From b27ed05f49e697117dca6fbe3041caab44c32717 Mon Sep 17 00:00:00 2001 From: Matt Ray Date: Thu, 30 Nov 2023 18:06:59 +1100 Subject: [PATCH] Rebased #151 with version bump (#155) * Fixes Issue #21 Signed-off-by: Donald Sebastian Leung * Refine Helm chart configuration to maintain backwards compatibility Signed-off-by: Donald Sebastian Leung * Version bump Signed-off-by: Matt Ray --------- Signed-off-by: Donald Sebastian Leung Signed-off-by: Matt Ray Co-authored-by: Donald Sebastian Leung --- charts/opencost/Chart.yaml | 2 +- charts/opencost/README.md | 12 +++-- charts/opencost/templates/_helpers.tpl | 11 +++++ charts/opencost/templates/networkpolicy.yaml | 46 ++++++++++++++++++++ charts/opencost/values.yaml | 21 +++++++-- 5 files changed, 84 insertions(+), 8 deletions(-) create mode 100644 charts/opencost/templates/networkpolicy.yaml diff --git a/charts/opencost/Chart.yaml b/charts/opencost/Chart.yaml index d0e0ff7..6cbc6c5 100755 --- a/charts/opencost/Chart.yaml +++ b/charts/opencost/Chart.yaml @@ -9,7 +9,7 @@ keywords: - kubecost - opencost - monitoring -version: 1.26.4 +version: 1.27.0 maintainers: - name: mattray url: https://mattray.dev diff --git a/charts/opencost/README.md b/charts/opencost/README.md index 9e12d06..783e382 100644 --- a/charts/opencost/README.md +++ b/charts/opencost/README.md @@ -2,7 +2,7 @@ OpenCost and OpenCost UI -![Version: 1.26.4](https://img.shields.io/badge/Version-1.26.4-informational?style=flat-square) +![Version: 1.27.0](https://img.shields.io/badge/Version-1.27.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.107.1](https://img.shields.io/badge/AppVersion-1.107.1-informational?style=flat-square) @@ -30,6 +30,10 @@ $ helm install opencost opencost/opencost | fullnameOverride | string | `""` | Overwrite all resources name created by the chart | | imagePullSecrets | list | `[]` | List of secret names to use for pulling the images | | nameOverride | string | `""` | Overwrite the default name of the chart | +| networkPolicies.enabled | bool | `false` | Whether network policies should be created | +| networkPolicies.prometheus.namespace | string | `"prometheus-system"` | Namespace where internal Prometheus is installed | +| networkPolicies.prometheus.port | int | `9090` | Pod port of in-cluster Prometheus | +| networkPolicies.prometheus.labels | object | `{ "app.kubernetes.io/name": "prometheus" }` | Label\(s\) used to identify the server Pod\(s\) relating to the internal Prometheus | | opencost.affinity | object | `{}` | Affinity settings for pod assignment | | opencost.customPricing.configPath | string | `"/tmp/custom-config"` | Path for the pricing configuration. | | opencost.customPricing.configmapName | string | `"custom-pricing-model"` | Customize the configmap name used for custom pricing | @@ -87,9 +91,9 @@ $ helm install opencost opencost/opencost | opencost.prometheus.external.enabled | bool | `false` | Use external Prometheus (eg. Grafana Cloud) | | opencost.prometheus.external.url | string | `"https://prometheus.example.com/prometheus"` | External Prometheus url | | opencost.prometheus.internal.enabled | bool | `true` | Use in-cluster Prometheus | -| opencost.prometheus.internal.namespaceName | string | `"opencost"` | Namespace of in-cluster Prometheus | -| opencost.prometheus.internal.port | int | `9090` | Service port of in-cluster Prometheus | -| opencost.prometheus.internal.serviceName | string | `"my-prometheus"` | Service name of in-cluster Prometheus | +| opencost.prometheus.internal.namespaceName | string | `"prometheus-system"` | Namespace of in-cluster Prometheus | +| opencost.prometheus.internal.serviceName | string | `"prometheus-server"` | Service name of in-cluster Prometheus | +| opencost.prometheus.internal.port | int | `80` | Service port of in-cluster Prometheus | | opencost.prometheus.password | string | `""` | Prometheus Basic auth password | | opencost.prometheus.password_key | string | `"DB_BASIC_AUTH_PW"` | Key in the secret that references the password | | opencost.prometheus.secret_name | string | `nil` | Secret name that contains credentials for Prometheus | diff --git a/charts/opencost/templates/_helpers.tpl b/charts/opencost/templates/_helpers.tpl index 32d46cf..bb93c20 100644 --- a/charts/opencost/templates/_helpers.tpl +++ b/charts/opencost/templates/_helpers.tpl @@ -134,3 +134,14 @@ Define opencost config file name {{- .Values.opencost.customPricing.provider -}} {{- end -}} {{- end -}} + +{{/* +Get api version of networking.k8s.io +*/}} +{{- define "networkingAPIVersion" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +apiVersion: networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +{{- end -}} diff --git a/charts/opencost/templates/networkpolicy.yaml b/charts/opencost/templates/networkpolicy.yaml new file mode 100644 index 0000000..3362177 --- /dev/null +++ b/charts/opencost/templates/networkpolicy.yaml @@ -0,0 +1,46 @@ +{{- $apiVersion := (include "networkingAPIVersion" .) }} +{{- if .Values.networkPolicies.enabled -}} +{{- if .Values.opencost.prometheus.internal.enabled }} +--- +{{ $apiVersion }} +kind: NetworkPolicy +metadata: + name: {{ .Release.Name }}-opencost + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: opencost + policyTypes: + - Ingress + - Egress + ingress: + - from: + - podSelector: + matchLabels: + {{- range $key, $val := .Values.networkPolicies.prometheus.labels }} + {{ $key }}: {{ $val }} + {{- end }} + {{- if ne .Values.networkPolicies.prometheus.namespace .Release.Namespace }} + namespaceSelector: + matchLabels: + name: {{ .Values.networkPolicies.prometheus.namespace }} + {{- end }} + ports: + - port: 9003 + egress: + - to: + - podSelector: + matchLabels: + {{- range $key, $val := .Values.networkPolicies.prometheus.labels }} + {{ $key }}: {{ $val }} + {{- end }} + {{- if ne .Values.networkPolicies.prometheus.namespace .Release.Namespace }} + namespaceSelector: + matchLabels: + name: {{ .Values.networkPolicies.prometheus.namespace }} + {{- end }} + ports: + - port: {{ .Values.networkPolicies.prometheus.port }} +{{- end }} +{{- end }} diff --git a/charts/opencost/values.yaml b/charts/opencost/values.yaml index 24d98eb..29178bb 100644 --- a/charts/opencost/values.yaml +++ b/charts/opencost/values.yaml @@ -18,6 +18,21 @@ serviceAccount: # -- Whether pods running as this service account should have an API token automatically mounted automountServiceAccountToken: true +# NetworkPolicies for ingress +networkPolicies: + # -- Specifies whether networkpolicies should be created + enabled: false + + # -- Internal Prometheus settings related to NetworkPolicies + prometheus: + # -- Namespace where internal Prometheus is installed + namespace: prometheus-system + # -- Pod port of in-cluster Prometheus + port: 9090 + # -- Labels applied to the Prometheus server pod(s) + labels: + app.kubernetes.io/name: prometheus + # -- Strategy to be used for the Deployment updateStrategy: rollingUpdate: @@ -241,11 +256,11 @@ opencost: # -- Use in-cluster Prometheus enabled: true # -- Service name of in-cluster Prometheus - serviceName: my-prometheus + serviceName: prometheus-server # -- Namespace of in-cluster Prometheus - namespaceName: opencost + namespaceName: prometheus-system # -- Service port of in-cluster Prometheus - port: 9090 + port: 80 amp: # -- Use Amazon Managed Service for Prometheus (AMP) enabled: false # If true, opencost will be configured to remote_write and query from Amazon Managed Service for Prometheus.