andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

coder/coder:
    - 2.18.5
  new-relic/nri-bundle:
    - 5.0.109
  speedscale/speedscale-operator:
    - 2.3.170
  yugabyte/yugabyte:
    - 2024.2.1
  yugabyte/yugaware:
    - 2024.2.1
pull/1104/head
github-actions[bot] 2025-01-31 00:06:01 +00:00
parent 24d82b982a
commit e43b95674b
765 changed files with 64508 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/coder/coder-2.18.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.109.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.3.170.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2024.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugaware-2024.2.1.tgz Normal file
View File

Binary file not shown.

27
charts/coder/coder/2.18.5/.helmignore Normal file
View File

@ -0,0 +1,27 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
Makefile
artifacthub-repo.yml
tests

6
charts/coder/coder/2.18.5/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: libcoder
repository: file://../libcoder
version: 0.1.0
digest: sha256:5c9a99109258073b590a9f98268490ef387fde24c0c7c7ade9c1a8c7ef5e6e10
generated: "2023-08-08T07:27:19.677972411Z"

27
charts/coder/coder/2.18.5/Chart.yaml Normal file
View File

@ -0,0 +1,27 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Coder
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: coder
apiVersion: v2
appVersion: 2.18.5
dependencies:
- name: libcoder
repository: file://../libcoder
version: 0.1.0
description: Remote development environments on your infrastructure
home: https://github.com/coder/coder
icon: file://assets/icons/coder.png
keywords:
- coder
- terraform
kubeVersion: '>=1.19-0'
maintainers:
- email: support@coder.com
name: Coder Technologies, Inc.
url: https://coder.com/contact
name: coder
sources:
- https://github.com/coder/coder/tree/main/helm/coder
type: application
version: 2.18.5

53
charts/coder/coder/2.18.5/README.md Normal file
View File

@ -0,0 +1,53 @@
# Coder Helm Chart
This directory contains the Helm chart used to deploy Coder onto a Kubernetes
cluster. It contains the minimum required components to run Coder on Kubernetes,
and notably (compared to Coder Classic) does not include a database server.
## Getting Started
> **Warning**: The main branch in this repository does not represent the
> latest release of Coder. Please reference our installation docs for
> instructions on a tagged release.
View
[our docs](https://coder.com/docs/install/kubernetes)
for detailed installation instructions.
## Values
Please refer to [values.yaml](values.yaml) for available Helm values and their
defaults.
A good starting point for your values file is:
```yaml
coder:
# You can specify any environment variables you'd like to pass to Coder
# here. Coder consumes environment variables listed in
# `coder server --help`, and these environment variables are also passed
# to the workspace provisioner (so you can consume them in your Terraform
# templates for auth keys etc.).
#
# Please keep in mind that you should not set `CODER_HTTP_ADDRESS`,
# `CODER_TLS_ENABLE`, `CODER_TLS_CERT_FILE` or `CODER_TLS_KEY_FILE` as
# they are already set by the Helm chart and will cause conflicts.
env:
- name: CODER_ACCESS_URL
value: "https://coder.example.com"
- name: CODER_PG_CONNECTION_URL
valueFrom:
secretKeyRef:
# You'll need to create a secret called coder-db-url with your
# Postgres connection URL like:
# postgres://coder:password@postgres:5432/coder?sslmode=disable
name: coder-db-url
key: url
# This env enables the Prometheus metrics endpoint.
- name: CODER_PROMETHEUS_ADDRESS
value: "0.0.0.0:2112"
tls:
secretNames:
- my-tls-secret-name
```

16
charts/coder/coder/2.18.5/app-readme.md Normal file
View File

@ -0,0 +1,16 @@
# Coder/coder
## Overview
Coder provides development environments in your public and private clouds. Environments are defined with Terraform, connected through a secure high-speed tunnel, and automatically shut down when not in use to save on costs. Coder gives engineering teams the flexibility to use the cloud for workloads that are most beneficial to them.
Developers can connect to Coder workspaces using the tools and IDEs they know and love including VS Code Remote, JetBrains Gateway, SSH as well as web IDEs such as JupyterLab, code-server, RStudio, and web terminals.
## Highlights
- Onboard developers in seconds instead of days
- Define development environments in Terraform (EC2 VMs, Kubernetes Pods, Docker Containers, etc.)
- Keep source code within your infrastructure, and use RBAC with existing authentication systems
- Automatically shutdown idle resources to save on costs
## Getting Started
Review the Coder Kubernetes [installation instructions](https://coder.com/docs/install/kubernetes) for required prerequisites and options for the [values.yaml](https://github.com/coder/coder/blob/main/helm/coder/values.yaml) used by the chart.
## Resources
- [Coder Documentation](https://coder.com/docs)
- [Coder Quickstart Guide](https://coder.com/docs/tutorials/quickstart)
- [Discord Community](https://discord.gg/coder)

11
charts/coder/coder/2.18.5/charts/libcoder/Chart.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v2
appVersion: 0.1.0
description: Coder library chart
home: https://github.com/coder/coder
maintainers:
- email: support@coder.com
name: Coder Technologies, Inc.
url: https://coder.com/contact
name: libcoder
type: library
version: 0.1.0

89
charts/coder/coder/2.18.5/charts/libcoder/templates/_coder.yaml Normal file
View File

@ -0,0 +1,89 @@
{{- define "libcoder.deployment.tpl" -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "coder.name" .}}
labels:
{{- include "coder.labels" . | nindent 4 }}
{{- with .Values.coder.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations: {{ toYaml .Values.coder.annotations | nindent 4}}
spec:
replicas: {{ .Values.coder.replicaCount }}
selector:
matchLabels:
{{- include "coder.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "coder.labels" . | nindent 8 }}
{{- with .Values.coder.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
{{- toYaml .Values.coder.podAnnotations | nindent 8 }}
spec:
serviceAccountName: {{ .Values.coder.serviceAccount.name | quote }}
restartPolicy: Always
{{- with .Values.coder.image.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 60
{{- with .Values.coder.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.coder.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.coder.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.coder.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.coder.initContainers }}
initContainers:
{{ toYaml . | nindent 8 }}
{{- end }}
containers: []
{{- include "coder.volumes" . | nindent 6 }}
{{- end -}}
{{- define "libcoder.deployment" -}}
{{- include "libcoder.util.merge" (append . "libcoder.deployment.tpl") -}}
{{- end -}}
{{- define "libcoder.containerspec.tpl" -}}
name: coder
image: {{ include "coder.image" . | quote }}
imagePullPolicy: {{ .Values.coder.image.pullPolicy }}
command:
{{- toYaml .Values.coder.command | nindent 2 }}
resources:
{{- toYaml .Values.coder.resources | nindent 2 }}
lifecycle:
{{- toYaml .Values.coder.lifecycle | nindent 2 }}
securityContext: {{ toYaml .Values.coder.securityContext | nindent 2 }}
{{ include "coder.volumeMounts" . }}
{{- end -}}
{{- define "libcoder.containerspec" -}}
{{- include "libcoder.util.merge" (append . "libcoder.containerspec.tpl") -}}
{{- end -}}
{{- define "libcoder.serviceaccount.tpl" -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.coder.serviceAccount.name | quote }}
annotations: {{ toYaml .Values.coder.serviceAccount.annotations | nindent 4 }}
labels:
{{- include "coder.labels" . | nindent 4 }}
{{- end -}}
{{- define "libcoder.serviceaccount" -}}
{{- include "libcoder.util.merge" (append . "libcoder.serviceaccount.tpl") -}}
{{- end -}}

200
charts/coder/coder/2.18.5/charts/libcoder/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,200 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "coder.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "coder.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Selector labels
!!!!! DO NOT ADD ANY MORE SELECTORS. IT IS A BREAKING CHANGE !!!!!
*/}}
{{- define "coder.selectorLabels" -}}
app.kubernetes.io/name: {{ include "coder.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "coder.labels" -}}
helm.sh/chart: {{ include "coder.chart" . }}
{{ include "coder.selectorLabels" . }}
app.kubernetes.io/part-of: {{ include "coder.name" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Coder Docker image URI
*/}}
{{- define "coder.image" -}}
{{- if and (eq .Values.coder.image.tag "") (eq .Chart.AppVersion "0.1.0") -}}
{{ fail "You must specify the coder.image.tag value if you're installing the Helm chart directly from Git." }}
{{- end -}}
{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default (printf "v%v" .Chart.AppVersion) }}
{{- end }}
{{/*
Coder TLS enabled.
*/}}
{{- define "coder.tlsEnabled" -}}
{{- if hasKey .Values.coder "tls" -}}
{{- if .Values.coder.tls.secretNames -}}
true
{{- else -}}
false
{{- end -}}
{{- else -}}
false
{{- end -}}
{{- end }}
{{/*
Coder TLS environment variables.
*/}}
{{- define "coder.tlsEnv" }}
{{- if eq (include "coder.tlsEnabled" .) "true" }}
- name: CODER_TLS_ENABLE
value: "true"
- name: CODER_TLS_ADDRESS
value: "0.0.0.0:8443"
- name: CODER_TLS_CERT_FILE
value: "{{ range $idx, $secretName := .Values.coder.tls.secretNames -}}{{ if $idx }},{{ end }}/etc/ssl/certs/coder/{{ $secretName }}/tls.crt{{- end }}"
- name: CODER_TLS_KEY_FILE
value: "{{ range $idx, $secretName := .Values.coder.tls.secretNames -}}{{ if $idx }},{{ end }}/etc/ssl/certs/coder/{{ $secretName }}/tls.key{{- end }}"
{{- end }}
{{- end }}
{{/*
Coder default access URL
*/}}
{{- define "coder.defaultAccessURL" }}
{{- if eq (include "coder.tlsEnabled" .) "true" -}}
https
{{- else -}}
http
{{- end -}}
://coder.{{ .Release.Namespace }}.svc.cluster.local
{{- end }}
{{/*
Coder volume definitions.
*/}}
{{- define "coder.volumeList" }}
{{- if hasKey .Values.coder "tls" -}}
{{- range $secretName := .Values.coder.tls.secretNames }}
- name: "tls-{{ $secretName }}"
secret:
secretName: {{ $secretName | quote }}
{{ end -}}
{{- end }}
{{ range $secret := .Values.coder.certs.secrets -}}
- name: "ca-cert-{{ $secret.name }}"
secret:
secretName: {{ $secret.name | quote }}
{{ end -}}
{{ if gt (len .Values.coder.volumes) 0 -}}
{{ toYaml .Values.coder.volumes }}
{{ end -}}
{{- end }}
{{/*
Coder volumes yaml.
*/}}
{{- define "coder.volumes" }}
{{- if trim (include "coder.volumeList" .) -}}
volumes:
{{- include "coder.volumeList" . -}}
{{- else -}}
volumes: []
{{- end -}}
{{- end }}
{{/*
Coder volume mounts.
*/}}
{{- define "coder.volumeMountList" }}
{{- if hasKey .Values.coder "tls" }}
{{ range $secretName := .Values.coder.tls.secretNames -}}
- name: "tls-{{ $secretName }}"
mountPath: "/etc/ssl/certs/coder/{{ $secretName }}"
readOnly: true
{{ end -}}
{{- end }}
{{ range $secret := .Values.coder.certs.secrets -}}
- name: "ca-cert-{{ $secret.name }}"
mountPath: "/etc/ssl/certs/{{ $secret.name }}.crt"
subPath: {{ $secret.key | quote }}
readOnly: true
{{ end -}}
{{ if gt (len .Values.coder.volumeMounts) 0 -}}
{{ toYaml .Values.coder.volumeMounts }}
{{ end -}}
{{- end }}
{{/*
Coder volume mounts yaml.
*/}}
{{- define "coder.volumeMounts" }}
{{- if trim (include "coder.volumeMountList" .) -}}
volumeMounts:
{{- include "coder.volumeMountList" . -}}
{{- else -}}
volumeMounts: []
{{- end -}}
{{- end }}
{{/*
Coder ingress wildcard hostname with the wildcard suffix stripped.
*/}}
{{- define "coder.ingressWildcardHost" -}}
{{/* This regex replace is required as the original input including the suffix
* is not a legal ingress host. We need to remove the suffix and keep the
* wildcard '*'.
*
* - '\\*' Starts with '*'
* - '[^.]*' Suffix is 0 or more characters, '-suffix'
* - '(' Start domain capture group
* - '\\.' The domain should be separated with a '.' from the subdomain
* - '.*' Rest of the domain.
* - ')' $1 is the ''.example.com'
*/}}
{{- regexReplaceAll "\\*[^.]*(\\..*)" .Values.coder.ingress.wildcardHost "*${1}" -}}
{{- end }}
{{/*
Fail on fully deprecated values or deprecated value combinations. This is
included at the top of coder.yaml.
*/}}
{{- define "coder.verifyDeprecated" }}
{{/*
Deprecated value coder.tls.secretName must not be used.
*/}}
{{- if .Values.coder.tls.secretName }}
{{ fail "coder.tls.secretName is deprecated, use coder.tls.secretNames instead." }}
{{- end }}
{{- end }}
{{/*
Renders a value that contains a template.
Usage:
{{ include "coder.renderTemplate" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "coder.renderTemplate" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

62
charts/coder/coder/2.18.5/charts/libcoder/templates/_rbac.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- define "libcoder.rbac.tpl" -}}
{{- if .Values.coder.serviceAccount.workspacePerms }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Values.coder.serviceAccount.name }}-workspace-perms
rules:
- apiGroups: [""]
resources: ["pods"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
{{- if .Values.coder.serviceAccount.enableDeployments }}
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
{{- end }}
{{- with .Values.coder.serviceAccount.extraRules }}
{{ toYaml . | nindent 2 }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Values.coder.serviceAccount.name | quote }}
subjects:
- kind: ServiceAccount
name: {{ .Values.coder.serviceAccount.name | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Values.coder.serviceAccount.name }}-workspace-perms
{{- end }}
{{- end -}}

13
charts/coder/coder/2.18.5/charts/libcoder/templates/_util.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- /*
libcoder.util.merge will merge two YAML templates and output the result.
This takes an array of three values:
- the top context
- the template name of the overrides (destination)
- the template name of the base (source)
*/}}
{{- define "libcoder.util.merge" -}}
{{- $top := first . -}}
{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}}
{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}}
{{- toYaml (merge $overrides $tpl) -}}
{{- end -}}

6
charts/coder/coder/2.18.5/templates/NOTES.txt Normal file
View File

@ -0,0 +1,6 @@
{{/*
Deprecation notices:
*/}}
Enjoy Coder! Please create an issue at https://github.com/coder/coder if you run
into any problems! :)

108
charts/coder/coder/2.18.5/templates/_coder.tpl Normal file
View File

@ -0,0 +1,108 @@
{{/*
Service account to merge into the libcoder template
*/}}
{{- define "coder.serviceaccount" -}}
{{- end -}}
{{/*
Deployment to merge into the libcoder template
*/}}
{{- define "coder.deployment" -}}
spec:
template:
spec:
containers:
-
{{ include "libcoder.containerspec" (list . "coder.containerspec") | indent 8}}
{{- end -}}
{{/*
ContainerSpec for the Coder container of the Coder deployment
*/}}
{{- define "coder.containerspec" -}}
args:
{{- if .Values.coder.commandArgs }}
{{- toYaml .Values.coder.commandArgs | nindent 12 }}
{{- else }}
{{- if .Values.coder.workspaceProxy }}
- wsproxy
{{- end }}
- server
{{- end }}
{{- if .Values.coder.envFrom }}
envFrom:
{{- with .Values.coder.envFrom }}
{{ toYaml . }}
{{- end }}
{{- end }}
env:
- name: CODER_HTTP_ADDRESS
value: "0.0.0.0:8080"
- name: CODER_PROMETHEUS_ADDRESS
value: "0.0.0.0:2112"
{{- if .Values.provisionerDaemon.pskSecretName }}
- name: CODER_PROVISIONER_DAEMON_PSK
valueFrom:
secretKeyRef:
name: {{ .Values.provisionerDaemon.pskSecretName | quote }}
key: psk
{{- end }}
# Set the default access URL so a `helm apply` works by default.
# See: https://github.com/coder/coder/issues/5024
{{- $hasAccessURL := false }}
{{- range .Values.coder.env }}
{{- if eq .name "CODER_ACCESS_URL" }}
{{- $hasAccessURL = true }}
{{- end }}
{{- end }}
{{- if and (not $hasAccessURL) .Values.coder.envUseClusterAccessURL }}
- name: CODER_ACCESS_URL
value: {{ include "coder.defaultAccessURL" . | quote }}
{{- end }}
# Used for inter-pod communication with high-availability.
- name: KUBE_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CODER_DERP_SERVER_RELAY_URL
value: "http://$(KUBE_POD_IP):8080"
{{- include "coder.tlsEnv" . }}
{{- with .Values.coder.env }}
{{ toYaml . }}
{{- end }}
ports:
- name: "http"
containerPort: 8080
protocol: TCP
{{- if eq (include "coder.tlsEnabled" .) "true" }}
- name: "https"
containerPort: 8443
protocol: TCP
{{- end }}
{{- range .Values.coder.env }}
{{- if eq .name "CODER_PROMETHEUS_ENABLE" }}
{{/*
This sadly has to be nested to avoid evaluating the second part
of the condition too early and potentially getting type errors if
the value is not a string (like a `valueFrom`). We do not support
`valueFrom` for this env var specifically.
*/}}
{{- if eq .value "true" }}
- name: "prometheus-http"
containerPort: 2112
protocol: TCP
{{- end }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: "http"
scheme: "HTTP"
livenessProbe:
httpGet:
path: /healthz
port: "http"
scheme: "HTTP"
{{- end }}

7
charts/coder/coder/2.18.5/templates/coder.yaml Normal file
View File

@ -0,0 +1,7 @@
---
{{- if not .Values.coder.serviceAccount.disableCreate }}
{{ include "libcoder.serviceaccount" (list . "coder.serviceaccount") }}
{{- end }}
---
{{ include "libcoder.deployment" (list . "coder.deployment") }}

4
charts/coder/coder/2.18.5/templates/extra-templates.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraTemplates }}
---
{{ include "coder.renderTemplate" (dict "value" . "context" $) }}
{{- end }}

54
charts/coder/coder/2.18.5/templates/ingress.yaml Normal file
View File

@ -0,0 +1,54 @@
{{- if .Values.coder.ingress.enable }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: coder
labels:
{{- include "coder.labels" . | nindent 4 }}
annotations:
{{- toYaml .Values.coder.ingress.annotations | nindent 4 }}
spec:
{{- if .Values.coder.ingress.className }}
{{/* If this is set to an empty string it fails validation on K8s */}}
ingressClassName: {{ .Values.coder.ingress.className | quote }}
{{- end }}
rules:
- host: {{ .Values.coder.ingress.host | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: coder
port:
name: "http"
{{- if .Values.coder.ingress.wildcardHost }}
- host: {{ include "coder.ingressWildcardHost" . | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: coder
port:
name: "http"
{{- end }}
{{- if .Values.coder.ingress.tls.enable }}
tls:
- hosts:
- {{ .Values.coder.ingress.host | quote }}
secretName: {{ .Values.coder.ingress.tls.secretName | quote}}
{{- if .Values.coder.ingress.tls.wildcardSecretName }}
- hosts:
- {{ include "coder.ingressWildcardHost" . | quote }}
secretName: {{ .Values.coder.ingress.tls.wildcardSecretName | quote}}
{{- end }}
{{- end }}
{{- end }}

1
charts/coder/coder/2.18.5/templates/rbac.yaml Normal file
View File

@ -0,0 +1 @@
{{ include "libcoder.rbac.tpl" . }}

41
charts/coder/coder/2.18.5/templates/service.yaml Normal file
View File

@ -0,0 +1,41 @@
{{- if .Values.coder.service.enable }}
---
apiVersion: v1
kind: Service
metadata:
name: coder
labels:
{{- include "coder.labels" . | nindent 4 }}
annotations:
{{- toYaml .Values.coder.service.annotations | nindent 4 }}
spec:
type: {{ .Values.coder.service.type }}
sessionAffinity: {{ .Values.coder.service.sessionAffinity }}
ports:
- name: "http"
port: 80
targetPort: "http"
protocol: TCP
{{ if eq .Values.coder.service.type "NodePort" }}
nodePort: {{ .Values.coder.service.httpNodePort }}
{{ end }}
{{- if eq (include "coder.tlsEnabled" .) "true" }}
- name: "https"
port: 443
targetPort: "https"
protocol: TCP
{{ if eq .Values.coder.service.type "NodePort" }}
nodePort: {{ .Values.coder.service.httpsNodePort }}
{{ end }}
{{- end }}
{{- if eq "LoadBalancer" .Values.coder.service.type }}
{{- with .Values.coder.service.loadBalancerIP }}
loadBalancerIP: {{ . | quote }}
{{- end }}
{{- with .Values.coder.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ . | quote }}
{{- end }}
{{- end }}
selector:
{{- include "coder.selectorLabels" . | nindent 4 }}
{{- end }}

354
charts/coder/coder/2.18.5/values.yaml Normal file
View File

@ -0,0 +1,354 @@
# coder -- Primary configuration for `coder server`.
coder:
# coder.env -- The environment variables to set for Coder. These can be used
# to configure all aspects of `coder server`. Please see `coder server --help`
# for information about what environment variables can be set.
# Note: The following environment variables are set by default and cannot be
# overridden:
# - CODER_HTTP_ADDRESS: set to 0.0.0.0:8080 and cannot be changed.
# - CODER_TLS_ADDRESS: set to 0.0.0.0:8443 if tls.secretName is not empty.
# - CODER_TLS_ENABLE: set if tls.secretName is not empty.
# - CODER_TLS_CERT_FILE: set if tls.secretName is not empty.
# - CODER_TLS_KEY_FILE: set if tls.secretName is not empty.
# - CODER_PROMETHEUS_ADDRESS: set to 0.0.0.0:2112 and cannot be changed.
# Prometheus must still be enabled by setting CODER_PROMETHEUS_ENABLE.
# - KUBE_POD_IP
# - CODER_DERP_SERVER_RELAY_URL
#
# We will additionally set CODER_ACCESS_URL if unset to the cluster service
# URL, unless coder.envUseClusterAccessURL is set to false.
env: []
# - name: "CODER_ACCESS_URL"
# value: "https://coder.example.com"
# coder.envFrom -- Secrets or ConfigMaps to use for Coder's environment
# variables. If you want one environment variable read from a secret, then use
# coder.env valueFrom. See the K8s docs for valueFrom here:
# https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data
#
# If setting CODER_ACCESS_URL in coder.envFrom, then you must set
# coder.envUseClusterAccessURL to false.
envFrom: []
# - configMapRef:
# name: coder-config
# - secretRef:
# name: coder-config
# coder.envUseClusterAccessURL -- Determines whether the CODER_ACCESS_URL env
# is added to coder.env if it's not already set there. Set this to false if
# defining CODER_ACCESS_URL in coder.envFrom to avoid conflicts.
envUseClusterAccessURL: true
# coder.image -- The image to use for Coder.
image:
# coder.image.repo -- The repository of the image.
repo: "ghcr.io/coder/coder"
# coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}}
# if not set. If you're using the chart directly from git, the default
# app version will not work and you'll need to set this value. The helm
# chart helpfully fails quickly in this case.
tag: ""
# coder.image.pullPolicy -- The pull policy to use for the image. See:
# https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
pullPolicy: IfNotPresent
# coder.image.pullSecrets -- The secrets used for pulling the Coder image from
# a private registry.
pullSecrets: []
# - name: "pull-secret"
# coder.initContainers -- Init containers for the deployment. See:
# https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
initContainers:
[]
# - name: init-container
# image: busybox:1.28
# command: ['sh', '-c', "sleep 2"]
# coder.annotations -- The Deployment annotations. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations: {}
# coder.labels -- The Deployment labels. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels: {}
# coder.podAnnotations -- The Coder pod annotations. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# coder.podLabels -- The Coder pod labels. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# coder.serviceAccount -- Configuration for the automatically created service
# account. Creation of the service account cannot be disabled.
serviceAccount:
# coder.serviceAccount.workspacePerms -- Whether or not to grant the coder
# service account permissions to manage workspaces. This includes
# permission to manage pods and persistent volume claims in the deployment
# namespace.
#
# It is recommended to keep this on if you are using Kubernetes templates
# within Coder.
workspacePerms: true
# coder.serviceAccount.enableDeployments -- Provides the service account
# permission to manage Kubernetes deployments. Depends on workspacePerms.
enableDeployments: true
# coder.serviceAccount.extraRules -- Additional permissions added to the SA
# role. Depends on workspacePerms.
extraRules: []
# - apiGroups: [""]
# resources: ["services"]
# verbs:
# - create
# - delete
# - deletecollection
# - get
# - list
# - patch
# - update
# - watch
# coder.serviceAccount.annotations -- The Coder service account annotations.
annotations: {}
# coder.serviceAccount.name -- The service account name
name: coder
# coder.serviceAccount.disableCreate -- Whether to create the service account or use existing service account.
disableCreate: false
# coder.securityContext -- Fields related to the container's security
# context (as opposed to the pod). Some fields are also present in the pod
# security context, in which case these values will take precedence.
securityContext:
# coder.securityContext.runAsNonRoot -- Requires that the coder container
# runs as an unprivileged user. If setting runAsUser to 0 (root), this
# will need to be set to false.
runAsNonRoot: true
# coder.securityContext.runAsUser -- Sets the user id of the container.
# For security reasons, we recommend using a non-root user.
runAsUser: 1000
# coder.securityContext.runAsGroup -- Sets the group id of the container.
# For security reasons, we recommend using a non-root group.
runAsGroup: 1000
# coder.securityContext.readOnlyRootFilesystem -- Mounts the container's
# root filesystem as read-only.
readOnlyRootFilesystem: null
# coder.securityContext.seccompProfile -- Sets the seccomp profile for
# the coder container.
seccompProfile:
type: RuntimeDefault
# coder.securityContext.allowPrivilegeEscalation -- Controls whether
# the container can gain additional privileges, such as escalating to
# root. It is recommended to leave this setting disabled in production.
allowPrivilegeEscalation: false
# coder.volumes -- A list of extra volumes to add to the Coder pod.
volumes: []
# - name: "my-volume"
# emptyDir: {}
# coder.volumeMounts -- A list of extra volume mounts to add to the Coder pod.
volumeMounts: []
# - name: "my-volume"
# mountPath: "/mnt/my-volume"
# coder.tls -- The TLS configuration for Coder.
tls:
# coder.tls.secretNames -- A list of TLS server certificate secrets to mount
# into the Coder pod. The secrets should exist in the same namespace as the
# Helm deployment and should be of type "kubernetes.io/tls". The secrets
# will be automatically mounted into the pod if specified, and the correct
# "CODER_TLS_*" environment variables will be set for you.
secretNames: []
# coder.replicaCount -- The number of Kubernetes deployment replicas. This
# should only be increased if High Availability is enabled.
#
# This is an Enterprise feature. Contact sales@coder.com.
replicaCount: 1
# coder.workspaceProxy -- Whether or not this deployment of Coder is a Coder
# Workspace Proxy. Workspace Proxies reduce the latency between the user and
# their workspace for web connections (workspace apps and web terminal) and
# proxied connections from the CLI. Workspace Proxies are optional and only
# recommended for geographically sparse teams.
#
# Make sure you set CODER_PRIMARY_ACCESS_URL and CODER_PROXY_SESSION_TOKEN in
# the environment below. You can get a proxy token using the CLI:
# coder wsproxy create \
# --name "proxy-name" \
# --display-name "Proxy Name" \
# --icon "/emojis/xyz.png"
#
# This is an Enterprise feature. Contact sales@coder.com
# Docs: https://coder.com/docs/admin/workspace-proxies
workspaceProxy: false
# coder.lifecycle -- container lifecycle handlers for the Coder container, allowing
# for lifecycle events such as postStart and preStop events
# See: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle:
{}
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo postStart"]
# preStop:
# exec:
# command: ["/bin/sh","-c","echo preStart"]
# coder.resources -- The resources to request for Coder. These are optional
# and are not set by default.
resources:
{}
# limits:
# cpu: 2000m
# memory: 4096Mi
# requests:
# cpu: 2000m
# memory: 4096Mi
# coder.certs -- CA bundles to mount inside the Coder pod.
certs:
# coder.certs.secrets -- A list of CA bundle secrets to mount into the Coder
# pod. The secrets should exist in the same namespace as the Helm
# deployment.
#
# The given key in each secret is mounted at
# `/etc/ssl/certs/{secret_name}.crt`.
secrets:
[]
# - name: "my-ca-bundle"
# key: "ca-bundle.crt"
# coder.affinity -- Allows specifying an affinity rule for the `coder` deployment.
# The default rule prefers to schedule coder pods on different
# nodes, which is only applicable if coder.replicaCount is greater than 1.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- "coder"
topologyKey: kubernetes.io/hostname
weight: 1
topologySpreadConstraints:
# - maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: coder
# coder.tolerations -- Tolerations for tainted nodes.
# See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations:
[]
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# coder.nodeSelector -- Node labels for constraining coder pods to nodes.
# See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
nodeSelector: {}
# kubernetes.io/os: linux
# coder.service -- The Service object to expose for Coder.
service:
# coder.service.enable -- Whether to create the Service object.
enable: true
# coder.service.type -- The type of service to expose. See:
# https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: LoadBalancer
# coder.service.sessionAffinity -- Must be set to ClientIP or None
# AWS ELB does not support session stickiness based on ClientIP, so you must set this to None.
# The error message you might see: "Unsupported load balancer affinity: ClientIP"
# https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
sessionAffinity: None
# coder.service.externalTrafficPolicy -- The external traffic policy to use.
# You may need to change this to "Local" to preserve the source IP address
# in some situations.
# https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster
# coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not
# specified, a new IP will be generated each time the load balancer is
# recreated. It is recommended to manually create a static IP address in
# your cloud and specify it here in production to avoid accidental IP
# address changes.
loadBalancerIP: ""
# coder.service.annotations -- The service annotations. See:
# https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
annotations: {}
# coder.service.httpNodePort -- Enabled if coder.service.type is set to
# NodePort. If not set, Kubernetes will allocate a port from the default
# range, 30000-32767.
httpNodePort: ""
# coder.service.httpsNodePort -- Enabled if coder.service.type is set to
# NodePort. If not set, Kubernetes will allocate a port from the default
# range, 30000-32767.
httpsNodePort: ""
# coder.ingress -- The Ingress object to expose for Coder.
ingress:
# coder.ingress.enable -- Whether to create the Ingress object. If using an
# Ingress, we recommend not specifying coder.tls.secretNames as the Ingress
# will handle TLS termination.
enable: false
# coder.ingress.className -- The name of the Ingress class to use.
className: ""
# coder.ingress.host -- The hostname to match on.
# Be sure to also set CODER_ACCESS_URL within coder.env[]
host: ""
# coder.ingress.wildcardHost -- The wildcard hostname to match on. Should be
# in the form "*.example.com" or "*-suffix.example.com". If you are using a
# suffix after the wildcard, the suffix will be stripped from the created
# ingress to ensure that it is a legal ingress host. Optional if not using
# applications over subdomains.
# Be sure to also set CODER_WILDCARD_ACCESS_URL within coder.env[]
wildcardHost: ""
# coder.ingress.annotations -- The ingress annotations.
annotations: {}
# coder.ingress.tls -- The TLS configuration to use for the Ingress.
tls:
# coder.ingress.tls.enable -- Whether to enable TLS on the Ingress.
enable: false
# coder.ingress.tls.secretName -- The name of the TLS secret to use.
secretName: ""
# coder.ingress.tls.wildcardSecretName -- The name of the TLS secret to
# use for the wildcard host.
wildcardSecretName: ""
# coder.command -- The command to use when running the Coder container. Used
# for customizing the location of the `coder` binary in your image.
command:
- /opt/coder
# coder.commandArgs -- Set arguments for the entrypoint command of the Coder pod.
commandArgs: []
# provisionerDaemon -- Configuration for external provisioner daemons.
#
# This is an Enterprise feature. Contact sales@coder.com.
provisionerDaemon:
# provisionerDaemon.pskSecretName -- The name of the Kubernetes secret that contains the
# Pre-Shared Key (PSK) to use to authenticate external provisioner daemons with Coder. The
# secret must be in the same namespace as the Helm deployment, and contain an item called "psk"
# which contains the pre-shared key.
pskSecretName: ""
# extraTemplates -- Array of extra objects to deploy with the release. Strings
# are evaluated as a template and can use template expansions and functions. All
# other objects are used as yaml.
extraTemplates:
#- |
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: my-configmap
# data:
# key: {{ .Values.myCustomValue | quote }}

22
charts/new-relic/nri-bundle/5.0.109/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

42
charts/new-relic/nri-bundle/5.0.109/Chart.lock Normal file
View File

@ -0,0 +1,42 @@
dependencies:
- name: newrelic-infrastructure
repository: https://newrelic.github.io/nri-kubernetes
version: 3.38.1
- name: nri-prometheus
repository: https://newrelic.github.io/nri-prometheus
version: 2.1.19
- name: newrelic-prometheus-agent
repository: https://newrelic.github.io/newrelic-prometheus-configurator
version: 1.16.1
- name: nri-metadata-injection
repository: https://newrelic.github.io/k8s-metadata-injection
version: 4.23.1
- name: newrelic-k8s-metrics-adapter
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
version: 1.13.5
- name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 5.26.0
- name: nri-kube-events
repository: https://newrelic.github.io/nri-kube-events
version: 3.11.6
- name: newrelic-logging
repository: https://newrelic.github.io/helm-charts
version: 1.23.5
- name: newrelic-pixie
repository: https://newrelic.github.io/helm-charts
version: 2.1.6
- name: nr-ebpf-agent
repository: https://newrelic.github.io/helm-charts
version: 0.1.15
- name: k8s-agents-operator
repository: https://newrelic.github.io/k8s-agents-operator
version: 0.20.1
- name: pixie-operator-chart
repository: https://pixie-operator-charts.storage.googleapis.com
version: 0.1.7
- name: newrelic-infra-operator
repository: https://newrelic.github.io/newrelic-infra-operator
version: 2.13.5
digest: sha256:e10196059a0afb5596f8b59129bce70abbaec86e2888b576d47db0ffca56c355
generated: "2025-01-30T16:44:28.101731032Z"

90
charts/new-relic/nri-bundle/5.0.109/Chart.yaml Normal file
View File

@ -0,0 +1,90 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: New Relic
catalog.cattle.io/release-name: nri-bundle
apiVersion: v2
dependencies:
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
name: newrelic-infrastructure
repository: https://newrelic.github.io/nri-kubernetes
version: 3.38.1
- condition: prometheus.enabled,nri-prometheus.enabled
name: nri-prometheus
repository: https://newrelic.github.io/nri-prometheus
version: 2.1.19
- condition: newrelic-prometheus-agent.enabled
name: newrelic-prometheus-agent
repository: https://newrelic.github.io/newrelic-prometheus-configurator
version: 1.16.1
- condition: webhook.enabled,nri-metadata-injection.enabled
name: nri-metadata-injection
repository: https://newrelic.github.io/k8s-metadata-injection
version: 4.23.1
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
name: newrelic-k8s-metrics-adapter
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
version: 1.13.5
- condition: ksm.enabled,kube-state-metrics.enabled
name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 5.26.0
- condition: kubeEvents.enabled,nri-kube-events.enabled
name: nri-kube-events
repository: https://newrelic.github.io/nri-kube-events
version: 3.11.6
- condition: logging.enabled,newrelic-logging.enabled
name: newrelic-logging
repository: https://newrelic.github.io/helm-charts
version: 1.23.5
- condition: newrelic-pixie.enabled
name: newrelic-pixie
repository: https://newrelic.github.io/helm-charts
version: 2.1.6
- condition: newrelic-eapm-agent.enabled
name: nr-ebpf-agent
repository: https://newrelic.github.io/helm-charts
version: 0.1.15
- condition: k8s-agents-operator.enabled
name: k8s-agents-operator
repository: https://newrelic.github.io/k8s-agents-operator
version: 0.20.1
- alias: pixie-chart
condition: pixie-chart.enabled
name: pixie-operator-chart
repository: https://pixie-operator-charts.storage.googleapis.com
version: 0.1.7
- condition: newrelic-infra-operator.enabled
name: newrelic-infra-operator
repository: https://newrelic.github.io/newrelic-infra-operator
version: 2.13.5
description: Groups together the individual charts for the New Relic Kubernetes solution
for a more comfortable deployment.
home: https://github.com/newrelic/helm-charts
icon: file://assets/icons/nri-bundle.svg
keywords:
- infrastructure
- newrelic
- monitoring
maintainers:
- name: juanjjaramillo
url: https://github.com/juanjjaramillo
- name: csongnr
url: https://github.com/csongnr
- name: dbudziwojskiNR
url: https://github.com/dbudziwojskiNR
name: nri-bundle
sources:
- https://github.com/newrelic/nri-bundle/
- https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle
- https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure
- https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus
- https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
- https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter
- https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
- https://github.com/newrelic/helm-charts/tree/master/charts/nr-ebpf-agent
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
- https://github.com/newrelic/k8s-agents-operator/tree/master/charts/k8s-agents-operator
version: 5.0.109

202
charts/new-relic/nri-bundle/5.0.109/README.md Normal file
View File

@ -0,0 +1,202 @@
# nri-bundle
Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment.
**Homepage:** <https://github.com/newrelic/helm-charts>
## Bundled charts
This chart does not deploy anything by itself but has many charts as dependencies. This allows you to easily install and upgrade the New Relic
Kubernetes Integration using only one chart.
In case you need more information about each component this chart installs, or you are an advanced user that want to install each component separately,
here is a list of components that this chart installs and where you can find more information about them:
| Component | Installed by default? | Description |
|------------------------------|-----------------------|-------------|
| [newrelic-infrastructure](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) | Yes | Sends metrics about nodes, cluster objects (e.g. Deployments, Pods), and the control plane to New Relic. |
| [nri-metadata-injection](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) | Yes | Enriches New Relic-instrumented applications (APM) with Kubernetes information. |
| [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) | | Required for `newrelic-infrastructure` to gather cluster-level metrics. |
| [nri-kube-events](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) | | Reports Kubernetes events to New Relic. |
| [newrelic-infra-operator](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) | | (Beta) Used with Fargate or serverless environments to inject `newrelic-infrastructure` as a sidecar instead of the usual DaemonSet. |
| [newrelic-k8s-metrics-adapter](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) | | (Beta) Provides a source of data for Horizontal Pod Autoscalers (HPA) based on a NRQL query from New Relic. |
| [newrelic-logging](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) | | Sends logs for Kubernetes components and workloads running on the cluster to New Relic. |
| [nri-prometheus](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) | | Sends metrics from applications exposing Prometheus metrics to New Relic. |
| [newrelic-prometheus-configurator](https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent) | | Configures instances of Prometheus in Agent mode to send metrics to the New Relic Prometheus endpoint. |
| [newrelic-pixie](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) | | Connects to the Pixie API and enables the New Relic plugin in Pixie. The plugin allows you to export data from Pixie to New Relic for long-term data retention. |
| [Pixie](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) | | Is an open source observability tool for Kubernetes applications that uses eBPF to automatically capture telemetry data without the need for manual instrumentation. |
| [newrelic-eAPM-agent](https://github.com/newrelic/helm-charts/tree/master/charts/nr-ebpf-agent) | | Configures instances of the New Relic eAPM agent to automatically capture telemetry data without the need for manual instrumentation. |
| [k8s-agents-operator](https://github.com/newrelic/k8s-agents-operator/tree/main/charts/k8s-agents-operator) | | (Preview) Streamlines full-stack observability for Kubernetes environments by automating APM instrumentation alongside Kubernetes agent deployment. |
## Configure components
It is possible to configure settings for the individual charts this chart groups by specifying values for them under a key using the name of the chart,
as specified in [helm documentation](https://helm.sh/docs/chart_template_guide/subcharts_and_globals).
For example, by adding the following to the `values.yml` file:
```yaml
# Configuration settings for the newrelic-infrastructure chart
newrelic-infrastructure:
# Any key defined in the values.yml file for the newrelic-infrastructure chart can be configured here:
# https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml
verboseLog: false
resources:
limits:
memory: 512M
```
It is possible to override any entry of the [`newrelic-infrastructure`](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure)
chart, as defined in their [`values.yml` file](https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml).
The same approach can be followed to update any of the subcharts.
After making these changes to the `values.yml` file, or a custom values file, make sure to apply them using:
```
$ helm upgrade --reuse-values -f values.yaml [RELEASE] newrelic/nri-bundle
```
Where `[RELEASE]` is the name of the helm release, e.g. `newrelic-bundle`.
## Monitor on host integrations
If you wish to monitor services running on Kubernetes you can provide integrations
configuration under `integrations_config` that it will passed down to the `newrelic-infrastructure` chart.
You just need to create a new entry where the "name" is the filename of the configuration file and the data is the content of
the integration configuration. The name must end in ".yaml" as this will be the
filename generated and the Infrastructure agent only looks for YAML files.
The data part is the actual integration configuration as described in the spec here:
https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180
In the following example you can see how to monitor a Redis integration with autodiscovery
```yaml
newrelic-infrastructure:
integrations:
nri-redis-sampleapp:
discovery:
command:
exec: /var/db/newrelic-infra/nri-discovery-kubernetes --tls --port 10250
match:
label.app: sampleapp
integrations:
- name: nri-redis
env:
# using the discovered IP as the hostname address
HOSTNAME: ${discovery.ip}
PORT: 6379
labels:
env: test
```
## Bring your own KSM
New Relic Kubernetes Integration requires an instance of kube-state-metrics (KSM) to be running in the cluster, which this chart pulls as a dependency. If you are already running or want to run your own KSM instance, you will need to make some small adjustments as described below.
### Bring your own KSM
If you already have one KSM instance running, you can point `nri-kubernetes` to your instance:
```yaml
kube-state-metrics:
# Disable bundled KSM.
enabled: false
newrelic-infrastructure:
ksm:
config:
# Selector for your pre-installed KSM Service. You may need to adjust this to fit your existing installation.
selector: "app.kubernetes.io/name=kube-state-metrics"
# Alternatively, you can specify a fixed URL where KSM is available. Doing so will bypass autodiscovery.
#staticUrl: http://ksm.ksm.svc.cluster.local:8080/metrics
```
### <span id="ksm-different-version">Run KSM alongside a different version</span>
If you need to run a different instance of KSM in your cluster, you can still run a separate instance for the Kubernetes Integration to work as intended:
```yaml
kube-state-metrics:
# Enable bundled KSM.
enabled: true
prometheusScrape: false
customLabels:
# Label unique to this KSM instance.
newrelic.com/custom-ksm: "true"
newrelic-infrastructure:
ksm:
config:
# Use label above as a selector.
selector: "newrelic.com/custom-ksm=true"
```
For more information on supported KSM version visit the [requirements documentation](https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/kubernetes-integration-compatibility-requirements#reqs)
## Values managed globally
Some of the subchart implement the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which
means that it honors a wide range of defaults and globals common to most New Relic Helm charts.
Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at
[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md).
At the time of writing this document, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this library and
honors global options as described below.
Note, the value table below is automatically generated from `values.yaml` by `helm-docs`. If you need to add new fields or update existing fields, please update the `values.yaml` and then run `helm-docs` to update this value table.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global | object | See [`values.yaml`](values.yaml) | change the behaviour globally to all the supported helm charts. See [user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) for further information. |
| global.affinity | object | `{}` | Sets pod/node affinities |
| global.cluster | string | `""` | The cluster name for the Kubernetes cluster. |
| global.containerSecurityContext | object | `{}` | Sets security context (at container level) |
| global.customAttributes | object | `{}` | Adds extra attributes to the cluster and all the metrics emitted to the backend |
| global.customSecretLicenseKey | string | `""` | Key in the Secret object where the license key is stored |
| global.customSecretName | string | `""` | Name of the Secret object where the license key is stored |
| global.dnsConfig | object | `{}` | Sets pod's dnsConfig |
| global.fargate | bool | false | Must be set to `true` when deploying in an EKS Fargate environment |
| global.hostNetwork | bool | false | Sets pod's hostNetwork |
| global.images.pullSecrets | list | `[]` | Set secrets to be able to fetch images |
| global.images.registry | string | `""` | Changes the registry where to get the images. Useful when there is an internal image cache/proxy |
| global.insightsKey | string | `""` | The license key for your New Relic Account. This will be preferred configuration option if both `insightsKey` and `customSecret` are specified. |
| global.labels | object | `{}` | Additional labels for chart objects |
| global.licenseKey | string | `""` | The license key for your New Relic Account. This will be preferred configuration option if both `licenseKey` and `customSecret` are specified. |
| global.lowDataMode | bool | false | Reduces number of metrics sent in order to reduce costs |
| global.nodeSelector | object | `{}` | Sets pod's node selector |
| global.nrStaging | bool | false | Send the metrics to the staging backend. Requires a valid staging license key |
| global.podLabels | object | `{}` | Additional labels for chart pods |
| global.podSecurityContext | object | `{}` | Sets security context (at pod level) |
| global.priorityClassName | string | `""` | Sets pod's priorityClassName |
| global.privileged | bool | false | In each integration it has different behavior. See [Further information](#values-managed-globally-3) but all aims to send less metrics to the backend to try to save costs | |
| global.proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port` |
| global.serviceAccount.annotations | object | `{}` | Add these annotations to the service account we create |
| global.serviceAccount.create | string | `nil` | Configures if the service account should be created or not |
| global.serviceAccount.name | string | `nil` | Change the name of the service account. This is honored if you disable on this chart the creation of the service account so you can use your own |
| global.tolerations | list | `[]` | Sets pod's tolerations to node taints |
| global.verboseLog | bool | false | Sets the debug logs to this integration or all integrations if it is set globally |
| k8s-agents-operator.enabled | bool | `false` | Install the [`k8s-agents-operator` chart](https://github.com/newrelic/k8s-agents-operator/tree/main/charts/k8s-agents-operator) |
| kube-state-metrics.enabled | bool | `false` | Install the [`kube-state-metrics` chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) from the stable helm charts repository. This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0. Note, kube-state-metrics v2+ disables labels/annotations metrics by default. You can enable the target labels/annotations metrics to be monitored by using the metricLabelsAllowlist/metricAnnotationsAllowList options described [here](https://github.com/prometheus-community/helm-charts/blob/159cd8e4fb89b8b107dcc100287504bb91bf30e0/charts/kube-state-metrics/values.yaml#L274) in your Kubernetes clusters. |
| newrelic-eapm-agent.enabled | bool | `false` | Install the [`newrelic-eapm-agent`](https://github.com/newrelic/helm-charts/tree/master/charts/nr-ebpf-agent) |
| newrelic-infra-operator.enabled | bool | `false` | Install the [`newrelic-infra-operator` chart](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) (Beta) |
| newrelic-infrastructure.enabled | bool | `true` | Install the [`newrelic-infrastructure` chart](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) |
| newrelic-k8s-metrics-adapter.enabled | bool | `false` | Install the [`newrelic-k8s-metrics-adapter.` chart](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) (Beta) |
| newrelic-logging.enabled | bool | `false` | Install the [`newrelic-logging` chart](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) |
| newrelic-pixie.enabled | bool | `false` | Install the [`newrelic-pixie`](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) |
| newrelic-prometheus-agent.enabled | bool | `false` | Install the [`newrelic-prometheus-agent` chart](https://github.com/newrelic/newrelic-prometheus-configurator/tree/main/charts/newrelic-prometheus-agent) |
| nri-kube-events.enabled | bool | `false` | Install the [`nri-kube-events` chart](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) |
| nri-metadata-injection.enabled | bool | `true` | Install the [`nri-metadata-injection` chart](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) |
| nri-prometheus.enabled | bool | `false` | Install the [`nri-prometheus` chart](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) |
| pixie-chart.enabled | bool | `false` | Install the [`pixie-chart` chart](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) |
## Maintainers
* [juanjjaramillo](https://github.com/juanjjaramillo)
* [csongnr](https://github.com/csongnr)
* [dbudziwojskiNR](https://github.com/dbudziwojskiNR)

167
charts/new-relic/nri-bundle/5.0.109/README.md.gotmpl Normal file
View File

@ -0,0 +1,167 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
## Bundled charts
This chart does not deploy anything by itself but has many charts as dependencies. This allows you to easily install and upgrade the New Relic
Kubernetes Integration using only one chart.
In case you need more information about each component this chart installs, or you are an advanced user that want to install each component separately,
here is a list of components that this chart installs and where you can find more information about them:
| Component | Installed by default? | Description |
|------------------------------|-----------------------|-------------|
| [newrelic-infrastructure](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) | Yes | Sends metrics about nodes, cluster objects (e.g. Deployments, Pods), and the control plane to New Relic. |
| [nri-metadata-injection](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) | Yes | Enriches New Relic-instrumented applications (APM) with Kubernetes information. |
| [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) | | Required for `newrelic-infrastructure` to gather cluster-level metrics. |
| [nri-kube-events](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) | | Reports Kubernetes events to New Relic. |
| [newrelic-infra-operator](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) | | (Beta) Used with Fargate or serverless environments to inject `newrelic-infrastructure` as a sidecar instead of the usual DaemonSet. |
| [newrelic-k8s-metrics-adapter](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) | | (Beta) Provides a source of data for Horizontal Pod Autoscalers (HPA) based on a NRQL query from New Relic. |
| [newrelic-logging](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) | | Sends logs for Kubernetes components and workloads running on the cluster to New Relic. |
| [nri-prometheus](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) | | Sends metrics from applications exposing Prometheus metrics to New Relic. |
| [newrelic-prometheus-configurator](https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent) | | Configures instances of Prometheus in Agent mode to send metrics to the New Relic Prometheus endpoint. |
| [newrelic-pixie](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) | | Connects to the Pixie API and enables the New Relic plugin in Pixie. The plugin allows you to export data from Pixie to New Relic for long-term data retention. |
| [Pixie](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) | | Is an open source observability tool for Kubernetes applications that uses eBPF to automatically capture telemetry data without the need for manual instrumentation. |
| [newrelic-eAPM-agent](https://github.com/newrelic/helm-charts/tree/master/charts/nr-ebpf-agent) | | Configures instances of the New Relic eAPM agent to automatically capture telemetry data without the need for manual instrumentation. |
| [k8s-agents-operator](https://github.com/newrelic/k8s-agents-operator/tree/main/charts/k8s-agents-operator) | | (Preview) Streamlines full-stack observability for Kubernetes environments by automating APM instrumentation alongside Kubernetes agent deployment. |
## Configure components
It is possible to configure settings for the individual charts this chart groups by specifying values for them under a key using the name of the chart,
as specified in [helm documentation](https://helm.sh/docs/chart_template_guide/subcharts_and_globals).
For example, by adding the following to the `values.yml` file:
```yaml
# Configuration settings for the newrelic-infrastructure chart
newrelic-infrastructure:
# Any key defined in the values.yml file for the newrelic-infrastructure chart can be configured here:
# https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml
verboseLog: false
resources:
limits:
memory: 512M
```
It is possible to override any entry of the [`newrelic-infrastructure`](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure)
chart, as defined in their [`values.yml` file](https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml).
The same approach can be followed to update any of the subcharts.
After making these changes to the `values.yml` file, or a custom values file, make sure to apply them using:
```
$ helm upgrade --reuse-values -f values.yaml [RELEASE] newrelic/nri-bundle
```
Where `[RELEASE]` is the name of the helm release, e.g. `newrelic-bundle`.
## Monitor on host integrations
If you wish to monitor services running on Kubernetes you can provide integrations
configuration under `integrations_config` that it will passed down to the `newrelic-infrastructure` chart.
You just need to create a new entry where the "name" is the filename of the configuration file and the data is the content of
the integration configuration. The name must end in ".yaml" as this will be the
filename generated and the Infrastructure agent only looks for YAML files.
The data part is the actual integration configuration as described in the spec here:
https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180
In the following example you can see how to monitor a Redis integration with autodiscovery
```yaml
newrelic-infrastructure:
integrations:
nri-redis-sampleapp:
discovery:
command:
exec: /var/db/newrelic-infra/nri-discovery-kubernetes --tls --port 10250
match:
label.app: sampleapp
integrations:
- name: nri-redis
env:
# using the discovered IP as the hostname address
HOSTNAME: ${discovery.ip}
PORT: 6379
labels:
env: test
```
## Bring your own KSM
New Relic Kubernetes Integration requires an instance of kube-state-metrics (KSM) to be running in the cluster, which this chart pulls as a dependency. If you are already running or want to run your own KSM instance, you will need to make some small adjustments as described below.
### Bring your own KSM
If you already have one KSM instance running, you can point `nri-kubernetes` to your instance:
```yaml
kube-state-metrics:
# Disable bundled KSM.
enabled: false
newrelic-infrastructure:
ksm:
config:
# Selector for your pre-installed KSM Service. You may need to adjust this to fit your existing installation.
selector: "app.kubernetes.io/name=kube-state-metrics"
# Alternatively, you can specify a fixed URL where KSM is available. Doing so will bypass autodiscovery.
#staticUrl: http://ksm.ksm.svc.cluster.local:8080/metrics
```
### <span id="ksm-different-version">Run KSM alongside a different version</span>
If you need to run a different instance of KSM in your cluster, you can still run a separate instance for the Kubernetes Integration to work as intended:
```yaml
kube-state-metrics:
# Enable bundled KSM.
enabled: true
prometheusScrape: false
customLabels:
# Label unique to this KSM instance.
newrelic.com/custom-ksm: "true"
newrelic-infrastructure:
ksm:
config:
# Use label above as a selector.
selector: "newrelic.com/custom-ksm=true"
```
For more information on supported KSM version visit the [requirements documentation](https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/kubernetes-integration-compatibility-requirements#reqs)
## Values managed globally
Some of the subchart implement the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which
means that it honors a wide range of defaults and globals common to most New Relic Helm charts.
Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at
[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md).
At the time of writing this document, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this library and
honors global options as described below.
Note, the value table below is automatically generated from `values.yaml` by `helm-docs`. If you need to add new fields or update existing fields, please update the `values.yaml` and then run `helm-docs` to update this value table.
{{ template "chart.valuesSection" . }}
{{ if .Maintainers }}
## Maintainers
{{ range .Maintainers }}
{{- if .Name }}
{{- if .Url }}
* [{{ .Name }}]({{ .Url }})
{{- else }}
* {{ .Name }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

5
charts/new-relic/nri-bundle/5.0.109/app-readme.md Normal file
View File

@ -0,0 +1,5 @@
# New Relic Kubernetes Integration
New Relic's Kubernetes integration gives you full observability into the health and performance of your environment, no matter whether you run Kubernetes on-premises or in the cloud. With our [cluster explorer](https://docs.newrelic.com/docs/integrations/kubernetes-integration/cluster-explorer/kubernetes-cluster-explorer), you can cut through layers of complexity to see how your cluster is performing, from the heights of the control plane down to applications running on a single pod.
You can see the power of the Kubernetes integration in the [cluster explorer](https://docs.newrelic.com/docs/integrations/kubernetes-integration/cluster-explorer/kubernetes-cluster-explorer), where the full picture of a cluster is made available on a single screen: nodes and pods are visualized according to their health and performance, with pending and alerting nodes in the innermost circles. [Predefined alert conditions](https://docs.newrelic.com/docs/integrations/kubernetes-integration/kubernetes-events/kubernetes-integration-predefined-alert-policy) help you troubleshoot issues right from the start. Clicking each node reveals its status and how each app is performing.

23
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
version: 1.3.1
digest: sha256:cfa7bfb136b9bcfe87e37d3556c3fedecc58f42685c4ce39485da106408b6619
generated: "2025-01-23T00:24:01.003099083Z"

20
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/Chart.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v2
appVersion: 0.20.1
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
version: 1.3.1
description: A Helm chart for the Kubernetes Agents Operator
home: https://github.com/newrelic/k8s-agents-operator/blob/main/charts/k8s-agents-operator/README.md
maintainers:
- name: csongnr
url: https://github.com/csongnr
- name: dbudziwojskiNR
url: https://github.com/dbudziwojskiNR
- name: danielstokes
url: https://github.com/danielstokes
name: k8s-agents-operator
sources:
- https://github.com/newrelic/k8s-agents-operator
type: application
version: 0.20.1

321
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/README.md Normal file
View File

@ -0,0 +1,321 @@
# k8s-agents-operator
![Version: 0.20.1](https://img.shields.io/badge/Version-0.20.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.20.1](https://img.shields.io/badge/AppVersion-0.20.1-informational?style=flat-square)
A Helm chart for the Kubernetes Agents Operator
**Homepage:** <https://github.com/newrelic/k8s-agents-operator/blob/main/charts/k8s-agents-operator/README.md>
## Prerequisites
[Helm](https://helm.sh) must be installed to use the charts. Please refer to Helm's [documentation](https://helm.sh/docs) to get started.
## Installation
### Requirements
Add the `k8s-agents-operator` Helm chart repository:
```shell
helm repo add k8s-agents-operator https://newrelic.github.io/k8s-agents-operator
```
### Instrumentation
Install the [`k8s-agents-operator`](https://github.com/newrelic/k8s-agents-operator) Helm chart:
```shell
helm upgrade --install k8s-agents-operator k8s-agents-operator/k8s-agents-operator \
--namespace newrelic \
--create-namespace \
--values your-custom-values.yaml
```
### Monitored namespaces
For each namespace you want the operator to be instrumented, a secret will be replicated from the newrelic operator namespace.
For each `Instrumentation` custom resource created, specifying which APM agent you want to instrument for each language. All available APM
agent docker images and corresponding tags are listed on DockerHub:
* [.NET](https://hub.docker.com/repository/docker/newrelic/newrelic-dotnet-init/general)
* [Java](https://hub.docker.com/repository/docker/newrelic/newrelic-java-init/general)
* [Node](https://hub.docker.com/repository/docker/newrelic/newrelic-node-init/general)
* [Python](https://hub.docker.com/repository/docker/newrelic/newrelic-python-init/general)
* [Ruby](https://hub.docker.com/repository/docker/newrelic/newrelic-ruby-init/general)
* [PHP](https://hub.docker.com/repository/docker/newrelic/newrelic-php-init/general)
For .NET
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-dotnet
spec:
agent:
language: dotnet
image: newrelic/newrelic-dotnet-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Java
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-java
namespace: newrelic
spec:
agent:
language: java
image: newrelic/newrelic-java-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For NodeJS
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-nodejs
namespace: newrelic
spec:
agent:
language: nodejs
image: newrelic/newrelic-node-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Python
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-python
namespace: newrelic
spec:
agent:
language: python
image: newrelic/newrelic-python-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Ruby
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-ruby
namespace: newrelic
spec:
agent:
language: ruby
image: newrelic/newrelic-ruby-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For PHP (glibc)
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-php
namespace: newrelic
spec:
agent:
language: php-${phpversion} # [7.2, 7.3, 7.4, 8.0, 8.1, 8.2, 8.3, etc.]
image: newrelic/newrelic-php-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For PHP (musl)
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-php
namespace: newrelic
spec:
agent:
language: php-${phpversion} # [7.2, 7.3, 7.4, 8.0, 8.1, 8.2, 8.3, etc.]
image: newrelic/newrelic-php-init:musl # Please ensure you're using a trusted New Relic image
# env: ...
```
For environment specific configurations
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
agent:
env:
# Example New Relic agent supported environment variables
- name: NEW_RELIC_LABELS
value: "environment:auto-injection"
# Example setting the pod name based on the metadata
- name: NEW_RELIC_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
# Example overriding the appName configuration
- name: NEW_RELIC_APP_NAME
value: "$(NEW_RELIC_LABELS)-$(NEW_RELIC_POD_NAME)"
```
Targeting everything in a specific namespace with a label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
#agent: ...
namespaceLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["java"]
```
Targeting a pod with a specific label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
podLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["dotnet"]
```
Using a secret with a non-default name
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
licenseKeySecret: the-name-of-the-custom-secret
```
In the example above, we show how you can configure the agent settings globally using environment variables. See each agent's configuration documentation for available configuration options:
* [Java](https://docs.newrelic.com/docs/apm/agents/java-agent/configuration/java-agent-configuration-config-file/)
* [Node](https://docs.newrelic.com/docs/apm/agents/nodejs-agent/installation-configuration/nodejs-agent-configuration/)
* [Python](https://docs.newrelic.com/docs/apm/agents/python-agent/configuration/python-agent-configuration/)
* [.NET](https://docs.newrelic.com/docs/apm/agents/net-agent/configuration/net-agent-configuration/)
* [Ruby](https://docs.newrelic.com/docs/apm/agents/ruby-agent/configuration/ruby-agent-configuration/)
* [PHP](https://docs.newrelic.com/docs/apm/agents/php-agent/configuration/php-agent-configuration/)
### cert-manager
The K8s Agents Operator supports the use of [`cert-manager`](https://github.com/cert-manager/cert-manager) if preferred.
Install the [`cert-manager`](https://github.com/cert-manager/cert-manager) Helm chart:
```shell
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set crds.enabled=true
```
In your `values.yaml` file, set `admissionWebhooks.autoGenerateCert.enabled: false` and `admissionWebhooks.certManager.enabled: true`. Then install the chart as normal.
## Security
This operator requires a privileged environment to run correctly. As with all components that run in a privileged environment, please exercise caution when granting access to the namespace (and other resources) that the K8s Agent Operator is deployed on.
## Available Chart Releases
To see the available charts:
```shell
helm search repo k8s-agents-operator
```
If you want to see a list of all available charts and releases, check [index.yaml](https://newrelic.github.io/k8s-agents-operator/index.yaml).
## Source Code
* <https://github.com/newrelic/k8s-agents-operator>
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| https://helm-charts.newrelic.com | common-library | 1.3.1 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| admissionWebhooks | object | `{"autoGenerateCert":{"certPeriodDays":365,"enabled":true,"recreate":true},"caFile":"","certFile":"","certManager":{"enabled":false},"create":true,"keyFile":""}` | Admission webhooks make sure only requests with correctly formatted rules will get into the Operator |
| admissionWebhooks.autoGenerateCert.certPeriodDays | int | `365` | Cert validity period time in days. |
| admissionWebhooks.autoGenerateCert.enabled | bool | `true` | If true and certManager.enabled is false, Helm will automatically create a self-signed cert and secret for you. |
| admissionWebhooks.autoGenerateCert.recreate | bool | `true` | If set to true, new webhook key/certificate is generated on helm upgrade. |
| admissionWebhooks.caFile | string | `""` | Path to the CA cert. |
| admissionWebhooks.certFile | string | `""` | Path to your own PEM-encoded certificate. |
| admissionWebhooks.certManager.enabled | bool | `false` | If true and autoGenerateCert.enabled is false, cert-manager will create a self-signed cert and secret for you. |
| admissionWebhooks.keyFile | string | `""` | Path to your own PEM-encoded private key. |
| affinity | object | `{}` | Sets all pods' affinities. Can be configured also with `global.affinity` |
| containerSecurityContext | object | `{}` | Sets all security context (at container level). Can be configured also with `global.securityContext.container` |
| controllerManager.manager.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | Sets security context (at container level) for the manager. Overrides `containerSecurityContext` and `global.containerSecurityContext` |
| controllerManager.manager.image.pullPolicy | string | `nil` | |
| controllerManager.manager.image.repository | string | `"newrelic/k8s-agents-operator"` | Sets the repository and image to use for the manager. Please ensure you're using trusted New Relic images. |
| controllerManager.manager.image.version | string | `nil` | Sets the manager image version to retrieve. Could be a tag i.e. "v0.17.0" or a SHA digest i.e. "sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e" |
| controllerManager.manager.leaderElection | object | `{"enabled":true}` | Enable leader election mechanism for protecting against split brain if multiple operator pods/replicas are started |
| controllerManager.manager.resources.limits.cpu | string | `"500m"` | |
| controllerManager.manager.resources.limits.memory | string | `"192Mi"` | |
| controllerManager.manager.resources.requests.cpu | string | `"100m"` | |
| controllerManager.manager.resources.requests.memory | string | `"64Mi"` | |
| controllerManager.replicas | int | `1` | |
| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` |
| kubernetesClusterDomain | string | `"cluster.local"` | |
| labels | object | `{}` | Additional labels for chart objects |
| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` |
| metricsService.ports[0].name | string | `"https"` | |
| metricsService.ports[0].port | int | `8443` | |
| metricsService.ports[0].protocol | string | `"TCP"` | |
| metricsService.ports[0].targetPort | int | `8443` | |
| metricsService.type | string | `"ClusterIP"` | |
| nodeSelector | object | `{}` | Sets all pods' node selector. Can be configured also with `global.nodeSelector` |
| podAnnotations | object | `{}` | Annotations to be added to the deployment. |
| podLabels | object | `{}` | Additional labels for chart pods |
| podSecurityContext | object | `{"runAsNonRoot":true}` | SecurityContext holds pod-level security attributes and common container settings |
| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` |
| serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation |
| serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created |
| tolerations | list | `[]` | Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` |
| webhookService.ports[0].port | int | `443` | |
| webhookService.ports[0].protocol | string | `"TCP"` | |
| webhookService.ports[0].targetPort | int | `9443` | |
| webhookService.type | string | `"ClusterIP"` | |
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| csongnr | | <https://github.com/csongnr> |
| dbudziwojskiNR | | <https://github.com/dbudziwojskiNR> |
| danielstokes | | <https://github.com/danielstokes> |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

266
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/README.md.gotmpl Normal file
View File

@ -0,0 +1,266 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
## Prerequisites
[Helm](https://helm.sh) must be installed to use the charts. Please refer to Helm's [documentation](https://helm.sh/docs) to get started.
## Installation
### Requirements
Add the `k8s-agents-operator` Helm chart repository:
```shell
helm repo add k8s-agents-operator https://newrelic.github.io/k8s-agents-operator
```
### Instrumentation
Install the [`k8s-agents-operator`](https://github.com/newrelic/k8s-agents-operator) Helm chart:
```shell
helm upgrade --install k8s-agents-operator k8s-agents-operator/k8s-agents-operator \
--namespace newrelic \
--create-namespace \
--values your-custom-values.yaml
```
### Monitored namespaces
For each namespace you want the operator to be instrumented, a secret will be replicated from the newrelic operator namespace.
For each `Instrumentation` custom resource created, specifying which APM agent you want to instrument for each language. All available APM
agent docker images and corresponding tags are listed on DockerHub:
* [.NET](https://hub.docker.com/repository/docker/newrelic/newrelic-dotnet-init/general)
* [Java](https://hub.docker.com/repository/docker/newrelic/newrelic-java-init/general)
* [Node](https://hub.docker.com/repository/docker/newrelic/newrelic-node-init/general)
* [Python](https://hub.docker.com/repository/docker/newrelic/newrelic-python-init/general)
* [Ruby](https://hub.docker.com/repository/docker/newrelic/newrelic-ruby-init/general)
* [PHP](https://hub.docker.com/repository/docker/newrelic/newrelic-php-init/general)
For .NET
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-dotnet
spec:
agent:
language: dotnet
image: newrelic/newrelic-dotnet-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Java
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-java
namespace: newrelic
spec:
agent:
language: java
image: newrelic/newrelic-java-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For NodeJS
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-nodejs
namespace: newrelic
spec:
agent:
language: nodejs
image: newrelic/newrelic-node-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Python
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-python
namespace: newrelic
spec:
agent:
language: python
image: newrelic/newrelic-python-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For Ruby
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-ruby
namespace: newrelic
spec:
agent:
language: ruby
image: newrelic/newrelic-ruby-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For PHP (glibc)
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-php
namespace: newrelic
spec:
agent:
language: php-${phpversion} # [7.2, 7.3, 7.4, 8.0, 8.1, 8.2, 8.3, etc.]
image: newrelic/newrelic-php-init:latest # Please ensure you're using a trusted New Relic image
# env: ...
```
For PHP (musl)
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-php
namespace: newrelic
spec:
agent:
language: php-${phpversion} # [7.2, 7.3, 7.4, 8.0, 8.1, 8.2, 8.3, etc.]
image: newrelic/newrelic-php-init:musl # Please ensure you're using a trusted New Relic image
# env: ...
```
For environment specific configurations
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
agent:
env:
# Example New Relic agent supported environment variables
- name: NEW_RELIC_LABELS
value: "environment:auto-injection"
# Example setting the pod name based on the metadata
- name: NEW_RELIC_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
# Example overriding the appName configuration
- name: NEW_RELIC_APP_NAME
value: "$(NEW_RELIC_LABELS)-$(NEW_RELIC_POD_NAME)"
```
Targeting everything in a specific namespace with a label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
#agent: ...
namespaceLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["java"]
```
Targeting a pod with a specific label
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
podLabelSelector:
matchExpressions:
- key: "app.newrelic.instrumentation"
operator: "In"
values: ["dotnet"]
```
Using a secret with a non-default name
```yaml
apiVersion: newrelic.com/v1alpha2
kind: Instrumentation
metadata:
name: newrelic-instrumentation-lang
namespace: newrelic
spec:
# agent: ...
licenseKeySecret: the-name-of-the-custom-secret
```
In the example above, we show how you can configure the agent settings globally using environment variables. See each agent's configuration documentation for available configuration options:
* [Java](https://docs.newrelic.com/docs/apm/agents/java-agent/configuration/java-agent-configuration-config-file/)
* [Node](https://docs.newrelic.com/docs/apm/agents/nodejs-agent/installation-configuration/nodejs-agent-configuration/)
* [Python](https://docs.newrelic.com/docs/apm/agents/python-agent/configuration/python-agent-configuration/)
* [.NET](https://docs.newrelic.com/docs/apm/agents/net-agent/configuration/net-agent-configuration/)
* [Ruby](https://docs.newrelic.com/docs/apm/agents/ruby-agent/configuration/ruby-agent-configuration/)
* [PHP](https://docs.newrelic.com/docs/apm/agents/php-agent/configuration/php-agent-configuration/)
### cert-manager
The K8s Agents Operator supports the use of [`cert-manager`](https://github.com/cert-manager/cert-manager) if preferred.
Install the [`cert-manager`](https://github.com/cert-manager/cert-manager) Helm chart:
```shell
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set crds.enabled=true
```
In your `values.yaml` file, set `admissionWebhooks.autoGenerateCert.enabled: false` and `admissionWebhooks.certManager.enabled: true`. Then install the chart as normal.
## Security
This operator requires a privileged environment to run correctly. As with all components that run in a privileged environment, please exercise caution when granting access to the namespace (and other resources) that the K8s Agent Operator is deployed on.
## Available Chart Releases
To see the available charts:
```shell
helm search repo k8s-agents-operator
```
If you want to see a list of all available charts and releases, check [index.yaml](https://newrelic.github.io/k8s-agents-operator/index.yaml).
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "chart.maintainersSection" . }}
{{ template "helm-docs.versionFooter" . }}

23
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

17
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/Chart.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v2
description: Provides helpers to provide consistency on all the charts
keywords:
- newrelic
- chart-library
maintainers:
- name: juanjjaramillo
url: https://github.com/juanjjaramillo
- name: csongnr
url: https://github.com/csongnr
- name: dbudziwojskiNR
url: https://github.com/dbudziwojskiNR
- name: kang-makes
url: https://github.com/kang-makes
name: common-library
type: library
version: 1.3.1

747
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/DEVELOPERS.md Normal file
View File

@ -0,0 +1,747 @@
# Functions/templates documented for chart writers
Here is some rough documentation separated by the file that contains the function, the function
name and how to use it. We are not covering functions that start with `_` (e.g.
`newrelic.common.license._licenseKey`) because they are used internally by this library for
other helpers. Helm does not have the concept of "public" or "private" functions/templates so
this is a convention of ours.
## _naming.tpl
These functions are used to name objects.
### `newrelic.common.naming.name`
This is the same as the idiomatic `CHART-NAME.name` that is created when you use `helm create`.
It honors `.Values.nameOverride`.
Usage:
```mustache
{{ include "newrelic.common.naming.name" . }}
```
### `newrelic.common.naming.fullname`
This is the same as the idiomatic `CHART-NAME.fullname` that is created when you use `helm create`
It honors `.Values.fullnameOverride`.
Usage:
```mustache
{{ include "newrelic.common.naming.fullname" . }}
```
### `newrelic.common.naming.chart`
This is the same as the idiomatic `CHART-NAME.chart` that is created when you use `helm create`.
It is mostly useless for chart writers. It is used internally for templating the labels but there
is no reason to keep it "private".
Usage:
```mustache
{{ include "newrelic.common.naming.chart" . }}
```
### `newrelic.common.naming.truncateToDNS`
This is a useful template that could be used to trim a string to 63 chars and does not end with a dash (`-`).
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
Usage:
```mustache
{{ $nameToTruncate := "a-really-really-really-really-REALLY-long-string-that-should-be-truncated-because-it-is-enought-long-to-brak-something"
{{- $truncatedName := include "newrelic.common.naming.truncateToDNS" $nameToTruncate }}
{{- $truncatedName }}
{{- /* This should print: a-really-really-really-really-REALLY-long-string-that-should-be */ -}}
```
### `newrelic.common.naming.truncateToDNSWithSuffix`
This template function is the same as the above but instead of receiving a string you should give a `dict`
with a `name` and a `suffix`. This function will join them with a dash (`-`) and trim the `name` so the
result of `name-suffix` is no more than 63 chars
Usage:
```mustache
{{ $nameToTruncate := "a-really-really-really-really-REALLY-long-string-that-should-be-truncated-because-it-is-enought-long-to-brak-something"
{{- $suffix := "A-NOT-SO-LONG-SUFFIX" }}
{{- $truncatedName := include "truncateToDNSWithSuffix" (dict "name" $nameToTruncate "suffix" $suffix) }}
{{- $truncatedName }}
{{- /* This should print: a-really-really-really-really-REALLY-long-A-NOT-SO-LONG-SUFFIX */ -}}
```
## _labels.tpl
### `newrelic.common.labels`, `newrelic.common.labels.selectorLabels` and `newrelic.common.labels.podLabels`
These are functions that are used to label objects. They are configured by this `values.yaml`
```yaml
global:
podLabels: {} # included in all the pods of all the charts that implement this library
labels: {} # included in all the objects of all the charts that implement this library
podLabels: {} # included in all the pods of this chart
labels: {} # included in all the objects of this chart
```
label maps are merged from global to local values.
And chart writer should use them like this:
```mustache
metadata:
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "newrelic.common.labels.podLabels" . | nindent 8 }}
```
`newrelic.common.labels.podLabels` includes `newrelic.common.labels.selectorLabels` automatically.
## _priority-class-name.tpl
### `newrelic.common.priorityClassName`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
priorityClassName: ""
priorityClassName: ""
```
Be careful: chart writers should put an empty string (or any kind of Helm falsiness) for this
library to work properly. If in your values a non-falsy `priorityClassName` is found, the global
one is going to be always ignored.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.priorityClassName" . }}
priorityClassName: {{ . }}
{{- end }}
```
## _hostnetwork.tpl
### `newrelic.common.hostNetwork`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
hostNetwork: # Note that this is empty (nil)
hostNetwork: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `hostNetwork` is defined, the global one is going to be always ignored.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.hostNetwork" . }}
hostNetwork: {{ . }}
{{- end }}
```
### `newrelic.common.hostNetwork.value`
This function is an abstraction of the function above but this returns directly "true" or "false".
Be careful with using this with an `if` as Helm does evaluate "false" (string) as `true`.
Usage (example in a pod spec):
```mustache
spec:
hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }}
```
## _dnsconfig.tpl
### `newrelic.common.dnsConfig`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
dnsConfig: {}
dnsConfig: {}
```
Be careful: chart writers should put an empty string (or any kind of Helm falsiness) for this
library to work properly. If in your values a non-falsy `dnsConfig` is found, the global
one is going to be always ignored.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.dnsConfig" . }}
dnsConfig:
{{- . | nindent 4 }}
{{- end }}
```
## _images.tpl
These functions help us to deal with how images are templated. This allows setting `registries`
where to fetch images globally while being flexible enough to fit in different maps of images
and deployments with one or more images. This is the example of a complex `values.yaml` that
we are going to use during the documentation of these functions:
```yaml
global:
images:
registry: nexus-3-instance.internal.clients-domain.tld
jobImage:
registry: # defaults to "example.tld" when empty in these examples
repository: ingress-nginx/kube-webhook-certgen
tag: v1.1.1
pullPolicy: IfNotPresent
pullSecrets: []
images:
integration:
registry:
repository: newrelic/nri-kube-events
tag: 1.8.0
pullPolicy: IfNotPresent
agent:
registry:
repository: newrelic/k8s-events-forwarder
tag: 1.22.0
pullPolicy: IfNotPresent
pullSecrets: []
```
### `newrelic.common.images.image`
This will return a string with the image ready to be downloaded that includes the registry, the image and the tag.
`defaultRegistry` is used to keep `registry` field empty in `values.yaml` so you can override the image using
`global.images.registry`, your local `jobImage.registry` and be able to fallback to a registry that is not `docker.io`
(Or the default repository that the client could have set in the CRI).
Usage:
```mustache
{{- /* For the integration */}}
{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.agent "context" .) }}
{{- /* For jobImage */}}
{{ include "newrelic.common.images.image" ( dict "defaultRegistry" "example.tld" "imageRoot" .Values.jobImage "context" .) }}
```
### `newrelic.common.images.registry`
It returns the registry from the global or local values. You should avoid using this helper to create your image
URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed.
Usage:
```mustache
{{- /* For the integration */}}
{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.images.agent "context" .) }}
{{- /* For jobImage */}}
{{ include "newrelic.common.images.registry" ( dict "defaultRegistry" "example.tld" "imageRoot" .Values.jobImage "context" .) }}
```
### `newrelic.common.images.repository`
It returns the image from the values. You should avoid using this helper to create your image
URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed.
Usage:
```mustache
{{- /* For jobImage */}}
{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.jobImage "context" .) }}
{{- /* For the integration */}}
{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.images.agent "context" .) }}
```
### `newrelic.common.images.tag`
It returns the image's tag from the values. You should avoid using this helper to create your image
URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed.
Usage:
```mustache
{{- /* For jobImage */}}
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.jobImage "context" .) }}
{{- /* For the integration */}}
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.images.integration "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.images.agent "context" .) }}
```
### `newrelic.common.images.renderPullSecrets`
If returns a merged map that contains the pull secrets from the global configuration and the local one.
Usage:
```mustache
{{- /* For jobImage */}}
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.jobImage.pullSecrets "context" .) }}
{{- /* For the integration */}}
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.images.pullSecrets "context" .) }}
{{- /* For the agent */}}
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.images.pullSecrets "context" .) }}
```
## _serviceaccount.tpl
These functions are used to evaluate if the service account should be created, with which name and add annotations to it.
The functions that the common library has implemented for service accounts are:
* `newrelic.common.serviceAccount.create`
* `newrelic.common.serviceAccount.name`
* `newrelic.common.serviceAccount.annotations`
Usage:
```mustache
{{- if include "newrelic.common.serviceAccount.create" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with (include "newrelic.common.serviceAccount.annotations" .) }}
annotations:
{{- . | nindent 4 }}
{{- end }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
```
## _affinity.tpl, _nodeselector.tpl and _tolerations.tpl
These three files are almost the same and they follow the idiomatic way of `helm create`.
Each function also looks if there is a global value like the other helpers.
```yaml
global:
affinity: {}
nodeSelector: {}
tolerations: []
affinity: {}
nodeSelector: {}
tolerations: []
```
The values here are replaced instead of be merged. If a value at root level is found, the global one is ignored.
Usage (example in a pod spec):
```mustache
spec:
{{- with include "newrelic.common.nodeSelector" . }}
nodeSelector:
{{- . | nindent 4 }}
{{- end }}
{{- with include "newrelic.common.affinity" . }}
affinity:
{{- . | nindent 4 }}
{{- end }}
{{- with include "newrelic.common.tolerations" . }}
tolerations:
{{- . | nindent 4 }}
{{- end }}
```
## _agent-config.tpl
### `newrelic.common.agentConfig.defaults`
This returns a YAML that the agent can use directly as a config that includes other options from the values file like verbose mode,
custom attributes, FedRAMP and such.
Usage:
```mustache
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
name: {{ include newrelic.common.naming.truncateToDNSWithSuffix (dict "name" (include "newrelic.common.naming.fullname" .) suffix "agent-config") }}
namespace: {{ .Release.Namespace }}
data:
newrelic-infra.yml: |-
# This is the configuration file for the infrastructure agent. See:
# https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/
{{- include "newrelic.common.agentConfig.defaults" . | nindent 4 }}
```
## _cluster.tpl
### `newrelic.common.cluster`
Returns the cluster name
Usage:
```mustache
{{ include "newrelic.common.cluster" . }}
```
## _custom-attributes.tpl
### `newrelic.common.customAttributes`
Return custom attributes in YAML format.
Usage:
```mustache
apiVersion: v1
kind: ConfigMap
metadata:
name: example
data:
custom-attributes.yaml: |
{{- include "newrelic.common.customAttributes" . | nindent 4 }}
custom-attributes.json: |
{{- include "newrelic.common.customAttributes" . | fromYaml | toJson | nindent 4 }}
```
## _fedramp.tpl
### `newrelic.common.fedramp.enabled`
Returns true if FedRAMP is enabled or an empty string if not. It can be safely used in conditionals as an empty string is a Helm falsiness.
Usage:
```mustache
{{ include "newrelic.common.fedramp.enabled" . }}
```
### `newrelic.common.fedramp.enabled.value`
Returns true if FedRAMP is enabled or false if not. This is to have the value of FedRAMP ready to be templated.
Usage:
```mustache
{{ include "newrelic.common.fedramp.enabled.value" . }}
```
## _license.tpl
### `newrelic.common.license.secretName` and ### `newrelic.common.license.secretKeyName`
Returns the secret and key inside the secret where to read the license key.
The common library will take care of using a user-provided custom secret or creating a secret that contains the license key.
To create the secret use `newrelic.common.license.secret`.
Usage:
```mustache
{{- if and (.Values.controlPlane.enabled) (not (include "newrelic.fargate" .)) }}
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
containers:
- name: agent
env:
- name: "NRIA_LICENSE_KEY"
valueFrom:
secretKeyRef:
name: {{ include "newrelic.common.license.secretName" . }}
key: {{ include "newrelic.common.license.secretKeyName" . }}
```
## _license_secret.tpl
### `newrelic.common.license.secret`
This function templates the secret that is used by agents and integrations with the license Key provided by the user. It will
template nothing (empty string) if the user provides a custom pair of secret name and key.
This template also fails in case the user has not provided any license key or custom secret so no safety checks have to be done
by chart writers.
You just must have a template with these two lines:
```mustache
{{- /* Common library will take care of creating the secret or not. */ -}}
{{- include "newrelic.common.license.secret" . -}}
```
## _insights.tpl
### `newrelic.common.insightsKey.secretName` and ### `newrelic.common.insightsKey.secretKeyName`
Returns the secret and key inside the secret where to read the insights key.
The common library will take care of using a user-provided custom secret or creating a secret that contains the insights key.
To create the secret use `newrelic.common.insightsKey.secret`.
Usage:
```mustache
apiVersion: v1
kind: Pod
metadata:
name: statsd
spec:
containers:
- name: statsd
env:
- name: "INSIGHTS_KEY"
valueFrom:
secretKeyRef:
name: {{ include "newrelic.common.insightsKey.secretName" . }}
key: {{ include "newrelic.common.insightsKey.secretKeyName" . }}
```
## _insights_secret.tpl
### `newrelic.common.insightsKey.secret`
This function templates the secret that is used by agents and integrations with the insights key provided by the user. It will
template nothing (empty string) if the user provides a custom pair of secret name and key.
This template also fails in case the user has not provided any insights key or custom secret so no safety checks have to be done
by chart writers.
You just must have a template with these two lines:
```mustache
{{- /* Common library will take care of creating the secret or not. */ -}}
{{- include "newrelic.common.insightsKey.secret" . -}}
```
## _userkey.tpl
### `newrelic.common.userKey.secretName` and ### `newrelic.common.userKey.secretKeyName`
Returns the secret and key inside the secret where to read a user key.
The common library will take care of using a user-provided custom secret or creating a secret that contains the insights key.
To create the secret use `newrelic.common.userKey.secret`.
Usage:
```mustache
apiVersion: v1
kind: Pod
metadata:
name: statsd
spec:
containers:
- name: statsd
env:
- name: "API_KEY"
valueFrom:
secretKeyRef:
name: {{ include "newrelic.common.userKey.secretName" . }}
key: {{ include "newrelic.common.userKey.secretKeyName" . }}
```
## _userkey_secret.tpl
### `newrelic.common.userKey.secret`
This function templates the secret that is used by agents and integrations with a user key provided by the user. It will
template nothing (empty string) if the user provides a custom pair of secret name and key.
This template also fails in case the user has not provided any API key or custom secret so no safety checks have to be done
by chart writers.
You just must have a template with these two lines:
```mustache
{{- /* Common library will take care of creating the secret or not. */ -}}
{{- include "newrelic.common.userKey.secret" . -}}
```
## _region.tpl
### `newrelic.common.region.validate`
Given a string, return a normalized name for the region if valid.
This function does not need the context of the chart, only the value to be validated. The region returned
honors the region [definition of the newrelic-client-go implementation](https://github.com/newrelic/newrelic-client-go/blob/cbe3e4cf2b95fd37095bf2ffdc5d61cffaec17e2/pkg/region/region_constants.go#L8-L21)
so (as of 2024/09/14) it returns the region as "US", "EU", "Staging", or "Local".
In case the region provided does not match these 4, the helper calls `fail` and abort the templating.
Usage:
```mustache
{{ include "newrelic.common.region.validate" "us" }}
```
### `newrelic.common.region`
It reads global and local variables for `region`:
```yaml
global:
region: # Note that this can be empty (nil) or "" (empty string)
region: # Note that this can be empty (nil) or "" (empty string)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in your
values a `region` is defined, the global one is going to be always ignored.
This function gives protection so it enforces users to give the license key as a value in their
`values.yaml` or specify a global or local `region` value. To understand how the `region` value
works, read the documentation of `newrelic.common.region.validate`.
The function will change the region from US, EU or Staging based of the license key and the
`nrStaging` toggle. Whichever region is computed from the license/toggle can be overridden by
the `region` value.
Usage:
```mustache
{{ include "newrelic.common.region" . }}
```
## _low-data-mode.tpl
### `newrelic.common.lowDataMode`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
lowDataMode: # Note that this is empty (nil)
lowDataMode: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `lowdataMode` is defined, the global one is going to be always ignored.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage:
```mustache
{{ include "newrelic.common.lowDataMode" . }}
```
## _privileged.tpl
### `newrelic.common.privileged`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
privileged: # Note that this is empty (nil)
privileged: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `privileged` is defined, the global one is going to be always ignored.
Chart writers could override this and put directly a `true` in the `values.yaml` to override the
default of the common library.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage:
```mustache
{{ include "newrelic.common.privileged" . }}
```
### `newrelic.common.privileged.value`
Returns true if privileged mode is enabled or false if not. This is to have the value of privileged ready to be templated.
Usage:
```mustache
{{ include "newrelic.common.privileged.value" . }}
```
## _proxy.tpl
### `newrelic.common.proxy`
Returns the proxy URL configured by the user.
Usage:
```mustache
{{ include "newrelic.common.proxy" . }}
```
## _security-context.tpl
Use these functions to share the security context among all charts. Useful in clusters that have security enforcing not to
use the root user (like OpenShift) or users that have an admission webhooks.
The functions are:
* `newrelic.common.securityContext.container`
* `newrelic.common.securityContext.pod`
Usage:
```mustache
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
spec:
{{- with include "newrelic.common.securityContext.pod" . }}
securityContext:
{{- . | nindent 8 }}
{{- end }}
containers:
- name: example
{{- with include "nriKubernetes.securityContext.container" . }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
```
## _staging.tpl
### `newrelic.common.nrStaging`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
nrStaging: # Note that this is empty (nil)
nrStaging: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `nrStaging` is defined, the global one is going to be always ignored.
This function returns "true" of "" (empty string) so it can be used for evaluating conditionals.
Usage:
```mustache
{{ include "newrelic.common.nrStaging" . }}
```
### `newrelic.common.nrStaging.value`
Returns true if staging is enabled or false if not. This is to have the staging value ready to be templated.
Usage:
```mustache
{{ include "newrelic.common.nrStaging.value" . }}
```
## _verbose-log.tpl
### `newrelic.common.verboseLog`
Like almost everything in this library, it reads global and local variables:
```yaml
global:
verboseLog: # Note that this is empty (nil)
verboseLog: # Note that this is empty (nil)
```
Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you
values a `verboseLog` is defined, the global one is going to be always ignored.
Usage:
```mustache
{{ include "newrelic.common.verboseLog" . }}
```
### `newrelic.common.verboseLog.valueAsBoolean`
Returns true if verbose is enabled or false if not. This is to have the verbose value ready to be templated as a boolean
Usage:
```mustache
{{ include "newrelic.common.verboseLog.valueAsBoolean" . }}
```
### `newrelic.common.verboseLog.valueAsInt`
Returns 1 if verbose is enabled or 0 if not. This is to have the verbose value ready to be templated as an integer
Usage:
```mustache
{{ include "newrelic.common.verboseLog.valueAsInt" . }}
```

106
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/README.md Normal file
View File

@ -0,0 +1,106 @@
# Helm Common library
The common library is a way to unify the UX through all the Helm charts that implement it.
The tooling suite that New Relic is huge and growing and this allows to set things globally
and locally for a single chart.
## Documentation for chart writers
If you are writing a chart that is going to use this library you can check the [developers guide](/library/common-library/DEVELOPERS.md) to see all
the functions/templates that we have implemented, what they do and how to use them.
## Values managed globally
We want to have a seamless experience through all the charts so we created this library that tries to standardize the behaviour
of all the charts. Sadly, because of the complexity of all these integrations, not all the charts behave exactly as expected.
An example is `newrelic-infrastructure` that ignores `hostNetwork` in the control plane scraper because most of the users has the
control plane listening in the node to `localhost`.
For each chart that has a special behavior (or further information of the behavior) there is a "chart particularities" section
in its README.md that explains which is the expected behavior.
At the time of writing this, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this
library and honors global options as described in this document.
Here is a list of global options:
| Global keys | Local keys | Default | Merged[<sup>1</sup>](#values-managed-globally-1) | Description |
|-------------|------------|---------|--------------------------------------------------|-------------|
| global.cluster | cluster | `""` | | Name of the Kubernetes cluster monitored |
| global.licenseKey | licenseKey | `""` | | This set this license key to use |
| global.customSecretName | customSecretName | `""` | | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there |
| global.customSecretLicenseKey | customSecretLicenseKey | `""` | | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located |
| global.podLabels | podLabels | `{}` | yes | Additional labels for chart pods |
| global.labels | labels | `{}` | yes | Additional labels for chart objects |
| global.priorityClassName | priorityClassName | `""` | | Sets pod's priorityClassName |
| global.hostNetwork | hostNetwork | `false` | | Sets pod's hostNetwork |
| global.dnsConfig | dnsConfig | `{}` | | Sets pod's dnsConfig |
| global.images.registry | See [Further information](#values-managed-globally-2) | `""` | | Changes the registry where to get the images. Useful when there is an internal image cache/proxy |
| global.images.pullSecrets | See [Further information](#values-managed-globally-2) | `[]` | yes | Set secrets to be able to fetch images |
| global.podSecurityContext | podSecurityContext | `{}` | | Sets security context (at pod level) |
| global.containerSecurityContext | containerSecurityContext | `{}` | | Sets security context (at container level) |
| global.affinity | affinity | `{}` | | Sets pod/node affinities |
| global.nodeSelector | nodeSelector | `{}` | | Sets pod's node selector |
| global.tolerations | tolerations | `[]` | | Sets pod's tolerations to node taints |
| global.serviceAccount.create | serviceAccount.create | `true` | | Configures if the service account should be created or not |
| global.serviceAccount.name | serviceAccount.name | name of the release | | Change the name of the service account. This is honored if you disable on this cahrt the creation of the service account so you can use your own. |
| global.serviceAccount.annotations | serviceAccount.annotations | `{}` | yes | Add these annotations to the service account we create |
| global.customAttributes | customAttributes | `{}` | | Adds extra attributes to the cluster and all the metrics emitted to the backend |
| global.fedramp | fedramp | `false` | | Enables FedRAMP |
| global.lowDataMode | lowDataMode | `false` | | Reduces number of metrics sent in order to reduce costs |
| global.privileged | privileged | Depends on the chart | | In each integration it has different behavior. See [Further information](#values-managed-globally-3) but all aims to send less metrics to the backend to try to save costs |
| global.proxy | proxy | `""` | | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port` |
| global.nrStaging | nrStaging | `false` | | Send the metrics to the staging backend. Requires a valid staging license key |
| global.verboseLog | verboseLog | `false` | | Sets the debug/trace logs to this integration or all integrations if it is set globally |
### Further information
<a name="values-managed-globally-1"></a>
#### 1. Merged
Merged means that the values from global are not replaced by the local ones. Think in this example:
```yaml
global:
labels:
global: global
hostNetwork: true
nodeSelector:
global: global
labels:
local: local
nodeSelector:
local: local
hostNetwork: false
```
This values will template `hostNetwork` to `false`, a map of labels `{ "global": "global", "local": "local" }` and a `nodeSelector` with
`{ "local": "local" }`.
As Helm by default merges all the maps it could be confusing that we have two behaviors (merging `labels` and replacing `nodeSelector`)
the `values` from global to local. This is the rationale behind this:
* `hostNetwork` is templated to `false` because is overriding the value defined globally.
* `labels` are merged because the user may want to label all the New Relic pods at once and label other solution pods differently for
clarity' sake.
* `nodeSelector` does not merge as `labels` because could make it harder to overwrite/delete a selector that comes from global because
of the logic that Helm follows merging maps.
<a name="values-managed-globally-2"></a>
#### 2. Fine grain registries
Some charts only have 1 image while others that can have 2 or more images. The local path for the registry can change depending
on the chart itself.
As this is mostly unique per helm chart, you should take a look to the chart's values table (or directly to the `values.yaml` file to see all the
images that you can change.
This should only be needed if you have an advanced setup that forces you to have granularity enough to force a proxy/cache registry per integration.
<a name="values-managed-globally-3"></a>
#### 3. Privileged mode
By default, from the common library, the privileged mode is set to false. But most of the helm charts require this to be true to fetch more
metrics so could see a true in some charts. The consequences of the privileged mode differ from one chart to another so for each chart that
honors the privileged mode toggle should be a section in the README explaining which is the behavior with it enabled or disabled.

10
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_affinity.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod affinity */ -}}
{{- define "newrelic.common.affinity" -}}
{{- if .Values.affinity -}}
{{- toYaml .Values.affinity -}}
{{- else if .Values.global -}}
{{- if .Values.global.affinity -}}
{{- toYaml .Values.global.affinity -}}
{{- end -}}
{{- end -}}
{{- end -}}

26
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_agent-config.tpl Normal file
View File

@ -0,0 +1,26 @@
{{/*
This helper should return the defaults that all agents should have
*/}}
{{- define "newrelic.common.agentConfig.defaults" -}}
{{- if include "newrelic.common.verboseLog" . }}
log:
level: trace
{{- end }}
{{- if (include "newrelic.common.nrStaging" . ) }}
staging: true
{{- end }}
{{- with include "newrelic.common.proxy" . }}
proxy: {{ . | quote }}
{{- end }}
{{- with include "newrelic.common.fedramp.enabled" . }}
fedramp: {{ . }}
{{- end }}
{{- with fromYaml ( include "newrelic.common.customAttributes" . ) }}
custom_attributes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

15
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_cluster.tpl Normal file
View File

@ -0,0 +1,15 @@
{{/*
Return the cluster
*/}}
{{- define "newrelic.common.cluster" -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if .Values.cluster -}}
{{- .Values.cluster -}}
{{- else if $global.cluster -}}
{{- $global.cluster -}}
{{- else -}}
{{ fail "There is not cluster name definition set neither in `.global.cluster' nor `.cluster' in your values.yaml. Cluster name is required." }}
{{- end -}}
{{- end -}}

17
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_custom-attributes.tpl Normal file
View File

@ -0,0 +1,17 @@
{{/*
This will render custom attributes as a YAML ready to be templated or be used with `fromYaml`.
*/}}
{{- define "newrelic.common.customAttributes" -}}
{{- $customAttributes := dict -}}
{{- $global := index .Values "global" | default dict -}}
{{- if $global.customAttributes -}}
{{- $customAttributes = mergeOverwrite $customAttributes $global.customAttributes -}}
{{- end -}}
{{- if .Values.customAttributes -}}
{{- $customAttributes = mergeOverwrite $customAttributes .Values.customAttributes -}}
{{- end -}}
{{- toYaml $customAttributes -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_dnsconfig.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod dnsConfig */ -}}
{{- define "newrelic.common.dnsConfig" -}}
{{- if .Values.dnsConfig -}}
{{- toYaml .Values.dnsConfig -}}
{{- else if .Values.global -}}
{{- if .Values.global.dnsConfig -}}
{{- toYaml .Values.global.dnsConfig -}}
{{- end -}}
{{- end -}}
{{- end -}}

25
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_fedramp.tpl Normal file
View File

@ -0,0 +1,25 @@
{{- /* Defines the fedRAMP flag */ -}}
{{- define "newrelic.common.fedramp.enabled" -}}
{{- if .Values.fedramp -}}
{{- if .Values.fedramp.enabled -}}
{{- .Values.fedramp.enabled -}}
{{- end -}}
{{- else if .Values.global -}}
{{- if .Values.global.fedramp -}}
{{- if .Values.global.fedramp.enabled -}}
{{- .Values.global.fedramp.enabled -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Return FedRAMP value directly ready to be templated */ -}}
{{- define "newrelic.common.fedramp.enabled.value" -}}
{{- if include "newrelic.common.fedramp.enabled" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

39
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_hostnetwork.tpl Normal file
View File

@ -0,0 +1,39 @@
{{- /*
Abstraction of the hostNetwork toggle.
This helper allows to override the global `.global.hostNetwork` with the value of `.hostNetwork`.
Returns "true" if `hostNetwork` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.hostNetwork" -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- /*
`get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs
We also want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.hostNetwork" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- if get .Values "hostNetwork" | kindIs "bool" -}}
{{- if .Values.hostNetwork -}}
{{- .Values.hostNetwork -}}
{{- end -}}
{{- else if get $global "hostNetwork" | kindIs "bool" -}}
{{- if $global.hostNetwork -}}
{{- $global.hostNetwork -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /*
Abstraction of the hostNetwork toggle.
This helper abstracts the function "newrelic.common.hostNetwork" to return true or false directly.
*/ -}}
{{- define "newrelic.common.hostNetwork.value" -}}
{{- if include "newrelic.common.hostNetwork" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

94
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_images.tpl Normal file
View File

@ -0,0 +1,94 @@
{{- /*
Return the proper image name
{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.path.to.the.image "defaultRegistry" "your.private.registry.tld" "context" .) }}
*/ -}}
{{- define "newrelic.common.images.image" -}}
{{- $registryName := include "newrelic.common.images.registry" ( dict "imageRoot" .imageRoot "defaultRegistry" .defaultRegistry "context" .context ) -}}
{{- $repositoryName := include "newrelic.common.images.repository" .imageRoot -}}
{{- $tag := include "newrelic.common.images.tag" ( dict "imageRoot" .imageRoot "context" .context) -}}
{{- if $registryName -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag | quote -}}
{{- else -}}
{{- printf "%s:%s" $repositoryName $tag | quote -}}
{{- end -}}
{{- end -}}
{{- /*
Return the proper image registry
{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.path.to.the.image "defaultRegistry" "your.private.registry.tld" "context" .) }}
*/ -}}
{{- define "newrelic.common.images.registry" -}}
{{- $globalRegistry := "" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.images -}}
{{- with .context.Values.global.images.registry -}}
{{- $globalRegistry = . -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $localRegistry := "" -}}
{{- if .imageRoot.registry -}}
{{- $localRegistry = .imageRoot.registry -}}
{{- end -}}
{{- $registry := $localRegistry | default $globalRegistry | default .defaultRegistry -}}
{{- if $registry -}}
{{- $registry -}}
{{- end -}}
{{- end -}}
{{- /*
Return the proper image repository
{{ include "newrelic.common.images.repository" .Values.path.to.the.image }}
*/ -}}
{{- define "newrelic.common.images.repository" -}}
{{- .repository -}}
{{- end -}}
{{- /*
Return the proper image tag
{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.path.to.the.image "context" .) }}
*/ -}}
{{- define "newrelic.common.images.tag" -}}
{{- .imageRoot.tag | default .context.Chart.AppVersion | toString -}}
{{- end -}}
{{- /*
Return the proper Image Pull Registry Secret Names evaluating values as templates
{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.path.to.the.images.pullSecrets1, .Values.path.to.the.images.pullSecrets2) "context" .) }}
*/ -}}
{{- define "newrelic.common.images.renderPullSecrets" -}}
{{- $flatlist := list }}
{{- if .context.Values.global -}}
{{- if .context.Values.global.images -}}
{{- if .context.Values.global.images.pullSecrets -}}
{{- range .context.Values.global.images.pullSecrets -}}
{{- $flatlist = append $flatlist . -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- range .pullSecrets -}}
{{- if not (empty .) -}}
{{- range . -}}
{{- $flatlist = append $flatlist . -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $flatlist -}}
{{- toYaml $flatlist -}}
{{- end -}}
{{- end -}}

56
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_insights.tpl Normal file
View File

@ -0,0 +1,56 @@
{{/*
Return the name of the secret holding the Insights Key.
*/}}
{{- define "newrelic.common.insightsKey.secretName" -}}
{{- $default := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "insightskey" ) -}}
{{- include "newrelic.common.insightsKey._customSecretName" . | default $default -}}
{{- end -}}
{{/*
Return the name key for the Insights Key inside the secret.
*/}}
{{- define "newrelic.common.insightsKey.secretKeyName" -}}
{{- include "newrelic.common.insightsKey._customSecretKey" . | default "insightsKey" -}}
{{- end -}}
{{/*
Return local insightsKey if set, global otherwise.
This helper is for internal use.
*/}}
{{- define "newrelic.common.insightsKey._licenseKey" -}}
{{- if .Values.insightsKey -}}
{{- .Values.insightsKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.insightsKey -}}
{{- .Values.global.insightsKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret holding the Insights Key.
This helper is for internal use.
*/}}
{{- define "newrelic.common.insightsKey._customSecretName" -}}
{{- if .Values.customInsightsKeySecretName -}}
{{- .Values.customInsightsKeySecretName -}}
{{- else if .Values.global -}}
{{- if .Values.global.customInsightsKeySecretName -}}
{{- .Values.global.customInsightsKeySecretName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name key for the Insights Key inside the secret.
This helper is for internal use.
*/}}
{{- define "newrelic.common.insightsKey._customSecretKey" -}}
{{- if .Values.customInsightsKeySecretKey -}}
{{- .Values.customInsightsKeySecretKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.customInsightsKeySecretKey }}
{{- .Values.global.customInsightsKeySecretKey -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_insights_secret.yaml.tpl Normal file
View File

@ -0,0 +1,21 @@
{{/*
Renders the insights key secret if user has not specified a custom secret.
*/}}
{{- define "newrelic.common.insightsKey.secret" }}
{{- if not (include "newrelic.common.insightsKey._customSecretName" .) }}
{{- /* Fail if licenseKey is empty and required: */ -}}
{{- if not (include "newrelic.common.insightsKey._licenseKey" .) }}
{{- fail "You must specify a insightsKey or a customInsightsSecretName containing it" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "newrelic.common.insightsKey.secretName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
{{ include "newrelic.common.insightsKey.secretKeyName" . }}: {{ include "newrelic.common.insightsKey._licenseKey" . | b64enc }}
{{- end }}
{{- end }}

58
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_labels.tpl Normal file
View File

@ -0,0 +1,58 @@
{{/*
This will render the labels that should be used in all the manifests used by the helm chart.
*/}}
{{- define "newrelic.common.labels" -}}
{{- $global := index .Values "global" | default dict -}}
{{- $chart := dict "helm.sh/chart" (include "newrelic.common.naming.chart" . ) -}}
{{- $managedBy := dict "app.kubernetes.io/managed-by" .Release.Service -}}
{{- $selectorLabels := fromYaml (include "newrelic.common.labels.selectorLabels" . ) -}}
{{- $labels := mustMergeOverwrite $chart $managedBy $selectorLabels -}}
{{- if .Chart.AppVersion -}}
{{- $labels = mustMergeOverwrite $labels (dict "app.kubernetes.io/version" .Chart.AppVersion) -}}
{{- end -}}
{{- $globalUserLabels := $global.labels | default dict -}}
{{- $localUserLabels := .Values.labels | default dict -}}
{{- $labels = mustMergeOverwrite $labels $globalUserLabels $localUserLabels -}}
{{- range $k, $v := $labels -}}
{{- $_ := set $labels $k (include "newrelic.common.naming.truncateToDNS" $v ) -}}
{{- end -}}
{{- toYaml $labels -}}
{{- end -}}
{{/*
This will render the labels that should be used in deployments/daemonsets template pods as a selector.
*/}}
{{- define "newrelic.common.labels.selectorLabels" -}}
{{- $name := dict "app.kubernetes.io/name" ( include "newrelic.common.naming.name" . ) -}}
{{- $instance := dict "app.kubernetes.io/instance" .Release.Name -}}
{{- $selectorLabels := mustMergeOverwrite $name $instance -}}
{{- toYaml $selectorLabels -}}
{{- end }}
{{/*
Pod labels
*/}}
{{- define "newrelic.common.labels.podLabels" -}}
{{- $selectorLabels := fromYaml (include "newrelic.common.labels.selectorLabels" . ) -}}
{{- $global := index .Values "global" | default dict -}}
{{- $globalPodLabels := $global.podLabels | default dict }}
{{- $localPodLabels := .Values.podLabels | default dict }}
{{- $podLabels := mustMergeOverwrite $selectorLabels $globalPodLabels $localPodLabels -}}
{{- toYaml $podLabels -}}
{{- end }}

68
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_license.tpl Normal file
View File

@ -0,0 +1,68 @@
{{/*
Return the name of the secret holding the License Key.
*/}}
{{- define "newrelic.common.license.secretName" -}}
{{- $default := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "license" ) -}}
{{- include "newrelic.common.license._customSecretName" . | default $default -}}
{{- end -}}
{{/*
Return the name key for the License Key inside the secret.
*/}}
{{- define "newrelic.common.license.secretKeyName" -}}
{{- include "newrelic.common.license._customSecretKey" . | default "licenseKey" -}}
{{- end -}}
{{/*
Return local licenseKey if set, global otherwise.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._licenseKey" -}}
{{- if .Values.licenseKey -}}
{{- .Values.licenseKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.licenseKey -}}
{{- .Values.global.licenseKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret holding the License Key.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._customSecretName" -}}
{{- if .Values.customSecretName -}}
{{- .Values.customSecretName -}}
{{- else if .Values.global -}}
{{- if .Values.global.customSecretName -}}
{{- .Values.global.customSecretName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name key for the License Key inside the secret.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._customSecretKey" -}}
{{- if .Values.customSecretLicenseKey -}}
{{- .Values.customSecretLicenseKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.customSecretLicenseKey }}
{{- .Values.global.customSecretLicenseKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return empty string (falsehood) or "true" if the user set a custom secret for the license.
This helper is for internal use.
*/}}
{{- define "newrelic.common.license._usesCustomSecret" -}}
{{- if or (include "newrelic.common.license._customSecretName" .) (include "newrelic.common.license._customSecretKey" .) -}}
true
{{- end -}}
{{- end -}}

21
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_license_secret.yaml.tpl Normal file
View File

@ -0,0 +1,21 @@
{{/*
Renders the license key secret if user has not specified a custom secret.
*/}}
{{- define "newrelic.common.license.secret" }}
{{- if not (include "newrelic.common.license._customSecretName" .) }}
{{- /* Fail if licenseKey is empty and required: */ -}}
{{- if not (include "newrelic.common.license._licenseKey" .) }}
{{- fail "You must specify a licenseKey or a customSecretName containing it" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "newrelic.common.license.secretName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
{{ include "newrelic.common.license.secretKeyName" . }}: {{ include "newrelic.common.license._licenseKey" . | b64enc }}
{{- end }}
{{- end }}

26
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_low-data-mode.tpl Normal file
View File

@ -0,0 +1,26 @@
{{- /*
Abstraction of the lowDataMode toggle.
This helper allows to override the global `.global.lowDataMode` with the value of `.lowDataMode`.
Returns "true" if `lowDataMode` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.lowDataMode" -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if (get .Values "lowDataMode" | kindIs "bool") -}}
{{- if .Values.lowDataMode -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.lowDataMode" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.lowDataMode -}}
{{- end -}}
{{- else -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "lowDataMode" | kindIs "bool" -}}
{{- if $global.lowDataMode -}}
{{- $global.lowDataMode -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

73
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_naming.tpl Normal file
View File

@ -0,0 +1,73 @@
{{/*
This is an function to be called directly with a string just to truncate strings to
63 chars because some Kubernetes name fields are limited to that.
*/}}
{{- define "newrelic.common.naming.truncateToDNS" -}}
{{- . | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- /*
Given a name and a suffix returns a 'DNS Valid' which always include the suffix, truncating the name if needed.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If suffix is too long it gets truncated but it always takes precedence over name, so a 63 chars suffix would suppress the name.
Usage:
{{ include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" "<my-name>" "suffix" "my-suffix" ) }}
*/ -}}
{{- define "newrelic.common.naming.truncateToDNSWithSuffix" -}}
{{- $suffix := (include "newrelic.common.naming.truncateToDNS" .suffix) -}}
{{- $maxLen := (max (sub 63 (add1 (len $suffix))) 0) -}} {{- /* We prepend "-" to the suffix so an additional character is needed */ -}}
{{- $newName := .name | trunc ($maxLen | int) | trimSuffix "-" -}}
{{- if $newName -}}
{{- printf "%s-%s" $newName $suffix -}}
{{- else -}}
{{ $suffix }}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
Uses the Chart name by default if nameOverride is not set.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "newrelic.common.naming.name" -}}
{{- $name := .Values.nameOverride | default .Chart.Name -}}
{{- include "newrelic.common.naming.truncateToDNS" $name -}}
{{- end }}
{{/*
Create a default fully qualified app name.
By default the full name will be "<release_name>" just in if it has the chart name included in that, if not
it will be concatenated like "<release_name>-<chart_chart>". This could change if fullnameOverride or
nameOverride are set.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "newrelic.common.naming.fullname" -}}
{{- $name := include "newrelic.common.naming.name" . -}}
{{- if .Values.fullnameOverride -}}
{{- $name = .Values.fullnameOverride -}}
{{- else if not (contains $name .Release.Name) -}}
{{- $name = printf "%s-%s" .Release.Name $name -}}
{{- end -}}
{{- include "newrelic.common.naming.truncateToDNS" $name -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
This function should not be used for naming objects. Use "common.naming.{name,fullname}" instead.
*/}}
{{- define "newrelic.common.naming.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end }}

10
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_nodeselector.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod nodeSelector */ -}}
{{- define "newrelic.common.nodeSelector" -}}
{{- if .Values.nodeSelector -}}
{{- toYaml .Values.nodeSelector -}}
{{- else if .Values.global -}}
{{- if .Values.global.nodeSelector -}}
{{- toYaml .Values.global.nodeSelector -}}
{{- end -}}
{{- end -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_priority-class-name.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the pod priorityClassName */ -}}
{{- define "newrelic.common.priorityClassName" -}}
{{- if .Values.priorityClassName -}}
{{- .Values.priorityClassName -}}
{{- else if .Values.global -}}
{{- if .Values.global.priorityClassName -}}
{{- .Values.global.priorityClassName -}}
{{- end -}}
{{- end -}}
{{- end -}}

28
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_privileged.tpl Normal file
View File

@ -0,0 +1,28 @@
{{- /*
This is a helper that returns whether the chart should assume the user is fine deploying privileged pods.
*/ -}}
{{- define "newrelic.common.privileged" -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists. */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if get .Values "privileged" | kindIs "bool" -}}
{{- if .Values.privileged -}}
{{- .Values.privileged -}}
{{- end -}}
{{- else if get $global "privileged" | kindIs "bool" -}}
{{- if $global.privileged -}}
{{- $global.privileged -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Return directly "true" or "false" based in the exist of "newrelic.common.privileged" */ -}}
{{- define "newrelic.common.privileged.value" -}}
{{- if include "newrelic.common.privileged" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_proxy.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the proxy */ -}}
{{- define "newrelic.common.proxy" -}}
{{- if .Values.proxy -}}
{{- .Values.proxy -}}
{{- else if .Values.global -}}
{{- if .Values.global.proxy -}}
{{- .Values.global.proxy -}}
{{- end -}}
{{- end -}}
{{- end -}}

74
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_region.tpl Normal file
View File

@ -0,0 +1,74 @@
{{/*
Return the region that is being used by the user
*/}}
{{- define "newrelic.common.region" -}}
{{- if and (include "newrelic.common.license._usesCustomSecret" .) (not (include "newrelic.common.region._fromValues" .)) -}}
{{- fail "This Helm Chart is not able to compute the region. You must specify a .global.region or .region if the license is set using a custom secret." -}}
{{- end -}}
{{- /* Defaults */ -}}
{{- $region := "us" -}}
{{- if include "newrelic.common.nrStaging" . -}}
{{- $region = "staging" -}}
{{- else if include "newrelic.common.region._isEULicenseKey" . -}}
{{- $region = "eu" -}}
{{- end -}}
{{- include "newrelic.common.region.validate" (include "newrelic.common.region._fromValues" . | default $region ) -}}
{{- end -}}
{{/*
Returns the region from the values if valid. This only return the value from the `values.yaml`.
More intelligence should be used to compute the region.
Usage: `include "newrelic.common.region.validate" "us"`
*/}}
{{- define "newrelic.common.region.validate" -}}
{{- /* Ref: https://github.com/newrelic/newrelic-client-go/blob/cbe3e4cf2b95fd37095bf2ffdc5d61cffaec17e2/pkg/region/region_constants.go#L8-L21 */ -}}
{{- $region := . | lower -}}
{{- if eq $region "us" -}}
US
{{- else if eq $region "eu" -}}
EU
{{- else if eq $region "staging" -}}
Staging
{{- else if eq $region "local" -}}
Local
{{- else -}}
{{- fail (printf "the region provided is not valid: %s not in \"US\" \"EU\" \"Staging\" \"Local\"" .) -}}
{{- end -}}
{{- end -}}
{{/*
Returns the region from the values. This only return the value from the `values.yaml`.
More intelligence should be used to compute the region.
This helper is for internal use.
*/}}
{{- define "newrelic.common.region._fromValues" -}}
{{- if .Values.region -}}
{{- .Values.region -}}
{{- else if .Values.global -}}
{{- if .Values.global.region -}}
{{- .Values.global.region -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return empty string (falsehood) or "true" if the license is for EU region.
This helper is for internal use.
*/}}
{{- define "newrelic.common.region._isEULicenseKey" -}}
{{- if not (include "newrelic.common.license._usesCustomSecret" .) -}}
{{- $license := include "newrelic.common.license._licenseKey" . -}}
{{- if hasPrefix "eu" $license -}}
true
{{- end -}}
{{- end -}}
{{- end -}}

23
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_security-context.tpl Normal file
View File

@ -0,0 +1,23 @@
{{- /* Defines the container securityContext context */ -}}
{{- define "newrelic.common.securityContext.container" -}}
{{- $global := index .Values "global" | default dict -}}
{{- if .Values.containerSecurityContext -}}
{{- toYaml .Values.containerSecurityContext -}}
{{- else if $global.containerSecurityContext -}}
{{- toYaml $global.containerSecurityContext -}}
{{- end -}}
{{- end -}}
{{- /* Defines the pod securityContext context */ -}}
{{- define "newrelic.common.securityContext.pod" -}}
{{- $global := index .Values "global" | default dict -}}
{{- if .Values.podSecurityContext -}}
{{- toYaml .Values.podSecurityContext -}}
{{- else if $global.podSecurityContext -}}
{{- toYaml $global.podSecurityContext -}}
{{- end -}}
{{- end -}}

90
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_serviceaccount.tpl Normal file
View File

@ -0,0 +1,90 @@
{{- /* Defines if the service account has to be created or not */ -}}
{{- define "newrelic.common.serviceAccount.create" -}}
{{- $valueFound := false -}}
{{- /* Look for a global creation of a service account */ -}}
{{- if get .Values "serviceAccount" | kindIs "map" -}}
{{- if (get .Values.serviceAccount "create" | kindIs "bool") -}}
{{- $valueFound = true -}}
{{- if .Values.serviceAccount.create -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.serviceAccount.name" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.serviceAccount.create -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Look for a local creation of a service account */ -}}
{{- if not $valueFound -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "serviceAccount" | kindIs "map" -}}
{{- if get $global.serviceAccount "create" | kindIs "bool" -}}
{{- $valueFound = true -}}
{{- if $global.serviceAccount.create -}}
{{- $global.serviceAccount.create -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* In case no serviceAccount value has been found, default to "true" */ -}}
{{- if not $valueFound -}}
true
{{- end -}}
{{- end -}}
{{- /* Defines the name of the service account */ -}}
{{- define "newrelic.common.serviceAccount.name" -}}
{{- $localServiceAccount := "" -}}
{{- if get .Values "serviceAccount" | kindIs "map" -}}
{{- if (get .Values.serviceAccount "name" | kindIs "string") -}}
{{- $localServiceAccount = .Values.serviceAccount.name -}}
{{- end -}}
{{- end -}}
{{- $globalServiceAccount := "" -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "serviceAccount" | kindIs "map" -}}
{{- if get $global.serviceAccount "name" | kindIs "string" -}}
{{- $globalServiceAccount = $global.serviceAccount.name -}}
{{- end -}}
{{- end -}}
{{- if (include "newrelic.common.serviceAccount.create" .) -}}
{{- $localServiceAccount | default $globalServiceAccount | default (include "newrelic.common.naming.fullname" .) -}}
{{- else -}}
{{- $localServiceAccount | default $globalServiceAccount | default "default" -}}
{{- end -}}
{{- end -}}
{{- /* Merge the global and local annotations for the service account */ -}}
{{- define "newrelic.common.serviceAccount.annotations" -}}
{{- $localServiceAccount := dict -}}
{{- if get .Values "serviceAccount" | kindIs "map" -}}
{{- if get .Values.serviceAccount "annotations" -}}
{{- $localServiceAccount = .Values.serviceAccount.annotations -}}
{{- end -}}
{{- end -}}
{{- $globalServiceAccount := dict -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "serviceAccount" | kindIs "map" -}}
{{- if get $global.serviceAccount "annotations" -}}
{{- $globalServiceAccount = $global.serviceAccount.annotations -}}
{{- end -}}
{{- end -}}
{{- $merged := mustMergeOverwrite $globalServiceAccount $localServiceAccount -}}
{{- if $merged -}}
{{- toYaml $merged -}}
{{- end -}}
{{- end -}}

39
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_staging.tpl Normal file
View File

@ -0,0 +1,39 @@
{{- /*
Abstraction of the nrStaging toggle.
This helper allows to override the global `.global.nrStaging` with the value of `.nrStaging`.
Returns "true" if `nrStaging` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.nrStaging" -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if (get .Values "nrStaging" | kindIs "bool") -}}
{{- if .Values.nrStaging -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.nrStaging" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.nrStaging -}}
{{- end -}}
{{- else -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "nrStaging" | kindIs "bool" -}}
{{- if $global.nrStaging -}}
{{- $global.nrStaging -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /*
Returns "true" of "false" directly instead of empty string (Helm falsiness) based on the exit of "newrelic.common.nrStaging"
*/ -}}
{{- define "newrelic.common.nrStaging.value" -}}
{{- if include "newrelic.common.nrStaging" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_tolerations.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /* Defines the Pod tolerations */ -}}
{{- define "newrelic.common.tolerations" -}}
{{- if .Values.tolerations -}}
{{- toYaml .Values.tolerations -}}
{{- else if .Values.global -}}
{{- if .Values.global.tolerations -}}
{{- toYaml .Values.global.tolerations -}}
{{- end -}}
{{- end -}}
{{- end -}}

56
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_userkey.tpl Normal file
View File

@ -0,0 +1,56 @@
{{/*
Return the name of the secret holding the API Key.
*/}}
{{- define "newrelic.common.userKey.secretName" -}}
{{- $default := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "userkey" ) -}}
{{- include "newrelic.common.userKey._customSecretName" . | default $default -}}
{{- end -}}
{{/*
Return the name key for the API Key inside the secret.
*/}}
{{- define "newrelic.common.userKey.secretKeyName" -}}
{{- include "newrelic.common.userKey._customSecretKey" . | default "userKey" -}}
{{- end -}}
{{/*
Return local API Key if set, global otherwise.
This helper is for internal use.
*/}}
{{- define "newrelic.common.userKey._userKey" -}}
{{- if .Values.userKey -}}
{{- .Values.userKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.userKey -}}
{{- .Values.global.userKey -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret holding the API Key.
This helper is for internal use.
*/}}
{{- define "newrelic.common.userKey._customSecretName" -}}
{{- if .Values.customUserKeySecretName -}}
{{- .Values.customUserKeySecretName -}}
{{- else if .Values.global -}}
{{- if .Values.global.customUserKeySecretName -}}
{{- .Values.global.customUserKeySecretName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the name key for the API Key inside the secret.
This helper is for internal use.
*/}}
{{- define "newrelic.common.userKey._customSecretKey" -}}
{{- if .Values.customUserKeySecretKey -}}
{{- .Values.customUserKeySecretKey -}}
{{- else if .Values.global -}}
{{- if .Values.global.customUserKeySecretKey }}
{{- .Values.global.customUserKeySecretKey -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_userkey_secret.yaml.tpl Normal file
View File

@ -0,0 +1,21 @@
{{/*
Renders the user key secret if user has not specified a custom secret.
*/}}
{{- define "newrelic.common.userKey.secret" }}
{{- if not (include "newrelic.common.userKey._customSecretName" .) }}
{{- /* Fail if user key is empty and required: */ -}}
{{- if not (include "newrelic.common.userKey._userKey" .) }}
{{- fail "You must specify a userKey or a customUserKeySecretName containing it" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "newrelic.common.userKey.secretName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
{{ include "newrelic.common.userKey.secretKeyName" . }}: {{ include "newrelic.common.userKey._userKey" . | b64enc }}
{{- end }}
{{- end }}

54
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/templates/_verbose-log.tpl Normal file
View File

@ -0,0 +1,54 @@
{{- /*
Abstraction of the verbose toggle.
This helper allows to override the global `.global.verboseLog` with the value of `.verboseLog`.
Returns "true" if `verbose` is enabled, otherwise "" (empty string)
*/ -}}
{{- define "newrelic.common.verboseLog" -}}
{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
{{- if (get .Values "verboseLog" | kindIs "bool") -}}
{{- if .Values.verboseLog -}}
{{- /*
We want only to return when this is true, returning `false` here will template "false" (string) when doing
an `(include "newrelic.common.verboseLog" .)`, which is not an "empty string" so it is `true` if it is used
as an evaluation somewhere else.
*/ -}}
{{- .Values.verboseLog -}}
{{- end -}}
{{- else -}}
{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}}
{{- $global := index .Values "global" | default dict -}}
{{- if get $global "verboseLog" | kindIs "bool" -}}
{{- if $global.verboseLog -}}
{{- $global.verboseLog -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /*
Abstraction of the verbose toggle.
This helper abstracts the function "newrelic.common.verboseLog" to return true or false directly.
*/ -}}
{{- define "newrelic.common.verboseLog.valueAsBoolean" -}}
{{- if include "newrelic.common.verboseLog" . -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}
{{- /*
Abstraction of the verbose toggle.
This helper abstracts the function "newrelic.common.verboseLog" to return 1 or 0 directly.
*/ -}}
{{- define "newrelic.common.verboseLog.valueAsInt" -}}
{{- if include "newrelic.common.verboseLog" . -}}
1
{{- else -}}
0
{{- end -}}
{{- end -}}

1
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/charts/common-library/values.yaml Normal file
View File

@ -0,0 +1 @@
# values are not needed for the library chart, however this file is still needed for helm lint to work.

36
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/NOTES.txt Normal file
View File

@ -0,0 +1,36 @@
This project is currently in preview.
Issues and contributions should be reported to the project's GitHub.
{{- if (include "k8s-agents-operator.areValuesValid" .) }}
=====================================
********
****************
********** **********,
&&&**** ****/(((
&&&&&&& ((((((
&&&&&&&&&& ((((((
&&&&&&&& ((((((
&&&&& ((((((
&&&&& ((((((((
&&&&& .((((((((((
&&&&&((((((((
&&&(((,
Your deployment of the New Relic Agent Operator is complete.
You can check on the progress of this by running the following command:
kubectl get deployments -o wide -w --namespace {{ .Release.Namespace }} {{ include "newrelic.common.naming.fullname" . }}
WARNING: This deployment will be incomplete until you configure your Instrumentation custom resource definition.
=====================================
Please visit https://github.com/newrelic/k8s-agents-operator for instructions on how to create & configure the
Instrumentation custom resource definition required by the Operator.
{{- else }}
##############################################################################
#### ERROR: You did not set a license key. ####
##############################################################################
This deployment will be incomplete until you get your ingest license key from New Relic.
{{- end -}}

16
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,16 @@
{{/*
Returns if the template should render, it checks if the required values are set.
*/}}
{{- define "k8s-agents-operator.areValuesValid" -}}
{{- $licenseKey := include "newrelic.common.license._licenseKey" . -}}
{{- and (or $licenseKey)}}
{{- end -}}
{{- define "k8s-agents-operator.manager.image" -}}
{{- $managerVersion := .Values.controllerManager.manager.image.version | default .Chart.AppVersion -}}
{{- if eq (substr 0 7 $managerVersion) "sha256:" -}}
{{- printf "%s@%s" .Values.controllerManager.manager.image.repository $managerVersion -}}
{{- else -}}
{{- printf "%s:%s" .Values.controllerManager.manager.image.repository $managerVersion -}}
{{- end -}}
{{- end -}}

64
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/_naming.tpl Normal file
View File

@ -0,0 +1,64 @@
{{/* Controller manager service certificate's secret. */}}
{{- define "k8s-agents-operator.certificateSecret.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "controller-manager-service-cert") -}}
{{- end }}
{{- define "k8s-agents-operator.webhook.service.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "webhook-service") -}}
{{- end -}}
{{- define "k8s-agents-operator.metricsService.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "controller-manager-metrics-service") -}}
{{- end -}}
{{- define "k8s-agents-operator.webhook.mutating.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "mutation") -}}
{{- end -}}
{{- define "k8s-agents-operator.webhook.validating.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "validation") -}}
{{- end -}}
{{- define "k8s-agents-operator.cert-manager.issuer.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "selfsigned-issuer") -}}
{{- end -}}
{{- define "k8s-agents-operator.cert-manager.certificate.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "serving-cert") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.metricsAuth.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "metrics-auth-role") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.metricsAuth.roleBinding.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "metrics-auth-rolebinding") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.manager.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "manager-role") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.manager.roleBinding.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "manager-rolebinding") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.leaderElection.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "leader-election-role") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.leaderElection.roleBinding.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "leader-election-rolebinding") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.metricsReader.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "metrics-reader") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.instrumentationEditor.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "instrumentation-editor-role") -}}
{{- end -}}
{{- define "k8s-agents-operator.rbac.instrumentationViewer.role.name" -}}
{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "instrumentation-viewer-role") -}}
{{- end -}}

10
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/_security_context.tpl Normal file
View File

@ -0,0 +1,10 @@
{{- /*
A helper to return the container security context to apply to the manager.
*/ -}}
{{- define "k8s-agents-operator.manager.securityContext.container" -}}
{{- if .Values.controllerManager.manager.containerSecurityContext -}}
{{- toYaml .Values.controllerManager.manager.containerSecurityContext -}}
{{- else if include "newrelic.common.securityContext.container" . -}}
{{- include "newrelic.common.securityContext.container" . -}}
{{- end -}}
{{- end -}}

40
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/_tls.tpl Normal file
View File

@ -0,0 +1,40 @@
{{/*
Return certificate and CA for Webhooks.
It handles variants when a cert has to be generated by Helm,
a cert is loaded from an existing secret or is provided via `.Values`
*/}}
{{- define "k8s-agents-operator.webhookCert" -}}
{{- $caCert := "" }}
{{- $clientCert := "" }}
{{- $clientKey := "" }}
{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }}
{{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "k8s-agents-operator.certificateSecret.name" . )) }}
{{- if and (not .Values.admissionWebhooks.autoGenerateCert.recreate) $prevSecret }}
{{- $clientCert = index $prevSecret "data" "tls.crt" }}
{{- $clientKey = index $prevSecret "data" "tls.key" }}
{{- $caCert = index $prevSecret "data" "ca.crt" }}
{{- if not $caCert }}
{{- $prevHook := (lookup "admissionregistration.k8s.io/v1" "MutatingWebhookConfiguration" .Release.Namespace (print (include "newrelic.common.naming.fullname" . ) "-mutation")) }}
{{- if not (eq (toString $prevHook) "<nil>") }}
{{- $caCert = (first $prevHook.webhooks).clientConfig.caBundle }}
{{- end }}
{{- end }}
{{- else }}
{{- $certValidity := int .Values.admissionWebhooks.autoGenerateCert.certPeriodDays | default 365 }}
{{- $ca := genCA "k8s-agents-operator-operator-ca" $certValidity }}
{{- $domain1 := printf "%s.%s.svc" (include "k8s-agents-operator.webhook.service.name" .) $.Release.Namespace }}
{{- $domain2 := printf "%s.%s.svc.%s" (include "k8s-agents-operator.webhook.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }}
{{- $domains := list $domain1 $domain2 }}
{{- $cert := genSignedCert (include "newrelic.common.naming.fullname" .) nil $domains $certValidity $ca }}
{{- $clientCert = b64enc $cert.Cert }}
{{- $clientKey = b64enc $cert.Key }}
{{- $caCert = b64enc $ca.Cert }}
{{- end }}
{{- else }}
{{- $clientCert = .Files.Get .Values.admissionWebhooks.certFile | b64enc }}
{{- $clientKey = .Files.Get .Values.admissionWebhooks.keyFile | b64enc }}
{{- $caCert = .Files.Get .Values.admissionWebhooks.caFile | b64enc }}
{{- end }}
{{- $result := dict "clientCert" $clientCert "clientKey" $clientKey "caCert" $caCert }}
{{- $result | toYaml }}
{{- end }}

103
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "newrelic.common.naming.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
control-plane: controller-manager
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.controllerManager.replicas }}
selector:
matchLabels:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }}
control-plane: controller-manager
template:
metadata:
labels:
control-plane: controller-manager
{{- include "newrelic.common.labels.podLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }}
{{- with include "newrelic.common.securityContext.pod" . }}
securityContext:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.priorityClassName" . }}
priorityClassName: {{ . }}
{{- end }}
{{- with include "newrelic.common.dnsConfig" . }}
dnsConfig:
{{- . | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 10
containers:
- name: manager
{{- with include "k8s-agents-operator.manager.securityContext.container" . }}
securityContext:
{{- . | nindent 10 }}
{{- end }}
args:
- --metrics-bind-address=:8443
{{- if .Values.controllerManager.manager.leaderElection.enabled }}
- --leader-elect
{{- end }}
- --health-probe-bind-address=:8081
command:
- /bin/operator
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
- name: ENABLE_WEBHOOKS
value: "true"
image: {{ include "k8s-agents-operator.manager.image" . }}
imagePullPolicy: {{ .Values.controllerManager.manager.image.pullPolicy | default "Always" }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
{{- toYaml .Values.controllerManager.manager.resources | nindent 10 }}
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
{{- if or .Values.admissionWebhooks.create (include "k8s-agents-operator.certificateSecret.name" . ) }}
volumes:
- name: cert
secret:
defaultMode: 420
secretName: {{ include "k8s-agents-operator.certificateSecret.name" . }}
{{- end }}
{{- with include "newrelic.common.nodeSelector" . }}
nodeSelector:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.affinity" . }}
affinity:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.tolerations" . }}
tolerations:
{{- . | nindent 8 }}
{{- end }}

1217
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/instrumentation-crd.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

26
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/instrumentation-editor-rbac.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.instrumentationEditor.role.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- newrelic.com
resources:
- instrumentations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- newrelic.com
resources:
- instrumentations/status
verbs:
- get

22
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/instrumentation-viewer-rbac.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.instrumentationViewer.role.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- newrelic.com
resources:
- instrumentations
verbs:
- get
- list
- watch
- apiGroups:
- newrelic.com
resources:
- instrumentations/status
verbs:
- get

55
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/leader-election-rbac.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "k8s-agents-operator.rbac.leaderElection.role.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "k8s-agents-operator.rbac.leaderElection.roleBinding.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "k8s-agents-operator.rbac.leaderElection.role.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}

106
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/manager-rbac.yaml Normal file
View File

@ -0,0 +1,106 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.manager.role.name" . }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- namespaces
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces/status
- pods/status
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- newrelic.com
resources:
- instrumentations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- newrelic.com
resources:
- instrumentations/finalizers
verbs:
- update
- apiGroups:
- newrelic.com
resources:
- instrumentations/status
verbs:
- get
- patch
- update
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "k8s-agents-operator.rbac.manager.roleBinding.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "k8s-agents-operator.rbac.manager.role.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}

36
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/metrics-auth-rbac.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.metricsAuth.role.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "k8s-agents-operator.rbac.metricsAuth.roleBinding.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "k8s-agents-operator.rbac.metricsAuth.role.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}

11
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/metrics-reader-rbac.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-agents-operator.rbac.metricsReader.role.name" . }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
rules:
- nonResourceURLs:
- /metrics
verbs:
- get

15
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/metrics-service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "k8s-agents-operator.metricsService.name" . }}
namespace: {{ .Release.Namespace }}
labels:
control-plane: controller-manager
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
type: {{ .Values.metricsService.type }}
selector:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }}
control-plane: controller-manager
ports:
{{- .Values.metricsService.ports | toYaml | nindent 2 -}}

19
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/secret.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Renders the license key secret if user has not specified a custom secret.
*/}}
{{- if not (include "newrelic.common.license._customSecretName" .) }}
{{- /* Fail if licenseKey is empty and required: */ -}}
{{- if not (include "newrelic.common.license._licenseKey" .) }}
{{- fail "You must specify a licenseKey" }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: newrelic-key-secret
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
data:
new_relic_license_key: {{ include "newrelic.common.license._licenseKey" . | b64enc }}
{{- end }}

11
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/selfsigned-issuer.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.admissionWebhooks.create .Values.admissionWebhooks.certManager.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "k8s-agents-operator.cert-manager.issuer.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
selfSigned: {}
{{- end }}

11
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/service-account.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if include "newrelic.common.serviceAccount.create" . }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "newrelic.common.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
annotations:
{{- include "newrelic.common.serviceAccount.annotations" . | nindent 4 }}
{{- end -}}

20
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/serving-cert.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.admissionWebhooks.create .Values.admissionWebhooks.certManager.enabled }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "k8s-agents-operator.cert-manager.certificate.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
dnsNames:
- '{{ include "k8s-agents-operator.webhook.service.name" . }}.{{ .Release.Namespace }}.svc'
- '{{ include "k8s-agents-operator.webhook.service.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesClusterDomain }}'
issuerRef:
kind: Issuer
name: {{ include "k8s-agents-operator.cert-manager.issuer.name" . }}
secretName: {{ include "k8s-agents-operator.certificateSecret.name" . }}
subject:
organizationalUnits:
- k8s-agents-operator
{{- end }}

14
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/templates/webhook-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "k8s-agents-operator.webhook.service.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
type: {{ .Values.webhookService.type }}
selector:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }}
control-plane: controller-manager
ports:
{{- .Values.webhookService.ports | toYaml | nindent 2 -}}

107
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/affinity_test.yaml Normal file
View File

@ -0,0 +1,107 @@
suite: affinity
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets affinity to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.affinity
template: templates/deployment.yaml
- it: sets affinity from global by common-library
set:
licenseKey: us-whatever
global:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: globalKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: globalKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
template: templates/deployment.yaml
- it: sets affinity from values by common-library
set:
licenseKey: us-whatever
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
template: templates/deployment.yaml
- it: sets affinity from values by common-library overriding global values
set:
licenseKey: us-whatever
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
global:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: globalKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: topLevelKey
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
template: templates/deployment.yaml

29
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/annotations_test.yaml Normal file
View File

@ -0,0 +1,29 @@
suite: annotations
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets pod annotations to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.metadata.annotations
template: templates/deployment.yaml
- it: sets pod annotations from values
set:
licenseKey: us-whatever
podAnnotations:
deploymentKey1: "deploymentValue1"
deploymentKey2: "deploymentValue2"
asserts:
- equal:
path: spec.template.metadata.annotations.deploymentKey1
value: deploymentValue1
template: templates/deployment.yaml
- equal:
path: spec.template.metadata.annotations.deploymentKey2
value: deploymentValue2
template: templates/deployment.yaml

53
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/cert_manager_certificate_test.yaml Normal file
View File

@ -0,0 +1,53 @@
suite: cert-manager
templates:
- templates/serving-cert.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: creates cert-manager resources if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: creates Certificate in default domain if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: kind
value: Certificate
- equal:
path: spec.dnsNames
value:
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc.cluster.local
- it: creates Certificate in custom domain if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
kubernetesClusterDomain: kubey.test
asserts:
- equal:
path: kind
value: Certificate
- equal:
path: spec.dnsNames
value:
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc
- my-release-k8s-agents-operator-webhook-service.my-namespace.svc.kubey.test

32
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/cert_manager_issuer_test.yaml Normal file
View File

@ -0,0 +1,32 @@
suite: cert-manager
templates:
- templates/selfsigned-issuer.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: creates cert-manager resources if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: creates Issuer if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: kind
value: Issuer
- exists:
path: spec.selfSigned

53
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/images_test.yaml Normal file
View File

@ -0,0 +1,53 @@
suite: images
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: has a default image version
set:
licenseKey: us-whatever
asserts:
- notMatchRegex:
path: spec.template.spec.containers[0].image
pattern: ".*nil.*"
template: templates/deployment.yaml
- notMatchRegex:
path: spec.template.spec.containers[1].image
pattern: ".*nil.*"
template: templates/deployment.yaml
- it: loads image and version
set:
licenseKey: us-whatever
controllerManager:
manager:
image:
repository: nr/test-1
version: "1.1.1"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: nr/test-1:1.1.1
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].image
value: nr/test-2:1.1.2
template: templates/deployment.yaml
- it: loads image and version using SHA digest
set:
licenseKey: us-whatever
controllerManager:
manager:
image:
repository: nr/test-1
version: "sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: nr/test-1@sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].image
value: nr/test-2@sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea
template: templates/deployment.yaml

51
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/node_selector_test.yaml Normal file
View File

@ -0,0 +1,51 @@
suite: nodeSelector
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets nodeSelector to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.nodeSelector
template: templates/deployment.yaml
- it: sets nodeSelector from global by common-library
set:
licenseKey: us-whatever
global:
nodeSelector:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
globalKey: globalValue
template: templates/deployment.yaml
- it: sets nodeSelector from values by common-library
set:
licenseKey: us-whatever
nodeSelector:
topLevelKey: topLevelValue
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets nodeSelector from values by common-library overriding global values
set:
licenseKey: us-whatever
nodeSelector:
topLevelKey: topLevelValue
global:
nodeSelector:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml

28
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/resources_test.yaml Normal file
View File

@ -0,0 +1,28 @@
suite: resources
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets pod resources to default when no values provided
set:
licenseKey: us-whatever
asserts:
- equal:
path: spec.template.spec.containers[0].resources
value:
requests:
cpu: 100m
memory: 64Mi
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].resources
value:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
template: templates/deployment.yaml

160
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/security_context_test.yaml Normal file
View File

@ -0,0 +1,160 @@
suite: securityContext
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets pod securityContext set to defaults when no values provided
set:
licenseKey: us-whatever
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
template: templates/deployment.yaml
- it: ignores pod securityContext from global by common-library
set:
licenseKey: us-whatever
global:
podSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
template: templates/deployment.yaml
- it: appends pod securityContext from values by common-library
set:
licenseKey: us-whatever
podSecurityContext:
topLevelKey: topLevelValue
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets pod securityContext from values by common-library overriding global values
set:
licenseKey: us-whatever
podSecurityContext:
topLevelKey: topLevelValue
global:
podSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets container securityContext set to defaults when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/deployment.yaml
- notExists:
path: spec.template.spec.containers[1].securityContext
template: templates/deployment.yaml
- it: sets container securityContext from global by common-library
set:
licenseKey: us-whatever
global:
containerSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
globalKey: globalValue
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].securityContext
value:
globalKey: globalValue
template: templates/deployment.yaml
- it: sets container securityContext from values by common-library
set:
licenseKey: us-whatever
containerSecurityContext:
topLevelKey: topLevelValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets container securityContext from values by common-library overriding global values
set:
licenseKey: us-whatever
containerSecurityContext:
topLevelKey: topLevelValue
global:
containerSecurityContext:
globalKey: globalValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- equal:
path: spec.template.spec.containers[1].securityContext
value:
topLevelKey: topLevelValue
template: templates/deployment.yaml
- it: sets container securityContext from manager values
set:
licenseKey: us-whatever
controllerManager:
manager:
containerSecurityContext:
managerKey: managerValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
managerKey: managerValue
template: templates/deployment.yaml
- it: sets container securityContext from manager values overriding top level and global values
set:
licenseKey: us-whatever
containerSecurityContext:
topLevelKey: topLevelValue
global:
containerSecurityContext:
globalKey: globalValue
controllerManager:
manager:
containerSecurityContext:
managerKey: managerValue
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
managerKey: managerValue
template: templates/deployment.yaml

83
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/service_account_test.yaml Normal file
View File

@ -0,0 +1,83 @@
suite: serviceAccount
templates:
- templates/service-account.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: by default creates a service account
set:
licenseKey: test
asserts:
- hasDocuments:
count: 1
- it: creates a service account if there are no global values
set:
licenseKey: test
global: null
asserts:
- hasDocuments:
count: 1
- it: creates a global a service account
set:
licenseKey: test
global:
serviceAccount:
create: true
asserts:
- hasDocuments:
count: 1
- it: create a local service account
set:
licenseKey: test
serviceAccount:
create: true
asserts:
- hasDocuments:
count: 1
- it: disables a global a service account
set:
licenseKey: test
global:
serviceAccount:
create: false
asserts:
- hasDocuments:
count: 0
- it: disables a local a service account
set:
licenseKey: test
serviceAccount:
create: false
asserts:
- hasDocuments:
count: 0
- it: allows overriding the global enabling of a service account
set:
licenseKey: test
global:
serviceAccount:
create: true
serviceAccount:
create: false
asserts:
- hasDocuments:
count: 0
- it: allows overriding the global disabling of a service account
set:
licenseKey: test
global:
serviceAccount:
create: false
serviceAccount:
create: true
asserts:
- hasDocuments:
count: 1

65
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/tolerations_test.yaml Normal file
View File

@ -0,0 +1,65 @@
suite: tolerations
templates:
- templates/deployment.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: sets tolerations to default when no values provided
set:
licenseKey: us-whatever
asserts:
- notExists:
path: spec.template.spec.tolerations
template: templates/deployment.yaml
- it: sets tolerations from global by common-library
set:
licenseKey: us-whatever
global:
tolerations:
- key: "globalKey"
operator: "Exists"
effect: "NoSchedule"
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: "globalKey"
operator: "Exists"
effect: "NoSchedule"
template: templates/deployment.yaml
- it: sets tolerations from values by common-library
set:
licenseKey: us-whatever
tolerations:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
template: templates/deployment.yaml
- it: sets tolerations from values by common-library overriding global values
set:
licenseKey: us-whatever
tolerations:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
global:
tolerations:
- key: "globalKey"
operator: "Exists"
effect: "NoSchedule"
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: "topLevelKey"
operator: "Exists"
effect: "NoSchedule"
template: templates/deployment.yaml

176
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/tests/webhook_ssl_test.yaml Normal file
View File

@ -0,0 +1,176 @@
suite: webhook ssl
templates:
- templates/webhook-configuration.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: creates ssl certificate secret by default
set:
licenseKey: us-whatever
asserts:
- hasDocuments:
count: 3
- containsDocument:
kind: Secret
apiVersion: v1
name: my-release-k8s-agents-operator-controller-manager-service-cert
namespace: my-namespace
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- exists:
path: data["tls.crt"]
template: templates/webhook-configuration.yaml
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- exists:
path: data["tls.key"]
template: templates/webhook-configuration.yaml
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- exists:
path: data["ca.crt"]
template: templates/webhook-configuration.yaml
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-controller-manager-service-cert
- it: does not inject cert-manager annotations into MutatingWebhook by default
set:
licenseKey: us-whatever
asserts:
- notExists:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: does not inject cert-manager annotations into ValidatingWebhook by default
set:
licenseKey: us-whatever
asserts:
- notExists:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation
- it: does inject caBundle into MutatingWebhook clientConfigs by default
set:
licenseKey: us-whatever
asserts:
- lengthEqual:
path: webhooks
count: 2
- exists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- exists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: does inject caBundle into ValidatingWebhook clientConfigs by default
set:
licenseKey: us-whatever
asserts:
- lengthEqual:
path: webhooks
count: 2
- exists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- exists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation
- it: does not creates ssl certificate secret if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- hasDocuments:
count: 2
- it: injects cert-manager annotations into MutatingWebhook if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
value: my-namespace/my-release-k8s-agents-operator-serving-cert
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: injects cert-manager annotations into ValidatingWebhook if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- equal:
path: metadata.annotations["cert-manager.io/inject-ca-from"]
value: my-namespace/my-release-k8s-agents-operator-serving-cert
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation
- it: does not inject caBundle into MutatingWebhook clientConfigs if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- lengthEqual:
path: webhooks
count: 2
- notExists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- notExists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- it: does not inject caBundle into ValidatingWebhook clientConfigs if cert-manager enabled and auto cert disabled
set:
licenseKey: us-whatever
admissionWebhooks:
autoGenerateCert:
enabled: false
certManager:
enabled: true
asserts:
- lengthEqual:
path: webhooks
count: 2
- notExists:
path: webhooks[0].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-mutation
- notExists:
path: webhooks[1].clientConfig.caBundle
documentSelector:
path: metadata.name
value: my-release-k8s-agents-operator-validation

123
charts/new-relic/nri-bundle/5.0.109/charts/k8s-agents-operator/values.yaml Normal file
View File

@ -0,0 +1,123 @@
# Default values for k8s-agents-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- This set this license key to use. Can be configured also with `global.licenseKey`
licenseKey: ""
# -- Additional labels for chart pods
podLabels: {}
# -- Additional labels for chart objects
labels: {}
# -- Annotations to be added to the deployment.
podAnnotations: {}
# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName`
priorityClassName: ""
# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig`
dnsConfig: {}
# -- Sets all pods' node selector. Can be configured also with `global.nodeSelector`
nodeSelector: {}
# -- Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations`
tolerations: []
# -- Sets all pods' affinities. Can be configured also with `global.affinity`
affinity: {}
# -- Sets all security contexts (at pod level).
# -- Source: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
# -- SecurityContext holds pod-level security attributes and common container settings
podSecurityContext:
# runAsGroup: 65532
runAsNonRoot: true
# runAsUser: 65532
# fsGroup: 65532
# -- Sets all security context (at container level). Can be configured also with `global.securityContext.container`
containerSecurityContext: {}
kubernetesClusterDomain: cluster.local
controllerManager:
replicas: 1
manager:
image:
# -- Sets the repository and image to use for the manager. Please ensure you're using trusted New Relic images.
repository: newrelic/k8s-agents-operator
# -- Sets the manager image version to retrieve. Could be a tag i.e. "v0.17.0" or a SHA digest i.e. "sha256:e2399e70e99ac370ca6a3c7e5affa9655da3b246d0ada77c40ed155b3726ee2e"
version:
pullPolicy:
resources:
limits:
cpu: 500m
memory: 192Mi
requests:
cpu: 100m
memory: 64Mi
# -- Sets security context (at container level) for the manager. Overrides `containerSecurityContext` and `global.containerSecurityContext`
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
# -- Source: https://docs.openshift.com/container-platform/4.10/operators/operator_sdk/osdk-leader-election.html
# -- Enable leader election mechanism for protecting against split brain if multiple operator pods/replicas are started
leaderElection:
enabled: true
# -- Settings controlling ServiceAccount creation
# @default -- See `values.yaml`
serviceAccount:
# serviceAccount.create -- (bool) Specifies whether a ServiceAccount should be created
# @default -- `true`
create:
# If not set and create is true, a name is generated using the fullname template
name: ""
# Specify any annotations to add to the ServiceAccount
annotations:
metricsService:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: 8443
type: ClusterIP
webhookService:
ports:
- port: 443
protocol: TCP
targetPort: 9443
type: ClusterIP
# -- Admission webhooks make sure only requests with correctly formatted rules will get into the Operator
admissionWebhooks:
create: true
## TLS Certificate Option 1: Use Helm to automatically generate self-signed certificate.
## certManager must be disabled and autoGenerateCert must be enabled.
autoGenerateCert:
# -- If true and certManager.enabled is false, Helm will automatically create a self-signed cert and secret for you.
enabled: true
# -- If set to true, new webhook key/certificate is generated on helm upgrade.
recreate: true
# -- Cert validity period time in days.
certPeriodDays: 365
## TLS Certificate Option 2: Use certManager to generate self-signed certificate.
certManager:
# -- If true and autoGenerateCert.enabled is false, cert-manager will create a self-signed cert and secret for you.
enabled: false
## TLS Certificate Option 3: Use your own self-signed certificate.
## certManager and autoGenerateCert must be disabled and certFile, keyFile, and caFile must be set.
## The chart reads the contents of the file paths with the helm .Files.Get function.
## Refer to this doc https://helm.sh/docs/chart_template_guide/accessing_files/ to understand
## limitations of file paths accessible to the chart.
# -- Path to your own PEM-encoded certificate.
certFile: ""
# -- Path to your own PEM-encoded private key.
keyFile: ""
# -- Path to the CA cert.
caFile: ""

21
charts/new-relic/nri-bundle/5.0.109/charts/kube-state-metrics/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

26
charts/new-relic/nri-bundle/5.0.109/charts/kube-state-metrics/Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
apiVersion: v2
appVersion: 2.13.0
description: Install kube-state-metrics to generate and expose cluster-level metrics
home: https://github.com/kubernetes/kube-state-metrics/
keywords:
- metric
- monitoring
- prometheus
- kubernetes
maintainers:
- email: tariq.ibrahim@mulesoft.com
name: tariq1890
- email: manuel@rueg.eu
name: mrueg
- email: david@0xdc.me
name: dotdc
name: kube-state-metrics
sources:
- https://github.com/kubernetes/kube-state-metrics/
type: application
version: 5.26.0

85
charts/new-relic/nri-bundle/5.0.109/charts/kube-state-metrics/README.md Normal file
View File

@ -0,0 +1,85 @@
# kube-state-metrics Helm Chart
Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
## Get Repository Info
<!-- textlint-disable -->
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
<!-- textlint-enable -->
## Install Chart
```console
helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
You can upgrade in-place:
1. [get repository info](#get-repository-info)
1. [upgrade](#upgrading-chart) your existing release name using the new chart repository
## Upgrading to v3.0.0
v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side.
The upgraded chart now the following changes:
* Dropped support for helm v2 (helm v3 or later is required)
* collectors key was renamed to resources
* namespace key was renamed to namespaces
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
```console
helm show values prometheus-community/kube-state-metrics
```
### kube-rbac-proxy
You can enable `kube-state-metrics` endpoint protection using `kube-rbac-proxy`. By setting `kubeRBACProxy.enabled: true`, this chart will deploy one RBAC proxy container per endpoint (metrics & telemetry).
To authorize access, authenticate your requests (via a `ServiceAccount` for example) with a `ClusterRole` attached such as:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-state-metrics-read
rules:
- apiGroups: [ "" ]
resources: ["services/kube-state-metrics"]
verbs:
- get
```
See [kube-rbac-proxy examples](https://github.com/brancz/kube-rbac-proxy/tree/master/examples/resource-attributes) for more details.

Some files were not shown because too many files have changed in this diff Show More