diff --git a/charts/cadvisor/.helmignore b/charts/cadvisor/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/charts/cadvisor/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/cadvisor/Chart.yaml b/charts/cadvisor/Chart.yaml new file mode 100644 index 0000000..1d2f1c7 --- /dev/null +++ b/charts/cadvisor/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +description: A chart for a Cadvisor deployment +name: cadvisor +version: 1.0.0 +appVersion: 0.35.0 +home: https://github.com/google/cadvisor +sources: + - https://github.com/google/cadvisor + - https://github.com/code-chris/helm-charts +keywords: + - prometheus + - cadvisor + - monitoring +maintainers: + - name: code-chris + email: christian.kotzbauer@gmail.com diff --git a/charts/cadvisor/README.md b/charts/cadvisor/README.md new file mode 100644 index 0000000..aabae78 --- /dev/null +++ b/charts/cadvisor/README.md @@ -0,0 +1,75 @@ +# Cadvisor + +A chart for a Cadvisor deployment + +Learn more: [https://github.com/google/cadvisor](https://github.com/google/cadvisor) + +## TL;DR; + +```bash +$ helm install code-chris/cadvisor +``` + +## Introduction + +This chart creates a daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.10+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release code-chris/cadvisor +``` + +The command deploys the Cadvisor on the Kubernetes cluster using the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Prometheus MSTeams chart and their default values. + +| Parameter | Description | Default | +| -------------------------------------- | ------------------------------------------------- | ----------------------------- | +| `image.repository` | container image repository | `k8s.gcr.io/cadvisor` | +| `image.tag` | container image tag | `v0.35.0` | +| `image.pullPolicy` | container image pull policy | `IfNotPresent` | +| `nodeSelector` | node labels for pod assignment | `{}` | +| `tolerations` | node tolerations for pod assignment | `[]` | +| `affinity` | node affinity for pod assignment | `{}` | +| `container.port` | the container and service port to use | 8080 | +| `container.additionalArgs` | additional container arguments | see values.yaml | +| `container.hostPaths` | hostPaths to mount in the container | see values.yaml | +| `resources` | pod resource requests & limits | `{}` | +| `serviceAccount.create` | create a own serviceAccount for the pod | `true` | +| `serviceAccount.name` | name of the serviceAccount to create | `""` | +| `podSecurityPolicy.create` | create a own PodSecurityPolicy for the pod | `false` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set key_1=value_1,key_2=value_2 \ + code-chris/cadvisor +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +# example for staging +$ helm install --name my-release -f values.yaml code-chris/cadvisor +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/cadvisor/templates/NOTES.txt b/charts/cadvisor/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/charts/cadvisor/templates/_helpers.tpl b/charts/cadvisor/templates/_helpers.tpl new file mode 100644 index 0000000..7d7a0de --- /dev/null +++ b/charts/cadvisor/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cadvisor.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cadvisor.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cadvisor.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "cadvisor.labels" -}} +helm.sh/chart: {{ include "cadvisor.chart" . }} +{{ include "cadvisor.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "cadvisor.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cadvisor.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cadvisor.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "cadvisor.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/cadvisor/templates/clusterrole.yaml b/charts/cadvisor/templates/clusterrole.yaml new file mode 100644 index 0000000..306156b --- /dev/null +++ b/charts/cadvisor/templates/clusterrole.yaml @@ -0,0 +1,12 @@ +{{- if .Values.podSecurityPolicy.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "cadvisor.name" . }} +rules: + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "cadvisor.name" . }} +{{- end -}} \ No newline at end of file diff --git a/charts/cadvisor/templates/clusterrolebinding.yaml b/charts/cadvisor/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..a042cb0 --- /dev/null +++ b/charts/cadvisor/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.podSecurityPolicy.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "cadvisor.name" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "cadvisor.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "cadvisor.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} \ No newline at end of file diff --git a/charts/cadvisor/templates/daemonset.yaml b/charts/cadvisor/templates/daemonset.yaml new file mode 100644 index 0000000..22ec69a --- /dev/null +++ b/charts/cadvisor/templates/daemonset.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "cadvisor.name" . }} + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' + labels: + app: {{ template "cadvisor.name" . }} + chart: {{ template "cadvisor.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ template "cadvisor.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "cadvisor.name" . }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "cadvisor.serviceAccountName" . }} + containers: + - name: {{ template "cadvisor.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + {{- with .Values.container.additionalArgs }} +{{ toYaml . | indent 10 }} + {{- end }} + volumeMounts: + {{- range .Values.container.hostPaths }} + - name: {{ .name }} + mountPath: {{ default .path .mount }} + readOnly: true + {{- end }} + ports: + - name: http + containerPort: {{ .Values.container.port }} + protocol: TCP + resources: +{{ toYaml .Values.resources | indent 10 }} + automountServiceAccountToken: false + terminationGracePeriodSeconds: 30 + volumes: + {{- range .Values.container.hostPaths }} + - name: {{ .name }} + hostPath: + path: {{ .path }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + diff --git a/charts/cadvisor/templates/psp.yaml b/charts/cadvisor/templates/psp.yaml new file mode 100644 index 0000000..cb40b83 --- /dev/null +++ b/charts/cadvisor/templates/psp.yaml @@ -0,0 +1,21 @@ +{{- if .Values.podSecurityPolicy.create -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "cadvisor.name" . }} +spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - '*' + allowedHostPaths: + {{- range .Values.container.hostPaths }} + - pathPrefix: {{ .path }} + {{- end }} +{{- end -}} diff --git a/charts/cadvisor/templates/service.yaml b/charts/cadvisor/templates/service.yaml new file mode 100644 index 0000000..9a9b4a0 --- /dev/null +++ b/charts/cadvisor/templates/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "cadvisor.name" . }} + labels: + app: {{ template "cadvisor.name" . }} + chart: {{ template "cadvisor.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + - name: http + port: {{ .Values.container.port }} + targetPort: {{ .Values.container.port }} + protocol: TCP + selector: + app: {{ template "cadvisor.name" . }} + type: ClusterIP diff --git a/charts/cadvisor/templates/serviceaccount.yaml b/charts/cadvisor/templates/serviceaccount.yaml new file mode 100644 index 0000000..77368e9 --- /dev/null +++ b/charts/cadvisor/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cadvisor.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/cadvisor/values.yaml b/charts/cadvisor/values.yaml new file mode 100644 index 0000000..b5cc6b0 --- /dev/null +++ b/charts/cadvisor/values.yaml @@ -0,0 +1,54 @@ +image: + repository: k8s.gcr.io/cadvisor + tag: v0.35.0 + pullPolicy: IfNotPresent + +container: + port: 8080 + additionalArgs: + - --housekeeping_interval=10s # kubernetes default args + - --max_housekeeping_interval=15s + - --event_storage_event_limit=default=0 + - --event_storage_age_limit=default=0 + - --disable_metrics=percpu,process,sched,tcp,udp # enable only diskIO, cpu, memory, network, disk + - --docker_only + hostPaths: + - name: rootfs + path: "/" + mount: "/rootfs" + - name: varrun + path: "/var/run" + - name: sys + path: "/sys" + - name: docker + path: "/var/lib/docker" + - name: disk + path: "/dev/disk" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityPolicy: + create: false + +nodeSelector: {} + +tolerations: [] + +affinity: {}