From f2f0510b2ef94a7eb7b062629b907679dbe2f0b3 Mon Sep 17 00:00:00 2001 From: Adib234 Date: Fri, 7 Jun 2024 11:21:48 -0400 Subject: [PATCH 1/6] test --- .github/workflows/presubmit.yml | 13 ++ cmd/operator/main.go | 15 ++ .../go-synthetic/go-synthetic.yaml | 5 + manifests/operator.yaml | 2 +- manifests/parca-server.yaml | 181 ++++++++++++++++++ scripts/deploy_parca.sh | 19 ++ 6 files changed, 234 insertions(+), 1 deletion(-) create mode 100644 manifests/parca-server.yaml create mode 100644 scripts/deploy_parca.sh diff --git a/.github/workflows/presubmit.yml b/.github/workflows/presubmit.yml index 5468faa8fe..096f852342 100644 --- a/.github/workflows/presubmit.yml +++ b/.github/workflows/presubmit.yml @@ -96,3 +96,16 @@ jobs: - uses: actions/checkout@v4 - name: Run e2e run: TEST_RUN=${{matrix.testrun}} make e2e + parca-profile: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} # Fetch the PR's code + - name: Profile the latest stabe version of GMP collector + run: | + ../../scripts/deploy_parca.sh https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/main/manifests/operator.yaml + - name: Profile the incoming change of GMP collector + run: | + ../../scripts/deploy_parca.sh ../../manifests/operator.yaml + diff --git a/cmd/operator/main.go b/cmd/operator/main.go index 5f7fe8810b..fc6ed4c816 100644 --- a/cmd/operator/main.go +++ b/cmd/operator/main.go @@ -18,7 +18,9 @@ import ( "context" "errors" "flag" + "log" "net/http" + "net/http/pprof" "os" "os/signal" "syscall" @@ -43,6 +45,19 @@ const ( ) func main() { + + mux := http.NewServeMux() + mux.HandleFunc("/debug/pprof/", pprof.Index) + mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) + mux.HandleFunc("/debug/pprof/profile", pprof.Profile) + mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) + mux.HandleFunc("/debug/pprof/trace", pprof.Trace) + mux.HandleFunc("/debug/pprof/block", pprof.Trace) + mux.HandleFunc("/debug/pprof/allocs", pprof.Trace) + mux.HandleFunc("/debug/pprof/goroutine", pprof.Trace) + mux.HandleFunc("/debug/pprof/mutex", pprof.Trace) + go func() { log.Fatal(http.ListenAndServe("localhost:6060", mux)) }() + var ( defaultProjectID string defaultCluster string diff --git a/examples/instrumentation/go-synthetic/go-synthetic.yaml b/examples/instrumentation/go-synthetic/go-synthetic.yaml index 91ae11cf02..627e9a6c45 100644 --- a/examples/instrumentation/go-synthetic/go-synthetic.yaml +++ b/examples/instrumentation/go-synthetic/go-synthetic.yaml @@ -34,6 +34,11 @@ spec: - "--listen-address=:8080" - "--cpu-burn-ops=75" - "--memory-ballast-mbs=1024" + - "--histogram-count=2" + - "--native-histogram-count=1" + - "--gauge-count=2" + - "--counter-count=2" + - "--summary-count=2" env: # Needed when using --tls-create-self-signed - name: POD_IP diff --git a/manifests/operator.yaml b/manifests/operator.yaml index e0da514db4..e88f5d4dcb 100644 --- a/manifests/operator.yaml +++ b/manifests/operator.yaml @@ -527,7 +527,7 @@ spec: priorityClassName: gmp-critical containers: - name: operator - image: gke.gcr.io/prometheus-engine/operator:v0.9.0-gke.1 + image: us-east4-docker.pkg.dev/lees-gmp/prometheus-engine/operator:gmp-20242405_1404 args: - "--operator-namespace=gmp-system" - "--public-namespace=gmp-public" diff --git a/manifests/parca-server.yaml b/manifests/parca-server.yaml new file mode 100644 index 0000000000..64b5857bf7 --- /dev/null +++ b/manifests/parca-server.yaml @@ -0,0 +1,181 @@ +--- +apiVersion: v1 +data: + parca.yaml: |- + "object_storage": + "bucket": + "config": + "directory": "/var/lib/parca" + "type": "FILESYSTEM" + scrape_configs: + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_pod_label_app_kubernetes_io_(.+) + replacement: "app_kubernetes_io_$1" + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_container_name] + action: replace + target_label: container +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: observability + app.kubernetes.io/instance: parca + app.kubernetes.io/name: parca + app.kubernetes.io/version: v0.21.0 + name: parca + namespace: parca +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: observability + app.kubernetes.io/instance: parca + app.kubernetes.io/name: parca + app.kubernetes.io/version: v0.21.0 + name: parca + namespace: parca +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: observability + app.kubernetes.io/instance: parca + app.kubernetes.io/name: parca + template: + metadata: + labels: + app.kubernetes.io/component: observability + app.kubernetes.io/instance: parca + app.kubernetes.io/name: parca + app.kubernetes.io/version: v0.21.0 + spec: + containers: + - args: + - /parca + - --http-address=:7070 + - --config-path=/etc/parca/parca.yaml + - --log-level=info + - --cors-allowed-origins=* + - --debuginfod-upstream-servers=debuginfod.systemtap.org + - --debuginfod-http-request-timeout=5m + image: ghcr.io/parca-dev/parca:v0.21.0 + livenessProbe: + exec: + command: + - /grpc_health_probe + - -v + - -addr=:7070 + initialDelaySeconds: 5 + name: parca + ports: + - containerPort: 7070 + name: http + readinessProbe: + exec: + command: + - /grpc_health_probe + - -v + - -addr=:7070 + initialDelaySeconds: 10 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/parca + name: config + - mountPath: /var/lib/parca + name: data + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + supplementalGroups: + - 65534 + serviceAccountName: parca + terminationGracePeriodSeconds: 120 + volumes: + - configMap: + name: parca + name: config + - emptyDir: {} + name: data +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged + name: parca +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: observability + app.kubernetes.io/instance: parca + app.kubernetes.io/name: parca + app.kubernetes.io/version: v0.21.0 + name: parca + namespace: parca +spec: + ports: + - name: http + port: 7070 + targetPort: 7070 + selector: + app.kubernetes.io/component: observability + app.kubernetes.io/instance: parca + app.kubernetes.io/name: parca +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: observability + app.kubernetes.io/instance: parca + app.kubernetes.io/name: parca + app.kubernetes.io/version: v0.21.0 + name: parca + namespace: parca +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: parca-viewer +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: parca-viewer-binding +subjects: +- kind: ServiceAccount + name: parca + namespace: parca # Replace with your Parca namespace +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: parca-viewer diff --git a/scripts/deploy_parca.sh b/scripts/deploy_parca.sh new file mode 100644 index 0000000000..bfd31bcedf --- /dev/null +++ b/scripts/deploy_parca.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Create GKE cluster +gcloud beta container --project "lees-gmp" clusters create "cluster-1-a" --zone "us-central1-c" --no-enable-basic-auth --cluster-version "1.28.9-gke.1000000" --release-channel "regular" --machine-type "e2-medium" --image-type "COS_CONTAINERD" --disk-type "pd-balanced" --disk-size "100" --metadata disable-legacy-endpoints=true --scopes "https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append" --num-nodes "3" --logging=SYSTEM,WORKLOAD --monitoring=SYSTEM --enable-ip-alias --network "projects/lees-gmp/global/networks/lees-network" --subnetwork "projects/lees-gmp/regions/us-central1/subnetworks/lees-network" --no-enable-intra-node-visibility --default-max-pods-per-node "110" --security-posture=standard --workload-vulnerability-scanning=disabled --no-enable-master-authorized-networks --addons HorizontalPodAutoscaling,HttpLoadBalancing,GcePersistentDiskCsiDriver --enable-autoupgrade --enable-autorepair --max-surge-upgrade 1 --max-unavailable-upgrade 0 --binauthz-evaluation-mode=DISABLED --no-enable-managed-prometheus --enable-shielded-nodes --node-locations "us-central1-c" + +# Deploy Parca and Prometheus resources +kubectl create namespace parca +kubectl apply -f parca-server.yaml +kubectl apply -f $1 +kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/main/examples/instrumentation/go-synthetic/go-synthetic.yaml + +# Port-forward Parca service (optional) +kubectl -n parca port-forward service/parca 7070 & + +sleep 1800 + +# Cleanup +kill %1 # Terminate the background port-forward process (if used) +kubectl delete cluster "cluster-1-a" --zone "us-central1-c" \ No newline at end of file From 30ca6b5d21931ff87ed8519008dc8d1f5fb459d2 Mon Sep 17 00:00:00 2001 From: Adib234 Date: Mon, 10 Jun 2024 15:18:47 -0400 Subject: [PATCH 2/6] fix some stuff in script --- scripts/deploy_parca.sh | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) mode change 100644 => 100755 scripts/deploy_parca.sh diff --git a/scripts/deploy_parca.sh b/scripts/deploy_parca.sh old mode 100644 new mode 100755 index bfd31bcedf..462d9a4042 --- a/scripts/deploy_parca.sh +++ b/scripts/deploy_parca.sh @@ -1,19 +1,38 @@ #!/bin/bash +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + # Create GKE cluster -gcloud beta container --project "lees-gmp" clusters create "cluster-1-a" --zone "us-central1-c" --no-enable-basic-auth --cluster-version "1.28.9-gke.1000000" --release-channel "regular" --machine-type "e2-medium" --image-type "COS_CONTAINERD" --disk-type "pd-balanced" --disk-size "100" --metadata disable-legacy-endpoints=true --scopes "https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append" --num-nodes "3" --logging=SYSTEM,WORKLOAD --monitoring=SYSTEM --enable-ip-alias --network "projects/lees-gmp/global/networks/lees-network" --subnetwork "projects/lees-gmp/regions/us-central1/subnetworks/lees-network" --no-enable-intra-node-visibility --default-max-pods-per-node "110" --security-posture=standard --workload-vulnerability-scanning=disabled --no-enable-master-authorized-networks --addons HorizontalPodAutoscaling,HttpLoadBalancing,GcePersistentDiskCsiDriver --enable-autoupgrade --enable-autorepair --max-surge-upgrade 1 --max-unavailable-upgrade 0 --binauthz-evaluation-mode=DISABLED --no-enable-managed-prometheus --enable-shielded-nodes --node-locations "us-central1-c" +gcloud beta container --project "lees-gmp" clusters create "parca-cluster" --zone "us-central1-c" --no-enable-basic-auth --cluster-version "1.28.9-gke.1000000" --release-channel "regular" --machine-type "e2-medium" --image-type "COS_CONTAINERD" --disk-type "pd-balanced" --disk-size "100" --metadata disable-legacy-endpoints=true --scopes "https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append" --num-nodes "3" --logging=SYSTEM,WORKLOAD --monitoring=SYSTEM --enable-ip-alias --network "projects/lees-gmp/global/networks/lees-network" --subnetwork "projects/lees-gmp/regions/us-central1/subnetworks/lees-network" --no-enable-intra-node-visibility --default-max-pods-per-node "110" --security-posture=standard --workload-vulnerability-scanning=disabled --no-enable-master-authorized-networks --addons HorizontalPodAutoscaling,HttpLoadBalancing,GcePersistentDiskCsiDriver --enable-autoupgrade --enable-autorepair --max-surge-upgrade 1 --max-unavailable-upgrade 0 --binauthz-evaluation-mode=DISABLED --no-enable-managed-prometheus --enable-shielded-nodes --node-locations "us-central1-c" +kubectl config set-cluster parca-cluster # Deploy Parca and Prometheus resources kubectl create namespace parca -kubectl apply -f parca-server.yaml +kubectl apply -f ../manifests/parca-server.yaml +kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/manifests/setup.yaml kubectl apply -f $1 -kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/main/examples/instrumentation/go-synthetic/go-synthetic.yaml -# Port-forward Parca service (optional) +sleep 60 + +kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/examples/instrumentation/go-synthetic/go-synthetic.yaml + +# Port-forward Parca service to see visualization system kubectl -n parca port-forward service/parca 7070 & sleep 1800 # Cleanup kill %1 # Terminate the background port-forward process (if used) -kubectl delete cluster "cluster-1-a" --zone "us-central1-c" \ No newline at end of file +kubectl delete all --all --all-namespaces \ No newline at end of file From 9b547168df7b1c3813cd5909465442368f59507b Mon Sep 17 00:00:00 2001 From: Adib234 Date: Mon, 10 Jun 2024 15:45:46 -0400 Subject: [PATCH 3/6] remove unnecessary changes --- .github/workflows/presubmit.yml | 2 +- cmd/operator/main.go | 14 -------------- manifests/operator.yaml | 2 +- manifests/parca-server.yaml | 14 ++++++++++++++ scripts/deploy_parca.sh | 4 ++-- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/presubmit.yml b/.github/workflows/presubmit.yml index 096f852342..ab20b63b5e 100644 --- a/.github/workflows/presubmit.yml +++ b/.github/workflows/presubmit.yml @@ -104,7 +104,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} # Fetch the PR's code - name: Profile the latest stabe version of GMP collector run: | - ../../scripts/deploy_parca.sh https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/main/manifests/operator.yaml + ../../scripts/deploy_parca.sh https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/manifests/operator.yaml - name: Profile the incoming change of GMP collector run: | ../../scripts/deploy_parca.sh ../../manifests/operator.yaml diff --git a/cmd/operator/main.go b/cmd/operator/main.go index fc6ed4c816..de61c9d1be 100644 --- a/cmd/operator/main.go +++ b/cmd/operator/main.go @@ -18,9 +18,7 @@ import ( "context" "errors" "flag" - "log" "net/http" - "net/http/pprof" "os" "os/signal" "syscall" @@ -46,18 +44,6 @@ const ( func main() { - mux := http.NewServeMux() - mux.HandleFunc("/debug/pprof/", pprof.Index) - mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) - mux.HandleFunc("/debug/pprof/profile", pprof.Profile) - mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) - mux.HandleFunc("/debug/pprof/trace", pprof.Trace) - mux.HandleFunc("/debug/pprof/block", pprof.Trace) - mux.HandleFunc("/debug/pprof/allocs", pprof.Trace) - mux.HandleFunc("/debug/pprof/goroutine", pprof.Trace) - mux.HandleFunc("/debug/pprof/mutex", pprof.Trace) - go func() { log.Fatal(http.ListenAndServe("localhost:6060", mux)) }() - var ( defaultProjectID string defaultCluster string diff --git a/manifests/operator.yaml b/manifests/operator.yaml index e88f5d4dcb..e0da514db4 100644 --- a/manifests/operator.yaml +++ b/manifests/operator.yaml @@ -527,7 +527,7 @@ spec: priorityClassName: gmp-critical containers: - name: operator - image: us-east4-docker.pkg.dev/lees-gmp/prometheus-engine/operator:gmp-20242405_1404 + image: gke.gcr.io/prometheus-engine/operator:v0.9.0-gke.1 args: - "--operator-namespace=gmp-system" - "--public-namespace=gmp-public" diff --git a/manifests/parca-server.yaml b/manifests/parca-server.yaml index 64b5857bf7..488b86672e 100644 --- a/manifests/parca-server.yaml +++ b/manifests/parca-server.yaml @@ -1,3 +1,17 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + --- apiVersion: v1 data: diff --git a/scripts/deploy_parca.sh b/scripts/deploy_parca.sh index 462d9a4042..89c991ae93 100755 --- a/scripts/deploy_parca.sh +++ b/scripts/deploy_parca.sh @@ -24,7 +24,7 @@ kubectl apply -f ../manifests/parca-server.yaml kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/manifests/setup.yaml kubectl apply -f $1 -sleep 60 +kubectl wait --for=condition=Ready deployment/gmp-operator -n gmp-system kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/examples/instrumentation/go-synthetic/go-synthetic.yaml @@ -34,5 +34,5 @@ kubectl -n parca port-forward service/parca 7070 & sleep 1800 # Cleanup -kill %1 # Terminate the background port-forward process (if used) +kill %1 # Terminate the background port-forward process kubectl delete all --all --all-namespaces \ No newline at end of file From f9d486e4ef171e299603558987366fb37ba47aa1 Mon Sep 17 00:00:00 2001 From: Adib234 Date: Mon, 10 Jun 2024 15:47:41 -0400 Subject: [PATCH 4/6] remove unnecessary changes --- cmd/operator/main.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/operator/main.go b/cmd/operator/main.go index de61c9d1be..5f7fe8810b 100644 --- a/cmd/operator/main.go +++ b/cmd/operator/main.go @@ -43,7 +43,6 @@ const ( ) func main() { - var ( defaultProjectID string defaultCluster string From 7e097e7d5b73e62f8d21337dfef3bf091c450c0e Mon Sep 17 00:00:00 2001 From: Adib234 Date: Mon, 10 Jun 2024 16:12:48 -0400 Subject: [PATCH 5/6] Move script to .github --- {scripts => .github/scripts}/deploy_parca.sh | 0 .github/workflows/presubmit.yml | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename {scripts => .github/scripts}/deploy_parca.sh (100%) diff --git a/scripts/deploy_parca.sh b/.github/scripts/deploy_parca.sh similarity index 100% rename from scripts/deploy_parca.sh rename to .github/scripts/deploy_parca.sh diff --git a/.github/workflows/presubmit.yml b/.github/workflows/presubmit.yml index ab20b63b5e..cc97956a97 100644 --- a/.github/workflows/presubmit.yml +++ b/.github/workflows/presubmit.yml @@ -104,8 +104,8 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} # Fetch the PR's code - name: Profile the latest stabe version of GMP collector run: | - ../../scripts/deploy_parca.sh https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/manifests/operator.yaml + ./github/scripts/deploy_parca.sh https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/manifests/operator.yaml - name: Profile the incoming change of GMP collector run: | - ../../scripts/deploy_parca.sh ../../manifests/operator.yaml + ./github/scripts/deploy_parca.sh ../../manifests/operator.yaml From 612d8752c052ec97e3adb3e1f477cd10d2d1f742 Mon Sep 17 00:00:00 2001 From: Adib234 Date: Mon, 10 Jun 2024 16:19:55 -0400 Subject: [PATCH 6/6] Fix: provide correct path to script --- .github/workflows/presubmit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/presubmit.yml b/.github/workflows/presubmit.yml index cc97956a97..870b97ecae 100644 --- a/.github/workflows/presubmit.yml +++ b/.github/workflows/presubmit.yml @@ -104,8 +104,8 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} # Fetch the PR's code - name: Profile the latest stabe version of GMP collector run: | - ./github/scripts/deploy_parca.sh https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/manifests/operator.yaml + ./.github/scripts/deploy_parca.sh https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/manifests/operator.yaml - name: Profile the incoming change of GMP collector run: | - ./github/scripts/deploy_parca.sh ../../manifests/operator.yaml + ./.github/scripts/deploy_parca.sh ../../manifests/operator.yaml