update ci values, helm examples, fix serviceaccount pod and config va…

…lue issues
rstudio · Nov 22, 2023 · c06784a · c06784a
1 parent bbf09b3
commit c06784a
Show file tree

Hide file tree

Showing 10 changed files with 28 additions and 36 deletions.
diff --git a/charts/posit-chronicle/Makefile b/charts/posit-chronicle/Makefile
@@ -1,6 +1,7 @@
 lint:
 	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml .
 	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml .
+	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/no-local-storage-values.yaml .
 	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/complex-values.yaml .
 
 template:

diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md
@@ -46,7 +46,6 @@ Here are some example Helm values to run the agent sidecar in Workbench:
 
 ```yaml
 pod:
-  ...
   sidecar:
     - name: chronicle-agent
       image: posit-chronicle:latest
@@ -58,15 +57,13 @@ pod:
       env:
       - name: CHRONICLE_SERVER_ADDRESS
         value: "http://chronicle-server.default.svc.cluster.local"
-...
 ```
 
 And here are some example Helm values for Connect, where we also pass a Connect
 API key from a Kubernetes Secret to unlock more detailed metrics:
 
 ```yaml
 pod:
-  ...
   sidecar:
     - name: chronicle-agent
       image: posit-chronicle:latest
@@ -93,7 +90,7 @@ S3, or both.
 The default configuration uses a local volume, which is suitable if you'd like to
 access and analyze the data within your cluster:
 
-``` yaml
+```yaml
 config:
   localStorage:
     enabled: true
@@ -126,7 +123,7 @@ you can use this role as an annotation on the existing Service Account:
 
 ``` yaml
 serviceaccount:
-  enabled: false
+  create: false
   # -- Additional annotations to add to the chronicle-server serviceaccount
   annotations: {
     eks.amazonaws.com/role-arn:  arn:aws:iam::123456789000:role/iam-role-name-here

diff --git a/charts/posit-chronicle/README.md.gotmpl b/charts/posit-chronicle/README.md.gotmpl
@@ -20,7 +20,6 @@ Here are some example Helm values to run the agent sidecar in Workbench:
 
 ```yaml
 pod:
-  ...
   sidecar:
     - name: chronicle-agent
       image: posit-chronicle:latest
@@ -32,15 +31,13 @@ pod:
       env:
       - name: CHRONICLE_SERVER_ADDRESS
         value: "http://chronicle-server.default.svc.cluster.local"
-...
 ```
 
 And here are some example Helm values for Connect, where we also pass a Connect
 API key from a Kubernetes Secret to unlock more detailed metrics:
 
 ```yaml
 pod:
-  ...
   sidecar:
     - name: chronicle-agent
       image: posit-chronicle:latest
@@ -67,7 +64,7 @@ S3, or both.
 The default configuration uses a local volume, which is suitable if you'd like to 
 access and analyze the data within your cluster:
 
-``` yaml
+```yaml
 config:
   localStorage:
     enabled: true
@@ -83,7 +80,7 @@ supported.)
 You can also persist data to AWS S3 instead of (or in addition to) local
 storage:
 
-``` yaml
+```yaml
 config:
   s3Storage:
     enabled: true
@@ -98,22 +95,18 @@ to manage the credentials needed to access S3. In this scenario, once you have
 role](https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html),
 you can use this role as an annotation on the existing Service Account:
 
-``` yaml
+```yaml
 serviceaccount:
-  enabled: false
-  # -- Additional annotations to add to the chronicle-server serviceaccount
-  annotations: {
+  create: true
+  annotations:
     eks.amazonaws.com/role-arn:  arn:aws:iam::123456789000:role/iam-role-name-here
-  }
-  # -- Additional labels to add to the chronicle-server serviceaccount
-  labels: {}
 ```
 
 If you are unable to use IAM Roles for Service Accounts, there are any number of
 alternatives for injecting AWS credentials into a container. As a fallback,
 the S3 storage config allows specifying a profile:
 
-``` yaml
+```yaml
 config:
   s3Storage:
     enabled: true
@@ -122,7 +115,6 @@ config:
     region: "us-east-2"
 ```
 
-
 {{ template "chart.valuesSection" . }}
 
 {{ template "helm-docs.versionFooter" . }}
diff --git a/charts/posit-chronicle/ci/complex-values.yaml b/charts/posit-chronicle/ci/complex-values.yaml
@@ -3,7 +3,7 @@ image:
   imagePullPolicy: "IfNotPresent"
 
 serviceaccount:
-  enabled: false
+  create: true
   annotations:
     eks.amazonaws.com/role-arn: arn:aws:iam::123123123123123:role/chronicle-serviceaccount-role
 
@@ -22,7 +22,7 @@ service:
 pod:
   replicas: 4
   command: "/bash"
-  args: ["echo", "hello word"]
+  args: ["echo", "hello world"]
   # -- Optional environment variables
   env:
   - name: "TEST_ENV_VAR"
@@ -44,17 +44,15 @@ config:
     # If https.enabled=true, we will ignore any http
     # values and enable https in our config instead
     enabled: true
-    key: ""
-    certificate: ""
+    key: /path/to/key
+    certificate: /path/to/cert
   localStorage:
     enabled: true
     location: "./chronicle-data"
     retentionPeriod: "5m"
   s3Storage:
     enabled: true
     bucket: "posit-chronicle"
-    prefix: ""
-    profile: ""
     region: "us-east-2"
   metrics:
     enabled: true

diff --git a/charts/posit-chronicle/ci/no-local-storage-values.yaml b/charts/posit-chronicle/ci/no-local-storage-values.yaml
@@ -19,3 +19,4 @@ config:
   s3Storage:
     enabled: true
     bucket: "posit-chronicle-dev"
+    region: "ap-northeast-2"
diff --git a/charts/posit-chronicle/ci/simple-values.yaml b/charts/posit-chronicle/ci/simple-values.yaml
@@ -2,10 +2,7 @@ image:
   tag: "latest"
 
 serviceaccount:
-  create: true
-  annotations: {
-    eks.amazonaws.com/role-arn: arn:aws:iam::123123123123123:role/chronicle-serviceaccount-role
-  }
+  create: false
 
 storage:
   persistentVolumeSize: 10Gi
@@ -23,3 +20,4 @@ config:
   s3Storage:
     enabled: true
     bucket: "posit-chronicle-dev"
+    region: "us-east-1"
diff --git a/charts/posit-chronicle/templates/_helpers.tpl b/charts/posit-chronicle/templates/_helpers.tpl
@@ -10,7 +10,12 @@ Generate annotations for  various resources
 {{ end }}
 {{- if .Values.config.metrics.enabled }}
 prometheus.io/scrape: "true"
-prometheus.io/port: "{{ .Values.service.targetPort }}"
+{{- if .Values.config.https.enabled }}
+prometheus.io/port: "443"
+{{- else}}
+prometheus.io/port: "5252"
+{{- end }}
+
 {{- end }}
 {{- end -}}
 

diff --git a/charts/posit-chronicle/templates/configmap.yaml b/charts/posit-chronicle/templates/configmap.yaml
@@ -9,12 +9,12 @@ data:
     # switch between http and https
     {{- if .Values.config.https.enabled }}
     [HTTPS]
-    Listen = 443
+    Listen = :443
     Key = {{ .Values.config.https.key }}
     Certificate = {{ .Values.config.https.certificate }}
     {{- else}}
     [HTTP]
-    Listen = 5252
+    Listen = :5252
     {{- end }}
 
     [Logging]

diff --git a/charts/posit-chronicle/templates/serviceaccount.yaml b/charts/posit-chronicle/templates/serviceaccount.yaml
@@ -1,11 +1,10 @@
----
 {{- if .Values.serviceaccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: chronicle-sa
   labels:
-    {{ include "posit-chronicle.serviceaccount.labels" . | indent 4 }}
+    {{ include "posit-chronicle.serviceaccount.labels" . | nindent 4 }}
   annotations:
-    {{ include "posit-chronicle.serviceaccount.annotations" . | indent 4 }}
+    {{ include "posit-chronicle.serviceaccount.annotations" . | nindent 4 }}
 {{- end -}}
diff --git a/charts/posit-chronicle/values.yaml b/charts/posit-chronicle/values.yaml
@@ -68,7 +68,8 @@ config:
     bucket: "posit-chronicle"
     prefix: ""
     profile: ""
-    region: ""
+    # An AWS region must be set if S3 Storage is enabled
+    region: "us-east-2"
   metrics:
     enabled: true
   profiling: