From c06784a18d447b31bd435ae620695f94faa8f48c Mon Sep 17 00:00:00 2001 From: AlexMapley Date: Wed, 22 Nov 2023 13:31:45 -0500 Subject: [PATCH] update ci values, helm examples, fix serviceaccount pod and config value issues --- charts/posit-chronicle/Makefile | 1 + charts/posit-chronicle/README.md | 7 ++----- charts/posit-chronicle/README.md.gotmpl | 20 ++++++------------- charts/posit-chronicle/ci/complex-values.yaml | 10 ++++------ .../ci/no-local-storage-values.yaml | 1 + charts/posit-chronicle/ci/simple-values.yaml | 6 ++---- charts/posit-chronicle/templates/_helpers.tpl | 7 ++++++- .../posit-chronicle/templates/configmap.yaml | 4 ++-- .../templates/serviceaccount.yaml | 5 ++--- charts/posit-chronicle/values.yaml | 3 ++- 10 files changed, 28 insertions(+), 36 deletions(-) diff --git a/charts/posit-chronicle/Makefile b/charts/posit-chronicle/Makefile index cbe7eae9..f647d718 100644 --- a/charts/posit-chronicle/Makefile +++ b/charts/posit-chronicle/Makefile @@ -1,6 +1,7 @@ lint: helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml . helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml . + helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/no-local-storage-values.yaml . helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/complex-values.yaml . template: diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 438b0acf..e8b515b1 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -46,7 +46,6 @@ Here are some example Helm values to run the agent sidecar in Workbench: ```yaml pod: - ... sidecar: - name: chronicle-agent image: posit-chronicle:latest @@ -58,7 +57,6 @@ pod: env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default.svc.cluster.local" -... ``` And here are some example Helm values for Connect, where we also pass a Connect @@ -66,7 +64,6 @@ API key from a Kubernetes Secret to unlock more detailed metrics: ```yaml pod: - ... sidecar: - name: chronicle-agent image: posit-chronicle:latest @@ -93,7 +90,7 @@ S3, or both. The default configuration uses a local volume, which is suitable if you'd like to access and analyze the data within your cluster: -``` yaml +```yaml config: localStorage: enabled: true @@ -126,7 +123,7 @@ you can use this role as an annotation on the existing Service Account: ``` yaml serviceaccount: - enabled: false + create: false # -- Additional annotations to add to the chronicle-server serviceaccount annotations: { eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here diff --git a/charts/posit-chronicle/README.md.gotmpl b/charts/posit-chronicle/README.md.gotmpl index 1c957a88..bfd5cbae 100644 --- a/charts/posit-chronicle/README.md.gotmpl +++ b/charts/posit-chronicle/README.md.gotmpl @@ -20,7 +20,6 @@ Here are some example Helm values to run the agent sidecar in Workbench: ```yaml pod: - ... sidecar: - name: chronicle-agent image: posit-chronicle:latest @@ -32,7 +31,6 @@ pod: env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default.svc.cluster.local" -... ``` And here are some example Helm values for Connect, where we also pass a Connect @@ -40,7 +38,6 @@ API key from a Kubernetes Secret to unlock more detailed metrics: ```yaml pod: - ... sidecar: - name: chronicle-agent image: posit-chronicle:latest @@ -67,7 +64,7 @@ S3, or both. The default configuration uses a local volume, which is suitable if you'd like to access and analyze the data within your cluster: -``` yaml +```yaml config: localStorage: enabled: true @@ -83,7 +80,7 @@ supported.) You can also persist data to AWS S3 instead of (or in addition to) local storage: -``` yaml +```yaml config: s3Storage: enabled: true @@ -98,22 +95,18 @@ to manage the credentials needed to access S3. In this scenario, once you have role](https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html), you can use this role as an annotation on the existing Service Account: -``` yaml +```yaml serviceaccount: - enabled: false - # -- Additional annotations to add to the chronicle-server serviceaccount - annotations: { + create: true + annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - } - # -- Additional labels to add to the chronicle-server serviceaccount - labels: {} ``` If you are unable to use IAM Roles for Service Accounts, there are any number of alternatives for injecting AWS credentials into a container. As a fallback, the S3 storage config allows specifying a profile: -``` yaml +```yaml config: s3Storage: enabled: true @@ -122,7 +115,6 @@ config: region: "us-east-2" ``` - {{ template "chart.valuesSection" . }} {{ template "helm-docs.versionFooter" . }} diff --git a/charts/posit-chronicle/ci/complex-values.yaml b/charts/posit-chronicle/ci/complex-values.yaml index dc291618..73e0ae6c 100644 --- a/charts/posit-chronicle/ci/complex-values.yaml +++ b/charts/posit-chronicle/ci/complex-values.yaml @@ -3,7 +3,7 @@ image: imagePullPolicy: "IfNotPresent" serviceaccount: - enabled: false + create: true annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123123123123123:role/chronicle-serviceaccount-role @@ -22,7 +22,7 @@ service: pod: replicas: 4 command: "/bash" - args: ["echo", "hello word"] + args: ["echo", "hello world"] # -- Optional environment variables env: - name: "TEST_ENV_VAR" @@ -44,8 +44,8 @@ config: # If https.enabled=true, we will ignore any http # values and enable https in our config instead enabled: true - key: "" - certificate: "" + key: /path/to/key + certificate: /path/to/cert localStorage: enabled: true location: "./chronicle-data" @@ -53,8 +53,6 @@ config: s3Storage: enabled: true bucket: "posit-chronicle" - prefix: "" - profile: "" region: "us-east-2" metrics: enabled: true diff --git a/charts/posit-chronicle/ci/no-local-storage-values.yaml b/charts/posit-chronicle/ci/no-local-storage-values.yaml index 78c20393..a50bd017 100644 --- a/charts/posit-chronicle/ci/no-local-storage-values.yaml +++ b/charts/posit-chronicle/ci/no-local-storage-values.yaml @@ -19,3 +19,4 @@ config: s3Storage: enabled: true bucket: "posit-chronicle-dev" + region: "ap-northeast-2" diff --git a/charts/posit-chronicle/ci/simple-values.yaml b/charts/posit-chronicle/ci/simple-values.yaml index da687ace..8dd9e17e 100644 --- a/charts/posit-chronicle/ci/simple-values.yaml +++ b/charts/posit-chronicle/ci/simple-values.yaml @@ -2,10 +2,7 @@ image: tag: "latest" serviceaccount: - create: true - annotations: { - eks.amazonaws.com/role-arn: arn:aws:iam::123123123123123:role/chronicle-serviceaccount-role - } + create: false storage: persistentVolumeSize: 10Gi @@ -23,3 +20,4 @@ config: s3Storage: enabled: true bucket: "posit-chronicle-dev" + region: "us-east-1" diff --git a/charts/posit-chronicle/templates/_helpers.tpl b/charts/posit-chronicle/templates/_helpers.tpl index 73745834..95c332ec 100644 --- a/charts/posit-chronicle/templates/_helpers.tpl +++ b/charts/posit-chronicle/templates/_helpers.tpl @@ -10,7 +10,12 @@ Generate annotations for various resources {{ end }} {{- if .Values.config.metrics.enabled }} prometheus.io/scrape: "true" -prometheus.io/port: "{{ .Values.service.targetPort }}" +{{- if .Values.config.https.enabled }} +prometheus.io/port: "443" +{{- else}} +prometheus.io/port: "5252" +{{- end }} + {{- end }} {{- end -}} diff --git a/charts/posit-chronicle/templates/configmap.yaml b/charts/posit-chronicle/templates/configmap.yaml index edddf43b..ec9709ae 100644 --- a/charts/posit-chronicle/templates/configmap.yaml +++ b/charts/posit-chronicle/templates/configmap.yaml @@ -9,12 +9,12 @@ data: # switch between http and https {{- if .Values.config.https.enabled }} [HTTPS] - Listen = 443 + Listen = :443 Key = {{ .Values.config.https.key }} Certificate = {{ .Values.config.https.certificate }} {{- else}} [HTTP] - Listen = 5252 + Listen = :5252 {{- end }} [Logging] diff --git a/charts/posit-chronicle/templates/serviceaccount.yaml b/charts/posit-chronicle/templates/serviceaccount.yaml index e26b058b..d7951c4b 100644 --- a/charts/posit-chronicle/templates/serviceaccount.yaml +++ b/charts/posit-chronicle/templates/serviceaccount.yaml @@ -1,11 +1,10 @@ ---- {{- if .Values.serviceaccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: name: chronicle-sa labels: - {{ include "posit-chronicle.serviceaccount.labels" . | indent 4 }} + {{ include "posit-chronicle.serviceaccount.labels" . | nindent 4 }} annotations: - {{ include "posit-chronicle.serviceaccount.annotations" . | indent 4 }} + {{ include "posit-chronicle.serviceaccount.annotations" . | nindent 4 }} {{- end -}} diff --git a/charts/posit-chronicle/values.yaml b/charts/posit-chronicle/values.yaml index a6d0429d..e5fb723b 100644 --- a/charts/posit-chronicle/values.yaml +++ b/charts/posit-chronicle/values.yaml @@ -68,7 +68,8 @@ config: bucket: "posit-chronicle" prefix: "" profile: "" - region: "" + # An AWS region must be set if S3 Storage is enabled + region: "us-east-2" metrics: enabled: true profiling: