andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

new-relic/nri-bundle:
    - 5.0.104
pull/1093/head
github-actions[bot] 2024-12-11 00:03:15 +00:00
parent af91a1515f
commit 590a95281d
619 changed files with 49780 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/new-relic/nri-bundle-5.0.104.tgz Normal file
View File

Binary file not shown.

22
charts/new-relic/nri-bundle/5.0.104/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

39
charts/new-relic/nri-bundle/5.0.104/Chart.lock Normal file
View File

@ -0,0 +1,39 @@
dependencies:
- name: newrelic-infrastructure
repository: https://newrelic.github.io/nri-kubernetes
version: 3.37.1
- name: nri-prometheus
repository: https://newrelic.github.io/nri-prometheus
version: 2.1.19
- name: newrelic-prometheus-agent
repository: https://newrelic.github.io/newrelic-prometheus-configurator
version: 1.15.4
- name: nri-metadata-injection
repository: https://newrelic.github.io/k8s-metadata-injection
version: 4.22.3
- name: newrelic-k8s-metrics-adapter
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
version: 1.13.3
- name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 5.26.0
- name: nri-kube-events
repository: https://newrelic.github.io/nri-kube-events
version: 3.11.3
- name: newrelic-logging
repository: https://newrelic.github.io/helm-charts
version: 1.23.5
- name: newrelic-pixie
repository: https://newrelic.github.io/helm-charts
version: 2.1.6
- name: k8s-agents-operator
repository: https://newrelic.github.io/k8s-agents-operator
version: 0.19.0
- name: pixie-operator-chart
repository: https://pixie-operator-charts.storage.googleapis.com
version: 0.1.6
- name: newrelic-infra-operator
repository: https://newrelic.github.io/newrelic-infra-operator
version: 2.13.2
digest: sha256:da605e3cbcb07bdb850eb3a15f5d92b2f5b01de5b19b93adebdae1f03b80f5ae
generated: "2024-12-10T08:54:30.3259226Z"

85
charts/new-relic/nri-bundle/5.0.104/Chart.yaml Normal file
View File

@ -0,0 +1,85 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: New Relic
catalog.cattle.io/release-name: nri-bundle
apiVersion: v2
dependencies:
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
name: newrelic-infrastructure
repository: https://newrelic.github.io/nri-kubernetes
version: 3.37.1
- condition: prometheus.enabled,nri-prometheus.enabled
name: nri-prometheus
repository: https://newrelic.github.io/nri-prometheus
version: 2.1.19
- condition: newrelic-prometheus-agent.enabled
name: newrelic-prometheus-agent
repository: https://newrelic.github.io/newrelic-prometheus-configurator
version: 1.15.4
- condition: webhook.enabled,nri-metadata-injection.enabled
name: nri-metadata-injection
repository: https://newrelic.github.io/k8s-metadata-injection
version: 4.22.3
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
name: newrelic-k8s-metrics-adapter
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
version: 1.13.3
- condition: ksm.enabled,kube-state-metrics.enabled
name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 5.26.0
- condition: kubeEvents.enabled,nri-kube-events.enabled
name: nri-kube-events
repository: https://newrelic.github.io/nri-kube-events
version: 3.11.3
- condition: logging.enabled,newrelic-logging.enabled
name: newrelic-logging
repository: https://newrelic.github.io/helm-charts
version: 1.23.5
- condition: newrelic-pixie.enabled
name: newrelic-pixie
repository: https://newrelic.github.io/helm-charts
version: 2.1.6
- condition: k8s-agents-operator.enabled
name: k8s-agents-operator
repository: https://newrelic.github.io/k8s-agents-operator
version: 0.19.0
- alias: pixie-chart
condition: pixie-chart.enabled
name: pixie-operator-chart
repository: https://pixie-operator-charts.storage.googleapis.com
version: 0.1.6
- condition: newrelic-infra-operator.enabled
name: newrelic-infra-operator
repository: https://newrelic.github.io/newrelic-infra-operator
version: 2.13.2
description: Groups together the individual charts for the New Relic Kubernetes solution
for a more comfortable deployment.
home: https://github.com/newrelic/helm-charts
icon: file://assets/icons/nri-bundle.svg
keywords:
- infrastructure
- newrelic
- monitoring
maintainers:
- name: juanjjaramillo
url: https://github.com/juanjjaramillo
- name: csongnr
url: https://github.com/csongnr
- name: dbudziwojskiNR
url: https://github.com/dbudziwojskiNR
name: nri-bundle
sources:
- https://github.com/newrelic/nri-bundle/
- https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle
- https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure
- https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus
- https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
- https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter
- https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
- https://github.com/newrelic/k8s-agents-operator/tree/master/charts/k8s-agents-operator
version: 5.0.104

200
charts/new-relic/nri-bundle/5.0.104/README.md Normal file
View File

@ -0,0 +1,200 @@
# nri-bundle
Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment.
**Homepage:** <https://github.com/newrelic/helm-charts>
## Bundled charts
This chart does not deploy anything by itself but has many charts as dependencies. This allows you to easily install and upgrade the New Relic
Kubernetes Integration using only one chart.
In case you need more information about each component this chart installs, or you are an advanced user that want to install each component separately,
here is a list of components that this chart installs and where you can find more information about them:
| Component | Installed by default? | Description |
|------------------------------|-----------------------|-------------|
| [newrelic-infrastructure](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) | Yes | Sends metrics about nodes, cluster objects (e.g. Deployments, Pods), and the control plane to New Relic. |
| [nri-metadata-injection](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) | Yes | Enriches New Relic-instrumented applications (APM) with Kubernetes information. |
| [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) | | Required for `newrelic-infrastructure` to gather cluster-level metrics. |
| [nri-kube-events](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) | | Reports Kubernetes events to New Relic. |
| [newrelic-infra-operator](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) | | (Beta) Used with Fargate or serverless environments to inject `newrelic-infrastructure` as a sidecar instead of the usual DaemonSet. |
| [newrelic-k8s-metrics-adapter](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) | | (Beta) Provides a source of data for Horizontal Pod Autoscalers (HPA) based on a NRQL query from New Relic. |
| [newrelic-logging](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) | | Sends logs for Kubernetes components and workloads running on the cluster to New Relic. |
| [nri-prometheus](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) | | Sends metrics from applications exposing Prometheus metrics to New Relic. |
| [newrelic-prometheus-configurator](https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent) | | Configures instances of Prometheus in Agent mode to send metrics to the New Relic Prometheus endpoint. |
| [newrelic-pixie](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) | | Connects to the Pixie API and enables the New Relic plugin in Pixie. The plugin allows you to export data from Pixie to New Relic for long-term data retention. |
| [Pixie](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) | | Is an open source observability tool for Kubernetes applications that uses eBPF to automatically capture telemetry data without the need for manual instrumentation. |
| [k8s-agents-operator](https://github.com/newrelic/k8s-agents-operator/tree/main/charts/k8s-agents-operator) | | (Preview) Streamlines full-stack observability for Kubernetes environments by automating APM instrumentation alongside Kubernetes agent deployment. |
## Configure components
It is possible to configure settings for the individual charts this chart groups by specifying values for them under a key using the name of the chart,
as specified in [helm documentation](https://helm.sh/docs/chart_template_guide/subcharts_and_globals).
For example, by adding the following to the `values.yml` file:
```yaml
# Configuration settings for the newrelic-infrastructure chart
newrelic-infrastructure:
# Any key defined in the values.yml file for the newrelic-infrastructure chart can be configured here:
# https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml
verboseLog: false
resources:
limits:
memory: 512M
```
It is possible to override any entry of the [`newrelic-infrastructure`](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure)
chart, as defined in their [`values.yml` file](https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml).
The same approach can be followed to update any of the subcharts.
After making these changes to the `values.yml` file, or a custom values file, make sure to apply them using:
```
$ helm upgrade --reuse-values -f values.yaml [RELEASE] newrelic/nri-bundle
```
Where `[RELEASE]` is the name of the helm release, e.g. `newrelic-bundle`.
## Monitor on host integrations
If you wish to monitor services running on Kubernetes you can provide integrations
configuration under `integrations_config` that it will passed down to the `newrelic-infrastructure` chart.
You just need to create a new entry where the "name" is the filename of the configuration file and the data is the content of
the integration configuration. The name must end in ".yaml" as this will be the
filename generated and the Infrastructure agent only looks for YAML files.
The data part is the actual integration configuration as described in the spec here:
https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180
In the following example you can see how to monitor a Redis integration with autodiscovery
```yaml
newrelic-infrastructure:
integrations:
nri-redis-sampleapp:
discovery:
command:
exec: /var/db/newrelic-infra/nri-discovery-kubernetes --tls --port 10250
match:
label.app: sampleapp
integrations:
- name: nri-redis
env:
# using the discovered IP as the hostname address
HOSTNAME: ${discovery.ip}
PORT: 6379
labels:
env: test
```
## Bring your own KSM
New Relic Kubernetes Integration requires an instance of kube-state-metrics (KSM) to be running in the cluster, which this chart pulls as a dependency. If you are already running or want to run your own KSM instance, you will need to make some small adjustments as described below.
### Bring your own KSM
If you already have one KSM instance running, you can point `nri-kubernetes` to your instance:
```yaml
kube-state-metrics:
# Disable bundled KSM.
enabled: false
newrelic-infrastructure:
ksm:
config:
# Selector for your pre-installed KSM Service. You may need to adjust this to fit your existing installation.
selector: "app.kubernetes.io/name=kube-state-metrics"
# Alternatively, you can specify a fixed URL where KSM is available. Doing so will bypass autodiscovery.
#staticUrl: http://ksm.ksm.svc.cluster.local:8080/metrics
```
### <span id="ksm-different-version">Run KSM alongside a different version</span>
If you need to run a different instance of KSM in your cluster, you can still run a separate instance for the Kubernetes Integration to work as intended:
```yaml
kube-state-metrics:
# Enable bundled KSM.
enabled: true
prometheusScrape: false
customLabels:
# Label unique to this KSM instance.
newrelic.com/custom-ksm: "true"
newrelic-infrastructure:
ksm:
config:
# Use label above as a selector.
selector: "newrelic.com/custom-ksm=true"
```
For more information on supported KSM version visit the [requirements documentation](https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/kubernetes-integration-compatibility-requirements#reqs)
## Values managed globally
Some of the subchart implement the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which
means that it honors a wide range of defaults and globals common to most New Relic Helm charts.
Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at
[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md).
At the time of writing this document, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this library and
honors global options as described below.
Note, the value table below is automatically generated from `values.yaml` by `helm-docs`. If you need to add new fields or update existing fields, please update the `values.yaml` and then run `helm-docs` to update this value table.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global | object | See [`values.yaml`](values.yaml) | change the behaviour globally to all the supported helm charts. See [user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) for further information. |
| global.affinity | object | `{}` | Sets pod/node affinities |
| global.cluster | string | `""` | The cluster name for the Kubernetes cluster. |
| global.containerSecurityContext | object | `{}` | Sets security context (at container level) |
| global.customAttributes | object | `{}` | Adds extra attributes to the cluster and all the metrics emitted to the backend |
| global.customSecretLicenseKey | string | `""` | Key in the Secret object where the license key is stored |
| global.customSecretName | string | `""` | Name of the Secret object where the license key is stored |
| global.dnsConfig | object | `{}` | Sets pod's dnsConfig |
| global.fargate | bool | false | Must be set to `true` when deploying in an EKS Fargate environment |
| global.hostNetwork | bool | false | Sets pod's hostNetwork |
| global.images.pullSecrets | list | `[]` | Set secrets to be able to fetch images |
| global.images.registry | string | `""` | Changes the registry where to get the images. Useful when there is an internal image cache/proxy |
| global.insightsKey | string | `""` | The license key for your New Relic Account. This will be preferred configuration option if both `insightsKey` and `customSecret` are specified. |
| global.labels | object | `{}` | Additional labels for chart objects |
| global.licenseKey | string | `""` | The license key for your New Relic Account. This will be preferred configuration option if both `licenseKey` and `customSecret` are specified. |
| global.lowDataMode | bool | false | Reduces number of metrics sent in order to reduce costs |
| global.nodeSelector | object | `{}` | Sets pod's node selector |
| global.nrStaging | bool | false | Send the metrics to the staging backend. Requires a valid staging license key |
| global.podLabels | object | `{}` | Additional labels for chart pods |
| global.podSecurityContext | object | `{}` | Sets security context (at pod level) |
| global.priorityClassName | string | `""` | Sets pod's priorityClassName |
| global.privileged | bool | false | In each integration it has different behavior. See [Further information](#values-managed-globally-3) but all aims to send less metrics to the backend to try to save costs | |
| global.proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port` |
| global.serviceAccount.annotations | object | `{}` | Add these annotations to the service account we create |
| global.serviceAccount.create | string | `nil` | Configures if the service account should be created or not |
| global.serviceAccount.name | string | `nil` | Change the name of the service account. This is honored if you disable on this chart the creation of the service account so you can use your own |
| global.tolerations | list | `[]` | Sets pod's tolerations to node taints |
| global.verboseLog | bool | false | Sets the debug logs to this integration or all integrations if it is set globally |
| k8s-agents-operator.enabled | bool | `false` | Install the [`k8s-agents-operator` chart](https://github.com/newrelic/k8s-agents-operator/tree/main/charts/k8s-agents-operator) |
| kube-state-metrics.enabled | bool | `false` | Install the [`kube-state-metrics` chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) from the stable helm charts repository. This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0. Note, kube-state-metrics v2+ disables labels/annotations metrics by default. You can enable the target labels/annotations metrics to be monitored by using the metricLabelsAllowlist/metricAnnotationsAllowList options described [here](https://github.com/prometheus-community/helm-charts/blob/159cd8e4fb89b8b107dcc100287504bb91bf30e0/charts/kube-state-metrics/values.yaml#L274) in your Kubernetes clusters. |
| newrelic-infra-operator.enabled | bool | `false` | Install the [`newrelic-infra-operator` chart](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) (Beta) |
| newrelic-infrastructure.enabled | bool | `true` | Install the [`newrelic-infrastructure` chart](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) |
| newrelic-k8s-metrics-adapter.enabled | bool | `false` | Install the [`newrelic-k8s-metrics-adapter.` chart](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) (Beta) |
| newrelic-logging.enabled | bool | `false` | Install the [`newrelic-logging` chart](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) |
| newrelic-pixie.enabled | bool | `false` | Install the [`newrelic-pixie`](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) |
| newrelic-prometheus-agent.enabled | bool | `false` | Install the [`newrelic-prometheus-agent` chart](https://github.com/newrelic/newrelic-prometheus-configurator/tree/main/charts/newrelic-prometheus-agent) |
| nri-kube-events.enabled | bool | `false` | Install the [`nri-kube-events` chart](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) |
| nri-metadata-injection.enabled | bool | `true` | Install the [`nri-metadata-injection` chart](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) |
| nri-prometheus.enabled | bool | `false` | Install the [`nri-prometheus` chart](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) |
| pixie-chart.enabled | bool | `false` | Install the [`pixie-chart` chart](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) |
## Maintainers
* [juanjjaramillo](https://github.com/juanjjaramillo)
* [csongnr](https://github.com/csongnr)
* [dbudziwojskiNR](https://github.com/dbudziwojskiNR)

166
charts/new-relic/nri-bundle/5.0.104/README.md.gotmpl Normal file
View File

@ -0,0 +1,166 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
## Bundled charts
This chart does not deploy anything by itself but has many charts as dependencies. This allows you to easily install and upgrade the New Relic
Kubernetes Integration using only one chart.
In case you need more information about each component this chart installs, or you are an advanced user that want to install each component separately,
here is a list of components that this chart installs and where you can find more information about them:
| Component | Installed by default? | Description |
|------------------------------|-----------------------|-------------|
| [newrelic-infrastructure](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) | Yes | Sends metrics about nodes, cluster objects (e.g. Deployments, Pods), and the control plane to New Relic. |
| [nri-metadata-injection](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) | Yes | Enriches New Relic-instrumented applications (APM) with Kubernetes information. |
| [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) | | Required for `newrelic-infrastructure` to gather cluster-level metrics. |
| [nri-kube-events](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) | | Reports Kubernetes events to New Relic. |
| [newrelic-infra-operator](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) | | (Beta) Used with Fargate or serverless environments to inject `newrelic-infrastructure` as a sidecar instead of the usual DaemonSet. |
| [newrelic-k8s-metrics-adapter](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) | | (Beta) Provides a source of data for Horizontal Pod Autoscalers (HPA) based on a NRQL query from New Relic. |
| [newrelic-logging](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) | | Sends logs for Kubernetes components and workloads running on the cluster to New Relic. |
| [nri-prometheus](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) | | Sends metrics from applications exposing Prometheus metrics to New Relic. |
| [newrelic-prometheus-configurator](https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent) | | Configures instances of Prometheus in Agent mode to send metrics to the New Relic Prometheus endpoint. |
| [newrelic-pixie](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) | | Connects to the Pixie API and enables the New Relic plugin in Pixie. The plugin allows you to export data from Pixie to New Relic for long-term data retention. |
| [Pixie](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) | | Is an open source observability tool for Kubernetes applications that uses eBPF to automatically capture telemetry data without the need for manual instrumentation. |
| [k8s-agents-operator](https://github.com/newrelic/k8s-agents-operator/tree/main/charts/k8s-agents-operator) | | (Preview) Streamlines full-stack observability for Kubernetes environments by automating APM instrumentation alongside Kubernetes agent deployment. |
## Configure components
It is possible to configure settings for the individual charts this chart groups by specifying values for them under a key using the name of the chart,
as specified in [helm documentation](https://helm.sh/docs/chart_template_guide/subcharts_and_globals).
For example, by adding the following to the `values.yml` file:
```yaml
# Configuration settings for the newrelic-infrastructure chart
newrelic-infrastructure:
# Any key defined in the values.yml file for the newrelic-infrastructure chart can be configured here:
# https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml
verboseLog: false
resources:
limits:
memory: 512M
```
It is possible to override any entry of the [`newrelic-infrastructure`](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure)
chart, as defined in their [`values.yml` file](https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml).
The same approach can be followed to update any of the subcharts.
After making these changes to the `values.yml` file, or a custom values file, make sure to apply them using:
```
$ helm upgrade --reuse-values -f values.yaml [RELEASE] newrelic/nri-bundle
```
Where `[RELEASE]` is the name of the helm release, e.g. `newrelic-bundle`.
## Monitor on host integrations
If you wish to monitor services running on Kubernetes you can provide integrations
configuration under `integrations_config` that it will passed down to the `newrelic-infrastructure` chart.
You just need to create a new entry where the "name" is the filename of the configuration file and the data is the content of
the integration configuration. The name must end in ".yaml" as this will be the
filename generated and the Infrastructure agent only looks for YAML files.
The data part is the actual integration configuration as described in the spec here:
https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180
In the following example you can see how to monitor a Redis integration with autodiscovery
```yaml
newrelic-infrastructure:
integrations:
nri-redis-sampleapp:
discovery:
command:
exec: /var/db/newrelic-infra/nri-discovery-kubernetes --tls --port 10250
match:
label.app: sampleapp
integrations:
- name: nri-redis
env:
# using the discovered IP as the hostname address
HOSTNAME: ${discovery.ip}
PORT: 6379
labels:
env: test
```
## Bring your own KSM
New Relic Kubernetes Integration requires an instance of kube-state-metrics (KSM) to be running in the cluster, which this chart pulls as a dependency. If you are already running or want to run your own KSM instance, you will need to make some small adjustments as described below.
### Bring your own KSM
If you already have one KSM instance running, you can point `nri-kubernetes` to your instance:
```yaml
kube-state-metrics:
# Disable bundled KSM.
enabled: false
newrelic-infrastructure:
ksm:
config:
# Selector for your pre-installed KSM Service. You may need to adjust this to fit your existing installation.
selector: "app.kubernetes.io/name=kube-state-metrics"
# Alternatively, you can specify a fixed URL where KSM is available. Doing so will bypass autodiscovery.
#staticUrl: http://ksm.ksm.svc.cluster.local:8080/metrics
```
### <span id="ksm-different-version">Run KSM alongside a different version</span>
If you need to run a different instance of KSM in your cluster, you can still run a separate instance for the Kubernetes Integration to work as intended:
```yaml
kube-state-metrics:
# Enable bundled KSM.
enabled: true
prometheusScrape: false
customLabels:
# Label unique to this KSM instance.
newrelic.com/custom-ksm: "true"
newrelic-infrastructure:
ksm:
config:
# Use label above as a selector.
selector: "newrelic.com/custom-ksm=true"
```
For more information on supported KSM version visit the [requirements documentation](https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/kubernetes-integration-compatibility-requirements#reqs)
## Values managed globally
Some of the subchart implement the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which
means that it honors a wide range of defaults and globals common to most New Relic Helm charts.
Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at
[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md).
At the time of writing this document, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this library and
honors global options as described below.
Note, the value table below is automatically generated from `values.yaml` by `helm-docs`. If you need to add new fields or update existing fields, please update the `values.yaml` and then run `helm-docs` to update this value table.
{{ template "chart.valuesSection" . }}
{{ if .Maintainers }}
## Maintainers
{{ range .Maintainers }}
{{- if .Name }}
{{- if .Url }}
* [{{ .Name }}]({{ .Url }})
{{- else }}
* {{ .Name }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

5
charts/new-relic/nri-bundle/5.0.104/app-readme.md Normal file
View File

@ -0,0 +1,5 @@
# New Relic Kubernetes Integration
New Relic's Kubernetes integration gives you full observability into the health and performance of your environment, no matter whether you run Kubernetes on-premises or in the cloud. With our [cluster explorer](https://docs.newrelic.com/docs/integrations/kubernetes-integration/cluster-explorer/kubernetes-cluster-explorer), you can cut through layers of complexity to see how your cluster is performing, from the heights of the control plane down to applications running on a single pod.
You can see the power of the Kubernetes integration in the [cluster explorer](https://docs.newrelic.com/docs/integrations/kubernetes-integration/cluster-explorer/kubernetes-cluster-explorer), where the full picture of a cluster is made available on a single screen: nodes and pods are visualized according to their health and performance, with pending and alerting nodes in the innermost circles. [Predefined alert conditions](https://docs.newrelic.com/docs/integrations/kubernetes-integration/kubernetes-events/kubernetes-integration-predefined-alert-policy) help you troubleshoot issues right from the start. Clicking each node reveals its status and how each app is performing.

23
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
version: 1.3.0
digest: sha256:2e1da613fd8a52706bde45af077779c5d69e9e1641bdf5c982eaf6d1ac67a443
generated: "2024-10-25T18:35:38.878351812Z"

20
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/Chart.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v2
appVersion: 0.19.0
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
version: 1.3.0
description: A Helm chart for the Kubernetes Agents Operator
home: https://github.com/newrelic/k8s-agents-operator/blob/main/charts/k8s-agents-operator/README.md
maintainers:
- name: csongnr
url: https://github.com/csongnr
- name: dbudziwojskiNR
url: https://github.com/dbudziwojskiNR
- name: danielstokes
url: https://github.com/danielstokes
name: k8s-agents-operator
sources:
- https://github.com/newrelic/k8s-agents-operator
type: application
version: 0.19.0

294
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/README.md Normal file
View File

@ -0,0 +1,294 @@
# k8s-agents-operator
![Version: 0.19.0](https://img.shields.io/badge/Version-0.19.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.0](https://img.shields.io/badge/AppVersion-0.19.0-informational?style=flat-square)
A Helm chart for the Kubernetes Agents Operator
**Homepage:** <https://github.com/newrelic/k8s-agents-operator/blob/main/charts/k8s-agents-operator/README.md>
## Prerequisites
[Helm](https://helm.sh) must be installed to use the charts. Please refer to Helm's [documentation](https://helm.sh/docs) to get started.
## Installation
### Requirements
Add the `k8s-agents-operator` Helm chart repository:
```shell
helm repo add k8s-agents-operator https://newrelic.github.io/k8s-agents-operator
```
### Instrumentation
Install the [`k8s-agents-operator`](https://github.com/newrelic/k8s-agents-operator) Helm chart:
```shell
helm upgrade --install k8s-agents-operator k8s-agents-operator/k8s-agents-operator \
--namespace newrelic \
--create-namespace \
--values your-custom-values.yaml
```
### Monitored namespaces
For each namespace you want the operator to be instrumented, a secret will be replicated from the newrelic operator namespace.
For each `Instrumentation` custom resource created, specifying which APM agent you want to instrument for each language. All available APM
agent docker images and corresponding tags are listed on DockerHub:
* [.NET](https://hub.docker.com/repository/docker/newrelic/newrelic-dotnet-init/general)
* [Java](https://hub.docker.com/repository/docker/newrelic/newrelic-java-init/general)
* [Node](https://hub.docker.com/repository/docker/newrelic/newrelic-node-init/general)
* [Python](https://hub.docker.com/repository/docker/newrelic/newrelic-python-init/general)
* [Ruby](https://hub.docker.com/repository/docker/newrelic/newrelic-ruby-init/general)
For .NET
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-dotnet
spec:
agent:
language: dotnet
image: newrelic/newrelic-dotnet-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Java
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-java
namespace: newrelic
spec:
agent:
language: java
image: newrelic/newrelic-java-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For NodeJS
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-nodejs
namespace: newrelic
spec:
agent:
language: nodejs
image: newrelic/newrelic-node-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Python
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-python
namespace: newrelic
spec:
agent:
language: python
image: newrelic/newrelic-python-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Ruby
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-ruby
namespace: newrelic
spec:
agent:
language: ruby
image: newrelic/newrelic-ruby-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For environment specific configurations
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
agent:
env:
# Example New Relic agent supported environment variables
- name: NEW_RELIC_LABELS
value: "environment:auto-injection"
# Example setting the pod name based on the metadata
- name: NEW_RELIC_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
# Example overriding the appName configuration
- name: NEW_RELIC_APP_NAME
value: "$(NEW_RELIC_LABELS)-$(NEW_RELIC_POD_NAME)"
```
Targeting everything in a specific namespace with a label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
#agent: ...
namespaceLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["java"]
```
Targeting a pod with a specific label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
podLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["dotnet"]
```
Using a secret with a non-default name
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
licenseKeySecret: the-name-of-the-custom-secret
```
In the example above, we show how you can configure the agent settings globally using environment variables. See each agent's configuration documentation for available configuration options:
* [Java](https://docs.newrelic.com/docs/apm/agents/java-agent/configuration/java-agent-configuration-config-file/)
* [Node](https://docs.newrelic.com/docs/apm/agents/nodejs-agent/installation-configuration/nodejs-agent-configuration/)
* [Python](https://docs.newrelic.com/docs/apm/agents/python-agent/configuration/python-agent-configuration/)
* [.NET](https://docs.newrelic.com/docs/apm/agents/net-agent/configuration/net-agent-configuration/)
* [Ruby](https://docs.newrelic.com/docs/apm/agents/ruby-agent/configuration/ruby-agent-configuration/)
### cert-manager
The K8s Agents Operator supports the use of [`cert-manager`](https://github.com/cert-manager/cert-manager) if preferred.
Install the [`cert-manager`](https://github.com/cert-manager/cert-manager) Helm chart:
```shell
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set crds.enabled=true
```
In your `values.yaml` file, set `admissionWebhooks.autoGenerateCert.enabled: false` and `admissionWebhooks.certManager.enabled: true`. Then install the chart as normal.
## Security
This operator requires a privileged environment to run correctly. As with all components that run in a privileged environment, please exercise caution when granting access to the namespace (and other resources) that the K8s Agent Operator is deployed on.
## Available Chart Releases
To see the available charts:
```shell
helm search repo k8s-agents-operator
```
If you want to see a list of all available charts and releases, check [index.yaml](https://newrelic.github.io/k8s-agents-operator/index.yaml).
## Source Code
* <https://github.com/newrelic/k8s-agents-operator>
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| https://helm-charts.newrelic.com | common-library | 1.3.0 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| admissionWebhooks | object | `{"autoGenerateCert":{"certPeriodDays":365,"enabled":true,"recreate":true},"caFile":"","certFile":"","certManager":{"enabled":false},"create":true,"keyFile":""}` | Admission webhooks make sure only requests with correctly formatted rules will get into the Operator |
| admissionWebhooks.autoGenerateCert.certPeriodDays | int | `365` | Cert validity period time in days. |
| admissionWebhooks.autoGenerateCert.enabled | bool | `true` | If true and certManager.enabled is false, Helm will automatically create a self-signed cert and secret for you. |
| admissionWebhooks.autoGenerateCert.recreate | bool | `true` | If set to true, new webhook key/certificate is generated on helm upgrade. |
| admissionWebhooks.caFile | string | `""` | Path to the CA cert. |
| admissionWebhooks.certFile | string | `""` | Path to your own PEM-encoded certificate. |
| admissionWebhooks.certManager.enabled | bool | `false` | If true and autoGenerateCert.enabled is false, cert-manager will create a self-signed cert and secret for you. |
| admissionWebhooks.keyFile | string | `""` | Path to your own PEM-encoded private key. |
| affinity | object | `{}` | Sets all pods' affinities. Can be configured also with `global.affinity` |
| containerSecurityContext | object | `{}` | Sets all security context (at container level). Can be configured also with `global.securityContext.container` |
| controllerManager.kubeRbacProxy.containerSecurityContext | object | `{}` | Sets security context (at container level) for kubeRbacProxy. Overrides `containerSecurityContext` and `global.containerSecurityContext` |
| controllerManager.kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | Sets the repository and image to use for kube-rbac-proxy. Please ensure you're using a trusted image. |
| controllerManager.kubeRbacProxy.image.version | string | `"sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea"` | Sets the kube-rbac-proxy image version to retrieve. Could be a tag i.e. "v0.16.0" or a SHA digest i.e. "sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea" |
| controllerManager.kubeRbacProxy.resources.limits.cpu | string | `"500m"` | |
| controllerManager.kubeRbacProxy.resources.limits.memory | string | `"128Mi"` | |
| controllerManager.kubeRbacProxy.resources.requests.cpu | string | `"5m"` | |
| controllerManager.kubeRbacProxy.resources.requests.memory | string | `"64Mi"` | |
| controllerManager.manager.containerSecurityContext | object | `{}` | Sets security context (at container level) for the manager. Overrides `containerSecurityContext` and `global.containerSecurityContext` |
| controllerManager.manager.image.pullPolicy | string | `nil` | |
| controllerManager.manager.image.repository | string | `"newrelic/k8s-agents-operator"` | Sets the repository and image to use for the manager. Please ensure you're using trusted New Relic images. |
| controllerManager.manager.image.version | string | `nil` | Sets the manager image version to retrieve. Could be a tag i.e. "v0.17.0" or a SHA digest i.e. "sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e" |
| controllerManager.manager.leaderElection | object | `{"enabled":true}` | Enable leader election mechanism for protecting against split brain if multiple operator pods/replicas are started |
| controllerManager.manager.resources.requests.cpu | string | `"100m"` | |
| controllerManager.manager.resources.requests.memory | string | `"64Mi"` | |
| controllerManager.replicas | int | `1` | |
| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` |
| kubernetesClusterDomain | string | `"cluster.local"` | |
| labels | object | `{}` | Additional labels for chart objects |
| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` |
| metricsService.ports[0].name | string | `"https"` | |
| metricsService.ports[0].port | int | `8443` | |
| metricsService.ports[0].protocol | string | `"TCP"` | |
| metricsService.ports[0].targetPort | string | `"https"` | |
| metricsService.type | string | `"ClusterIP"` | |
| nodeSelector | object | `{}` | Sets all pods' node selector. Can be configured also with `global.nodeSelector` |
| podAnnotations | object | `{}` | Annotations to be added to the deployment. |
| podLabels | object | `{}` | Additional labels for chart pods |
| podSecurityContext | object | `{"fsGroup":65532,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532}` | SecurityContext holds pod-level security attributes and common container settings |
| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` |
| serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation |
| serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created |
| tolerations | list | `[]` | Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` |
| webhookService.ports[0].port | int | `443` | |
| webhookService.ports[0].protocol | string | `"TCP"` | |
| webhookService.ports[0].targetPort | int | `9443` | |
| webhookService.type | string | `"ClusterIP"` | |
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| csongnr | | <https://github.com/csongnr> |
| dbudziwojskiNR | | <https://github.com/dbudziwojskiNR> |
| danielstokes | | <https://github.com/danielstokes> |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

234
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/README.md.gotmpl Normal file
View File

@ -0,0 +1,234 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
## Prerequisites
[Helm](https://helm.sh) must be installed to use the charts. Please refer to Helm's [documentation](https://helm.sh/docs) to get started.
## Installation
### Requirements
Add the `k8s-agents-operator` Helm chart repository:
```shell
helm repo add k8s-agents-operator https://newrelic.github.io/k8s-agents-operator
```
### Instrumentation
Install the [`k8s-agents-operator`](https://github.com/newrelic/k8s-agents-operator) Helm chart:
```shell
helm upgrade --install k8s-agents-operator k8s-agents-operator/k8s-agents-operator \
--namespace newrelic \
--create-namespace \
--values your-custom-values.yaml
```
### Monitored namespaces
For each namespace you want the operator to be instrumented, a secret will be replicated from the newrelic operator namespace.
For each `Instrumentation` custom resource created, specifying which APM agent you want to instrument for each language. All available APM
agent docker images and corresponding tags are listed on DockerHub:
* [.NET](https://hub.docker.com/repository/docker/newrelic/newrelic-dotnet-init/general)
* [Java](https://hub.docker.com/repository/docker/newrelic/newrelic-java-init/general)
* [Node](https://hub.docker.com/repository/docker/newrelic/newrelic-node-init/general)
* [Python](https://hub.docker.com/repository/docker/newrelic/newrelic-python-init/general)
* [Ruby](https://hub.docker.com/repository/docker/newrelic/newrelic-ruby-init/general)
For .NET
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-dotnet
spec:
agent:
language: dotnet
image: newrelic/newrelic-dotnet-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Java
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-java
namespace: newrelic
spec:
agent:
language: java
image: newrelic/newrelic-java-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For NodeJS
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-nodejs
namespace: newrelic
spec:
agent:
language: nodejs
image: newrelic/newrelic-node-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Python
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-python
namespace: newrelic
spec:
agent:
language: python
image: newrelic/newrelic-python-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Ruby
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-ruby
namespace: newrelic
spec:
agent:
language: ruby
image: newrelic/newrelic-ruby-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For environment specific configurations
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
agent:
env:
# Example New Relic agent supported environment variables
- name: NEW_RELIC_LABELS
value: "environment:auto-injection"
# Example setting the pod name based on the metadata
- name: NEW_RELIC_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
# Example overriding the appName configuration
- name: NEW_RELIC_APP_NAME
value: "$(NEW_RELIC_LABELS)-$(NEW_RELIC_POD_NAME)"
```
Targeting everything in a specific namespace with a label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
#agent: ...
namespaceLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["java"]
```
Targeting a pod with a specific label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
podLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["dotnet"]
```
Using a secret with a non-default name
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
licenseKeySecret: the-name-of-the-custom-secret
```
In the example above, we show how you can configure the agent settings globally using environment variables. See each agent's configuration documentation for available configuration options:
* [Java](https://docs.newrelic.com/docs/apm/agents/java-agent/configuration/java-agent-configuration-config-file/)
* [Node](https://docs.newrelic.com/docs/apm/agents/nodejs-agent/installation-configuration/nodejs-agent-configuration/)
* [Python](https://docs.newrelic.com/docs/apm/agents/python-agent/configuration/python-agent-configuration/)
* [.NET](https://docs.newrelic.com/docs/apm/agents/net-agent/configuration/net-agent-configuration/)
* [Ruby](https://docs.newrelic.com/docs/apm/agents/ruby-agent/configuration/ruby-agent-configuration/)
### cert-manager
The K8s Agents Operator supports the use of [`cert-manager`](https://github.com/cert-manager/cert-manager) if preferred.
Install the [`cert-manager`](https://github.com/cert-manager/cert-manager) Helm chart:
```shell
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set crds.enabled=true
```
In your `values.yaml` file, set `admissionWebhooks.autoGenerateCert.enabled: false` and `admissionWebhooks.certManager.enabled: true`. Then install the chart as normal.
## Security
This operator requires a privileged environment to run correctly. As with all components that run in a privileged environment, please exercise caution when granting access to the namespace (and other resources) that the K8s Agent Operator is deployed on.
## Available Chart Releases
To see the available charts:
```shell
helm search repo k8s-agents-operator
```
If you want to see a list of all available charts and releases, check [index.yaml](https://newrelic.github.io/k8s-agents-operator/index.yaml).
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "chart.maintainersSection" . }}
{{ template "helm-docs.versionFooter" . }}

23
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

17
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/Chart.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v2
description: Provides helpers to provide consistency on all the charts
keywords:
- newrelic
- chart-library
maintainers:
- name: juanjjaramillo
url: https://github.com/juanjjaramillo
- name: csongnr
url: https://github.com/csongnr
- name: dbudziwojskiNR
url: https://github.com/dbudziwojskiNR
- name: kang-makes
url: https://github.com/kang-makes
name: common-library
type: library
version: 1.3.0

747
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/DEVELOPERS.md Normal file
View File

@ -0,0 +1,747 @@
# Functions/templates documented for chart writers
Here is some rough documentation separated by the file that contains the function, the function
name and how to use it. We are not covering functions that start with `_` (e.g.
`newrelic.common.license._licenseKey`) because they are used internally by this library for
other helpers. Helm does not have the concept of "public" or "private" functions/templates so
this is a convention of ours.
## _naming.tpl
These functions are used to name objects.
### `newrelic.common.naming.name`
This is the same as the idiomatic `CHART-NAME.name` that is created when you use `helm create`.
It honors `.Values.nameOverride`.
Usage:
```mustache
{{ include "newrelic.common.naming.name" . }}
```
### `newrelic.common.naming.fullname`
This is the same as the idiomatic `CHART-NAME.fullname` that is created when you use `helm create`
It honors `.Values.fullnameOverride`.
Usage:
```mustache
{{ include "newrelic.common.naming.fullname" . }}
```
### `newrelic.common.naming.chart`
This is the same as the idiomatic `CHART-NAME.chart` that is created when you use `helm create`.
It is mostly useless for chart writers. It is used internally for templating the labels but there
is no reason to keep it "private".
Usage:
```mustache
{{ include "newrelic.common.naming.chart" . }}
```
### `newrelic.common.naming.truncateToDNS`
This is a useful template that could be used to trim a string to 63 chars and does not end with a dash (`-`).
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
Usage:
```mustache
{{ $nameToTruncate := "a-really-really-really-really-REALLY-long-string-that-should-be-truncated-because-it-is-enought-long-to-brak-something"
{{- $truncatedName := include "newrelic.common.naming.truncateToDNS" $nameToTruncate }}
{{- $truncatedName }}
{{- /* This should print: a-really-really-really-really-REALLY-long-string-that-should-be */ -}}
```
### `newrelic.common.naming.truncateToDNSWithSuffix`
This template function is the same as the above but instead of receiving a string you should give a `dict`
with a `name` and a `suffix`. This function will join them with a dash (`-`) and trim the `name` so the
result of `name-suffix` is no more than 63 chars
Usage:
```mustache
{{ $nameToTruncate := "a-really-really-really-really-REALLY-long-string-that-should-be-truncated-because-it-is-enought-long-to-brak-something"
{{- $suffix := "A-NOT-SO-LONG-SUFFIX" }}
{{- $truncatedName := include "truncateToDNSWithSuffix" (dict "name" $nameToTruncate "suffix" $suffix) }}
{{- $truncatedName }}
{{- /* This should print: a-really-really-really-really-REALLY-long-A-NOT-SO-LONG-SUFFIX */ -}}
```
## _labels.tpl
### `newrelic.common.labels`, `newrelic.common.labels.selectorLabels` and `newrelic.common.labels.podLabels`
These are functions that are used to label objects. They are configured by this `values.yaml`
```yaml
global:
podLabels: {} # included in all the pods of all the charts that implement this library
labels: {} # included in all the objects of all the charts that implement this library
podLabels: {} # included in all the pods of this chart
labels: {} # included in all the objects of this chart
```
label maps are merged from global to local values.
And chart writer should use them like this:
```mustache
metadata:
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "newrelic.common.labels.podLabels" . | nindent 8 }}
```
`newrelic.common.labels.podLabels` includes `newrelic.common.labels.selectorLabels` automatically.
## _priority-class-name.tpl
### `newrelic.common.priorityClassName`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
priorityClassName: ""
priorityClassName: ""
```
Be careful: chart writers should put an empty string (or any kind of Helm falsiness) for this
library to work properly. If in your values a non-falsy `priorityClassName` is found, the global
one is going to be always ignored.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.priorityClassName" . }}
priorityClassName: {{ . }}
{{- end }}
```
## _hostnetwork.tpl
### `newrelic.common.hostNetwork`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
hostNetwork: # Note that this is empty (nil)
hostNetwork: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `hostNetwork` is defined, the global one is going to be always ignored.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.hostNetwork" . }}
hostNetwork: {{ . }}
{{- end }}
```
### `newrelic.common.hostNetwork.value`
This function is an abstraction of the function above but this returns directly "true" or "false".
Be careful with using this with an `if` as Helm does evaluate "false" (string) as `true`.
Usage (example in a pod spec):
```mustache
spec:
hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }}
```
## _dnsconfig.tpl
### `newrelic.common.dnsConfig`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
dnsConfig: {}
dnsConfig: {}
```
Be careful: chart writers should put an empty string (or any kind of Helm falsiness) for this
library to work properly. If in your values a non-falsy `dnsConfig` is found, the global
one is going to be always ignored.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.dnsConfig" . }}
dnsConfig:
{{- . | nindent 4 }}
{{- end }}
```
## _images.tpl
These functions help us to deal with how images are templated. This allows setting `registries`
where to fetch images globally while being flexible enough to fit in different maps of images
and deployments with one or more images. This is the example of a complex `values.yaml` that
we are going to use during the documentation of these functions:
```yaml
global:
images:
registry: nexus-3-instance.internal.clients-domain.tld
jobImage:
registry: # defaults to "example.tld" when empty in these examples
repository: ingress-nginx/kube-webhook-certgen
tag: v1.1.1
pullPolicy: IfNotPresent
pullSecrets: []
images:
integration:
registry:
repository: newrelic/nri-kube-events
tag: 1.8.0
pullPolicy: IfNotPresent
agent:
registry:
repository: newrelic/k8s-events-forwarder
tag: 1.22.0
pullPolicy: IfNotPresent
pullSecrets: []
```
### `newrelic.common.images.image`
This will return a string with the image ready to be downloaded that includes the registry, the image and the tag.
`defaultRegistry` is used to keep `registry` field empty in `values.yaml` so you can override the image using
`global.images.registry`, your local `jobImage.registry` and be able to fallback to a registry that is not `docker.io`
(Or the default repository that the client could have set in the CRI).
Usage:
```mustache
{{- /* For the integration */}}
{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.agent "context" .) }}
{{- /* For jobImage */}}
{{ include "newrelic.common.images.image" ( dict "defaultRegistry" "example.tld" "imageRoot" .Values.jobImage "context" .) }}
```
### `newrelic.common.images.registry`
It returns the registry from the global or local values. You should avoid using this helper to create your image
URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed.
Usage:
```mustache
{{- /* For the integration */}}
{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.images.agent "context" .) }}
{{- /* For jobImage */}}
{{ include "newrelic.common.images.registry" ( dict "defaultRegistry" "example.tld" "imageRoot" .Values.jobImage "context" .) }}
```
### `newrelic.common.images.repository`
It returns the image from the values. You should avoid using this helper to create your image
URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed.
Usage:
```mustache
{{- /* For jobImage */}}
{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.jobImage "context" .) }}
{{- /* For the integration */}}
{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.images.agent "context" .) }}
```
### `newrelic.common.images.tag`
It returns the image's tag from the values. You should avoid using this helper to create your image
URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed.
Usage:
```mustache
{{- /* For jobImage */}}
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.jobImage "context" .) }}
{{- /* For the integration */}}
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.images.agent "context" .) }}
```
### `newrelic.common.images.renderPullSecrets`
If returns a merged map that contains the pull secrets from the global configuration and the local one.
Usage:
```mustache
{{- /* For jobImage */}}
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.jobImage.pullSecrets "context" .) }}
{{- /* For the integration */}}
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.images.pullSecrets "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.images.pullSecrets "context" .) }}
```
## _serviceaccount.tpl
These functions are used to evaluate if the service account should be created, with which name and add annotations to it.
The functions that the common library has implemented for service accounts are:
* `newrelic.common.serviceAccount.create`
* `newrelic.common.serviceAccount.name`
* `newrelic.common.serviceAccount.annotations`
Usage:
```mustache
{{- if include "newrelic.common.serviceAccount.create" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with (include "newrelic.common.serviceAccount.annotations" .) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
```
## _affinity.tpl, _nodeselector.tpl and _tolerations.tpl
These three files are almost the same and they follow the idiomatic way of `helm create`.
Each function also looks if there is a global value like the other helpers.
```yaml
global:
affinity: {}
nodeSelector: {}
tolerations: []
affinity: {}
nodeSelector: {}
tolerations: []
```
The values here are replaced instead of be merged. If a value at root level is found, the global one is ignored.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.nodeSelector" . }}
nodeSelector:
{{- . | nindent 4 }}
{{- end }}
{{- with include "newrelic.common.affinity" . }}
affinity:
{{- . | nindent 4 }}
{{- end }}
{{- with include "newrelic.common.tolerations" . }}
tolerations:
{{- . | nindent 4 }}
{{- end }}
```
## _agent-config.tpl
### `newrelic.common.agentConfig.defaults`
This returns a YAML that the agent can use directly as a config that includes other options from the values file like verbose mode,
custom attributes, FedRAMP and such.
Usage:
```mustache
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
name: {{ include newrelic.common.naming.truncateToDNSWithSuffix (dict "name" (include "newrelic.common.naming.fullname" .) suffix "agent-config") }}
namespace: {{ .Release.Namespace }}
data:
newrelic-infra.yml: |-
# This is the configuration file for the infrastructure agent. See:
# https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/
{{- include "newrelic.common.agentConfig.defaults" . | nindent 4 }}
```
## _cluster.tpl
### `newrelic.common.cluster`
Returns the cluster name
Usage:
```mustache
{{ include "newrelic.common.cluster" . }}
```
## _custom-attributes.tpl
### `newrelic.common.customAttributes`
Return custom attributes in YAML format.
Usage:
```mustache
apiVersion: v1
kind: ConfigMap
metadata:
name: example
data:
custom-attributes.yaml: |
{{- include "newrelic.common.customAttributes" . | nindent 4 }}
custom-attributes.json: |
{{- include "newrelic.common.customAttributes" . | fromYaml | toJson | nindent 4 }}
```
## _fedramp.tpl
### `newrelic.common.fedramp.enabled`
Returns true if FedRAMP is enabled or an empty string if not. It can be safely used in conditionals as an empty string is a Helm falsiness.
Usage:
```mustache
{{ include "newrelic.common.fedramp.enabled" . }}
```
### `newrelic.common.fedramp.enabled.value`
Returns true if FedRAMP is enabled or false if not. This is to have the value of FedRAMP ready to be templated.
Usage:
```mustache
{{ include "newrelic.common.fedramp.enabled.value" . }}
```
## _license.tpl
### `newrelic.common.license.secretName` and ### `newrelic.common.license.secretKeyName`
Returns the secret and key inside the secret where to read the license key.
The common library will take care of using a user-provided custom secret or creating a secret that contains the license key.
To create the secret use `newrelic.common.license.secret`.
Usage:
```mustache
{{- if and (.Values.controlPlane.enabled) (not (include "newrelic.fargate" .)) }}
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
containers:
- name: agent
env:
- name: "NRIA_LICENSE_KEY"
valueFrom:
secretKeyRef:
name: {{ include "newrelic.common.license.secretName" . }}
key: {{ include "newrelic.common.license.secretKeyName" . }}
```
## _license_secret.tpl
### `newrelic.common.license.secret`
This function templates the secret that is used by agents and integrations with the license Key provided by the user. It will
template nothing (empty string) if the user provides a custom pair of secret name and key.
This template also fails in case the user has not provided any license key or custom secret so no safety checks have to be done
by chart writers.
You just must have a template with these two lines:
```mustache
{{- /* Common library will take care of creating the secret or not. */ -}}
{{- include "newrelic.common.license.secret" . -}}
```
## _insights.tpl
### `newrelic.common.insightsKey.secretName` and ### `newrelic.common.insightsKey.secretKeyName`
Returns the secret and key inside the secret where to read the insights key.
The common library will take care of using a user-provided custom secret or creating a secret that contains the insights key.
To create the secret use `newrelic.common.insightsKey.secret`.
Usage:
```mustache
apiVersion: v1
kind: Pod
metadata:
name: statsd
spec:
containers:
- name: statsd
env:
- name: "INSIGHTS_KEY"
valueFrom:
secretKeyRef:
name: {{ include "newrelic.common.insightsKey.secretName" . }}
key: {{ include "newrelic.common.insightsKey.secretKeyName" . }}
```
## _insights_secret.tpl
### `newrelic.common.insightsKey.secret`
This function templates the secret that is used by agents and integrations with the insights key provided by the user. It will
template nothing (empty string) if the user provides a custom pair of secret name and key.
This template also fails in case the user has not provided any insights key or custom secret so no safety checks have to be done
by chart writers.
You just must have a template with these two lines:
```mustache
{{- /* Common library will take care of creating the secret or not. */ -}}
{{- include "newrelic.common.insightsKey.secret" . -}}
```
## _userkey.tpl
### `newrelic.common.userKey.secretName` and ### `newrelic.common.userKey.secretKeyName`
Returns the secret and key inside the secret where to read a user key.
The common library will take care of using a user-provided custom secret or creating a secret that contains the insights key.
To create the secret use `newrelic.common.userKey.secret`.
Usage:
```mustache
apiVersion: v1
kind: Pod
metadata:
name: statsd
spec:
containers:
- name: statsd
env:
- name: "API_KEY"
valueFrom:
secretKeyRef:
name: {{ include "newrelic.common.userKey.secretName" . }}
key: {{ include "newrelic.common.userKey.secretKeyName" . }}
```
## _userkey_secret.tpl
### `newrelic.common.userKey.secret`
This function templates the secret that is used by agents and integrations with a user key provided by the user. It will
template nothing (empty string) if the user provides a custom pair of secret name and key.
This template also fails in case the user has not provided any API key or custom secret so no safety checks have to be done
by chart writers.
You just must have a template with these two lines:
```mustache
{{- /* Common library will take care of creating the secret or not. */ -}}
{{- include "newrelic.common.userKey.secret" . -}}
```
## _region.tpl
### `newrelic.common.region.validate`
Given a string, return a normalized name for the region if valid.
This function does not need the context of the chart, only the value to be validated. The region returned
honors the region [definition of the newrelic-client-go implementation](https://github.com/newrelic/newrelic-client-go/blob/cbe3e4cf2b95fd37095bf2ffdc5d61cffaec17e2/pkg/region/region_constants.go#L8-L21)
so (as of 2024/09/14) it returns the region as "US", "EU", "Staging", or "Local".
In case the region provided does not match these 4, the helper calls `fail` and abort the templating.
Usage:
```mustache
{{ include "newrelic.common.region.validate" "us" }}
```
### `newrelic.common.region`
It reads global and local variables for `region`:
```yaml
global:
region: # Note that this can be empty (nil) or "" (empty string)
region: # Note that this can be empty (nil) or "" (empty string)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in your
values a `region` is defined, the global one is going to be always ignored.
This function gives protection so it enforces users to give the license key as a value in their
`values.yaml` or specify a global or local `region` value. To understand how the `region` value
works, read the documentation of `newrelic.common.region.validate`.
The function will change the region from US, EU or Staging based of the license key and the
`nrStaging` toggle. Whichever region is computed from the license/toggle can be overridden by
the `region` value.
Usage:
```mustache
{{ include "newrelic.common.region" . }}
```
## _low-data-mode.tpl
### `newrelic.common.lowDataMode`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
lowDataMode: # Note that this is empty (nil)
lowDataMode: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `lowdataMode` is defined, the global one is going to be always ignored.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage:
```mustache
{{ include "newrelic.common.lowDataMode" . }}
```
## _privileged.tpl
### `newrelic.common.privileged`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
privileged: # Note that this is empty (nil)
privileged: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `privileged` is defined, the global one is going to be always ignored.
Chart writers could override this and put directly a `true` in the `values.yaml` to override the
default of the common library.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage:
```mustache
{{ include "newrelic.common.privileged" . }}
```
### `newrelic.common.privileged.value`
Returns true if privileged mode is enabled or false if not. This is to have the value of privileged ready to be templated.
Usage:
```mustache
{{ include "newrelic.common.privileged.value" . }}
```
## _proxy.tpl
### `newrelic.common.proxy`
Returns the proxy URL configured by the user.
Usage:
```mustache
{{ include "newrelic.common.proxy" . }}
```
## _security-context.tpl
Use these functions to share the security context among all charts. Useful in clusters that have security enforcing not to
use the root user (like OpenShift) or users that have an admission webhooks.
The functions are:
* `newrelic.common.securityContext.container`
* `newrelic.common.securityContext.pod`
Usage:
```mustache
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
spec:
{{- with include "newrelic.common.securityContext.pod" . }}
securityContext:
{{- . | nindent 8 }}
{{- end }}
containers:
- name: example
{{- with include "nriKubernetes.securityContext.container" . }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
```
## _staging.tpl
### `newrelic.common.nrStaging`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
nrStaging: # Note that this is empty (nil)
nrStaging: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `nrStaging` is defined, the global one is going to be always ignored.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage:
```mustache
{{ include "newrelic.common.nrStaging" . }}
```
### `newrelic.common.nrStaging.value`
Returns true if staging is enabled or false if not. This is to have the staging value ready to be templated.
Usage:
```mustache
{{ include "newrelic.common.nrStaging.value" . }}
```
## _verbose-log.tpl
### `newrelic.common.verboseLog`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
verboseLog: # Note that this is empty (nil)
verboseLog: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `verboseLog` is defined, the global one is going to be always ignored.
Usage:
```mustache
{{ include "newrelic.common.verboseLog" . }}
```
### `newrelic.common.verboseLog.valueAsBoolean`
Returns true if verbose is enabled or false if not. This is to have the verbose value ready to be templated as a boolean
Usage:
```mustache
{{ include "newrelic.common.verboseLog.valueAsBoolean" . }}
```
### `newrelic.common.verboseLog.valueAsInt`
Returns 1 if verbose is enabled or 0 if not. This is to have the verbose value ready to be templated as an integer
Usage:
```mustache
{{ include "newrelic.common.verboseLog.valueAsInt" . }}
```

106
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/README.md Normal file
View File

@ -0,0 +1,106 @@
# Helm Common library
The common library is a way to unify the UX through all the Helm charts that implement it.
The tooling suite that New Relic is huge and growing and this allows to set things globally
and locally for a single chart.
## Documentation for chart writers
If you are writing a chart that is going to use this library you can check the [developers guide](/library/common-library/DEVELOPERS.md) to see all
the functions/templates that we have implemented, what they do and how to use them.
## Values managed globally
We want to have a seamless experience through all the charts so we created this library that tries to standardize the behaviour
of all the charts. Sadly, because of the complexity of all these integrations, not all the charts behave exactly as expected.
An example is `newrelic-infrastructure` that ignores `hostNetwork` in the control plane scraper because most of the users has the
control plane listening in the node to `localhost`.
For each chart that has a special behavior (or further information of the behavior) there is a "chart particularities" section
in its README.md that explains which is the expected behavior.
At the time of writing this, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this
library and honors global options as described in this document.
Here is a list of global options:
| Global keys | Local keys | Default | Merged[<sup>1</sup>](#values-managed-globally-1) | Description |
|-------------|------------|---------|--------------------------------------------------|-------------|
| global.cluster | cluster | `""` | | Name of the Kubernetes cluster monitored |
| global.licenseKey | licenseKey | `""` | | This set this license key to use |
| global.customSecretName | customSecretName | `""` | | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there |
| global.customSecretLicenseKey | customSecretLicenseKey | `""` | | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located |
| global.podLabels | podLabels | `{}` | yes | Additional labels for chart pods |
| global.labels | labels | `{}` | yes | Additional labels for chart objects |
| global.priorityClassName | priorityClassName | `""` | | Sets pod's priorityClassName |
| global.hostNetwork | hostNetwork | `false` | | Sets pod's hostNetwork |
| global.dnsConfig | dnsConfig | `{}` | | Sets pod's dnsConfig |
| global.images.registry | See [Further information](#values-managed-globally-2) | `""` | | Changes the registry where to get the images. Useful when there is an internal image cache/proxy |
| global.images.pullSecrets | See [Further information](#values-managed-globally-2) | `[]` | yes | Set secrets to be able to fetch images |
| global.podSecurityContext | podSecurityContext | `{}` | | Sets security context (at pod level) |
| global.containerSecurityContext | containerSecurityContext | `{}` | | Sets security context (at container level) |
| global.affinity | affinity | `{}` | | Sets pod/node affinities |
| global.nodeSelector | nodeSelector | `{}` | | Sets pod's node selector |
| global.tolerations | tolerations | `[]` | | Sets pod's tolerations to node taints |
| global.serviceAccount.create | serviceAccount.create | `true` | | Configures if the service account should be created or not |
| global.serviceAccount.name | serviceAccount.name | name of the release | | Change the name of the service account. This is honored if you disable on this cahrt the creation of the service account so you can use your own. |
| global.serviceAccount.annotations | serviceAccount.annotations | `{}` | yes | Add these annotations to the service account we create |
| global.customAttributes | customAttributes | `{}` | | Adds extra attributes to the cluster and all the metrics emitted to the backend |
| global.fedramp | fedramp | `false` | | Enables FedRAMP |
| global.lowDataMode | lowDataMode | `false` | | Reduces number of metrics sent in order to reduce costs |
| global.privileged | privileged | Depends on the chart | | In each integration it has different behavior. See [Further information](#values-managed-globally-3) but all aims to send less metrics to the backend to try to save costs |
| global.proxy | proxy | `""` | | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port` |
| global.nrStaging | nrStaging | `false` | | Send the metrics to the staging backend. Requires a valid staging license key |
| global.verboseLog | verboseLog | `false` | | Sets the debug/trace logs to this integration or all integrations if it is set globally |
### Further information
<a name="values-managed-globally-1"></a>
#### 1. Merged
Merged means that the values from global are not replaced by the local ones. Think in this example:
```yaml
global:
labels:
global: global
hostNetwork: true
nodeSelector:
global: global
labels:
local: local
nodeSelector:
local: local
hostNetwork: false
```
This values will template `hostNetwork` to `false`, a map of labels `{ "global": "global", "local": "local" }` and a `nodeSelector` with
`{ "local": "local" }`.
As Helm by default merges all the maps it could be confusing that we have two behaviors (merging `labels` and replacing `nodeSelector`)
the `values` from global to local. This is the rationale behind this:
* `hostNetwork` is templated to `false` because is overriding the value defined globally.
* `labels` are merged because the user may want to label all the New Relic pods at once and label other solution pods differently for
clarity' sake.
* `nodeSelector` does not merge as `labels` because could make it harder to overwrite/delete a selector that comes from global because
of the logic that Helm follows merging maps.
<a name="values-managed-globally-2"></a>
#### 2. Fine grain registries
Some charts only have 1 image while others that can have 2 or more images. The local path for the registry can change depending
on the chart itself.
As this is mostly unique per helm chart, you should take a look to the chart's values table (or directly to the `values.yaml` file to see all the
images that you can change.
This should only be needed if you have an advanced setup that forces you to have granularity enough to force a proxy/cache registry per integration.
<a name="values-managed-globally-3"></a>
#### 3. Privileged mode
By default, from the common library, the privileged mode is set to false. But most of the helm charts require this to be true to fetch more
metrics so could see a true in some charts. The consequences of the privileged mode differ from one chart to another so for each chart that
honors the privileged mode toggle should be a section in the README explaining which is the behavior with it enabled or disabled.

10
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_affinity.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod affinity */ -}}
{{- define "newrelic.common.affinity" -}}
{{- if .Values.affinity -}}
{{- toYaml .Values.affinity -}}
{{- else if .Values.global -}}
{{- if .Values.global.affinity -}}
{{- toYaml .Values.global.affinity -}}
{{- end -}}
{{- end -}}
{{- end -}}

26
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_agent-config.tpl Normal file
View File

@ -0,0 +1,26 @@
{{/*
This helper should return the defaults that all agents should have
*/}}
{{- define "newrelic.common.agentConfig.defaults" -}}
{{- if include "newrelic.common.verboseLog" . }}
log:
level: trace
{{- end }}
{{- if (include "newrelic.common.nrStaging" . ) }}
staging: true
{{- end }}
{{- with include "newrelic.common.proxy" . }}
proxy: {{ . | quote }}
{{- end }}
{{- with include "newrelic.common.fedramp.enabled" . }}
fedramp: {{ . }}
{{- end }}
{{- with fromYaml ( include "newrelic.common.customAttributes" . ) }}
custom_attributes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

15
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_cluster.tpl Normal file
View File

@ -0,0 +1,15 @@
{{/*
Return the cluster
*/}}
{{- define "newrelic.common.cluster" -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if .Values.cluster -}}
{{- .Values.cluster -}}
{{- else if $global.cluster -}}
{{- $global.cluster -}}
{{- else -}}
{{ fail "There is not cluster name definition set neither in `.global.cluster' nor `.cluster' in your values.yaml. Cluster name is required." }}
{{- end -}}
{{- end -}}

17
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_custom-attributes.tpl Normal file
View File

@ -0,0 +1,17 @@
{{/*
This will render custom attributes as a YAML ready to be templated or be used with `fromYaml`.
*/}}
{{- define "newrelic.common.customAttributes" -}}
{{- $customAttributes := dict -}}
{{- $global := index .Values "global" | default dict -}}
{{- if $global.customAttributes -}}
{{- $customAttributes = mergeOverwrite $customAttributes $global.customAttributes -}}
{{- end -}}
{{- if .Values.customAttributes -}}
{{- $customAttributes = mergeOverwrite $customAttributes .Values.customAttributes -}}
{{- end -}}
{{- toYaml $customAttributes -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_dnsconfig.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod dnsConfig */ -}}
{{- define "newrelic.common.dnsConfig" -}}
{{- if .Values.dnsConfig -}}
{{- toYaml .Values.dnsConfig -}}
{{- else if .Values.global -}}
{{- if .Values.global.dnsConfig -}}
{{- toYaml .Values.global.dnsConfig -}}
{{- end -}}
{{- end -}}
{{- end -}}

25
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_fedramp.tpl Normal file
View File

@ -0,0 +1,25 @@
{{- /* Defines the fedRAMP flag */ -}}
{{- define "newrelic.common.fedramp.enabled" -}}
{{- if .Values.fedramp -}}
{{- if .Values.fedramp.enabled -}}
{{- .Values.fedramp.enabled -}}
{{- end -}}
{{- else if .Values.global -}}
{{- if .Values.global.fedramp -}}
{{- if .Values.global.fedramp.enabled -}}
{{- .Values.global.fedramp.enabled -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Return FedRAMP value directly ready to be templated */ -}}
{{- define "newrelic.common.fedramp.enabled.value" -}}
{{- if include "newrelic.common.fedramp.enabled" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

39
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_hostnetwork.tpl Normal file
View File

@ -0,0 +1,39 @@
{{- /*
Abstraction of the hostNetwork toggle.
This helper allows to override the global `.global.hostNetwork` with the value of `.hostNetwork`.
Returns "true" if `hostNetwork` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.hostNetwork" -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- /*
`get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs
We also want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.hostNetwork" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- if get .Values "hostNetwork" | kindIs "bool" -}}
{{- if .Values.hostNetwork -}}
{{- .Values.hostNetwork -}}
{{- end -}}
{{- else if get $global "hostNetwork" | kindIs "bool" -}}
{{- if $global.hostNetwork -}}
{{- $global.hostNetwork -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /*
Abstraction of the hostNetwork toggle.
This helper abstracts the function "newrelic.common.hostNetwork" to return true or false directly.
*/ -}}
{{- define "newrelic.common.hostNetwork.value" -}}
{{- if include "newrelic.common.hostNetwork" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

94
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_images.tpl Normal file
View File

@ -0,0 +1,94 @@
{{- /*
Return the proper image name
{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.path.to.the.image "defaultRegistry" "your.private.registry.tld" "context" .) }}
*/ -}}
{{- define "newrelic.common.images.image" -}}
{{- $registryName := include "newrelic.common.images.registry" ( dict "imageRoot" .imageRoot "defaultRegistry" .defaultRegistry "context" .context ) -}}
{{- $repositoryName := include "newrelic.common.images.repository" .imageRoot -}}
{{- $tag := include "newrelic.common.images.tag" ( dict "imageRoot" .imageRoot "context" .context) -}}
{{- if $registryName -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag | quote -}}
{{- else -}}
{{- printf "%s:%s" $repositoryName $tag | quote -}}
{{- end -}}
{{- end -}}
{{- /*
Return the proper image registry
{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.path.to.the.image "defaultRegistry" "your.private.registry.tld" "context" .) }}
*/ -}}
{{- define "newrelic.common.images.registry" -}}
{{- $globalRegistry := "" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.images -}}
{{- with .context.Values.global.images.registry -}}
{{- $globalRegistry = . -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $localRegistry := "" -}}
{{- if .imageRoot.registry -}}
{{- $localRegistry = .imageRoot.registry -}}
{{- end -}}
{{- $registry := $localRegistry | default $globalRegistry | default .defaultRegistry -}}
{{- if $registry -}}
{{- $registry -}}
{{- end -}}
{{- end -}}
{{- /*
Return the proper image repository
{{ include "newrelic.common.images.repository" .Values.path.to.the.image }}
*/ -}}
{{- define "newrelic.common.images.repository" -}}
{{- .repository -}}
{{- end -}}
{{- /*
Return the proper image tag
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.path.to.the.image "context" .) }}
*/ -}}
{{- define "newrelic.common.images.tag" -}}
{{- .imageRoot.tag | default .context.Chart.AppVersion | toString -}}
{{- end -}}
{{- /*
Return the proper Image Pull Registry Secret Names evaluating values as templates
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.path.to.the.images.pullSecrets1, .Values.path.to.the.images.pullSecrets2) "context" .) }}
*/ -}}
{{- define "newrelic.common.images.renderPullSecrets" -}}
{{- $flatlist := list }}
{{- if .context.Values.global -}}
{{- if .context.Values.global.images -}}
{{- if .context.Values.global.images.pullSecrets -}}
{{- range .context.Values.global.images.pullSecrets -}}
{{- $flatlist = append $flatlist . -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- range .pullSecrets -}}
{{- if not (empty .) -}}
{{- range . -}}
{{- $flatlist = append $flatlist . -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $flatlist -}}
{{- toYaml $flatlist -}}
{{- end -}}
{{- end -}}

56
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_insights.tpl Normal file
View File

@ -0,0 +1,56 @@
{{/*
Return the name of the secret holding the Insights Key.
*/}}
{{- define "newrelic.common.insightsKey.secretName" -}}
{{- $default := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "insightskey" ) -}}
{{- include "newrelic.common.insightsKey._customSecretName" . | default $default -}}
{{- end -}}
{{/*
Return the name key for the Insights Key inside the secret.
*/}}
{{- define "newrelic.common.insightsKey.secretKeyName" -}}
{{- include "newrelic.common.insightsKey._customSecretKey" . | default "insightsKey" -}}
{{- end -}}
{{/*
Return local insightsKey if set, global otherwise.
This helper is for internal use.
*/}}
{{- define "newrelic.common.insightsKey._licenseKey" -}}
{{- if .Values.insightsKey -}}
{{- .Values.insightsKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.insightsKey -}}
{{- .Values.global.insightsKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret holding the Insights Key.
This helper is for internal use.
*/}}
{{- define "newrelic.common.insightsKey._customSecretName" -}}
{{- if .Values.customInsightsKeySecretName -}}
{{- .Values.customInsightsKeySecretName -}}
{{- else if .Values.global -}}
{{- if .Values.global.customInsightsKeySecretName -}}
{{- .Values.global.customInsightsKeySecretName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name key for the Insights Key inside the secret.
This helper is for internal use.
*/}}
{{- define "newrelic.common.insightsKey._customSecretKey" -}}
{{- if .Values.customInsightsKeySecretKey -}}
{{- .Values.customInsightsKeySecretKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.customInsightsKeySecretKey }}
{{- .Values.global.customInsightsKeySecretKey -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_insights_secret.yaml.tpl Normal file
View File

@ -0,0 +1,21 @@
{{/*
Renders the insights key secret if user has not specified a custom secret.
*/}}
{{- define "newrelic.common.insightsKey.secret" }}
{{- if not (include "newrelic.common.insightsKey._customSecretName" .) }}
{{- /* Fail if licenseKey is empty and required: */ -}}
{{- if not (include "newrelic.common.insightsKey._licenseKey" .) }}
{{- fail "You must specify a insightsKey or a customInsightsSecretName containing it" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "newrelic.common.insightsKey.secretName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
{{ include "newrelic.common.insightsKey.secretKeyName" . }}: {{ include "newrelic.common.insightsKey._licenseKey" . | b64enc }}
{{- end }}
{{- end }}

54
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_labels.tpl Normal file
View File

@ -0,0 +1,54 @@
{{/*
This will render the labels that should be used in all the manifests used by the helm chart.
*/}}
{{- define "newrelic.common.labels" -}}
{{- $global := index .Values "global" | default dict -}}
{{- $chart := dict "helm.sh/chart" (include "newrelic.common.naming.chart" . ) -}}
{{- $managedBy := dict "app.kubernetes.io/managed-by" .Release.Service -}}
{{- $selectorLabels := fromYaml (include "newrelic.common.labels.selectorLabels" . ) -}}
{{- $labels := mustMergeOverwrite $chart $managedBy $selectorLabels -}}
{{- if .Chart.AppVersion -}}
{{- $labels = mustMergeOverwrite $labels (dict "app.kubernetes.io/version" .Chart.AppVersion) -}}
{{- end -}}
{{- $globalUserLabels := $global.labels | default dict -}}
{{- $localUserLabels := .Values.labels | default dict -}}
{{- $labels = mustMergeOverwrite $labels $globalUserLabels $localUserLabels -}}
{{- toYaml $labels -}}
{{- end -}}
{{/*
This will render the labels that should be used in deployments/daemonsets template pods as a selector.
*/}}
{{- define "newrelic.common.labels.selectorLabels" -}}
{{- $name := dict "app.kubernetes.io/name" ( include "newrelic.common.naming.name" . ) -}}
{{- $instance := dict "app.kubernetes.io/instance" .Release.Name -}}
{{- $selectorLabels := mustMergeOverwrite $name $instance -}}
{{- toYaml $selectorLabels -}}
{{- end }}
{{/*
Pod labels
*/}}
{{- define "newrelic.common.labels.podLabels" -}}
{{- $selectorLabels := fromYaml (include "newrelic.common.labels.selectorLabels" . ) -}}
{{- $global := index .Values "global" | default dict -}}
{{- $globalPodLabels := $global.podLabels | default dict }}
{{- $localPodLabels := .Values.podLabels | default dict }}
{{- $podLabels := mustMergeOverwrite $selectorLabels $globalPodLabels $localPodLabels -}}
{{- toYaml $podLabels -}}
{{- end }}

68
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_license.tpl Normal file
View File

@ -0,0 +1,68 @@
{{/*
Return the name of the secret holding the License Key.
*/}}
{{- define "newrelic.common.license.secretName" -}}
{{- $default := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "license" ) -}}
{{- include "newrelic.common.license._customSecretName" . | default $default -}}
{{- end -}}
{{/*
Return the name key for the License Key inside the secret.
*/}}
{{- define "newrelic.common.license.secretKeyName" -}}
{{- include "newrelic.common.license._customSecretKey" . | default "licenseKey" -}}
{{- end -}}
{{/*
Return local licenseKey if set, global otherwise.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._licenseKey" -}}
{{- if .Values.licenseKey -}}
{{- .Values.licenseKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.licenseKey -}}
{{- .Values.global.licenseKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret holding the License Key.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._customSecretName" -}}
{{- if .Values.customSecretName -}}
{{- .Values.customSecretName -}}
{{- else if .Values.global -}}
{{- if .Values.global.customSecretName -}}
{{- .Values.global.customSecretName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name key for the License Key inside the secret.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._customSecretKey" -}}
{{- if .Values.customSecretLicenseKey -}}
{{- .Values.customSecretLicenseKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.customSecretLicenseKey }}
{{- .Values.global.customSecretLicenseKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return empty string (falsehood) or "true" if the user set a custom secret for the license.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._usesCustomSecret" -}}
{{- if or (include "newrelic.common.license._customSecretName" .) (include "newrelic.common.license._customSecretKey" .) -}}
true
{{- end -}}
{{- end -}}

21
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_license_secret.yaml.tpl Normal file
View File

@ -0,0 +1,21 @@
{{/*
Renders the license key secret if user has not specified a custom secret.
*/}}
{{- define "newrelic.common.license.secret" }}
{{- if not (include "newrelic.common.license._customSecretName" .) }}
{{- /* Fail if licenseKey is empty and required: */ -}}
{{- if not (include "newrelic.common.license._licenseKey" .) }}
{{- fail "You must specify a licenseKey or a customSecretName containing it" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "newrelic.common.license.secretName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
{{ include "newrelic.common.license.secretKeyName" . }}: {{ include "newrelic.common.license._licenseKey" . | b64enc }}
{{- end }}
{{- end }}

26
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_low-data-mode.tpl Normal file
View File

@ -0,0 +1,26 @@
{{- /*
Abstraction of the lowDataMode toggle.
This helper allows to override the global `.global.lowDataMode` with the value of `.lowDataMode`.
Returns "true" if `lowDataMode` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.lowDataMode" -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if (get .Values "lowDataMode" | kindIs "bool") -}}
{{- if .Values.lowDataMode -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.lowDataMode" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.lowDataMode -}}
{{- end -}}
{{- else -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "lowDataMode" | kindIs "bool" -}}
{{- if $global.lowDataMode -}}
{{- $global.lowDataMode -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

73
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_naming.tpl Normal file
View File

@ -0,0 +1,73 @@
{{/*
This is an function to be called directly with a string just to truncate strings to
63 chars because some Kubernetes name fields are limited to that.
*/}}
{{- define "newrelic.common.naming.truncateToDNS" -}}
{{- . | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- /*
Given a name and a suffix returns a 'DNS Valid' which always include the suffix, truncating the name if needed.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If suffix is too long it gets truncated but it always takes precedence over name, so a 63 chars suffix would suppress the name.
Usage:
{{ include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" "<my-name>" "suffix" "my-suffix" ) }}
*/ -}}
{{- define "newrelic.common.naming.truncateToDNSWithSuffix" -}}
{{- $suffix := (include "newrelic.common.naming.truncateToDNS" .suffix) -}}
{{- $maxLen := (max (sub 63 (add1 (len $suffix))) 0) -}} {{- /* We prepend "-" to the suffix so an additional character is needed */ -}}
{{- $newName := .name | trunc ($maxLen | int) | trimSuffix "-" -}}
{{- if $newName -}}
{{- printf "%s-%s" $newName $suffix -}}
{{- else -}}
{{ $suffix }}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
Uses the Chart name by default if nameOverride is not set.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "newrelic.common.naming.name" -}}
{{- $name := .Values.nameOverride | default .Chart.Name -}}
{{- include "newrelic.common.naming.truncateToDNS" $name -}}
{{- end }}
{{/*
Create a default fully qualified app name.
By default the full name will be "<release_name>" just in if it has the chart name included in that, if not
it will be concatenated like "<release_name>-<chart_chart>". This could change if fullnameOverride or
nameOverride are set.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "newrelic.common.naming.fullname" -}}
{{- $name := include "newrelic.common.naming.name" . -}}
{{- if .Values.fullnameOverride -}}
{{- $name = .Values.fullnameOverride -}}
{{- else if not (contains $name .Release.Name) -}}
{{- $name = printf "%s-%s" .Release.Name $name -}}
{{- end -}}
{{- include "newrelic.common.naming.truncateToDNS" $name -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
This function should not be used for naming objects. Use "common.naming.{name,fullname}" instead.
*/}}
{{- define "newrelic.common.naming.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end }}

10
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_nodeselector.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod nodeSelector */ -}}
{{- define "newrelic.common.nodeSelector" -}}
{{- if .Values.nodeSelector -}}
{{- toYaml .Values.nodeSelector -}}
{{- else if .Values.global -}}
{{- if .Values.global.nodeSelector -}}
{{- toYaml .Values.global.nodeSelector -}}
{{- end -}}
{{- end -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_priority-class-name.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the pod priorityClassName */ -}}
{{- define "newrelic.common.priorityClassName" -}}
{{- if .Values.priorityClassName -}}
{{- .Values.priorityClassName -}}
{{- else if .Values.global -}}
{{- if .Values.global.priorityClassName -}}
{{- .Values.global.priorityClassName -}}
{{- end -}}
{{- end -}}
{{- end -}}

28
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_privileged.tpl Normal file
View File

@ -0,0 +1,28 @@
{{- /*
This is a helper that returns whether the chart should assume the user is fine deploying privileged pods.
*/ -}}
{{- define "newrelic.common.privileged" -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists. */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if get .Values "privileged" | kindIs "bool" -}}
{{- if .Values.privileged -}}
{{- .Values.privileged -}}
{{- end -}}
{{- else if get $global "privileged" | kindIs "bool" -}}
{{- if $global.privileged -}}
{{- $global.privileged -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Return directly "true" or "false" based in the exist of "newrelic.common.privileged" */ -}}
{{- define "newrelic.common.privileged.value" -}}
{{- if include "newrelic.common.privileged" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_proxy.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the proxy */ -}}
{{- define "newrelic.common.proxy" -}}
{{- if .Values.proxy -}}
{{- .Values.proxy -}}
{{- else if .Values.global -}}
{{- if .Values.global.proxy -}}
{{- .Values.global.proxy -}}
{{- end -}}
{{- end -}}
{{- end -}}

74
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_region.tpl Normal file
View File

@ -0,0 +1,74 @@
{{/*
Return the region that is being used by the user
*/}}
{{- define "newrelic.common.region" -}}
{{- if and (include "newrelic.common.license._usesCustomSecret" .) (not (include "newrelic.common.region._fromValues" .)) -}}
{{- fail "This Helm Chart is not able to compute the region. You must specify a .global.region or .region if the license is set using a custom secret." -}}
{{- end -}}
{{- /* Defaults */ -}}
{{- $region := "us" -}}
{{- if include "newrelic.common.nrStaging" . -}}
{{- $region = "staging" -}}
{{- else if include "newrelic.common.region._isEULicenseKey" . -}}
{{- $region = "eu" -}}
{{- end -}}
{{- include "newrelic.common.region.validate" (include "newrelic.common.region._fromValues" . | default $region ) -}}
{{- end -}}
{{/*
Returns the region from the values if valid. This only return the value from the `values.yaml`.
More intelligence should be used to compute the region.
Usage: `include "newrelic.common.region.validate" "us"`
*/}}
{{- define "newrelic.common.region.validate" -}}
{{- /* Ref: https://github.com/newrelic/newrelic-client-go/blob/cbe3e4cf2b95fd37095bf2ffdc5d61cffaec17e2/pkg/region/region_constants.go#L8-L21 */ -}}
{{- $region := . | lower -}}
{{- if eq $region "us" -}}
US
{{- else if eq $region "eu" -}}
EU
{{- else if eq $region "staging" -}}
Staging
{{- else if eq $region "local" -}}
Local
{{- else -}}
{{- fail (printf "the region provided is not valid: %s not in \"US\" \"EU\" \"Staging\" \"Local\"" .) -}}
{{- end -}}
{{- end -}}
{{/*
Returns the region from the values. This only return the value from the `values.yaml`.
More intelligence should be used to compute the region.
This helper is for internal use.
*/}}
{{- define "newrelic.common.region._fromValues" -}}
{{- if .Values.region -}}
{{- .Values.region -}}
{{- else if .Values.global -}}
{{- if .Values.global.region -}}
{{- .Values.global.region -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return empty string (falsehood) or "true" if the license is for EU region.
This helper is for internal use.
*/}}
{{- define "newrelic.common.region._isEULicenseKey" -}}
{{- if not (include "newrelic.common.license._usesCustomSecret" .) -}}
{{- $license := include "newrelic.common.license._licenseKey" . -}}
{{- if hasPrefix "eu" $license -}}
true
{{- end -}}
{{- end -}}
{{- end -}}

23
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_security-context.tpl Normal file
View File

@ -0,0 +1,23 @@
{{- /* Defines the container securityContext context */ -}}
{{- define "newrelic.common.securityContext.container" -}}
{{- $global := index .Values "global" | default dict -}}
{{- if .Values.containerSecurityContext -}}
{{- toYaml .Values.containerSecurityContext -}}
{{- else if $global.containerSecurityContext -}}
{{- toYaml $global.containerSecurityContext -}}
{{- end -}}
{{- end -}}
{{- /* Defines the pod securityContext context */ -}}
{{- define "newrelic.common.securityContext.pod" -}}
{{- $global := index .Values "global" | default dict -}}
{{- if .Values.podSecurityContext -}}
{{- toYaml .Values.podSecurityContext -}}
{{- else if $global.podSecurityContext -}}
{{- toYaml $global.podSecurityContext -}}
{{- end -}}
{{- end -}}

90
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_serviceaccount.tpl Normal file
View File

@ -0,0 +1,90 @@
{{- /* Defines if the service account has to be created or not */ -}}
{{- define "newrelic.common.serviceAccount.create" -}}
{{- $valueFound := false -}}
{{- /* Look for a global creation of a service account */ -}}
{{- if get .Values "serviceAccount" | kindIs "map" -}}
{{- if (get .Values.serviceAccount "create" | kindIs "bool") -}}
{{- $valueFound = true -}}
{{- if .Values.serviceAccount.create -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.serviceAccount.name" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.serviceAccount.create -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Look for a local creation of a service account */ -}}
{{- if not $valueFound -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "serviceAccount" | kindIs "map" -}}
{{- if get $global.serviceAccount "create" | kindIs "bool" -}}
{{- $valueFound = true -}}
{{- if $global.serviceAccount.create -}}
{{- $global.serviceAccount.create -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* In case no serviceAccount value has been found, default to "true" */ -}}
{{- if not $valueFound -}}
true
{{- end -}}
{{- end -}}
{{- /* Defines the name of the service account */ -}}
{{- define "newrelic.common.serviceAccount.name" -}}
{{- $localServiceAccount := "" -}}
{{- if get .Values "serviceAccount" | kindIs "map" -}}
{{- if (get .Values.serviceAccount "name" | kindIs "string") -}}
{{- $localServiceAccount = .Values.serviceAccount.name -}}
{{- end -}}
{{- end -}}
{{- $globalServiceAccount := "" -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "serviceAccount" | kindIs "map" -}}
{{- if get $global.serviceAccount "name" | kindIs "string" -}}
{{- $globalServiceAccount = $global.serviceAccount.name -}}
{{- end -}}
{{- end -}}
{{- if (include "newrelic.common.serviceAccount.create" .) -}}
{{- $localServiceAccount | default $globalServiceAccount | default (include "newrelic.common.naming.fullname" .) -}}
{{- else -}}
{{- $localServiceAccount | default $globalServiceAccount | default "default" -}}
{{- end -}}
{{- end -}}
{{- /* Merge the global and local annotations for the service account */ -}}
{{- define "newrelic.common.serviceAccount.annotations" -}}
{{- $localServiceAccount := dict -}}
{{- if get .Values "serviceAccount" | kindIs "map" -}}
{{- if get .Values.serviceAccount "annotations" -}}
{{- $localServiceAccount = .Values.serviceAccount.annotations -}}
{{- end -}}
{{- end -}}
{{- $globalServiceAccount := dict -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "serviceAccount" | kindIs "map" -}}
{{- if get $global.serviceAccount "annotations" -}}
{{- $globalServiceAccount = $global.serviceAccount.annotations -}}
{{- end -}}
{{- end -}}
{{- $merged := mustMergeOverwrite $globalServiceAccount $localServiceAccount -}}
{{- if $merged -}}
{{- toYaml $merged -}}
{{- end -}}
{{- end -}}

39
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_staging.tpl Normal file
View File

@ -0,0 +1,39 @@
{{- /*
Abstraction of the nrStaging toggle.
This helper allows to override the global `.global.nrStaging` with the value of `.nrStaging`.
Returns "true" if `nrStaging` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.nrStaging" -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if (get .Values "nrStaging" | kindIs "bool") -}}
{{- if .Values.nrStaging -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.nrStaging" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.nrStaging -}}
{{- end -}}
{{- else -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "nrStaging" | kindIs "bool" -}}
{{- if $global.nrStaging -}}
{{- $global.nrStaging -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /*
Returns "true" of "false" directly instead of empty string (Helm falsiness) based on the exit of "newrelic.common.nrStaging"
*/ -}}
{{- define "newrelic.common.nrStaging.value" -}}
{{- if include "newrelic.common.nrStaging" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_tolerations.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod tolerations */ -}}
{{- define "newrelic.common.tolerations" -}}
{{- if .Values.tolerations -}}
{{- toYaml .Values.tolerations -}}
{{- else if .Values.global -}}
{{- if .Values.global.tolerations -}}
{{- toYaml .Values.global.tolerations -}}
{{- end -}}
{{- end -}}
{{- end -}}

56
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_userkey.tpl Normal file
View File

@ -0,0 +1,56 @@
{{/*
Return the name of the secret holding the API Key.
*/}}
{{- define "newrelic.common.userKey.secretName" -}}
{{- $default := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "userkey" ) -}}
{{- include "newrelic.common.userKey._customSecretName" . | default $default -}}
{{- end -}}
{{/*
Return the name key for the API Key inside the secret.
*/}}
{{- define "newrelic.common.userKey.secretKeyName" -}}
{{- include "newrelic.common.userKey._customSecretKey" . | default "userKey" -}}
{{- end -}}
{{/*
Return local API Key if set, global otherwise.
This helper is for internal use.
*/}}
{{- define "newrelic.common.userKey._userKey" -}}
{{- if .Values.userKey -}}
{{- .Values.userKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.userKey -}}
{{- .Values.global.userKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret holding the API Key.
This helper is for internal use.
*/}}
{{- define "newrelic.common.userKey._customSecretName" -}}
{{- if .Values.customUserKeySecretName -}}
{{- .Values.customUserKeySecretName -}}
{{- else if .Values.global -}}
{{- if .Values.global.customUserKeySecretName -}}
{{- .Values.global.customUserKeySecretName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name key for the API Key inside the secret.
This helper is for internal use.
*/}}
{{- define "newrelic.common.userKey._customSecretKey" -}}
{{- if .Values.customUserKeySecretKey -}}
{{- .Values.customUserKeySecretKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.customUserKeySecretKey }}
{{- .Values.global.customUserKeySecretKey -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_userkey_secret.yaml.tpl Normal file
View File

@ -0,0 +1,21 @@
{{/*
Renders the user key secret if user has not specified a custom secret.
*/}}
{{- define "newrelic.common.userKey.secret" }}
{{- if not (include "newrelic.common.userKey._customSecretName" .) }}
{{- /* Fail if user key is empty and required: */ -}}
{{- if not (include "newrelic.common.userKey._userKey" .) }}
{{- fail "You must specify a userKey or a customUserKeySecretName containing it" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "newrelic.common.userKey.secretName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
{{ include "newrelic.common.userKey.secretKeyName" . }}: {{ include "newrelic.common.userKey._userKey" . | b64enc }}
{{- end }}
{{- end }}

54
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/templates/_verbose-log.tpl Normal file
View File

@ -0,0 +1,54 @@
{{- /*
Abstraction of the verbose toggle.
This helper allows to override the global `.global.verboseLog` with the value of `.verboseLog`.
Returns "true" if `verbose` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.verboseLog" -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if (get .Values "verboseLog" | kindIs "bool") -}}
{{- if .Values.verboseLog -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.verboseLog" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.verboseLog -}}
{{- end -}}
{{- else -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "verboseLog" | kindIs "bool" -}}
{{- if $global.verboseLog -}}
{{- $global.verboseLog -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /*
Abstraction of the verbose toggle.
This helper abstracts the function "newrelic.common.verboseLog" to return true or false directly.
*/ -}}
{{- define "newrelic.common.verboseLog.valueAsBoolean" -}}
{{- if include "newrelic.common.verboseLog" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}
{{- /*
Abstraction of the verbose toggle.
This helper abstracts the function "newrelic.common.verboseLog" to return 1 or 0 directly.
*/ -}}
{{- define "newrelic.common.verboseLog.valueAsInt" -}}
{{- if include "newrelic.common.verboseLog" . -}}
1
{{- else -}}
0
{{- end -}}
{{- end -}}

1
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/charts/common-library/values.yaml Normal file
View File

@ -0,0 +1 @@
# values are not needed for the library chart, however this file is still needed for helm lint to work.

36
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/NOTES.txt Normal file
View File

@ -0,0 +1,36 @@
This project is currently in preview.
Issues and contributions should be reported to the project's GitHub.
{{- if (include "k8s-agents-operator.areValuesValid" .) }}
=====================================
********
****************
********** **********,
&&&**** ****/(((
&&&&&&& ((((((
&&&&&&&&&& ((((((
&&&&&&&& ((((((
&&&&& ((((((
&&&&& ((((((((
&&&&& .((((((((((
&&&&&((((((((
&&&(((,
Your deployment of the New Relic Agent Operator is complete.
You can check on the progress of this by running the following command:
kubectl get deployments -o wide -w --namespace {{ .Release.Namespace }} {{ include "newrelic.common.naming.fullname" . }}
WARNING: This deployment will be incomplete until you configure your Instrumentation custom resource definition.
=====================================
Please visit https://github.com/newrelic/k8s-agents-operator for instructions on how to create & configure the
Instrumentation custom resource definition required by the Operator.
{{- else }}
##############################################################################
#### ERROR: You did not set a license key. ####
##############################################################################
This deployment will be incomplete until you get your ingest license key from New Relic.
{{- end -}}

25
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,25 @@
{{/*
Returns if the template should render, it checks if the required values are set.
*/}}
{{- define "k8s-agents-operator.areValuesValid" -}}
{{- $licenseKey := include "newrelic.common.license._licenseKey" . -}}
{{- and (or $licenseKey)}}
{{- end -}}
{{- define "k8s-agents-operator.manager.image" -}}
{{- $managerVersion := .Values.controllerManager.manager.image.version | default .Chart.AppVersion -}}
{{- if eq (substr 0 7 $managerVersion) "sha256:" -}}
{{- printf "%s@%s" .Values.controllerManager.manager.image.repository $managerVersion -}}
{{- else -}}
{{- printf "%s:%s" .Values.controllerManager.manager.image.repository $managerVersion -}}
{{- end -}}
{{- end -}}
{{- define "k8s-agents-operator.kubeRbacProxy.image" -}}
{{- $kubeRbacProxyVersion := .Values.controllerManager.kubeRbacProxy.image.version | default .Chart.AppVersion -}}
{{- if eq (substr 0 7 $kubeRbacProxyVersion) "sha256:" -}}
{{- printf "%s@%s" .Values.controllerManager.kubeRbacProxy.image.repository $kubeRbacProxyVersion -}}
{{- else -}}
{{- printf "%s:%s" .Values.controllerManager.kubeRbacProxy.image.repository $kubeRbacProxyVersion -}}
{{- end -}}
{{- end -}}

52
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/_naming.tpl Normal file
View File

@ -0,0 +1,52 @@
{{/* Controller manager service certificate's secret. */}}
{{- define "k8s-agents-operator.certificateSecret.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "controller-manager-service-cert") -}}
{{- end }}
{{- define "k8s-agents-operator.webhook.service.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "webhook-service") -}}
{{- end -}}
{{- define "k8s-agents-operator.webhook.mutating.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "mutation") -}}
{{- end -}}
{{- define "k8s-agents-operator.webhook.validating.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "validation") -}}
{{- end -}}
{{- define "k8s-agents-operator.cert-manager.issuer.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "selfsigned-issuer") -}}
{{- end -}}
{{- define "k8s-agents-operator.cert-manager.certificate.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "serving-cert") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.proxy.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "proxy-role") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.proxy.roleBinding.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "proxy-rolebinding") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.manager.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "manager-role") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.manager.roleBinding.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "manager-rolebinding") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.leaderElection.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "leader-election-role") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.leaderElection.roleBinding.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "leader-election-rolebinding") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.metricsReader.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "metrics-reader") -}}
{{- end -}}

21
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/_security_context.tpl Normal file
View File

@ -0,0 +1,21 @@
{{- /*
A helper to return the container security context to apply to kubeRbacProxy.
*/ -}}
{{- define "k8s-agents-operator.kubeRbacProxy.securityContext.container" -}}
{{- if .Values.controllerManager.kubeRbacProxy.containerSecurityContext -}}
{{- toYaml .Values.controllerManager.kubeRbacProxy.containerSecurityContext -}}
{{- else if include "newrelic.common.securityContext.container" . -}}
{{- include "newrelic.common.securityContext.container" . -}}
{{- end -}}
{{- end -}}
{{- /*
A helper to return the container security context to apply to the manager.
*/ -}}
{{- define "k8s-agents-operator.manager.securityContext.container" -}}
{{- if .Values.controllerManager.manager.containerSecurityContext -}}
{{- toYaml .Values.controllerManager.manager.containerSecurityContext -}}
{{- else if include "newrelic.common.securityContext.container" . -}}
{{- include "newrelic.common.securityContext.container" . -}}
{{- end -}}
{{- end -}}

40
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/_tls.tpl Normal file
View File

@ -0,0 +1,40 @@
{{/*
Return certificate and CA for Webhooks.
It handles variants when a cert has to be generated by Helm,
a cert is loaded from an existing secret or is provided via `.Values`
*/}}
{{- define "k8s-agents-operator.webhookCert" -}}
{{- $caCert := "" }}
{{- $clientCert := "" }}
{{- $clientKey := "" }}
{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }}
{{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "k8s-agents-operator.certificateSecret.name" . )) }}
{{- if and (not .Values.admissionWebhooks.autoGenerateCert.recreate) $prevSecret }}
{{- $clientCert = index $prevSecret "data" "tls.crt" }}
{{- $clientKey = index $prevSecret "data" "tls.key" }}
{{- $caCert = index $prevSecret "data" "ca.crt" }}
{{- if not $caCert }}
{{- $prevHook := (lookup "admissionregistration.k8s.io/v1" "MutatingWebhookConfiguration" .Release.Namespace (print (include "newrelic.common.naming.fullname" . ) "-mutation")) }}
{{- if not (eq (toString $prevHook) "<nil>") }}
{{- $caCert = (first $prevHook.webhooks).clientConfig.caBundle }}
{{- end }}
{{- end }}
{{- else }}
{{- $certValidity := int .Values.admissionWebhooks.autoGenerateCert.certPeriodDays | default 365 }}
{{- $ca := genCA "k8s-agents-operator-operator-ca" $certValidity }}
{{- $domain1 := printf "%s.%s.svc" (include "k8s-agents-operator.webhook.service.name" .) $.Release.Namespace }}
{{- $domain2 := printf "%s.%s.svc.%s" (include "k8s-agents-operator.webhook.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }}
{{- $domains := list $domain1 $domain2 }}
{{- $cert := genSignedCert (include "newrelic.common.naming.fullname" .) nil $domains $certValidity $ca }}
{{- $clientCert = b64enc $cert.Cert }}
{{- $clientKey = b64enc $cert.Key }}
{{- $caCert = b64enc $ca.Cert }}
{{- end }}
{{- else }}
{{- $clientCert = .Files.Get .Values.admissionWebhooks.certFile | b64enc }}
{{- $clientKey = .Files.Get .Values.admissionWebhooks.keyFile | b64enc }}
{{- $caCert = .Files.Get .Values.admissionWebhooks.caFile | b64enc }}
{{- end }}
{{- $result := dict "clientCert" $clientCert "clientKey" $clientKey "caCert" $caCert }}
{{- $result | toYaml }}
{{- end }}

122
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/deployment.yaml Normal file
View File

@ -0,0 +1,122 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "newrelic.common.naming.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
control-plane: controller-manager
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.controllerManager.replicas }}
selector:
matchLabels:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }}
control-plane: controller-manager
template:
metadata:
labels:
control-plane: controller-manager
{{- include "newrelic.common.labels.podLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }}
{{- with include "newrelic.common.securityContext.pod" . }}
securityContext:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.priorityClassName" . }}
priorityClassName: {{ . }}
{{- end }}
{{- with include "newrelic.common.dnsConfig" . }}
dnsConfig:
{{- . | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 10
containers:
- name: manager
{{- with include "k8s-agents-operator.manager.securityContext.container" . }}
securityContext:
{{- . | nindent 10 }}
{{- end }}
args:
- --metrics-addr=127.0.0.1:8080
{{- if .Values.controllerManager.manager.leaderElection.enabled }}
- --enable-leader-election
{{- end }}
- --zap-log-level=info
- --zap-time-encoding=rfc3339nano
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
- name: ENABLE_WEBHOOKS
value: "true"
image: {{ include "k8s-agents-operator.manager.image" . }}
imagePullPolicy: {{ .Values.controllerManager.manager.image.pullPolicy | default "Always" }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
{{- toYaml .Values.controllerManager.manager.resources | nindent 10 }}
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- name: kube-rbac-proxy
{{- with include "k8s-agents-operator.kubeRbacProxy.securityContext.container" . }}
securityContext:
{{- . | nindent 10 }}
{{- end }}
args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
env:
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
image: {{ include "k8s-agents-operator.kubeRbacProxy.image" . }}
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
{{- toYaml .Values.controllerManager.kubeRbacProxy.resources | nindent 10 }}
{{- if or .Values.admissionWebhooks.create (include "k8s-agents-operator.certificateSecret.name" . ) }}
volumes:
- name: cert
secret:
defaultMode: 420
secretName: {{ include "k8s-agents-operator.certificateSecret.name" . }}
{{- end }}
{{- with include "newrelic.common.nodeSelector" . }}
nodeSelector:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.affinity" . }}
affinity:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.tolerations" . }}
tolerations:
{{- . | nindent 8 }}
{{- end }}

407
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/instrumentation-crd.yaml Normal file
View File

@ -0,0 +1,407 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: instrumentations.newrelic.com
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
group: newrelic.com
names:
kind: Instrumentation
listKind: InstrumentationList
plural: instrumentations
shortNames:
- nragent
- nragents
singular: instrumentation
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
description: Instrumentation is the Schema for the instrumentations API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: InstrumentationSpec defines the desired state of Instrumentation
properties:
agent:
description: Agent defines configuration for agent instrumentation.
properties:
env:
description: |-
Env defines Go specific env vars. There are four layers for env vars' definitions and
the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`.
If the former var had been defined, then the other vars would be ignored.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Image is a container image with Go SDK and auto-instrumentation.
type: string
language:
description: Language is the language that will be instrumented.
type: string
resourceRequirements:
description: Resources describes the compute resource requirements.
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
volumeLimitSize:
anyOf:
- type: integer
- type: string
description: |-
VolumeSizeLimit defines size limit for volume used for auto-instrumentation.
The default size is 200Mi.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
exporter:
description: Exporter defines exporter configuration.
properties:
endpoint:
description: Endpoint is address of the collector with OTLP endpoint.
type: string
type: object
licenseKeySecret:
description: |-
LicenseKeySecret defines where to take the licenseKeySecret.
it should be present in the operator namespace.
type: string
namespaceLabelSelector:
description: PodLabelSelector defines to which pods the config should
be applied.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
podLabelSelector:
description: PodLabelSelector defines to which pods the config should
be applied.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
propagators:
description: |-
Propagators defines inter-process context propagation configuration.
Values in this list will be set in the OTEL_PROPAGATORS env var.
Enum=tracecontext;none
items:
description: Propagator represents the propagation type.
enum:
- tracecontext
- none
type: string
type: array
resource:
description: Resource defines the configuration for the resource attributes,
as defined by the OpenTelemetry specification.
properties:
addK8sUIDAttributes:
description: AddK8sUIDAttributes defines whether K8s UID attributes
should be collected (e.g. k8s.deployment.uid).
type: boolean
resourceAttributes:
additionalProperties:
type: string
description: |-
Attributes defines attributes that are added to the resource.
For example environment: dev
type: object
type: object
sampler:
description: Sampler defines sampling configuration.
properties:
argument:
description: |-
Argument defines sampler argument.
The value depends on the sampler type.
For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25.
The value will be set in the OTEL_TRACES_SAMPLER_ARG env var.
type: string
type:
description: |-
Type defines sampler type.
The value will be set in the OTEL_TRACES_SAMPLER env var.
The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio...
enum:
- always_on
- always_off
- traceidratio
- parentbased_always_on
- parentbased_always_off
- parentbased_traceidratio
type: string
type: object
type: object
status:
description: InstrumentationStatus defines the observed state of Instrumentation
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

51
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/leader-election-rbac.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "k8s-agents-operator.rbac.leaderElection.role.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "k8s-agents-operator.rbac.leaderElection.roleBinding.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "k8s-agents-operator.rbac.leaderElection.role.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}

88
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/manager-rbac.yaml Normal file
View File

@ -0,0 +1,88 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.manager.role.name" . }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups: [ "" ]
resources: ["secrets"]
verbs:
- get
- list
- create
- delete
- deletecollection
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
- apiGroups:
- newrelic.com
resources:
- instrumentations
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "k8s-agents-operator.rbac.manager.roleBinding.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "k8s-agents-operator.rbac.manager.role.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}

11
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/metrics-reader-rbac.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.metricsReader.role.name" . }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- nonResourceURLs:
- /metrics
verbs:
- get

15
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/metrics-service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "newrelic.common.naming.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
control-plane: controller-manager
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
type: {{ .Values.metricsService.type }}
selector:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }}
control-plane: controller-manager
ports:
{{- .Values.metricsService.ports | toYaml | nindent 2 -}}

35
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/proxy-rbac.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.proxy.role.name" . }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "k8s-agents-operator.rbac.proxy.roleBinding.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "k8s-agents-operator.rbac.proxy.role.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}

19
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/secret.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Renders the license key secret if user has not specified a custom secret.
*/}}
{{- if not (include "newrelic.common.license._customSecretName" .) }}
{{- /* Fail if licenseKey is empty and required: */ -}}
{{- if not (include "newrelic.common.license._licenseKey" .) }}
{{- fail "You must specify a licenseKey" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: newrelic-key-secret
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
new_relic_license_key: {{ include "newrelic.common.license._licenseKey" . | b64enc }}
{{- end }}

11
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/selfsigned-issuer.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.admissionWebhooks.create .Values.admissionWebhooks.certManager.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "k8s-agents-operator.cert-manager.issuer.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
selfSigned: {}
{{- end }}

11
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/service-account.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if include "newrelic.common.serviceAccount.create" . }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
annotations:
{{- include "newrelic.common.serviceAccount.annotations" . | nindent 4 }}
{{- end -}}

20
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/serving-cert.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.admissionWebhooks.create .Values.admissionWebhooks.certManager.enabled }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "k8s-agents-operator.cert-manager.certificate.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
dnsNames:
- '{{ include "k8s-agents-operator.webhook.service.name" . }}.{{ .Release.Namespace }}.svc'
- '{{ include "k8s-agents-operator.webhook.service.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesClusterDomain }}'
issuerRef:
kind: Issuer
name: {{ include "k8s-agents-operator.cert-manager.issuer.name" . }}
secretName: {{ include "k8s-agents-operator.certificateSecret.name" . }}
subject:
organizationalUnits:
- k8s-agents-operator
{{- end }}

134
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/webhook-configuration.yaml Normal file
View File

@ -0,0 +1,134 @@
{{- $tls := fromYaml (include "k8s-agents-operator.webhookCert" .) }}
{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: {{ include "k8s-agents-operator.certificateSecret.name" . }}
annotations:
"helm.sh/hook": "pre-install,pre-upgrade"
"helm.sh/hook-delete-policy": "before-hook-creation"
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
app.kubernetes.io/component: webhook
namespace: {{ .Release.Namespace }}
data:
tls.crt: {{ $tls.clientCert }}
tls.key: {{ $tls.clientKey }}
ca.crt: {{ $tls.caCert }}
{{- end }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ include "k8s-agents-operator.webhook.mutating.name" . }}
{{- if .Values.admissionWebhooks.certManager.enabled }}
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "k8s-agents-operator.cert-manager.certificate.name" . }}
{{- end }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }}
caBundle: {{ $tls.caCert }}
{{- end }}
service:
name: {{ include "k8s-agents-operator.webhook.service.name" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-newrelic-com-v1alpha2-instrumentation
failurePolicy: Fail
name: minstrumentation.kb.io
rules:
- apiGroups:
- newrelic.com
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- instrumentations
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }}
caBundle: {{ $tls.caCert }}
{{- end }}
service:
name: {{ include "k8s-agents-operator.webhook.service.name" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-pod
failurePolicy: Ignore
name: mpod.kb.io
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ include "k8s-agents-operator.webhook.validating.name" . }}
{{- if .Values.admissionWebhooks.certManager.enabled }}
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "k8s-agents-operator.cert-manager.certificate.name" . }}
{{- end }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }}
caBundle: {{ $tls.caCert }}
{{- end }}
service:
name: {{ include "k8s-agents-operator.webhook.service.name" . }}
namespace: {{ .Release.Namespace }}
path: /validate-newrelic-com-v1alpha2-instrumentation
failurePolicy: Fail
name: vinstrumentationcreateupdate.kb.io
rules:
- apiGroups:
- newrelic.com
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- instrumentations
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }}
caBundle: {{ $tls.caCert }}
{{- end }}
service:
name: {{ include "k8s-agents-operator.webhook.service.name" . }}
namespace: {{ .Release.Namespace }}
path: /validate-newrelic-com-v1alpha2-instrumentation
failurePolicy: Ignore
name: vinstrumentationdelete.kb.io
rules:
- apiGroups:
- newrelic.com
apiVersions:
- v1alpha2
operations:
- DELETE
resources:
- instrumentations
sideEffects: None

14
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/templates/webhook-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "k8s-agents-operator.webhook.service.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
type: {{ .Values.webhookService.type }}
selector:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }}
control-plane: controller-manager
ports:
{{- .Values.webhookService.ports | toYaml | nindent 2 -}}

107
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/affinity_test.yaml Normal file
View File

@ -0,0 +1,107 @@
suite: affinity
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets affinity to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.affinity
template: templates/deployment.yaml
- it: sets affinity from global by common-library
set:
licenseKey: us-whatever
global:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: globalKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: globalKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
template: templates/deployment.yaml
- it: sets affinity from values by common-library
set:
licenseKey: us-whatever
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
template: templates/deployment.yaml
- it: sets affinity from values by common-library overriding global values
set:
licenseKey: us-whatever
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
global:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: globalKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
template: templates/deployment.yaml

29
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/annotations_test.yaml Normal file
View File

@ -0,0 +1,29 @@
suite: annotations
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets pod annotations to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.metadata.annotations
template: templates/deployment.yaml
- it: sets pod annotations from values
set:
licenseKey: us-whatever
podAnnotations:
deploymentKey1: "deploymentValue1"
deploymentKey2: "deploymentValue2"
asserts:
- equal:
path: spec.template.metadata.annotations.deploymentKey1
value: deploymentValue1
template: templates/deployment.yaml
- equal:
path: spec.template.metadata.annotations.deploymentKey2
value: deploymentValue2
template: templates/deployment.yaml

53
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/cert_manager_certificate_test.yaml Normal file
View File

@ -0,0 +1,53 @@
suite: cert-manager
templates:
- templates/serving-cert.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: creates cert-manager resources if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: creates Certificate in default domain if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: kind
value: Certificate
- equal:
path: spec.dnsNames
value:
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc.cluster.local
- it: creates Certificate in custom domain if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
kubernetesClusterDomain: kubey.test
asserts:
- equal:
path: kind
value: Certificate
- equal:
path: spec.dnsNames
value:
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc.kubey.test

32
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/cert_manager_issuer_test.yaml Normal file
View File

@ -0,0 +1,32 @@
suite: cert-manager
templates:
- templates/selfsigned-issuer.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: creates cert-manager resources if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: creates Issuer if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: kind
value: Issuer
- exists:
path: spec.selfSigned

61
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/images_test.yaml Normal file
View File

@ -0,0 +1,61 @@
suite: images
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: has a default image version
set:
licenseKey: us-whatever
asserts:
- notMatchRegex:
path: spec.template.spec.containers[0].image
pattern: ".*nil.*"
template: templates/deployment.yaml
- notMatchRegex:
path: spec.template.spec.containers[1].image
pattern: ".*nil.*"
template: templates/deployment.yaml
- it: loads image and version
set:
licenseKey: us-whatever
controllerManager:
manager:
image:
repository: nr/test-1
version: "1.1.1"
kubeRbacProxy:
image:
repository: nr/test-2
version: "1.1.2"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: nr/test-1:1.1.1
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].image
value: nr/test-2:1.1.2
template: templates/deployment.yaml
- it: loads image and version using SHA digest
set:
licenseKey: us-whatever
controllerManager:
manager:
image:
repository: nr/test-1
version: "sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e"
kubeRbacProxy:
image:
repository: nr/test-2
version: "sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: nr/test-1@sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].image
value: nr/test-2@sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea
template: templates/deployment.yaml

51
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/node_selector_test.yaml Normal file
View File

@ -0,0 +1,51 @@
suite: nodeSelector
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets nodeSelector to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.nodeSelector
template: templates/deployment.yaml
- it: sets nodeSelector from global by common-library
set:
licenseKey: us-whatever
global:
nodeSelector:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
globalKey: globalValue
template: templates/deployment.yaml
- it: sets nodeSelector from values by common-library
set:
licenseKey: us-whatever
nodeSelector:
topLevelKey: topLevelValue
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets nodeSelector from values by common-library overriding global values
set:
licenseKey: us-whatever
nodeSelector:
topLevelKey: topLevelValue
global:
nodeSelector:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml

28
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/resources_test.yaml Normal file
View File

@ -0,0 +1,28 @@
suite: resources
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets pod resources to default when no values provided
set:
licenseKey: us-whatever
asserts:
- equal:
path: spec.template.spec.containers[0].resources
value:
requests:
cpu: 100m
memory: 64Mi
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].resources
value:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
template: templates/deployment.yaml

191
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/security_context_test.yaml Normal file
View File

@ -0,0 +1,191 @@
suite: securityContext
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets pod securityContext set to defaults when no values provided
set:
licenseKey: us-whatever
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
template: templates/deployment.yaml
- it: ignores pod securityContext from global by common-library
set:
licenseKey: us-whatever
global:
podSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
template: templates/deployment.yaml
- it: appends pod securityContext from values by common-library
set:
licenseKey: us-whatever
podSecurityContext:
topLevelKey: topLevelValue
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets pod securityContext from values by common-library overriding global values
set:
licenseKey: us-whatever
podSecurityContext:
topLevelKey: topLevelValue
global:
podSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets container securityContext set to defaults when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[1].securityContext
template: templates/deployment.yaml
- it: sets container securityContext from global by common-library
set:
licenseKey: us-whatever
global:
containerSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
globalKey: globalValue
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].securityContext
value:
globalKey: globalValue
template: templates/deployment.yaml
- it: sets container securityContext from values by common-library
set:
licenseKey: us-whatever
containerSecurityContext:
topLevelKey: topLevelValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets container securityContext from values by common-library overriding global values
set:
licenseKey: us-whatever
containerSecurityContext:
topLevelKey: topLevelValue
global:
containerSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets container securityContext from manager values
set:
licenseKey: us-whatever
controllerManager:
manager:
containerSecurityContext:
managerKey: managerValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
managerKey: managerValue
template: templates/deployment.yaml
- it: sets container securityContext from kubeRbacProxy values
set:
licenseKey: us-whatever
controllerManager:
kubeRbacProxy:
containerSecurityContext:
kubeRbacProxyKey: kubeRbacProxyValue
asserts:
- equal:
path: spec.template.spec.containers[1].securityContext
value:
kubeRbacProxyKey: kubeRbacProxyValue
template: templates/deployment.yaml
- it: sets container securityContext from manager values overriding top level and global values
set:
licenseKey: us-whatever
containerSecurityContext:
topLevelKey: topLevelValue
global:
containerSecurityContext:
globalKey: globalValue
controllerManager:
manager:
containerSecurityContext:
managerKey: managerValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
managerKey: managerValue
template: templates/deployment.yaml
- it: sets container securityContext from kubeRbacProxy values overriding top level and global values
set:
licenseKey: us-whatever
containerSecurityContext:
topLevelKey: topLevelValue
global:
containerSecurityContext:
globalKey: globalValue
controllerManager:
kubeRbacProxy:
containerSecurityContext:
kubeRbacProxyKey: kubeRbacProxyValue
asserts:
- equal:
path: spec.template.spec.containers[1].securityContext
value:
kubeRbacProxyKey: kubeRbacProxyValue
template: templates/deployment.yaml

83
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/service_account_test.yaml Normal file
View File

@ -0,0 +1,83 @@
suite: serviceAccount
templates:
- templates/service-account.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: by default creates a service account
set:
licenseKey: test
asserts:
- hasDocuments:
count: 1
- it: creates a service account if there are no global values
set:
licenseKey: test
global: null
asserts:
- hasDocuments:
count: 1
- it: creates a global a service account
set:
licenseKey: test
global:
serviceAccount:
create: true
asserts:
- hasDocuments:
count: 1
- it: create a local service account
set:
licenseKey: test
serviceAccount:
create: true
asserts:
- hasDocuments:
count: 1
- it: disables a global a service account
set:
licenseKey: test
global:
serviceAccount:
create: false
asserts:
- hasDocuments:
count: 0
- it: disables a local a service account
set:
licenseKey: test
serviceAccount:
create: false
asserts:
- hasDocuments:
count: 0
- it: allows overriding the global enabling of a service account
set:
licenseKey: test
global:
serviceAccount:
create: true
serviceAccount:
create: false
asserts:
- hasDocuments:
count: 0
- it: allows overriding the global disabling of a service account
set:
licenseKey: test
global:
serviceAccount:
create: false
serviceAccount:
create: true
asserts:
- hasDocuments:
count: 1

65
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/tolerations_test.yaml Normal file
View File

@ -0,0 +1,65 @@
suite: tolerations
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets tolerations to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.tolerations
template: templates/deployment.yaml
- it: sets tolerations from global by common-library
set:
licenseKey: us-whatever
global:
tolerations:
- key: "globalKey"
operator: "Exists"
effect: "NoSchedule"
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: "globalKey"
operator: "Exists"
effect: "NoSchedule"
template: templates/deployment.yaml
- it: sets tolerations from values by common-library
set:
licenseKey: us-whatever
tolerations:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
template: templates/deployment.yaml
- it: sets tolerations from values by common-library overriding global values
set:
licenseKey: us-whatever
tolerations:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
global:
tolerations:
- key: "globalKey"
operator: "Exists"
effect: "NoSchedule"
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
template: templates/deployment.yaml

176
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/tests/webhook_ssl_test.yaml Normal file
View File

@ -0,0 +1,176 @@
suite: webhook ssl
templates:
- templates/webhook-configuration.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: creates ssl certificate secret by default
set:
licenseKey: us-whatever
asserts:
- hasDocuments:
count: 3
- containsDocument:
kind: Secret
apiVersion: v1
name: my-release-k8s-agents-operator-controller-manager-service-cert
namespace: my-namespace
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- exists:
path: data["tls.crt"]
template: templates/webhook-configuration.yaml
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- exists:
path: data["tls.key"]
template: templates/webhook-configuration.yaml
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- exists:
path: data["ca.crt"]
template: templates/webhook-configuration.yaml
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- it: does not inject cert-manager annotations into MutatingWebhook by default
set:
licenseKey: us-whatever
asserts:
- notExists:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: does not inject cert-manager annotations into ValidatingWebhook by default
set:
licenseKey: us-whatever
asserts:
- notExists:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation
- it: does inject caBundle into MutatingWebhook clientConfigs by default
set:
licenseKey: us-whatever
asserts:
- lengthEqual:
path: webhooks
count: 2
- exists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- exists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: does inject caBundle into ValidatingWebhook clientConfigs by default
set:
licenseKey: us-whatever
asserts:
- lengthEqual:
path: webhooks
count: 2
- exists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- exists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation
- it: does not creates ssl certificate secret if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- hasDocuments:
count: 2
- it: injects cert-manager annotations into MutatingWebhook if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
value: my-namespace/my-release-k8s-agents-operator-serving-cert
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: injects cert-manager annotations into ValidatingWebhook if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
value: my-namespace/my-release-k8s-agents-operator-serving-cert
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation
- it: does not inject caBundle into MutatingWebhook clientConfigs if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- lengthEqual:
path: webhooks
count: 2
- notExists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- notExists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: does not inject caBundle into ValidatingWebhook clientConfigs if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- lengthEqual:
path: webhooks
count: 2
- notExists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- notExists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation

132
charts/new-relic/nri-bundle/5.0.104/charts/k8s-agents-operator/values.yaml Normal file
View File

@ -0,0 +1,132 @@
# Default values for k8s-agents-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- This set this license key to use. Can be configured also with `global.licenseKey`
licenseKey: ""
# -- Additional labels for chart pods
podLabels: {}
# -- Additional labels for chart objects
labels: {}
# -- Annotations to be added to the deployment.
podAnnotations: {}
# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName`
priorityClassName: ""
# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig`
dnsConfig: {}
# -- Sets all pods' node selector. Can be configured also with `global.nodeSelector`
nodeSelector: {}
# -- Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations`
tolerations: []
# -- Sets all pods' affinities. Can be configured also with `global.affinity`
affinity: {}
# -- Sets all security contexts (at pod level).
# -- Source: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
# -- SecurityContext holds pod-level security attributes and common container settings
podSecurityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
# -- Sets all security context (at container level). Can be configured also with `global.securityContext.container`
containerSecurityContext: {}
kubernetesClusterDomain: cluster.local
controllerManager:
replicas: 1
manager:
image:
# -- Sets the repository and image to use for the manager. Please ensure you're using trusted New Relic images.
repository: newrelic/k8s-agents-operator
# -- Sets the manager image version to retrieve. Could be a tag i.e. "v0.17.0" or a SHA digest i.e. "sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e"
version:
pullPolicy:
resources:
requests:
cpu: 100m
memory: 64Mi
# -- Sets security context (at container level) for the manager. Overrides `containerSecurityContext` and `global.containerSecurityContext`
containerSecurityContext: {}
# -- Source: https://docs.openshift.com/container-platform/4.10/operators/operator_sdk/osdk-leader-election.html
# -- Enable leader election mechanism for protecting against split brain if multiple operator pods/replicas are started
leaderElection:
enabled: true
kubeRbacProxy:
image:
# -- Sets the repository and image to use for kube-rbac-proxy. Please ensure you're using a trusted image.
repository: gcr.io/kubebuilder/kube-rbac-proxy
# -- Sets the kube-rbac-proxy image version to retrieve. Could be a tag i.e. "v0.16.0" or a SHA digest i.e. "sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea"
version: sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
# -- Sets security context (at container level) for kubeRbacProxy. Overrides `containerSecurityContext` and `global.containerSecurityContext`
containerSecurityContext: {}
# -- Settings controlling ServiceAccount creation
# @default -- See `values.yaml`
serviceAccount:
# serviceAccount.create -- (bool) Specifies whether a ServiceAccount should be created
# @default -- `true`
create:
# If not set and create is true, a name is generated using the fullname template
name: ""
# Specify any annotations to add to the ServiceAccount
annotations:
metricsService:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
type: ClusterIP
webhookService:
ports:
- port: 443
protocol: TCP
targetPort: 9443
type: ClusterIP
# -- Admission webhooks make sure only requests with correctly formatted rules will get into the Operator
admissionWebhooks:
create: true
## TLS Certificate Option 1: Use Helm to automatically generate self-signed certificate.
## certManager must be disabled and autoGenerateCert must be enabled.
autoGenerateCert:
# -- If true and certManager.enabled is false, Helm will automatically create a self-signed cert and secret for you.
enabled: true
# -- If set to true, new webhook key/certificate is generated on helm upgrade.
recreate: true
# -- Cert validity period time in days.
certPeriodDays: 365
## TLS Certificate Option 2: Use certManager to generate self-signed certificate.
certManager:
# -- If true and autoGenerateCert.enabled is false, cert-manager will create a self-signed cert and secret for you.
enabled: false
## TLS Certificate Option 3: Use your own self-signed certificate.
## certManager and autoGenerateCert must be disabled and certFile, keyFile, and caFile must be set.
## The chart reads the contents of the file paths with the helm .Files.Get function.
## Refer to this doc https://helm.sh/docs/chart_template_guide/accessing_files/ to understand
## limitations of file paths accessible to the chart.
# -- Path to your own PEM-encoded certificate.
certFile: ""
# -- Path to your own PEM-encoded private key.
keyFile: ""
# -- Path to the CA cert.
caFile: ""

21
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

26
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
apiVersion: v2
appVersion: 2.13.0
description: Install kube-state-metrics to generate and expose cluster-level metrics
home: https://github.com/kubernetes/kube-state-metrics/
keywords:
- metric
- monitoring
- prometheus
- kubernetes
maintainers:
- email: tariq.ibrahim@mulesoft.com
name: tariq1890
- email: manuel@rueg.eu
name: mrueg
- email: david@0xdc.me
name: dotdc
name: kube-state-metrics
sources:
- https://github.com/kubernetes/kube-state-metrics/
type: application
version: 5.26.0

85
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/README.md Normal file
View File

@ -0,0 +1,85 @@
# kube-state-metrics Helm Chart
Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
## Get Repository Info
<!-- textlint-disable -->
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
<!-- textlint-enable -->
## Install Chart
```console
helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
You can upgrade in-place:
1. [get repository info](#get-repository-info)
1. [upgrade](#upgrading-chart) your existing release name using the new chart repository
## Upgrading to v3.0.0
v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side.
The upgraded chart now the following changes:
* Dropped support for helm v2 (helm v3 or later is required)
* collectors key was renamed to resources
* namespace key was renamed to namespaces
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
```console
helm show values prometheus-community/kube-state-metrics
```
### kube-rbac-proxy
You can enable `kube-state-metrics` endpoint protection using `kube-rbac-proxy`. By setting `kubeRBACProxy.enabled: true`, this chart will deploy one RBAC proxy container per endpoint (metrics & telemetry).
To authorize access, authenticate your requests (via a `ServiceAccount` for example) with a `ClusterRole` attached such as:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-state-metrics-read
rules:
- apiGroups: [ "" ]
resources: ["services/kube-state-metrics"]
verbs:
- get
```
See [kube-rbac-proxy examples](https://github.com/brancz/kube-rbac-proxy/tree/master/examples/resource-attributes) for more details.

23
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/NOTES.txt Normal file
View File

@ -0,0 +1,23 @@
kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
The exposed metrics can be found here:
https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
The metrics are exported on the HTTP endpoint /metrics on the listening port.
In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
They are served either as plaintext or protobuf depending on the Accept header.
They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
{{- if .Values.kubeRBACProxy.enabled}}
kube-rbac-proxy endpoint protections is enabled:
- Metrics endpoints are now HTTPS
- Ensure that the client authenticates the requests (e.g. via service account) with the following role permissions:
```
rules:
- apiGroups: [ "" ]
resources: ["services/{{ template "kube-state-metrics.fullname" . }}"]
verbs:
- get
```
{{- end }}

156
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,156 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kube-state-metrics.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kube-state-metrics.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "kube-state-metrics.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "kube-state-metrics.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kube-state-metrics.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Generate basic labels
*/}}
{{- define "kube-state-metrics.labels" }}
helm.sh/chart: {{ template "kube-state-metrics.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }}
{{- include "kube-state-metrics.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
{{- if .Values.customLabels }}
{{ tpl (toYaml .Values.customLabels) . }}
{{- end }}
{{- if .Values.releaseLabel }}
release: {{ .Release.Name }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kube-state-metrics.selectorLabels" }}
{{- if .Values.selectorOverride }}
{{ toYaml .Values.selectorOverride }}
{{- else }}
app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- end }}
{{/* Sets default scrape limits for servicemonitor */}}
{{- define "servicemonitor.scrapeLimits" -}}
{{- with .sampleLimit }}
sampleLimit: {{ . }}
{{- end }}
{{- with .targetLimit }}
targetLimit: {{ . }}
{{- end }}
{{- with .labelLimit }}
labelLimit: {{ . }}
{{- end }}
{{- with .labelNameLengthLimit }}
labelNameLengthLimit: {{ . }}
{{- end }}
{{- with .labelValueLengthLimit }}
labelValueLengthLimit: {{ . }}
{{- end }}
{{- end -}}
{{/*
Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{specific imagePullSecrets})
*/}}
{{- define "kube-state-metrics.imagePullSecrets" -}}
{{- range (concat .Values.global.imagePullSecrets .imagePullSecrets) }}
{{- if eq (typeOf .) "map[string]interface {}" }}
- {{ toYaml . | trim }}
{{- else }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
The image to use for kube-state-metrics
*/}}
{{- define "kube-state-metrics.image" -}}
{{- if .Values.image.sha }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
{{- else }}
{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
{{- end }}
{{- else }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
{{- else }}
{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
{{- end }}
{{- end }}
{{- end }}
{{/*
The image to use for kubeRBACProxy
*/}}
{{- define "kubeRBACProxy.image" -}}
{{- if .Values.kubeRBACProxy.image.sha }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }}
{{- else }}
{{- printf "%s/%s:%s@%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }}
{{- end }}
{{- else }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }}
{{- else }}
{{- printf "%s/%s:%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }}
{{- end }}
{{- end }}
{{- end }}

33
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
spec:
endpointSelector:
matchLabels:
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
egress:
{{- if and .Values.networkPolicy.cilium .Values.networkPolicy.cilium.kubeApiServerSelector }}
{{ toYaml .Values.networkPolicy.cilium.kubeApiServerSelector | nindent 6 }}
{{- else }}
- toEntities:
- kube-apiserver
{{- end }}
ingress:
- toPorts:
- ports:
- port: {{ .Values.service.port | quote }}
protocol: TCP
{{- if .Values.selfMonitor.enabled }}
- port: {{ .Values.selfMonitor.telemetryPort | default 8081 | quote }}
protocol: TCP
{{ end }}
{{ end }}

20
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
name: {{ template "kube-state-metrics.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- if .Values.rbac.useExistingRole }}
name: {{ .Values.rbac.useExistingRole }}
{{- else }}
name: {{ template "kube-state-metrics.fullname" . }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "kube-state-metrics.serviceAccountName" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
{{- end -}}

16
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/crs-configmap.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.customResourceState.enabled}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | nindent 4 }}
{{- end }}
data:
config.yaml: |
{{- toYaml .Values.customResourceState.config | nindent 4 }}
{{- end }}

336
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/deployment.yaml Normal file
View File

@ -0,0 +1,336 @@
apiVersion: apps/v1
{{- if .Values.autosharding.enabled }}
kind: StatefulSet
{{- else }}
kind: Deployment
{{- end }}
metadata:
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
replicas: {{ .Values.replicas }}
{{- if not .Values.autosharding.enabled }}
strategy:
type: {{ .Values.updateStrategy | default "RollingUpdate" }}
{{- end }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- if .Values.autosharding.enabled }}
serviceName: {{ template "kube-state-metrics.fullname" . }}
volumeClaimTemplates: []
{{- end }}
template:
metadata:
labels:
{{- include "kube-state-metrics.labels" . | indent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
hostNetwork: {{ .Values.hostNetwork }}
serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
{{- if .Values.securityContext.enabled }}
securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 6 }}
{{- end }}
containers:
{{- $servicePort := ternary 9090 (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}}
{{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}}
- name: {{ template "kube-state-metrics.name" . }}
{{- if .Values.autosharding.enabled }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end }}
args:
{{- if .Values.extraArgs }}
{{- .Values.extraArgs | toYaml | nindent 8 }}
{{- end }}
- --port={{ $servicePort }}
{{- if .Values.collectors }}
- --resources={{ .Values.collectors | join "," }}
{{- end }}
{{- if .Values.metricLabelsAllowlist }}
- --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }}
{{- end }}
{{- if .Values.metricAnnotationsAllowList }}
- --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }}
{{- end }}
{{- if .Values.metricAllowlist }}
- --metric-allowlist={{ .Values.metricAllowlist | join "," }}
{{- end }}
{{- if .Values.metricDenylist }}
- --metric-denylist={{ .Values.metricDenylist | join "," }}
{{- end }}
{{- $namespaces := list }}
{{- if .Values.namespaces }}
{{- range $ns := join "," .Values.namespaces | split "," }}
{{- $namespaces = append $namespaces (tpl $ns $) }}
{{- end }}
{{- end }}
{{- if .Values.releaseNamespace }}
{{- $namespaces = append $namespaces ( include "kube-state-metrics.namespace" . ) }}
{{- end }}
{{- if $namespaces }}
- --namespaces={{ $namespaces | mustUniq | join "," }}
{{- end }}
{{- if .Values.namespacesDenylist }}
- --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }}
{{- end }}
{{- if .Values.autosharding.enabled }}
- --pod=$(POD_NAME)
- --pod-namespace=$(POD_NAMESPACE)
{{- end }}
{{- if .Values.kubeconfig.enabled }}
- --kubeconfig=/opt/k8s/.kube/config
{{- end }}
{{- if .Values.kubeRBACProxy.enabled }}
- --telemetry-host=127.0.0.1
- --telemetry-port={{ $telemetryPort }}
{{- else }}
{{- if .Values.selfMonitor.telemetryHost }}
- --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
{{- end }}
{{- if .Values.selfMonitor.telemetryPort }}
- --telemetry-port={{ $telemetryPort }}
{{- end }}
{{- end }}
{{- if .Values.customResourceState.enabled }}
- --custom-resource-state-config-file=/etc/customresourcestate/config.yaml
{{- end }}
{{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }}
volumeMounts:
{{- if .Values.kubeconfig.enabled }}
- name: kubeconfig
mountPath: /opt/k8s/.kube/
readOnly: true
{{- end }}
{{- if .Values.customResourceState.enabled }}
- name: customresourcestate-config
mountPath: /etc/customresourcestate
readOnly: true
{{- end }}
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 8 }}
{{- end }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "kube-state-metrics.image" . }}
{{- if eq .Values.kubeRBACProxy.enabled false }}
ports:
- containerPort: {{ .Values.service.port | default 8080}}
name: "http"
{{- if .Values.selfMonitor.enabled }}
- containerPort: {{ $telemetryPort }}
name: "metrics"
{{- end }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
httpGet:
{{- if .Values.hostNetwork }}
host: 127.0.0.1
{{- end }}
httpHeaders:
{{- range $_, $header := .Values.startupProbe.httpGet.httpHeaders }}
- name: {{ $header.name }}
value: {{ $header.value }}
{{- end }}
path: /healthz
port: {{ $servicePort }}
scheme: {{ upper .Values.startupProbe.httpGet.scheme }}
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
{{- end }}
livenessProbe:
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
httpGet:
{{- if .Values.hostNetwork }}
host: 127.0.0.1
{{- end }}
httpHeaders:
{{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }}
- name: {{ $header.name }}
value: {{ $header.value }}
{{- end }}
path: /livez
port: {{ $servicePort }}
scheme: {{ upper .Values.livenessProbe.httpGet.scheme }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
readinessProbe:
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
{{- if .Values.hostNetwork }}
host: 127.0.0.1
{{- end }}
httpHeaders:
{{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }}
- name: {{ $header.name }}
value: {{ $header.value }}
{{- end }}
path: /readyz
port: {{ $servicePort }}
scheme: {{ upper .Values.readinessProbe.httpGet.scheme }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
resources:
{{ toYaml .Values.resources | indent 10 }}
{{- if .Values.containerSecurityContext }}
securityContext:
{{ toYaml .Values.containerSecurityContext | indent 10 }}
{{- end }}
{{- if .Values.kubeRBACProxy.enabled }}
- name: kube-rbac-proxy-http
args:
{{- if .Values.kubeRBACProxy.extraArgs }}
{{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }}
{{- end }}
- --secure-listen-address=:{{ .Values.service.port | default 8080}}
- --upstream=http://127.0.0.1:{{ $servicePort }}/
- --proxy-endpoints-port=8888
- --config-file=/etc/kube-rbac-proxy-config/config-file.yaml
volumeMounts:
- name: kube-rbac-proxy-config
mountPath: /etc/kube-rbac-proxy-config
{{- with .Values.kubeRBACProxy.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
image: {{ include "kubeRBACProxy.image" . }}
ports:
- containerPort: {{ .Values.service.port | default 8080}}
name: "http"
- containerPort: 8888
name: "http-healthz"
readinessProbe:
httpGet:
scheme: HTTPS
port: 8888
path: healthz
initialDelaySeconds: 5
timeoutSeconds: 5
{{- if .Values.kubeRBACProxy.resources }}
resources:
{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }}
{{- end }}
{{- if .Values.kubeRBACProxy.containerSecurityContext }}
securityContext:
{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }}
{{- end }}
{{- if .Values.selfMonitor.enabled }}
- name: kube-rbac-proxy-telemetry
args:
{{- if .Values.kubeRBACProxy.extraArgs }}
{{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }}
{{- end }}
- --secure-listen-address=:{{ .Values.selfMonitor.telemetryPort | default 8081 }}
- --upstream=http://127.0.0.1:{{ $telemetryPort }}/
- --proxy-endpoints-port=8889
- --config-file=/etc/kube-rbac-proxy-config/config-file.yaml
volumeMounts:
- name: kube-rbac-proxy-config
mountPath: /etc/kube-rbac-proxy-config
{{- with .Values.kubeRBACProxy.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
image: {{ include "kubeRBACProxy.image" . }}
ports:
- containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
name: "metrics"
- containerPort: 8889
name: "metrics-healthz"
readinessProbe:
httpGet:
scheme: HTTPS
port: 8889
path: healthz
initialDelaySeconds: 5
timeoutSeconds: 5
{{- if .Values.kubeRBACProxy.resources }}
resources:
{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }}
{{- end }}
{{- if .Values.kubeRBACProxy.containerSecurityContext }}
securityContext:
{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.containers }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.imagePullSecrets) | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml .Values.topologySpreadConstraints | indent 8 }}
{{- end }}
{{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumes) (.Values.kubeRBACProxy.enabled) }}
volumes:
{{- if .Values.kubeconfig.enabled}}
- name: kubeconfig
secret:
secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
{{- end }}
{{- if .Values.kubeRBACProxy.enabled}}
- name: kube-rbac-proxy-config
configMap:
name: {{ template "kube-state-metrics.fullname" . }}-rbac-config
{{- end }}
{{- if .Values.customResourceState.enabled}}
- name: customresourcestate-config
configMap:
name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config
{{- end }}
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}
{{- end }}
{{- end }}

4
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/extra-manifests.yaml Normal file
View File

@ -0,0 +1,4 @@
{{ range .Values.extraManifests }}
---
{{ tpl (toYaml .) $ }}
{{ end }}

12
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/kubeconfig-secret.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.kubeconfig.enabled -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
type: Opaque
data:
config: '{{ .Values.kubeconfig.secret }}'
{{- end -}}

43
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/networkpolicy.yaml Normal file
View File

@ -0,0 +1,43 @@
{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "kubernetes") }}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
spec:
{{- if .Values.networkPolicy.egress }}
## Deny all egress by default
egress:
{{- toYaml .Values.networkPolicy.egress | nindent 4 }}
{{- end }}
ingress:
{{- if .Values.networkPolicy.ingress }}
{{- toYaml .Values.networkPolicy.ingress | nindent 4 }}
{{- else }}
## Allow ingress on default ports by default
- ports:
- port: {{ .Values.service.port | default 8080 }}
protocol: TCP
{{- if .Values.selfMonitor.enabled }}
{{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}}
- port: {{ $telemetryPort }}
protocol: TCP
{{- end }}
{{- end }}
podSelector:
{{- if .Values.networkPolicy.podSelector }}
{{- toYaml .Values.networkPolicy.podSelector | nindent 4 }}
{{- else }}
matchLabels:
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
{{- end }}
policyTypes:
- Ingress
- Egress
{{- end }}

18
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/pdb.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.podDisruptionBudget -}}
{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
apiVersion: policy/v1
{{- else -}}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end -}}

39
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "kube-state-metrics.fullname" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
{{- if .Values.podSecurityPolicy.annotations }}
annotations:
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
volumes:
- 'secret'
{{- if .Values.podSecurityPolicy.additionalVolumes }}
{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
{{- end }}
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}

19
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/psp-clusterrole.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
name: psp-{{ template "kube-state-metrics.fullname" . }}
rules:
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
- apiGroups: ['policy']
{{- else }}
- apiGroups: ['extensions']
{{- end }}
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "kube-state-metrics.fullname" . }}
{{- end }}

16
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
name: psp-{{ template "kube-state-metrics.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp-{{ template "kube-state-metrics.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kube-state-metrics.serviceAccountName" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
{{- end }}

22
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/rbac-configmap.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if .Values.kubeRBACProxy.enabled}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kube-state-metrics.fullname" . }}-rbac-config
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | nindent 4 }}
{{- end }}
data:
config-file.yaml: |+
authorization:
resourceAttributes:
namespace: {{ template "kube-state-metrics.namespace" . }}
apiVersion: v1
resource: services
subresource: {{ template "kube-state-metrics.fullname" . }}
name: {{ template "kube-state-metrics.fullname" . }}
{{- end }}

212
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/role.yaml Normal file
View File

@ -0,0 +1,212 @@
{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
{{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if eq $.Values.rbac.useClusterRole false }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
labels:
{{- include "kube-state-metrics.labels" $ | indent 4 }}
name: {{ template "kube-state-metrics.fullname" $ }}
{{- if eq $.Values.rbac.useClusterRole false }}
namespace: {{ . }}
{{- end }}
rules:
{{ if has "certificatesigningrequests" $.Values.collectors }}
- apiGroups: ["certificates.k8s.io"]
resources:
- certificatesigningrequests
verbs: ["list", "watch"]
{{ end -}}
{{ if has "configmaps" $.Values.collectors }}
- apiGroups: [""]
resources:
- configmaps
verbs: ["list", "watch"]
{{ end -}}
{{ if has "cronjobs" $.Values.collectors }}
- apiGroups: ["batch"]
resources:
- cronjobs
verbs: ["list", "watch"]
{{ end -}}
{{ if has "daemonsets" $.Values.collectors }}
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
verbs: ["list", "watch"]
{{ end -}}
{{ if has "deployments" $.Values.collectors }}
- apiGroups: ["extensions", "apps"]
resources:
- deployments
verbs: ["list", "watch"]
{{ end -}}
{{ if has "endpoints" $.Values.collectors }}
- apiGroups: [""]
resources:
- endpoints
verbs: ["list", "watch"]
{{ end -}}
{{ if has "endpointslices" $.Values.collectors }}
- apiGroups: ["discovery.k8s.io"]
resources:
- endpointslices
verbs: ["list", "watch"]
{{ end -}}
{{ if has "horizontalpodautoscalers" $.Values.collectors }}
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs: ["list", "watch"]
{{ end -}}
{{ if has "ingresses" $.Values.collectors }}
- apiGroups: ["extensions", "networking.k8s.io"]
resources:
- ingresses
verbs: ["list", "watch"]
{{ end -}}
{{ if has "jobs" $.Values.collectors }}
- apiGroups: ["batch"]
resources:
- jobs
verbs: ["list", "watch"]
{{ end -}}
{{ if has "leases" $.Values.collectors }}
- apiGroups: ["coordination.k8s.io"]
resources:
- leases
verbs: ["list", "watch"]
{{ end -}}
{{ if has "limitranges" $.Values.collectors }}
- apiGroups: [""]
resources:
- limitranges
verbs: ["list", "watch"]
{{ end -}}
{{ if has "mutatingwebhookconfigurations" $.Values.collectors }}
- apiGroups: ["admissionregistration.k8s.io"]
resources:
- mutatingwebhookconfigurations
verbs: ["list", "watch"]
{{ end -}}
{{ if has "namespaces" $.Values.collectors }}
- apiGroups: [""]
resources:
- namespaces
verbs: ["list", "watch"]
{{ end -}}
{{ if has "networkpolicies" $.Values.collectors }}
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs: ["list", "watch"]
{{ end -}}
{{ if has "nodes" $.Values.collectors }}
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch"]
{{ end -}}
{{ if has "persistentvolumeclaims" $.Values.collectors }}
- apiGroups: [""]
resources:
- persistentvolumeclaims
verbs: ["list", "watch"]
{{ end -}}
{{ if has "persistentvolumes" $.Values.collectors }}
- apiGroups: [""]
resources:
- persistentvolumes
verbs: ["list", "watch"]
{{ end -}}
{{ if has "poddisruptionbudgets" $.Values.collectors }}
- apiGroups: ["policy"]
resources:
- poddisruptionbudgets
verbs: ["list", "watch"]
{{ end -}}
{{ if has "pods" $.Values.collectors }}
- apiGroups: [""]
resources:
- pods
verbs: ["list", "watch"]
{{ end -}}
{{ if has "replicasets" $.Values.collectors }}
- apiGroups: ["extensions", "apps"]
resources:
- replicasets
verbs: ["list", "watch"]
{{ end -}}
{{ if has "replicationcontrollers" $.Values.collectors }}
- apiGroups: [""]
resources:
- replicationcontrollers
verbs: ["list", "watch"]
{{ end -}}
{{ if has "resourcequotas" $.Values.collectors }}
- apiGroups: [""]
resources:
- resourcequotas
verbs: ["list", "watch"]
{{ end -}}
{{ if has "secrets" $.Values.collectors }}
- apiGroups: [""]
resources:
- secrets
verbs: ["list", "watch"]
{{ end -}}
{{ if has "services" $.Values.collectors }}
- apiGroups: [""]
resources:
- services
verbs: ["list", "watch"]
{{ end -}}
{{ if has "statefulsets" $.Values.collectors }}
- apiGroups: ["apps"]
resources:
- statefulsets
verbs: ["list", "watch"]
{{ end -}}
{{ if has "storageclasses" $.Values.collectors }}
- apiGroups: ["storage.k8s.io"]
resources:
- storageclasses
verbs: ["list", "watch"]
{{ end -}}
{{ if has "validatingwebhookconfigurations" $.Values.collectors }}
- apiGroups: ["admissionregistration.k8s.io"]
resources:
- validatingwebhookconfigurations
verbs: ["list", "watch"]
{{ end -}}
{{ if has "volumeattachments" $.Values.collectors }}
- apiGroups: ["storage.k8s.io"]
resources:
- volumeattachments
verbs: ["list", "watch"]
{{ end -}}
{{- if $.Values.kubeRBACProxy.enabled }}
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]
{{- end }}
{{- if $.Values.customResourceState.enabled }}
- apiGroups: ["apiextensions.k8s.io"]
resources:
- customresourcedefinitions
verbs: ["list", "watch"]
{{- end }}
{{ if $.Values.rbac.extraRules }}
{{ toYaml $.Values.rbac.extraRules }}
{{ end }}
{{- end -}}
{{- end -}}

24
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
{{- range (join "," $.Values.namespaces) | split "," }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "kube-state-metrics.labels" $ | indent 4 }}
name: {{ template "kube-state-metrics.fullname" $ }}
namespace: {{ . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
{{- if (not $.Values.rbac.useExistingRole) }}
name: {{ template "kube-state-metrics.fullname" $ }}
{{- else }}
name: {{ $.Values.rbac.useExistingRole }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "kube-state-metrics.serviceAccountName" $ }}
namespace: {{ template "kube-state-metrics.namespace" $ }}
{{- end -}}
{{- end -}}

53
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/service.yaml Normal file
View File

@ -0,0 +1,53 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
annotations:
{{- if .Values.prometheusScrape }}
prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
{{- end }}
{{- if .Values.service.annotations }}
{{- toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
spec:
type: "{{ .Values.service.type }}"
{{- if .Values.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: "http"
protocol: TCP
port: {{ .Values.service.port | default 8080}}
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
targetPort: {{ .Values.service.port | default 8080}}
{{ if .Values.selfMonitor.enabled }}
- name: "metrics"
protocol: TCP
port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
{{- if .Values.selfMonitor.telemetryNodePort }}
nodePort: {{ .Values.selfMonitor.telemetryNodePort }}
{{- end }}
{{ end }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{- if .Values.autosharding.enabled }}
clusterIP: None
{{- else if .Values.service.clusterIP }}
clusterIP: "{{ .Values.service.clusterIP }}"
{{- end }}
selector:
{{- include "kube-state-metrics.selectorLabels" . | indent 4 }}

18
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
name: {{ template "kube-state-metrics.serviceAccountName" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
{{- if .Values.serviceAccount.annotations }}
annotations:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
{{- end }}
{{- if or .Values.serviceAccount.imagePullSecrets .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.serviceAccount.imagePullSecrets) | indent 2 }}
{{- end }}
{{- end -}}

120
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,120 @@
{{- if .Values.prometheus.monitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
{{- with .Values.prometheus.monitor.additionalLabels }}
{{- tpl (toYaml . | nindent 4) $ }}
{{- end }}
{{- with .Values.prometheus.monitor.annotations }}
annotations:
{{- tpl (toYaml . | nindent 4) $ }}
{{- end }}
spec:
jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
{{- with .Values.prometheus.monitor.targetLabels }}
targetLabels:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
{{- with .Values.prometheus.monitor.podTargetLabels }}
podTargetLabels:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
{{- include "servicemonitor.scrapeLimits" .Values.prometheus.monitor | indent 2 }}
{{- if .Values.prometheus.monitor.namespaceSelector }}
namespaceSelector:
matchNames:
{{- with .Values.prometheus.monitor.namespaceSelector }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
selector:
matchLabels:
{{- with .Values.prometheus.monitor.selectorOverride }}
{{- toYaml . | nindent 6 }}
{{- else }}
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
{{- end }}
endpoints:
- port: http
{{- if or .Values.prometheus.monitor.http.interval .Values.prometheus.monitor.interval }}
interval: {{ .Values.prometheus.monitor.http.interval | default .Values.prometheus.monitor.interval }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.scrapeTimeout .Values.prometheus.monitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.prometheus.monitor.http.scrapeTimeout | default .Values.prometheus.monitor.scrapeTimeout }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.proxyUrl .Values.prometheus.monitor.proxyUrl }}
proxyUrl: {{ .Values.prometheus.monitor.http.proxyUrl | default .Values.prometheus.monitor.proxyUrl }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.enableHttp2 .Values.prometheus.monitor.enableHttp2 }}
enableHttp2: {{ .Values.prometheus.monitor.http.enableHttp2 | default .Values.prometheus.monitor.enableHttp2 }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.honorLabels .Values.prometheus.monitor.honorLabels }}
honorLabels: true
{{- end }}
{{- if or .Values.prometheus.monitor.http.metricRelabelings .Values.prometheus.monitor.metricRelabelings }}
metricRelabelings:
{{- toYaml (.Values.prometheus.monitor.http.metricRelabelings | default .Values.prometheus.monitor.metricRelabelings) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.relabelings .Values.prometheus.monitor.relabelings }}
relabelings:
{{- toYaml (.Values.prometheus.monitor.http.relabelings | default .Values.prometheus.monitor.relabelings) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.scheme .Values.prometheus.monitor.scheme }}
scheme: {{ .Values.prometheus.monitor.http.scheme | default .Values.prometheus.monitor.scheme }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.tlsConfig .Values.prometheus.monitor.tlsConfig }}
tlsConfig:
{{- toYaml (.Values.prometheus.monitor.http.tlsConfig | default .Values.prometheus.monitor.tlsConfig) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.bearerTokenFile .Values.prometheus.monitor.bearerTokenFile }}
bearerTokenFile: {{ .Values.prometheus.monitor.http.bearerTokenFile | default .Values.prometheus.monitor.bearerTokenFile }}
{{- end }}
{{- with (.Values.prometheus.monitor.http.bearerTokenSecret | default .Values.prometheus.monitor.bearerTokenSecret) }}
bearerTokenSecret:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.selfMonitor.enabled }}
- port: metrics
{{- if or .Values.prometheus.monitor.metrics.interval .Values.prometheus.monitor.interval }}
interval: {{ .Values.prometheus.monitor.metrics.interval | default .Values.prometheus.monitor.interval }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.scrapeTimeout .Values.prometheus.monitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.prometheus.monitor.metrics.scrapeTimeout | default .Values.prometheus.monitor.scrapeTimeout }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.proxyUrl .Values.prometheus.monitor.proxyUrl }}
proxyUrl: {{ .Values.prometheus.monitor.metrics.proxyUrl | default .Values.prometheus.monitor.proxyUrl }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.enableHttp2 .Values.prometheus.monitor.enableHttp2 }}
enableHttp2: {{ .Values.prometheus.monitor.metrics.enableHttp2 | default .Values.prometheus.monitor.enableHttp2 }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.honorLabels .Values.prometheus.monitor.honorLabels }}
honorLabels: true
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.metricRelabelings .Values.prometheus.monitor.metricRelabelings }}
metricRelabelings:
{{- toYaml (.Values.prometheus.monitor.metrics.metricRelabelings | default .Values.prometheus.monitor.metricRelabelings) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.relabelings .Values.prometheus.monitor.relabelings }}
relabelings:
{{- toYaml (.Values.prometheus.monitor.metrics.relabelings | default .Values.prometheus.monitor.relabelings) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.scheme .Values.prometheus.monitor.scheme }}
scheme: {{ .Values.prometheus.monitor.metrics.scheme | default .Values.prometheus.monitor.scheme }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.tlsConfig .Values.prometheus.monitor.tlsConfig }}
tlsConfig:
{{- toYaml (.Values.prometheus.monitor.metrics.tlsConfig | default .Values.prometheus.monitor.tlsConfig) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.monitor.metrics.bearerTokenFile .Values.prometheus.monitor.bearerTokenFile }}
bearerTokenFile: {{ .Values.prometheus.monitor.metrics.bearerTokenFile | default .Values.prometheus.monitor.bearerTokenFile }}
{{- end }}
{{- with (.Values.prometheus.monitor.metrics.bearerTokenSecret | default .Values.prometheus.monitor.bearerTokenSecret) }}
bearerTokenSecret:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

26
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/stsdiscovery-role.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resourceNames:
- {{ template "kube-state-metrics.fullname" . }}
resources:
- statefulsets
verbs:
- get
- list
- watch
{{- end }}

17
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kube-state-metrics.serviceAccountName" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
{{- end }}

44
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml Normal file
View File

@ -0,0 +1,44 @@
{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.verticalPodAutoscaler.enabled) }}
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
spec:
{{- with .Values.verticalPodAutoscaler.recommenders }}
recommenders:
{{- toYaml . | nindent 4 }}
{{- end }}
resourcePolicy:
containerPolicies:
- containerName: {{ template "kube-state-metrics.name" . }}
{{- with .Values.verticalPodAutoscaler.controlledResources }}
controlledResources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.verticalPodAutoscaler.controlledValues }}
controlledValues: {{ .Values.verticalPodAutoscaler.controlledValues }}
{{- end }}
{{- if .Values.verticalPodAutoscaler.maxAllowed }}
maxAllowed:
{{ toYaml .Values.verticalPodAutoscaler.maxAllowed | nindent 8 }}
{{- end }}
{{- if .Values.verticalPodAutoscaler.minAllowed }}
minAllowed:
{{ toYaml .Values.verticalPodAutoscaler.minAllowed | nindent 8 }}
{{- end }}
targetRef:
apiVersion: apps/v1
{{- if .Values.autosharding.enabled }}
kind: StatefulSet
{{- else }}
kind: Deployment
{{- end }}
name: {{ template "kube-state-metrics.fullname" . }}
{{- with .Values.verticalPodAutoscaler.updatePolicy }}
updatePolicy:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

542
charts/new-relic/nri-bundle/5.0.104/charts/kube-state-metrics/values.yaml Normal file
View File

@ -0,0 +1,542 @@
# Default values for kube-state-metrics.
prometheusScrape: true
image:
registry: registry.k8s.io
repository: kube-state-metrics/kube-state-metrics
# If unset use v + .Charts.appVersion
tag: ""
sha: ""
pullPolicy: IfNotPresent
imagePullSecrets: []
# - name: "image-pull-secret"
global:
# To help compatibility with other charts which use global.imagePullSecrets.
# Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
# global:
# imagePullSecrets:
# - name: pullSecret1
# - name: pullSecret2
# or
# global:
# imagePullSecrets:
# - pullSecret1
# - pullSecret2
imagePullSecrets: []
#
# Allow parent charts to override registry hostname
imageRegistry: ""
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
# will be automatically sharded across <.Values.replicas> pods using the built-in
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
# This is an experimental feature and there are no stability guarantees.
autosharding:
enabled: false
replicas: 1
# Change the deployment strategy when autosharding is disabled.
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
# The default is "RollingUpdate" as per Kubernetes defaults.
# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data.
# updateStrategy: Recreate
# Number of old history to retain to allow rollback
# Default Kubernetes value is set to 10
revisionHistoryLimit: 10
# List of additional cli arguments to configure kube-state-metrics
# for example: --enable-gzip-encoding, --log-file, etc.
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
extraArgs: []
# If false then the user will opt out of automounting API credentials.
automountServiceAccountToken: true
service:
port: 8080
# Default to clusterIP for backward compatibility
type: ClusterIP
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
nodePort: 0
loadBalancerIP: ""
# Only allow access to the loadBalancerIP from these IPs
loadBalancerSourceRanges: []
clusterIP: ""
annotations: {}
## Additional labels to add to all resources
customLabels: {}
# app: kube-state-metrics
## Override selector labels
selectorOverride: {}
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
releaseLabel: false
hostNetwork: false
rbac:
# If true, create & use RBAC resources
create: true
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
# useExistingRole: your-existing-role
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
useClusterRole: true
# Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration
# Example:
# - apiGroups: ["monitoring.coreos.com"]
# resources: ["prometheuses"]
# verbs: ["list", "watch"]
extraRules: []
# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled).
# The requests are served through the same service but requests are then HTTPS.
kubeRBACProxy:
enabled: false
image:
registry: quay.io
repository: brancz/kube-rbac-proxy
tag: v0.18.0
sha: ""
pullPolicy: IfNotPresent
# List of additional cli arguments to configure kube-rbac-prxy
# for example: --tls-cipher-suites, --log-file, etc.
# all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
extraArgs: []
## Specify security settings for a Container
## Allows overrides and additional options compared to (Pod) securityContext
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
## volumeMounts enables mounting custom volumes in rbac-proxy containers
## Useful for TLS certificates and keys
volumeMounts: []
# - mountPath: /etc/tls
# name: kube-rbac-proxy-tls
# readOnly: true
serviceAccount:
# Specifies whether a ServiceAccount should be created, require rbac true
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
# Reference to one or more secrets to be used when pulling images
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# ServiceAccount annotations.
# Use case: AWS EKS IAM roles for service accounts
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
annotations: {}
# If false then the user will opt out of automounting API credentials.
automountServiceAccountToken: true
prometheus:
monitor:
enabled: false
annotations: {}
additionalLabels: {}
namespace: ""
namespaceSelector: []
jobLabel: ""
targetLabels: []
podTargetLabels: []
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
##
sampleLimit: 0
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
##
targetLimit: 0
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
##
labelLimit: 0
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
##
labelNameLengthLimit: 0
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
##
labelValueLengthLimit: 0
selectorOverride: {}
## kube-state-metrics endpoint
http:
interval: ""
scrapeTimeout: ""
proxyUrl: ""
## Whether to enable HTTP2 for servicemonitor
enableHttp2: false
honorLabels: false
metricRelabelings: []
relabelings: []
scheme: ""
## File to read bearer token for scraping targets
bearerTokenFile: ""
## Secret to mount to read bearer token for scraping targets. The secret needs
## to be in the same namespace as the service monitor and accessible by the
## Prometheus Operator
bearerTokenSecret: {}
# name: secret-name
# key: key-name
tlsConfig: {}
## selfMonitor endpoint
metrics:
interval: ""
scrapeTimeout: ""
proxyUrl: ""
## Whether to enable HTTP2 for servicemonitor
enableHttp2: false
honorLabels: false
metricRelabelings: []
relabelings: []
scheme: ""
## File to read bearer token for scraping targets
bearerTokenFile: ""
## Secret to mount to read bearer token for scraping targets. The secret needs
## to be in the same namespace as the service monitor and accessible by the
## Prometheus Operator
bearerTokenSecret: {}
# name: secret-name
# key: key-name
tlsConfig: {}
## Specify if a Pod Security Policy for kube-state-metrics must be created
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
enabled: false
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
additionalVolumes: []
## Configure network policy for kube-state-metrics
networkPolicy:
enabled: false
# networkPolicy.flavor -- Flavor of the network policy to use.
# Can be:
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
# * cilium for cilium.io/v2/CiliumNetworkPolicy
flavor: kubernetes
## Configure the cilium network policy kube-apiserver selector
# cilium:
# kubeApiServerSelector:
# - toEntities:
# - kube-apiserver
# egress:
# - {}
# ingress:
# - {}
# podSelector:
# matchLabels:
# app.kubernetes.io/name: kube-state-metrics
securityContext:
enabled: true
runAsGroup: 65534
runAsUser: 65534
fsGroup: 65534
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
## Specify security settings for a Container
## Allows overrides and additional options compared to (Pod) securityContext
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
## Affinity settings for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
affinity: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
## Topology spread constraints for pod assignment
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# Annotations to be added to the deployment/statefulset
annotations: {}
# Annotations to be added to the pod
podAnnotations: {}
# Labels to be added to the pod
podLabels: {}
## Assign a PriorityClassName to pods if set
# priorityClassName: ""
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget: {}
# Comma-separated list of metrics to be exposed.
# This list comprises of exact metric names and/or regex patterns.
# The allowlist and denylist are mutually exclusive.
metricAllowlist: []
# Comma-separated list of metrics not to be enabled.
# This list comprises of exact metric names and/or regex patterns.
# The allowlist and denylist are mutually exclusive.
metricDenylist: []
# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
# labels metric. By default the metric contains only name and namespace labels.
# To include additional labels, provide a list of resource names in their plural form and Kubernetes
# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
# A single '*' can be provided per resource instead to allow any labels, but that has
# severe performance implications (Example: '=pods=[*]').
metricLabelsAllowlist: []
# - namespaces=[k8s-label-1,k8s-label-n]
# Comma-separated list of Kubernetes annotations keys that will be used in the resource'
# labels metric. By default the metric contains only name and namespace labels.
# To include additional annotations provide a list of resource names in their plural form and Kubernetes
# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'.
# A single '*' can be provided per resource instead to allow any annotations, but that has
# severe performance implications (Example: '=pods=[*]').
metricAnnotationsAllowList: []
# - pods=[k8s-annotation-1,k8s-annotation-n]
# Available collectors for kube-state-metrics.
# By default, all available resources are enabled, comment out to disable.
collectors:
- certificatesigningrequests
- configmaps
- cronjobs
- daemonsets
- deployments
- endpoints
- horizontalpodautoscalers
- ingresses
- jobs
- leases
- limitranges
- mutatingwebhookconfigurations
- namespaces
- networkpolicies
- nodes
- persistentvolumeclaims
- persistentvolumes
- poddisruptionbudgets
- pods
- replicasets
- replicationcontrollers
- resourcequotas
- secrets
- services
- statefulsets
- storageclasses
- validatingwebhookconfigurations
- volumeattachments
# Enabling kubeconfig will pass the --kubeconfig argument to the container
kubeconfig:
enabled: false
# base64 encoded kube-config file
secret:
# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics
customResourceState:
enabled: false
# Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules
config: {}
# Enable only the release namespace for collecting resources. By default all namespaces are collected.
# If releaseNamespace and namespaces are both set a merged list will be collected.
releaseNamespace: false
# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
namespaces: ""
# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
# only namespaces that are excluded in namespaces-denylist will be used.
namespacesDenylist: ""
## Override the deployment namespace
##
namespaceOverride: ""
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
## For example: kubeTargetVersionOverride: 1.14.9
##
kubeTargetVersionOverride: ""
# Enable self metrics configuration for service and Service Monitor
# Default values for telemetry configuration can be overridden
# If you set telemetryNodePort, you must also set service.type to NodePort
selfMonitor:
enabled: false
# telemetryHost: 0.0.0.0
# telemetryPort: 8081
# telemetryNodePort: 0
# Enable vertical pod autoscaler support for kube-state-metrics
verticalPodAutoscaler:
enabled: false
# Recommender responsible for generating recommendation for the object.
# List should be empty (then the default recommender will generate the recommendation)
# or contain exactly one recommender.
# recommenders: []
# - name: custom-recommender-performance
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
controlledResources: []
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
# controlledValues: RequestsAndLimits
# Define the max allowed resources for the pod
maxAllowed: {}
# cpu: 200m
# memory: 100Mi
# Define the min allowed resources for the pod
minAllowed: {}
# cpu: 200m
# memory: 100Mi
# updatePolicy:
# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
# minReplicas: 1
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
# updateMode: Auto
# volumeMounts are used to add custom volume mounts to deployment.
# See example below
volumeMounts: []
# - mountPath: /etc/config
# name: config-volume
# volumes are used to add custom volumes to deployment
# See example below
volumes: []
# - configMap:
# name: cm-for-volume
# name: config-volume
# Extra manifests to deploy as an array
extraManifests: []
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# labels:
# name: prometheus-extra
# data:
# extra-data: "value"
## Containers allows injecting additional containers.
containers: []
# - name: crd-init
# image: kiwigrid/k8s-sidecar:latest
## InitContainers allows injecting additional initContainers.
initContainers: []
# - name: crd-sidecar
# image: kiwigrid/k8s-sidecar:latest
## Settings for startup, liveness and readiness probes
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
##
## Startup probe can optionally be enabled.
##
startupProbe:
enabled: false
failureThreshold: 3
httpGet:
httpHeaders: []
scheme: http
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
## Liveness probe
##
livenessProbe:
failureThreshold: 3
httpGet:
httpHeaders: []
scheme: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
## Readiness probe
##
readinessProbe:
failureThreshold: 3
httpGet:
httpHeaders: []
scheme: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5

Some files were not shown because too many files have changed in this diff Show More