diff --git a/.github/service-labeler.yaml b/.github/service-labeler.yaml index c0fdf99d5f..e9e7e2d901 100644 --- a/.github/service-labeler.yaml +++ b/.github/service-labeler.yaml @@ -10,10 +10,6 @@ services/centralized-grafana: - changed-files: - any-glob-to-any-file: - services/centralized-grafana/** -services/centralized-kubecost: -- changed-files: - - any-glob-to-any-file: - - services/centralized-kubecost/** services/cert-manager: - changed-files: - any-glob-to-any-file: diff --git a/apptests/appscenarios/kubecost.go b/apptests/appscenarios/kubecost.go index bb7344939e..95cce0dbee 100644 --- a/apptests/appscenarios/kubecost.go +++ b/apptests/appscenarios/kubecost.go @@ -2,6 +2,7 @@ package appscenarios import ( "context" + "os" "path/filepath" "github.com/mesosphere/kommander-applications/apptests/constants" @@ -68,14 +69,30 @@ func (r kubeCost) install(ctx context.Context, env *environment.Env, appPath str return err } - // apply the kustomization for the helmrelease - releasePath := filepath.Join(appPath, "/") - err = env.ApplyKustomizations(ctx, releasePath, map[string]string{ - "releaseNamespace": kommanderNamespace, - }) - if err != nil { - return err + // Kubecost has been restructured in 2.14.x. For upgrades to work, we need to handle both versions gracefully. + helmReleasePath := filepath.Join(appPath, "/release") + if _, err = os.Stat(helmReleasePath); err == nil { + // apply the kustomization for the prereqs + prereqs := filepath.Join(appPath, "/pre-install") + err = env.ApplyKustomizations(ctx, prereqs, map[string]string{ + "releaseNamespace": kommanderNamespace, + }) + if err != nil { + return err + } + + // apply the kustomization for the helmrelease + err = env.ApplyKustomizations(ctx, helmReleasePath, map[string]string{ + "releaseNamespace": kommanderNamespace, + }) + if err != nil { + return err + } + return nil } - return err + // apply the helmrelease which is at the "/" path up to 2.13.x + return env.ApplyKustomizations(ctx, filepath.Join(appPath, "/"), map[string]string{ + "releaseNamespace": kommanderNamespace, + }) } diff --git a/apptests/appscenarios/kubecost_test.go b/apptests/appscenarios/kubecost_test.go index cdca182864..ec9fc1d65a 100644 --- a/apptests/appscenarios/kubecost_test.go +++ b/apptests/appscenarios/kubecost_test.go @@ -91,11 +91,16 @@ var _ = Describe("Kubecost Tests", Label("kubecost"), func() { deploymentList = &appsv1.DeploymentList{} err = k8sClient.List(ctx, deploymentList, listOptions) Expect(err).To(BeNil()) - Expect(deploymentList.Items).To(HaveLen(4)) + Expect(deploymentList.Items).To(HaveLen(4), "Expected 4 deployments to be created - cost-analyzer, grafana, prometheus server and prometheus alertmanager") Expect(err).To(BeNil()) for _, deployment := range deploymentList.Items { - Expect(deployment.Spec.Template.Spec.PriorityClassName).To(Equal(dkpHighPriority)) + Expect(deployment.Spec.Template.Spec.PriorityClassName).To( + Equal(dkpHighPriority), + "Deployment %q had an unexpected PriorityClass %q", + deployment.Name, + deployment.Spec.Template.Spec.PriorityClassName, + ) } }) diff --git a/common/helm-repositories/kubecost.yaml b/common/helm-repositories/kubecost.yaml new file mode 100644 index 0000000000..6d3c9ad372 --- /dev/null +++ b/common/helm-repositories/kubecost.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: kubecost + namespace: kommander-flux +spec: + interval: 10m + timeout: 1m + url: "${helmMirrorURL:=https://kubecost.github.io/cost-analyzer/}" diff --git a/common/helm-repositories/kustomization.yaml b/common/helm-repositories/kustomization.yaml index 2d6415c620..38694642e5 100644 --- a/common/helm-repositories/kustomization.yaml +++ b/common/helm-repositories/kustomization.yaml @@ -13,6 +13,7 @@ resources: - kommander-ui.yaml - kommander.yaml - kube-logging.yaml + - kubecost.yaml - kubefed.yaml - kubetunnel.yaml - mesosphere-repos.yaml diff --git a/hack/list-images.sh b/hack/list-images.sh index d90f06d624..7923ece53b 100755 --- a/hack/list-images.sh +++ b/hack/list-images.sh @@ -29,7 +29,7 @@ helm repo update >&2 # hence have values such as "unused" or are actually empty. # If a substitution var is missed here, this script will fail below because `envsubst -no-unset` flag ensures that all # necessary variables are set. In that case, the missing variables should be evaluated and added to this list as -# approriate. +# appropriate. declare -rx releaseNamespace=unused \ RES="" \ targetNamespace=unused \ @@ -78,6 +78,8 @@ declare -rx releaseNamespace=unused \ tfaName=unused \ notPopulatedAnywhereAsThisIsOnlyForAirgappedBundle=unused \ caIssuerName=unused \ + CLUSTER_ID=unused \ + kubecostClusterMode=unused \ kommanderChartVersion="${kommanderChartVersion:-}" IMAGES_FILE="$(realpath "$(mktemp .helm-list-images-XXXXXX)")" diff --git a/licenses.d2iq.yaml b/licenses.d2iq.yaml index e24822a643..e17805c643 100644 --- a/licenses.d2iq.yaml +++ b/licenses.d2iq.yaml @@ -20,12 +20,6 @@ resources: - license_path: LICENSE ref: v${image_tag%-debian-12-r0} url: https://github.com/thanos-io/thanos - - container_image: ghcr.io/mesosphere/dkp-container-images/docker.io/grafana/grafana:10.3.3-d2iq.0 - sources: - - license_path: LICENSE - notice_path: NOTICE.md - ref: v${image_tag%-d2iq.0} - url: https://github.com/grafana/grafana - container_image: docker.io/grafana/grafana:11.2.2-security-01 sources: - license_path: LICENSE @@ -454,13 +448,13 @@ resources: - license_path: LICENSE ref: ${image_tag%-distro} url: https://github.com/kiali/kiali - - container_image: quay.io/prometheus-operator/prometheus-config-reloader:v0.79.2 + - container_image: quay.io/prometheus-operator/prometheus-config-reloader:v0.78.2 sources: - license_path: LICENSE notice_path: NOTICE ref: ${image_tag} url: https://github.com/prometheus-operator/prometheus-operator - - container_image: quay.io/prometheus-operator/prometheus-config-reloader:v0.69.1 + - container_image: quay.io/prometheus-operator/prometheus-config-reloader:v0.79.2 sources: - license_path: LICENSE notice_path: NOTICE @@ -584,18 +578,28 @@ resources: - url: https://github.com/mirror/busybox ref: master license_path: LICENSE - - container_image: gcr.io/kubecost1/cost-model:prod-1.108.1 + - container_image: gcr.io/kubecost1/cost-model:prod-2.5.0 sources: - url: https://github.com/opencost/opencost - ref: v${image_tag#prod-} + ref: v1.112.1 license_path: LICENSE - - container_image: ghcr.io/mesosphere/dkp-container-images/gcr.io/kubecost1/frontend:prod-1.108.1-d2iq.0 + - container_image: gcr.io/kubecost1/frontend:prod-2.5.0 sources: - url: https://github.com/opencost/opencost - ref: v1.108.1 + ref: v1.112.1 license_path: LICENSE - container_image: registry.k8s.io/pause:3.10 sources: - url: https://github.com/kubernetes/kubernetes ref: master license_path: LICENSE + - container_image: gcr.io/k8s-staging-sig-storage/objectstorage-controller:v20221027-v0.1.1-8-g300019f # TODO(takirala): drop this entry after merging https://github.com/mesosphere/konvoy2/pull/3474 + sources: + - url: https://github.com/kubernetes-sigs/container-object-storage-interface + ref: main + license_path: LICENSE + - container_image: quay.io/ceph/cosi:v0.1.2 + sources: + - url: https://github.com/ceph/ceph-cosi + ref: ${image_tag} + license_path: LICENSE diff --git a/services/centralized-grafana/65.5.0/defaults/cm.yaml b/services/centralized-grafana/65.5.0/defaults/cm.yaml index 539bf5a7ef..0256d50c67 100644 --- a/services/centralized-grafana/65.5.0/defaults/cm.yaml +++ b/services/centralized-grafana/65.5.0/defaults/cm.yaml @@ -41,7 +41,7 @@ data: skipReload: true initDatasources: true annotations: - configmap.reloader.stakater.com/reload: "centralized-kubecost-grafana-datasource" + configmap.reloader.stakater.com/reload: "kubecost-grafana-datasource" ingress: enabled: true annotations: diff --git a/services/centralized-kubecost/0.37.8/defaults/cm.yaml b/services/centralized-kubecost/0.37.8/defaults/cm.yaml deleted file mode 100644 index e1ba333175..0000000000 --- a/services/centralized-kubecost/0.37.8/defaults/cm.yaml +++ /dev/null @@ -1,153 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: centralized-kubecost-0.37.8-d2iq-defaults - namespace: ${releaseNamespace} -data: - values.yaml: | - --- - hooks: - clusterID: - kubectlImage: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}" - priorityClassName: dkp-high-priority - - cost-analyzer: - fullnameOverride: "kommander-kubecost-cost-analyzer" - kubecostFrontend: - fullImageName: ghcr.io/mesosphere/dkp-container-images/gcr.io/kubecost1/frontend:prod-1.108.1-d2iq.0 - priority: - enabled: true - name: dkp-high-priority - diagnostics: - enabled: false - global: - prometheus: - fqdn: http://kubecost-prometheus-server.kommander.svc.cluster.local - enabled: false - - thanos: - enabled: true - queryService: http://kommander-kubecost-thanos-query-http.kubecost.svc.cluster.local:10902 - # The wait time before Kommander begins querying cost data for all attached clusters - queryOffset: 5m - query: - deploymentAnnotations: - secret.reloader.stakater.com/reload: kommander-kubecost-thanos-client-tls - - grafana: - enabled: false - # Use kommander monitoring Grafana instance - domainName: centralized-grafana.${releaseNamespace}.svc.cluster.local - - # For Thanos Installs, Allow Higher Concurrency from Cost-Model - # Still may require tweaking for some installs, but the thanos-query-frontend - # will greatly assist in reduction memory bloat in query. - kubecostModel: - maxQueryConcurrency: 5 - # This configuration is applied to thanos only. Expresses the resolution to - # use for longer query ranges. Options: raw, 5m, 1h - Default: raw - maxSourceResolution: 5m - - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: kommander-traefik - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.middlewares: "${releaseNamespace}-stripprefixes@kubernetescrd,${releaseNamespace}-forwardauth@kubernetescrd" - paths: - - "/dkp/kommander/kubecost/frontend/" - hosts: - - "" - tls: [] - - kubecostDeployment: - labels: - vendor.kubecost.io/partner: d2iq - - podSecurityPolicy: - enabled: false - - grafana: - # These values are set so that kubecost grafana dashboards are installed. - # Grafana itself is not installed. - sidecar: - image: - repository: docker.io/kiwigrid/k8s-sidecar - tag: 1.28.0 - dashboards: - enabled: true - label: grafana_dashboard_kommander - datasources: - enabled: true - defaultDatasourceEnabled: false - label: grafana_datasource_kommander - - prometheus: - fullnameOverride: "kommander-kubecost-prometheus" - server: - fullnameOverride: "kommander-kubecost-prometheus-server" - priorityClassName: dkp-high-priority - alertmanager: - fullnameOverride: "kommander-kubecost-prometheus-alertmanager" - priorityClassName: dkp-high-priority - kube-state-metrics: - fullnameOverride: "kommander-kubecost-prometheus-kube-state-metrics" - priorityClassName: dkp-high-priority - - thanos: - image: - repository: quay.io/thanos/thanos - tag: v0.37.1 - fullnameOverride: "kommander-kubecost-thanos" - nameOverride: "kubecost-thanos" - priorityClassName: dkp-high-priority - query: - enabled: true - timeout: 3m - maxConcurrent: 10 - # Name of HTTP request header used for dynamic prefixing of UI links and redirects. - webPrefixHeader: "X-Forwarded-Prefix" - resources: - limits: - cpu: 2000m - memory: 16Gi - requests: - cpu: 1000m - memory: 4Gi - http: - service: - labels: - servicemonitor.kommander.mesosphere.io/path: "metrics" - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: kommander-traefik - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.middlewares: "${releaseNamespace}-stripprefixes@kubernetescrd,${releaseNamespace}-forwardauth@kubernetescrd" - path: "/dkp/kommander/kubecost/query" - hosts: - - "" - tls: [] - # Enable DNS discovery for stores - storeDNSDiscovery: false - # Enable DNS discovery for sidecars (this is for the chart built-in sidecar service) - sidecarDNSDiscovery: false - # Names of configmaps that contain addresses of store API servers, used for file service discovery. - serviceDiscoveryFileConfigMaps: - - kubecost-thanos-query-stores - # Refresh interval to re-read file SD files. It is used as a resync fallback. - serviceDiscoveryInterval: 5m - extraArgs: - - "--log.format=json" - - "--grpc-client-tls-secure" - - "--grpc-client-tls-cert=/etc/certs/tls.crt" - - "--grpc-client-tls-key=/etc/certs/tls.key" - - "--grpc-client-tls-ca=/etc/certs/ca.crt" - - "--grpc-client-server-name=server.thanos.kubecost.localhost.localdomain" - certSecretName: kommander-kubecost-thanos-client-tls - - kubecostProductConfigs: - grafanaURL: "/dkp/kommander/monitoring/grafana" - # used for display in Kubecost UI - clusterName: "Kommander Host" diff --git a/services/centralized-kubecost/0.37.8/post-install-jobs/post-install-jobs.yaml b/services/centralized-kubecost/0.37.8/post-install-jobs/post-install-jobs.yaml deleted file mode 100644 index fc919bee62..0000000000 --- a/services/centralized-kubecost/0.37.8/post-install-jobs/post-install-jobs.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copy grafana-datasource cm after it has been created in the release. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubecost-configmap-edit - namespace: kubecost ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubecost-configmap-edit -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubecost-configmap-edit -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubecost-configmap-edit -subjects: - - kind: ServiceAccount - name: kubecost-configmap-edit - namespace: kubecost ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: copy-kubecost-grafana-datasource-cm - namespace: kubecost -spec: - template: - metadata: - name: copy-kubecost-grafana-datasource-cm - spec: - serviceAccountName: kubecost-configmap-edit - restartPolicy: OnFailure - priorityClassName: dkp-high-priority - containers: - - name: kubectl - image: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}" - command: - - sh - - -c - - | - kubectl get configmap grafana-datasource --namespace=kubecost -o yaml | sed 's/namespace: kubecost/namespace: ${releaseNamespace}/' | sed 's/name: grafana-datasource/name: centralized-kubecost-grafana-datasource/' | grep -v '^\s*uid:\s' | grep -v '^\s*resourceVersion:\s' | kubectl apply -f - diff --git a/services/centralized-kubecost/0.37.8/release/release.yaml b/services/centralized-kubecost/0.37.8/release/release.yaml deleted file mode 100644 index 88df95b7f6..0000000000 --- a/services/centralized-kubecost/0.37.8/release/release.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: centralized-kubecost - namespace: ${releaseNamespace} -spec: - chart: - spec: - chart: kubecost - sourceRef: - kind: HelmRepository - name: mesosphere.github.io-charts-stable - namespace: kommander-flux - version: 0.37.4 - interval: 15s - install: - crds: CreateReplace - remediation: - retries: 30 - createNamespace: true - upgrade: - crds: CreateReplace - remediation: - retries: 30 - releaseName: centralized-kubecost - valuesFrom: - - kind: ConfigMap - name: centralized-kubecost-0.37.8-d2iq-defaults - targetNamespace: kubecost ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubecost-thanos-configmap-edit - namespace: kubecost ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubecost-thanos-configmap-edit - namespace: kubecost -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubecost-thanos-configmap-edit - namespace: kubecost -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubecost-thanos-configmap-edit -subjects: - - kind: ServiceAccount - name: kubecost-thanos-configmap-edit - namespace: kubecost ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: create-kubecost-thanos-query-stores-configmap - namespace: kubecost -spec: - template: - metadata: - name: create-kubecost-thanos-query-stores-configmap - spec: - serviceAccountName: kubecost-thanos-configmap-edit - restartPolicy: OnFailure - priorityClassName: dkp-high-priority - containers: - - name: kubectl - image: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}" - command: - - sh - - "-c" - - |- - /bin/bash <<'EOF' - set -o nounset - set -o errexit - set -o pipefail - - echo "checking if kubecost-thanos-query-stores configmap exists" - - RES=$(set -o errexit; kubectl get configmap --ignore-not-found kubecost-thanos-query-stores) - if [[ $RES == "" ]]; then - echo "kubecost-thanos-query-stores configmap does not exist - creating" - printf '%s\n' "apiVersion: v1" "kind: ConfigMap" "metadata:" " name: kubecost-thanos-query-stores" "data:" " stores.yaml: |-" " - targets: []" > /tmp/kubecost-thanos-query-stores.yaml - kubectl apply -f /tmp/kubecost-thanos-query-stores.yaml - exit 0 - fi - - echo "kubecost-thanos-query-stores configmap already exists - no need to create" - EOF ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: kommander-kubecost-thanos-client-cert - namespace: kubecost -spec: - commonName: client.thanos.kubecost.localhost.localdomain - dnsNames: - - client.thanos.kubecost.localhost.localdomain - duration: 87600h - subject: - organizations: - - Nutanix - secretName: kommander-kubecost-thanos-client-tls - issuerRef: - name: kommander-ca - kind: ClusterIssuer ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-centralized-kubecost-view -rules: - - nonResourceURLs: - - /dkp/kommander/kubecost - - /dkp/kommander/kubecost/* - verbs: - - get - - head ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-centralized-kubecost-edit -rules: - - nonResourceURLs: - - /dkp/kommander/kubecost - - /dkp/kommander/kubecost/* - verbs: - - get - - head - - post - - put ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-centralized-kubecost-admin -rules: - - nonResourceURLs: - - /dkp/kommander/kubecost - - /dkp/kommander/kubecost/* - verbs: - - get - - head - - post - - put - - delete diff --git a/services/centralized-kubecost/metadata.yaml b/services/centralized-kubecost/metadata.yaml deleted file mode 100644 index 8b184b6f49..0000000000 --- a/services/centralized-kubecost/metadata.yaml +++ /dev/null @@ -1,6 +0,0 @@ -type: internal -scope: - - workspace -licensing: - - Ultimate - - Enterprise diff --git a/services/kommander-ui/16.22.0/defaults/cm.yaml b/services/kommander-ui/16.22.0/defaults/cm.yaml index 66177a5e48..ed7149fb70 100644 --- a/services/kommander-ui/16.22.0/defaults/cm.yaml +++ b/services/kommander-ui/16.22.0/defaults/cm.yaml @@ -20,3 +20,5 @@ data: showCD: true fedNamespace: kube-federation-system priorityClassName: "dkp-critical-priority" + # TODO(takirala): revert after merging and releasing https://github.com/mesosphere/kommander-ui/pull/6987 + kubecostEndpoint: http://kubecost-cost-analyzer.kommander.svc:9090 diff --git a/services/kommander/0.14.0/defaults/cm.yaml b/services/kommander/0.14.0/defaults/cm.yaml index 5bd7c0560e..cd2d770d59 100644 --- a/services/kommander/0.14.0/defaults/cm.yaml +++ b/services/kommander/0.14.0/defaults/cm.yaml @@ -67,9 +67,7 @@ data: tag: ${kommanderLicensingControllerWebhookImageTag} repository: ${kommanderLicensingControllerWebhookImageRepository} defaultEnterpriseApps: - - "centralized-kubecost" - "kubecost" - - "kubecost-thanos-traefik" - "centralized-grafana" - "karma" - "karma-traefik" @@ -97,7 +95,7 @@ data: - "ai-navigator-app" - "ai-navigator-cluster-info-agent" - "centralized-grafana" - - "centralized-kubecost" + - "kubecost" - "chartmuseum" - "dex" - "dex-k8s-authenticator" @@ -122,7 +120,6 @@ data: - "kube-prometheus-stack" - "prometheus-adapter" - "prometheus-thanos-traefik" - - "kubecost-thanos-traefik" - "cert-manager" - "karma-traefik" - "gatekeeper" diff --git a/services/kubecost/0.37.9/defaults/cm.yaml b/services/kubecost/0.37.9/defaults/cm.yaml deleted file mode 100644 index dbe45c556d..0000000000 --- a/services/kubecost/0.37.9/defaults/cm.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubecost-0.37.9-d2iq-defaults - namespace: ${releaseNamespace} -data: - values.yaml: | - --- - hooks: - clusterID: - kubectlImage: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}" - priorityClassName: dkp-high-priority - - cost-analyzer: - kubecostFrontend: - fullImageName: ghcr.io/mesosphere/dkp-container-images/gcr.io/kubecost1/frontend:prod-1.108.1-d2iq.0 - priority: - enabled: true - name: dkp-high-priority - diagnostics: - enabled: false - global: - prometheus: - enabled: true - grafana: - enabled: true - - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: kommander-traefik - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.middlewares: "${workspaceNamespace}-stripprefixes@kubernetescrd,${workspaceNamespace}-forwardauth@kubernetescrd" - paths: - - "/dkp/kubecost/frontend/" - hosts: - - "" - tls: [] - - podSecurityPolicy: - enabled: false - - prometheus: - kubeStateMetrics: - enabled: false - kube-state-metrics: - disabled: true - server: - priorityClassName: dkp-high-priority - image: - tag: v2.55.0 - sidecarContainers: - - name: thanos-sidecar - image: quay.io/thanos/thanos:v0.37.1 - args: - - sidecar - - --log.level=debug - - --tsdb.path=/data/ - - --prometheus.url=http://127.0.0.1:9090 - - --reloader.config-file=/etc/config/prometheus.yml - # Start of time range limit to serve. Thanos sidecar will serve only metrics, which happened - # later than this value. Option can be a constant time in RFC3339 format or time duration - # relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. - - --min-time=-3h - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - name: sidecar-http - containerPort: 10902 - - name: grpc - containerPort: 10901 - - name: cluster - containerPort: 10900 - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: /data - subPath: "" - alertmanager: - priorityClassName: dkp-high-priority - image: - repository: quay.io/prometheus/alertmanager - tag: v0.27.0 - grafana: - priorityClassName: dkp-high-priority - image: - repository: ghcr.io/mesosphere/dkp-container-images/docker.io/grafana/grafana - tag: 10.3.3-d2iq.0 - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: kommander-traefik - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.middlewares: "${workspaceNamespace}-stripprefixes@kubernetescrd,${workspaceNamespace}-forwardauth@kubernetescrd" - hosts: [""] - path: "/dkp/kubecost/grafana" - grafana.ini: - log: - level: warn - server: - protocol: http - enable_gzip: true - root_url: "%(protocol)s://%(domain)s:%(http_port)s/dkp/kubecost/grafana" - serve_from_sub_path: false # Set to false on Grafana v10+ - auth.proxy: - enabled: true - header_name: X-Forwarded-User - auto-sign-up: true - auth.basic: - enabled: false - users: - auto_assign_org_role: Admin - analytics: - reporting_enabled: false - check_for_updates: false - sidecar: - image: - repository: docker.io/kiwigrid/k8s-sidecar - tag: 1.28.0 - - kubecostProductConfigs: - grafanaURL: "/dkp/kubecost/grafana" - # used for display in Kubecost UI - clusterName: "Kommander Managed Cluster" diff --git a/services/kubecost/0.37.9/kubecost.yaml b/services/kubecost/0.37.9/kubecost.yaml deleted file mode 100644 index 8385fb2214..0000000000 --- a/services/kubecost/0.37.9/kubecost.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: kubecost - namespace: ${releaseNamespace} -spec: - chart: - spec: - chart: kubecost - sourceRef: - kind: HelmRepository - name: mesosphere.github.io-charts-stable - namespace: kommander-flux - version: 0.37.4 - interval: 15s - install: - crds: CreateReplace - remediation: - retries: 30 - createNamespace: true - upgrade: - crds: CreateReplace - remediation: - retries: 30 - releaseName: kubecost - valuesFrom: - - kind: ConfigMap - name: kubecost-0.37.9-d2iq-defaults - targetNamespace: ${releaseNamespace} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubecost-app-dashboard-info - namespace: ${releaseNamespace} - labels: - "kommander.d2iq.io/application": "kubecost" -data: - name: "Kubecost" - dashboardLink: "/dkp/kubecost/frontend/overview.html" - docsLink: "http://docs.kubecost.com/" - # From: https://github.com/mesosphere/charts/blob/master/stable/kubecost/Chart.yaml#L2 - version: "1.104.0" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-kubecost-view -rules: - - nonResourceURLs: - - /dkp/kubecost/frontend - - /dkp/kubecost/frontend/* - verbs: - - get - - head ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-kubecost-edit -rules: - - nonResourceURLs: - - /dkp/kubecost/frontend - - /dkp/kubecost/frontend/* - verbs: - - get - - head - - post - - put ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-kubecost-admin -rules: - - nonResourceURLs: - - /dkp/kubecost/frontend - - /dkp/kubecost/frontend/* - verbs: - - get - - head - - post - - put - - delete diff --git a/services/kubecost/2.5.0/cosi-storage.yaml b/services/kubecost/2.5.0/cosi-storage.yaml new file mode 100644 index 0000000000..64475c5abb --- /dev/null +++ b/services/kubecost/2.5.0/cosi-storage.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: kubecost-cosi-storage + namespace: ${releaseNamespace} +spec: + force: true + prune: true + wait: true + interval: 10m + retryInterval: 1m + path: ./services/kubecost/2.5.0/cosi-storage + sourceRef: + kind: GitRepository + name: management + namespace: kommander-flux + timeout: 1m + dependsOn: + - name: todo-move-to-konvoy + namespace: ${releaseNamespace} + postBuild: + substitute: + releaseNamespace: ${releaseNamespace} + substituteFrom: + - kind: ConfigMap + name: substitution-vars diff --git a/services/kubecost/2.5.0/cosi-storage/cosi-bucket.yaml b/services/kubecost/2.5.0/cosi-storage/cosi-bucket.yaml new file mode 100644 index 0000000000..5663fd8c96 --- /dev/null +++ b/services/kubecost/2.5.0/cosi-storage/cosi-bucket.yaml @@ -0,0 +1,35 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: kubecost-cosi-storage + namespace: ${releaseNamespace} +spec: + chart: + spec: + chart: cosi-bucket-kit + sourceRef: + kind: HelmRepository + name: mesosphere.github.io-charts-stable + namespace: kommander-flux + version: 0.0.1-alpha.0 + interval: 15s + install: + crds: CreateReplace + remediation: + retries: 30 + createNamespace: true + upgrade: + crds: CreateReplace + remediation: + retries: 30 + releaseName: kubecost-cosi-storage + targetNamespace: ${releaseNamespace} + valuesFrom: + - kind: ConfigMap + name: kubecost-2.5.0-d2iq-defaults + valuesKey: ${releaseNamespace}-namespace-${kubecostClusterMode}-values.yaml # This will ensure non kommander namespace installs do not get cosi buckets. + optional: true + - kind: ConfigMap + name: kubecost-overrides + optional: true +--- diff --git a/services/kubecost/0.37.9/kustomization.yaml b/services/kubecost/2.5.0/cosi-storage/kustomization.yaml similarity index 79% rename from services/kubecost/0.37.9/kustomization.yaml rename to services/kubecost/2.5.0/cosi-storage/kustomization.yaml index f867bff569..c80c842070 100644 --- a/services/kubecost/0.37.9/kustomization.yaml +++ b/services/kubecost/2.5.0/cosi-storage/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - kubecost.yaml +- cosi-bucket.yaml diff --git a/services/kubecost/2.5.0/defaults/cm.yaml b/services/kubecost/2.5.0/defaults/cm.yaml new file mode 100644 index 0000000000..3afe8def83 --- /dev/null +++ b/services/kubecost/2.5.0/defaults/cm.yaml @@ -0,0 +1,326 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubecost-2.5.0-d2iq-defaults + namespace: ${releaseNamespace} +data: + values.yaml: | + --- + global: + prometheus: + enabled: true + + grafana: + enabled: false # Cannot use grafana when federatedETL.agentOnly is true. + + forecasting: + # Enable this to use kubecost's cost forecosting model + enabled: false + + upgrade: + toV2: false # TODO(takirala): Handle upgrades. + + federatedETL: + federatedCluster: true + agentOnly: true + + ingress: + enabled: false + + kubecostModel: + federatedStorageConfigSecret: "federated-store" # Secret should have a key named "federated-store.yaml" with the federated storage credentials + + kubecostAggregator: + deployMethod: disabled + + priority: + enabled: true + name: dkp-high-priority + + prometheus: + kubeStateMetrics: + enabled: false + kube-state-metrics: + disabled: true + + extraScrapeConfigs: | + - job_name: kubecost + honor_labels: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + dns_sd_configs: + - names: + - {{ .Release.Name }}-cost-analyzer + type: 'A' + port: 9003 + - job_name: kubecost-networking + kubernetes_sd_configs: + - role: pod + relabel_configs: + # Scrape only the the targets matching the following metadata + - source_labels: [__meta_kubernetes_pod_label_app] + action: keep + regex: {{ .Release.Name }}-network-costs + + server: + priorityClassName: dkp-high-priority + retention: 14d + fullnameOverride: "kubecost-prometheus-server" + image: + repository: quay.io/prometheus/prometheus + tag: v2.55.0 + # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID + # to use as unique cluster ID in kubecost cost-analyzer deployment. + # This overrides the cluster_id set in prometheus.server.global.external_labels. + # NOTE: This does not affect the external_labels set in prometheus config. + clusterIDConfigmap: kubecost-cluster-info-configmap + extraFlags: + - web.enable-admin-api + - web.enable-lifecycle + - storage.tsdb.wal-compression + resources: + limits: + cpu: 1000m + memory: 2500Mi + requests: + cpu: 300m + memory: 1500Mi + global: + scrape_interval: 1m + scrape_timeout: 10s + evaluation_interval: 1m + external_labels: + cluster_id: $CLUSTER_ID + persistentVolume: + size: 32Gi + enabled: true + extraArgs: + log.level: info + log.format: json + storage.tsdb.min-block-duration: 2h + storage.tsdb.max-block-duration: 2h + query.max-concurrency: 1 + query.max-samples: 100000000 + enableAdminApi: true + service: + gRPC: + enabled: true + configmapReload: + prometheus: + enabled: true + alertmanager: + enabled: true + alertmanager: + fullnameOverride: "kubecost-prometheus-alertmanager" + priorityClassName: dkp-high-priority + enabled: true + image: + repository: quay.io/prometheus/alertmanager + tag: v0.27.0 + resources: + limits: + cpu: 50m + memory: 100Mi + requests: + cpu: 10m + memory: 50Mi + persistentVolume: + enabled: true + pushgateway: + enabled: false + persistentVolume: + enabled: false + serverFiles: + alerts: + groups: + - name: Kubecost + rules: + - alert: kubecostDown + expr: up{job="kubecost"} == 0 + annotations: + message: 'Kubecost metrics endpoint is not being scraped successfully.' + for: 10m + labels: + severity: warning + - alert: kubecostMetricsUnavailable + expr: sum(sum_over_time(node_cpu_hourly_cost[5m])) == 0 + annotations: + message: 'Kubecost metrics are not available in Prometheus.' + for: 10m + labels: + severity: warning + - alert: kubecostRecordingRulesNotEvaluated + expr: avg_over_time(kubecost_cluster_memory_working_set_bytes[5m]) == 0 + annotations: + message: 'Kubecost recording rules are not being successfully evaluated.' + for: 10m + labels: + severity: warning + + kubecostProductConfigs: + clusterName: "" + clusterProfile: production + cloudIntegrationSecret: "" + currencyCode: USD + productKey: + enabled: false + #key: YOUR_KEY + + # Overrides for kommander namespace to run kubecost in non agent (but single cluster) mode + # Negate some of the values from the default values.yaml to ensure kubecost runs in single cluster mode + kommander-namespace-values.yaml: | + global: + grafana: + enabled: true + # TODO(takirala): Use kommander monitoring centralized-grafana instance + # once it is available. + # Or, maybe just add same datasource to it if possible ? + + notifications: + alertmanager: + # If true, allow kubecost to write to alertmanager + enabled: true + + federatedETL: + federatedCluster: false + agentOnly: false + + kubecostModel: + federatedStorageConfigSecret: "" + + kubecostAggregator: + # deployMethod determines how Aggregator is deployed. Current options are + # "singlepod" (within cost-analyzer Pod) "statefulset" (separate + # StatefulSet), and "disabled". + deployMethod: singlepod + persistentConfigsStorage: + storageClass: "" # default storage class + storageRequest: 1Gi + aggregatorDbStorage: + storageClass: "" # default storage class + storageRequest: 128Gi + cloudCost: + # The cloudCost component of Aggregator depends on + # kubecostAggregator.deployMethod: + # kA.dM = "singlepod" -> cloudCost is run as container inside cost-analyzer + # kA.dM = "statefulset" -> cloudCost is run as single-replica Deployment + enabled: false + # Log level for the aggregator container. Options are "trace", "debug", "info", "warn", "error", "fatal", "panic" + logLevel: info + resources: + requests: + cpu: 1000m + memory: 1Gi + jaeger: + # Enable this to use jaeger for tracing, useful for debugging + enabled: false + image: jaegertracing/all-in-one + imageVersion: 1.64.0 # Pin the image here to avoid pulling in latest as that would affect CVE scans + + kubecostFrontend: + enabled: true + fullImageName: gcr.io/kubecost1/frontend:prod-2.5.0 + deployMethod: singlepod # Other possible value is `haMode` that is supported only with enterprise license. + ipv6: + enabled: false + + # Define persistence volume for cost-analyzer, more information at https://github.com/kubecost/docs/blob/master/storage.md + persistentVolume: + # Upgrades from original default 0.2Gi may break if automatic disk resize is not supported + # https://github.com/kubecost/cost-analyzer-helm-chart/issues/507 + size: 32Gi + # Note that setting this to false means configurations will be wiped out on pod restart. + enabled: true + # storageClass: "-" + + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: kommander-traefik + ingress.kubernetes.io/auth-response-headers: X-Forwarded-User + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.middlewares: "${releaseNamespace}-stripprefixes@kubernetescrd,${releaseNamespace}-forwardauth@kubernetescrd" + paths: + - "/dkp/kommander/kubecost/frontend/" # This used to be the ingress of centralized-kubecost in 2.13.x and older versions of DKP + hosts: + - "" + tls: [] + + grafana: + priorityClassName: dkp-high-priority + image: + repository: grafana/grafana + tag: 11.4.0 + pullPolicy: IfNotPresent + sidecar: + image: + repository: docker.io/kiwigrid/k8s-sidecar + tag: 1.28.0 + dashboards: + enabled: true + label: grafana_dashboard_kommander + datasources: + enabled: true + defaultDatasourceEnabled: false + label: grafana_datasource_kommander + + # Overrides for multi cluster kubecost installations + kommander-namespace-multi-cluster-values.yaml: | + --- + kubecostAggregator: + # deployMethod determines how Aggregator is deployed. Current options are + deployMethod: statefulset + federatedETL: + federatedCluster: true + agentOnly: false + kubecostModel: + federatedStorageConfigSecret: "federated-store" # Secret should have a key named "federated-store.yaml" with the federated storage credentials + # COSI related resources + bucketClasses: # Cluster scoped resource + - name: kubecost-cosi-storage + driverName: rook-ceph.ceph.objectstorage.k8s.io + deletionPolicy: Delete + parameters: + objectStoreUserSecretName: rook-ceph-object-user-dkp-object-store-cosi-admin + objectStoreUserSecretNamespace: ${releaseNamespace} + bucketAccessClasses: # Cluster scoped resource + - name: kubecost-cosi-storage + driverName: rook-ceph.ceph.objectstorage.k8s.io + authenticationType: KEY + parameters: + # This secret (backed by a ceph user) is created below in the driver config. + objectStoreUserSecretName: rook-ceph-object-user-dkp-object-store-cosi-admin + objectStoreUserSecretNamespace: ${releaseNamespace} + bucketClaims: # Namespace scoped resource + - name: kubecost-cosi-storage + namespace: ${releaseNamespace} + bucketClassName: kubecost-cosi-storage + protocols: + - s3 + bucketAccesses: # Namespace scoped resource + - name: kubecost-cosi-storage + namespace: ${releaseNamespace} + bucketAccessClassName: kubecost-cosi-storage + bucketClaimName: kubecost-cosi-storage + protocol: s3 + credentialsSecretName: federated-store + cosiProviders: + ceph: + driver: + enabled: true + name: ceph-cosi-driver + namespace: ${releaseNamespace} + spec: + deploymentStrategy: Auto + adminuser: + enabled: true + name: cosi-admin + namespace: ${releaseNamespace} + spec: + displayName: "ceph cosi admin" + store: dkp-object-store # name of the CephObjectStore + capabilities: + bucket: "*" + user: "*" diff --git a/services/centralized-kubecost/0.37.8/defaults/kustomization.yaml b/services/kubecost/2.5.0/defaults/kustomization.yaml similarity index 100% rename from services/centralized-kubecost/0.37.8/defaults/kustomization.yaml rename to services/kubecost/2.5.0/defaults/kustomization.yaml diff --git a/services/kubecost/2.5.0/kustomization.yaml b/services/kubecost/2.5.0/kustomization.yaml new file mode 100644 index 0000000000..e3cb9b6640 --- /dev/null +++ b/services/kubecost/2.5.0/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - move-to-konvoy.yaml + - cosi-storage.yaml + - pre-install.yaml + - release.yaml diff --git a/services/centralized-kubecost/0.37.8/release.yaml b/services/kubecost/2.5.0/move-to-konvoy.yaml similarity index 61% rename from services/centralized-kubecost/0.37.8/release.yaml rename to services/kubecost/2.5.0/move-to-konvoy.yaml index d745445c6c..f9492644a7 100644 --- a/services/centralized-kubecost/0.37.8/release.yaml +++ b/services/kubecost/2.5.0/move-to-konvoy.yaml @@ -1,21 +1,20 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: centralized-kubecost-release + name: todo-move-to-konvoy namespace: ${releaseNamespace} spec: force: true - prune: true + prune: false wait: true interval: 6h retryInterval: 1m - path: ./services/centralized-kubecost/0.37.8/release + path: ./services/kubecost/2.5.0/move-to-konvoy sourceRef: kind: GitRepository name: management namespace: kommander-flux timeout: 1m postBuild: - substituteFrom: - - kind: ConfigMap - name: substitution-vars + substitute: + releaseNamespace: ${releaseNamespace} diff --git a/services/centralized-kubecost/0.37.8/kustomization.yaml b/services/kubecost/2.5.0/move-to-konvoy/kustomization.yaml similarity index 63% rename from services/centralized-kubecost/0.37.8/kustomization.yaml rename to services/kubecost/2.5.0/move-to-konvoy/kustomization.yaml index 1b10bcdf3c..25813daecf 100644 --- a/services/centralized-kubecost/0.37.8/kustomization.yaml +++ b/services/kubecost/2.5.0/move-to-konvoy/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - release.yaml - - post-install-jobs.yaml +- move-to-konvoy-cosi-hr.yaml diff --git a/services/kubecost/2.5.0/move-to-konvoy/move-to-konvoy-cosi-hr.yaml b/services/kubecost/2.5.0/move-to-konvoy/move-to-konvoy-cosi-hr.yaml new file mode 100644 index 0000000000..59c24dc76a --- /dev/null +++ b/services/kubecost/2.5.0/move-to-konvoy/move-to-konvoy-cosi-hr.yaml @@ -0,0 +1,26 @@ +# TODO: https://jira.nutanix.com/browse/NCN-104793 and https://jira.nutanix.com/browse/NCN-104743 +# Delete this helm release after merging https://github.com/mesosphere/konvoy2/pull/3474 (and adding a similar change in CAREN) +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: cosi-move-to-konvoy-todo + namespace: ${releaseNamespace} +spec: + chart: + spec: + chart: cosi + sourceRef: + kind: HelmRepository + name: mesosphere.github.io-charts-stable + namespace: kommander-flux + version: 0.0.1-alpha.1 + interval: 15s + install: + crds: CreateReplace + remediation: + retries: 30 + upgrade: + crds: Skip + remediation: + retries: 30 + releaseName: does-not-matter diff --git a/services/kubecost/2.5.0/pre-install.yaml b/services/kubecost/2.5.0/pre-install.yaml new file mode 100644 index 0000000000..4dc143eaaa --- /dev/null +++ b/services/kubecost/2.5.0/pre-install.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: kubecost-pre-install + namespace: ${releaseNamespace} +spec: + force: true + prune: true + wait: true + interval: 10m + retryInterval: 1m + path: ./services/kubecost/2.5.0/pre-install + dependsOn: + - name: kubecost-cosi-storage + namespace: ${releaseNamespace} + sourceRef: + kind: GitRepository + name: management + namespace: kommander-flux + timeout: 1m + postBuild: + substitute: + releaseNamespace: ${releaseNamespace} + substituteFrom: + - kind: ConfigMap + name: substitution-vars diff --git a/services/kubecost/2.5.0/pre-install/kustomization.yaml b/services/kubecost/2.5.0/pre-install/kustomization.yaml new file mode 100644 index 0000000000..a9ec66cfb5 --- /dev/null +++ b/services/kubecost/2.5.0/pre-install/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- pre-install-jobs.yaml diff --git a/services/kubecost/2.5.0/pre-install/pre-install-jobs.yaml b/services/kubecost/2.5.0/pre-install/pre-install-jobs.yaml new file mode 100644 index 0000000000..f51075818e --- /dev/null +++ b/services/kubecost/2.5.0/pre-install/pre-install-jobs.yaml @@ -0,0 +1,160 @@ +# Copy grafana-datasource cm after it has been created in the release. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubecost-pre-install + namespace: ${releaseNamespace} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubecost-pre-install + namespace: ${releaseNamespace} +rules: + - apiGroups: [""] + resources: [ "configmaps" ] + verbs: ["get", "list", "create", "patch" ] + - apiGroups: [ "" ] + resources: [ "secrets" ] + verbs: [ "get", "list", "patch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubecost-pre-install-clusterrole +rules: + - apiGroups: [ "" ] + resources: [ "namespaces" ] + verbs: [ "get", "list" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubecost-pre-install + namespace: ${releaseNamespace} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubecost-pre-install +subjects: + - kind: ServiceAccount + name: kubecost-pre-install + namespace: ${releaseNamespace} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubecost-pre-install-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubecost-pre-install-clusterrole +subjects: + - kind: ServiceAccount + name: kubecost-pre-install + namespace: ${releaseNamespace} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kubecost-pre-install + namespace: ${releaseNamespace} +spec: + template: + metadata: + name: kubecost-pre-install + spec: + serviceAccountName: kubecost-pre-install + restartPolicy: OnFailure + priorityClassName: dkp-high-priority + containers: + - name: create-kubecost-cluster-info-configmap + image: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}" + command: + - bash + - -c + - | + set -o nounset + set -o errexit + set -o pipefail + + echo() { + command echo $(date) "$@" + } + + echo "Checking for the existence of kubecost-cluster-info-configmap..." + # Skip if the configmap already exists and has a non empty CLUSTER_ID value. + CURRENT_CLUSTER_ID=$(kubectl get configmap kubecost-cluster-info-configmap -n kommander -o jsonpath='{.data.CLUSTER_ID}') + if [ -n "$CURRENT_CLUSTER_ID" ]; then + echo "CLUSTER_ID exists and is equal to $CURRENT_CLUSTER_ID." + exit 0 + else + echo "CLUSTER_ID is either missing or empty. Populating it..." + fi + kubectl create configmap kubecost-cluster-info-configmap -n ${releaseNamespace} -oyaml --dry-run=client --save-config --from-literal=CLUSTER_ID=$(kubectl get namespace kube-system -o jsonpath="{.metadata.uid}") | kubectl apply -f - + - name: transform-cosi-secret-to-kubecost-secret + image: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}" + command: + - bash + - -c + - | + set -o nounset + set -o errexit + set -o pipefail + + echo() { + command echo $(date) "$@" + } + + # If releaseNamespace is not kommander, skip the step. + if [ "${releaseNamespace}" != "kommander" ]; then + echo "Skipping the step in non-kommander namespace." + exit 0 + fi + + # check the value of kubecostClusterMode and exit early if it is not equal to multi-cluster. + if [ "${kubecostClusterMode}" != "multi-cluster" ]; then + echo "kubecostClusterMode is not set to multi-cluster. Skipping the step." + exit 0 + fi + + # Wait until federated-store secret is found. + while ! kubectl get secret -n ${releaseNamespace} federated-store; do + echo "federated-store secret not found. Waiting for it to be created." + sleep 5 + done + + echo "federated-store secret found. Fetching bucketInfo..." + bucketInfo=$(kubectl get secret -n ${releaseNamespace} federated-store -o go-template='{{ .data.BucketInfo | base64decode }}') + tmpfile=$(mktemp /tmp/federated-store.XXXXXX) + + echo "Fetched bucketInfo from federated-store secret. Processing it..." + yq eval ' + { + "type": "S3", + "config": { + "bucket": .spec.bucketName, + "endpoint": .spec.secretS3.endpoint | sub(":\\d+$", "") | sub("^http://", "") | sub("^https://", ""), # Remove port and protocol (if any). + "region": .spec.secretS3.region, + "access_key": .spec.secretS3.accessKeyID, + "secret_key": .spec.secretS3.accessSecretKey, + "insecure": .spec.secretS3.endpoint | test("^http://"), # Use insecure if endpoint is http (e.g.: cluster internal endpoint). + "signature_version2": false, # Use signature version 4. + "put_user_metadata": { + "X-Amz-Acl": "bucket-owner-full-control" + }, + "http_config": { + "idle_conn_timeout": "90s", + "response_header_timeout": "2m", + "insecure_skip_verify": false + }, + "trace": { + "enable": false # Enable to debug errors (if any) + }, + "part_size": 10240 # TODO(takirala): Deduce this value logically. + } + }' <<< "$bucketInfo" > "$tmpfile" + echo "Transformed bucketInfo to federated-store.yaml. Updating federated-store secret..." + kubectl create secret generic federated-store -n ${releaseNamespace} --from-file=federated-store.yaml="$tmpfile" --dry-run=client -o yaml | kubectl apply -f - + kubectl label secret federated-store -n ${releaseNamespace} app.kubernetes.io/processed-by-kommander-kubecost=true --overwrite + rm "$tmpfile" diff --git a/services/centralized-kubecost/0.37.8/post-install-jobs.yaml b/services/kubecost/2.5.0/release.yaml similarity index 63% rename from services/centralized-kubecost/0.37.8/post-install-jobs.yaml rename to services/kubecost/2.5.0/release.yaml index 3a33acf9c4..b2d658cd76 100644 --- a/services/centralized-kubecost/0.37.8/post-install-jobs.yaml +++ b/services/kubecost/2.5.0/release.yaml @@ -1,23 +1,26 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: centralized-kubecost-post-install-jobs + name: kubecost-release namespace: ${releaseNamespace} spec: force: true prune: true wait: true - interval: 6h + interval: 10m retryInterval: 1m - path: ./services/centralized-kubecost/0.37.8/post-install-jobs dependsOn: - - name: centralized-kubecost-release + - name: kubecost-pre-install + namespace: ${releaseNamespace} + path: ./services/kubecost/2.5.0/release sourceRef: kind: GitRepository name: management namespace: kommander-flux timeout: 1m postBuild: + substitute: + releaseNamespace: ${releaseNamespace} substituteFrom: - kind: ConfigMap name: substitution-vars diff --git a/services/kubecost/2.5.0/release/extra-images.txt b/services/kubecost/2.5.0/release/extra-images.txt new file mode 100644 index 0000000000..56f415aa4f --- /dev/null +++ b/services/kubecost/2.5.0/release/extra-images.txt @@ -0,0 +1,2 @@ +{{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} +quay.io/ceph/cosi:v0.1.2 diff --git a/services/kubecost/0.37.9/defaults/kustomization.yaml b/services/kubecost/2.5.0/release/kustomization.yaml similarity index 83% rename from services/kubecost/0.37.9/defaults/kustomization.yaml rename to services/kubecost/2.5.0/release/kustomization.yaml index 77c753a51a..7da88de34a 100644 --- a/services/kubecost/0.37.9/defaults/kustomization.yaml +++ b/services/kubecost/2.5.0/release/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - cm.yaml +- release.yaml diff --git a/services/kubecost/2.5.0/release/release.yaml b/services/kubecost/2.5.0/release/release.yaml new file mode 100644 index 0000000000..d2a8b6d11a --- /dev/null +++ b/services/kubecost/2.5.0/release/release.yaml @@ -0,0 +1,91 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: kubecost + namespace: ${releaseNamespace} +spec: + chart: + spec: + chart: cost-analyzer + sourceRef: + kind: HelmRepository + name: kubecost + namespace: kommander-flux + version: 2.5.0 + interval: 15s + install: + crds: CreateReplace + remediation: + retries: 30 + createNamespace: true + upgrade: + crds: CreateReplace + remediation: + retries: 30 + releaseName: kubecost + valuesFrom: # The order is important. The last entry will override the previous ones. + - kind: ConfigMap + name: kubecost-2.5.0-d2iq-defaults # Configures the kubecost cluster as secondary. + - kind: ConfigMap + name: kubecost-2.5.0-d2iq-defaults + valuesKey: ${releaseNamespace}-namespace-values.yaml # Configures the kubecost cluster as primary. + optional: true + - kind: ConfigMap + name: kubecost-2.5.0-d2iq-defaults + valuesKey: ${releaseNamespace}-namespace-${kubecostClusterMode}-values.yaml # Configures the primary kubecost cluster with multi-cluster mode. + optional: true + targetNamespace: ${releaseNamespace} + postRenderers: + - kustomize: + patches: + # The name of grafana datasource configmap is hardcoded in upstream chart. Use postRenderers to make the name specific to kubecost (no-op on attached clusters). + - target: + version: v1 + kind: ConfigMap + name: grafana-datasource + patch: | + - op: replace + path: /metadata/name + value: kubecost-grafana-datasource +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dkp-kubecost-view +rules: + - nonResourceURLs: + - /dkp/kommander/kubecost + - /dkp/kommander/kubecost/* + verbs: + - get + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dkp-kubecost-edit +rules: + - nonResourceURLs: + - /dkp/kommander/kubecost + - /dkp/kommander/kubecost/* + verbs: + - get + - head + - post + - put +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dkp-kubecost-admin +rules: + - nonResourceURLs: + - /dkp/kommander/kubecost + - /dkp/kommander/kubecost/* + verbs: + - get + - head + - post + - put + - delete +--- diff --git a/services/nkp-insights/1.3.4/defaults/cm.yaml b/services/nkp-insights/1.3.4/defaults/cm.yaml index eb4b3e643b..33c605e019 100644 --- a/services/nkp-insights/1.3.4/defaults/cm.yaml +++ b/services/nkp-insights/1.3.4/defaults/cm.yaml @@ -59,7 +59,7 @@ data: groupKind: group: kustomize.toolkit.fluxcd.io kind: Kustomization - nameRegexp: ai-navigator-app|ai-navigator-cluster-info-agent|centralized-grafana|centralized-kubecost|cert-manager|chartmuseum|dex|dex-k8s-authenticator|external-dns|fluent-bit|gatekeeper|git-operator|grafana-logging|grafana-loki|istio|jaeger|karma|karma-traefik|kiali|knative|kommander|kommander-appmanagement|kommander-flux|kommander-ui|kube-oidc-proxy|kube-prometheus-stack|kubecost|kubecost-thanos-traefik|kubefed|kubernetes-dashboard|kubetunnel|logging-operator|nkp-insights|nkp-insights-management|nvidia-gpu-operator|project-grafana-logging|project-grafana-loki|project-logging|prometheus-adapter|prometheus-thanos-traefik|reloader|rook-ceph|rook-ceph-cluster|thanos|traefik|traefik-forward-auth|traefik-forward-auth-mgmt|velero|kafka-operator|zookeeper-operator + nameRegexp: ai-navigator-app|ai-navigator-cluster-info-agent|centralized-grafana|cert-manager|chartmuseum|dex|dex-k8s-authenticator|external-dns|fluent-bit|gatekeeper|git-operator|grafana-logging|grafana-loki|istio|jaeger|karma|karma-traefik|kiali|knative|kommander|kommander-appmanagement|kommander-flux|kommander-ui|kube-oidc-proxy|kube-prometheus-stack|kubecost|kubecost-thanos-traefik|kubefed|kubernetes-dashboard|kubetunnel|logging-operator|nkp-insights|nkp-insights-management|nvidia-gpu-operator|project-grafana-logging|project-grafana-loki|project-logging|prometheus-adapter|prometheus-thanos-traefik|reloader|rook-ceph|rook-ceph-cluster|thanos|traefik|traefik-forward-auth|traefik-forward-auth-mgmt|velero|kafka-operator|zookeeper-operator Kustomization-kommander-non-app: groupKind: group: kustomize.toolkit.fluxcd.io