andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove `stackstate/stackstate-k8s-agent` (#1098)

pull/1099/merge
Adam Pickering 2025-01-13 16:45:34 -07:00 committed by GitHub
parent 41f88e5492
commit d5a6acc809
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1703 changed files with 0 additions and 101175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
assets/icons/stackstate-k8s-agent.svg
View File

@ -1,16 +0,0 @@
<svg width="512" height="512" viewBox="0 0 512 512" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_3730_88)">
<circle cx="256" cy="256" r="256" fill="white"/>
<path d="M246.434 378.747L142.61 318.533C141.006 317.603 139.031 317.596 137.422 318.515L101.243 339.174C97.7469 341.17 97.7352 346.213 101.221 348.226L246.434 432.048C252.501 435.788 260.435 435.788 266.503 432.048L411.754 348.203C415.232 346.196 415.231 341.168 411.753 339.162L375.988 318.534C374.376 317.604 372.39 317.606 370.78 318.54L266.969 378.747C260.435 382.488 252.968 382.488 246.434 378.747Z" fill="#101F33"/>
<path d="M246.424 283.837L142.622 223.635C141.007 222.698 139.015 222.699 137.4 223.637L101.131 244.711C97.6653 246.724 97.6724 251.74 101.144 253.744L246.424 337.605C252.491 341.345 260.425 341.345 266.493 337.605L411.812 253.721C415.275 251.722 415.293 246.723 411.845 244.7L375.989 223.656C374.372 222.707 372.37 222.702 370.748 223.643L266.96 283.837C260.426 287.577 252.958 287.577 246.424 283.837Z" fill="#101F33"/>
<path d="M101.188 160.708C97.7077 158.705 97.7026 153.676 101.179 151.666L254.096 63.2556C255.707 62.3243 257.692 62.3243 259.303 63.2556L412.231 151.673C415.706 153.682 415.704 158.705 412.228 160.712L266.967 244.561C260.9 248.302 252.966 248.302 246.898 244.561L101.188 160.708Z" fill="#101F33"/>
<path d="M59.7406 337.605C59.7406 330.591 63.4744 323.578 70.0085 320.305L98.6079 303.777C102.079 301.771 102.082 296.754 98.6148 294.743L70.942 278.694C64.8746 274.953 60.674 268.408 60.674 261.395V242.693C60.674 235.68 64.4078 228.666 70.942 225.394L98.2016 209.373C101.651 207.346 101.627 202.341 98.1567 200.348L70.942 184.717C64.8746 180.977 60.674 174.431 60.674 167.418V151.521C60.674 144.04 64.4078 137.495 70.942 133.754L235.428 38.4788C237.038 37.5464 238.029 35.8252 238.029 33.9626V5.16426C238.029 2.1393 235.454 -0.255229 232.447 0.021845C102.087 12.0338 0 121.63 0 255.317C0 298.777 10.7151 339.661 29.6808 375.501C31.0419 378.073 34.2647 378.962 36.7824 377.508L57.1331 365.76C58.7464 364.829 59.7406 363.105 59.7406 361.24V337.605Z" fill="#667781"/>
<path d="M440.591 132.352C446.658 136.093 450.859 142.638 450.859 150.119V166.016C450.859 173.029 447.125 180.042 440.591 183.315L413.376 198.945C409.906 200.938 409.881 205.943 413.331 207.971L440.591 223.991C447.125 227.264 450.859 234.277 450.859 241.291V259.525C450.859 266.538 447.125 273.551 440.591 276.824L412.918 292.874C409.45 294.885 409.454 299.901 412.925 301.907L441.524 318.436C447.592 322.176 451.792 328.722 451.792 335.735V359.389C451.792 361.244 452.776 362.96 454.376 363.895L475.207 376.068C477.726 377.54 480.966 376.655 482.332 374.074C501.289 338.241 512 297.384 512 254.382C512 120.696 409.913 12.0083 279.553 0.0217578C276.546 -0.254734 273.971 2.13976 273.971 5.16472V32.5646C273.971 34.4249 274.959 36.1445 276.566 37.0776L440.591 132.352Z" fill="#667781"/>
<path d="M266.972 470.388C260.905 474.129 252.971 474.129 246.903 470.388L96.3929 383.968C94.7968 383.052 92.8364 383.047 91.2358 383.955L65.8146 398.386L62.5475 400.256L54.911 404.79C52.2552 406.366 51.5406 409.901 53.4333 412.344C100.312 472.851 173.834 512 256.238 512C338.605 512 411.655 473.33 458.514 412.891C460.43 410.42 459.675 406.841 456.962 405.293L421.241 384.9C419.64 383.986 417.676 383.987 416.076 384.905L266.972 470.388Z" fill="#667781"/>
</g>
<defs>
<clipPath id="clip0_3730_88">
<rect width="512" height="512" fill="white"/>
</clipPath>
</defs>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 3.4 KiB

BIN
assets/stackstate/stackstate-k8s-agent-1.0.49.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.51.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.53.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.54.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.58.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.66.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.67.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.68.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.70.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.76.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.78.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.81.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.82.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.84.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.86.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.87.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.88.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.89.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.90.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.93.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.95.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.96.tgz
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.98.tgz
View File

Binary file not shown.

26
charts/stackstate/stackstate-k8s-agent/1.0.49/.helmignore
View File

@ -1,26 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
linter_values.yaml
ci/
installation/
logo.svg

6
charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: http-header-injector
repository: https://helm.stackstate.io
version: 0.0.6
digest: sha256:eec4d022d97ef52e88860b54682692fd369c864ca49ccde01b30605cce20c96f
generated: "2023-08-25T14:49:57.569449+02:00"

25
charts/stackstate/stackstate-k8s-agent/1.0.49/Chart.yaml
View File

@ -1,25 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: StackState Agent
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: stackstate-k8s-agent
apiVersion: v2
appVersion: 2.19.1
dependencies:
- alias: httpHeaderInjectorWebhook
name: http-header-injector
repository: file://./charts/http-header-injector
version: 0.0.6
deprecated: true
description: Helm chart for the StackState Agent.
home: https://github.com/StackVista/stackstate-agent
icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg
keywords:
- monitoring
- observability
- stackstate
maintainers:
- email: ops@stackstate.com
name: Stackstate
name: stackstate-k8s-agent
version: 1.0.49

235
charts/stackstate/stackstate-k8s-agent/1.0.49/README.md
View File

@ -1,235 +0,0 @@
# stackstate-k8s-agent
Helm chart for the StackState Agent.
Current chart version is `1.0.49`
**Homepage:** <https://github.com/StackVista/stackstate-agent>
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.6 |
## Required Values
In order to successfully install this chart, you **must** provide the following variables:
* `stackstate.apiKey`
* `stackstate.cluster.name`
* `stackstate.url`
The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack.
Install them on the command line on Helm with the following command:
```shell
helm install \
--set-string 'stackstate.apiKey'='<your-api-key>' \
--set-string 'stackstate.cluster.name'='<your-cluster-name>' \
--set-string 'stackstate.url'='<your-stackstate-url>' \
stackstate/stackstate-k8s-agent
```
## Recommended Values
It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed.
The command for **also** installing with a set token would be:
```shell
helm install \
--set-string 'stackstate.apiKey'='<your-api-key>' \
--set-string 'stackstate.cluster.name'='<your-cluster-name>' \
--set-string 'stackstate.cluster.authToken'='<your-cluster-token>' \
--set-string 'stackstate.url'='<your-stackstate-url>' \
stackstate/stackstate-k8s-agent
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime |
| all.image.registry | string | `"quay.io"` | The image registry to use. |
| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. |
| checksAgent.checksTagCardinality | string | `"orchestrator"` | |
| checksAgent.config | object | `{"override":[]}` | |
| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap |
| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod |
| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
| checksAgent.image.tag | string | `"e36d1c88"` | Default container image tag. |
| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. |
| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. |
| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. |
| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. |
| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. |
| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. |
| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. |
| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. |
| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. |
| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. |
| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. |
| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. |
| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. |
| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule |
| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. |
| checksAgent.resources.limits.memory | string | `"600Mi"` | |
| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. |
| checksAgent.resources.requests.memory | string | `"512Mi"` | |
| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift |
| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods |
| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. |
| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. |
| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. |
| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. |
| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. |
| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # <resource1>: # can be pod, deployment, node, etc. # <label1>: <tag1> # where <label1> is the kubernetes label and <tag1> is the StackState tag # <label2>: <tag2> # <resource2>: # <label3>: <tag3> # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. |
| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. |
| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. |
| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. |
| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. |
| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. |
| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. |
| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it |
| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. |
| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. |
| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. |
| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to |
| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. |
| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. |
| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. |
| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. |
| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. |
| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. |
| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. |
| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. |
| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | |
| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check |
| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others |
| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap |
| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds |
| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. |
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. |
| clusterAgent.image.tag | string | `"e36d1c88"` | Default container image tag. |
| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. |
| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. |
| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. |
| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. |
| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. |
| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. |
| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. |
| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. |
| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. |
| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. |
| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. |
| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. |
| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. |
| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. |
| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. |
| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. |
| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port |
| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort |
| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods |
| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. |
| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| fullnameOverride | string | `""` | Override the fullname of the chart. |
| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. |
| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. |
| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. |
| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. |
| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy |
| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection |
| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. |
| logsAgent.image.tag | string | `"2.7.1"` | Default container image tag. |
| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. |
| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. |
| logsAgent.resources.limits.memory | string | `"192Mi"` | |
| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. |
| logsAgent.resources.requests.memory | string | `"100Mi"` | |
| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods |
| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. |
| nameOverride | string | `""` | Override the name of the chart. |
| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. |
| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name |
| nodeAgent.config | object | `{"override":[]}` | |
| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap |
| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. |
| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | |
| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container |
| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
| nodeAgent.containers.agent.image.tag | string | `"e36d1c88"` | Default container image tag. |
| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. |
| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. |
| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated |
| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. |
| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. |
| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. |
| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | |
| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. |
| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | |
| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. |
| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container |
| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. |
| nodeAgent.containers.processAgent.image.registry | string | `nil` | |
| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. |
| nodeAgent.containers.processAgent.image.tag | string | `"c9dbfd73"` | Default process-agent container image tag. |
| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. |
| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. |
| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | |
| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. |
| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | |
| nodeAgent.httpTracing.enabled | bool | `true` | |
| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. |
| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. |
| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. |
| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. |
| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. |
| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent |
| nodeAgent.service.annotations | object | `{}` | Annotations for the service |
| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. |
| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort |
| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods |
| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. |
| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. |
| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. |
| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift |
| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. |
| processAgent.checkIntervals.container | int | `30` | Override the default value of the container check interval in seconds. |
| processAgent.checkIntervals.process | int | `30` | Override the default value of the process check interval in seconds. |
| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. |
| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. |
| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. |
| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. |
| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) |

45
charts/stackstate/stackstate-k8s-agent/1.0.49/README.md.gotmpl
View File

@ -1,45 +0,0 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
Current chart version is `{{ template "chart.version" . }}`
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
## Required Values
In order to successfully install this chart, you **must** provide the following variables:
* `stackstate.apiKey`
* `stackstate.cluster.name`
* `stackstate.url`
The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack.
Install them on the command line on Helm with the following command:
```shell
helm install \
--set-string 'stackstate.apiKey'='<your-api-key>' \
--set-string 'stackstate.cluster.name'='<your-cluster-name>' \
--set-string 'stackstate.url'='<your-stackstate-url>' \
stackstate/stackstate-k8s-agent
```
## Recommended Values
It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed.
The command for **also** installing with a set token would be:
```shell
helm install \
--set-string 'stackstate.apiKey'='<your-api-key>' \
--set-string 'stackstate.cluster.name'='<your-cluster-name>' \
--set-string 'stackstate.cluster.authToken'='<your-cluster-token>' \
--set-string 'stackstate.url'='<your-stackstate-url>' \
stackstate/stackstate-k8s-agent
```
{{ template "chart.valuesSection" . }}

15
charts/stackstate/stackstate-k8s-agent/1.0.49/Releasing.md
View File

@ -1,15 +0,0 @@
To make a new release of this helm chart, follow the following steps:
- Create a branch from master
- Set the latest tags for the docker images, based on the dev settings (while we do not promote to prod, the moment we promote to prod we should take those tags) from https://gitlab.com/stackvista/devops/agent-promoter/-/blob/master/config.yml. Set the value to the folowing keys:
* stackstate-k8s-cluster-agent:
* [clusterAgent.image.tag]
* stackstate-k8s-agent:
* [nodeAgent.containers.agent.image.tag]
* [checksAgent.image.tag]
* stackstate-k8s-process-agent:
* [nodeAgent.containers.processAgent.image.tag]
- Bump the version of the chart
- Merge the mr and hit the public release button on the ci pipeline
- Manually smoke-test (deploy) the newly released stackstate/stackstate-k8s-agent chart to make sure it runs

5
charts/stackstate/stackstate-k8s-agent/1.0.49/app-readme.md
View File

@ -1,5 +0,0 @@
## Introduction
StackState is a modern Application Troubleshooting and Observability solution designed for the rapid evolving engineering landscape. With specific enhancements for Kubernetes environments it empowers engineers, allowing them to remediate application issues independently in production.
The StackState Agent auto-discovers your entire environment in minutes, assimilating topology, logs, metrics, and events and sends this of to the StackState server. By using StackState you're able to tracke all activity in your environment in real-time and over time. StackState provides instant understanding of the business impact of an issue, offering end-to-end chain observability and ensuring that you can quickly correlate any product or environmental changes to the overall health of your cloud-native implementation.

25
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/.helmignore
View File

@ -1,25 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
linter_values.yaml
ci/
installation/

15
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Chart.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v2
appVersion: 0.0.1
description: 'Helm chart for deploying the http-header-injector sidecar, which automatically
injects x-request-id into http traffic going through the cluster for pods which
have the annotation `http-header-injector.stackstate.io/inject: enabled` is set. '
home: https://github.com/StackVista/http-header-injector
icon: https://www.stackstate.com/wp-content/uploads/2019/02/152x152-favicon.png
keywords:
- monitoring
- stackstate
maintainers:
- email: ops@stackstate.com
name: Stackstate Lupulus Team
name: http-header-injector
version: 0.0.6

54
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/README.md
View File

@ -1,54 +0,0 @@
# http-header-injector
![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
Helm chart for deploying the http-header-injector sidecar, which automatically injects x-request-id into http traffic
going through the cluster for pods which have the annotation `http-header-injector.stackstate.io/inject: enabled` is set.
**Homepage:** <https://github.com/StackVista/http-header-injector>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| Stackstate Lupulus Team | <ops@stackstate.com> | |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| certificatePrehook | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/container-tools","tag":"1.1.8"}}` | Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook |
| certificatePrehook.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image |
| certificatePrehook.image.registry | string | `nil` | Registry for the docker image. |
| certificatePrehook.image.tag | string | `"1.1.8"` | The tag for the docker image |
| debug | bool | `false` | Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection |
| enabled | bool | `true` | Enable/disable the mutationwebhook |
| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. |
| global.imagePullSecrets | list | `[]` | Globally add image pull secrets that are used. |
| global.imageRegistry | string | `nil` | Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io |
| images.pullSecretName | string | `nil` | |
| proxy | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy","tag":"sha-5ff79451"},"resources":{"limits":{"memory":"40Mi"},"requests":{"memory":"25Mi"}}}` | Proxy being injected into pods for rewriting http headers |
| proxy.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image |
| proxy.image.registry | string | `nil` | Registry for the docker image. |
| proxy.image.tag | string | `"sha-5ff79451"` | The tag for the docker image |
| proxy.resources.limits.memory | string | `"40Mi"` | Memory resource limits. |
| proxy.resources.requests.memory | string | `"25Mi"` | Memory resource requests. |
| proxyInit | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/http-header-injector-proxy-init","tag":"sha-5ff79451"}}` | InitContainer within pod which redirects traffic to the proxy container. |
| proxyInit.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image |
| proxyInit.image.registry | string | `nil` | Registry for the docker image |
| proxyInit.image.tag | string | `"sha-5ff79451"` | The tag for the docker image |
| sidecarInjector | object | `{"image":{"pullPolicy":"IfNotPresent","registry":null,"repository":"stackstate/generic-sidecar-injector","tag":"sha-9c852245"}}` | Service for injecting the proxy sidecar into pods |
| sidecarInjector.image.pullPolicy | string | `"IfNotPresent"` | Policy when pulling an image |
| sidecarInjector.image.registry | string | `nil` | Registry for the docker image. |
| sidecarInjector.image.tag | string | `"sha-9c852245"` | The tag for the docker image |
| webhook | object | `{"failurePolicy":"Ignore","tls":{"certManager":{"issuer":"","issuerKind":"ClusterIssuer","issuerNamespace":""},"mode":"generated","provided":{"caBundle":"","crt":"","key":""},"secret":{"name":""}}}` | MutationWebhook that will be installed to inject a sidecar into pods |
| webhook.failurePolicy | string | `"Ignore"` | How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive. |
| webhook.tls.certManager.issuer | string | `""` | The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". |
| webhook.tls.certManager.issuerKind | string | `"ClusterIssuer"` | The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager". |
| webhook.tls.certManager.issuerNamespace | string | `""` | The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager". |
| webhook.tls.mode | string | `"generated"` | The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime. |
| webhook.tls.provided.caBundle | string | `""` | The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided". |
| webhook.tls.provided.crt | string | `""` | The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided". |
| webhook.tls.provided.key | string | `""` | The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided". |
| webhook.tls.secret.name | string | `""` | The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret". |

26
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/Readme.md.gotpl
View File

@ -1,26 +0,0 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
Current chart version is `{{ template "chart.version" . }}`
{{ template "chart.homepageLine" . }}
{{ template "chart.requirementsSection" . }}
## Required Values
No values have to be included to install this chart. After installing this chart, it becomes possible to annotate pods with
the `http-header-injector.stackstate.io/inject: enabled` annotation to make sure the sidecar provided by this chart is
activated on a pod.
## Recommended Values
{{ template "chart.valuesSection" . -}}
## Install
Install from the command line on Helm with the following command:
```shell
helm install stackstate/http-header-injector
```

82
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/_defines.tpl
View File

@ -1,82 +0,0 @@
{{- define "http-header-injector.app.name" -}}
{{ .Release.Name }}-http-header-injector
{{- end -}}
{{- define "http-header-injector.webhook-service.name" -}}
{{ .Release.Name }}-http-header-injector
{{- end -}}
{{- define "http-header-injector.webhook-service.fqname" -}}
{{ .Release.Name }}-http-header-injector.{{ .Release.Namespace }}.svc
{{- end -}}
{{- define "http-header-injector.cert-secret.name" -}}
{{- if eq .Values.webhook.tls.mode "secret" -}}
{{ .Values.webhook.tls.secret.name }}
{{- else -}}
{{ .Release.Name }}-http-injector-cert
{{- end -}}
{{- end -}}
{{- define "http-header-injector.cert-clusterrole.name" -}}
{{ .Release.Name }}-http-injector-cert-cluster-role
{{- end -}}
{{- define "http-header-injector.cert-serviceaccount.name" -}}
{{ .Release.Name }}-http-injector-cert-sa
{{- end -}}
{{- define "http-header-injector.cert-config.name" -}}
{{ .Release.Name }}-cert-config
{{- end -}}
{{- define "http-header-injector.mutatingwebhookconfiguration.name" -}}
{{ .Release.Name }}-http-header-injector-webhook.stackstate.io
{{- end -}}
{{- define "http-header-injector.webhook-config.name" -}}
{{ .Release.Name }}-http-header-injector-config
{{- end -}}
{{- define "http-header-injector.mutating-webhook.name" -}}
{{ .Release.Name }}-http-header-injector-webhook
{{- end -}}
{{- define "http-header-injector.pull-secret.name" -}}
{{ include "http-header-injector.app.name" . }}-pull-secret
{{- end -}}
{{/* If the issuer is located in a different namespace, it is possible to set that, else default to the release namespace */}}
{{- define "cert-manager.certificate.namespace" -}}
{{ .Values.webhook.tls.certManager.issuerNamespace | default .Release.Namespace }}
{{- end -}}
{{- define "http-header-injector.image.registry.global" -}}
{{- if .Values.global }}
{{- .Values.global.imageRegistry | default "quay.io" -}}
{{- else -}}
quay.io
{{- end -}}
{{- end -}}
{{- define "http-header-injector.image.registry" -}}
{{- if ((.ContainerConfig).image).registry -}}
{{- tpl .ContainerConfig.image.registry . -}}
{{- else -}}
{{- include "http-header-injector.image.registry.global" . }}
{{- end -}}
{{- end -}}
{{- define "http-header-injector.image.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- $pullSecrets = append $pullSecrets (include "http-header-injector.pull-secret.name" .) }}
{{- range .Values.global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) -}}
imagePullSecrets:
{{- range $pullSecrets | uniq }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}

22
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrolbinding.yaml
View File

@ -1,22 +0,0 @@
{{- if eq .Values.webhook.tls.mode "generated" }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}"
labels:
app.kubernetes.io/component: http-header-injector-cert-hook
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade
"helm.sh/hook-weight": "-3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "{{ include "http-header-injector.cert-clusterrole.name" . }}"
subjects:
- kind: ServiceAccount
name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}"
namespace: {{ .Release.Namespace }}
{{- end }}

24
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-clusterrole.yaml
View File

@ -1,24 +0,0 @@
{{- if eq .Values.webhook.tls.mode "generated" }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "{{ include "http-header-injector.cert-clusterrole.name" . }}"
labels:
app.kubernetes.io/component: http-header-injector-cert-hook
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade
"helm.sh/hook-weight": "-4"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
rules:
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "mutatingwebhookconfigurations" ]
verbs: [ "get", "create", "patch","update","delete" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "create", "get", "patch","update","delete" ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get" ]
{{- end }}

152
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-config.yaml
View File

@ -1,152 +0,0 @@
{{- if eq .Values.webhook.tls.mode "generated" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "http-header-injector.cert-config.name" . }}"
labels:
app.kubernetes.io/component: http-header-injector-cert-hook
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade
"helm.sh/hook-weight": "-3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
data:
generate-cert.sh: |
#!/bin/bash
# We are going for a self-signed certificate here. We would like to use k8s CertificateSigningRequest, however,
# currently there are no out of the box signers that can sign a 'server auth' certificate, which is required for mutation webhooks.
set -ex
SCRIPTDIR="${BASH_SOURCE%/*}"
DIR=`mktemp -d`
cd "$DIR"
{{ if .Values.enabled }}
echo "Chart enabled, creating secret and webhook"
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN={{ include "http-header-injector.webhook-service.fqname" . }}" -days 10000 -out ca.crt
openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr -config "$SCRIPTDIR/csr.conf"
openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out tls.crt -days 10000 \
-extensions v3_ext -extfile "$SCRIPTDIR/csr.conf" -sha256
# Create or update the secret
echo "Applying secret"
kubectl create secret tls "{{ include "http-header-injector.cert-secret.name" . }}" \
-n "{{ .Release.Namespace }}" \
--cert=./tls.crt \
--key=./tls.key \
--dry-run=client \
-o yaml | kubectl apply -f -
echo "Applying mutationwebhook"
caBundle=`base64 -w 0 ca.crt`
cat "$SCRIPTDIR/mutatingwebhookconfiguration.yaml" | sed "s/\\\$CA_BUNDLE/$caBundle/g" | kubectl apply -f -
{{ else }}
echo "Chart disabled, not creating secret and webhook"
{{ end }}
delete-cert.sh: |
#!/bin/bash
set -x
DIR="${BASH_SOURCE%/*}"
if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi
if [[ "$DIR" = "." ]]; then DIR="$PWD"; fi
cd "$DIR"
# Using detection of deployment hee to also make this work in post-delete.
if kubectl get deployments "{{ include "http-header-injector.app.name" . }}" -n "{{ .Release.Namespace }}"; then
echo "Chart enabled, not removing secret and mutationwebhook"
exit 0
else
echo "Chart disabled, removing secret and mutationwebhook"
fi
# Create or update the secret
echo "Deleting secret"
kubectl delete secret "{{ include "http-header-injector.cert-secret.name" . }}" -n "{{ .Release.Namespace }}"
echo "Applying mutationwebhook"
kubectl delete MutatingWebhookConfiguration "{{ include "http-header-injector.mutating-webhook.name" . }}" -n "{{ .Release.Namespace }}"
exit 0
csr.conf: |
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C = NL
ST = Utrecht
L = Hilversum
O = StackState
OU = Dev
CN = {{ include "http-header-injector.webhook-service.fqname" . }}
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = {{ include "http-header-injector.webhook-service.fqname" . }}
[ v3_ext ]
authorityKeyIdentifier=keyid,issuer:always
basicConstraints=CA:FALSE
keyUsage=keyEncipherment,dataEncipherment
extendedKeyUsage=serverAuth
subjectAltName=@alt_names
mutatingwebhookconfiguration.yaml: |
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: "{{ include "http-header-injector.mutating-webhook.name" . }}"
namespace: "{{ .Release.Namespace }}"
webhooks:
- clientConfig:
caBundle: "$CA_BUNDLE"
service:
name: "{{ include "http-header-injector.webhook-service.name" . }}"
path: /mutate
namespace: {{ .Release.Namespace }}
port: 8443
# Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service.
failurePolicy: "{{ .Values.webhook.failurePolicy }}"
name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}"
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
- cert-manager
- {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
admissionReviewVersions:
- v1
{{- end }}

42
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-delete.yaml
View File

@ -1,42 +0,0 @@
{{- if eq .Values.webhook.tls.mode "generated" }}
{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-header-injector-cert-delete
labels:
app.kubernetes.io/component: http-header-injector-cert-hook-delete
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
"helm.sh/hook": post-delete,post-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }}
spec:
template:
metadata:
labels:
app.kubernetes.io/component: http-header-injector-delete
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }}
spec:
serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}"
{{- include "http-header-injector.image.pullSecrets" . | nindent 6 }}
volumes:
- name: "{{ include "http-header-injector.cert-config.name" . }}"
configMap:
name: "{{ include "http-header-injector.cert-config.name" . }}"
defaultMode: 0777
containers:
- name: webhook-cert-delete
image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}"
imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }}
volumeMounts:
- name: "{{ include "http-header-injector.cert-config.name" . }}"
mountPath: /scripts
command: [ "/scripts/delete-cert.sh" ]
restartPolicy: Never
backoffLimit: 0
{{- end }}

43
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-job-setup.yaml
View File

@ -1,43 +0,0 @@
{{- if eq .Values.webhook.tls.mode "generated" }}
{{- $containerConfig := dict "ContainerConfig" .Values.certificatePrehook -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-header-injector-cert-setup
labels:
app.kubernetes.io/component: http-header-injector-cert-hook-setup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": before-hook-creation{{- if not .Values.debug -}},hook-succeeded{{- end }}
spec:
template:
metadata:
labels:
app.kubernetes.io/component: http-header-injector-setup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/cert-hook-config.yaml") . | sha256sum }}
spec:
serviceAccountName: "{{ include "http-header-injector.cert-serviceaccount.name" . }}"
{{- include "http-header-injector.image.pullSecrets" . | nindent 6 }}
volumes:
- name: "{{ include "http-header-injector.cert-config.name" . }}"
configMap:
name: "{{ include "http-header-injector.cert-config.name" . }}"
defaultMode: 0777
containers:
- name: webhook-cert-setup
image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.certificatePrehook.image.repository }}:{{ .Values.certificatePrehook.image.tag }}"
imagePullPolicy: {{ .Values.certificatePrehook.image.pullPolicy }}
volumeMounts:
- name: "{{ include "http-header-injector.cert-config.name" . }}"
mountPath: /scripts
readOnly: true
command: ["/scripts/generate-cert.sh"]
restartPolicy: Never
backoffLimit: 0
{{- end }}

16
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/cert-hook-serviceaccount.yaml
View File

@ -1,16 +0,0 @@
{{- if eq .Values.webhook.tls.mode "generated" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ include "http-header-injector.cert-serviceaccount.name" . }}"
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-delete,post-upgrade
"helm.sh/hook-weight": "-4"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app.kubernetes.io/component: http-header-injector-cert-hook
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
app: "{{ include "http-header-injector.app.name" . }}"
{{- end }}

29
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/pull-secret.yaml
View File

@ -1,29 +0,0 @@
{{- $defaultRegistry := .Values.global.imageRegistry }}
{{- $top := . }}
{{- $registryAuthMap := dict }}
{{- range $registry, $credentials := .Values.global.imagePullCredentials }}
{{- $registryAuthDocument := dict -}}
{{- $_ := set $registryAuthDocument "username" $credentials.username }}
{{- $_ := set $registryAuthDocument "password" $credentials.password }}
{{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }}
{{- $_ := set $registryAuthDocument "auth" $authMessage }}
{{- if eq $registry "default" }}
{{- $registryAuthMap := set $registryAuthMap (include "http-header-injector.image.registry.global" $top) $registryAuthDocument }}
{{ else }}
{{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }}
{{- end }}
{{- end }}
{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }}
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
name: {{ include "http-header-injector.pull-secret.name" . }}
data:
.dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }}
type: kubernetes.io/dockerconfigjson

15
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-cert-secret.yaml
View File

@ -1,15 +0,0 @@
{{- if eq .Values.webhook.tls.mode "provided" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "http-header-injector.cert-secret.name" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.webhook.tls.provided.crt | b64enc }}
tls.key: {{ .Values.webhook.tls.provided.key | b64enc }}
{{- end }}

20
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-certificate.yaml
View File

@ -1,20 +0,0 @@
{{- if eq .Values.webhook.tls.mode "cert-manager" }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "http-header-injector.webhook-service.name" . }}
namespace: {{ include "cert-manager.certificate.namespace" . }}
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
spec:
secretName: {{ include "http-header-injector.cert-secret.name" . }}
issuerRef:
name: {{ .Values.webhook.tls.certManager.issuer }}
kind: {{ .Values.webhook.tls.certManager.issuerKind }}
dnsNames:
- "{{ include "http-header-injector.webhook-service.name" . }}"
- "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}"
- "{{ include "http-header-injector.webhook-service.name" . }}.{{ .Release.Namespace }}.svc"
{{- end }}

125
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-config.yaml
View File

@ -1,125 +0,0 @@
{{- if .Values.enabled -}}
{{- $proxyContainerConfig := dict "ContainerConfig" .Values.proxy -}}
{{- $proxyInitContainerConfig := dict "ContainerConfig" .Values.proxyInit -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
name: {{ .Release.Name }}-http-header-injector-config
data:
sidecarconfig.yaml: |
initContainers:
- name: http-header-proxy-init
image: "{{ include "http-header-injector.image.registry" (merge $proxyInitContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}"
imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }}
command: ["/init-iptables.sh"]
env:
- name: CHART_VERSION
value: "{{ .Chart.Version }}"
- name: PROXY_PORT
value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %}
- name: PROXY_UID
value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}"{% else %}"2103"{% end %}
- name: POD_HOST_NETWORK
value: {% .Spec.HostNetwork %}
{% if eq (index .Annotations "linkerd.io/inject") "enabled" %}
- name: LINKERD
value: true
# Reference: https://linkerd.io/2.13/reference/proxy-configuration/
- name: LINKERD_PROXY_UID
value: {% if index .Annotations "config.linkerd.io/proxy-uid" %}"{% index .Annotations "config.linkerd.io/proxy-uid" %}"{% else %}"2102"{% end %}
# Due to https://github.com/linkerd/linkerd2/issues/10981 this is now not realy possible, still bringing in the code for future reference
- name: LINKERD_ADMIN_PORT
value: {% if index .Annotations "config.linkerd.io/admin-port" %}"{% index .Annotations "config.linkerd.io/admin-port" %}"{% else %}"4191"{% end %}
{% end %}
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
volumeMounts:
# This is required for iptables to be able to run
- mountPath: /run
name: http-header-proxy-init-xtables-lock
containers:
- name: http-header-proxy
image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}"
imagePullPolicy: {{ .Values.proxy.image.pullPolicy }}
env:
- name: CHART_VERSION
value: "{{ .Chart.Version }}"
- name: PORT
value: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% index .Annotations "config.http-header-injector.stackstate.io/proxy-port" %}"{% else %}"7060"{% end %}
- name: DEBUG
value: {% if index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% index .Annotations "config.http-header-injector.stackstate.io/debug" %}"{% else %}"disabled"{% end %}
securityContext:
runAsUser: {% if index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% index .Annotations "config.http-header-injector.stackstate.io/proxy-uid" %}{% else %}2103{% end %}
seccompProfile:
type: RuntimeDefault
{{- with .Values.proxy.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
- name: http-header-inject-debug
image: "{{ include "http-header-injector.image.registry" (merge $proxyContainerConfig .) }}/{{ .Values.proxyInit.image.repository }}:{{ .Values.proxyInit.image.tag }}"
imagePullPolicy: {{ .Values.proxyInit.image.pullPolicy }}
command: ["/bin/sh", "-c", "while echo \"Running\"; do sleep 1; done"]
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
volumeMounts:
# This is required for iptables to be able to run
- mountPath: /run
name: http-header-proxy-init-xtables-lock
volumes:
- emptyDir: {}
name: http-header-proxy-init-xtables-lock
mutationconfig.yaml: |
mutationConfigs:
- name: "http-header-injector"
annotationNamespace: "http-header-injector.stackstate.io"
annotationTrigger: "inject"
annotationConfig:
volumeMounts: []
initContainersBeforePodInitContainers: [ "http-header-proxy-init" ]
initContainers: [ "http-header-proxy-init" ]
containers: [ "http-header-proxy" ]
volumes: [ "http-header-proxy-init-xtables-lock" ]
volumeMounts: [ ]
# Namespaces are ignored by the mutatingwebhook
ignoreNamespaces: [ ]
- name: "http-header-injector-debug"
annotationNamespace: "http-header-injector-debug.stackstate.io"
annotationTrigger: "inject"
annotationConfig:
volumeMounts: []
initContainersBeforePodInitContainers: [ ]
initContainers: [ ]
containers: [ "http-header-inject-debug" ]
volumes: [ "http-header-proxy-init-xtables-lock" ]
volumeMounts: [ ]
# Namespaces are ignored by the mutatingwebhook
ignoreNamespaces: [ ]
{{- end -}}

56
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-deployment.yaml
View File

@ -1,56 +0,0 @@
{{- if .Values.enabled -}}
{{- $containerConfig := dict "ContainerConfig" .Values.sidecarInjector -}}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
app: "{{ include "http-header-injector.app.name" . }}"
name: "{{ include "http-header-injector.app.name" . }}"
spec:
replicas: 1
selector:
matchLabels:
app: "{{ include "http-header-injector.app.name" . }}"
template:
metadata:
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
app: "{{ include "http-header-injector.app.name" . }}"
annotations:
checksum/config: {{ include (print $.Template.BasePath "/webhook-config.yaml") . | sha256sum }}
# This is here to make sure the generic injector gets restarted and picks up a new secret that may have been generated upon upgrade.
revision: "{{ .Release.Revision }}"
name: "{{ include "http-header-injector.app.name" . }}"
spec:
{{- include "http-header-injector.image.pullSecrets" . | nindent 6 }}
volumes:
- name: "{{ include "http-header-injector.webhook-config.name" . }}"
configMap:
name: "{{ include "http-header-injector.webhook-config.name" . }}"
- name: "{{ include "http-header-injector.cert-secret.name" . }}"
secret:
secretName: "{{ include "http-header-injector.cert-secret.name" . }}"
containers:
- image: "{{ include "http-header-injector.image.registry" (merge $containerConfig .) }}/{{ .Values.sidecarInjector.image.repository }}:{{ .Values.sidecarInjector.image.tag }}"
imagePullPolicy: {{ .Values.sidecarInjector.image.pullPolicy }}
name: http-header-injector
volumeMounts:
- name: "{{ include "http-header-injector.webhook-config.name" . }}"
mountPath: /etc/webhook/config
readOnly: true
- name: "{{ include "http-header-injector.cert-secret.name" . }}"
mountPath: /etc/webhook/certs
readOnly: true
command: [ "/sidecarinjector" ]
args:
- --port=8443
- --sidecar-config-file=/etc/webhook/config/sidecarconfig.yaml
- --mutation-config-file=/etc/webhook/config/mutationconfig.yaml
- --cert-file-path=/etc/webhook/certs/tls.crt
- --key-file-path=/etc/webhook/certs/tls.key
{{- end -}}

52
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-mutatingwebhookconfiguration.yaml
View File

@ -1,52 +0,0 @@
{{- if not (eq .Values.webhook.tls.mode "generated") }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: "{{ include "http-header-injector.mutating-webhook.name" . }}"
namespace: "{{ .Release.Namespace }}"
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
annotations:
{{- if eq .Values.webhook.tls.mode "cert-manager" }}
cert-manager.io/inject-ca-from: {{ include "cert-manager.certificate.namespace" . }}/{{ include "http-header-injector.webhook-service.name" . }}
{{- else if eq .Values.webhook.tls.mode "secret" }}
cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.tls.secret.name | required "'webhook.tls.secret.name' is required when webhook.tls.mode is 'secret'" }}
{{- end }}
webhooks:
- clientConfig:
{{- if eq .Values.webhook.tls.mode "provided" }}
caBundle: "{{ .Values.webhook.tls.provided.caBundle | b64enc }}"
{{- else if or (eq .Values.webhook.tls.mode "cert-manager") (eq .Values.webhook.tls.mode "secret") }}
caBundle: ""
{{- end }}
service:
name: "{{ include "http-header-injector.webhook-service.name" . }}"
path: /mutate
namespace: {{ .Release.Namespace }}
port: 8443
# Putting failure on ignore, not doing so can crash the entire control plane if something goes wrong with the service.
failurePolicy: "{{ .Values.webhook.failurePolicy }}"
name: "{{ include "http-header-injector.mutatingwebhookconfiguration.name" . }}"
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
- cert-manager
- {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
admissionReviewVersions:
- v1
{{- end }}

17
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/templates/webhook-service.yaml
View File

@ -1,17 +0,0 @@
{{- if .Values.enabled -}}
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: http-header-injector
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "http-header-injector.app.name" . }}
name: "{{ include "http-header-injector.webhook-service.name" . }}"
spec:
ports:
- port: 8443
protocol: TCP
targetPort: 8443
selector:
app: "{{ include "http-header-injector.app.name" . }}"
{{- end -}}

98
charts/stackstate/stackstate-k8s-agent/1.0.49/charts/http-header-injector/values.yaml
View File

@ -1,98 +0,0 @@
# enabled -- Enable/disable the mutationwebhook
enabled: true
# debug -- Enable debugging. This will leave leave artifacts around like the prehook jobs for further inspection
debug: false
global:
# global.imageRegistry -- Globally override the image registry that is used. Can be overridden by specific containers. Defaults to quay.io
imageRegistry: null
# global.imagePullSecrets -- Globally add image pull secrets that are used.
imagePullSecrets: []
# global.imagePullCredentials -- Globally define credentials for pulling images.
imagePullCredentials: {}
images:
pullSecretName:
# proxy -- Proxy being injected into pods for rewriting http headers
proxy:
image:
# proxy.image.registry -- Registry for the docker image.
registry:
# proxy.image.repository - Repository for the docker image
repository: "stackstate/http-header-injector-proxy"
# proxy.image.pullPolicy -- Policy when pulling an image
pullPolicy: IfNotPresent
# proxy.image.tag -- The tag for the docker image
tag: sha-5ff79451
# proxy.resource -- Resources for the proxy container
resources:
requests:
# proxy.resources.requests.memory -- Memory resource requests.
memory: "25Mi"
limits:
# proxy.resources.limits.memory -- Memory resource limits.
memory: "40Mi"
# proxyInit -- InitContainer within pod which redirects traffic to the proxy container.
proxyInit:
image:
# proxyInit.image.registry -- Registry for the docker image
registry:
# proxyInit.image.repository - Repository for the docker image
repository: "stackstate/http-header-injector-proxy-init"
# proxyInit.image.pullPolicy -- Policy when pulling an image
pullPolicy: IfNotPresent
# proxyInit.image.tag -- The tag for the docker image
tag: sha-5ff79451
# sidecarInjector -- Service for injecting the proxy sidecar into pods
sidecarInjector:
image:
# sidecarInjector.image.registry -- Registry for the docker image.
registry:
# sidecarInjector.image.repository - Repository for the docker image
repository: "stackstate/generic-sidecar-injector"
# sidecarInjector.image.pullPolicy -- Policy when pulling an image
pullPolicy: IfNotPresent
# sidecarInjector.image.tag -- The tag for the docker image
tag: sha-9c852245
# certificatePrehook -- Helm prehook to setup/remove a certificate for the sidecarInjector mutationwebhook
certificatePrehook:
image:
# certificatePrehook.image.registry -- Registry for the docker image.
registry:
# certificatePrehook.image.repository - Repository for the docker image.
repository: stackstate/container-tools
# certificatePrehook.image.pullPolicy -- Policy when pulling an image
pullPolicy: IfNotPresent
# certificatePrehook.image.tag -- The tag for the docker image
tag: 1.1.8
# webhook -- MutationWebhook that will be installed to inject a sidecar into pods
webhook:
# webhook.failurePolicy -- How should the webhook fail? Best is to use Ignore, because there is a brief moment at initialization when the hook s there but the service not. Also, putting this to fail can cause the control plane be unresponsive.
failurePolicy: Ignore
tls:
# webhook.tls.mode -- The mode for the webhook. Can be "provided", "generated", "secret" or "cert-manager". If you want to use cert-manager, you need to install it first. NOTE: If you choose "generated", additional privileges are required to create the certificate and webhook at runtime.
mode: "generated"
provided:
# webhook.tls.provided.caBundle -- The caBundle that is used for the webhook. This is the certificate that is used to sign the webhook. Only used if you set webhook.tls.mode to "provided".
caBundle: ""
# webhook.tls.provided.crt -- The certificate that is used for the webhook. Only used if you set webhook.tls.mode to "provided".
crt: ""
# webhook.tls.provided.key -- The key that is used for the webhook. Only used if you set webhook.tls.mode to "provided".
key: ""
certManager:
# webhook.tls.certManager.issuer -- The issuer that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager".
issuer: ""
# webhook.tls.certManager.issuerKind -- The issuer kind that is used for the webhook, valid values are "Issuer" or "ClusterIssuer". Only used if you set webhook.tls.mode to "cert-manager".
issuerKind: "ClusterIssuer"
# webhook.tls.certManager.issuerNamespace -- The namespace the cert-manager issuer is located in. If left empty defaults to the release's namespace that is used for the webhook. Only used if you set webhook.tls.mode to "cert-manager".
issuerNamespace: ""
secret:
# webhook.tls.secret.name -- The name of the secret containing the pre-provisioned certificate data that is used for the webhook. Only used if you set webhook.tls.mode to "secret".
name: ""

184
charts/stackstate/stackstate-k8s-agent/1.0.49/questions.yml
View File

@ -1,184 +0,0 @@
questions:
- variable: stackstate.apiKey
label: "StackState API Key"
type: string
description: "The API key for StackState."
required: true
group: General
- variable: stackstate.url
label: "StackState URL"
type: string
description: "The URL where StackState is running."
required: true
group: General
- variable: stackstate.cluster.name
label: "StackState Cluster Name"
type: string
description: "The StackState Cluster Name given when installing the instance of the Kubernetes StackPack in StackState. This is used to identify the cluster in StackState."
required: true
group: General
- variable: all.registry.override
label: "Override Default Image Registry"
type: boolean
description: "Whether or not to override the default image registry."
default: false
group: "General"
show_subquestions_if: true
subquestions:
- variable: all.image.registry
label: "Docker Image Registry"
type: string
description: "The registry to pull the StackState Agent images from."
default: "quay.io"
- variable: global.imagePullCredentials.username
label: "Docker Image Pull Username"
type: string
description: "The username to use when pulling the StackState Agent images."
- variable: global.imagePullCredentials.password
label: "Docker Image Pull Password"
type: secret
description: "The password to use when pulling the StackState Agent images."
- variable: nodeAgent.containers.agent.resources.override
label: "Override Node Agent Resource Allocation"
type: boolean
description: "Whether or not to override the default resources."
default: "false"
group: "Node Agent"
show_subquestions_if: true
subquestions:
- variable: nodeAgent.containers.agent.resources.requests.cpu
label: "CPU Requests"
type: string
description: "The requested CPU for the Node Agent."
default: "20m"
- variable: nodeAgent.containers.agent.resources.requests.memory
label: "Memory Requests"
type: string
description: "The requested memory for the Node Agent."
default: "180Mi"
- variable: nodeAgent.containers.agent.resources.limits.cpu
label: "CPU Limit"
type: string
description: "The CPU limit for the Node Agent."
default: "270m"
- variable: nodeAgent.containers.agent.resources.limits.memory
label: "Memory Limit"
type: string
description: "The memory limit for the Node Agent."
default: "420Mi"
- variable: nodeAgent.containers.processAgent.enabled
label: "Enable Process Agent"
type: boolean
description: "Whether or not to enable the Process Agent."
default: "true"
group: "Process Agent"
- variable: nodeAgent.skipKubeletTLSVerify
label: "Skip Kubelet TLS Verify"
type: boolean
description: "Whether or not to skip TLS verification when connecting to the kubelet API."
default: "true"
group: "Process Agent"
- variable: nodeAgent.containers.processAgent.resources.override
label: "Override Process Agent Resource Allocation"
type: boolean
description: "Whether or not to override the default resources."
default: "false"
group: "Process Agent"
show_subquestions_if: true
subquestions:
- variable: nodeAgent.containers.processAgent.resources.requests.cpu
label: "CPU Requests"
type: string
description: "The requested CPU for the Process Agent."
default: "25m"
- variable: nodeAgent.containers.processAgent.resources.requests.memory
label: "Memory Requests"
type: string
description: "The requested memory for the Process Agent."
default: "128Mi"
- variable: nodeAgent.containers.processAgent.resources.limits.cpu
label: "CPU Limit"
type: string
description: "The CPU limit for the Process Agent."
default: "125m"
- variable: nodeAgent.containers.processAgent.resources.limits.memory
label: "Memory Limit"
type: string
description: "The memory limit for the Process Agent."
default: "400Mi"
- variable: clusterAgent.enabled
label: "Enable Cluster Agent"
type: boolean
description: "Whether or not to enable the Cluster Agent."
default: "true"
group: "Cluster Agent"
- variable: clusterAgent.collection.kubernetesResources.secrets
label: "Collect Secret Resources"
type: boolean
description: |
Whether or not to collect Kubernetes Secrets.
NOTE: StackState will not send the actual data of the secrets, only the metadata and a secure hash of the data.
default: "true"
group: "Cluster Agent"
- variable: clusterAgent.resources.override
label: "Override Cluster Agent Resource Allocation"
type: boolean
description: "Whether or not to override the default resources."
default: "false"
group: "Cluster Agent"
show_subquestions_if: true
subquestions:
- variable: clusterAgent.resources.requests.cpu
label: "CPU Requests"
type: string
description: "The requested CPU for the Cluster Agent."
default: "70m"
- variable: clusterAgent.resources.requests.memory
label: "Memory Requests"
type: string
description: "The requested memory for the Cluster Agent."
default: "512Mi"
- variable: clusterAgent.resources.limits.cpu
label: "CPU Limit"
type: string
description: "The CPU limit for the Cluster Agent."
default: "400m"
- variable: clusterAgent.resources.limits.memory
label: "Memory Limit"
type: string
description: "The memory limit for the Cluster Agent."
default: "800Mi"
- variable: logsAgent.enabled
label: "Enable Logs Agent"
type: boolean
description: "Whether or not to enable the Logs Agent."
default: "true"
group: "Logs Agent"
- variable: logsAgent.resources.override
label: "Override Logs Agent Resource Allocation"
type: boolean
description: "Whether or not to override the default resources."
default: "false"
group: "Logs Agent"
show_subquestions_if: true
subquestions:
- variable: logsAgent.resources.requests.cpu
label: "CPU Requests"
type: string
description: "The requested CPU for the Logs Agent."
default: "20m"
- variable: logsAgent.resources.requests.memory
label: "Memory Requests"
type: string
description: "The requested memory for the Logs Agent."
default: "100Mi"
- variable: logsAgent.resources.limits.cpu
label: "CPU Limit"
type: string
description: "The CPU limit for the Logs Agent."
default: "1300m"
- variable: logsAgent.resources.limits.memory
label: "Memory Limit"
type: string
description: "The memory limit for the Logs Agent."
default: "192Mi"

62
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_cluster-agent-kube-state-metrics.yaml
View File

@ -1,62 +0,0 @@
{{- define "cluster-agent-kube-state-metrics" -}}
{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }}
{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }}
cluster_check: true
{{- end }}
init_config:
instances:
- collectors:
- nodes
- pods
- services
{{- if $kubeRes.persistentvolumeclaims }}
- persistentvolumeclaims
{{- end }}
{{- if $kubeRes.persistentvolumes }}
- persistentvolumes
{{- end }}
{{- if $kubeRes.namespaces }}
- namespaces
{{- end }}
{{- if $kubeRes.endpoints }}
- endpoints
{{- end }}
{{- if $kubeRes.daemonsets }}
- daemonsets
{{- end }}
{{- if $kubeRes.deployments }}
- deployments
{{- end }}
{{- if $kubeRes.replicasets }}
- replicasets
{{- end }}
{{- if $kubeRes.statefulsets }}
- statefulsets
{{- end }}
{{- if $kubeRes.cronjobs }}
- cronjobs
{{- end }}
{{- if $kubeRes.jobs }}
- jobs
{{- end }}
{{- if $kubeRes.ingresses }}
- ingresses
{{- end }}
{{- if $kubeRes.secrets }}
- secrets
{{- end }}
- resourcequotas
- replicationcontrollers
- limitranges
- horizontalpodautoscalers
- poddisruptionbudgets
- storageclasses
- volumeattachments
{{- if .Values.clusterAgent.collection.kubeStateMetrics.clusterCheck }}
skip_leader_election: true
{{- end }}
labels_as_tags:
{{ .Values.clusterAgent.collection.kubeStateMetrics.labelsAsTags | toYaml | indent 8 }}
annotations_as_tags:
{{ .Values.clusterAgent.collection.kubeStateMetrics.annotationsAsTags | toYaml | indent 8 }}
{{- end -}}

192
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-agent.yaml
View File

@ -1,192 +0,0 @@
{{- define "container-agent" -}}
- name: node-agent
{{- if .Values.all.hardening.enabled}}
lifecycle:
preStop:
exec:
command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ]
{{- end }}
image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.agent.image.repository }}:{{ .Values.nodeAgent.containers.agent.image.tag }}"
imagePullPolicy: "{{ .Values.nodeAgent.containers.agent.image.pullPolicy }}"
env:
- name: STS_API_KEY
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-api-key
- name: STS_KUBERNETES_KUBELET_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: STS_HOSTNAME
value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}"
- name: AGENT_VERSION
value: {{ .Values.nodeAgent.containers.agent.image.tag | quote }}
- name: HOST_PROC
value: "/host/proc"
- name: HOST_SYS
value: "/host/sys"
- name: KUBERNETES
value: "true"
- name: STS_APM_ENABLED
value: {{ .Values.nodeAgent.apm.enabled | quote }}
- name: STS_APM_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
- name: STS_CLUSTER_AGENT_ENABLED
value: {{ .Values.clusterAgent.enabled | quote }}
{{- if .Values.clusterAgent.enabled }}
- name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME
value: {{ .Release.Name }}-cluster-agent
- name: STS_CLUSTER_AGENT_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-cluster-auth-token
{{- end }}
- name: STS_CLUSTER_NAME
value: {{ .Values.stackstate.cluster.name | quote }}
- name: STS_SKIP_VALIDATE_CLUSTERNAME
value: "true"
- name: STS_CHECKS_TAG_CARDINALITY
value: {{ .Values.nodeAgent.checksTagCardinality | quote }}
{{- if .Values.checksAgent.enabled }}
- name: STS_EXTRA_CONFIG_PROVIDERS
value: "endpointschecks"
{{- end }}
- name: STS_HEALTH_PORT
value: "5555"
- name: STS_LEADER_ELECTION
value: "false"
- name: LOG_LEVEL
value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }}
- name: STS_LOG_LEVEL
value: {{ .Values.nodeAgent.containers.agent.logLevel | default .Values.nodeAgent.logLevel | quote }}
- name: STS_NETWORK_TRACING_ENABLED
value: {{ .Values.nodeAgent.networkTracing.enabled | quote }}
- name: STS_PROTOCOL_INSPECTION_ENABLED
value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }}
- name: STS_PROCESS_AGENT_ENABLED
value: {{ .Values.nodeAgent.containers.agent.processAgent.enabled | quote }}
- name: STS_CONTAINER_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.container | quote }}
- name: STS_CONNECTION_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.connections | quote }}
- name: STS_PROCESS_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.process | quote }}
- name: STS_PROCESS_AGENT_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
- name: STS_SKIP_SSL_VALIDATION
value: {{ .Values.nodeAgent.skipSslValidation | quote }}
- name: STS_SKIP_KUBELET_TLS_VERIFY
value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }}
- name: STS_STS_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
{{- if .Values.nodeAgent.containerRuntime.customSocketPath }}
- name: STS_CRI_SOCKET_PATH
value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }}
{{- end }}
{{- range $key, $value := .Values.nodeAgent.containers.agent.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.open }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.secret }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: {{ $key }}
{{- end }}
{{- if .Values.nodeAgent.containers.agent.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /health
port: healthport
failureThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.nodeAgent.containers.agent.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.nodeAgent.containers.agent.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.nodeAgent.containers.agent.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /health
port: healthport
failureThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.nodeAgent.containers.agent.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.nodeAgent.containers.agent.readinessProbe.timeoutSeconds }}
{{- end }}
ports:
- containerPort: 8126
name: traceport
protocol: TCP
- containerPort: 5555
name: healthport
protocol: TCP
{{- with .Values.nodeAgent.containers.agent.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.nodeAgent.containerRuntime.customSocketPath }}
- name: customcrisocket
mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }}
readOnly: true
{{- end }}
- name: crisocket
mountPath: /var/run/crio/crio.sock
readOnly: true
- name: containerdsocket
mountPath: /var/run/containerd/containerd.sock
readOnly: true
- name: kubelet
mountPath: /var/lib/kubelet
readOnly: true
- name: nfs
mountPath: /var/lib/nfs
readOnly: true
- name: dockersocket
mountPath: /var/run/docker.sock
readOnly: true
- name: dockernetns
mountPath: /run/docker/netns
readOnly: true
- name: dockeroverlay2
mountPath: /var/lib/docker/overlay2
readOnly: true
- name: procdir
mountPath: /host/proc
readOnly: true
- name: cgroups
mountPath: /host/sys/fs/cgroup
readOnly: true
{{- if .Values.nodeAgent.config.override }}
{{- range .Values.nodeAgent.config.override }}
- name: config-override-volume
mountPath: {{ .path }}/{{ .name }}
subPath: {{ .path | replace "/" "_"}}_{{ .name }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.all.hardening.enabled}}
securityContext:
privileged: true
runAsUser: 0 # root
capabilities:
add: [ "ALL" ]
readOnlyRootFilesystem: false
{{- else }}
securityContext:
privileged: false
{{- end }}
{{- end -}}

148
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_container-process-agent.yaml
View File

@ -1,148 +0,0 @@
{{- define "container-process-agent" -}}
- name: process-agent
{{ if .Values.nodeAgent.containers.processAgent.image.registry }}
image: "{{ .Values.nodeAgent.containers.processAgent.image.registry }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}"
{{ else }}
image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.nodeAgent.containers.processAgent.image.repository }}:{{ .Values.nodeAgent.containers.processAgent.image.tag }}"
{{- end }}
imagePullPolicy: "{{ .Values.nodeAgent.containers.processAgent.image.pullPolicy }}"
ports:
- containerPort: 6063
env:
- name: STS_API_KEY
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-api-key
- name: STS_KUBERNETES_KUBELET_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: STS_HOSTNAME
value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}"
- name: AGENT_VERSION
value: {{ .Values.nodeAgent.containers.processAgent.image.tag | quote }}
- name: STS_LOG_TO_CONSOLE
value: "true"
- name: HOST_PROC
value: "/host/proc"
- name: HOST_SYS
value: "/host/sys"
- name: KUBERNETES
value: "true"
- name: STS_CLUSTER_AGENT_ENABLED
value: {{ .Values.clusterAgent.enabled | quote }}
{{- if .Values.clusterAgent.enabled }}
- name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME
value: {{ .Release.Name }}-cluster-agent
- name: STS_CLUSTER_AGENT_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-cluster-auth-token
{{- end }}
- name: STS_CLUSTER_NAME
value: {{ .Values.stackstate.cluster.name | quote }}
- name: STS_SKIP_VALIDATE_CLUSTERNAME
value: "true"
- name: LOG_LEVEL
value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }}
- name: STS_LOG_LEVEL
value: {{ .Values.nodeAgent.containers.processAgent.logLevel | default .Values.nodeAgent.logLevel | quote }}
- name: STS_NETWORK_TRACING_ENABLED
value: {{ .Values.nodeAgent.networkTracing.enabled | quote }}
- name: STS_PROTOCOL_INSPECTION_ENABLED
value: {{ .Values.nodeAgent.protocolInspection.enabled | quote }}
- name: STS_PROCESS_AGENT_ENABLED
value: {{ .Values.nodeAgent.containers.processAgent.enabled | quote }}
- name: STS_CONTAINER_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.container | quote }}
- name: STS_CONNECTION_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.connections | quote }}
- name: STS_PROCESS_CHECK_INTERVAL
value: {{ .Values.processAgent.checkIntervals.process | quote }}
- name: STS_PROCESS_AGENT_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
- name: STS_SKIP_SSL_VALIDATION
value: {{ .Values.nodeAgent.skipSslValidation | quote }}
- name: STS_SKIP_KUBELET_TLS_VERIFY
value: {{ .Values.nodeAgent.skipKubeletTLSVerify | quote }}
- name: STS_STS_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
- name: STS_HTTP_TRACING_ENABLED
value: {{ .Values.nodeAgent.httpTracing.enabled | quote }}
{{- if .Values.nodeAgent.containerRuntime.customSocketPath }}
- name: STS_CRI_SOCKET_PATH
value: {{ .Values.nodeAgent.containerRuntime.customSocketPath }}
{{- end }}
{{- range $key, $value := .Values.nodeAgent.containers.processAgent.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.open }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.secret }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: {{ $key }}
{{- end }}
{{- with .Values.nodeAgent.containers.processAgent.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.nodeAgent.containerRuntime.customSocketPath }}
- name: customcrisocket
mountPath: {{ .Values.nodeAgent.containerRuntime.customSocketPath }}
readOnly: true
{{- end }}
- name: crisocket
mountPath: /var/run/crio/crio.sock
readOnly: true
- name: containerdsocket
mountPath: /var/run/containerd/containerd.sock
readOnly: true
- name: sys-kernel-debug
mountPath: /sys/kernel/debug
# Having sys-kernel-debug as read only breaks specific monitors from receiving metrics
# readOnly: true
- name: dockersocket
mountPath: /var/run/docker.sock
readOnly: true
- name: procdir
mountPath: /host/proc
readOnly: true
- name: passwd
mountPath: /etc/passwd
readOnly: true
- name: cgroups
mountPath: /host/sys/fs/cgroup
readOnly: true
{{- if .Values.nodeAgent.config.override }}
{{- range .Values.nodeAgent.config.override }}
- name: config-override-volume
mountPath: {{ .path }}/{{ .name }}
subPath: {{ .path | replace "/" "_"}}_{{ .name }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.all.hardening.enabled}}
securityContext:
privileged: true
runAsUser: 0 # root
capabilities:
add: [ "ALL" ]
readOnlyRootFilesystem: false
{{- else }}
securityContext:
privileged: true
{{- end }}
{{- end -}}

175
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/_helpers.tpl
View File

@ -1,175 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "stackstate-k8s-agent.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "stackstate-k8s-agent.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "stackstate-k8s-agent.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "stackstate-k8s-agent.labels" -}}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
helm.sh/chart: {{ include "stackstate-k8s-agent.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Cluster agent checksum annotations
*/}}
{{- define "stackstate-k8s-agent.checksum-configs" }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{/*
StackState URL function
*/}}
{{- define "stackstate-k8s-agent.stackstate.url" -}}
{{ tpl .Values.stackstate.url . | quote }}
{{- end }}
{{- define "stackstate-k8s-agent.configmap.override.checksum" -}}
{{- if .Values.clusterAgent.config.override }}
checksum/override-configmap: {{ include (print $.Template.BasePath "/cluster-agent-configmap.yaml") . | sha256sum }}
{{- end }}
{{- end }}
{{- define "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" -}}
{{- if .Values.nodeAgent.config.override }}
checksum/override-configmap: {{ include (print $.Template.BasePath "/node-agent-configmap.yaml") . | sha256sum }}
{{- end }}
{{- end }}
{{- define "stackstate-k8s-agent.logsAgent.configmap.override.checksum" -}}
checksum/override-configmap: {{ include (print $.Template.BasePath "/logs-agent-configmap.yaml") . | sha256sum }}
{{- end }}
{{- define "stackstate-k8s-agent.checksAgent.configmap.override.checksum" -}}
{{- if .Values.checksAgent.config.override }}
checksum/override-configmap: {{ include (print $.Template.BasePath "/checks-agent-configmap.yaml") . | sha256sum }}
{{- end }}
{{- end }}
{{/*
Return the image registry
*/}}
{{- define "stackstate-k8s-agent.imageRegistry" -}}
{{- if .Values.global }}
{{- .Values.global.imageRegistry | default .Values.all.image.registry -}}
{{- else -}}
{{- .Values.all.image.registry -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains a template.
Usage:
{{ include "stackstate-k8s-agent.tplvalue.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "stackstate-k8s-agent.tplvalue.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}
{{- define "stackstate-k8s-agent.pull-secret.name" -}}
{{ include "stackstate-k8s-agent.fullname" . }}-pull-secret
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names evaluating values as templates
{{ include "stackstate-k8s-agent.image.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
*/}}
{{- define "stackstate-k8s-agent.image.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- $context := .context }}
{{- if $context.Values.global }}
{{- range $context.Values.global.imagePullSecrets -}}
{{/* Is plain array of strings, compatible with all bitnami charts */}}
{{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- range $context.Values.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .name "context" $context)) -}}
{{- end -}}
{{- range .images -}}
{{- if .pullSecretName -}}
{{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.tplvalue.render" (dict "value" .pullSecretName "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- $pullSecrets = append $pullSecrets (include "stackstate-k8s-agent.pull-secret.name" $context) -}}
{{- if (not (empty $pullSecrets)) -}}
imagePullSecrets:
{{- range $pullSecrets | uniq }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Check whether the kubernetes-state-metrics configuration is overridden. If so, return 'true' else return nothing (which is false).
{{ include "stackstate-k8s-agent.kube-state-metrics.overridden" $ }}
*/}}
{{- define "stackstate-k8s-agent.kube-state-metrics.overridden" -}}
{{- if .Values.clusterAgent.config.override }}
{{- range $i, $val := .Values.clusterAgent.config.override }}
{{- if and (eq $val.name "conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }}
true
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "stackstate-k8s-agent.nodeAgent.kube-state-metrics.overridden" -}}
{{- if .Values.nodeAgent.config.override }}
{{- range $i, $val := .Values.nodeAgent.config.override }}
{{- if and (eq $val.name "auto_conf.yaml") (eq $val.path "/etc/stackstate-agent/conf.d/kubernetes_state.d") }}
true
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the appropriate os label
*/}}
{{- define "label.os" -}}
{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}}
kubernetes.io/os
{{- else -}}
beta.kubernetes.io/os
{{- end -}}
{{- end -}}

18
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-clusterrolebinding.yaml
View File

@ -1,18 +0,0 @@
{{- if .Values.checksAgent.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-checks-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: checks-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-node-agent
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ .Release.Name }}-checks-agent
namespace: {{ .Release.Namespace }}
{{- end -}}

14
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-configmap.yaml
View File

@ -1,14 +0,0 @@
{{- if and .Values.checksAgent.enabled .Values.checksAgent.config.override }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-checks-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: checks-agent
data:
{{- range .Values.checksAgent.config.override }}
{{ .path | replace "/" "_"}}_{{ .name }}: |
{{ .data | indent 4 -}}
{{- end -}}
{{- end -}}

181
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-deployment.yaml
View File

@ -1,181 +0,0 @@
{{- if .Values.checksAgent.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-checks-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: checks-agent
spec:
selector:
matchLabels:
app.kubernetes.io/component: checks-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
replicas: {{ .Values.checksAgent.replicas }}
{{- with .Values.checksAgent.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }}
{{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }}
labels:
app.kubernetes.io/component: checks-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
spec:
{{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.checksAgent.image .Values.all.image) "context" $) | nindent 6 }}
{{- if .Values.all.hardening.enabled}}
terminationGracePeriodSeconds: 240
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.checksAgent.image.repository }}:{{ .Values.checksAgent.image.tag }}"
imagePullPolicy: "{{ .Values.checksAgent.image.pullPolicy }}"
{{- if .Values.all.hardening.enabled}}
lifecycle:
preStop:
exec:
command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ]
{{- end }}
env:
- name: STS_API_KEY
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-api-key
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: STS_HOSTNAME
value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}"
- name: AGENT_VERSION
value: {{ .Values.checksAgent.image.tag | quote }}
- name: LOG_LEVEL
value: {{ .Values.checksAgent.logLevel | quote }}
- name: STS_APM_ENABLED
value: "false"
- name: STS_CLUSTER_AGENT_ENABLED
value: {{ .Values.clusterAgent.enabled | quote }}
{{- if .Values.clusterAgent.enabled }}
- name: STS_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME
value: {{ .Release.Name }}-cluster-agent
- name: STS_CLUSTER_AGENT_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-cluster-auth-token
{{- end }}
- name: STS_CLUSTER_NAME
value: {{ .Values.stackstate.cluster.name | quote }}
- name: STS_SKIP_VALIDATE_CLUSTERNAME
value: "true"
- name: STS_CHECKS_TAG_CARDINALITY
value: {{ .Values.checksAgent.checksTagCardinality | quote }}
- name: STS_EXTRA_CONFIG_PROVIDERS
value: "clusterchecks"
- name: STS_HEALTH_PORT
value: "5555"
- name: STS_LEADER_ELECTION
value: "false"
- name: STS_LOG_LEVEL
value: {{ .Values.checksAgent.logLevel | quote }}
- name: STS_NETWORK_TRACING_ENABLED
value: "false"
- name: STS_PROCESS_AGENT_ENABLED
value: "false"
- name: STS_SKIP_SSL_VALIDATION
value: {{ .Values.checksAgent.skipSslValidation | quote }}
- name: STS_STS_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
{{- range $key, $value := .Values.global.extraEnv.open }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.secret }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: {{ $key }}
{{- end }}
livenessProbe:
httpGet:
path: /health
port: healthport
failureThreshold: {{ .Values.checksAgent.livenessProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.checksAgent.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.checksAgent.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.checksAgent.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.checksAgent.livenessProbe.timeoutSeconds }}
readinessProbe:
httpGet:
path: /health
port: healthport
failureThreshold: {{ .Values.checksAgent.readinessProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.checksAgent.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.checksAgent.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.checksAgent.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.checksAgent.readinessProbe.timeoutSeconds }}
ports:
- containerPort: 5555
name: healthport
protocol: TCP
{{- if .Values.all.hardening.enabled}}
securityContext:
privileged: true
runAsUser: 0 # root
capabilities:
add: [ "ALL" ]
readOnlyRootFilesystem: false
{{- else }}
securityContext:
privileged: false
{{- end }}
{{- with .Values.checksAgent.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: confd-empty-volume
mountPath: /etc/stackstate-agent/conf.d
readOnly: true
{{- if .Values.checksAgent.config.override }}
{{- range .Values.checksAgent.config.override }}
- name: config-override-volume
mountPath: {{ .path }}/{{ .name }}
subPath: {{ .path | replace "/" "_"}}_{{ .name }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.checksAgent.priorityClassName }}
priorityClassName: {{ .Values.checksAgent.priorityClassName }}
{{- end }}
serviceAccountName: {{ .Release.Name }}-checks-agent
nodeSelector:
{{ template "label.os" . }}: {{ .Values.targetSystem }}
{{- with .Values.checksAgent.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.checksAgent.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.checksAgent.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: confd-empty-volume
emptyDir: {}
{{- if .Values.checksAgent.config.override }}
- name: config-override-volume
configMap:
name: {{ .Release.Name }}-checks-agent
{{- end }}
{{- end -}}

20
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-poddisruptionbudget.yaml
View File

@ -1,20 +0,0 @@
{{- if .Values.checksAgent.enabled }}
{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ .Release.Name }}-checks-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: checks-agent
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/component: checks-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
{{- end -}}

14
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/checks-agent-serviceaccount.yaml
View File

@ -1,14 +0,0 @@
{{- if .Values.checksAgent.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-checks-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: checks-agent
{{- end -}}
{{- with .Values.checksAgent.serviceaccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}

106
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrole.yaml
View File

@ -1,106 +0,0 @@
{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
rules:
- apiGroups:
- ""
resources:
- events
- nodes
- pods
- services
{{- if $kubeRes.namespaces }}
- namespaces
{{- end }}
{{- if .Values.clusterAgent.collection.kubernetesMetrics }}
- componentstatuses
{{- end }}
{{- if $kubeRes.configmaps }}
- configmaps
{{- end }}
{{- if $kubeRes.endpoints }}
- endpoints
{{- end }}
{{- if $kubeRes.persistentvolumeclaims }}
- persistentvolumeclaims
{{- end }}
{{- if $kubeRes.persistentvolumes }}
- persistentvolumes
{{- end }}
{{- if $kubeRes.secrets }}
- secrets
{{- end }}
{{- if $kubeRes.resourcequotas }}
- resourcequotas
{{- end }}
verbs:
- get
- list
- watch
{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }}
- apiGroups:
- "apps"
resources:
{{- if $kubeRes.daemonsets }}
- daemonsets
{{- end }}
{{- if $kubeRes.deployments }}
- deployments
{{- end }}
{{- if $kubeRes.replicasets }}
- replicasets
{{- end }}
{{- if $kubeRes.statefulsets }}
- statefulsets
{{- end }}
verbs:
- get
- list
- watch
{{- end}}
{{- if $kubeRes.ingresses }}
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
{{- end}}
{{- if or $kubeRes.cronjobs $kubeRes.jobs }}
- apiGroups:
- "batch"
resources:
{{- if $kubeRes.cronjobs }}
- cronjobs
{{- end }}
{{- if $kubeRes.jobs }}
- jobs
{{- end }}
verbs:
- get
- list
- watch
{{- end}}
- nonResourceURLs:
- "/healthz"
- "/version"
verbs:
- get
- apiGroups:
- "storage.k8s.io"
resources:
{{- if $kubeRes.volumeattachments }}
- volumeattachments
{{- end }}
verbs:
- get
- list
- watch

16
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-clusterrolebinding.yaml
View File

@ -1,16 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "stackstate-k8s-agent.fullname" . }}
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ include "stackstate-k8s-agent.fullname" . }}
namespace: {{ .Release.Namespace }}

28
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-configmap.yaml
View File

@ -1,28 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-cluster-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
data:
kubernetes_api_events_conf: |
init_config:
instances:
- collect_events: {{ .Values.clusterAgent.collection.kubernetesEvents }}
event_categories:{{ .Values.clusterAgent.config.events.categories | toYaml | nindent 10 }}
kubernetes_api_topology_conf: |
init_config:
instances:
- collection_interval: {{ .Values.clusterAgent.config.topology.collectionInterval }}
resources:{{ .Values.clusterAgent.collection.kubernetesResources | toYaml | nindent 10 }}
{{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }}
kube_state_metrics_core_conf: |
{{- include "cluster-agent-kube-state-metrics" . | nindent 6 }}
{{- end }}
{{- if .Values.clusterAgent.config.override }}
{{- range .Values.clusterAgent.config.override }}
{{ .path | replace "/" "_"}}_{{ .name }}: |
{{ .data | indent 4 -}}
{{- end -}}
{{- end -}}

164
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-deployment.yaml
View File

@ -1,164 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-cluster-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
spec:
replicas: {{ .Values.clusterAgent.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/component: cluster-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
{{- with .Values.clusterAgent.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }}
{{- include "stackstate-k8s-agent.configmap.override.checksum" . | nindent 8 }}
labels:
app.kubernetes.io/component: cluster-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
spec:
{{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.clusterAgent.image .Values.all.image) "context" $) | nindent 6 }}
{{- if .Values.clusterAgent.priorityClassName }}
priorityClassName: {{ .Values.clusterAgent.priorityClassName }}
{{- end }}
serviceAccountName: {{ include "stackstate-k8s-agent.fullname" . }}
{{- if .Values.all.hardening.enabled}}
terminationGracePeriodSeconds: 240
{{- end }}
containers:
- name: cluster-agent
image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}"
imagePullPolicy: "{{ .Values.clusterAgent.image.pullPolicy }}"
{{- if .Values.all.hardening.enabled}}
lifecycle:
preStop:
exec:
command: [ "/bin/sh", "-c", "echo 'Giving slim.ai monitor time to submit data...'; sleep 120" ]
{{- end }}
env:
- name: STS_API_KEY
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-api-key
- name: STS_CLUSTER_AGENT_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-cluster-auth-token
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: STS_HOSTNAME
value: "$(KUBERNETES_HOSTNAME)-{{ .Values.stackstate.cluster.name}}"
- name: LOG_LEVEL
value: {{ .Values.clusterAgent.logLevel | quote }}
{{- if .Values.checksAgent.enabled }}
- name: STS_CLUSTER_CHECKS_ENABLED
value: "true"
- name: STS_EXTRA_CONFIG_PROVIDERS
value: "kube_endpoints kube_services"
- name: STS_EXTRA_LISTENERS
value: "kube_endpoints kube_services"
{{- end }}
- name: STS_CLUSTER_NAME
value: {{.Values.stackstate.cluster.name | quote }}
- name: STS_SKIP_VALIDATE_CLUSTERNAME
value: "true"
- name: STS_COLLECT_KUBERNETES_METRICS
value: {{ .Values.clusterAgent.collection.kubernetesMetrics | quote }}
- name: STS_COLLECT_KUBERNETES_TIMEOUT
value: {{ .Values.clusterAgent.collection.kubernetesTimeout | quote }}
- name: STS_COLLECT_KUBERNETES_TOPOLOGY
value: {{ .Values.clusterAgent.collection.kubernetesTopology | quote }}
- name: STS_LEADER_ELECTION
value: "true"
- name: STS_LOG_LEVEL
value: {{ .Values.clusterAgent.logLevel | quote }}
- name: STS_CLUSTER_AGENT_CMD_PORT
value: {{ .Values.clusterAgent.service.targetPort | quote }}
- name: STS_STS_URL
value: {{ include "stackstate-k8s-agent.stackstate.url" . }}
{{- if .Values.clusterAgent.config.configMap.maxDataSize }}
- name: STS_CONFIGMAP_MAX_DATASIZE
value: {{ .Values.clusterAgent.config.configMap.maxDataSize | quote }}
{{- end}}
{{- range $key, $value := .Values.global.extraEnv.open }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.secret }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: {{ $key }}
{{- end }}
{{- if .Values.all.hardening.enabled}}
securityContext:
privileged: true
runAsUser: 0 # root
capabilities:
add: [ "ALL" ]
readOnlyRootFilesystem: false
{{- else }}
securityContext:
privileged: false
{{- end }}
{{- with .Values.clusterAgent.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: logs
mountPath: /var/log/stackstate-agent
- name: config-override-volume
mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_events.d/conf.yaml
subPath: kubernetes_api_events_conf
- name: config-override-volume
mountPath: /etc/stackstate-agent/conf.d/kubernetes_api_topology.d/conf.yaml
subPath: kubernetes_api_topology_conf
readOnly: true
{{- if .Values.clusterAgent.collection.kubeStateMetrics.enabled }}
- name: config-override-volume
mountPath: /etc/stackstate-agent/conf.d/kubernetes_state_core.d/conf.yaml
subPath: kube_state_metrics_core_conf
readOnly: true
{{- end }}
{{- if .Values.clusterAgent.config.override }}
{{- range .Values.clusterAgent.config.override }}
- name: config-override-volume
mountPath: {{ .path }}/{{ .name }}
subPath: {{ .path | replace "/" "_"}}_{{ .name }}
readOnly: true
{{- end }}
{{- end }}
nodeSelector:
{{ template "label.os" . }}: {{ .Values.targetSystem }}
{{- with .Values.clusterAgent.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.clusterAgent.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.clusterAgent.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: logs
emptyDir: {}
- name: config-override-volume
configMap:
name: {{ .Release.Name }}-cluster-agent

18
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-poddisruptionbudget.yaml
View File

@ -1,18 +0,0 @@
{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/component: cluster-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}

18
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-role.yaml
View File

@ -1,18 +0,0 @@
{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- patch
- update

15
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-rolebinding.yaml
View File

@ -1,15 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "stackstate-k8s-agent.fullname" . }}
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ include "stackstate-k8s-agent.fullname" . }}

18
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-service.yaml
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-cluster-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
spec:
ports:
- name: clusteragent
port: {{int .Values.clusterAgent.service.port }}
protocol: TCP
targetPort: {{int .Values.clusterAgent.service.targetPort }}
selector:
app.kubernetes.io/component: cluster-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}

12
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/cluster-agent-serviceaccount.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: cluster-agent
{{- with .Values.clusterAgent.serviceaccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}

20
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrole.yaml
View File

@ -1,20 +0,0 @@
{{- if .Values.logsAgent.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-logs-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: logs-agent
rules:
- apiGroups: # Kubelet connectivity
- ""
resources:
- nodes
- services
- pods
verbs:
- get
- watch
- list
{{- end -}}

18
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-clusterrolebinding.yaml
View File

@ -1,18 +0,0 @@
{{- if .Values.logsAgent.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-logs-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: logs-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-logs-agent
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ .Release.Name }}-logs-agent
namespace: {{ .Release.Namespace }}
{{- end -}}

54
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-configmap.yaml
View File

@ -1,54 +0,0 @@
{{- if .Values.logsAgent.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-logs-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: logs-agent
data:
promtail.yaml: |
server:
http_listen_port: 9080
grpc_listen_port: 0
clients:
- url: {{ tpl .Values.stackstate.url . }}/logs/k8s?api_key=${STS_API_KEY}
external_labels:
sts_cluster_name: {{ .Values.stackstate.cluster.name | quote }}
positions:
filename: /tmp/positions.yaml
target_config:
sync_period: 10s
scrape_configs:
- job_name: pod-logs
kubernetes_sd_configs:
- role: pod
pipeline_stages:
- docker: {}
- cri: {}
relabel_configs:
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod_name
- action: replace
source_labels:
- __meta_kubernetes_pod_uid
target_label: pod_uid
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container_name
# The __path__ is required by the promtail client
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
# Drop all remaining labels, we do not need those
- action: drop
regex: __meta_(.*)
{{- end -}}

90
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-daemonset.yaml
View File

@ -1,90 +0,0 @@
{{- if .Values.logsAgent.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ .Release.Name }}-logs-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: logs-agent
spec:
selector:
matchLabels:
app.kubernetes.io/component: logs-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
{{- with .Values.logsAgent.updateStrategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }}
{{- include "stackstate-k8s-agent.logsAgent.configmap.override.checksum" . | nindent 8 }}
labels:
app.kubernetes.io/component: logs-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
spec:
{{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.logsAgent.image .Values.all.image) "context" $) | nindent 6 }}
containers:
- name: logs-agent
image: "{{ include "stackstate-k8s-agent.imageRegistry" . }}/{{ .Values.logsAgent.image.repository }}:{{ .Values.logsAgent.image.tag }}"
args:
- -config.expand-env=true
- -config.file=/etc/promtail/promtail.yaml
imagePullPolicy: "{{ .Values.logsAgent.image.pullPolicy }}"
env:
- name: STS_API_KEY
valueFrom:
secretKeyRef:
name: {{ include "stackstate-k8s-agent.fullname" . }}
key: sts-api-key
- name: "HOSTNAME" # needed when using kubernetes_sd_configs
valueFrom:
fieldRef:
fieldPath: "spec.nodeName"
securityContext:
privileged: false
{{- with .Values.logsAgent.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: logs
mountPath: /var/log
readOnly: true
- name: logs-agent-config
mountPath: /etc/promtail
readOnly: true
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
{{- if .Values.logsAgent.priorityClassName }}
priorityClassName: {{ .Values.logsAgent.priorityClassName }}
{{- end }}
serviceAccountName: {{ .Release.Name }}-logs-agent
{{- with .Values.logsAgent.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.logsAgent.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.logsAgent.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: logs
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: logs-agent-config
configMap:
name: {{ .Release.Name }}-logs-agent
{{- end -}}

14
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/logs-agent-serviceaccount.yaml
View File

@ -1,14 +0,0 @@
{{- if .Values.logsAgent.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-logs-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: logs-agent
{{- with .Values.logsAgent.serviceaccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

18
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrole.yaml
View File

@ -1,18 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-node-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: node-agent
rules:
- apiGroups: # Kubelet connectivity
- ""
resources:
- nodes/metrics
- nodes/proxy
- nodes/spec
- endpoints
verbs:
- get
- list

16
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-clusterrolebinding.yaml
View File

@ -1,16 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-node-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: node-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-node-agent
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ .Release.Name }}-node-agent
namespace: {{ .Release.Namespace }}

14
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-configmap.yaml
View File

@ -1,14 +0,0 @@
{{- if .Values.nodeAgent.config.override }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-node-agent
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: node-agent
data:
{{- range .Values.nodeAgent.config.override }}
{{ .path | replace "/" "_"}}_{{ .name }}: |
{{ .data | indent 4 -}}
{{- end -}}
{{- end -}}

101
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-daemonset.yaml
View File

@ -1,101 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ .Release.Name }}-node-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: node-agent
spec:
selector:
matchLabels:
app.kubernetes.io/component: node-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
{{- with .Values.nodeAgent.updateStrategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- include "stackstate-k8s-agent.checksum-configs" . | nindent 8 }}
{{- include "stackstate-k8s-agent.nodeAgent.configmap.override.checksum" . | nindent 8 }}
labels:
app.kubernetes.io/component: node-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}
spec:
{{- include "stackstate-k8s-agent.image.pullSecrets" (dict "images" (list .Values.nodeAgent.containers.agent.image .Values.all.image) "context" $) | nindent 6 }}
{{- if .Values.all.hardening.enabled}}
terminationGracePeriodSeconds: 240
{{- end }}
containers:
{{- include "container-agent" . | nindent 6 }}
{{- if .Values.nodeAgent.containers.processAgent.enabled }}
{{- include "container-process-agent" . | nindent 6 }}
{{- end }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostPID: true
{{- if .Values.nodeAgent.priorityClassName }}
priorityClassName: {{ .Values.nodeAgent.priorityClassName }}
{{- end }}
serviceAccountName: {{ .Release.Name }}-node-agent
nodeSelector:
{{ template "label.os" . }}: {{ .Values.targetSystem }}
{{- with .Values.nodeAgent.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeAgent.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeAgent.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.nodeAgent.containerRuntime.customSocketPath }}
- hostPath:
path: {{ .Values.nodeAgent.containerRuntime.customSocketPath }}
name: customcrisocket
{{- end }}
- hostPath:
path: /var/lib/kubelet
name: kubelet
- hostPath:
path: /var/lib/nfs
name: nfs
- hostPath:
path: /var/lib/docker/overlay2
name: dockeroverlay2
- hostPath:
path: /run/docker/netns
name: dockernetns
- hostPath:
path: /var/run/crio/crio.sock
name: crisocket
- hostPath:
path: /var/run/containerd/containerd.sock
name: containerdsocket
- hostPath:
path: /sys/kernel/debug
name: sys-kernel-debug
- hostPath:
path: /var/run/docker.sock
name: dockersocket
- hostPath:
path: {{ .Values.nodeAgent.containerRuntime.hostProc }}
name: procdir
- hostPath:
path: /etc/passwd
name: passwd
- hostPath:
path: /sys/fs/cgroup
name: cgroups
{{- if .Values.nodeAgent.config.override }}
- name: config-override-volume
configMap:
name: {{ .Release.Name }}-node-agent
{{- end }}

56
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-scc.yaml
View File

@ -1,56 +0,0 @@
{{- if .Values.nodeAgent.scc.enabled }}
allowHostDirVolumePlugin: true
# was true
allowHostIPC: true
# was true
allowHostNetwork: true
# Allow host PID for dogstatsd origin detection
allowHostPID: true
# Allow host ports for dsd / trace / logs intake
allowHostPorts: true
allowPrivilegeEscalation: true
# was true
allowPrivilegedContainer: true
# was - '*'
allowedCapabilities: []
allowedUnsafeSysctls:
- '*'
apiVersion: security.openshift.io/v1
defaultAddCapabilities: null
fsGroup:
# was RunAsAny
type: MustRunAs
groups: []
kind: SecurityContextConstraints
metadata:
name: {{ .Release.Name }}-node-agent
namespace: {{ .Release.Namespace }}
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities: null
# was RunAsAny
runAsUser:
type: MustRunAsRange
# Use the `spc_t` selinux type to access the
# docker socket + proc and cgroup stats
seLinuxContext:
type: RunAsAny
seLinuxOptions:
user: "system_u"
role: "system_r"
type: "spc_t"
level: "s0"
# was - '*'
seccompProfiles: []
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node-agent
# Allow hostPath for docker / process metrics
volumes:
- configMap
- downwardAPI
- emptyDir
- hostPath
- secret
{{- end }}

26
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-service.yaml
View File

@ -1,26 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-node-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: node-agent
{{- with .Values.nodeAgent.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.nodeAgent.service.type }}
{{- if eq .Values.nodeAgent.service.type "LoadBalancer" }}
loadBalancerSourceRanges: {{ toYaml .Values.nodeAgent.service.loadBalancerSourceRanges | nindent 4}}
{{- end }}
ports:
- name: traceport
port: 8126
protocol: TCP
targetPort: 8126
selector:
app.kubernetes.io/component: node-agent
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "stackstate-k8s-agent.name" . }}

12
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/node-agent-serviceaccount.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node-agent
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
app.kubernetes.io/component: node-agent
{{- with .Values.nodeAgent.serviceaccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}

17
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/openshift-logging-secret.yaml
View File

@ -1,17 +0,0 @@
{{- if .Values.openShiftLogging.installSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}-logging-secret
namespace: openshift-logging
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
type: Opaque
data:
username: {{ "apikey" | b64enc | quote }}
{{- if .Values.global.receiverApiKey }}
password: {{ .Values.global.receiverApiKey | b64enc | quote }}
{{- else }}
password: {{ .Values.stackstate.apiKey | b64enc | quote }}
{{- end }}
{{- end }}

35
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/pull-secret.yaml
View File

@ -1,35 +0,0 @@
{{- $defaultRegistry := .Values.global.imageRegistry }}
{{- $top := . }}
{{- $registryAuthMap := dict }}
{{- range $registry, $credentials := .Values.global.imagePullCredentials }}
{{- $registryAuthDocument := dict -}}
{{- $_ := set $registryAuthDocument "username" $credentials.username }}
{{- $_ := set $registryAuthDocument "password" $credentials.password }}
{{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }}
{{- $_ := set $registryAuthDocument "auth" $authMessage }}
{{- if eq $registry "default" }}
{{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }}
{{ else }}
{{- $registryAuthMap := set $registryAuthMap $registry $registryAuthDocument }}
{{- end }}
{{- end }}
{{- if .Values.all.image.pullSecretUsername }}
{{- $registryAuthDocument := dict -}}
{{- $_ := set $registryAuthDocument "username" .Values.all.image.pullSecretUsername }}
{{- $_ := set $registryAuthDocument "password" .Values.all.image.pullSecretPassword }}
{{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }}
{{- $_ := set $registryAuthDocument "auth" $authMessage }}
{{- $registryAuthMap := set $registryAuthMap (include "stackstate-k8s-agent.imageRegistry" $top) $registryAuthDocument }}
{{- end }}
{{- $dockerAuthsDocuments := dict "auths" $registryAuthMap }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "stackstate-k8s-agent.pull-secret.name" . }}
data:
.dockerconfigjson: {{ $dockerAuthsDocuments | toJson | b64enc | quote }}
type: kubernetes.io/dockerconfigjson

22
charts/stackstate/stackstate-k8s-agent/1.0.49/templates/secret.yaml
View File

@ -1,22 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "stackstate-k8s-agent.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
type: Opaque
data:
{{- if .Values.global.receiverApiKey }}
sts-api-key: {{ .Values.global.receiverApiKey | b64enc | quote }}
{{- else }}
sts-api-key: {{ .Values.stackstate.apiKey | b64enc | quote }}
{{- end }}
{{- if .Values.stackstate.cluster.authToken }}
sts-cluster-auth-token: {{ .Values.stackstate.cluster.authToken | b64enc | quote }}
{{- else }}
sts-cluster-auth-token: {{ randAlphaNum 32 | b64enc | quote }}
{{- end }}
{{- range $key, $value := .Values.global.extraEnv.secret }}
{{ $key }}: {{ $value | b64enc | quote }}
{{- end }}

145
charts/stackstate/stackstate-k8s-agent/1.0.49/test/clusteragent_resources_test.go
View File

@ -1,145 +0,0 @@
package test
import (
"regexp"
"strings"
"testing"
v1 "k8s.io/api/rbac/v1"
"github.com/stretchr/testify/assert"
"gitlab.com/StackVista/DevOps/helm-charts/helmtestutil"
)
var requiredRules = []string{
"events+get,list,watch",
"nodes+get,list,watch",
"pods+get,list,watch",
"services+get,list,watch",
"configmaps+create,get,patch,update",
}
var optionalRules = []string{
"namespaces+get,list,watch",
"componentstatuses+get,list,watch",
"configmaps+list,watch", // get is already required
"endpoints+get,list,watch",
"persistentvolumeclaims+get,list,watch",
"persistentvolumes+get,list,watch",
"secrets+get,list,watch",
"apps/daemonsets+get,list,watch",
"apps/deployments+get,list,watch",
"apps/replicasets+get,list,watch",
"apps/statefulsets+get,list,watch",
"extensions/ingresses+get,list,watch",
"batch/cronjobs+get,list,watch",
"batch/jobs+get,list,watch",
}
var roleDescriptionRegexp = regexp.MustCompile(`^((?P<group>\w+)/)?(?P<name>\w+)\+(?P<verbs>[\w,]+)`)
type Rule struct {
Group string
ResourceName string
Verb string
}
func assertRuleExistence(t *testing.T, rules []v1.PolicyRule, roleDescription string, shouldBePresent bool) {
match := roleDescriptionRegexp.FindStringSubmatch(roleDescription)
assert.NotNil(t, match)
var roleRules []Rule
for _, rule := range rules {
for _, group := range rule.APIGroups {
for _, resource := range rule.Resources {
for _, verb := range rule.Verbs {
roleRules = append(roleRules, Rule{group, resource, verb})
}
}
}
}
resGroup := match[roleDescriptionRegexp.SubexpIndex("group")]
resName := match[roleDescriptionRegexp.SubexpIndex("name")]
verbs := strings.Split(match[roleDescriptionRegexp.SubexpIndex("verbs")], ",")
for _, verb := range verbs {
requiredRule := Rule{resGroup, resName, verb}
found := false
for _, rule := range roleRules {
if rule == requiredRule {
found = true
break
}
}
if shouldBePresent {
assert.Truef(t, found, "Rule %v has not been found", requiredRule)
} else {
assert.Falsef(t, found, "Rule %v should not be present", requiredRule)
}
}
}
func TestAllResourcesAreEnabled(t *testing.T) {
output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml")
resources := helmtestutil.NewKubernetesResources(t, output)
assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent")
assert.Contains(t, resources.Roles, "stackstate-k8s-agent")
rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules
rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...)
for _, requiredRole := range requiredRules {
assertRuleExistence(t, rules, requiredRole, true)
}
// be default, everything is enabled, so all the optional roles should be present as well
for _, optionalRule := range optionalRules {
assertRuleExistence(t, rules, optionalRule, true)
}
}
func TestMostOfResourcesAreDisabled(t *testing.T) {
output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/disable-all-resource.yaml")
resources := helmtestutil.NewKubernetesResources(t, output)
assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent")
assert.Contains(t, resources.Roles, "stackstate-k8s-agent")
rules := resources.ClusterRoles["stackstate-k8s-agent"].Rules
rules = append(rules, resources.Roles["stackstate-k8s-agent"].Rules...)
for _, requiredRole := range requiredRules {
assertRuleExistence(t, rules, requiredRole, true)
}
// we expect all optional resources to be removed from ClusterRole with the given values
for _, optionalRule := range optionalRules {
assertRuleExistence(t, rules, optionalRule, false)
}
}
func TestNoClusterWideModificationRights(t *testing.T) {
output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/http-header-injector.yaml")
resources := helmtestutil.NewKubernetesResources(t, output)
assert.Contains(t, resources.ClusterRoles, "stackstate-k8s-agent")
illegalVerbs := []string{"create", "patch", "update", "delete"}
for _, clusterRole := range resources.ClusterRoles {
for _, rule := range clusterRole.Rules {
for _, verb := range rule.Verbs {
assert.NotContains(t, illegalVerbs, verb, "ClusterRole %s should not have %s verb for %s resource", clusterRole.Name, verb, rule.Resources)
}
}
}
}
func TestServicePortChange(t *testing.T) {
output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml", "values/clustercheck_service_port_override.yaml")
resources := helmtestutil.NewKubernetesResources(t, output)
cluster_agent_service := resources.Services["stackstate-k8s-agent-cluster-agent"]
port := cluster_agent_service.Spec.Ports[0]
assert.Equal(t, port.Name, "clusteragent")
assert.Equal(t, port.Port, int32(8008))
assert.Equal(t, port.TargetPort.IntVal, int32(9009))
}

54
charts/stackstate/stackstate-k8s-agent/1.0.49/test/clustername_test.go
View File

@ -1,54 +0,0 @@
package test
import (
"testing"
"github.com/gruntwork-io/terratest/modules/helm"
"github.com/stretchr/testify/assert"
"gitlab.com/StackVista/DevOps/helm-charts/helmtestutil"
)
func TestHelmBasicRender(t *testing.T) {
output := helmtestutil.RenderHelmTemplate(t, "stackstate-k8s-agent", "values/minimal.yaml")
// Parse all resources into their corresponding types for validation and further inspection
helmtestutil.NewKubernetesResources(t, output)
}
func TestClusterNameValidation(t *testing.T) {
testCases := []struct {
Name string
ClusterName string
IsValid bool
}{
{"not allowed end with special character [.]", "name.", false},
{"not allowed end with special character [-]", "name.", false},
{"not allowed start with special character [-]", "-name", false},
{"not allowed start with special character [.]", ".name", false},
{"upper case is not allowed", "Euwest1-prod.cool-company.com", false},
{"upper case is not allowed", "euwest1-PROD.cool-company.com", false},
{"upper case is not allowed", "euwest1-prod.cool-company.coM", false},
{"dots and dashes are allowed in the middle", "euwest1-prod.cool-company.com", true},
{"underscore is not allowed", "why_7", false},
}
for _, testCase := range testCases {
t.Run(testCase.Name, func(t *testing.T) {
output, err := helmtestutil.RenderHelmTemplateOpts(
t, "cluster-agent",
&helm.Options{
ValuesFiles: []string{"values/minimal.yaml"},
SetStrValues: map[string]string{
"stackstate.cluster.name": testCase.ClusterName,
},
})
if testCase.IsValid {
assert.Nil(t, err)
} else {
assert.NotNil(t, err)
assert.Contains(t, output, "stackstate.cluster.name: Does not match pattern")
}
})
}
}

7
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_custom_url.yaml
View File

@ -1,7 +0,0 @@
checksAgent:
enabled: true
kubeStateMetrics:
url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics
dependencies:
kubeStateMetrics:
enabled: true

5
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_no_override.yaml
View File

@ -1,5 +0,0 @@
checksAgent:
enabled: true
dependencies:
kubeStateMetrics:
enabled: true

26
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_ksm_override.yaml
View File

@ -1,26 +0,0 @@
checksAgent:
enabled: true
dependencies:
kubeStateMetrics:
enabled: true
agent:
config:
override:
# agent.config.override -- Disables kubernetes_state check on regular agent pods.
- name: auto_conf.yaml
path: /etc/stackstate-agent/conf.d/kubernetes_state.d
data: |
clusterAgent:
config:
override:
# clusterAgent.config.override -- Defines kubernetes_state check for clusterchecks agents. Auto-discovery
# with ad_identifiers does not work here. Use a specific URL instead.
- name: conf.yaml
path: /etc/stackstate-agent/conf.d/kubernetes_state.d
data: |
cluster_check: true
init_config:
instances:
- kube_state_url: http://YOUR_KUBE_STATE_METRICS_SERVICE_NAME:8080/metrics

7
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_no_ksm_custom_url.yaml
View File

@ -1,7 +0,0 @@
checksAgent:
enabled: true
kubeStateMetrics:
url: http://my-custom-ksm-url.monitoring.svc.local:8080/metrics
dependencies:
kubeStateMetrics:
enabled: false

4
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/clustercheck_service_port_override.yaml
View File

@ -1,4 +0,0 @@
clusterAgent:
service:
port: 8008
targetPort: 9009

17
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/disable-all-resource.yaml
View File

@ -1,17 +0,0 @@
clusterAgent:
collection:
kubernetesMetrics: false
kubernetesResources:
namespaces: false
configmaps: false
endpoints: false
persistentvolumes: false
persistentvolumeclaims: false
secrets: false
daemonsets: false
deployments: false
replicasets: false
statefulsets: false
ingresses: false
cronjobs: false
jobs: false

8
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/http-header-injector.yaml
View File

@ -1,8 +0,0 @@
httpHeaderInjectorWebhook:
webhook:
tls:
mode: "provided"
provided:
caBundle: insert-ca-here
crt: insert-cert-here
key: insert-key-here

7
charts/stackstate/stackstate-k8s-agent/1.0.49/test/values/minimal.yaml
View File

@ -1,7 +0,0 @@
stackstate:
apiKey: foobar
cluster:
name: some-k8s-cluster
token: some-token
url: https://stackstate:7000/receiver

79
charts/stackstate/stackstate-k8s-agent/1.0.49/values.schema.json
View File

@ -1,79 +0,0 @@
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"$id": "https://stackstate.io/example.json",
"type": "object",
"default": {},
"title": "StackState Agent Helm chart values",
"required": [
"stackstate",
"clusterAgent"
],
"properties": {
"stackstate": {
"type": "object",
"required": [
"apiKey",
"cluster",
"url"
],
"properties": {
"apiKey": {
"type": "string"
},
"cluster": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"pattern": "^[a-z0-9]([a-z0-9\\-\\.]*[a-z0-9])$"
},
"authToken": {
"type": "string"
}
}
},
"url": {
"type": "string"
}
}
},
"clusterAgent": {
"type": "object",
"required": [
"config"
],
"properties": {
"config": {
"type": "object",
"required": [
"events"
],
"properties": {
"events": {
"type": "object",
"properties": {
"categories": {
"type": "object",
"patternProperties": {
".*": {
"type": [
"string"
],
"enum": [
"Alerts",
"Activities",
"Changes",
"Others"
]
}
}
}
}
}
}
}
}
}
}
}

545
charts/stackstate/stackstate-k8s-agent/1.0.49/values.yaml
View File

@ -1,545 +0,0 @@
#####################
# General variables #
#####################
global:
extraEnv:
# global.extraEnv.open -- Extra open environment variables to inject into pods.
open: {}
# global.extraEnv.secret -- Extra secret environment variables to inject into pods via a `Secret` object.
secret: {}
# global.imagePullSecrets -- Secrets / credentials needed for container image registry.
imagePullSecrets: []
# global.imagePullCredentials -- Globally define credentials for pulling images.
imagePullCredentials: {}
# nameOverride -- Override the name of the chart.
nameOverride: ""
# fullnameOverride -- Override the fullname of the chart.
fullnameOverride: ""
# targetSystem -- Target OS for this deployment (possible values: linux)
targetSystem: "linux"
all:
image:
# all.image.registry -- The image registry to use.
registry: "quay.io"
hardening:
# all.hardening.enabled -- An indication of whether the containers will be evaluated for hardening at runtime
enabled: false
nodeAgent:
containerRuntime:
# nodeAgent.containerRuntime.customSocketPath -- If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path.
customSocketPath: ""
# nodeAgent.containerRuntime.customHostProc -- If the container is launched from a place where /proc is mounted differently, /proc can be changed
hostProc: /proc
scc:
# nodeAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift.
enabled: false
apm:
# nodeAgent.apm.enabled -- Enable / disable the nodeAgent APM module.
enabled: true
networkTracing:
# nodeAgent.networkTracing.enabled -- Enable / disable the nodeAgent network tracing module.
enabled: true
protocolInspection:
# nodeAgent.protocolInspection.enabled -- Enable / disable the nodeAgent protocol inspection.
enabled: true
httpTracing:
enabled: true
# nodeAgent.skipSslValidation -- Set to true if self signed certificates are used.
skipSslValidation: false
# nodeAgent.skipKubeletTLSVerify -- Set to true if you want to skip kubelet tls verification.
skipKubeletTLSVerify: false
# nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name
checksTagCardinality: orchestrator
# nodeAgent.config --
config:
# nodeAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap
override: []
# nodeAgent.priorityClassName -- Priority class for nodeAgent pods.
priorityClassName: ""
containers:
agent:
image:
# nodeAgent.containers.agent.image.repository -- Base container image repository.
repository: stackstate/stackstate-k8s-agent
# nodeAgent.containers.agent.image.tag -- Default container image tag.
tag: "e36d1c88"
# nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy.
pullPolicy: IfNotPresent
processAgent:
# nodeAgent.containers.agent.processAgent.enabled -- Enable / disable the agent process agent module. - deprecated
enabled: false
# nodeAgent.containers.agent.env -- Additional environment variables for the agent container
env: {}
# nodeAgent.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off
## If not set, fall back to the value of agent.logLevel.
logLevel: # INFO
resources:
limits:
# nodeAgent.containers.agent.resources.limits.cpu -- CPU resource limits.
cpu: "270m"
# nodeAgent.containers.agent.resources.limits.cpu -- Memory resource limits.
memory: "420Mi"
requests:
# nodeAgent.containers.agent.resources.requests.cpu -- CPU resource requests.
cpu: "20m"
# nodeAgent.containers.agent.resources.requests.cpu -- Memory resource requests.
memory: "180Mi"
livenessProbe:
# nodeAgent.containers.agent.livenessProbe.enabled -- Enable use of livenessProbe check.
enabled: true
# nodeAgent.containers.agent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe.
failureThreshold: 3
# nodeAgent.containers.agent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe.
initialDelaySeconds: 15
# nodeAgent.containers.agent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe.
periodSeconds: 15
# nodeAgent.containers.agent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe.
successThreshold: 1
# nodeAgent.containers.agent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe.
timeoutSeconds: 5
readinessProbe:
# nodeAgent.containers.agent.readinessProbe.enabled -- Enable use of readinessProbe check.
enabled: true
# nodeAgent.containers.agent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe.
failureThreshold: 3
# nodeAgent.containers.agent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe.
initialDelaySeconds: 15
# nodeAgent.containers.agent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe.
periodSeconds: 15
# nodeAgent.containers.agent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe.
successThreshold: 1
# nodeAgent.containers.agent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe.
timeoutSeconds: 5
processAgent:
# nodeAgent.containers.processAgent.enabled -- Enable / disable the process agent container.
enabled: true
image:
# Override to pull the image from an alternate registry
registry:
# nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository.
repository: stackstate/stackstate-k8s-process-agent
# nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag.
tag: "c9dbfd73"
# nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy.
pullPolicy: IfNotPresent
# nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container
env: {}
# nodeAgent.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off
## If not set, fall back to the value of agent.logLevel.
logLevel: # INFO
resources:
limits:
# nodeAgent.containers.processAgent.resources.limits.cpu -- CPU resource limits.
cpu: "125m"
# nodeAgent.containers.processAgent.resources.limits.cpu -- Memory resource limits.
memory: "400Mi"
requests:
# nodeAgent.containers.processAgent.resources.requests.cpu -- CPU resource requests.
cpu: "25m"
# nodeAgent.containers.processAgent.resources.requests.cpu -- Memory resource requests.
memory: "128Mi"
# nodeAgent.service -- The Kubernetes service for the agent
service:
# nodeAgent.service.type -- Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort
type: ClusterIP
# nodeAgent.service.annotations -- Annotations for the service
annotations: {}
# nodeAgent.service.loadBalancerSourceRanges -- The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only.
loadBalancerSourceRanges: ["10.0.0.0/8"]
# nodeAgent.logLevel -- Logging level for agent processes.
logLevel: INFO
# nodeAgent.updateStrategy -- The update strategy for the DaemonSet object.
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 100
# nodeAgent.nodeSelector -- Node labels for pod assignment.
nodeSelector: {}
# nodeAgent.tolerations -- Toleration labels for pod assignment.
tolerations: []
# nodeAgent.affinity -- Affinity settings for pod assignment.
affinity: {}
serviceaccount:
# nodeAgent.serviceaccount.annotations -- Annotations for the service account for the agent daemonset pods
annotations: {}
processAgent:
checkIntervals:
# processAgent.checkIntervals.container -- Override the default value of the container check interval in seconds.
container: 30
# processAgent.checkIntervals.connections -- Override the default value of the connections check interval in seconds.
connections: 30
# processAgent.checkIntervals.process -- Override the default value of the process check interval in seconds.
process: 30
clusterAgent:
collection:
# clusterAgent.collection.kubernetesEvents -- Enable / disable the cluster agent events collection.
kubernetesEvents: true
# clusterAgent.collection.kubernetesMetrics -- Enable / disable the cluster agent metrics collection.
kubernetesMetrics: true
# clusterAgent.collection.kubernetesTimeout -- Default timeout (in seconds) when obtaining information from the Kubernetes API.
kubernetesTimeout: 10
# clusterAgent.collection.kubernetesTopology -- Enable / disable the cluster agent topology collection.
kubernetesTopology: true
kubeStateMetrics:
# clusterAgent.collection.kubeStateMetrics.enabled -- Enable / disable the cluster agent kube-state-metrics collection.
enabled: true
# clusterAgent.collection.kubeStateMetrics.clusterCheck -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers.
clusterCheck: false
# clusterAgent.collection.kubeStateMetrics.labelsAsTags -- Extra labels to collect from resources and to turn into StackState tag.
## It has the following structure:
## labelsAsTags:
## <resource1>: # can be pod, deployment, node, etc.
## <label1>: <tag1> # where <label1> is the kubernetes label and <tag1> is the StackState tag
## <label2>: <tag2>
## <resource2>:
## <label3>: <tag3>
##
## Warning: the label must match the transformation done by kube-state-metrics,
## for example tags.stackstate/version becomes tags_stackstate_version.
labelsAsTags: {}
# pod:
# app: app
# node:
# zone: zone
# team: team
# clusterAgent.collection.kubeStateMetrics.annotationsAsTags -- Extra annotations to collect from resources and to turn into StackState tag.
## It has the following structure:
## annotationsAsTags:
## <resource1>: # can be pod, deployment, node, etc.
## <annotation1>: <tag1> # where <annotation1> is the kubernetes annotation and <tag1> is the StackState tag
## <annotation2>: <tag2>
## <resource2>:
## <annotation3>: <tag3>
##
## Warning: the annotation must match the transformation done by kube-state-metrics,
## for example tags.stackstate/version becomes tags_stackstate_version.
annotationsAsTags: {}
kubernetesResources:
# clusterAgent.collection.kubernetesResources.volumeattachments -- Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes.
volumeattachments: true
# clusterAgent.collection.kubernetesResources.namespaces -- Enable / disable collection of Namespaces.
namespaces: true
# clusterAgent.collection.kubernetesResources.configmaps -- Enable / disable collection of ConfigMaps.
configmaps: true
# clusterAgent.collection.kubernetesResources.endpoints -- Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it
endpoints: true
# clusterAgent.collection.kubernetesResources.persistentvolumes -- Enable / disable collection of PersistentVolumes.
persistentvolumes: true
# clusterAgent.collection.kubernetesResources.persistentvolumeclaims -- Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to
persistentvolumeclaims: true
# clusterAgent.collection.kubernetesResources.secrets -- Enable / disable collection of Secrets.
secrets: true
# clusterAgent.collection.kubernetesResources.daemonsets -- Enable / disable collection of DaemonSets.
daemonsets: true
# clusterAgent.collection.kubernetesResources.deployments -- Enable / disable collection of Deployments.
deployments: true
# clusterAgent.collection.kubernetesResources.replicasets -- Enable / disable collection of ReplicaSets.
replicasets: true
# clusterAgent.collection.kubernetesResources.statefulsets -- Enable / disable collection of StatefulSets.
statefulsets: true
# clusterAgent.collection.kubernetesResources.ingresses -- Enable / disable collection of Ingresses.
ingresses: true
# clusterAgent.collection.kubernetesResources.cronjobs -- Enable / disable collection of CronJobs.
cronjobs: true
# clusterAgent.collection.kubernetesResources.jobs -- Enable / disable collection of Jobs.
jobs: true
# clusterAgent.collection.kubernetesResources.resourcequotas -- Enable / disable collection of ResourceQuotas.
resourcequotas: true
# clusterAgent.config --
config:
events:
# clusterAgent.config.events.categories -- Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others
categories: {}
topology:
# clusterAgent.config.topology.collectionInterval -- Interval for running topology collection, in seconds
collectionInterval: 90
configMap:
# clusterAgent.config.configMap.maxDataSize -- Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check
maxDataSize:
# clusterAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap
override: []
service:
# clusterAgent.service.port -- Change the Cluster Agent service port
port: 5005
# clusterAgent.service.targetPort -- Change the Cluster Agent service targetPort
targetPort: 5005
# clusterAgent.enabled -- Enable / disable the cluster agent.
enabled: true
image:
# clusterAgent.image.repository -- Base container image repository.
repository: stackstate/stackstate-k8s-cluster-agent
# clusterAgent.image.tag -- Default container image tag.
tag: "e36d1c88"
# clusterAgent.image.pullPolicy -- Default container image pull policy.
pullPolicy: IfNotPresent
livenessProbe:
# clusterAgent.livenessProbe.enabled -- Enable use of livenessProbe check.
enabled: true
# clusterAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe.
failureThreshold: 3
# clusterAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe.
initialDelaySeconds: 15
# clusterAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe.
periodSeconds: 15
# clusterAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe.
successThreshold: 1
# clusterAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe.
timeoutSeconds: 5
# clusterAgent.logLevel -- Logging level for stackstate-k8s-agent processes.
logLevel: INFO
# clusterAgent.priorityClassName -- Priority class for stackstate-k8s-agent pods.
priorityClassName: ""
readinessProbe:
# clusterAgent.readinessProbe.enabled -- Enable use of readinessProbe check.
enabled: true
# clusterAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe.
failureThreshold: 3
# clusterAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe.
initialDelaySeconds: 15
# clusterAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe.
periodSeconds: 15
# clusterAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe.
successThreshold: 1
# clusterAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe.
timeoutSeconds: 5
# clusterAgent.replicaCount -- Number of replicas of the cluster agent to deploy.
replicaCount: 1
serviceaccount:
# clusterAgent.serviceaccount.annotations -- Annotations for the service account for the cluster agent pods
annotations: {}
# clusterAgent.strategy -- The strategy for the Deployment object.
strategy:
type: RollingUpdate
# rollingUpdate:
# maxUnavailable: 1
resources:
limits:
# clusterAgent.resources.limits.cpu -- CPU resource limits.
cpu: "400m"
# clusterAgent.resources.limits.memory -- Memory resource limits.
memory: "800Mi"
requests:
# clusterAgent.resources.requests.cpu -- CPU resource requests.
cpu: "70m"
# clusterAgent.resources.requests.memory -- Memory resource requests.
memory: "512Mi"
# clusterAgent.nodeSelector -- Node labels for pod assignment.
nodeSelector: {}
# clusterAgent.tolerations -- Toleration labels for pod assignment.
tolerations: []
# clusterAgent.affinity -- Affinity settings for pod assignment.
affinity: {}
openShiftLogging:
# openShiftLogging.installSecret -- Install a secret for logging on openshift
installSecret: false
logsAgent:
# logsAgent.enabled -- Enable / disable k8s pod log collection
enabled: true
# logsAgent.priorityClassName -- Priority class for logsAgent pods.
priorityClassName: ""
image:
# logsAgent.image.repository -- Base container image repository.
repository: stackstate/promtail
# logsAgent.image.tag -- Default container image tag.
tag: 2.7.1
# logsAgent.image.pullPolicy -- Default container image pull policy.
pullPolicy: IfNotPresent
resources:
limits:
# logsAgent.resources.limits.cpu -- CPU resource limits.
cpu: "1300m"
# logsAgent.resources.limits.cpu -- Memory resource limits.
memory: "192Mi"
requests:
# logsAgent.resources.requests.cpu -- CPU resource requests.
cpu: "20m"
# logsAgent.resources.requests.cpu -- Memory resource requests.
memory: "100Mi"
# logsAgent.updateStrategy -- The update strategy for the DaemonSet object.
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 100
# logsAgent.nodeSelector -- Node labels for pod assignment.
nodeSelector: {}
# logsAgent.tolerations -- Toleration labels for pod assignment.
tolerations: []
# logsAgent.affinity -- Affinity settings for pod assignment.
affinity: {}
serviceaccount:
# logsAgent.serviceaccount.annotations -- Annotations for the service account for the daemonset pods
annotations: {}
checksAgent:
# checksAgent.enabled -- Enable / disable runnning cluster checks in a separately deployed pod
enabled: true
scc:
# checksAgent.scc.enabled -- Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift
enabled: false
apm:
# checksAgent.apm.enabled -- Enable / disable the agent APM module.
enabled: true
networkTracing:
# checksAgent.networkTracing.enabled -- Enable / disable the agent network tracing module.
enabled: true
processAgent:
# checksAgent.processAgent.enabled -- Enable / disable the agent process agent module.
enabled: true
# checksAgent.skipSslValidation -- Set to true if self signed certificates are used.
skipSslValidation: false
# nodeAgent.checksTagCardinality -- low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name
checksTagCardinality: orchestrator
# checksAgent.config --
config:
# checksAgent.config.override -- A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap
override: []
image:
# checksAgent.image.repository -- Base container image repository.
repository: stackstate/stackstate-k8s-agent
# checksAgent.image.tag -- Default container image tag.
tag: "e36d1c88"
# checksAgent.image.pullPolicy -- Default container image pull policy.
pullPolicy: IfNotPresent
livenessProbe:
# checksAgent.livenessProbe.enabled -- Enable use of livenessProbe check.
enabled: true
# checksAgent.livenessProbe.failureThreshold -- `failureThreshold` for the liveness probe.
failureThreshold: 3
# checksAgent.livenessProbe.initialDelaySeconds -- `initialDelaySeconds` for the liveness probe.
initialDelaySeconds: 15
# checksAgent.livenessProbe.periodSeconds -- `periodSeconds` for the liveness probe.
periodSeconds: 15
# checksAgent.livenessProbe.successThreshold -- `successThreshold` for the liveness probe.
successThreshold: 1
# checksAgent.livenessProbe.timeoutSeconds -- `timeoutSeconds` for the liveness probe.
timeoutSeconds: 5
# checksAgent.logLevel -- Logging level for clusterchecks agent processes.
logLevel: INFO
# checksAgent.priorityClassName -- Priority class for clusterchecks agent pods.
priorityClassName: ""
readinessProbe:
# checksAgent.readinessProbe.enabled -- Enable use of readinessProbe check.
enabled: true
# checksAgent.readinessProbe.failureThreshold -- `failureThreshold` for the readiness probe.
failureThreshold: 3
# checksAgent.readinessProbe.initialDelaySeconds -- `initialDelaySeconds` for the readiness probe.
initialDelaySeconds: 15
# checksAgent.readinessProbe.periodSeconds -- `periodSeconds` for the readiness probe.
periodSeconds: 15
# checksAgent.readinessProbe.successThreshold -- `successThreshold` for the readiness probe.
successThreshold: 1
# checksAgent.readinessProbe.timeoutSeconds -- `timeoutSeconds` for the readiness probe.
timeoutSeconds: 5
# checksAgent.replicas -- Number of clusterchecks agent pods to schedule
replicas: 1
resources:
limits:
# checksAgent.resources.limits.cpu -- CPU resource limits.
cpu: "400m"
# checksAgent.resources.limits.cpu -- Memory resource limits.
memory: "600Mi"
requests:
# checksAgent.resources.requests.cpu -- CPU resource requests.
cpu: "20m"
# checksAgent.resources.requests.cpu -- Memory resource requests.
memory: "512Mi"
serviceaccount:
# checksAgent.serviceaccount.annotations -- Annotations for the service account for the cluster checks pods
annotations: {}
# checksAgent.strategy -- The strategy for the Deployment object.
strategy:
type: RollingUpdate
# rollingUpdate:
# maxUnavailable: 1
# checksAgent.nodeSelector -- Node labels for pod assignment.
nodeSelector: {}
# checksAgent.tolerations -- Toleration labels for pod assignment.
tolerations: []
# checksAgent.affinity -- Affinity settings for pod assignment.
affinity: {}
##################################
# http-header-injector variables #
##################################
httpHeaderInjectorWebhook:
# httpHeaderInjectorWebhook.enabled -- Enable the webhook for injection http header injection sidecar proxy
enabled: false
########################
# StackState variables #
########################
stackstate:
# stackstate.apiKey -- (string) **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent.
apiKey:
cluster:
# stackstate.cluster.name -- (string) **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed.
name:
# stackstate.cluster.authToken -- Provide a token to enable secure communication between the agent and the cluster agent.
authToken: ""
# stackstate.url -- (string) **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent.
url:

26
charts/stackstate/stackstate-k8s-agent/1.0.51/.helmignore
View File

@ -1,26 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
linter_values.yaml
ci/
installation/
logo.svg

6
charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: http-header-injector
repository: https://helm.stackstate.io
version: 0.0.6
digest: sha256:eec4d022d97ef52e88860b54682692fd369c864ca49ccde01b30605cce20c96f
generated: "2023-08-25T14:49:57.569449+02:00"

25
charts/stackstate/stackstate-k8s-agent/1.0.51/Chart.yaml
View File

@ -1,25 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: StackState Agent
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: stackstate-k8s-agent
apiVersion: v2
appVersion: 2.19.1
dependencies:
- alias: httpHeaderInjectorWebhook
name: http-header-injector
repository: file://./charts/http-header-injector
version: 0.0.6
deprecated: true
description: Helm chart for the StackState Agent.
home: https://github.com/StackVista/stackstate-agent
icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg
keywords:
- monitoring
- observability
- stackstate
maintainers:
- email: ops@stackstate.com
name: Stackstate
name: stackstate-k8s-agent
version: 1.0.51

235
charts/stackstate/stackstate-k8s-agent/1.0.51/README.md
View File

@ -1,235 +0,0 @@
# stackstate-k8s-agent
Helm chart for the StackState Agent.
Current chart version is `1.0.51`
**Homepage:** <https://github.com/StackVista/stackstate-agent>
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| https://helm.stackstate.io | httpHeaderInjectorWebhook(http-header-injector) | 0.0.6 |
## Required Values
In order to successfully install this chart, you **must** provide the following variables:
* `stackstate.apiKey`
* `stackstate.cluster.name`
* `stackstate.url`
The parameter `stackstate.cluster.name` is entered when installing the Cluster Agent StackPack.
Install them on the command line on Helm with the following command:
```shell
helm install \
--set-string 'stackstate.apiKey'='<your-api-key>' \
--set-string 'stackstate.cluster.name'='<your-cluster-name>' \
--set-string 'stackstate.url'='<your-stackstate-url>' \
stackstate/stackstate-k8s-agent
```
## Recommended Values
It is also recommended that you set a value for `stackstate.cluster.authToken`. If it is not provided, a value will be generated for you, but the value will change each time an upgrade is performed.
The command for **also** installing with a set token would be:
```shell
helm install \
--set-string 'stackstate.apiKey'='<your-api-key>' \
--set-string 'stackstate.cluster.name'='<your-cluster-name>' \
--set-string 'stackstate.cluster.authToken'='<your-cluster-token>' \
--set-string 'stackstate.url'='<your-stackstate-url>' \
stackstate/stackstate-k8s-agent
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| all.hardening.enabled | bool | `false` | An indication of whether the containers will be evaluated for hardening at runtime |
| all.image.registry | string | `"quay.io"` | The image registry to use. |
| checksAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| checksAgent.apm.enabled | bool | `true` | Enable / disable the agent APM module. |
| checksAgent.checksTagCardinality | string | `"orchestrator"` | |
| checksAgent.config | object | `{"override":[]}` | |
| checksAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap |
| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod |
| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. |
| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
| checksAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. |
| checksAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. |
| checksAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. |
| checksAgent.logLevel | string | `"INFO"` | Logging level for clusterchecks agent processes. |
| checksAgent.networkTracing.enabled | bool | `true` | Enable / disable the agent network tracing module. |
| checksAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| checksAgent.priorityClassName | string | `""` | Priority class for clusterchecks agent pods. |
| checksAgent.processAgent.enabled | bool | `true` | Enable / disable the agent process agent module. |
| checksAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. |
| checksAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. |
| checksAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. |
| checksAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. |
| checksAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. |
| checksAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. |
| checksAgent.replicas | int | `1` | Number of clusterchecks agent pods to schedule |
| checksAgent.resources.limits.cpu | string | `"400m"` | Memory resource limits. |
| checksAgent.resources.limits.memory | string | `"600Mi"` | |
| checksAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. |
| checksAgent.resources.requests.memory | string | `"512Mi"` | |
| checksAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift |
| checksAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster checks pods |
| checksAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. |
| checksAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. |
| checksAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| clusterAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| clusterAgent.collection.kubeStateMetrics.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into StackState tag. |
| clusterAgent.collection.kubeStateMetrics.clusterCheck | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. |
| clusterAgent.collection.kubeStateMetrics.enabled | bool | `true` | Enable / disable the cluster agent kube-state-metrics collection. |
| clusterAgent.collection.kubeStateMetrics.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into StackState tag. # It has the following structure: # labelsAsTags: # <resource1>: # can be pod, deployment, node, etc. # <label1>: <tag1> # where <label1> is the kubernetes label and <tag1> is the StackState tag # <label2>: <tag2> # <resource2>: # <label3>: <tag3> # # Warning: the label must match the transformation done by kube-state-metrics, # for example tags.stackstate/version becomes tags_stackstate_version. |
| clusterAgent.collection.kubernetesEvents | bool | `true` | Enable / disable the cluster agent events collection. |
| clusterAgent.collection.kubernetesMetrics | bool | `true` | Enable / disable the cluster agent metrics collection. |
| clusterAgent.collection.kubernetesResources.configmaps | bool | `true` | Enable / disable collection of ConfigMaps. |
| clusterAgent.collection.kubernetesResources.cronjobs | bool | `true` | Enable / disable collection of CronJobs. |
| clusterAgent.collection.kubernetesResources.daemonsets | bool | `true` | Enable / disable collection of DaemonSets. |
| clusterAgent.collection.kubernetesResources.deployments | bool | `true` | Enable / disable collection of Deployments. |
| clusterAgent.collection.kubernetesResources.endpoints | bool | `true` | Enable / disable collection of Endpoints. If endpoints are disabled then StackState won't be able to connect a Service to Pods that serving it |
| clusterAgent.collection.kubernetesResources.ingresses | bool | `true` | Enable / disable collection of Ingresses. |
| clusterAgent.collection.kubernetesResources.jobs | bool | `true` | Enable / disable collection of Jobs. |
| clusterAgent.collection.kubernetesResources.namespaces | bool | `true` | Enable / disable collection of Namespaces. |
| clusterAgent.collection.kubernetesResources.persistentvolumeclaims | bool | `true` | Enable / disable collection of PersistentVolumeClaims. Disabling these will not let StackState connect PersistentVolumes to pods they are attached to |
| clusterAgent.collection.kubernetesResources.persistentvolumes | bool | `true` | Enable / disable collection of PersistentVolumes. |
| clusterAgent.collection.kubernetesResources.replicasets | bool | `true` | Enable / disable collection of ReplicaSets. |
| clusterAgent.collection.kubernetesResources.resourcequotas | bool | `true` | Enable / disable collection of ResourceQuotas. |
| clusterAgent.collection.kubernetesResources.secrets | bool | `true` | Enable / disable collection of Secrets. |
| clusterAgent.collection.kubernetesResources.statefulsets | bool | `true` | Enable / disable collection of StatefulSets. |
| clusterAgent.collection.kubernetesResources.volumeattachments | bool | `true` | Enable / disable collection of Volume Attachments. Used to bind Nodes to Persistent Volumes. |
| clusterAgent.collection.kubernetesTimeout | int | `10` | Default timeout (in seconds) when obtaining information from the Kubernetes API. |
| clusterAgent.collection.kubernetesTopology | bool | `true` | Enable / disable the cluster agent topology collection. |
| clusterAgent.config | object | `{"configMap":{"maxDataSize":null},"events":{"categories":{}},"override":[],"topology":{"collectionInterval":90}}` | |
| clusterAgent.config.configMap.maxDataSize | string | `nil` | Maximum amount of characters for the data property of a ConfigMap collected by the kubernetes topology check |
| clusterAgent.config.events.categories | object | `{}` | Custom mapping from Kubernetes event reason to StackState event category. Categories allowed: Alerts, Activities, Changes, Others |
| clusterAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap |
| clusterAgent.config.topology.collectionInterval | int | `90` | Interval for running topology collection, in seconds |
| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. |
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. |
| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. |
| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
| clusterAgent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. |
| clusterAgent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. |
| clusterAgent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. |
| clusterAgent.logLevel | string | `"INFO"` | Logging level for stackstate-k8s-agent processes. |
| clusterAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| clusterAgent.priorityClassName | string | `""` | Priority class for stackstate-k8s-agent pods. |
| clusterAgent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. |
| clusterAgent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. |
| clusterAgent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. |
| clusterAgent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. |
| clusterAgent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. |
| clusterAgent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. |
| clusterAgent.replicaCount | int | `1` | Number of replicas of the cluster agent to deploy. |
| clusterAgent.resources.limits.cpu | string | `"400m"` | CPU resource limits. |
| clusterAgent.resources.limits.memory | string | `"800Mi"` | Memory resource limits. |
| clusterAgent.resources.requests.cpu | string | `"70m"` | CPU resource requests. |
| clusterAgent.resources.requests.memory | string | `"512Mi"` | Memory resource requests. |
| clusterAgent.service.port | int | `5005` | Change the Cluster Agent service port |
| clusterAgent.service.targetPort | int | `5005` | Change the Cluster Agent service targetPort |
| clusterAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the cluster agent pods |
| clusterAgent.strategy | object | `{"type":"RollingUpdate"}` | The strategy for the Deployment object. |
| clusterAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| fullnameOverride | string | `""` | Override the fullname of the chart. |
| global.extraEnv.open | object | `{}` | Extra open environment variables to inject into pods. |
| global.extraEnv.secret | object | `{}` | Extra secret environment variables to inject into pods via a `Secret` object. |
| global.imagePullCredentials | object | `{}` | Globally define credentials for pulling images. |
| global.imagePullSecrets | list | `[]` | Secrets / credentials needed for container image registry. |
| httpHeaderInjectorWebhook.enabled | bool | `false` | Enable the webhook for injection http header injection sidecar proxy |
| logsAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| logsAgent.enabled | bool | `true` | Enable / disable k8s pod log collection |
| logsAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| logsAgent.image.repository | string | `"stackstate/promtail"` | Base container image repository. |
| logsAgent.image.tag | string | `"2.7.1"` | Default container image tag. |
| logsAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| logsAgent.priorityClassName | string | `""` | Priority class for logsAgent pods. |
| logsAgent.resources.limits.cpu | string | `"1300m"` | Memory resource limits. |
| logsAgent.resources.limits.memory | string | `"192Mi"` | |
| logsAgent.resources.requests.cpu | string | `"20m"` | Memory resource requests. |
| logsAgent.resources.requests.memory | string | `"100Mi"` | |
| logsAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the daemonset pods |
| logsAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| logsAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. |
| nameOverride | string | `""` | Override the name of the chart. |
| nodeAgent.affinity | object | `{}` | Affinity settings for pod assignment. |
| nodeAgent.apm.enabled | bool | `true` | Enable / disable the nodeAgent APM module. |
| nodeAgent.checksTagCardinality | string | `"orchestrator"` | low, orchestrator or high. Orchestrator level adds pod_name, high adds display_container_name |
| nodeAgent.config | object | `{"override":[]}` | |
| nodeAgent.config.override | list | `[]` | A list of objects containing three keys `name`, `path` and `data`, specifying filenames at specific paths which need to be (potentially) overridden using a mounted configmap |
| nodeAgent.containerRuntime.customSocketPath | string | `""` | If the container socket path does not match the default for CRI-O, Containerd or Docker, supply a custom socket path. |
| nodeAgent.containerRuntime.hostProc | string | `"/proc"` | |
| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container |
| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. |
| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.periodSeconds | int | `15` | `periodSeconds` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.successThreshold | int | `1` | `successThreshold` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the liveness probe. |
| nodeAgent.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. |
| nodeAgent.containers.agent.processAgent.enabled | bool | `false` | Enable / disable the agent process agent module. - deprecated |
| nodeAgent.containers.agent.readinessProbe.enabled | bool | `true` | Enable use of readinessProbe check. |
| nodeAgent.containers.agent.readinessProbe.failureThreshold | int | `3` | `failureThreshold` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.periodSeconds | int | `15` | `periodSeconds` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.successThreshold | int | `1` | `successThreshold` for the readiness probe. |
| nodeAgent.containers.agent.readinessProbe.timeoutSeconds | int | `5` | `timeoutSeconds` for the readiness probe. |
| nodeAgent.containers.agent.resources.limits.cpu | string | `"270m"` | Memory resource limits. |
| nodeAgent.containers.agent.resources.limits.memory | string | `"420Mi"` | |
| nodeAgent.containers.agent.resources.requests.cpu | string | `"20m"` | Memory resource requests. |
| nodeAgent.containers.agent.resources.requests.memory | string | `"180Mi"` | |
| nodeAgent.containers.processAgent.enabled | bool | `true` | Enable / disable the process agent container. |
| nodeAgent.containers.processAgent.env | object | `{}` | Additional environment variables for the process-agent container |
| nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. |
| nodeAgent.containers.processAgent.image.registry | string | `nil` | |
| nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. |
| nodeAgent.containers.processAgent.image.tag | string | `"c9dbfd73"` | Default process-agent container image tag. |
| nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. |
| nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. |
| nodeAgent.containers.processAgent.resources.limits.memory | string | `"400Mi"` | |
| nodeAgent.containers.processAgent.resources.requests.cpu | string | `"25m"` | Memory resource requests. |
| nodeAgent.containers.processAgent.resources.requests.memory | string | `"128Mi"` | |
| nodeAgent.httpTracing.enabled | bool | `true` | |
| nodeAgent.logLevel | string | `"INFO"` | Logging level for agent processes. |
| nodeAgent.networkTracing.enabled | bool | `true` | Enable / disable the nodeAgent network tracing module. |
| nodeAgent.nodeSelector | object | `{}` | Node labels for pod assignment. |
| nodeAgent.priorityClassName | string | `""` | Priority class for nodeAgent pods. |
| nodeAgent.protocolInspection.enabled | bool | `true` | Enable / disable the nodeAgent protocol inspection. |
| nodeAgent.scc.enabled | bool | `false` | Enable / disable the installation of the SecurityContextConfiguration needed for installation on OpenShift. |
| nodeAgent.service | object | `{"annotations":{},"loadBalancerSourceRanges":["10.0.0.0/8"],"type":"ClusterIP"}` | The Kubernetes service for the agent |
| nodeAgent.service.annotations | object | `{}` | Annotations for the service |
| nodeAgent.service.loadBalancerSourceRanges | list | `["10.0.0.0/8"]` | The IP4 CIDR allowed to reach LoadBalancer for the service. For LoadBalancer type of service only. |
| nodeAgent.service.type | string | `"ClusterIP"` | Type of Kubernetes service: ClusterIP, LoadBalancer, NodePort |
| nodeAgent.serviceaccount.annotations | object | `{}` | Annotations for the service account for the agent daemonset pods |
| nodeAgent.skipKubeletTLSVerify | bool | `false` | Set to true if you want to skip kubelet tls verification. |
| nodeAgent.skipSslValidation | bool | `false` | Set to true if self signed certificates are used. |
| nodeAgent.tolerations | list | `[]` | Toleration labels for pod assignment. |
| nodeAgent.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":100},"type":"RollingUpdate"}` | The update strategy for the DaemonSet object. |
| openShiftLogging.installSecret | bool | `false` | Install a secret for logging on openshift |
| processAgent.checkIntervals.connections | int | `30` | Override the default value of the connections check interval in seconds. |
| processAgent.checkIntervals.container | int | `30` | Override the default value of the container check interval in seconds. |
| processAgent.checkIntervals.process | int | `30` | Override the default value of the process check interval in seconds. |
| stackstate.apiKey | string | `nil` | **PROVIDE YOUR API KEY HERE** API key to be used by the StackState agent. |
| stackstate.cluster.authToken | string | `""` | Provide a token to enable secure communication between the agent and the cluster agent. |
| stackstate.cluster.name | string | `nil` | **PROVIDE KUBERNETES CLUSTER NAME HERE** Name of the Kubernetes cluster where the agent will be installed. |
| stackstate.url | string | `nil` | **PROVIDE STACKSTATE URL HERE** URL of the StackState installation to receive data from the agent. |
| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux) |

Some files were not shown because too many files have changed in this diff Show More