diff --git a/.gitignore b/.gitignore index 4eff553..0e36cd1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,7 @@ .DS_Store _build +.vscode/ +.cr-release-packages/ +charts/cloudhealth-collector/charts/ +Chart.lock +*.tgz diff --git a/CODEOWNERS b/CODEOWNERS index 0cb82c0..2144184 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @CloudHealth/team-cheapsk8s +* @Cloudhealth/team-sudo diff --git a/NOTICE b/NOTICE index 79d82ee..b70c0fd 100644 --- a/NOTICE +++ b/NOTICE @@ -1,4 +1,4 @@ -Copyright 2021 VMware, Inc. +Copyright 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 2180eae..1b5cb19 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ - + # CloudHealth Kubernetes Collector Agent Helm Chart @@ -10,7 +10,7 @@ To avail this functionality, use this helm chart to deploy the collector agent i ```console $ helm repo add cloudhealth https://cloudhealth.github.io/helm/ -$ helm install cloudhealth-collector --set apiToken=,clusterName= cloudhealth/cloudhealth-collector +$ helm install cloudhealth-collector --set apiToken=,clusterName=,chtEndpointPrefix= cloudhealth/cloudhealth-collector ``` ## Getting Started @@ -25,18 +25,18 @@ Use the helm chart to deploy the CloudHealth Collector into each [Kubernetes](ht ## Installing the Chart -To install the chart with the release name `cloudhealth-collector`, run the following command: +To install the chart with the release name `cloudhealth-collector` in a particular namespace `` (create if it does not exist), run the following commands: ```console $ helm repo add cloudhealth https://cloudhealth.github.io/helm/ -$ helm install cloudhealth-collector --set apiToken=,clusterName= cloudhealth/cloudhealth-collector +$ helm install cloudhealth-collector -n --create-namespace --set apiToken=,clusterName=,chtEndpointPrefix= cloudhealth/cloudhealth-collector --debug ``` -To install the chart with the release name `cloudhealth-collector` in a particular namespace ``, run the following commands: +To install the chart with the release name `cloudhealth-collector` in `default` namespace, run the following command: ```console $ helm repo add cloudhealth https://cloudhealth.github.io/helm/ -$ helm install cloudhealth-collector -n --set apiToken=,clusterName= cloudhealth/cloudhealth-collector +$ helm install cloudhealth-collector --set apiToken=,clusterName=,chtEndpointPrefix= cloudhealth/cloudhealth-collector ``` The `apiToken` is required for `cloudhealth-collector` to work and should be either set while running helm install command as in the example above or in a secret object with the following data structure: @@ -69,21 +69,21 @@ $ helm repo remove cloudhealth ### Required parameters -| Name | Description | Value | -| ---------------- | -------------------------------------------------------- | -------- | -| `clusterName` | Name of the cluster to be shown on the CloudHealth UI | `""` | +| Name | Description | Value | +|---------------|-------------------------------------------------------| -------- | +| `clusterName` | Name of the cluster to be shown on the CloudHealth UI | `""` | ### Other parameters | Name | Description | Value | -| --------------------------- | ------------------------------------------------------------------------------------------------- | --------------------------------- | +|-----------------------------|---------------------------------------------------------------------------------------------------|-----------------------------------| | `apiToken` | Unique Customer API Token provided by CloudHealth | `""` | +| `chtEndpointPrefix` | CloudHealth Endpoint prefix provided by CloudHealth | `use1` | | `image.repository` | CloudHealth Collector image repository | `cloudhealth/container-collector` | -| `image.tag` | CloudHealth Collector image tag | `1203` | -| `image.pullPolicy` | CloudHealth Collector image pull policy | `IfNotPresent` | +| `image.tag` | CloudHealth Collector image tag | `1398` | +| `image.pullPolicy` | CloudHealth Collector image pull policy | `IfNotPresent` | | `image.pullSecrets` | CloudHealth Collector image pull secrets | `[]` | -| `replicaCount` | Number of CloudHealth Collector replicas to deploy | `1` | | `resources.limits.cpu` | The CPU limits for CloudHealth Collector containers | `1000m` | | `resources.requests.cpu` | The requested CPU for CloudHealth Collector containers | `500m` | | `resources.limits.memory` | The Memory limits for CloudHealth Collector containers | `1024Mi` | @@ -91,11 +91,10 @@ $ helm repo remove cloudhealth | `nameOverride` | String to override common.names.fullname | `""` | | `fullnameOverride` | String to fully override common.names.fullname | `""` | | `secretName` | Kubernetes secret name created to store CloudHealth API Token & Secret | `cloudhealth-config` | -| `service.type` | CloudHealth Collector UI Service Type | `ClusterIP` | -| `service.port` | CloudHealth Collector UI Service Type | `80` | | `podAnnotations` | Additional pod annotations | `{}` | | `podSecurityContext` | Enable security context for CloudHealth Collector pods | `{}` | | `securityContext` | Enable security context for CloudHealth Collector | `{}` | +| `hostNetwork` | Run collector pod on Host Network | `false` | | `affinity` | Affinity for pod assignment | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Tolerations for pod assignment | `[]` | @@ -106,7 +105,7 @@ $ helm repo remove cloudhealth Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, the following command sets the CloudHealth Collector API Token to `sample_token` and sets the cluster name to `mega-cluster`. ```console -$ helm install cloudhealth-collector --set apiToken=sample_token,clusterName=mega-cluster cloudhealth/cloudhealth-collector +$ helm install cloudhealth-collector --set apiToken=sample_token,clusterName=mega-cluster,chtEndpointPrefix=use1 cloudhealth/cloudhealth-collector ``` Example with `customEnvVars` @@ -120,7 +119,7 @@ You can also use YAML file to specify the parameters while installing the chart. $ helm install cloudhealth-collector -f values.yaml cloudhealth/cloudhealth-collector ``` -> **Tip**: You can use the default [values.yaml](cloudhealth-collector/values.yaml) +> **Tip**: You can use the default [values.yaml](charts/cloudhealth-collector/values.yaml) ## Troubleshooting diff --git a/cloudhealth-collector/.helmignore b/charts/cloudhealth-collector/.helmignore similarity index 92% rename from cloudhealth-collector/.helmignore rename to charts/cloudhealth-collector/.helmignore index 8fb5a9d..4703de0 100644 --- a/cloudhealth-collector/.helmignore +++ b/charts/cloudhealth-collector/.helmignore @@ -1,4 +1,4 @@ -# Copyright 2021 VMware, Inc. +# Copyright 2023 VMware, Inc. # SPDX-License-Identifier: Apache-2.0 # Patterns to ignore when building packages. diff --git a/cloudhealth-collector/Chart.yaml b/charts/cloudhealth-collector/Chart.yaml similarity index 58% rename from cloudhealth-collector/Chart.yaml rename to charts/cloudhealth-collector/Chart.yaml index 110bf64..709ebf8 100644 --- a/cloudhealth-collector/Chart.yaml +++ b/charts/cloudhealth-collector/Chart.yaml @@ -1,15 +1,18 @@ -# Copyright 2021 VMware, Inc. +# Copyright 2023 VMware, Inc. # SPDX-License-Identifier: Apache-2.0 apiVersion: v2 name: cloudhealth-collector description: A Helm chart for CloudHealth's Kubernetes Collector Agent type: application -version: 2.0.9 -appVersion: "3.2.5" +version: 4.6.5 +appVersion: "7.2.0" home: https://cloudhealth.vmware.com/ +icon: https://d1fto35gcfffzn.cloudfront.net/images/Tanzu-Logomark.svg sources: - https://github.com/CloudHealth/helm maintainers: - name: CloudHealth Team - email: cht-core-containers@groups.vmware.com + email: cht-core-containers.pdl@broadcom.com +annotations: + category: Cost diff --git a/charts/cloudhealth-collector/NOTES.txt b/charts/cloudhealth-collector/NOTES.txt new file mode 100644 index 0000000..226952e --- /dev/null +++ b/charts/cloudhealth-collector/NOTES.txt @@ -0,0 +1,33 @@ +Some commands for developers to work with: + +helm repo add cloudhealth https://cloudhealth.github.io/helm/ + + +To dry-run the helm chart: + +helm install cloudhealth-collector --debug --dry-run --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX cloudhealth/cloudhealth-collector + + +To install helm for local collection dev testing: + +helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX --set devArgs="\['upload_k8s_state_v4'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector + +helm upgrade cloudhealth-collector -n dmz --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX --set devArgs="\['upload_k8s_state_v4'\,'--verbose'\]" cloudhealth/cloudhealth-collector + +helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX,image.repository=cloudhealth/container-collector-dev cloudhealth/cloudhealth-collector + + +helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX,image.repository=latest-libs,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v4'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector + +helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX,image.repository=metrics-collector-1,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v4'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector +helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX,image.repository=latest-libs-1,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v4'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector + + +--set "customEnvVars[0].name=ENV4" --set "customEnvVars[0].value=VALUE4" + +upload_k8s_state_v4 --verbose --endpoint http://:9292 + + +helm install cloudhealth-collector --debug --dry-run --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX,image.repository=latest-libs-06-13-3,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v4'\,'--verbose'\,'--endpoint'\,'http://:9292'\]",podSecurityContext.fsGroup=2000,containerSecurityContext.readOnlyRootFilesystem=true,containerSecurityContext.runAsNonRoot=true,containerSecurityContext.runAsUser=1000,containerSecurityContext.capabilities.drop={ALL} ./cloudhealth-collector-1.1.3.tgz + +helm install cloudhealth-collector --debug --dry-run --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,chtEndpointPrefix=$CHT_ENDPOINT_PREFIX,image.repository=latest-libs-06-13-3,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v4'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" --set "customEnvVars[0].name=ENV4" --set "customEnvVars[0].value=VALUE4" --set serviceAccount.name=sample_service_account ./cloudhealth-collector-1.1.2.tgz diff --git a/cloudhealth-collector/templates/_helpers.tpl b/charts/cloudhealth-collector/templates/_helpers.tpl similarity index 98% rename from cloudhealth-collector/templates/_helpers.tpl rename to charts/cloudhealth-collector/templates/_helpers.tpl index dbc235d..2aa284c 100644 --- a/cloudhealth-collector/templates/_helpers.tpl +++ b/charts/cloudhealth-collector/templates/_helpers.tpl @@ -1,4 +1,4 @@ -{{/* Copyright 2021 VMware, Inc. */}} +{{/* Copyright 2023 VMware, Inc. */}} {{/* SPDX-License-Identifier: Apache-2.0 */}} {{/* diff --git a/cloudhealth-collector/templates/clusterrole.yaml b/charts/cloudhealth-collector/templates/clusterrole.yaml similarity index 77% rename from cloudhealth-collector/templates/clusterrole.yaml rename to charts/cloudhealth-collector/templates/clusterrole.yaml index b4763fb..ab57d95 100644 --- a/cloudhealth-collector/templates/clusterrole.yaml +++ b/charts/cloudhealth-collector/templates/clusterrole.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright 2021 VMware, Inc. +Copyright 2023 VMware, Inc. SPDX-License-Identifier: Apache-2.0 */}} @@ -11,7 +11,7 @@ metadata: {{- include "cloudhealth-collector.labels" . | nindent 4 }} rules: - apiGroups: [""] - resources: ["pods", "nodes", "namespaces", "services", "resourcequotas", "limitranges"] + resources: ["pods", "nodes", "namespaces", "services", "resourcequotas", "limitranges", "persistentvolumes", "persistentvolumeclaims"] verbs: ["get", "list"] - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] @@ -22,3 +22,6 @@ rules: - apiGroups: ["batch"] resources: ["cronjobs", "jobs"] verbs: ["get", "list"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list"] diff --git a/cloudhealth-collector/templates/clusterrolebinding.yaml b/charts/cloudhealth-collector/templates/clusterrolebinding.yaml similarity index 88% rename from cloudhealth-collector/templates/clusterrolebinding.yaml rename to charts/cloudhealth-collector/templates/clusterrolebinding.yaml index bee5836..d83d1d7 100644 --- a/cloudhealth-collector/templates/clusterrolebinding.yaml +++ b/charts/cloudhealth-collector/templates/clusterrolebinding.yaml @@ -1,9 +1,8 @@ {{- /* -Copyright 2021 VMware, Inc. +Copyright 2023 VMware, Inc. SPDX-License-Identifier: Apache-2.0 */}} -{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -18,4 +17,3 @@ roleRef: kind: ClusterRole name: {{ include "cloudhealth-collector.fullname" . }} apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/cloudhealth-collector/templates/deployment.yaml b/charts/cloudhealth-collector/templates/deployment.yaml similarity index 56% rename from cloudhealth-collector/templates/deployment.yaml rename to charts/cloudhealth-collector/templates/deployment.yaml index df6ccf4..90e61f2 100644 --- a/cloudhealth-collector/templates/deployment.yaml +++ b/charts/cloudhealth-collector/templates/deployment.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright 2021 VMware, Inc. +Copyright 2023 VMware, Inc. SPDX-License-Identifier: Apache-2.0 */}} @@ -9,10 +9,12 @@ metadata: name: {{ include "cloudhealth-collector.fullname" . }} labels: {{- include "cloudhealth-collector.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} + {{- with .Values.deployAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} {{- end }} +spec: + replicas: 1 selector: matchLabels: {{- include "cloudhealth-collector.selectorLabels" . | nindent 6 }} @@ -26,8 +28,30 @@ spec: {{- include "cloudhealth-collector.labels" . | nindent 8 }} spec: serviceAccountName: {{ include "cloudhealth-collector.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: {{- toYaml . | nindent 8 }} + {{- with .Values.podSecurityContext }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: {{ .Values.priorityClassName }} + hostNetwork: {{ .Values.hostNetwork }} + {{- if .Values.proxy.sslCert }} + initContainers: + - name: "{{ .Chart.Name }}-pem-to-truststore" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + env: + - name: ca_bundle + value: {{ .Values.proxy.caBundlePath }} + - name: truststore_jks + value: {{ .Values.proxy.truststorePath }} + - name: truststore_pwd + valueFrom: + secretKeyRef: + name: {{ include "cloudhealth-collector.secretName" . }} + key: certPassword + command: ['/bin/bash'] + args: ['-c', "csplit -z -f crt- $ca_bundle '/-----BEGIN CERTIFICATE-----/' '{*}' && for file in crt-*; do keytool -import -noprompt -keystore $truststore_jks -file $file -storepass $truststore_pwd -alias service-$file; done"] + volumeMounts: + - name: truststore-volume + mountPath: /etc/ssl/certs {{- end }} containers: - name: {{ .Chart.Name }} @@ -44,13 +68,13 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.liveness.failureThreshold }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- with .Values.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} + {{- with .Values.containerSecurityContext }} + securityContext: {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }} - volumeMounts: - - mountPath: /tmp - name: tmpfs + volumeMounts: + - mountPath: /tmp + name: tmpfs {{- end }} env: - name: CHT_API_TOKEN @@ -60,27 +84,33 @@ spec: key: apiToken - name: CHT_CLUSTER_NAME value: {{.Values.clusterName | required "A valid clusterName required!" | quote }} + - name: CHT_ENDPOINT_PREFIX + value: {{.Values.chtEndpointPrefix | default "use1" }} - name: CHT_INTERVAL value: {{ .Values.collectionIntervalSecs | quote }} - name: CHT_JVM_MEM value: {{ .Values.jvmMemory }} + {{- if .Values.proxy.sslCert }} + - name: JAVA_OPTS + value: {{ .Values.proxy.params }} + {{- end }} {{- range .Values.customEnvVars}} - name: {{ .name }} value: {{ .value }} {{- end }} args: {{ .Values.devArgs }} - {{- with .Values.nodeSelector }} # Modify /etc/resolv.conf ndots {{ if .Values.dnsConfig }} - dnsConfig: + dnsConfig: {{- if .Values.dnsConfig.ndots }} - options: - - name: ndots - value: {{ .Values.dnsConfig.ndots | quote}} + options: + - name: ndots + value: {{ .Values.dnsConfig.ndots | quote}} {{- end }} {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} @@ -92,8 +122,13 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }} - volumes: - - name: tmpfs - emptyDir: {} + {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }} + volumes: + - name: tmpfs + emptyDir: + sizeLimit: 500Mi + {{- if .Values.proxy.sslCert }} + - name: truststore-volume + emptyDir: {} + {{- end }} {{- end }} diff --git a/cloudhealth-collector/templates/secrets.yaml b/charts/cloudhealth-collector/templates/secrets.yaml similarity index 71% rename from cloudhealth-collector/templates/secrets.yaml rename to charts/cloudhealth-collector/templates/secrets.yaml index 8628162..9d2a832 100644 --- a/cloudhealth-collector/templates/secrets.yaml +++ b/charts/cloudhealth-collector/templates/secrets.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright 2021 VMware, Inc. +Copyright 2023 VMware, Inc. SPDX-License-Identifier: Apache-2.0 */}} @@ -13,4 +13,7 @@ metadata: type: Opaque data: apiToken: {{ .Values.apiToken | b64enc | quote }} + {{- if .Values.proxy.sslCert }} + certPassword: {{ .Values.proxy.certPassword | quote }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/cloudhealth-collector/templates/serviceaccount.yaml b/charts/cloudhealth-collector/templates/serviceaccount.yaml similarity index 95% rename from cloudhealth-collector/templates/serviceaccount.yaml rename to charts/cloudhealth-collector/templates/serviceaccount.yaml index fa4c17c..6b6b17f 100644 --- a/cloudhealth-collector/templates/serviceaccount.yaml +++ b/charts/cloudhealth-collector/templates/serviceaccount.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright 2021 VMware, Inc. +Copyright 2023 VMware, Inc. SPDX-License-Identifier: Apache-2.0 */}} diff --git a/charts/cloudhealth-collector/values.schema.json b/charts/cloudhealth-collector/values.schema.json new file mode 100644 index 0000000..c16aedd --- /dev/null +++ b/charts/cloudhealth-collector/values.schema.json @@ -0,0 +1,180 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "required": [ + "clusterName", + "chtEndpointPrefix", + "collectionIntervalSecs", + "jvmMemory", + "image", + "secretName", + "serviceAccount", + "podSecurityContext", + "containerSecurityContext", + "resources", + "liveness", + "devArgs" + ], + "properties": { + "apiToken": { + "anyOf": [{ + "type": "null" + }, { + "type": "string", + "pattern": "^(.{6,48}|)$" + } + ] + }, + "clusterName": { + "type": "string", + "pattern": "^.{1,255}$" + }, + "chtEndpointPrefix": { + "type": "string", + "pattern": "^(use1|preprod.test)$" + }, + "collectionIntervalSecs": { + "type": "integer", + "minimum": 900 + }, + "jvmMemory": { + "type": "string" + }, + "image": { + "type": "object", + "required": [ + "repository", + "tag" + ], + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "secretName": { + "type": "string" + }, + "serviceAccount": { + "type": "object", + "required": [ + "create" + ], + "properties": { + "create": { + "type": "boolean" + } + } + }, + "podSecurityContext": { + "type": "object", + "required": [ + "runAsNonRoot" + ], + "properties": { + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "containerSecurityContext": { + "type": "object", + "required": [ + "allowPrivilegeEscalation", + "readOnlyRootFilesystem", + "runAsNonRoot", + "capabilities" + ], + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "default": {}, + "required": [ + "drop" + ], + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + }, + "resources": { + "type": "object", + "required": [ + "limits", + "requests" + ], + "properties": { + "limits": { + "type": "object", + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "liveness": { + "type": "object", + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "initialDelaySeconds": { + "type": "integer" + }, + "failureThreshold": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "devArgs": { + "type": "string" + } + } +} diff --git a/cloudhealth-collector/values.yaml b/charts/cloudhealth-collector/values.yaml similarity index 59% rename from cloudhealth-collector/values.yaml rename to charts/cloudhealth-collector/values.yaml index 22e92a0..fe8bc88 100644 --- a/cloudhealth-collector/values.yaml +++ b/charts/cloudhealth-collector/values.yaml @@ -1,16 +1,19 @@ -# Copyright 2021 VMware, Inc. +# Copyright 2023 VMware, Inc. # SPDX-License-Identifier: Apache-2.0 # Default values for cloudhealth-collector. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 - -# Required values, to be specified per deployment: +# Set to automatically create secret, or create a secret with the name specified by the 'secretName' parameter apiToken: "" + +# Required value, to be uniquely specified per deployment: clusterName: "" +# default cloudhealth endpoint prefix +chtEndpointPrefix: use1 + # The remaining are default values collectionIntervalSecs: 900 @@ -24,7 +27,7 @@ jvmMemory: "-Xmx891M" image: repository: cloudhealth/container-collector - tag: "1308" + tag: "1498" imagePullSecrets: [] nameOverride: "" @@ -41,25 +44,36 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +# Sets pod's priorityClassName +priorityClassName: "" + # Custom labels to add to all resources created by this chart customLabels: {} +deployAnnotations: {} + podAnnotations: {} -podSecurityContext: { +podSecurityContext: runAsNonRoot: true -} -containerSecurityContext: { - allowPrivilegeEscalation: false, - readOnlyRootFilesystem: true, - runAsNonRoot: true, - capabilities: {drop: [all]} -} +containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: [all] + +# -- Run the collector on the host network +hostNetwork: false -service: - type: ClusterIP - port: 80 +proxy: + sslCert: false + #-Dhttps.proxyHost=$PROXY_SERVER -Dhttps.proxyPort=$PROXY_PORT -Dhttps.nonProxyHosts=kubernetes.default.svc -Djavax.net.ssl.trustStore=/etc/ssl/certs/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit + params: "" + certPassword: "" + caBundlePath: "/etc/ssl/certs/bundle.pem" + truststorePath: "/etc/ssl/certs/truststore.jks" resources: limits: @@ -74,25 +88,13 @@ liveness: failureThreshold: 3 periodSeconds: 300 -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - nodeSelector: {} tolerations: [] affinity: {} -# Role-based Access Control -rbac: - # Specifies whether RBAC resources should be created - create: true - devArgs: | - ['upload_k8s_state_v3', '--verbose'] + ['upload_k8s_state_v4', '--verbose'] customEnvVars: [] diff --git a/cloudhealth-collector-image-docs/CHANGELOG.md b/cloudhealth-collector-image-docs/CHANGELOG.md index 67546f5..05e0129 100644 --- a/cloudhealth-collector-image-docs/CHANGELOG.md +++ b/cloudhealth-collector-image-docs/CHANGELOG.md @@ -5,9 +5,129 @@ All notable changes for each upgraded tag of the CloudHealth Container Collector The agent has been verified against: [Kubernetes Versions ≥ 1.12](https://kubernetes.io/releases/)
-[Kubernetes Versions ≤ 1.26](https://kubernetes.io/releases/)
+[Kubernetes Versions ≤ 1.29](https://kubernetes.io/releases/)
[OC Version ≥ 4.1](https://docs.openshift.com/container-platform) +All versions before June 20, 2022 (Version: 1191) have been deprecated. + +## [1498] - 2024-10-28 + +### Security + +* Vulnerabilities patched: + * [CVE-2024-6197](https://avd.aquasec.com/nvd/cve-2024-6197) + * [CVE-2024-7264](https://avd.aquasec.com/nvd/cve-2024-7264) + * [CVE-2024-6197](https://avd.aquasec.com/nvd/cve-2024-6197) + * [CVE-2024-7264](https://avd.aquasec.com/nvd/cve-2024-7264) + * [CVE-2024-45491](https://avd.aquasec.com/nvd/cve-2024-45491) + * [CVE-2024-45492](https://avd.aquasec.com/nvd/cve-2024-45492) + * [CVE-2024-45490](https://avd.aquasec.com/nvd/cve-2024-45490) + * [CVE-2024-45491](https://avd.aquasec.com/nvd/cve-2024-45491) + * [CVE-2024-45492](https://avd.aquasec.com/nvd/cve-2024-45492) + * [CVE-2024-45490](https://avd.aquasec.com/nvd/cve-2024-45490) + * [CVE-2024-37371](https://avd.aquasec.com/nvd/cve-2024-37371) + * [CVE-2024-37370](https://avd.aquasec.com/nvd/cve-2024-37370) + * [CVE-2024-0743](https://avd.aquasec.com/nvd/cve-2024-0743) + * [CVE-2023-27043](https://avd.aquasec.com/nvd/cve-2023-27043) + * [CVE-2024-6923](https://avd.aquasec.com/nvd/cve-2024-6923) + * [CVE-2024-4032](https://avd.aquasec.com/nvd/cve-2024-4032) + * [CVE-2023-27043](https://avd.aquasec.com/nvd/cve-2023-27043) + * [CVE-2024-6923](https://avd.aquasec.com/nvd/cve-2024-6923) + * [CVE-2024-4032](https://avd.aquasec.com/nvd/cve-2024-4032) + * [CVE-2024-47554](https://avd.aquasec.com/nvd/cve-2024-47554) + +## [1481] - 2024-07-19 + +### Security + +* Vulnerabilities patched: + * [CVE-2023-5388](https://avd.aquasec.com/nvd/cve-2023-5388) + * [CVE-2023-46218](https://avd.aquasec.com/nvd/cve-2023-46218) + * [CVE-2023-46219](https://avd.aquasec.com/nvd/cve-2023-46219) + * [CVE-2024-2004](https://avd.aquasec.com/nvd/cve-2024-2004) + * [CVE-2024-2398](https://avd.aquasec.com/nvd/cve-2024-2398) + * [CVE-2024-2511](https://avd.aquasec.com/nvd/cve-2024-2511) + * [CVE-2024-2961](https://avd.aquasec.com/nvd/cve-2024-2961) + * [CVE-2024-4741](https://avd.aquasec.com/nvd/cve-2024-4741) + * [CVE-2024-5535](https://avd.aquasec.com/nvd/cve-2024-5535) + * [CVE-2024-26256](https://avd.aquasec.com/nvd/cve-2024-26256) + * [CVE-2024-26458](https://avd.aquasec.com/nvd/cve-2024-26458) + * [CVE-2024-26461](https://avd.aquasec.com/nvd/cve-2024-26461) + * [CVE-2024-26462](https://avd.aquasec.com/nvd/cve-2024-26462) + * [CVE-2024-28085](https://avd.aquasec.com/nvd/cve-2024-28085) + * [CVE-2024-28757](https://avd.aquasec.com/nvd/cve-2024-28757) + * [CVE-2024-28834](https://avd.aquasec.com/nvd/cve-2024-28834) + * [CVE-2024-28835](https://avd.aquasec.com/nvd/cve-2024-28835) + * [CVE-2024-29857](https://avd.aquasec.com/nvd/cve-2024-29857) + * [CVE-2024-30171](https://avd.aquasec.com/nvd/cve-2024-30171) + * [CVE-2024-30172](https://avd.aquasec.com/nvd/cve-2024-30172) + * [CVE-2024-33599](https://avd.aquasec.com/nvd/cve-2024-33599) + * [CVE-2024-33600](https://avd.aquasec.com/nvd/cve-2024-33600) + * [CVE-2024-33601](https://avd.aquasec.com/nvd/cve-2024-33601) + * [CVE-2024-33602](https://avd.aquasec.com/nvd/cve-2024-33602) + * [CVE-2024-34397](https://avd.aquasec.com/nvd/cve-2024-34397) + * [CVE-2024-34447](https://avd.aquasec.com/nvd/cve-2024-34447) + +## [1458] - 2024-03-11 + +### Added + +* PersistentVolumes, PersistentVolumeClaims, Ingress and Service collected to prepare for comprehensive Kubernetes Cost Calculation + +### Security + +* Vulnerabilities patched: + * [CVE-2023-0767](https://avd.aquasec.com/nvd/cve-2023-0767) + * [CVE-2023-3320](https://avd.aquasec.com/nvd/cve-2023-3320) + * [CVE-2023-4641](https://avd.aquasec.com/nvd/cve-2023-4641) + * [CVE-2023-5981](https://avd.aquasec.com/nvd/cve-2023-5981) + * [CVE-2023-6246](https://avd.aquasec.com/nvd/cve-2023-6246) + * [CVE-2023-6779](https://avd.aquasec.com/nvd/cve-2023-6779) + * [CVE-2023-6780](https://avd.aquasec.com/nvd/cve-2023-6780) + * [CVE-2023-7104](https://avd.aquasec.com/nvd/cve-2023-7104) + * [CVE-2023-29383](https://avd.aquasec.com/nvd/cve-2023-29383) + * [CVE-2023-33201](https://avd.aquasec.com/nvd/cve-2023-33201) + * [CVE-2023-33202](https://avd.aquasec.com/nvd/cve-2023-33202) + * [CVE-2023-48795](https://avd.aquasec.com/nvd/cve-2023-48795) + * [CVE-2023-52425](https://avd.aquasec.com/nvd/cve-2023-52425) + * [CVE-2023-52426](https://avd.aquasec.com/nvd/cve-2023-52426) + * [CVE-2024-0553](https://avd.aquasec.com/nvd/cve-2024-0553) + * [CVE-2024-0567](https://avd.aquasec.com/nvd/cve-2024-0567) + * [CVE-2024-0727](https://avd.aquasec.com/nvd/cve-2024-0727) + * [CVE-2024-22365](https://avd.aquasec.com/nvd/cve-2024-22365) + +## [1423] - 2023-12-14 + +### Added + +* The collector docker image now supports the "endpoint prefix" environment variable as a replacement for the "region" +environment variable. This variable should be set to the endpoint prefix provided by CloudHealth. + + +## [1405] - 2023-11-06 + +### Added + +* The collector docker image now contains more debugging logs for setting the new "region" environment variable. + +## [1398] - 2023-10-18 + +### Added + +* The collector docker image now supports the "region" environment variable. This variable should be set to the region provided by CloudHealth corresponding to the CloudHealth region where your VMware Tanzu CloudHealth account is onboarded. + +## [1360] - 2023-07-19 + +### Added + +* The collector docker image now supports collecting the UID and kubernetes agent version. + +## [1325] - 2023-05-18 + +### Changed + +* Updated base image for the CloudHealth Container Collector image to [Photon v.5](https://hub.docker.com/_/photon) + ## [1308] - 2023-02-22 ### Security diff --git a/cloudhealth-collector/NOTES.txt b/cloudhealth-collector/NOTES.txt deleted file mode 100644 index dfa0ea9..0000000 --- a/cloudhealth-collector/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -Some commands for developers to work with: - -helm repo add cloudhealth https://cloudhealth.github.io/helm/ - - -To dry-run the helm chart: - -helm install cloudhealth-collector --debug --dry-run --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME cloudhealth/cloudhealth-collector - - -To install helm for local collection dev testing: - -helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME --set devArgs="\['upload_k8s_state_v2'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector - -helm upgrade cloudhealth-collector -n dmz --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME --set devArgs="\['upload_k8s_state_v2'\,'--verbose'\]" cloudhealth/cloudhealth-collector - -helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,image.repository=cloudhealth/container-collector-dev cloudhealth/cloudhealth-collector - - -helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,image.repository=latest-libs,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v2'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector - -helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,image.repository=metrics-collector-1,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v2'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector -helm install cloudhealth-collector --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,image.repository=latest-libs-1,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v2'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" cloudhealth/cloudhealth-collector - - ---set "customEnvVars[0].name=ENV4" --set "customEnvVars[0].value=VALUE4" - -upload_k8s_state_v2 --verbose --endpoint http://:9292 - - -helm install cloudhealth-collector --debug --dry-run --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,image.repository=latest-libs-06-13-3,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v2'\,'--verbose'\,'--endpoint'\,'http://:9292'\]",podSecurityContext.fsGroup=2000,containerSecurityContext.readOnlyRootFilesystem=true,containerSecurityContext.runAsNonRoot=true,containerSecurityContext.runAsUser=1000,containerSecurityContext.capabilities.drop={ALL} ./cloudhealth-collector-1.1.3.tgz - -helm install cloudhealth-collector --debug --dry-run --set apiToken=$CHT_API_TOKEN,clusterName=$CHT_CLUSTER_NAME,image.repository=latest-libs-06-13-3,image.pullPolicy=Never --set devArgs="\['upload_k8s_state_v2'\,'--verbose'\,'--endpoint'\,'http://:9292'\]" --set "customEnvVars[0].name=ENV4" --set "customEnvVars[0].value=VALUE4" --set serviceAccount.name=sample_service_account ./cloudhealth-collector-1.1.2.tgz diff --git a/cloudhealth-collector/templates/hpa.yaml b/cloudhealth-collector/templates/hpa.yaml deleted file mode 100644 index 621c243..0000000 --- a/cloudhealth-collector/templates/hpa.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- /* -Copyright 2021 VMware, Inc. -SPDX-License-Identifier: Apache-2.0 -*/}} - -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "cloudhealth-collector.fullname" . }} - labels: - {{- include "cloudhealth-collector.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "cloudhealth-collector.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/release.sh b/release.sh deleted file mode 100755 index 076945d..0000000 --- a/release.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -function print_usage_and_exit() { - echo "Failure: $1" - echo "Usage: $0 CHART_NAME" - echo "Example: $0 cloudhealth-collector" - exit 1 -} - -CHART_NAME=$1 -if [[ -z $CHART_NAME ]] ; then - print_usage_and_exit "Chart name is required" -fi - -helm_path=`which helm` -if [[ -z helm_path ]] ; then - echo "Failure: helm not found" - exit 1 -fi - -# initialize build variables -BUILD_URL="https://cloudhealth.github.io/helm/" -BUILD_DIR="." -INDEX_FILE=${BUILD_DIR}/index.yaml - -# create new tgz -echo "creating new ${CHART_NAME} helm package" -helm package -d ${BUILD_DIR} ./${CHART_NAME} - -if [[ "$?" -ne "0" ]] ; then - echo "Failure: error creating helm package" - exit 1 -fi - -echo "generating updated index.yaml" -helm repo index --merge "${INDEX_FILE}" ${BUILD_DIR} --url ${BUILD_URL} - -echo "Complete. new index and package files can be found under ${BUILD_DIR}" -echo "Run: 'git checkout CloudHealth/helm && cp ${BUILD_DIR}/* .' and commit to update the helm chart"