @@ Parameter | Description | Default `forceRootInKanisterHooks` | Forces Kanister Execution Hooks to run with root privileges | `true` `defaultPriorityClassName` | Specifies the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for all K10 deployments and ephemeral pods | `None` `priorityClassName.` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}` +`ephemeralPVCOverhead` | Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. PVC size = (file raw size) * (1 + `ephemeralPVCOverhead`) | `0.1` ## Helm tips and tricks diff --git a/charts/kasten/k10/charts/prometheus/Chart.yaml b/charts/kasten/k10/charts/prometheus/Chart.yaml index db8964b16..f8a1d4cec 100644 --- a/charts/kasten/k10/charts/prometheus/Chart.yaml +++ b/charts/kasten/k10/charts/prometheus/Chart.yaml @@ -6,24 +6,24 @@ annotations: - name: Upstream Project url: https://github.com/prometheus/prometheus apiVersion: v2 -appVersion: v2.49.1 +appVersion: v2.51.0 dependencies: - condition: alertmanager.enabled name: alertmanager repository: https://prometheus-community.github.io/helm-charts - version: 1.7.* + version: 1.10.* - condition: kube-state-metrics.enabled name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 5.16.* + version: 5.17.* - condition: prometheus-node-exporter.enabled name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 4.26.* + version: 4.31.* - condition: prometheus-pushgateway.enabled name: prometheus-pushgateway repository: https://prometheus-community.github.io/helm-charts - version: 2.6.* + version: 2.8.* description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png @@ -50,4 +50,4 @@ sources: - https://github.com/prometheus/node_exporter - https://github.com/kubernetes/kube-state-metrics type: application -version: 25.12.0 +version: 25.18.0 diff --git a/charts/kasten/k10/charts/prometheus/OWNERS b/charts/kasten/k10/charts/prometheus/OWNERS new file mode 100644 index 000000000..0cfd95021 --- /dev/null +++ b/charts/kasten/k10/charts/prometheus/OWNERS @@ -0,0 +1,6 @@ +approvers: +- mgoodness +- gianrubio +reviewers: +- mgoodness +- gianrubio diff --git a/charts/kasten/k10/charts/prometheus/README.md b/charts/kasten/k10/charts/prometheus/README.md index 2cb744ce8..73a97e48c 100644 --- a/charts/kasten/k10/charts/prometheus/README.md +++ b/charts/kasten/k10/charts/prometheus/README.md @@ -334,7 +334,6 @@ To manually setup RBAC you need to set the parameter `rbac.create=false` and spe > **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own. ### ConfigMap Files - AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod. Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod. diff --git a/charts/kasten/k10/charts/prometheus/charts/alertmanager/Chart.yaml b/charts/kasten/k10/charts/prometheus/charts/alertmanager/Chart.yaml index 08fdd03c6..3ecfc5d0c 100644 --- a/charts/kasten/k10/charts/prometheus/charts/alertmanager/Chart.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/alertmanager/Chart.yaml @@ -4,7 +4,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: v0.26.0 +appVersion: v0.27.0 description: The Alertmanager handles alerts sent by client applications such as the Prometheus server. home: https://prometheus.io/ @@ -21,4 +21,4 @@ name: alertmanager sources: - https://github.com/prometheus/alertmanager type: application -version: 1.7.0 +version: 1.10.0 diff --git a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/services.yaml b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/services.yaml index 9637ae758..eefb9ce16 100644 --- a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/services.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/services.yaml @@ -13,6 +13,10 @@ metadata: {{- end }} namespace: {{ include "alertmanager.namespace" . }} spec: + {{- if .Values.service.ipDualStack.enabled }} + ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }} + ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }} + {{- end }} type: {{ .Values.service.type }} {{- with .Values.service.loadBalancerIP }} loadBalancerIP: {{ . }} diff --git a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml index 25d81a921..807fd6839 100644 --- a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml @@ -12,6 +12,7 @@ metadata: namespace: {{ include "alertmanager.namespace" . }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: diff --git a/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml b/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml index fa3b355a5..3bf947a32 100644 --- a/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml @@ -114,6 +114,12 @@ service: # Optionally specify extra list of additional ports exposed on both services extraPorts: [] + # ip dual stack + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + # Configuration for creating a separate Service for each statefulset Alertmanager replica # servicePerReplica: @@ -235,6 +241,13 @@ topologySpreadConstraints: [] statefulSet: annotations: {} +## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to +## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). +## This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds +## feature gate. +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minimum-ready-seconds +minReadySeconds: 0 + podAnnotations: {} podLabels: {} diff --git a/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/Chart.yaml b/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/Chart.yaml index 8ae62ebb6..64b196c9a 100644 --- a/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/Chart.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/Chart.yaml @@ -4,7 +4,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: 2.10.1 +appVersion: 2.11.0 description: Install kube-state-metrics to generate and expose cluster-level metrics home: https://github.com/kubernetes/kube-state-metrics/ keywords: @@ -23,4 +23,4 @@ name: kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics/ type: application -version: 5.16.0 +version: 5.17.0 diff --git a/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml b/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml index 373f7dcc5..64e76703b 100644 --- a/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml @@ -115,10 +115,10 @@ spec: {{- if .Values.selfMonitor.telemetryPort }} - --telemetry-port={{ $telemetryPort }} {{- end }} + {{- end }} {{- if .Values.customResourceState.enabled }} - --custom-resource-state-config-file=/etc/customresourcestate/config.yaml {{- end }} - {{- end }} {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }} volumeMounts: {{- if .Values.kubeconfig.enabled }} @@ -149,7 +149,7 @@ spec: livenessProbe: failureThreshold: {{ .Values.livenessProbe.failureThreshold }} httpGet: - {{- if .Values.kubeRBACProxy.enabled }} + {{- if .Values.hostNetwork }} host: 127.0.0.1 {{- end }} httpHeaders: @@ -167,7 +167,7 @@ spec: readinessProbe: failureThreshold: {{ .Values.readinessProbe.failureThreshold }} httpGet: - {{- if .Values.kubeRBACProxy.enabled }} + {{- if .Values.hostNetwork }} host: 127.0.0.1 {{- end }} httpHeaders: diff --git a/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/values.yaml b/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/values.yaml index 7f312961d..75aa2f7e9 100644 --- a/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/values.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/values.yaml @@ -37,7 +37,10 @@ autosharding: replicas: 1 -# Change the deployment strategy when autosharding is disabled +# Change the deployment strategy when autosharding is disabled. +# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# The default is "RollingUpdate" as per Kubernetes defaults. +# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data. # updateStrategy: Recreate # Number of old history to retain to allow rollback @@ -108,7 +111,12 @@ kubeRBACProxy: ## Specify security settings for a Container ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - containerSecurityContext: {} + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -245,6 +253,7 @@ securityContext: ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/Chart.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/Chart.yaml index 5c8d45453..3aa7db686 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/Chart.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/Chart.yaml @@ -22,4 +22,4 @@ name: prometheus-node-exporter sources: - https://github.com/prometheus/node_exporter/ type: application -version: 4.26.0 +version: 4.31.0 diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl index 84552fe47..8e84832cb 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -183,3 +183,20 @@ labelNameLengthLimit: {{ . }} labelValueLengthLimit: {{ . }} {{- end }} {{- end }} + +{{/* Sets sidecar volumeMounts */}} +{{- define "prometheus-node-exporter.sidecarVolumeMounts" -}} +{{- range $_, $mount := $.Values.sidecarVolumeMount }} +- name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} +{{- end }} +{{- range $_, $mount := $.Values.sidecarHostVolumeMounts }} +- name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} +{{- if $mount.mountPropagation }} + mountPropagation: {{ $mount.mountPropagation }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/daemonset.yaml index 82dba5cab..23896a230 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/daemonset.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -40,6 +40,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }} + {{- with .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} containers: {{- $servicePort := ternary .Values.kubeRBACProxy.port .Values.service.port .Values.kubeRBACProxy.enabled }} - name: node-exporter @@ -50,7 +53,7 @@ spec: - --path.sysfs=/host/sys {{- if .Values.hostRootFsMount.enabled }} - --path.rootfs=/host/root - {{- if semverCompare ">=1.4.0" (coalesce .Values.version .Values.image.tag .Chart.AppVersion) }} + {{- if semverCompare ">=1.4.0-0" (coalesce .Values.version .Values.image.tag .Chart.AppVersion) }} - --path.udev.data=/host/root/run/udev/data {{- end }} {{- end }} @@ -124,12 +127,24 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.terminationMessageParams.enabled }} + {{- with .Values.terminationMessageParams }} + terminationMessagePath: {{ .terminationMessagePath }} + terminationMessagePolicy: {{ .terminationMessagePolicy }} + {{- end }} + {{- end }} volumeMounts: - name: proc mountPath: /host/proc + {{- with .Values.hostProcFsMount.mountPropagation }} + mountPropagation: {{ . }} + {{- end }} readOnly: true - name: sys mountPath: /host/sys + {{- with .Values.hostSysFsMount.mountPropagation }} + mountPropagation: {{ . }} + {{- end }} readOnly: true {{- if .Values.hostRootFsMount.enabled }} - name: root @@ -160,24 +175,10 @@ spec: - name: {{ .name }} mountPath: {{ .mountPath }} {{- end }} - {{- with .Values.sidecars }} - {{- toYaml . | nindent 8 }} - {{- if or $.Values.sidecarVolumeMount $.Values.sidecarHostVolumeMounts }} - volumeMounts: - {{- range $_, $mount := $.Values.sidecarVolumeMount }} - - name: {{ $mount.name }} - mountPath: {{ $mount.mountPath }} - readOnly: {{ $mount.readOnly }} - {{- end }} - {{- range $_, $mount := $.Values.sidecarHostVolumeMounts }} - - name: {{ $mount.name }} - mountPath: {{ $mount.mountPath }} - readOnly: {{ $mount.readOnly }} - {{- if $mount.mountPropagation }} - mountPropagation: {{ $mount.mountPropagation }} - {{- end }} - {{- end }} - {{- end }} + {{- range .Values.sidecars }} + {{- $overwrites := dict "volumeMounts" (concat (include "prometheus-node-exporter.sidecarVolumeMounts" $ | fromYamlArray) (.volumeMounts | default list) | default list) }} + {{- $defaults := dict "image" (include "prometheus-node-exporter.image" $) "securityContext" $.Values.containerSecurityContext "imagePullPolicy" $.Values.image.pullPolicy }} + - {{- toYaml (merge $overwrites . $defaults) | nindent 10 }} {{- end }} {{- if .Values.kubeRBACProxy.enabled }} - name: kube-rbac-proxy @@ -187,7 +188,7 @@ spec: {{- end }} - --secure-listen-address=:{{ .Values.service.port}} - --upstream=http://127.0.0.1:{{ $servicePort }}/ - - --proxy-endpoints-port=8888 + - --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort }} - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml volumeMounts: - name: kube-rbac-proxy-config @@ -204,18 +205,34 @@ spec: {{- if .Values.kubeRBACProxy.enableHostPort }} hostPort: {{ .Values.service.port }} {{- end }} - - containerPort: 8888 + - containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }} + {{- if .Values.kubeRBACProxy.enableProxyEndpointsHostPort }} + hostPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }} + {{- end }} name: "http-healthz" readinessProbe: httpGet: scheme: HTTPS - port: 8888 + port: {{ .Values.kubeRBACProxy.proxyEndpointsPort }} path: healthz initialDelaySeconds: 5 timeoutSeconds: 5 {{- if .Values.kubeRBACProxy.resources }} resources: - {{ toYaml .Values.kubeRBACProxy.resources | nindent 12 }} + {{- toYaml .Values.kubeRBACProxy.resources | nindent 12 }} + {{- end }} + {{- if .Values.terminationMessageParams.enabled }} + {{- with .Values.terminationMessageParams }} + terminationMessagePath: {{ .terminationMessagePath }} + terminationMessagePolicy: {{ .terminationMessagePolicy }} + {{- end }} + {{- end }} + {{- with .Values.kubeRBACProxy.env }} + env: + {{- range $key, $value := $.Values.kubeRBACProxy.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} {{- end }} {{- if .Values.kubeRBACProxy.containerSecurityContext }} securityContext: @@ -240,6 +257,9 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.restartPolicy }} + restartPolicy: {{ . }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} @@ -260,6 +280,9 @@ spec: - name: {{ $mount.name }} hostPath: path: {{ $mount.hostPath }} + {{- with $mount.type }} + type: {{ . }} + {{- end }} {{- end }} {{- range $_, $mount := .Values.sidecarVolumeMount }} - name: {{ $mount.name }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml index fad11ea0e..8246df236 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml @@ -39,6 +39,9 @@ global: # The requests are served through the same service but requests are HTTPS. kubeRBACProxy: enabled: false + ## Set environment variables as name/value pairs + env: {} + # VARIABLE: value image: registry: quay.io repository: brancz/kube-rbac-proxy @@ -46,7 +49,7 @@ kubeRBACProxy: sha: "" pullPolicy: IfNotPresent - # List of additional cli arguments to configure kube-rbac-prxy + # List of additional cli arguments to configure kube-rbac-proxy # for example: --tls-cipher-suites, --log-file, etc. # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage extraArgs: [] @@ -63,6 +66,12 @@ kubeRBACProxy: # Configure a hostPort. If true, hostPort will be enabled in the container and set to service.port. enableHostPort: false + # Configure Proxy Endpoints Port + # This is the port being probed for readiness + proxyEndpointsPort: 8888 + # Configure a hostPort. If true, hostPort will be enabled in the container and set to proxyEndpointsPort. + enableProxyEndpointsHostPort: false + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -266,6 +275,10 @@ resources: {} # cpu: 100m # memory: 30Mi +# Specify the container restart policy passed to the Node Export container +# Possible Values: Always (default)|OnFailure|Never +restartPolicy: null + serviceAccount: # Specifies whether a ServiceAccount should be created create: true @@ -317,6 +330,16 @@ hostRootFsMount: # https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation mountPropagation: HostToContainer +# Mount the node's proc file system (/proc) at /host/proc in the container +hostProcFsMount: + # Possible values are None, HostToContainer, and Bidirectional + mountPropagation: "" + +# Mount the node's sys file system (/sys) at /host/sys in the container +hostSysFsMount: + # Possible values are None, HostToContainer, and Bidirectional + mountPropagation: "" + ## Assign a group of affinity scheduling rules ## affinity: {} @@ -361,10 +384,23 @@ nodeSelector: kubernetes.io/os: linux # kubernetes.io/arch: amd64 +# Specify grace period for graceful termination of pods. Defaults to 30 if null or not specified +terminationGracePeriodSeconds: null + tolerations: - effect: NoSchedule operator: Exists +# Enable or disable container termination message settings +# https://kubernetes.io/docs/tasks/debug/debug-application/determine-reason-pod-failure/ +terminationMessageParams: + enabled: false + # If enabled, specify the path for termination messages + terminationMessagePath: /dev/termination-log + # If enabled, specify the policy for termination messages + terminationMessagePolicy: File + + ## Assign a PriorityClassName to pods if set # priorityClassName: "" @@ -379,6 +415,8 @@ extraArgs: [] extraHostVolumeMounts: [] # - name: # hostPath: +# https://kubernetes.io/docs/concepts/storage/volumes/#hostpath-volume-types +# type: "" (Default)|DirectoryOrCreate|Directory|FileOrCreate|File|Socket|CharDevice|BlockDevice # mountPath: # readOnly: true|false # mountPropagation: None|HostToContainer|Bidirectional @@ -395,18 +433,21 @@ secrets: [] ## namespaceOverride: "" -## Additional containers for export metrics to text file +## Additional containers for export metrics to text file; fields image,imagePullPolicy,securityContext take default value from main container ## sidecars: [] -## - name: nvidia-dcgm-exporter -## image: nvidia/dcgm-exporter:1.4.3 +# - name: nvidia-dcgm-exporter +# image: nvidia/dcgm-exporter:1.4.3 +# volumeMounts: +# - name: tmp +# mountPath: /tmp ## Volume for sidecar containers ## sidecarVolumeMount: [] -## - name: collector-textfiles -## mountPath: /run/prometheus -## readOnly: false +# - name: collector-textfiles +# mountPath: /run/prometheus +# readOnly: false ## Additional mounts from the host to sidecar containers ## diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/Chart.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/Chart.yaml index 30a07ef38..a8e923d3b 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/Chart.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/Chart.yaml @@ -21,4 +21,4 @@ name: prometheus-pushgateway sources: - https://github.com/prometheus/pushgateway type: application -version: 2.6.0 +version: 2.8.0 diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/NOTES.txt b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/NOTES.txt index 0196e2b37..263b1d8d4 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/NOTES.txt +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/NOTES.txt @@ -4,16 +4,16 @@ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-pushgateway.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-pushgateway.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-pushgateway.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-pushgateway.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-pushgateway.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus-pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-pushgateway.namespace" . }} {{ template "prometheus-pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus-pushgateway.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9091 to use your application" + export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-pushgateway.namespace" . }} -l "app.kubernetes.io/name={{ template "prometheus-pushgateway.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") kubectl port-forward $POD_NAME 9091 + echo "Visit http://127.0.0.1:9091 to use your application" {{- end }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl index 6182e074d..af9bad350 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl @@ -116,6 +116,7 @@ Returns pod spec */}} {{- define "prometheus-pushgateway.podSpec" -}} serviceAccountName: {{ include "prometheus-pushgateway.serviceAccountName" . }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -181,10 +182,29 @@ nodeSelector: tolerations: {{- toYaml . | nindent 2 }} {{- end }} -{{- with .Values.affinity }} +{{- if or .Values.podAntiAffinity .Values.affinity }} affinity: - {{- toYaml . | nindent 2 }} {{- end }} + {{- with .Values.affinity }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- if eq .Values.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [{{ include "prometheus-pushgateway.name" . }}]} + {{- else if eq .Values.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [{{ include "prometheus-pushgateway.name" . }}]} + {{- end }} {{- with .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml . | nindent 2 }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/serviceaccount.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/serviceaccount.yaml index ab5e2452c..88f147048 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/serviceaccount.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/serviceaccount.yaml @@ -13,4 +13,5 @@ metadata: {{- end }} name: {{ include "prometheus-pushgateway.serviceAccountName" . }} namespace: {{ template "prometheus-pushgateway.namespace" . }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- end }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml index 4eb0b9108..1f67939db 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml @@ -32,6 +32,9 @@ service: loadBalancerIP: "" loadBalancerSourceRanges: [] +# Whether to automatically mount a service account token into the pod +automountServiceAccountToken: true + # Optional pod annotations podAnnotations: {} @@ -210,6 +213,18 @@ containerSecurityContext: {} ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} +## Pod anti-affinity can prevent the scheduler from placing pushgateway replicas on the same node. +## The value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. +## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. +## The default value "" will disable pod anti-affinity so that no anti-affinity rules will be configured (unless set in `affinity`). +## +podAntiAffinity: "" + +## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. +## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone +## +podAntiAffinityTopologyKey: kubernetes.io/hostname + ## Topology spread constraints for pods ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: [] diff --git a/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl index 0810e3c04..098b4f535 100644 --- a/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl @@ -231,4 +231,3 @@ Define prometheus.server.remoteRead producing a list of remoteRead configuration {{- end -}} {{ toYaml $remoteReads }} {{- end -}} - diff --git a/charts/kasten/k10/charts/prometheus/templates/deploy.yaml b/charts/kasten/k10/charts/prometheus/templates/deploy.yaml index 93f93c44c..7602b757f 100644 --- a/charts/kasten/k10/charts/prometheus/templates/deploy.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/deploy.yaml @@ -296,10 +296,29 @@ spec: tolerations: {{ toYaml .Values.server.tolerations | indent 8 }} {{- end }} - {{- if .Values.server.affinity }} + {{- if or .Values.server.affinity .Values.server.podAntiAffinity }} affinity: -{{ toYaml .Values.server.affinity | indent 8 }} {{- end }} + {{- with .Values.server.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if eq .Values.server.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]} + {{- else if eq .Values.server.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]} + {{- end }} {{- with .Values.server.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml . | nindent 8 }} diff --git a/charts/kasten/k10/charts/prometheus/templates/sts.yaml b/charts/kasten/k10/charts/prometheus/templates/sts.yaml index 79ba18426..1050b663b 100644 --- a/charts/kasten/k10/charts/prometheus/templates/sts.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/sts.yaml @@ -299,10 +299,29 @@ spec: tolerations: {{ toYaml .Values.server.tolerations | indent 8 }} {{- end }} - {{- if .Values.server.affinity }} + {{- if or .Values.server.affinity .Values.server.podAntiAffinity }} affinity: -{{ toYaml .Values.server.affinity | indent 8 }} {{- end }} + {{- with .Values.server.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if eq .Values.server.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]} + {{- else if eq .Values.server.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]} + {{- end }} {{- with .Values.server.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml . | nindent 8 }} diff --git a/charts/kasten/k10/charts/prometheus/values.schema.json b/charts/kasten/k10/charts/prometheus/values.schema.json index aba767d88..8a5cd3bbd 100644 --- a/charts/kasten/k10/charts/prometheus/values.schema.json +++ b/charts/kasten/k10/charts/prometheus/values.schema.json @@ -396,6 +396,14 @@ "podAnnotations": { "type": "object" }, + "podAntiAffinity": { + "type": "string", + "enum": ["", "soft", "hard"], + "default": "" + }, + "podAntiAffinityTopologyKey": { + "type": "string" + }, "podDisruptionBudget": { "type": "object", "properties": { diff --git a/charts/kasten/k10/charts/prometheus/values.yaml b/charts/kasten/k10/charts/prometheus/values.yaml index d792b6443..59616430e 100644 --- a/charts/kasten/k10/charts/prometheus/values.yaml +++ b/charts/kasten/k10/charts/prometheus/values.yaml @@ -60,7 +60,7 @@ configmapReload: ## image: repository: quay.io/prometheus-operator/prometheus-config-reloader - tag: v0.71.2 + tag: v0.72.0 # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). digest: "" pullPolicy: IfNotPresent @@ -397,6 +397,18 @@ server: ## affinity: {} + ## Pod anti-affinity can prevent the scheduler from placing Prometheus server replicas on the same node. + ## The value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The default value "" will disable pod anti-affinity so that no anti-affinity rules will be configured (unless set in `server.affinity`). + ## + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + ## Pod topology spread constraints ## ref. https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: [] diff --git a/charts/kasten/k10/grafana/dashboards/default/default.json b/charts/kasten/k10/grafana/dashboards/default/default.json index eb58bdf62..163461a0f 100644 --- a/charts/kasten/k10/grafana/dashboards/default/default.json +++ b/charts/kasten/k10/grafana/dashboards/default/default.json @@ -4900,9 +4900,910 @@ ], "title": "Data reduction", "type": "row" - } + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 55 + }, + "id": 1013, + "panels": [ + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "points", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 4, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s", + "unitScale": true + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/#.*/" + }, + "properties": [ + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.axisPlacement", + "value": "right" + }, + { + "id": "decimals", + "value": 0 + }, + { + "id": "custom.scaleDistribution", + "value": { + "type": "linear" + } + }, + { + "id": "custom.drawStyle", + "value": "line" + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + }, + { + "id": "custom.showPoints", + "value": "never" + }, + { + "id": "custom.axisSoftMin", + "value": 0 + }, + { + "id": "custom.axisLabel", + "value": "# volumes" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#Volumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# Volumes Under Transfer" + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "solid" + } + }, + { + "id": "custom.lineWidth", + "value": 0.4 + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#UploadSessionVolumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# VBR Session Volumes" + }, + { + "id": "custom.lineWidth", + "value": 0 + }, + { + "id": "custom.fillOpacity", + "value": 25 + }, + { + "id": "color", + "value": { + "fixedColor": "dark-blue", + "mode": "shades" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "id": 1006, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum (max_over_time(data_operation_volume_count{}[2m]))", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#Volumes", + "range": true, + "refId": "VOLUME_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#UploadSessionVolumes", + "range": true, + "refId": "VBR_SESSION_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum by (data_format,operation,storage_class,repo_name) (rate(data_operation_normalized_duration_sum{}[2m])) / sum by (data_format,operation,storage_class,repo_name) (rate(data_operation_normalized_duration_count{}[2m]))", + "hide": false, + "instant": false, + "legendFormat": "{{operation}} {{storage_class}}/{{repo_name}} ({{data_format}})", + "range": true, + "refId": "NORMALIZED_DURATION_BY_STORAGE_CLASS_LOC" + } + ], + "title": "Normalized operation duration by storage class, location and data format (time/MiB)", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "points", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 4, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s", + "unitScale": true + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/#.*/" + }, + "properties": [ + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.axisPlacement", + "value": "right" + }, + { + "id": "decimals", + "value": 0 + }, + { + "id": "custom.scaleDistribution", + "value": { + "type": "linear" + } + }, + { + "id": "custom.drawStyle", + "value": "line" + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + }, + { + "id": "custom.showPoints", + "value": "never" + }, + { + "id": "custom.axisSoftMin", + "value": 0 + }, + { + "id": "custom.axisLabel", + "value": "# volumes" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#Volumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# Volumes Under Transfer" + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "solid" + } + }, + { + "id": "custom.lineWidth", + "value": 0.4 + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#UploadSessionVolumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# VBR Session Volumes" + }, + { + "id": "custom.lineWidth", + "value": 0 + }, + { + "id": "custom.fillOpacity", + "value": 25 + }, + { + "id": "color", + "value": { + "fixedColor": "dark-blue", + "mode": "shades" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 1012, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum (max_over_time(data_operation_volume_count{}[2m]))", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#Volumes", + "range": true, + "refId": "VOLUME_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#UploadSessionVolumes", + "range": true, + "refId": "VBR_SESSION_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum by (data_format,operation,namespace,pvc_name) (rate(data_operation_duration_sum{}[2m])) / sum by (data_format,operation,namespace,pvc_name) (rate(data_operation_duration_count{}[2m]))", + "hide": false, + "instant": false, + "legendFormat": "{{operation}} {{namespace}}/{{pvc_name}} ({{data_format}})", + "range": true, + "refId": "DURATION_BY_PVC" + } + ], + "title": "Operation duration by pvc and data format", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "points", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 4, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps", + "unitScale": true + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/#.*/" + }, + "properties": [ + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.axisPlacement", + "value": "right" + }, + { + "id": "decimals", + "value": 0 + }, + { + "id": "custom.scaleDistribution", + "value": { + "type": "linear" + } + }, + { + "id": "custom.drawStyle", + "value": "line" + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + }, + { + "id": "custom.showPoints", + "value": "never" + }, + { + "id": "custom.axisSoftMin", + "value": 0 + }, + { + "id": "custom.axisLabel", + "value": "# volumes" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#Volumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# Volumes Under Transfer" + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "solid" + } + }, + { + "id": "custom.lineWidth", + "value": 0.4 + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#UploadSessionVolumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# VBR Session Volumes" + }, + { + "id": "custom.lineWidth", + "value": 0 + }, + { + "id": "custom.fillOpacity", + "value": 25 + }, + { + "id": "color", + "value": { + "fixedColor": "dark-blue", + "mode": "shades" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "id": 1011, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum (max_over_time(data_operation_volume_count{}[2m]))", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#Volumes", + "range": true, + "refId": "VOLUME_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#UploadSessionVolumes", + "range": true, + "refId": "VBR_SESSION_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "avg by (data_format, operation, storage_class, repo_name) (rate(data_operation_bytes{}[$__rate_interval]))", + "hide": false, + "instant": false, + "legendFormat": "{{operation}} {{storage_class}}/{{repo_name}} ({{data_format}})", + "range": true, + "refId": "RATE_BY_STORAGE_CLASS" + } + ], + "title": "Operation transfer rate by storage class, location and data format", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "points", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 4, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps", + "unitScale": true + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/#.*/" + }, + "properties": [ + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.axisPlacement", + "value": "right" + }, + { + "id": "decimals", + "value": 0 + }, + { + "id": "custom.scaleDistribution", + "value": { + "type": "linear" + } + }, + { + "id": "custom.drawStyle", + "value": "line" + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + }, + { + "id": "custom.showPoints", + "value": "never" + }, + { + "id": "custom.axisSoftMin", + "value": 0 + }, + { + "id": "custom.axisLabel", + "value": "# volumes" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#Volumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# Volumes Under Transfer" + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "solid" + } + }, + { + "id": "custom.lineWidth", + "value": 0.4 + }, + { + "id": "custom.lineInterpolation", + "value": "stepAfter" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "#UploadSessionVolumes" + }, + "properties": [ + { + "id": "displayName", + "value": "# VBR Session Volumes" + }, + { + "id": "custom.lineWidth", + "value": 0 + }, + { + "id": "custom.fillOpacity", + "value": 25 + }, + { + "id": "color", + "value": { + "fixedColor": "dark-blue", + "mode": "shades" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "id": 1004, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum (max_over_time(data_operation_volume_count{}[2m]))", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#Volumes", + "range": true, + "refId": "VOLUME_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "#UploadSessionVolumes", + "range": true, + "refId": "VBR_SESSION_COUNT", + "useBackend": false + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "avg by (data_format, operation, namespace, pvc_name) (rate(data_operation_bytes{}[$__rate_interval]))", + "hide": false, + "instant": false, + "legendFormat": "{{operation}} {{namespace}}/{{pvc_name}} ({{data_format}})", + "range": true, + "refId": "RATE_BY_PVC" + } + ], + "title": "Operation transfer rate by pvc and data format", + "type": "timeseries" + } + ], + "title": "Data transfer operations", + "type": "row" + } ], - "schemaVersion": 37, + "schemaVersion": 39, "style": "dark", "tags": [], "templating": { @@ -4950,5 +5851,5 @@ "timezone": "", "title": "K10 Dashboard", "uid": "8Ebb3xS7k", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/charts/kasten/k10/templates/_definitions.tpl b/charts/kasten/k10/templates/_definitions.tpl index b0edd4429..5016b775e 100644 --- a/charts/kasten/k10/templates/_definitions.tpl +++ b/charts/kasten/k10/templates/_definitions.tpl @@ -29,9 +29,9 @@ vbrintegrationapi: {{- end -}} {{- define "k10.colocatedServiceLookup" -}} crypto: +- bloblifecyclemanager - garbagecollector - repositories -- bloblifecyclemanager dashboardbff: - vbrintegrationapi state: @@ -92,6 +92,7 @@ state: {{- define "k10.defaultK10LimiterGenericVolumeCopies" -}}10{{- end -}} {{- define "k10.defaultK10LimiterGenericVolumeRestores" -}}10{{- end -}} {{- define "k10.defaultK10LimiterCsiSnapshots" -}}10{{- end -}} +{{- define "k10.defaultK10LimiterImageCopies" -}}10{{- end -}} {{- define "k10.defaultK10LimiterProviderSnapshots" -}}10{{- end -}} {{- define "k10.defaultK10GCDaemonPeriod" -}}21600{{- end -}} {{- define "k10.defaultK10GCKeepMaxActions" -}}1000{{- end -}} diff --git a/charts/kasten/k10/templates/_helpers.tpl b/charts/kasten/k10/templates/_helpers.tpl index 4cbd4b755..6e9a0c6a7 100644 --- a/charts/kasten/k10/templates/_helpers.tpl +++ b/charts/kasten/k10/templates/_helpers.tpl @@ -115,6 +115,16 @@ {{- $internal_capabilities = append $internal_capabilities "mc" -}} {{- end -}} + {{- /* FIPS */ -}} + {{- $fips := .Values.fips | default dict -}} + {{- if $fips.enabled -}} + {{- $internal_capabilities = append $internal_capabilities "fips" -}} + + {{- if not $fips.allowNonFIPSImports -}} + {{- $internal_capabilities = append $internal_capabilities "fips.strict.migrations" -}} + {{- end -}} + {{- end -}} + {{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}} {{- end -}} @@ -491,7 +501,7 @@ Checks and enforces only 1 set of azure creds is specified {{ if and (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureMSIWithDefaultID" .) "true") }} {{- fail "useDefaultMSI is set to true, but an additional ClientID is also provided. Please choose one." }} {{- end -}} -{{ if and (eq (include "check.azureClientSecretCreds" .) "true") (or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureMSIWithDefaultID" .) "true")) }} +{{ if and ( or (eq (include "check.azureClientSecretCreds" .) "true") (eq (include "check.azuresecret" .) "true" )) (or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureMSIWithDefaultID" .) "true")) }} {{- fail "Both Azure ClientSecret and Managed Identity creds are available, but only one is allowed. Please choose one." }} {{- end -}} {{- end -}} @@ -613,6 +623,12 @@ Check if Azure creds are specified {{- end -}} {{- end -}} +{{- define "check.azuresecret" -}} +{{- if .Values.secrets.azureClientSecretName }} +{{- print true -}} +{{- end -}} +{{- end -}} + {{/* Check if Vsphere creds are specified */}} @@ -934,6 +950,24 @@ Is ingress part of stable APIVersion. {{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}} {{- end -}} +{{/* +Check if `ingress.defaultBackend` is properly formatted when specified. +*/}} +{{- define "check.ingress.defaultBackend" -}} + {{- if .Values.ingress.defaultBackend -}} + {{- if and .Values.ingress.defaultBackend.service.enabled .Values.ingress.defaultBackend.resource.enabled -}} + {{- fail "Both `service` and `resource` cannot be enabled in the `ingress.defaultBackend`. Provide only one." -}} + {{- end -}} + {{- if .Values.ingress.defaultBackend.service.enabled -}} + {{- if and (not .Values.ingress.defaultBackend.service.port.name) (not .Values.ingress.defaultBackend.service.port.number) -}} + {{- fail "Provide either `name` or `number` in the `ingress.defaultBackend.service.port`." -}} + {{- end -}} + {{- if and .Values.ingress.defaultBackend.service.port.name .Values.ingress.defaultBackend.service.port.number -}} + {{- fail "Both `name` and `number` cannot be specified in the `ingress.defaultBackend.service.port`. Provide only one." -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} {{- define "check.validatePrometheusConfig" -}} {{if and ( and .Values.global.prometheus.external.host .Values.global.prometheus.external.port) .Values.prometheus.server.enabled}} diff --git a/charts/kasten/k10/templates/_k10_container.tpl b/charts/kasten/k10/templates/_k10_container.tpl index 089a47a2a..f41d33cc5 100644 --- a/charts/kasten/k10/templates/_k10_container.tpl +++ b/charts/kasten/k10/templates/_k10_container.tpl @@ -105,7 +105,24 @@ stating that types are not same for the equality check name: google-secret key: kasten-gke-project {{- end }} -{{- if eq (include "check.azurecreds" .) "true" }} +{{- if or (eq (include "check.azuresecret" .) "true") (eq (include "check.azurecreds" .) "true" ) }} +{{- if eq (include "check.azuresecret" .) "true" }} + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.azureClientSecretName }} + key: azure_client_id + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.azureClientSecretName }} + key: azure_tenant_id + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.azureClientSecretName }} + key: azure_client_secret +{{- else }} {{- if or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureClientSecretCreds" .) "true") }} - name: AZURE_CLIENT_ID valueFrom: @@ -125,6 +142,7 @@ stating that types are not same for the equality check name: azure-creds key: azure_client_secret {{- end }} +{{- end }} {{- if .Values.secrets.azureResourceGroup }} - name: AZURE_RESOURCE_GROUP valueFrom: @@ -437,11 +455,28 @@ stating that types are not same for the equality check configMapKeyRef: name: k10-config key: K10LimiterProviderSnapshots + - name: K10_LIMITER_IMAGE_COPIES + valueFrom: + configMapKeyRef: + name: k10-config + key: K10LimiterImageCopies + - name: K10_EPHEMERAL_PVC_OVERHEAD + valueFrom: + configMapKeyRef: + name: k10-config + key: K10EphemeralPVCOverhead - name: AWS_ASSUME_ROLE_DURATION valueFrom: configMapKeyRef: name: k10-config key: AWSAssumeRoleDuration +{{- if (list "kanister" "executor" "repositories" | has $service) }} + - name: K10_DATA_STORE_DISABLE_COMPRESSION + valueFrom: + configMapKeyRef: + name: k10-config + key: k10DataStoreDisableCompression +{{- end }} {{- if (list "dashboardbff" "catalog" "executor" "crypto" | has $service) }} {{- if .Values.metering.mode }} - name: K10REPORTMODE diff --git a/charts/kasten/k10/templates/_k10_image_tag.tpl b/charts/kasten/k10/templates/_k10_image_tag.tpl index b149051de..7d7eb0082 100644 --- a/charts/kasten/k10/templates/_k10_image_tag.tpl +++ b/charts/kasten/k10/templates/_k10_image_tag.tpl @@ -1 +1 @@ -{{- define "k10.imageTag" -}}6.5.11{{- end -}} \ No newline at end of file +{{- define "k10.imageTag" -}}6.5.12{{- end -}} \ No newline at end of file diff --git a/charts/kasten/k10/templates/ingress.yaml b/charts/kasten/k10/templates/ingress.yaml index e80f8817e..1d5723e56 100644 --- a/charts/kasten/k10/templates/ingress.yaml +++ b/charts/kasten/k10/templates/ingress.yaml @@ -2,13 +2,14 @@ {{- $service_port := .Values.gateway.service.externalPort -}} {{ if .Values.ingress.create }} {{ include "authEnabled.check" . }} +{{ include "check.ingress.defaultBackend" . }} apiVersion: {{ template "ingress.apiVersion" . }} kind: Ingress metadata: labels: {{ include "helm.labels" . | indent 4 }} namespace: {{ .Release.Namespace }} - name: {{ .Release.Name }}-ingress + name: {{ .Values.ingress.name | default (printf "%s-ingress" .Release.Name) }} annotations: {{ include "ingressClassAnnotation" . | indent 4 }} {{- if and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey }} @@ -20,6 +21,31 @@ metadata: {{- end }} spec: {{ include "specIngressClassName" . | indent 2 }} +{{ with .Values.ingress.defaultBackend }} + {{- if or .service.enabled .resource.enabled }} + defaultBackend: + {{- with .service }} + {{- if .enabled }} + service: + name: {{ required "`name` is required in the `ingress.defaultBackend.service`." .name }} + port: + {{- if .port.name }} + name: {{ .port.name }} + {{- else if .port.number }} + number: {{ .port.number }} + {{- end }} + {{- end }} + {{- end }} + {{- with .resource }} + {{- if .enabled }} + resource: + apiGroup: {{ .apiGroup }} + name: {{ required "`name` is required in the `ingress.defaultBackend.resource`." .name }} + kind: {{ required "`kind` is required in the `ingress.defaultBackend.resource`." .kind }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} {{- if .Values.ingress.tls.enabled }} tls: - hosts: diff --git a/charts/kasten/k10/templates/k10-config.yaml b/charts/kasten/k10/templates/k10-config.yaml index 0dc1d8dcc..8ae4dbd45 100644 --- a/charts/kasten/k10/templates/k10-config.yaml +++ b/charts/kasten/k10/templates/k10-config.yaml @@ -20,6 +20,7 @@ data: apiDomain: {{ include "apiDomain" . }} concurrentSnapConversions: {{ default (include "k10.defaultConcurrentSnapshotConversions" .) .Values.limiter.concurrentSnapConversions | quote }} concurrentWorkloadSnapshots: {{ include "k10.defaultConcurrentWorkloadSnapshots" . | quote }} + k10DataStoreDisableCompression: "false" k10DataStoreParallelUpload: {{ include "k10.defaultK10DataStoreParallelUpload" . | quote }} k10DataStoreGeneralContentCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralContentCacheSizeMB" . | quote }} k10DataStoreGeneralMetadataCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralMetadataCacheSizeMB" . | quote }} @@ -48,6 +49,7 @@ data: K10LimiterGenericVolumeRestores: {{ default (include "k10.defaultK10LimiterGenericVolumeRestores" .) .Values.limiter.genericVolumeRestores | quote }} K10LimiterCsiSnapshots: {{ default (include "k10.defaultK10LimiterCsiSnapshots" .) .Values.limiter.csiSnapshots | quote }} K10LimiterProviderSnapshots: {{ default (include "k10.defaultK10LimiterProviderSnapshots" .) .Values.limiter.providerSnapshots | quote }} + K10LimiterImageCopies: {{ default (include "k10.defaultK10LimiterImageCopies" .) .Values.limiter.imageCopies | quote }} K10ExecutorWorkerCount: {{ default (include "k10.defaultK10ExecutorWorkerCount" .) .Values.services.executor.workerCount | quote }} K10ExecutorMaxConcurrentRestoreCsiSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreCsiSnapshots" .) .Values.services.executor.maxConcurrentRestoreCsiSnapshots | quote }} K10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots" .) .Values.services.executor.maxConcurrentRestoreGenericVolumeSnapshots | quote }} @@ -56,7 +58,9 @@ data: K10GCDaemonPeriod: {{ default (include "k10.defaultK10GCDaemonPeriod" .) .Values.garbagecollector.daemonPeriod | quote }} K10GCKeepMaxActions: {{ default (include "k10.defaultK10GCKeepMaxActions" .) .Values.garbagecollector.keepMaxActions | quote }} K10GCActionsEnabled: {{ default (include "k10.defaultK10GCActionsEnabled" .) .Values.garbagecollector.actions.enabled | quote }} - + + K10EphemeralPVCOverhead: {{ .Values.ephemeralPVCOverhead | quote }} + K10DefaultPriorityClassName: {{ default (include "k10.defaultK10DefaultPriorityClassName" .) .Values.defaultPriorityClassName | quote }} kubeVirtVMsUnFreezeTimeout: {{ default (include "k10.defaultKubeVirtVMsUnfreezeTimeout" .) .Values.kubeVirtVMs.snapshot.unfreezeTimeout | quote }} diff --git a/charts/kasten/k10/templates/networkpolicy.yaml b/charts/kasten/k10/templates/networkpolicy.yaml index 6ad570b1d..9cb3ac4ae 100644 --- a/charts/kasten/k10/templates/networkpolicy.yaml +++ b/charts/kasten/k10/templates/networkpolicy.yaml @@ -226,6 +226,28 @@ spec: ports: - protocol: TCP port: 8080 +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: auth-dex-allow + namespace: {{ .Release.Namespace }} + labels: +{{ include "helm.labels" . | indent 4 }} +spec: + podSelector: + matchLabels: + release: {{ .Release.Name }} + run: auth-svc + ingress: + - from: + - podSelector: + matchLabels: + run: auth-svc + release: {{ .Release.Name }} + ports: + - protocol: TCP + port: 8080 {{- end -}} {{- $mainCtx := . }} {{- $colocatedList := include "get.enabledColocatedSvcList" . | fromYaml }} diff --git a/charts/kasten/k10/templates/secrets.yaml b/charts/kasten/k10/templates/secrets.yaml index 90b26fcd7..9eda4b87e 100644 --- a/charts/kasten/k10/templates/secrets.yaml +++ b/charts/kasten/k10/templates/secrets.yaml @@ -57,6 +57,7 @@ metadata: name: azure-creds type: Opaque data: + {{- if not (eq (include "check.azuresecret" .) "true" ) }} {{- if or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureClientSecretCreds" .) "true") }} azure_client_id: {{ required "secrets.azureClientId field is required!" .Values.secrets.azureClientId | b64enc | quote }} {{- end }} @@ -64,6 +65,7 @@ data: azure_tenant_id: {{ required "secrets.azureTenantId field is required!" .Values.secrets.azureTenantId | b64enc | quote }} azure_client_secret: {{ required "secrets.azureClientSecret field is required!" .Values.secrets.azureClientSecret | b64enc | quote }} {{- end }} + {{- end }} azure_resource_group: {{ default "" .Values.secrets.azureResourceGroup | b64enc | quote }} azure_subscription_id: {{ default "" .Values.secrets.azureSubscriptionID | b64enc | quote }} azure_resource_manager_endpoint: {{ default "" .Values.secrets.azureResourceMgrEndpoint | b64enc | quote }} diff --git a/charts/kasten/k10/values.schema.json b/charts/kasten/k10/values.schema.json index 4adc36b4b..b3d07f464 100644 --- a/charts/kasten/k10/values.schema.json +++ b/charts/kasten/k10/values.schema.json @@ -626,9 +626,21 @@ "default": false, "title": "Enable TLS", "description": "Configures a TLS use for ingress.host" + }, + "secretName": { + "type": "string", + "default": "", + "title": "TLS secret name", + "description": "Specifies the name of the secret to configure ingress.tls[].secretName" } } }, + "name": { + "type": "string", + "default": "", + "title": "Ingress name", + "description": "Optional name of the Ingress object for the K10 dashboard." + }, "class": { "type": "string", "default": "", @@ -663,6 +675,88 @@ "Prefix", "ImplementationSpecific" ] + }, + "defaultBackend": { + "type": "object", + "title": "Ingress default backend", + "description": "Optional default backend for the Ingress object.", + "properties": { + "service": { + "type": "object", + "title": "Ingress default backend service", + "description": "A service referenced by the default backend (mutually exclusive with `resource`).", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "title": "Enable service default backend.", + "description": "Enable the default backend backed by a service." + }, + "name": { + "type": "string", + "default": "", + "title": "Service name", + "description": "Name of a service referenced by the default backend." + }, + "port": { + "type": "object", + "title": "Service port", + "description": "A port of a service referenced by the default backend.", + "properties": { + "name": { + "type": "string", + "default": "", + "title": "Port name", + "description": "Port name of a service referenced by the default backend (mutually exclusive with `number`)." + }, + "number": { + "type": "integer", + "default": 0, + "title": "Port number", + "description": "Port number of a service referenced by the default backend (mutually exclusive with `name`)." + } + } + } + } + }, + "resource": { + "type": "object", + "title": "Ingress default backend resource", + "description": "A resource referenced by the default backend (mutually exclusive with `service`).", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "title": "Enable resource default backend.", + "description": "Enable the default backend backed by a resource." + }, + "apiGroup": { + "type": "string", + "default": "", + "title": "Resource API group", + "description": "Optional API group of a resource referenced by the default backend.", + "examples": [ + "k8s.example.com" + ] + }, + "kind": { + "type": "string", + "default": "", + "title": "Resource kind", + "description": "Type of a resource referenced by the default backend.", + "examples": [ + "StorageBucket" + ] + }, + "name": { + "type": "string", + "default": "", + "title": "Resource name", + "description": "Name of a resource referenced by the default backend." + } + } + } + } } } }, @@ -956,6 +1050,12 @@ "title": "Azure client Secret", "description": "Azure Service APP secret" }, + "azureClientSecretName": { + "type": "string", + "default": "", + "title": "Secret with Azure credentials", + "description": "Specify a Secret directly instead of having to provide azureClientId, azureTenantId and azureClientSecret" + }, "azureResourceGroup": { "type": "string", "default": "", @@ -2201,6 +2301,12 @@ "default": 10, "title": "Concurrent cloud provider create", "description": "Limit of concurrent cloud provider create operations" + }, + "imageCopies": { + "type": "integer", + "default": 10, + "title": "Concurrent image copy", + "description": "Limit of concurrent image copy operations" } } }, @@ -2565,6 +2671,12 @@ "default": true, "title": "Run Kanister Hooks as root", "description": "Forces Kanister Execution Hooks to run with root privileges" + }, + "ephemeralPVCOverhead": { + "type": "number", + "default": 0.1, + "title": "Storage overhead for ephemeral PVCs", + "description": "Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. pvc size = (file raw size) * (1 + `ephemeralPVCOverhead`)" } } } diff --git a/charts/kasten/k10/values.yaml b/charts/kasten/k10/values.yaml index d60356564..66e90c53d 100644 --- a/charts/kasten/k10/values.yaml +++ b/charts/kasten/k10/values.yaml @@ -135,12 +135,26 @@ kanisterToolsImage: ingress: create: false + name: "" tls: enabled: false + secretName: "" #TLS secret name class: "" #Ingress controller type host: "" #ingress object host name urlPath: "" #url path for k10 gateway pathType: "ImplementationSpecific" + defaultBackend: + service: + enabled: false + name: "" + port: + name: "" + number: 0 + resource: + enabled: false + apiGroup: "" + kind: "" + name: "" eula: accept: false #true value if EULA accepted @@ -196,6 +210,7 @@ secrets: azureTenantId: '' azureClientId: '' azureClientSecret: '' + azureClientSecretName: '' azureResourceGroup: '' azureSubscriptionID: '' azureResourceMgrEndpoint: '' @@ -418,6 +433,7 @@ limiter: genericVolumeRestores: 10 csiSnapshots: 10 providerSnapshots: 10 + imageCopies: 10 gateway: insecureDisableSSLVerify: false @@ -488,3 +504,5 @@ reporting: maxJobWaitDuration: "" forceRootInKanisterHooks: true + +ephemeralPVCOverhead: 0.1 diff --git a/index.yaml b/index.yaml index 3475a587f..e6d32809e 100644 --- a/index.yaml +++ b/index.yaml @@ -29176,6 +29176,34 @@ entries: - assets/trilio/k8s-triliovault-operator-v2.0.200.tgz version: v2.0.200 k10: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 6.5.12 + created: "2024-04-21T00:55:40.105625299Z" + dependencies: + - condition: grafana.enabled + name: grafana + repository: file://./charts/grafana + version: 7.3.2 + - condition: prometheus.server.enabled + name: prometheus + repository: file://./charts/prometheus + version: 25.18.0 + description: Kasten’s K10 Data Management Platform + digest: 7168aabefb4d1e465fb92dfa7fd6c957e06736b5a51ab0838efa0c582c2336a0 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-6.5.1201.tgz + version: 6.5.1201 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: K10