andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  kasten/k10:
    - 6.5.12
```
pull/1015/head
github-actions[bot] 2024-04-21 00:55:49 +00:00
parent 26c8760ba4
commit 1a6ac901be
40 changed files with 1482 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/kasten/k10-6.5.1201.tgz Normal file
View File

Binary file not shown.

6
charts/kasten/k10/Chart.lock
View File

@ -4,6 +4,6 @@ dependencies:
version: 7.3.2 version: 7.3.2
- name: prometheus - name: prometheus
repository: "" repository: ""
version: 25.12.0 version: 25.18.0
digest: sha256:f3e6926f6a711f61ab0e6598105cbee8806113bb02992529f05c3645fe99161c digest: sha256:e35117c8aba9f6bde24ae45b5e05b0342b03029dfb2676236c389572cc502066
generated: "2024-04-06T01:13:26.749949259Z" generated: "2024-04-20T03:47:20.475656567Z"

6
charts/kasten/k10/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10 catalog.cattle.io/release-name: k10
apiVersion: v2 apiVersion: v2
appVersion: 6.5.11 appVersion: 6.5.12
dependencies: dependencies:
- condition: grafana.enabled - condition: grafana.enabled
name: grafana name: grafana
@ -13,7 +13,7 @@ dependencies:
- condition: prometheus.server.enabled - condition: prometheus.server.enabled
name: prometheus name: prometheus
repository: file://./charts/prometheus repository: file://./charts/prometheus
version: 25.12.0 version: 25.18.0
description: Kastens K10 Data Management Platform description: Kastens K10 Data Management Platform
home: https://kasten.io/ home: https://kasten.io/
icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png
@ -21,4 +21,4 @@ maintainers:
- email: contact@kasten.io - email: contact@kasten.io
name: kastenIO name: kastenIO
name: k10 name: k10
version: 6.5.1101 version: 6.5.1201

18
charts/kasten/k10/README.md
View File

@ -69,13 +69,22 @@ Parameter | Description | Default
`serviceAccount.create`| Specifies whether a ServiceAccount should be created | `true` `serviceAccount.create`| Specifies whether a ServiceAccount should be created | `true`
`serviceAccount.name` | The name of the ServiceAccount to use. If not set, a name is derived using the release and chart names. | `None` `serviceAccount.name` | The name of the ServiceAccount to use. If not set, a name is derived using the release and chart names. | `None`
`ingress.create` | Specifies whether the K10 dashboard should be exposed via ingress | `false` `ingress.create` | Specifies whether the K10 dashboard should be exposed via ingress | `false`
`ingress.name` | Optional name of the Ingress object for the K10 dashboard. If not set, the name is formed using the release name. | `{Release.Name}-ingress`
`ingress.class` | Cluster ingress controller class: `nginx`, `GCE` | `None` `ingress.class` | Cluster ingress controller class: `nginx`, `GCE` | `None`
`ingress.host` | FQDN (e.g., `k10.example.com`) for name-based virtual host | `None` `ingress.host` | FQDN (e.g., `k10.example.com`) for name-based virtual host | `None`
`ingress.urlPath` | URL path for K10 Dashboard (e.g., `/k10`) | `Release.Name` `ingress.urlPath` | URL path for K10 Dashboard (e.g., `/k10`) | `Release.Name`
`ingress.pathType` | Specifies the path type for the ingress resource | `ImplementationSpecific`
`ingress.annotations` | Additional Ingress object annotations | `{}` `ingress.annotations` | Additional Ingress object annotations | `{}`
`ingress.tls.enabled` | Configures a TLS use for `ingress.host` | `false` `ingress.tls.enabled` | Configures a TLS use for `ingress.host` | `false`
`ingress.tls.secretName` | Specifies a name of TLS secret | `None` `ingress.tls.secretName` | Specifies a name of TLS secret | `None`
`ingress.pathType` | Specifies the path type for the ingress resource | `ImplementationSpecific` `ingress.defaultBackend.service.enabled` | Configures the default backend backed by a service for the K10 dashboard Ingress (mutually exclusive setting with `ingress.defaultBackend.resource.enabled`). | `false`
`ingress.defaultBackend.service.name` | The name of a service referenced by the default backend (required if the service-backed default backend is used). | `None`
`ingress.defaultBackend.service.port.name` | The port name of a service referenced by the default backend (mutually exclusive setting with port `number`, required if the service-backed default backend is used). | `None`
`ingress.defaultBackend.service.port.number` | The port number of a service referenced by the default backend (mutually exclusive setting with port `name`, required if the service-backed default backend is used). | `None`
`ingress.defaultBackend.resource.enabled` | Configures the default backend backed by a resource for the K10 dashboard Ingress (mutually exclusive setting with `ingress.defaultBackend.service.enabled`). | `false`
`ingress.defaultBackend.resource.apiGroup` | Optional API group of a resource backing the default backend. | `''`
`ingress.defaultBackend.resource.kind` | The type of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
`ingress.defaultBackend.resource.name` | The name of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
`global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi` `global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi`
`global.persistence.catalog.size` | Size of a volume for catalog service | `global.persistence.size` `global.persistence.catalog.size` | Size of a volume for catalog service | `global.persistence.size`
`global.persistence.jobs.size` | Size of a volume for jobs service | `global.persistence.size` `global.persistence.jobs.size` | Size of a volume for jobs service | `global.persistence.size`
@ -99,6 +108,7 @@ Parameter | Description | Default
`secrets.azureTenantId` | Azure tenant ID (required for Azure deployment) | `None` `secrets.azureTenantId` | Azure tenant ID (required for Azure deployment) | `None`
`secrets.azureClientId` | Azure Service App ID | `None` `secrets.azureClientId` | Azure Service App ID | `None`
`secrets.azureClientSecret` | Azure Service APP secret | `None` `secrets.azureClientSecret` | Azure Service APP secret | `None`
`secrets.azureClientSecretName` | The secret that contains ClientID, ClientSecret and TenantID for Azure | `None`
`secrets.azureResourceGroup` | Resource Group name that was created for the Kubernetes cluster | `None` `secrets.azureResourceGroup` | Resource Group name that was created for the Kubernetes cluster | `None`
`secrets.azureSubscriptionID` | Subscription ID in your Azure tenant | `None` `secrets.azureSubscriptionID` | Subscription ID in your Azure tenant | `None`
`secrets.azureResourceMgrEndpoint` | Resource management endpoint for the Azure Stack instance | `None` `secrets.azureResourceMgrEndpoint` | Resource management endpoint for the Azure Stack instance | `None`
@ -194,6 +204,10 @@ Parameter | Description | Default
`gateway.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for gateway pod | `{}` `gateway.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for gateway pod | `{}`
`gateway.service.externalPort` | Specifies the gateway services external port | `80` `gateway.service.externalPort` | Specifies the gateway services external port | `80`
`genericVolumeSnapshot.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for Generic Volume Snapshot restore pods | `{}` `genericVolumeSnapshot.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for Generic Volume Snapshot restore pods | `{}`
`multicluster.enabled` | Choose whether to enable the multi-cluster system components and capabilities | `true`
`multicluster.primary.create` | Choose whether to setup cluster as a multi-cluster primary | `false`
`multicluster.primary.name` | Primary cluster name | `''`
`multicluster.primary.ingressURL` | Primary cluster dashboard URL | `''`
`prometheus.k10image.registry` | (optional) Set Prometheus image registry. | `gcr.io` `prometheus.k10image.registry` | (optional) Set Prometheus image registry. | `gcr.io`
`prometheus.k10image.repository` | (optional) Set Prometheus image repository. | `kasten-images` `prometheus.k10image.repository` | (optional) Set Prometheus image repository. | `kasten-images`
`prometheus.rbac.create` | (optional) Whether to create Prometheus RBAC configuration. Warning - this action will allow prometheus to scrape pods in all k8s namespaces | `false` `prometheus.rbac.create` | (optional) Whether to create Prometheus RBAC configuration. Warning - this action will allow prometheus to scrape pods in all k8s namespaces | `false`
@ -239,6 +253,7 @@ Parameter | Description | Default
`limiter.genericVolumeRestores` | Limit of concurrent generic volume snapshot restore operations | `10` `limiter.genericVolumeRestores` | Limit of concurrent generic volume snapshot restore operations | `10`
`limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10` `limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10`
`limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10` `limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10`
`limiter.imageCopies` | Limit of concurrent image copy operations | `10`
`cluster.domainName` | Specifies the domain name of the cluster | `cluster.local` `cluster.domainName` | Specifies the domain name of the cluster | `cluster.local`
`kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45` `kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45`
`kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600` `kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600`
@ -265,6 +280,7 @@ Parameter | Description | Default
`forceRootInKanisterHooks` | Forces Kanister Execution Hooks to run with root privileges | `true` `forceRootInKanisterHooks` | Forces Kanister Execution Hooks to run with root privileges | `true`
`defaultPriorityClassName` | Specifies the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for all K10 deployments and ephemeral pods | `None` `defaultPriorityClassName` | Specifies the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for all K10 deployments and ephemeral pods | `None`
`priorityClassName.<deploymentName>` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}` `priorityClassName.<deploymentName>` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}`
`ephemeralPVCOverhead` | Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. PVC size = (file raw size) * (1 + `ephemeralPVCOverhead`) | `0.1`
## Helm tips and tricks ## Helm tips and tricks

12
charts/kasten/k10/charts/prometheus/Chart.yaml
View File

@ -6,24 +6,24 @@ annotations:
- name: Upstream Project - name: Upstream Project
url: https://github.com/prometheus/prometheus url: https://github.com/prometheus/prometheus
apiVersion: v2 apiVersion: v2
appVersion: v2.49.1 appVersion: v2.51.0
dependencies: dependencies:
- condition: alertmanager.enabled - condition: alertmanager.enabled
name: alertmanager name: alertmanager
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 1.7.* version: 1.10.*
- condition: kube-state-metrics.enabled - condition: kube-state-metrics.enabled
name: kube-state-metrics name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 5.16.* version: 5.17.*
- condition: prometheus-node-exporter.enabled - condition: prometheus-node-exporter.enabled
name: prometheus-node-exporter name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 4.26.* version: 4.31.*
- condition: prometheus-pushgateway.enabled - condition: prometheus-pushgateway.enabled
name: prometheus-pushgateway name: prometheus-pushgateway
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 2.6.* version: 2.8.*
description: Prometheus is a monitoring system and time series database. description: Prometheus is a monitoring system and time series database.
home: https://prometheus.io/ home: https://prometheus.io/
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
@ -50,4 +50,4 @@ sources:
- https://github.com/prometheus/node_exporter - https://github.com/prometheus/node_exporter
- https://github.com/kubernetes/kube-state-metrics - https://github.com/kubernetes/kube-state-metrics
type: application type: application
version: 25.12.0 version: 25.18.0

6
charts/kasten/k10/charts/prometheus/OWNERS Normal file
View File

@ -0,0 +1,6 @@
approvers:
- mgoodness
- gianrubio
reviewers:
- mgoodness
- gianrubio

1
charts/kasten/k10/charts/prometheus/README.md
View File

@ -334,7 +334,6 @@ To manually setup RBAC you need to set the parameter `rbac.create=false` and spe
> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own. > **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
### ConfigMap Files ### ConfigMap Files
AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod. AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod. Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.

4
charts/kasten/k10/charts/prometheus/charts/alertmanager/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
- name: Chart Source - name: Chart Source
url: https://github.com/prometheus-community/helm-charts url: https://github.com/prometheus-community/helm-charts
apiVersion: v2 apiVersion: v2
appVersion: v0.26.0 appVersion: v0.27.0
description: The Alertmanager handles alerts sent by client applications such as the description: The Alertmanager handles alerts sent by client applications such as the
Prometheus server. Prometheus server.
home: https://prometheus.io/ home: https://prometheus.io/
@ -21,4 +21,4 @@ name: alertmanager
sources: sources:
- https://github.com/prometheus/alertmanager - https://github.com/prometheus/alertmanager
type: application type: application
version: 1.7.0 version: 1.10.0

4
charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/services.yaml
View File

@ -13,6 +13,10 @@ metadata:
{{- end }} {{- end }}
namespace: {{ include "alertmanager.namespace" . }} namespace: {{ include "alertmanager.namespace" . }}
spec: spec:
{{- if .Values.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
{{- with .Values.service.loadBalancerIP }} {{- with .Values.service.loadBalancerIP }}
loadBalancerIP: {{ . }} loadBalancerIP: {{ . }}

1
charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml
View File

@ -12,6 +12,7 @@ metadata:
namespace: {{ include "alertmanager.namespace" . }} namespace: {{ include "alertmanager.namespace" . }}
spec: spec:
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ .Values.minReadySeconds }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
selector: selector:
matchLabels: matchLabels:

13
charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml
View File

@ -114,6 +114,12 @@ service:
# Optionally specify extra list of additional ports exposed on both services # Optionally specify extra list of additional ports exposed on both services
extraPorts: [] extraPorts: []
# ip dual stack
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# Configuration for creating a separate Service for each statefulset Alertmanager replica # Configuration for creating a separate Service for each statefulset Alertmanager replica
# #
servicePerReplica: servicePerReplica:
@ -235,6 +241,13 @@ topologySpreadConstraints: []
statefulSet: statefulSet:
annotations: {} annotations: {}
## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
## This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds
## feature gate.
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minimum-ready-seconds
minReadySeconds: 0
podAnnotations: {} podAnnotations: {}
podLabels: {} podLabels: {}

4
charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
- name: Chart Source - name: Chart Source
url: https://github.com/prometheus-community/helm-charts url: https://github.com/prometheus-community/helm-charts
apiVersion: v2 apiVersion: v2
appVersion: 2.10.1 appVersion: 2.11.0
description: Install kube-state-metrics to generate and expose cluster-level metrics description: Install kube-state-metrics to generate and expose cluster-level metrics
home: https://github.com/kubernetes/kube-state-metrics/ home: https://github.com/kubernetes/kube-state-metrics/
keywords: keywords:
@ -23,4 +23,4 @@ name: kube-state-metrics
sources: sources:
- https://github.com/kubernetes/kube-state-metrics/ - https://github.com/kubernetes/kube-state-metrics/
type: application type: application
version: 5.16.0 version: 5.17.0

6
charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml
View File

@ -115,10 +115,10 @@ spec:
{{- if .Values.selfMonitor.telemetryPort }} {{- if .Values.selfMonitor.telemetryPort }}
- --telemetry-port={{ $telemetryPort }} - --telemetry-port={{ $telemetryPort }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.customResourceState.enabled }} {{- if .Values.customResourceState.enabled }}
- --custom-resource-state-config-file=/etc/customresourcestate/config.yaml - --custom-resource-state-config-file=/etc/customresourcestate/config.yaml
{{- end }} {{- end }}
{{- end }}
{{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }} {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }}
volumeMounts: volumeMounts:
{{- if .Values.kubeconfig.enabled }} {{- if .Values.kubeconfig.enabled }}
@ -149,7 +149,7 @@ spec:
livenessProbe: livenessProbe:
failureThreshold: {{ .Values.livenessProbe.failureThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
httpGet: httpGet:
{{- if .Values.kubeRBACProxy.enabled }} {{- if .Values.hostNetwork }}
host: 127.0.0.1 host: 127.0.0.1
{{- end }} {{- end }}
httpHeaders: httpHeaders:
@ -167,7 +167,7 @@ spec:
readinessProbe: readinessProbe:
failureThreshold: {{ .Values.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet: httpGet:
{{- if .Values.kubeRBACProxy.enabled }} {{- if .Values.hostNetwork }}
host: 127.0.0.1 host: 127.0.0.1
{{- end }} {{- end }}
httpHeaders: httpHeaders:

13
charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/values.yaml
View File

@ -37,7 +37,10 @@ autosharding:
replicas: 1 replicas: 1
# Change the deployment strategy when autosharding is disabled # Change the deployment strategy when autosharding is disabled.
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
# The default is "RollingUpdate" as per Kubernetes defaults.
# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data.
# updateStrategy: Recreate # updateStrategy: Recreate
# Number of old history to retain to allow rollback # Number of old history to retain to allow rollback
@ -108,7 +111,12 @@ kubeRBACProxy:
## Specify security settings for a Container ## Specify security settings for a Container
## Allows overrides and additional options compared to (Pod) securityContext ## Allows overrides and additional options compared to (Pod) securityContext
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {} containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
@ -245,6 +253,7 @@ securityContext:
## Allows overrides and additional options compared to (Pod) securityContext ## Allows overrides and additional options compared to (Pod) securityContext
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:

2
charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/Chart.yaml
View File

@ -22,4 +22,4 @@ name: prometheus-node-exporter
sources: sources:
- https://github.com/prometheus/node_exporter/ - https://github.com/prometheus/node_exporter/
type: application type: application
version: 4.26.0 version: 4.31.0

17
charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl
View File

@ -183,3 +183,20 @@ labelNameLengthLimit: {{ . }}
labelValueLengthLimit: {{ . }} labelValueLengthLimit: {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* Sets sidecar volumeMounts */}}
{{- define "prometheus-node-exporter.sidecarVolumeMounts" -}}
{{- range $_, $mount := $.Values.sidecarVolumeMount }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- end }}
{{- range $_, $mount := $.Values.sidecarHostVolumeMounts }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- if $mount.mountPropagation }}
mountPropagation: {{ $mount.mountPropagation }}
{{- end }}
{{- end }}
{{- end }}

69
charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/daemonset.yaml
View File

@ -40,6 +40,9 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }} serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }}
{{- with .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
containers: containers:
{{- $servicePort := ternary .Values.kubeRBACProxy.port .Values.service.port .Values.kubeRBACProxy.enabled }} {{- $servicePort := ternary .Values.kubeRBACProxy.port .Values.service.port .Values.kubeRBACProxy.enabled }}
- name: node-exporter - name: node-exporter
@ -50,7 +53,7 @@ spec:
- --path.sysfs=/host/sys - --path.sysfs=/host/sys
{{- if .Values.hostRootFsMount.enabled }} {{- if .Values.hostRootFsMount.enabled }}
- --path.rootfs=/host/root - --path.rootfs=/host/root
{{- if semverCompare ">=1.4.0" (coalesce .Values.version .Values.image.tag .Chart.AppVersion) }} {{- if semverCompare ">=1.4.0-0" (coalesce .Values.version .Values.image.tag .Chart.AppVersion) }}
- --path.udev.data=/host/root/run/udev/data - --path.udev.data=/host/root/run/udev/data
{{- end }} {{- end }}
{{- end }} {{- end }}
@ -124,12 +127,24 @@ spec:
resources: resources:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.terminationMessageParams.enabled }}
{{- with .Values.terminationMessageParams }}
terminationMessagePath: {{ .terminationMessagePath }}
terminationMessagePolicy: {{ .terminationMessagePolicy }}
{{- end }}
{{- end }}
volumeMounts: volumeMounts:
- name: proc - name: proc
mountPath: /host/proc mountPath: /host/proc
{{- with .Values.hostProcFsMount.mountPropagation }}
mountPropagation: {{ . }}
{{- end }}
readOnly: true readOnly: true
- name: sys - name: sys
mountPath: /host/sys mountPath: /host/sys
{{- with .Values.hostSysFsMount.mountPropagation }}
mountPropagation: {{ . }}
{{- end }}
readOnly: true readOnly: true
{{- if .Values.hostRootFsMount.enabled }} {{- if .Values.hostRootFsMount.enabled }}
- name: root - name: root
@ -160,24 +175,10 @@ spec:
- name: {{ .name }} - name: {{ .name }}
mountPath: {{ .mountPath }} mountPath: {{ .mountPath }}
{{- end }} {{- end }}
{{- with .Values.sidecars }} {{- range .Values.sidecars }}
{{- toYaml . | nindent 8 }} {{- $overwrites := dict "volumeMounts" (concat (include "prometheus-node-exporter.sidecarVolumeMounts" $ | fromYamlArray) (.volumeMounts | default list) | default list) }}
{{- if or $.Values.sidecarVolumeMount $.Values.sidecarHostVolumeMounts }} {{- $defaults := dict "image" (include "prometheus-node-exporter.image" $) "securityContext" $.Values.containerSecurityContext "imagePullPolicy" $.Values.image.pullPolicy }}
volumeMounts: - {{- toYaml (merge $overwrites . $defaults) | nindent 10 }}
{{- range $_, $mount := $.Values.sidecarVolumeMount }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- end }}
{{- range $_, $mount := $.Values.sidecarHostVolumeMounts }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- if $mount.mountPropagation }}
mountPropagation: {{ $mount.mountPropagation }}
{{- end }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.kubeRBACProxy.enabled }} {{- if .Values.kubeRBACProxy.enabled }}
- name: kube-rbac-proxy - name: kube-rbac-proxy
@ -187,7 +188,7 @@ spec:
{{- end }} {{- end }}
- --secure-listen-address=:{{ .Values.service.port}} - --secure-listen-address=:{{ .Values.service.port}}
- --upstream=http://127.0.0.1:{{ $servicePort }}/ - --upstream=http://127.0.0.1:{{ $servicePort }}/
- --proxy-endpoints-port=8888 - --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort }}
- --config-file=/etc/kube-rbac-proxy-config/config-file.yaml - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml
volumeMounts: volumeMounts:
- name: kube-rbac-proxy-config - name: kube-rbac-proxy-config
@ -204,18 +205,34 @@ spec:
{{- if .Values.kubeRBACProxy.enableHostPort }} {{- if .Values.kubeRBACProxy.enableHostPort }}
hostPort: {{ .Values.service.port }} hostPort: {{ .Values.service.port }}
{{- end }} {{- end }}
- containerPort: 8888 - containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
{{- if .Values.kubeRBACProxy.enableProxyEndpointsHostPort }}
hostPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
{{- end }}
name: "http-healthz" name: "http-healthz"
readinessProbe: readinessProbe:
httpGet: httpGet:
scheme: HTTPS scheme: HTTPS
port: 8888 port: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
path: healthz path: healthz
initialDelaySeconds: 5 initialDelaySeconds: 5
timeoutSeconds: 5 timeoutSeconds: 5
{{- if .Values.kubeRBACProxy.resources }} {{- if .Values.kubeRBACProxy.resources }}
resources: resources:
{{ toYaml .Values.kubeRBACProxy.resources | nindent 12 }} {{- toYaml .Values.kubeRBACProxy.resources | nindent 12 }}
{{- end }}
{{- if .Values.terminationMessageParams.enabled }}
{{- with .Values.terminationMessageParams }}
terminationMessagePath: {{ .terminationMessagePath }}
terminationMessagePolicy: {{ .terminationMessagePolicy }}
{{- end }}
{{- end }}
{{- with .Values.kubeRBACProxy.env }}
env:
{{- range $key, $value := $.Values.kubeRBACProxy.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.kubeRBACProxy.containerSecurityContext }} {{- if .Values.kubeRBACProxy.containerSecurityContext }}
securityContext: securityContext:
@ -240,6 +257,9 @@ spec:
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.restartPolicy }}
restartPolicy: {{ . }}
{{- end }}
{{- with .Values.tolerations }} {{- with .Values.tolerations }}
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -260,6 +280,9 @@ spec:
- name: {{ $mount.name }} - name: {{ $mount.name }}
hostPath: hostPath:
path: {{ $mount.hostPath }} path: {{ $mount.hostPath }}
{{- with $mount.type }}
type: {{ . }}
{{- end }}
{{- end }} {{- end }}
{{- range $_, $mount := .Values.sidecarVolumeMount }} {{- range $_, $mount := .Values.sidecarVolumeMount }}
- name: {{ $mount.name }} - name: {{ $mount.name }}

55
charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml
View File

@ -39,6 +39,9 @@ global:
# The requests are served through the same service but requests are HTTPS. # The requests are served through the same service but requests are HTTPS.
kubeRBACProxy: kubeRBACProxy:
enabled: false enabled: false
## Set environment variables as name/value pairs
env: {}
# VARIABLE: value
image: image:
registry: quay.io registry: quay.io
repository: brancz/kube-rbac-proxy repository: brancz/kube-rbac-proxy
@ -46,7 +49,7 @@ kubeRBACProxy:
sha: "" sha: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# List of additional cli arguments to configure kube-rbac-prxy # List of additional cli arguments to configure kube-rbac-proxy
# for example: --tls-cipher-suites, --log-file, etc. # for example: --tls-cipher-suites, --log-file, etc.
# all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
extraArgs: [] extraArgs: []
@ -63,6 +66,12 @@ kubeRBACProxy:
# Configure a hostPort. If true, hostPort will be enabled in the container and set to service.port. # Configure a hostPort. If true, hostPort will be enabled in the container and set to service.port.
enableHostPort: false enableHostPort: false
# Configure Proxy Endpoints Port
# This is the port being probed for readiness
proxyEndpointsPort: 8888
# Configure a hostPort. If true, hostPort will be enabled in the container and set to proxyEndpointsPort.
enableProxyEndpointsHostPort: false
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little
@ -266,6 +275,10 @@ resources: {}
# cpu: 100m # cpu: 100m
# memory: 30Mi # memory: 30Mi
# Specify the container restart policy passed to the Node Export container
# Possible Values: Always (default)|OnFailure|Never
restartPolicy: null
serviceAccount: serviceAccount:
# Specifies whether a ServiceAccount should be created # Specifies whether a ServiceAccount should be created
create: true create: true
@ -317,6 +330,16 @@ hostRootFsMount:
# https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation # https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation
mountPropagation: HostToContainer mountPropagation: HostToContainer
# Mount the node's proc file system (/proc) at /host/proc in the container
hostProcFsMount:
# Possible values are None, HostToContainer, and Bidirectional
mountPropagation: ""
# Mount the node's sys file system (/sys) at /host/sys in the container
hostSysFsMount:
# Possible values are None, HostToContainer, and Bidirectional
mountPropagation: ""
## Assign a group of affinity scheduling rules ## Assign a group of affinity scheduling rules
## ##
affinity: {} affinity: {}
@ -361,10 +384,23 @@ nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
# kubernetes.io/arch: amd64 # kubernetes.io/arch: amd64
# Specify grace period for graceful termination of pods. Defaults to 30 if null or not specified
terminationGracePeriodSeconds: null
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists
# Enable or disable container termination message settings
# https://kubernetes.io/docs/tasks/debug/debug-application/determine-reason-pod-failure/
terminationMessageParams:
enabled: false
# If enabled, specify the path for termination messages
terminationMessagePath: /dev/termination-log
# If enabled, specify the policy for termination messages
terminationMessagePolicy: File
## Assign a PriorityClassName to pods if set ## Assign a PriorityClassName to pods if set
# priorityClassName: "" # priorityClassName: ""
@ -379,6 +415,8 @@ extraArgs: []
extraHostVolumeMounts: [] extraHostVolumeMounts: []
# - name: <mountName> # - name: <mountName>
# hostPath: <hostPath> # hostPath: <hostPath>
# https://kubernetes.io/docs/concepts/storage/volumes/#hostpath-volume-types
# type: "" (Default)|DirectoryOrCreate|Directory|FileOrCreate|File|Socket|CharDevice|BlockDevice
# mountPath: <mountPath> # mountPath: <mountPath>
# readOnly: true|false # readOnly: true|false
# mountPropagation: None|HostToContainer|Bidirectional # mountPropagation: None|HostToContainer|Bidirectional
@ -395,18 +433,21 @@ secrets: []
## ##
namespaceOverride: "" namespaceOverride: ""
## Additional containers for export metrics to text file ## Additional containers for export metrics to text file; fields image,imagePullPolicy,securityContext take default value from main container
## ##
sidecars: [] sidecars: []
## - name: nvidia-dcgm-exporter # - name: nvidia-dcgm-exporter
## image: nvidia/dcgm-exporter:1.4.3 # image: nvidia/dcgm-exporter:1.4.3
# volumeMounts:
# - name: tmp
# mountPath: /tmp
## Volume for sidecar containers ## Volume for sidecar containers
## ##
sidecarVolumeMount: [] sidecarVolumeMount: []
## - name: collector-textfiles # - name: collector-textfiles
## mountPath: /run/prometheus # mountPath: /run/prometheus
## readOnly: false # readOnly: false
## Additional mounts from the host to sidecar containers ## Additional mounts from the host to sidecar containers
## ##

2
charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/Chart.yaml
View File

@ -21,4 +21,4 @@ name: prometheus-pushgateway
sources: sources:
- https://github.com/prometheus/pushgateway - https://github.com/prometheus/pushgateway
type: application type: application
version: 2.6.0 version: 2.8.0

10
charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/NOTES.txt
View File

@ -4,16 +4,16 @@
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }} {{- end }}
{{- else if contains "NodePort" .Values.service.type }} {{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-pushgateway.fullname" . }}) export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-pushgateway.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-pushgateway.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-pushgateway.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }} {{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available. NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-pushgateway.fullname" . }}' You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-pushgateway.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus-pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-pushgateway.namespace" . }} {{ template "prometheus-pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }} echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }} {{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus-pushgateway.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-pushgateway.namespace" . }} -l "app.kubernetes.io/name={{ template "prometheus-pushgateway.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:9091 to use your application"
kubectl port-forward $POD_NAME 9091 kubectl port-forward $POD_NAME 9091
echo "Visit http://127.0.0.1:9091 to use your application"
{{- end }} {{- end }}

24
charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl
View File

@ -116,6 +116,7 @@ Returns pod spec
*/}} */}}
{{- define "prometheus-pushgateway.podSpec" -}} {{- define "prometheus-pushgateway.podSpec" -}}
serviceAccountName: {{ include "prometheus-pushgateway.serviceAccountName" . }} serviceAccountName: {{ include "prometheus-pushgateway.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- with .Values.priorityClassName }} {{- with .Values.priorityClassName }}
priorityClassName: {{ . | quote }} priorityClassName: {{ . | quote }}
{{- end }} {{- end }}
@ -181,10 +182,29 @@ nodeSelector:
tolerations: tolerations:
{{- toYaml . | nindent 2 }} {{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- with .Values.affinity }} {{- if or .Values.podAntiAffinity .Values.affinity }}
affinity: affinity:
{{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- with .Values.affinity }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq .Values.podAntiAffinity "hard" }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ include "prometheus-pushgateway.name" . }}]}
{{- else if eq .Values.podAntiAffinity "soft" }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ include "prometheus-pushgateway.name" . }}]}
{{- end }}
{{- with .Values.topologySpreadConstraints }} {{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints: topologySpreadConstraints:
{{- toYaml . | nindent 2 }} {{- toYaml . | nindent 2 }}

1
charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/serviceaccount.yaml
View File

@ -13,4 +13,5 @@ metadata:
{{- end }} {{- end }}
name: {{ include "prometheus-pushgateway.serviceAccountName" . }} name: {{ include "prometheus-pushgateway.serviceAccountName" . }}
namespace: {{ template "prometheus-pushgateway.namespace" . }} namespace: {{ template "prometheus-pushgateway.namespace" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- end }} {{- end }}

15
charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml
View File

@ -32,6 +32,9 @@ service:
loadBalancerIP: "" loadBalancerIP: ""
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
# Whether to automatically mount a service account token into the pod
automountServiceAccountToken: true
# Optional pod annotations # Optional pod annotations
podAnnotations: {} podAnnotations: {}
@ -210,6 +213,18 @@ containerSecurityContext: {}
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {} affinity: {}
## Pod anti-affinity can prevent the scheduler from placing pushgateway replicas on the same node.
## The value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
## The default value "" will disable pod anti-affinity so that no anti-affinity rules will be configured (unless set in `affinity`).
##
podAntiAffinity: ""
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
##
podAntiAffinityTopologyKey: kubernetes.io/hostname
## Topology spread constraints for pods ## Topology spread constraints for pods
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: [] topologySpreadConstraints: []

1
charts/kasten/k10/charts/prometheus/templates/_helpers.tpl
View File

@ -231,4 +231,3 @@ Define prometheus.server.remoteRead producing a list of remoteRead configuration
{{- end -}} {{- end -}}
{{ toYaml $remoteReads }} {{ toYaml $remoteReads }}
{{- end -}} {{- end -}}

23
charts/kasten/k10/charts/prometheus/templates/deploy.yaml
View File

@ -296,10 +296,29 @@ spec:
tolerations: tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }} {{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.server.affinity }} {{- if or .Values.server.affinity .Values.server.podAntiAffinity }}
affinity: affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }} {{- end }}
{{- with .Values.server.affinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if eq .Values.server.podAntiAffinity "hard" }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]}
{{- else if eq .Values.server.podAntiAffinity "soft" }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]}
{{- end }}
{{- with .Values.server.topologySpreadConstraints }} {{- with .Values.server.topologySpreadConstraints }}
topologySpreadConstraints: topologySpreadConstraints:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

23
charts/kasten/k10/charts/prometheus/templates/sts.yaml
View File

@ -299,10 +299,29 @@ spec:
tolerations: tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }} {{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.server.affinity }} {{- if or .Values.server.affinity .Values.server.podAntiAffinity }}
affinity: affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }} {{- end }}
{{- with .Values.server.affinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if eq .Values.server.podAntiAffinity "hard" }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]}
{{- else if eq .Values.server.podAntiAffinity "soft" }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.server.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ template "prometheus.name" . }}]}
{{- end }}
{{- with .Values.server.topologySpreadConstraints }} {{- with .Values.server.topologySpreadConstraints }}
topologySpreadConstraints: topologySpreadConstraints:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

8
charts/kasten/k10/charts/prometheus/values.schema.json
View File

@ -396,6 +396,14 @@
"podAnnotations": { "podAnnotations": {
"type": "object" "type": "object"
}, },
"podAntiAffinity": {
"type": "string",
"enum": ["", "soft", "hard"],
"default": ""
},
"podAntiAffinityTopologyKey": {
"type": "string"
},
"podDisruptionBudget": { "podDisruptionBudget": {
"type": "object", "type": "object",
"properties": { "properties": {

14
charts/kasten/k10/charts/prometheus/values.yaml
View File

@ -60,7 +60,7 @@ configmapReload:
## ##
image: image:
repository: quay.io/prometheus-operator/prometheus-config-reloader repository: quay.io/prometheus-operator/prometheus-config-reloader
tag: v0.71.2 tag: v0.72.0
# When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value).
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@ -397,6 +397,18 @@ server:
## ##
affinity: {} affinity: {}
## Pod anti-affinity can prevent the scheduler from placing Prometheus server replicas on the same node.
## The value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
## The default value "" will disable pod anti-affinity so that no anti-affinity rules will be configured (unless set in `server.affinity`).
##
podAntiAffinity: ""
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
##
podAntiAffinityTopologyKey: kubernetes.io/hostname
## Pod topology spread constraints ## Pod topology spread constraints
## ref. https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## ref. https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
topologySpreadConstraints: [] topologySpreadConstraints: []

907
charts/kasten/k10/grafana/dashboards/default/default.json
View File

@ -4900,9 +4900,910 @@
], ],
"title": "Data reduction", "title": "Data reduction",
"type": "row" "type": "row"
} },
{
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 55
},
"id": 1013,
"panels": [
{
"datasource": "Prometheus",
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisPlacement": "left",
"barAlignment": 0,
"drawStyle": "points",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "stepAfter",
"lineWidth": 1,
"pointSize": 4,
"scaleDistribution": {
"log": 2,
"type": "log"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s",
"unitScale": true
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": "/#.*/"
},
"properties": [
{
"id": "unit",
"value": "none"
},
{
"id": "custom.axisPlacement",
"value": "right"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.scaleDistribution",
"value": {
"type": "linear"
}
},
{
"id": "custom.drawStyle",
"value": "line"
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
},
{
"id": "custom.showPoints",
"value": "never"
},
{
"id": "custom.axisSoftMin",
"value": 0
},
{
"id": "custom.axisLabel",
"value": "# volumes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#Volumes"
},
"properties": [
{
"id": "displayName",
"value": "# Volumes Under Transfer"
},
{
"id": "custom.lineStyle",
"value": {
"fill": "solid"
}
},
{
"id": "custom.lineWidth",
"value": 0.4
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#UploadSessionVolumes"
},
"properties": [
{
"id": "displayName",
"value": "# VBR Session Volumes"
},
{
"id": "custom.lineWidth",
"value": 0
},
{
"id": "custom.fillOpacity",
"value": 25
},
{
"id": "color",
"value": {
"fixedColor": "dark-blue",
"mode": "shades"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 8
},
"id": 1006,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum (max_over_time(data_operation_volume_count{}[2m]))",
"fullMetaSearch": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#Volumes",
"range": true,
"refId": "VOLUME_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))",
"fullMetaSearch": false,
"hide": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#UploadSessionVolumes",
"range": true,
"refId": "VBR_SESSION_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"editorMode": "code",
"expr": "sum by (data_format,operation,storage_class,repo_name) (rate(data_operation_normalized_duration_sum{}[2m])) / sum by (data_format,operation,storage_class,repo_name) (rate(data_operation_normalized_duration_count{}[2m]))",
"hide": false,
"instant": false,
"legendFormat": "{{operation}} {{storage_class}}/{{repo_name}} ({{data_format}})",
"range": true,
"refId": "NORMALIZED_DURATION_BY_STORAGE_CLASS_LOC"
}
],
"title": "Normalized operation duration by storage class, location and data format (time/MiB)",
"type": "timeseries"
},
{
"datasource": "Prometheus",
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "left",
"barAlignment": 0,
"drawStyle": "points",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "stepAfter",
"lineWidth": 1,
"pointSize": 4,
"scaleDistribution": {
"log": 2,
"type": "log"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s",
"unitScale": true
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": "/#.*/"
},
"properties": [
{
"id": "unit",
"value": "none"
},
{
"id": "custom.axisPlacement",
"value": "right"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.scaleDistribution",
"value": {
"type": "linear"
}
},
{
"id": "custom.drawStyle",
"value": "line"
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
},
{
"id": "custom.showPoints",
"value": "never"
},
{
"id": "custom.axisSoftMin",
"value": 0
},
{
"id": "custom.axisLabel",
"value": "# volumes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#Volumes"
},
"properties": [
{
"id": "displayName",
"value": "# Volumes Under Transfer"
},
{
"id": "custom.lineStyle",
"value": {
"fill": "solid"
}
},
{
"id": "custom.lineWidth",
"value": 0.4
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#UploadSessionVolumes"
},
"properties": [
{
"id": "displayName",
"value": "# VBR Session Volumes"
},
{
"id": "custom.lineWidth",
"value": 0
},
{
"id": "custom.fillOpacity",
"value": 25
},
{
"id": "color",
"value": {
"fixedColor": "dark-blue",
"mode": "shades"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 8
},
"id": 1012,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum (max_over_time(data_operation_volume_count{}[2m]))",
"fullMetaSearch": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#Volumes",
"range": true,
"refId": "VOLUME_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))",
"fullMetaSearch": false,
"hide": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#UploadSessionVolumes",
"range": true,
"refId": "VBR_SESSION_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"editorMode": "code",
"expr": "sum by (data_format,operation,namespace,pvc_name) (rate(data_operation_duration_sum{}[2m])) / sum by (data_format,operation,namespace,pvc_name) (rate(data_operation_duration_count{}[2m]))",
"hide": false,
"instant": false,
"legendFormat": "{{operation}} {{namespace}}/{{pvc_name}} ({{data_format}})",
"range": true,
"refId": "DURATION_BY_PVC"
}
],
"title": "Operation duration by pvc and data format",
"type": "timeseries"
},
{
"datasource": "Prometheus",
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "left",
"barAlignment": 0,
"drawStyle": "points",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "stepAfter",
"lineWidth": 1,
"pointSize": 4,
"scaleDistribution": {
"log": 2,
"type": "log"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "binBps",
"unitScale": true
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": "/#.*/"
},
"properties": [
{
"id": "unit",
"value": "none"
},
{
"id": "custom.axisPlacement",
"value": "right"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.scaleDistribution",
"value": {
"type": "linear"
}
},
{
"id": "custom.drawStyle",
"value": "line"
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
},
{
"id": "custom.showPoints",
"value": "never"
},
{
"id": "custom.axisSoftMin",
"value": 0
},
{
"id": "custom.axisLabel",
"value": "# volumes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#Volumes"
},
"properties": [
{
"id": "displayName",
"value": "# Volumes Under Transfer"
},
{
"id": "custom.lineStyle",
"value": {
"fill": "solid"
}
},
{
"id": "custom.lineWidth",
"value": 0.4
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#UploadSessionVolumes"
},
"properties": [
{
"id": "displayName",
"value": "# VBR Session Volumes"
},
{
"id": "custom.lineWidth",
"value": 0
},
{
"id": "custom.fillOpacity",
"value": 25
},
{
"id": "color",
"value": {
"fixedColor": "dark-blue",
"mode": "shades"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 1011,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum (max_over_time(data_operation_volume_count{}[2m]))",
"fullMetaSearch": false,
"hide": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#Volumes",
"range": true,
"refId": "VOLUME_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))",
"fullMetaSearch": false,
"hide": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#UploadSessionVolumes",
"range": true,
"refId": "VBR_SESSION_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"editorMode": "code",
"expr": "avg by (data_format, operation, storage_class, repo_name) (rate(data_operation_bytes{}[$__rate_interval]))",
"hide": false,
"instant": false,
"legendFormat": "{{operation}} {{storage_class}}/{{repo_name}} ({{data_format}})",
"range": true,
"refId": "RATE_BY_STORAGE_CLASS"
}
],
"title": "Operation transfer rate by storage class, location and data format",
"type": "timeseries"
},
{
"datasource": "Prometheus",
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "left",
"barAlignment": 0,
"drawStyle": "points",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "stepAfter",
"lineWidth": 1,
"pointSize": 4,
"scaleDistribution": {
"log": 2,
"type": "log"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "binBps",
"unitScale": true
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": "/#.*/"
},
"properties": [
{
"id": "unit",
"value": "none"
},
{
"id": "custom.axisPlacement",
"value": "right"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.scaleDistribution",
"value": {
"type": "linear"
}
},
{
"id": "custom.drawStyle",
"value": "line"
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
},
{
"id": "custom.showPoints",
"value": "never"
},
{
"id": "custom.axisSoftMin",
"value": 0
},
{
"id": "custom.axisLabel",
"value": "# volumes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#Volumes"
},
"properties": [
{
"id": "displayName",
"value": "# Volumes Under Transfer"
},
{
"id": "custom.lineStyle",
"value": {
"fill": "solid"
}
},
{
"id": "custom.lineWidth",
"value": 0.4
},
{
"id": "custom.lineInterpolation",
"value": "stepAfter"
}
]
},
{
"matcher": {
"id": "byName",
"options": "#UploadSessionVolumes"
},
"properties": [
{
"id": "displayName",
"value": "# VBR Session Volumes"
},
{
"id": "custom.lineWidth",
"value": 0
},
{
"id": "custom.fillOpacity",
"value": 25
},
{
"id": "color",
"value": {
"fixedColor": "dark-blue",
"mode": "shades"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 1004,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum (max_over_time(data_operation_volume_count{}[2m]))",
"fullMetaSearch": false,
"hide": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#Volumes",
"range": true,
"refId": "VOLUME_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"disableTextWrap": false,
"editorMode": "code",
"expr": "sum by (repo_type) (max_over_time(data_upload_session_volume_count{repo_type=\"VBR\"}[2m]))",
"fullMetaSearch": false,
"hide": false,
"includeNullMetadata": true,
"instant": false,
"legendFormat": "#UploadSessionVolumes",
"range": true,
"refId": "VBR_SESSION_COUNT",
"useBackend": false
},
{
"datasource": "Prometheus",
"editorMode": "code",
"expr": "avg by (data_format, operation, namespace, pvc_name) (rate(data_operation_bytes{}[$__rate_interval]))",
"hide": false,
"instant": false,
"legendFormat": "{{operation}} {{namespace}}/{{pvc_name}} ({{data_format}})",
"range": true,
"refId": "RATE_BY_PVC"
}
],
"title": "Operation transfer rate by pvc and data format",
"type": "timeseries"
}
],
"title": "Data transfer operations",
"type": "row"
}
], ],
"schemaVersion": 37, "schemaVersion": 39,
"style": "dark", "style": "dark",
"tags": [], "tags": [],
"templating": { "templating": {
@ -4950,5 +5851,5 @@
"timezone": "", "timezone": "",
"title": "K10 Dashboard", "title": "K10 Dashboard",
"uid": "8Ebb3xS7k", "uid": "8Ebb3xS7k",
"version": 1 "version": 2
} }

3
charts/kasten/k10/templates/_definitions.tpl
View File

@ -29,9 +29,9 @@ vbrintegrationapi:
{{- end -}} {{- end -}}
{{- define "k10.colocatedServiceLookup" -}} {{- define "k10.colocatedServiceLookup" -}}
crypto: crypto:
- bloblifecyclemanager
- garbagecollector - garbagecollector
- repositories - repositories
- bloblifecyclemanager
dashboardbff: dashboardbff:
- vbrintegrationapi - vbrintegrationapi
state: state:
@ -92,6 +92,7 @@ state:
{{- define "k10.defaultK10LimiterGenericVolumeCopies" -}}10{{- end -}} {{- define "k10.defaultK10LimiterGenericVolumeCopies" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterGenericVolumeRestores" -}}10{{- end -}} {{- define "k10.defaultK10LimiterGenericVolumeRestores" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterCsiSnapshots" -}}10{{- end -}} {{- define "k10.defaultK10LimiterCsiSnapshots" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterImageCopies" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterProviderSnapshots" -}}10{{- end -}} {{- define "k10.defaultK10LimiterProviderSnapshots" -}}10{{- end -}}
{{- define "k10.defaultK10GCDaemonPeriod" -}}21600{{- end -}} {{- define "k10.defaultK10GCDaemonPeriod" -}}21600{{- end -}}
{{- define "k10.defaultK10GCKeepMaxActions" -}}1000{{- end -}} {{- define "k10.defaultK10GCKeepMaxActions" -}}1000{{- end -}}

36
charts/kasten/k10/templates/_helpers.tpl
View File

@ -115,6 +115,16 @@
{{- $internal_capabilities = append $internal_capabilities "mc" -}} {{- $internal_capabilities = append $internal_capabilities "mc" -}}
{{- end -}} {{- end -}}
{{- /* FIPS */ -}}
{{- $fips := .Values.fips | default dict -}}
{{- if $fips.enabled -}}
{{- $internal_capabilities = append $internal_capabilities "fips" -}}
{{- if not $fips.allowNonFIPSImports -}}
{{- $internal_capabilities = append $internal_capabilities "fips.strict.migrations" -}}
{{- end -}}
{{- end -}}
{{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}} {{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}}
{{- end -}} {{- end -}}
@ -491,7 +501,7 @@ Checks and enforces only 1 set of azure creds is specified
{{ if and (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureMSIWithDefaultID" .) "true") }} {{ if and (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureMSIWithDefaultID" .) "true") }}
{{- fail "useDefaultMSI is set to true, but an additional ClientID is also provided. Please choose one." }} {{- fail "useDefaultMSI is set to true, but an additional ClientID is also provided. Please choose one." }}
{{- end -}} {{- end -}}
{{ if and (eq (include "check.azureClientSecretCreds" .) "true") (or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureMSIWithDefaultID" .) "true")) }} {{ if and ( or (eq (include "check.azureClientSecretCreds" .) "true") (eq (include "check.azuresecret" .) "true" )) (or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureMSIWithDefaultID" .) "true")) }}
{{- fail "Both Azure ClientSecret and Managed Identity creds are available, but only one is allowed. Please choose one." }} {{- fail "Both Azure ClientSecret and Managed Identity creds are available, but only one is allowed. Please choose one." }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@ -613,6 +623,12 @@ Check if Azure creds are specified
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "check.azuresecret" -}}
{{- if .Values.secrets.azureClientSecretName }}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/* {{/*
Check if Vsphere creds are specified Check if Vsphere creds are specified
*/}} */}}
@ -934,6 +950,24 @@ Is ingress part of stable APIVersion.
{{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}} {{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
{{- end -}} {{- end -}}
{{/*
Check if `ingress.defaultBackend` is properly formatted when specified.
*/}}
{{- define "check.ingress.defaultBackend" -}}
{{- if .Values.ingress.defaultBackend -}}
{{- if and .Values.ingress.defaultBackend.service.enabled .Values.ingress.defaultBackend.resource.enabled -}}
{{- fail "Both `service` and `resource` cannot be enabled in the `ingress.defaultBackend`. Provide only one." -}}
{{- end -}}
{{- if .Values.ingress.defaultBackend.service.enabled -}}
{{- if and (not .Values.ingress.defaultBackend.service.port.name) (not .Values.ingress.defaultBackend.service.port.number) -}}
{{- fail "Provide either `name` or `number` in the `ingress.defaultBackend.service.port`." -}}
{{- end -}}
{{- if and .Values.ingress.defaultBackend.service.port.name .Values.ingress.defaultBackend.service.port.number -}}
{{- fail "Both `name` and `number` cannot be specified in the `ingress.defaultBackend.service.port`. Provide only one." -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "check.validatePrometheusConfig" -}} {{- define "check.validatePrometheusConfig" -}}
{{if and ( and .Values.global.prometheus.external.host .Values.global.prometheus.external.port) .Values.prometheus.server.enabled}} {{if and ( and .Values.global.prometheus.external.host .Values.global.prometheus.external.port) .Values.prometheus.server.enabled}}

37
charts/kasten/k10/templates/_k10_container.tpl
View File

@ -105,7 +105,24 @@ stating that types are not same for the equality check
name: google-secret name: google-secret
key: kasten-gke-project key: kasten-gke-project
{{- end }} {{- end }}
{{- if eq (include "check.azurecreds" .) "true" }} {{- if or (eq (include "check.azuresecret" .) "true") (eq (include "check.azurecreds" .) "true" ) }}
{{- if eq (include "check.azuresecret" .) "true" }}
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.azureClientSecretName }}
key: azure_client_id
- name: AZURE_TENANT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.azureClientSecretName }}
key: azure_tenant_id
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.azureClientSecretName }}
key: azure_client_secret
{{- else }}
{{- if or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureClientSecretCreds" .) "true") }} {{- if or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureClientSecretCreds" .) "true") }}
- name: AZURE_CLIENT_ID - name: AZURE_CLIENT_ID
valueFrom: valueFrom:
@ -125,6 +142,7 @@ stating that types are not same for the equality check
name: azure-creds name: azure-creds
key: azure_client_secret key: azure_client_secret
{{- end }} {{- end }}
{{- end }}
{{- if .Values.secrets.azureResourceGroup }} {{- if .Values.secrets.azureResourceGroup }}
- name: AZURE_RESOURCE_GROUP - name: AZURE_RESOURCE_GROUP
valueFrom: valueFrom:
@ -437,11 +455,28 @@ stating that types are not same for the equality check
configMapKeyRef: configMapKeyRef:
name: k10-config name: k10-config
key: K10LimiterProviderSnapshots key: K10LimiterProviderSnapshots
- name: K10_LIMITER_IMAGE_COPIES
valueFrom:
configMapKeyRef:
name: k10-config
key: K10LimiterImageCopies
- name: K10_EPHEMERAL_PVC_OVERHEAD
valueFrom:
configMapKeyRef:
name: k10-config
key: K10EphemeralPVCOverhead
- name: AWS_ASSUME_ROLE_DURATION - name: AWS_ASSUME_ROLE_DURATION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
name: k10-config name: k10-config
key: AWSAssumeRoleDuration key: AWSAssumeRoleDuration
{{- if (list "kanister" "executor" "repositories" | has $service) }}
- name: K10_DATA_STORE_DISABLE_COMPRESSION
valueFrom:
configMapKeyRef:
name: k10-config
key: k10DataStoreDisableCompression
{{- end }}
{{- if (list "dashboardbff" "catalog" "executor" "crypto" | has $service) }} {{- if (list "dashboardbff" "catalog" "executor" "crypto" | has $service) }}
{{- if .Values.metering.mode }} {{- if .Values.metering.mode }}
- name: K10REPORTMODE - name: K10REPORTMODE

2
charts/kasten/k10/templates/_k10_image_tag.tpl
View File

@ -1 +1 @@
{{- define "k10.imageTag" -}}6.5.11{{- end -}} {{- define "k10.imageTag" -}}6.5.12{{- end -}}

28
charts/kasten/k10/templates/ingress.yaml
View File

@ -2,13 +2,14 @@
{{- $service_port := .Values.gateway.service.externalPort -}} {{- $service_port := .Values.gateway.service.externalPort -}}
{{ if .Values.ingress.create }} {{ if .Values.ingress.create }}
{{ include "authEnabled.check" . }} {{ include "authEnabled.check" . }}
{{ include "check.ingress.defaultBackend" . }}
apiVersion: {{ template "ingress.apiVersion" . }} apiVersion: {{ template "ingress.apiVersion" . }}
kind: Ingress kind: Ingress
metadata: metadata:
labels: labels:
{{ include "helm.labels" . | indent 4 }} {{ include "helm.labels" . | indent 4 }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
name: {{ .Release.Name }}-ingress name: {{ .Values.ingress.name | default (printf "%s-ingress" .Release.Name) }}
annotations: annotations:
{{ include "ingressClassAnnotation" . | indent 4 }} {{ include "ingressClassAnnotation" . | indent 4 }}
{{- if and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey }} {{- if and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey }}
@ -20,6 +21,31 @@ metadata:
{{- end }} {{- end }}
spec: spec:
{{ include "specIngressClassName" . | indent 2 }} {{ include "specIngressClassName" . | indent 2 }}
{{ with .Values.ingress.defaultBackend }}
{{- if or .service.enabled .resource.enabled }}
defaultBackend:
{{- with .service }}
{{- if .enabled }}
service:
name: {{ required "`name` is required in the `ingress.defaultBackend.service`." .name }}
port:
{{- if .port.name }}
name: {{ .port.name }}
{{- else if .port.number }}
number: {{ .port.number }}
{{- end }}
{{- end }}
{{- end }}
{{- with .resource }}
{{- if .enabled }}
resource:
apiGroup: {{ .apiGroup }}
name: {{ required "`name` is required in the `ingress.defaultBackend.resource`." .name }}
kind: {{ required "`kind` is required in the `ingress.defaultBackend.resource`." .kind }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls.enabled }} {{- if .Values.ingress.tls.enabled }}
tls: tls:
- hosts: - hosts:

4
charts/kasten/k10/templates/k10-config.yaml
View File

@ -20,6 +20,7 @@ data:
apiDomain: {{ include "apiDomain" . }} apiDomain: {{ include "apiDomain" . }}
concurrentSnapConversions: {{ default (include "k10.defaultConcurrentSnapshotConversions" .) .Values.limiter.concurrentSnapConversions | quote }} concurrentSnapConversions: {{ default (include "k10.defaultConcurrentSnapshotConversions" .) .Values.limiter.concurrentSnapConversions | quote }}
concurrentWorkloadSnapshots: {{ include "k10.defaultConcurrentWorkloadSnapshots" . | quote }} concurrentWorkloadSnapshots: {{ include "k10.defaultConcurrentWorkloadSnapshots" . | quote }}
k10DataStoreDisableCompression: "false"
k10DataStoreParallelUpload: {{ include "k10.defaultK10DataStoreParallelUpload" . | quote }} k10DataStoreParallelUpload: {{ include "k10.defaultK10DataStoreParallelUpload" . | quote }}
k10DataStoreGeneralContentCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralContentCacheSizeMB" . | quote }} k10DataStoreGeneralContentCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralContentCacheSizeMB" . | quote }}
k10DataStoreGeneralMetadataCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralMetadataCacheSizeMB" . | quote }} k10DataStoreGeneralMetadataCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralMetadataCacheSizeMB" . | quote }}
@ -48,6 +49,7 @@ data:
K10LimiterGenericVolumeRestores: {{ default (include "k10.defaultK10LimiterGenericVolumeRestores" .) .Values.limiter.genericVolumeRestores | quote }} K10LimiterGenericVolumeRestores: {{ default (include "k10.defaultK10LimiterGenericVolumeRestores" .) .Values.limiter.genericVolumeRestores | quote }}
K10LimiterCsiSnapshots: {{ default (include "k10.defaultK10LimiterCsiSnapshots" .) .Values.limiter.csiSnapshots | quote }} K10LimiterCsiSnapshots: {{ default (include "k10.defaultK10LimiterCsiSnapshots" .) .Values.limiter.csiSnapshots | quote }}
K10LimiterProviderSnapshots: {{ default (include "k10.defaultK10LimiterProviderSnapshots" .) .Values.limiter.providerSnapshots | quote }} K10LimiterProviderSnapshots: {{ default (include "k10.defaultK10LimiterProviderSnapshots" .) .Values.limiter.providerSnapshots | quote }}
K10LimiterImageCopies: {{ default (include "k10.defaultK10LimiterImageCopies" .) .Values.limiter.imageCopies | quote }}
K10ExecutorWorkerCount: {{ default (include "k10.defaultK10ExecutorWorkerCount" .) .Values.services.executor.workerCount | quote }} K10ExecutorWorkerCount: {{ default (include "k10.defaultK10ExecutorWorkerCount" .) .Values.services.executor.workerCount | quote }}
K10ExecutorMaxConcurrentRestoreCsiSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreCsiSnapshots" .) .Values.services.executor.maxConcurrentRestoreCsiSnapshots | quote }} K10ExecutorMaxConcurrentRestoreCsiSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreCsiSnapshots" .) .Values.services.executor.maxConcurrentRestoreCsiSnapshots | quote }}
K10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots" .) .Values.services.executor.maxConcurrentRestoreGenericVolumeSnapshots | quote }} K10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots" .) .Values.services.executor.maxConcurrentRestoreGenericVolumeSnapshots | quote }}
@ -57,6 +59,8 @@ data:
K10GCKeepMaxActions: {{ default (include "k10.defaultK10GCKeepMaxActions" .) .Values.garbagecollector.keepMaxActions | quote }} K10GCKeepMaxActions: {{ default (include "k10.defaultK10GCKeepMaxActions" .) .Values.garbagecollector.keepMaxActions | quote }}
K10GCActionsEnabled: {{ default (include "k10.defaultK10GCActionsEnabled" .) .Values.garbagecollector.actions.enabled | quote }} K10GCActionsEnabled: {{ default (include "k10.defaultK10GCActionsEnabled" .) .Values.garbagecollector.actions.enabled | quote }}
K10EphemeralPVCOverhead: {{ .Values.ephemeralPVCOverhead | quote }}
K10DefaultPriorityClassName: {{ default (include "k10.defaultK10DefaultPriorityClassName" .) .Values.defaultPriorityClassName | quote }} K10DefaultPriorityClassName: {{ default (include "k10.defaultK10DefaultPriorityClassName" .) .Values.defaultPriorityClassName | quote }}
kubeVirtVMsUnFreezeTimeout: {{ default (include "k10.defaultKubeVirtVMsUnfreezeTimeout" .) .Values.kubeVirtVMs.snapshot.unfreezeTimeout | quote }} kubeVirtVMsUnFreezeTimeout: {{ default (include "k10.defaultKubeVirtVMsUnfreezeTimeout" .) .Values.kubeVirtVMs.snapshot.unfreezeTimeout | quote }}

22
charts/kasten/k10/templates/networkpolicy.yaml
View File

@ -226,6 +226,28 @@ spec:
ports: ports:
- protocol: TCP - protocol: TCP
port: 8080 port: 8080
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: auth-dex-allow
namespace: {{ .Release.Namespace }}
labels:
{{ include "helm.labels" . | indent 4 }}
spec:
podSelector:
matchLabels:
release: {{ .Release.Name }}
run: auth-svc
ingress:
- from:
- podSelector:
matchLabels:
run: auth-svc
release: {{ .Release.Name }}
ports:
- protocol: TCP
port: 8080
{{- end -}} {{- end -}}
{{- $mainCtx := . }} {{- $mainCtx := . }}
{{- $colocatedList := include "get.enabledColocatedSvcList" . | fromYaml }} {{- $colocatedList := include "get.enabledColocatedSvcList" . | fromYaml }}

2
charts/kasten/k10/templates/secrets.yaml
View File

@ -57,6 +57,7 @@ metadata:
name: azure-creds name: azure-creds
type: Opaque type: Opaque
data: data:
{{- if not (eq (include "check.azuresecret" .) "true" ) }}
{{- if or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureClientSecretCreds" .) "true") }} {{- if or (eq (include "check.azureMSIWithClientID" .) "true") (eq (include "check.azureClientSecretCreds" .) "true") }}
azure_client_id: {{ required "secrets.azureClientId field is required!" .Values.secrets.azureClientId | b64enc | quote }} azure_client_id: {{ required "secrets.azureClientId field is required!" .Values.secrets.azureClientId | b64enc | quote }}
{{- end }} {{- end }}
@ -64,6 +65,7 @@ data:
azure_tenant_id: {{ required "secrets.azureTenantId field is required!" .Values.secrets.azureTenantId | b64enc | quote }} azure_tenant_id: {{ required "secrets.azureTenantId field is required!" .Values.secrets.azureTenantId | b64enc | quote }}
azure_client_secret: {{ required "secrets.azureClientSecret field is required!" .Values.secrets.azureClientSecret | b64enc | quote }} azure_client_secret: {{ required "secrets.azureClientSecret field is required!" .Values.secrets.azureClientSecret | b64enc | quote }}
{{- end }} {{- end }}
{{- end }}
azure_resource_group: {{ default "" .Values.secrets.azureResourceGroup | b64enc | quote }} azure_resource_group: {{ default "" .Values.secrets.azureResourceGroup | b64enc | quote }}
azure_subscription_id: {{ default "" .Values.secrets.azureSubscriptionID | b64enc | quote }} azure_subscription_id: {{ default "" .Values.secrets.azureSubscriptionID | b64enc | quote }}
azure_resource_manager_endpoint: {{ default "" .Values.secrets.azureResourceMgrEndpoint | b64enc | quote }} azure_resource_manager_endpoint: {{ default "" .Values.secrets.azureResourceMgrEndpoint | b64enc | quote }}

112
charts/kasten/k10/values.schema.json
View File

@ -626,9 +626,21 @@
"default": false, "default": false,
"title": "Enable TLS", "title": "Enable TLS",
"description": "Configures a TLS use for ingress.host" "description": "Configures a TLS use for ingress.host"
},
"secretName": {
"type": "string",
"default": "",
"title": "TLS secret name",
"description": "Specifies the name of the secret to configure ingress.tls[].secretName"
} }
} }
}, },
"name": {
"type": "string",
"default": "",
"title": "Ingress name",
"description": "Optional name of the Ingress object for the K10 dashboard."
},
"class": { "class": {
"type": "string", "type": "string",
"default": "", "default": "",
@ -663,6 +675,88 @@
"Prefix", "Prefix",
"ImplementationSpecific" "ImplementationSpecific"
] ]
},
"defaultBackend": {
"type": "object",
"title": "Ingress default backend",
"description": "Optional default backend for the Ingress object.",
"properties": {
"service": {
"type": "object",
"title": "Ingress default backend service",
"description": "A service referenced by the default backend (mutually exclusive with `resource`).",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable service default backend.",
"description": "Enable the default backend backed by a service."
},
"name": {
"type": "string",
"default": "",
"title": "Service name",
"description": "Name of a service referenced by the default backend."
},
"port": {
"type": "object",
"title": "Service port",
"description": "A port of a service referenced by the default backend.",
"properties": {
"name": {
"type": "string",
"default": "",
"title": "Port name",
"description": "Port name of a service referenced by the default backend (mutually exclusive with `number`)."
},
"number": {
"type": "integer",
"default": 0,
"title": "Port number",
"description": "Port number of a service referenced by the default backend (mutually exclusive with `name`)."
}
}
}
}
},
"resource": {
"type": "object",
"title": "Ingress default backend resource",
"description": "A resource referenced by the default backend (mutually exclusive with `service`).",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable resource default backend.",
"description": "Enable the default backend backed by a resource."
},
"apiGroup": {
"type": "string",
"default": "",
"title": "Resource API group",
"description": "Optional API group of a resource referenced by the default backend.",
"examples": [
"k8s.example.com"
]
},
"kind": {
"type": "string",
"default": "",
"title": "Resource kind",
"description": "Type of a resource referenced by the default backend.",
"examples": [
"StorageBucket"
]
},
"name": {
"type": "string",
"default": "",
"title": "Resource name",
"description": "Name of a resource referenced by the default backend."
}
}
}
}
} }
} }
}, },
@ -956,6 +1050,12 @@
"title": "Azure client Secret", "title": "Azure client Secret",
"description": "Azure Service APP secret" "description": "Azure Service APP secret"
}, },
"azureClientSecretName": {
"type": "string",
"default": "",
"title": "Secret with Azure credentials",
"description": "Specify a Secret directly instead of having to provide azureClientId, azureTenantId and azureClientSecret"
},
"azureResourceGroup": { "azureResourceGroup": {
"type": "string", "type": "string",
"default": "", "default": "",
@ -2201,6 +2301,12 @@
"default": 10, "default": 10,
"title": "Concurrent cloud provider create", "title": "Concurrent cloud provider create",
"description": "Limit of concurrent cloud provider create operations" "description": "Limit of concurrent cloud provider create operations"
},
"imageCopies": {
"type": "integer",
"default": 10,
"title": "Concurrent image copy",
"description": "Limit of concurrent image copy operations"
} }
} }
}, },
@ -2565,6 +2671,12 @@
"default": true, "default": true,
"title": "Run Kanister Hooks as root", "title": "Run Kanister Hooks as root",
"description": "Forces Kanister Execution Hooks to run with root privileges" "description": "Forces Kanister Execution Hooks to run with root privileges"
},
"ephemeralPVCOverhead": {
"type": "number",
"default": 0.1,
"title": "Storage overhead for ephemeral PVCs",
"description": "Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. pvc size = (file raw size) * (1 + `ephemeralPVCOverhead`)"
} }
} }
} }

18
charts/kasten/k10/values.yaml
View File

@ -135,12 +135,26 @@ kanisterToolsImage:
ingress: ingress:
create: false create: false
name: ""
tls: tls:
enabled: false enabled: false
secretName: "" #TLS secret name
class: "" #Ingress controller type class: "" #Ingress controller type
host: "" #ingress object host name host: "" #ingress object host name
urlPath: "" #url path for k10 gateway urlPath: "" #url path for k10 gateway
pathType: "ImplementationSpecific" pathType: "ImplementationSpecific"
defaultBackend:
service:
enabled: false
name: ""
port:
name: ""
number: 0
resource:
enabled: false
apiGroup: ""
kind: ""
name: ""
eula: eula:
accept: false #true value if EULA accepted accept: false #true value if EULA accepted
@ -196,6 +210,7 @@ secrets:
azureTenantId: '' azureTenantId: ''
azureClientId: '' azureClientId: ''
azureClientSecret: '' azureClientSecret: ''
azureClientSecretName: ''
azureResourceGroup: '' azureResourceGroup: ''
azureSubscriptionID: '' azureSubscriptionID: ''
azureResourceMgrEndpoint: '' azureResourceMgrEndpoint: ''
@ -418,6 +433,7 @@ limiter:
genericVolumeRestores: 10 genericVolumeRestores: 10
csiSnapshots: 10 csiSnapshots: 10
providerSnapshots: 10 providerSnapshots: 10
imageCopies: 10
gateway: gateway:
insecureDisableSSLVerify: false insecureDisableSSLVerify: false
@ -488,3 +504,5 @@ reporting:
maxJobWaitDuration: "" maxJobWaitDuration: ""
forceRootInKanisterHooks: true forceRootInKanisterHooks: true
ephemeralPVCOverhead: 0.1

28
index.yaml
View File

@ -29176,6 +29176,34 @@ entries:
- assets/trilio/k8s-triliovault-operator-v2.0.200.tgz - assets/trilio/k8s-triliovault-operator-v2.0.200.tgz
version: v2.0.200 version: v2.0.200
k10: k10:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: K10
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 6.5.12
created: "2024-04-21T00:55:40.105625299Z"
dependencies:
- condition: grafana.enabled
name: grafana
repository: file://./charts/grafana
version: 7.3.2
- condition: prometheus.server.enabled
name: prometheus
repository: file://./charts/prometheus
version: 25.18.0
description: Kastens K10 Data Management Platform
digest: 7168aabefb4d1e465fb92dfa7fd6c957e06736b5a51ab0838efa0c582c2336a0
home: https://kasten.io/
icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png
maintainers:
- email: contact@kasten.io
name: kastenIO
name: k10
urls:
- assets/kasten/k10-6.5.1201.tgz
version: 6.5.1201
- annotations: - annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: K10 catalog.cattle.io/display-name: K10