From 9522c606bbae0fcb15d239d9acb6fb47bba3f1b5 Mon Sep 17 00:00:00 2001 From: dbluxo <20679842+dbluxo@users.noreply.github.com> Date: Wed, 8 Jan 2025 08:36:54 +0100 Subject: [PATCH 1/3] feat(helm): add the ability to deploy extra manifest files --- operations/helm/charts/alloy/CHANGELOG.md | 1 + .../helm/charts/alloy/templates/extra-manifests.yaml | 4 ++++ operations/helm/charts/alloy/values.yaml | 12 ++++++++++++ 3 files changed, 17 insertions(+) create mode 100644 operations/helm/charts/alloy/templates/extra-manifests.yaml diff --git a/operations/helm/charts/alloy/CHANGELOG.md b/operations/helm/charts/alloy/CHANGELOG.md index ac54929ec3..cddb9365f6 100644 --- a/operations/helm/charts/alloy/CHANGELOG.md +++ b/operations/helm/charts/alloy/CHANGELOG.md @@ -13,6 +13,7 @@ Unreleased ### Enhancements - Update jimmidyson/configmap-reload to 0.14.0. (@petewall) +- Add the ability to deploy extra manifest files. (@dbluxo) 0.10.1 (2024-12-03) ---------- diff --git a/operations/helm/charts/alloy/templates/extra-manifests.yaml b/operations/helm/charts/alloy/templates/extra-manifests.yaml new file mode 100644 index 0000000000..a9bb3b6ba8 --- /dev/null +++ b/operations/helm/charts/alloy/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/operations/helm/charts/alloy/values.yaml b/operations/helm/charts/alloy/values.yaml index ba9aae73d9..014564d5c6 100644 --- a/operations/helm/charts/alloy/values.yaml +++ b/operations/helm/charts/alloy/values.yaml @@ -366,3 +366,15 @@ ingress: # - secretName: chart-example-tls # hosts: # - chart-example.local + +# -- Extra k8s manifests to deploy +extraObjects: [] + # - apiVersion: "kubernetes-client.io/v1" + # kind: ExternalSecret + # metadata: + # name: '{{ include "alloy.fullname" . }}' + # spec: + # backendType: gcpSecretsManager + # data: + # - key: alloy-oauth2-creds + # name: client_secret From 9b40d524f45204c61edec952a523060f3a017af7 Mon Sep 17 00:00:00 2001 From: dbluxo <20679842+dbluxo@users.noreply.github.com> Date: Wed, 8 Jan 2025 08:56:43 +0100 Subject: [PATCH 2/3] docs(helm): run helm-docs --- operations/helm/charts/alloy/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/operations/helm/charts/alloy/README.md b/operations/helm/charts/alloy/README.md index 32bbc451d1..09ab066de7 100644 --- a/operations/helm/charts/alloy/README.md +++ b/operations/helm/charts/alloy/README.md @@ -103,6 +103,7 @@ useful if just using the default DaemonSet isn't sufficient. | controller.volumeClaimTemplates | list | `[]` | volumeClaimTemplates to add when controller.type is 'statefulset'. | | controller.volumes.extra | list | `[]` | Extra volumes to add to the Grafana Alloy pod. | | crds.create | bool | `true` | Whether to install CRDs for monitoring. | +| extraObjects | list | `[]` | Extra k8s manifests to deploy | | fullnameOverride | string | `nil` | Overrides the chart's computed fullname. Used to change the full prefix of resource names. | | global.image.pullSecrets | list | `[]` | Optional set of global image pull secrets. | | global.image.registry | string | `""` | Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...) | From 2e9f670756787184b4672457beb4d68df328fec5 Mon Sep 17 00:00:00 2001 From: dbluxo <20679842+dbluxo@users.noreply.github.com> Date: Fri, 10 Jan 2025 12:29:30 +0100 Subject: [PATCH 3/3] ci(helm): add tests --- .../alloy/ci/extra-manifests-values.yaml | 8 ++ operations/helm/charts/alloy/values.yaml | 16 ++- .../alloy/templates/configmap.yaml | 43 +++++++ .../templates/controllers/daemonset.yaml | 75 +++++++++++ .../alloy/templates/extra-manifests.yaml | 9 ++ .../extra-manifests/alloy/templates/rbac.yaml | 119 ++++++++++++++++++ .../alloy/templates/service.yaml | 24 ++++ .../alloy/templates/serviceaccount.yaml | 14 +++ 8 files changed, 299 insertions(+), 9 deletions(-) create mode 100644 operations/helm/charts/alloy/ci/extra-manifests-values.yaml create mode 100644 operations/helm/tests/extra-manifests/alloy/templates/configmap.yaml create mode 100644 operations/helm/tests/extra-manifests/alloy/templates/controllers/daemonset.yaml create mode 100644 operations/helm/tests/extra-manifests/alloy/templates/extra-manifests.yaml create mode 100644 operations/helm/tests/extra-manifests/alloy/templates/rbac.yaml create mode 100644 operations/helm/tests/extra-manifests/alloy/templates/service.yaml create mode 100644 operations/helm/tests/extra-manifests/alloy/templates/serviceaccount.yaml diff --git a/operations/helm/charts/alloy/ci/extra-manifests-values.yaml b/operations/helm/charts/alloy/ci/extra-manifests-values.yaml new file mode 100644 index 0000000000..324c44a210 --- /dev/null +++ b/operations/helm/charts/alloy/ci/extra-manifests-values.yaml @@ -0,0 +1,8 @@ +extraObjects: +- apiVersion: v1 + kind: Secret + metadata: + name: grafana-cloud + stringData: + PROMETHEUS_HOST: 'https://prometheus-us-central1.grafana.net/api/prom/push' + PROMETHEUS_USERNAME: '123456' diff --git a/operations/helm/charts/alloy/values.yaml b/operations/helm/charts/alloy/values.yaml index 014564d5c6..9ae5dc3fe5 100644 --- a/operations/helm/charts/alloy/values.yaml +++ b/operations/helm/charts/alloy/values.yaml @@ -369,12 +369,10 @@ ingress: # -- Extra k8s manifests to deploy extraObjects: [] - # - apiVersion: "kubernetes-client.io/v1" - # kind: ExternalSecret - # metadata: - # name: '{{ include "alloy.fullname" . }}' - # spec: - # backendType: gcpSecretsManager - # data: - # - key: alloy-oauth2-creds - # name: client_secret +# - apiVersion: v1 +# kind: Secret +# metadata: +# name: grafana-cloud +# stringData: +# PROMETHEUS_HOST: 'https://prometheus-us-central1.grafana.net/api/prom/push' +# PROMETHEUS_USERNAME: '123456' diff --git a/operations/helm/tests/extra-manifests/alloy/templates/configmap.yaml b/operations/helm/tests/extra-manifests/alloy/templates/configmap.yaml new file mode 100644 index 0000000000..381ccbff2f --- /dev/null +++ b/operations/helm/tests/extra-manifests/alloy/templates/configmap.yaml @@ -0,0 +1,43 @@ +--- +# Source: alloy/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: alloy + labels: + helm.sh/chart: alloy + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + app.kubernetes.io/version: "vX.Y.Z" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: config +data: + config.alloy: |- + logging { + level = "info" + format = "logfmt" + } + + discovery.kubernetes "pods" { + role = "pod" + } + + discovery.kubernetes "nodes" { + role = "node" + } + + discovery.kubernetes "services" { + role = "service" + } + + discovery.kubernetes "endpoints" { + role = "endpoints" + } + + discovery.kubernetes "endpointslices" { + role = "endpointslice" + } + + discovery.kubernetes "ingresses" { + role = "ingress" + } diff --git a/operations/helm/tests/extra-manifests/alloy/templates/controllers/daemonset.yaml b/operations/helm/tests/extra-manifests/alloy/templates/controllers/daemonset.yaml new file mode 100644 index 0000000000..9edb2018cb --- /dev/null +++ b/operations/helm/tests/extra-manifests/alloy/templates/controllers/daemonset.yaml @@ -0,0 +1,75 @@ +--- +# Source: alloy/templates/controllers/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: alloy + labels: + helm.sh/chart: alloy + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + app.kubernetes.io/version: "vX.Y.Z" + app.kubernetes.io/managed-by: Helm +spec: + minReadySeconds: 10 + selector: + matchLabels: + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: alloy + labels: + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + spec: + serviceAccountName: alloy + containers: + - name: alloy + image: docker.io/grafana/alloy:v1.5.1 + imagePullPolicy: IfNotPresent + args: + - run + - /etc/alloy/config.alloy + - --storage.path=/tmp/alloy + - --server.http.listen-addr=0.0.0.0:12345 + - --server.http.ui-path-prefix=/ + - --stability.level=generally-available + env: + - name: ALLOY_DEPLOY_MODE + value: "helm" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - containerPort: 12345 + name: http-metrics + readinessProbe: + httpGet: + path: /-/ready + port: 12345 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + volumeMounts: + - name: config + mountPath: /etc/alloy + - name: config-reloader + image: ghcr.io/jimmidyson/configmap-reload:v0.14.0 + args: + - --volume-dir=/etc/alloy + - --webhook-url=http://localhost:12345/-/reload + volumeMounts: + - name: config + mountPath: /etc/alloy + resources: + requests: + cpu: 1m + memory: 5Mi + dnsPolicy: ClusterFirst + volumes: + - name: config + configMap: + name: alloy diff --git a/operations/helm/tests/extra-manifests/alloy/templates/extra-manifests.yaml b/operations/helm/tests/extra-manifests/alloy/templates/extra-manifests.yaml new file mode 100644 index 0000000000..9174938d6c --- /dev/null +++ b/operations/helm/tests/extra-manifests/alloy/templates/extra-manifests.yaml @@ -0,0 +1,9 @@ +--- +# Source: alloy/templates/extra-manifests.yaml +apiVersion: v1 +kind: Secret +metadata: + name: grafana-cloud +stringData: + PROMETHEUS_HOST: https://prometheus-us-central1.grafana.net/api/prom/push + PROMETHEUS_USERNAME: "123456" diff --git a/operations/helm/tests/extra-manifests/alloy/templates/rbac.yaml b/operations/helm/tests/extra-manifests/alloy/templates/rbac.yaml new file mode 100644 index 0000000000..58fe9c6a84 --- /dev/null +++ b/operations/helm/tests/extra-manifests/alloy/templates/rbac.yaml @@ -0,0 +1,119 @@ +--- +# Source: alloy/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alloy + labels: + helm.sh/chart: alloy + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + app.kubernetes.io/version: "vX.Y.Z" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: rbac +rules: + # Rules which allow discovery.kubernetes to function. + - apiGroups: + - "" + - "discovery.k8s.io" + - "networking.k8s.io" + resources: + - endpoints + - endpointslices + - ingresses + - nodes + - nodes/proxy + - nodes/metrics + - pods + - services + verbs: + - get + - list + - watch + # Rules which allow loki.source.kubernetes and loki.source.podlogs to work. + - apiGroups: + - "" + resources: + - pods + - pods/log + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "monitoring.grafana.com" + resources: + - podlogs + verbs: + - get + - list + - watch + # Rules which allow mimir.rules.kubernetes to work. + - apiGroups: ["monitoring.coreos.com"] + resources: + - prometheusrules + verbs: + - get + - list + - watch + - nonResourceURLs: + - /metrics + verbs: + - get + # Rules for prometheus.kubernetes.* + - apiGroups: ["monitoring.coreos.com"] + resources: + - podmonitors + - servicemonitors + - probes + verbs: + - get + - list + - watch + # Rules which allow eventhandler to work. + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + # needed for remote.kubernetes.* + - apiGroups: [""] + resources: + - "configmaps" + - "secrets" + verbs: + - get + - list + - watch + # needed for otelcol.processor.k8sattributes + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +--- +# Source: alloy/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alloy + labels: + helm.sh/chart: alloy + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + app.kubernetes.io/version: "vX.Y.Z" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alloy +subjects: + - kind: ServiceAccount + name: alloy + namespace: default diff --git a/operations/helm/tests/extra-manifests/alloy/templates/service.yaml b/operations/helm/tests/extra-manifests/alloy/templates/service.yaml new file mode 100644 index 0000000000..0e9857aef6 --- /dev/null +++ b/operations/helm/tests/extra-manifests/alloy/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: alloy/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: alloy + labels: + helm.sh/chart: alloy + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + app.kubernetes.io/version: "vX.Y.Z" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: networking +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + internalTrafficPolicy: Cluster + ports: + - name: http-metrics + port: 12345 + targetPort: 12345 + protocol: "TCP" diff --git a/operations/helm/tests/extra-manifests/alloy/templates/serviceaccount.yaml b/operations/helm/tests/extra-manifests/alloy/templates/serviceaccount.yaml new file mode 100644 index 0000000000..16959476b1 --- /dev/null +++ b/operations/helm/tests/extra-manifests/alloy/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +# Source: alloy/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alloy + namespace: default + labels: + helm.sh/chart: alloy + app.kubernetes.io/name: alloy + app.kubernetes.io/instance: alloy + app.kubernetes.io/version: "vX.Y.Z" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: rbac