From 924638c672e271b9e2a0e8a0328ae89b43e9db37 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 13 Oct 2023 15:19:26 +0200 Subject: [PATCH 01/21] first iteration of the super agent chart --- charts/super-agent-deployment/.helmignore | 23 ++++ charts/super-agent-deployment/Chart.lock | 6 + charts/super-agent-deployment/Chart.yaml | 28 +++++ charts/super-agent-deployment/README.md | 86 ++++++++++++++ .../super-agent-deployment/README.md.gotmpl | 62 ++++++++++ .../ci/test-values.yaml | 3 + .../templates/_service.yaml | 19 +++ .../templates/deployment-superagent.yaml | 94 +++++++++++++++ .../templates/secret-license.yaml | 2 + .../templates/serviceaccount.yaml | 13 ++ charts/super-agent-deployment/tests/TODO.yaml | 1 + charts/super-agent-deployment/values.yaml | 111 ++++++++++++++++++ 12 files changed, 448 insertions(+) create mode 100644 charts/super-agent-deployment/.helmignore create mode 100644 charts/super-agent-deployment/Chart.lock create mode 100644 charts/super-agent-deployment/Chart.yaml create mode 100644 charts/super-agent-deployment/README.md create mode 100644 charts/super-agent-deployment/README.md.gotmpl create mode 100644 charts/super-agent-deployment/ci/test-values.yaml create mode 100644 charts/super-agent-deployment/templates/_service.yaml create mode 100644 charts/super-agent-deployment/templates/deployment-superagent.yaml create mode 100644 charts/super-agent-deployment/templates/secret-license.yaml create mode 100644 charts/super-agent-deployment/templates/serviceaccount.yaml create mode 100644 charts/super-agent-deployment/tests/TODO.yaml create mode 100644 charts/super-agent-deployment/values.yaml diff --git a/charts/super-agent-deployment/.helmignore b/charts/super-agent-deployment/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/super-agent-deployment/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/super-agent-deployment/Chart.lock b/charts/super-agent-deployment/Chart.lock new file mode 100644 index 000000000..c3fe086fa --- /dev/null +++ b/charts/super-agent-deployment/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common-library + repository: https://helm-charts.newrelic.com + version: 1.1.1 +digest: sha256:3c9053021f3c22aa3cdfc6781d3498bcbedb0b973af9121b1722469744fb5162 +generated: "2023-10-13T15:08:34.076909+02:00" diff --git a/charts/super-agent-deployment/Chart.yaml b/charts/super-agent-deployment/Chart.yaml new file mode 100644 index 000000000..d7283660f --- /dev/null +++ b/charts/super-agent-deployment/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: super-agent-deployment +description: A Helm chart to install New Relic Super agent on Kubernetes + +type: application +version: 0.0.0-beta +appVersion: TODO-FILL-THIS-WITH-CI + +dependencies: + - name: common-library + version: 1.1.1 + repository: https://helm-charts.newrelic.com + +keywords: + - newrelic + - super-agent + +maintainers: + - name: sigilioso + url: https://github.com/sigilioso + - name: gsanchezgavier + url: https://github.com/gsanchezgavier + - name: kang-makes + url: https://github.com/kang-makes + - name: marcsanmi + url: https://github.com/marcsanmi + - name: paologallinaharbur + url: https://github.com/paologallinaharbur diff --git a/charts/super-agent-deployment/README.md b/charts/super-agent-deployment/README.md new file mode 100644 index 000000000..3f8029e52 --- /dev/null +++ b/charts/super-agent-deployment/README.md @@ -0,0 +1,86 @@ +[![Community Plus header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Plus.png)](https://opensource.newrelic.com/oss-category/#community-plus) + +# super-agent-deployment + +![Version: 0.0.0-beta](https://img.shields.io/badge/Version-0.0.0--beta-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: TODO-FILL-THIS-WITH-CI](https://img.shields.io/badge/AppVersion-TODO--FILL--THIS--WITH--CI-informational?style=flat-square) + +A Helm chart to install New Relic Super agent on Kubernetes + +# Helm installation + +You can install this chart using directly this Helm repository: + +```shell +helm repo add newrelic https://newrelic.github.io/helm-charts +helm upgrade --install newrelic/CHART-TEMPLATE -f your-custom-values.yaml +``` + +## Values managed globally + +This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which +means that it honors a wide range of defaults and globals common to most New Relic Helm charts. + +Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at +[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md). + +## Chart particularities + +> **TODO:** Here is where you should add particularities for this chart like what does the chart do with the privileged and +low data modes or any other quirk that it could have. + +### TODOs +There are values that should be planned at some point of removed from the `values.yaml`. I leave them here documented +as TODO: + * `licenseKey`: comes from the common library but it would not be needed as it is an ingestion API Key, not a REST one. + * `rbac`: the is a placeholder for RBAC that simply list pods. this has to be narrowed to the use case of this agent. + * `customAttributes`: decorate everything with this custom attributes, maybe as they come from opamp. + * `proxy`, `nrStaging` and `fedramp` support on the meta agent. This could be made from the chart itself changing the opamp endpoint. + * `verboseLog`: legacy toggle to enable verbosity. + +Other TODOs: + * Add probes for liveness and readiness. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Sets pod/node affinities. Can be configured also with `global.affinity` | +| cluster | string | `""` | Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. | +| config | object | See `values.yaml` | It holds the New Relic Prometheus configuration. Here you can easily set up Prometheus to get set metrics, discover ponds and endpoints Kubernetes and send metrics to New Relic using remote-write. | +| containerSecurityContext | object | `{}` | Sets security context (at container level). Can be configured also with `global.containerSecurityContext` | +| customAttributes | object | `{}` | Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` | +| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | +| customSecretName | string | `""` | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | +| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | +| extraVolumeMounts | list | `[]` | Defines where to mount volumes specified with `extraVolumes` | +| extraVolumes | list | `[]` | Volumes to mount in the containers | +| fedramp.enabled | bool | `false` | Enables FedRAMP. Can be configured also with `global.fedramp.enabled` | +| fullnameOverride | string | `""` | Override the full name of the release | +| hostNetwork | bool | `false` | Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` | +| image | object | See `values.yaml` | Image for the New Relic Super Agent | +| image.pullSecrets | list | `[]` | The secrets that are needed to pull images from a custom registry. | +| labels | object | `{}` | Additional labels for chart objects. Can be configured also with `global.labels` | +| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` | +| nameOverride | string | `""` | Override the name of the chart | +| nodeSelector | object | `{}` | Sets pod's node selector. Can be configured also with `global.nodeSelector` | +| nrStaging | bool | `false` | Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` | +| podAnnotations | object | `{}` | Annotations to be added to all pods created by the integration. | +| podLabels | object | `{}` | Additional labels for chart pods. Can be configured also with `global.podLabels` | +| podSecurityContext | object | `{}` | Sets security context (at pod level). Can be configured also with `global.podSecurityContext` | +| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` | +| proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` | +| rbac.create | bool | `true` | Whether the chart should automatically create the RBAC objects required to run. | +| resources | object | `{}` | Resource limits to be added to all pods created by the integration. | +| service | object | See `values.yaml` | Service that points to the super agent. | +| serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation. | +| serviceAccount.create | bool | `true` | Whether the chart should automatically create the ServiceAccount objects required to run. | +| tolerations | list | `[]` | Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` | +| verboseLog | bool | `false` | Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` | + +## Maintainers + +* [sigilioso](https://github.com/sigilioso) +* [gsanchezgavier](https://github.com/gsanchezgavier) +* [kang-makes](https://github.com/kang-makes) +* [marcsanmi](https://github.com/marcsanmi) +* [paologallinaharbur](https://github.com/paologallinaharbur) diff --git a/charts/super-agent-deployment/README.md.gotmpl b/charts/super-agent-deployment/README.md.gotmpl new file mode 100644 index 000000000..3a54519aa --- /dev/null +++ b/charts/super-agent-deployment/README.md.gotmpl @@ -0,0 +1,62 @@ +[![Community Plus header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Plus.png)](https://opensource.newrelic.com/oss-category/#community-plus) + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +# Helm installation + +You can install this chart using directly this Helm repository: + +```shell +helm repo add newrelic https://newrelic.github.io/helm-charts +helm upgrade --install newrelic/CHART-TEMPLATE -f your-custom-values.yaml +``` + +{{ template "chart.sourcesSection" . }} + +## Values managed globally + +This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which +means that it honors a wide range of defaults and globals common to most New Relic Helm charts. + +Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at +[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md). + +## Chart particularities + +> **TODO:** Here is where you should add particularities for this chart like what does the chart do with the privileged and +low data modes or any other quirk that it could have. + +### TODOs +There are values that should be planned at some point of removed from the `values.yaml`. I leave them here documented +as TODO: + * `licenseKey`: comes from the common library but it would not be needed as it is an ingestion API Key, not a REST one. + * `rbac`: the is a placeholder for RBAC that simply list pods. this has to be narrowed to the use case of this agent. + * `customAttributes`: decorate everything with this custom attributes, maybe as they come from opamp. + * `proxy`, `nrStaging` and `fedramp` support on the meta agent. This could be made from the chart itself changing the opamp endpoint. + * `verboseLog`: legacy toggle to enable verbosity. + +Other TODOs: + * Add probes for liveness and readiness. + * See if a service is needed or not. Enable it or delete the file. + +{{ template "chart.valuesSection" . }} + +{{ if .Maintainers }} +## Maintainers +{{ range .Maintainers }} +{{- if .Name }} +{{- if .Url }} +* [{{ .Name }}]({{ .Url }}) +{{- else }} +* {{ .Name }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/super-agent-deployment/ci/test-values.yaml b/charts/super-agent-deployment/ci/test-values.yaml new file mode 100644 index 000000000..3fb7df050 --- /dev/null +++ b/charts/super-agent-deployment/ci/test-values.yaml @@ -0,0 +1,3 @@ +global: + licenseKey: 1234567890abcdef1234567890abcdef12345678 + cluster: test-cluster diff --git a/charts/super-agent-deployment/templates/_service.yaml b/charts/super-agent-deployment/templates/_service.yaml new file mode 100644 index 000000000..9b3de6261 --- /dev/null +++ b/charts/super-agent-deployment/templates/_service.yaml @@ -0,0 +1,19 @@ +--- +# This files is not being templated because there is no use case right now to need a service that points to the super agent (yet) +# I am keeping the file for now although it might not make any sense. +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "newrelic.common.labels" . | nindent 4 }} + name: {{ include "newrelic.common.naming.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }} diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml new file mode 100644 index 000000000..588179ff4 --- /dev/null +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "newrelic.common.labels" . | nindent 4 }} + name: {{ include "newrelic.common.naming.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} + spec: + {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.imagePullSecrets) "context" .) }} + imagePullSecrets: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "newrelic.common.priorityClassName" . }} + priorityClassName: {{ . }} + {{- end }} + {{- with include "newrelic.common.securityContext.pod" . }} + securityContext: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "newrelic.common.dnsConfig" . }} + dnsConfig: + {{- . | nindent 8 }} + {{- end }} + + hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }} + {{- if include "newrelic.common.hostNetwork" . }} + dnsPolicy: ClusterFirstWithHostNet + {{- end }} + + serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }} + + containers: + - name: {{ .Chart.Name }} + {{- with include "newrelic.common.securityContext.container" . }} + securityContext: + {{- . | nindent 12 }} + {{- end }} + image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.image "context" .) }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + env: + # - name: NRIA_LICENSE_KEY + # valueFrom: + # secretKeyRef: + # name: {{ include "newrelic.common.license.secretName" . }} + # key: {{ include "newrelic.common.license.secretKeyName" . }} + - name: CLUSTER_NAME + value: {{ include "newrelic.common.cluster" . }} + {{- with include "newrelic.common.proxy" . }} + - name: MY_APP_PROXY_URL + value: {{ . | quote }} + {{- end }} + + # TODO: Add probes + # livenessProbe: + # httpGet: + # path: / + # port: http + # readinessProbe: + # httpGet: + # path: / + # port: http + + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with include "newrelic.common.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + {{- with include "newrelic.common.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + {{- with include "newrelic.common.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} diff --git a/charts/super-agent-deployment/templates/secret-license.yaml b/charts/super-agent-deployment/templates/secret-license.yaml new file mode 100644 index 000000000..1c00f307d --- /dev/null +++ b/charts/super-agent-deployment/templates/secret-license.yaml @@ -0,0 +1,2 @@ +{{- /* Common library will take care of creating the licen key' secret or not. */ -}} +{{- include "newrelic.common.license.secret" . -}} diff --git a/charts/super-agent-deployment/templates/serviceaccount.yaml b/charts/super-agent-deployment/templates/serviceaccount.yaml new file mode 100644 index 000000000..b1e74523e --- /dev/null +++ b/charts/super-agent-deployment/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if include "newrelic.common.serviceAccount.create" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- if include "newrelic.common.serviceAccount.annotations" . }} + annotations: + {{- include "newrelic.common.serviceAccount.annotations" . | nindent 4 }} + {{- end }} + labels: + {{- include "newrelic.common.labels" . | nindent 4 }} + name: {{ include "newrelic.common.serviceAccount.name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/super-agent-deployment/tests/TODO.yaml b/charts/super-agent-deployment/tests/TODO.yaml new file mode 100644 index 000000000..759d4c4d8 --- /dev/null +++ b/charts/super-agent-deployment/tests/TODO.yaml @@ -0,0 +1 @@ +# Tests should go here. diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml new file mode 100644 index 000000000..6208828c6 --- /dev/null +++ b/charts/super-agent-deployment/values.yaml @@ -0,0 +1,111 @@ +# -- Override the name of the chart +nameOverride: "" +# -- Override the full name of the release +fullnameOverride: "" + +# -- Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. +cluster: "" +# -- This set this license key to use. Can be configured also with `global.licenseKey` +licenseKey: "" +# -- In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` +customSecretName: "" +# -- In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` +customSecretLicenseKey: "" + +# -- Image for the New Relic Super Agent +# @default -- See `values.yaml` +image: + registry: + repository: nginx # TODO: Add a image here + tag: "" # Defaults to chart's appVersion + imagePullPolicy: IfNotPresent + # -- The secrets that are needed to pull images from a custom registry. + pullSecrets: [] + # - name: regsecret + +# -- Volumes to mount in the containers +extraVolumes: [] +# -- Defines where to mount volumes specified with `extraVolumes` +extraVolumeMounts: [] + +# -- Settings controlling ServiceAccount creation. +# @default -- See `values.yaml` +serviceAccount: + # -- Whether the chart should automatically create the ServiceAccount objects required to run. + create: true + annotations: {} + # If not set and create is true, a name is generated using the full name template + name: "" + +# -- Additional labels for chart objects. Can be configured also with `global.labels` +labels: {} +# -- Annotations to be added to all pods created by the integration. +podAnnotations: {} +# -- Additional labels for chart pods. Can be configured also with `global.podLabels` +podLabels: {} + +# -- Service that points to the super agent. +# @default -- See `values.yaml` +service: + type: ClusterIP + port: 80 + +# -- Resource limits to be added to all pods created by the integration. +# @default -- `{}` +resources: {} + +# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` +priorityClassName: "" +# -- (bool) Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` +# @default -- `false` +hostNetwork: +# -- Sets security context (at pod level). Can be configured also with `global.podSecurityContext` +podSecurityContext: {} +# -- Sets security context (at container level). Can be configured also with `global.containerSecurityContext` +containerSecurityContext: {} + +# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` +dnsConfig: {} + +# Settings controlling RBAC objects creation. +rbac: + # -- Whether the chart should automatically create the RBAC objects required to run. + create: true + +# -- Sets pod/node affinities. Can be configured also with `global.affinity` +affinity: {} +# -- Sets pod's node selector. Can be configured also with `global.nodeSelector` +nodeSelector: {} +# -- Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` +tolerations: [] + +# -- Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` +customAttributes: {} + +# -- Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` +proxy: "" + +# -- (bool) Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` +# @default -- `false` +nrStaging: + +fedramp: + # -- (bool) Enables FedRAMP. Can be configured also with `global.fedramp.enabled` + # @default -- `false` + enabled: + +# -- (bool) Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` +# @default -- `false` +verboseLog: + +# -- It holds the New Relic Prometheus configuration. Here you can easily set up Prometheus to get set metrics, discover +# ponds and endpoints Kubernetes and send metrics to New Relic using remote-write. +# @default -- See `values.yaml` +config: + opamp: + endpoint: http://localhost:8080/some/path # This might be managed by the chart instead the user. + headers: + some-key: some-value + agents: + agent_1: + agent_type: namespace/agent_type:0.0.1 From 3d66e77acc497c920b690ae0b1a002801f589738 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 13 Oct 2023 15:23:24 +0200 Subject: [PATCH 02/21] add us as code owners --- CODEOWNERS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index b261c3eb3..a27f1c572 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -16,4 +16,6 @@ # synthetics-job-manager /charts/synthetics-job-manager/ @newrelic/proactive-monitoring +# Infrastructure-related charts /charts/nri-statsd/ @newrelic/caos +/charts/super-agent-deployment/ @newrelic/coreint From 2d92291163e2be28f3f62a00021f674627aa2401 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Mon, 16 Oct 2023 13:25:05 +0200 Subject: [PATCH 03/21] add missing configuration --- .../templates/_helpers.tpl | 23 +++++++++++++ .../configmap-superagent-config.yaml | 15 ++++++++ .../templates/deployment-superagent.yaml | 30 ++++++++-------- .../templates/rbac.yaml | 34 +++++++++++++++++++ .../templates/secret-license.yaml | 2 -- charts/super-agent-deployment/tests/TODO.yaml | 1 - .../tests/__snapshot__/.gitignore | 2 ++ .../tests/configmap_config_test.yaml | 24 +++++++++++++ .../tests/rbac_test.yaml | 21 ++++++++++++ charts/super-agent-deployment/values.yaml | 17 +++++----- 10 files changed, 141 insertions(+), 28 deletions(-) create mode 100644 charts/super-agent-deployment/templates/_helpers.tpl create mode 100644 charts/super-agent-deployment/templates/configmap-superagent-config.yaml create mode 100644 charts/super-agent-deployment/templates/rbac.yaml delete mode 100644 charts/super-agent-deployment/templates/secret-license.yaml delete mode 100644 charts/super-agent-deployment/tests/TODO.yaml create mode 100644 charts/super-agent-deployment/tests/__snapshot__/.gitignore create mode 100644 charts/super-agent-deployment/tests/configmap_config_test.yaml create mode 100644 charts/super-agent-deployment/tests/rbac_test.yaml diff --git a/charts/super-agent-deployment/templates/_helpers.tpl b/charts/super-agent-deployment/templates/_helpers.tpl new file mode 100644 index 000000000..fc344f1f3 --- /dev/null +++ b/charts/super-agent-deployment/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{- /* +`newrelic-super-agent.config` builds the configuration from config on the values and add more config options like +cluster name, licenses, and custom attributes +*/ -}} +{{- define "newrelic-super-agent.config" -}} +{{- /* +TODO: + * `licenseKey`: comes from the common library but it would not be needed as it is an ingestion API Key, not a REST one. + * `rbac`: the is a placeholder for RBAC that simply list pods. this has to be narrowed to the use case of this agent. + * `customAttributes`: decorate everything with this custom attributes, maybe as they come from opamp. + * `proxy`, `nrStaging` and `fedramp` support on the meta agent. This could be made from the chart itself changing the opamp endpoint. + * `verboseLog`: legacy toggle to enable verbosity. + +For this iteration, the chart has no way to template tehe license. You might reuse the common-library secret creation helpers: +{{- include "newrelic.common.license.secret" . -}} + +*/ -}} + +{{ if .Values.config }} + {{- .Values.config | toYaml -}} +{{- end -}} + +{{- end -}} diff --git a/charts/super-agent-deployment/templates/configmap-superagent-config.yaml b/charts/super-agent-deployment/templates/configmap-superagent-config.yaml new file mode 100644 index 000000000..abad838c4 --- /dev/null +++ b/charts/super-agent-deployment/templates/configmap-superagent-config.yaml @@ -0,0 +1,15 @@ +{{- $name := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" ) -}} +{{- $namespace := .Release.Namespace -}} +{{- with ( include "newrelic-super-agent.config" . ) }} +--- +kind: ConfigMap +metadata: + name: {{ $name }} + namespace: {{ $namespace }} + labels: + {{- include "newrelic.common.labels" $ | nindent 4 }} +apiVersion: v1 +data: + config.yaml: | + {{- . | nindent 4 }} +{{- end }} diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml index 588179ff4..5564e9837 100644 --- a/charts/super-agent-deployment/templates/deployment-superagent.yaml +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -51,22 +51,11 @@ spec: {{- end }} image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.image "context" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 80 - protocol: TCP - env: - # - name: NRIA_LICENSE_KEY - # valueFrom: - # secretKeyRef: - # name: {{ include "newrelic.common.license.secretName" . }} - # key: {{ include "newrelic.common.license.secretKeyName" . }} - - name: CLUSTER_NAME - value: {{ include "newrelic.common.cluster" . }} - {{- with include "newrelic.common.proxy" . }} - - name: MY_APP_PROXY_URL - value: {{ . | quote }} - {{- end }} + + # ports: + # - name: http + # containerPort: 80 + # protocol: TCP # TODO: Add probes # livenessProbe: @@ -78,8 +67,17 @@ spec: # path: / # port: http + volumeMounts: + - name: super-agent-config + mountPath: /etc/newrelic-super-agent/config.yaml + resources: {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: super-agent-config + configMap: + name: {{ include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" ) }} + {{- with include "newrelic.common.nodeSelector" . }} nodeSelector: {{- . | nindent 8 }} diff --git a/charts/super-agent-deployment/templates/rbac.yaml b/charts/super-agent-deployment/templates/rbac.yaml new file mode 100644 index 000000000..38e6db2c3 --- /dev/null +++ b/charts/super-agent-deployment/templates/rbac.yaml @@ -0,0 +1,34 @@ +{{- if .Values.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "newrelic.common.labels" . | nindent 4 }} + name: {{ include "newrelic.common.naming.fullname" . }} + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: + - pods + - pods/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "newrelic.common.labels" . | nindent 4 }} + name: {{ include "newrelic.common.naming.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "newrelic.common.naming.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "newrelic.common.serviceAccount.name" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} \ No newline at end of file diff --git a/charts/super-agent-deployment/templates/secret-license.yaml b/charts/super-agent-deployment/templates/secret-license.yaml deleted file mode 100644 index 1c00f307d..000000000 --- a/charts/super-agent-deployment/templates/secret-license.yaml +++ /dev/null @@ -1,2 +0,0 @@ -{{- /* Common library will take care of creating the licen key' secret or not. */ -}} -{{- include "newrelic.common.license.secret" . -}} diff --git a/charts/super-agent-deployment/tests/TODO.yaml b/charts/super-agent-deployment/tests/TODO.yaml deleted file mode 100644 index 759d4c4d8..000000000 --- a/charts/super-agent-deployment/tests/TODO.yaml +++ /dev/null @@ -1 +0,0 @@ -# Tests should go here. diff --git a/charts/super-agent-deployment/tests/__snapshot__/.gitignore b/charts/super-agent-deployment/tests/__snapshot__/.gitignore new file mode 100644 index 000000000..d6b7ef32c --- /dev/null +++ b/charts/super-agent-deployment/tests/__snapshot__/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/charts/super-agent-deployment/tests/configmap_config_test.yaml b/charts/super-agent-deployment/tests/configmap_config_test.yaml new file mode 100644 index 000000000..eb040ed39 --- /dev/null +++ b/charts/super-agent-deployment/tests/configmap_config_test.yaml @@ -0,0 +1,24 @@ +suite: super agent's config values are honored +templates: + - templates/configmap-superagent-config.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: super agent's config does not template + set: + config: "" + asserts: + - hasDocuments: + count: 0 + - it: super agent's config templates + set: + config: + test: value + test2: value2 + asserts: + - equal: + path: data["config.yaml"] + value: | + test: value + test2: value2 diff --git a/charts/super-agent-deployment/tests/rbac_test.yaml b/charts/super-agent-deployment/tests/rbac_test.yaml new file mode 100644 index 000000000..2913a2cc8 --- /dev/null +++ b/charts/super-agent-deployment/tests/rbac_test.yaml @@ -0,0 +1,21 @@ +suite: RBAC values are honored +templates: + - templates/rbac.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: RBAC templates + set: + rbac: + create: true + asserts: + - hasDocuments: + count: 2 + - it: RBAC does not template + set: + rbac: + create: false + asserts: + - hasDocuments: + count: 0 diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml index 6208828c6..099394f69 100644 --- a/charts/super-agent-deployment/values.yaml +++ b/charts/super-agent-deployment/values.yaml @@ -100,12 +100,11 @@ verboseLog: # -- It holds the New Relic Prometheus configuration. Here you can easily set up Prometheus to get set metrics, discover # ponds and endpoints Kubernetes and send metrics to New Relic using remote-write. -# @default -- See `values.yaml` -config: - opamp: - endpoint: http://localhost:8080/some/path # This might be managed by the chart instead the user. - headers: - some-key: some-value - agents: - agent_1: - agent_type: namespace/agent_type:0.0.1 +# @default -- {} See `values.yaml` for examples +config: {} +# opamp: +# headers: +# some-key: some-value +# agents: +# agent_1: +# agent_type: namespace/agent_type:0.0.1 From 638c4630bee6584651b64e1399a7e950e0686f4e Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Wed, 18 Oct 2023 17:30:50 +0200 Subject: [PATCH 04/21] narrow RBAC to what we are sure are going to need this iteration --- .../configmap-superagent-config.yaml | 2 +- .../templates/rbac.yaml | 20 +++++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/charts/super-agent-deployment/templates/configmap-superagent-config.yaml b/charts/super-agent-deployment/templates/configmap-superagent-config.yaml index abad838c4..839d02536 100644 --- a/charts/super-agent-deployment/templates/configmap-superagent-config.yaml +++ b/charts/super-agent-deployment/templates/configmap-superagent-config.yaml @@ -1,6 +1,6 @@ {{- $name := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" ) -}} {{- $namespace := .Release.Namespace -}} -{{- with ( include "newrelic-super-agent.config" . ) }} +{{- with ( include "newrelic-super-agent.config" . ) -}} --- kind: ConfigMap metadata: diff --git a/charts/super-agent-deployment/templates/rbac.yaml b/charts/super-agent-deployment/templates/rbac.yaml index 38e6db2c3..4b2d75b45 100644 --- a/charts/super-agent-deployment/templates/rbac.yaml +++ b/charts/super-agent-deployment/templates/rbac.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rbac.create }} +{{- if .Values.rbac.create -}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -8,14 +8,22 @@ metadata: name: {{ include "newrelic.common.naming.fullname" . }} namespace: {{ .Release.Namespace }} rules: - - apiGroups: [""] - resources: - - pods - - pods/status + - apiGroups: + - notification.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + - helm.toolkit.fluxcd.io + - image.toolkit.fluxcd.io + - kustomize.toolkit.fluxcd.io + resources: ["*"] verbs: - get - list - watch + - create + - delete + - deletecollection + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -31,4 +39,4 @@ subjects: - kind: ServiceAccount name: {{ include "newrelic.common.serviceAccount.name" . }} namespace: {{ .Release.Namespace }} -{{- end -}} \ No newline at end of file +{{- end }} From 6b86ff9419c8a494ba7b7ddd8fd52a34798345f7 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Wed, 18 Oct 2023 17:38:23 +0200 Subject: [PATCH 05/21] leftover while copying and pasting --- charts/super-agent-deployment/README.md | 3 ++- charts/super-agent-deployment/values.yaml | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/super-agent-deployment/README.md b/charts/super-agent-deployment/README.md index 3f8029e52..55e20c18b 100644 --- a/charts/super-agent-deployment/README.md +++ b/charts/super-agent-deployment/README.md @@ -39,6 +39,7 @@ as TODO: Other TODOs: * Add probes for liveness and readiness. + * See if a service is needed or not. Enable it or delete the file. ## Values @@ -46,7 +47,7 @@ Other TODOs: |-----|------|---------|-------------| | affinity | object | `{}` | Sets pod/node affinities. Can be configured also with `global.affinity` | | cluster | string | `""` | Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. | -| config | object | See `values.yaml` | It holds the New Relic Prometheus configuration. Here you can easily set up Prometheus to get set metrics, discover ponds and endpoints Kubernetes and send metrics to New Relic using remote-write. | +| config | object | See `values.yaml` for examples | Here you can set New Relic' Super Agent configuration. | | containerSecurityContext | object | `{}` | Sets security context (at container level). Can be configured also with `global.containerSecurityContext` | | customAttributes | object | `{}` | Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` | | customSecretLicenseKey | string | `""` | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml index 099394f69..b8bda8f3d 100644 --- a/charts/super-agent-deployment/values.yaml +++ b/charts/super-agent-deployment/values.yaml @@ -98,9 +98,8 @@ fedramp: # @default -- `false` verboseLog: -# -- It holds the New Relic Prometheus configuration. Here you can easily set up Prometheus to get set metrics, discover -# ponds and endpoints Kubernetes and send metrics to New Relic using remote-write. -# @default -- {} See `values.yaml` for examples +# -- Here you can set New Relic' Super Agent configuration. +# @default -- See `values.yaml` for examples config: {} # opamp: # headers: From 5f28e1c74fa2e08da8b3119d0647fa64516fd9cc Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Wed, 18 Oct 2023 17:44:06 +0200 Subject: [PATCH 06/21] remove useless service --- charts/super-agent-deployment/README.md | 2 -- .../super-agent-deployment/README.md.gotmpl | 1 - .../templates/_service.yaml | 19 ------------------- charts/super-agent-deployment/values.yaml | 6 ------ 4 files changed, 28 deletions(-) delete mode 100644 charts/super-agent-deployment/templates/_service.yaml diff --git a/charts/super-agent-deployment/README.md b/charts/super-agent-deployment/README.md index 55e20c18b..6a9f8f03a 100644 --- a/charts/super-agent-deployment/README.md +++ b/charts/super-agent-deployment/README.md @@ -39,7 +39,6 @@ as TODO: Other TODOs: * Add probes for liveness and readiness. - * See if a service is needed or not. Enable it or delete the file. ## Values @@ -72,7 +71,6 @@ Other TODOs: | proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` | | rbac.create | bool | `true` | Whether the chart should automatically create the RBAC objects required to run. | | resources | object | `{}` | Resource limits to be added to all pods created by the integration. | -| service | object | See `values.yaml` | Service that points to the super agent. | | serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation. | | serviceAccount.create | bool | `true` | Whether the chart should automatically create the ServiceAccount objects required to run. | | tolerations | list | `[]` | Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` | diff --git a/charts/super-agent-deployment/README.md.gotmpl b/charts/super-agent-deployment/README.md.gotmpl index 3a54519aa..4ccb4cc58 100644 --- a/charts/super-agent-deployment/README.md.gotmpl +++ b/charts/super-agent-deployment/README.md.gotmpl @@ -44,7 +44,6 @@ as TODO: Other TODOs: * Add probes for liveness and readiness. - * See if a service is needed or not. Enable it or delete the file. {{ template "chart.valuesSection" . }} diff --git a/charts/super-agent-deployment/templates/_service.yaml b/charts/super-agent-deployment/templates/_service.yaml deleted file mode 100644 index 9b3de6261..000000000 --- a/charts/super-agent-deployment/templates/_service.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# This files is not being templated because there is no use case right now to need a service that points to the super agent (yet) -# I am keeping the file for now although it might not make any sense. -apiVersion: v1 -kind: Service -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "newrelic.common.naming.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }} diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml index b8bda8f3d..09819e3db 100644 --- a/charts/super-agent-deployment/values.yaml +++ b/charts/super-agent-deployment/values.yaml @@ -44,12 +44,6 @@ podAnnotations: {} # -- Additional labels for chart pods. Can be configured also with `global.podLabels` podLabels: {} -# -- Service that points to the super agent. -# @default -- See `values.yaml` -service: - type: ClusterIP - port: 80 - # -- Resource limits to be added to all pods created by the integration. # @default -- `{}` resources: {} From 1b027c0848604a02513c49424606eacb7d4e03ce Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Thu, 19 Oct 2023 15:43:41 +0200 Subject: [PATCH 07/21] re-review all values and marking everything not done yet as TODO --- charts/super-agent-deployment/README.md | 18 +++++++++--------- .../templates/deployment-superagent.yaml | 11 ++++++----- charts/super-agent-deployment/values.yaml | 18 +++++++++--------- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/charts/super-agent-deployment/README.md b/charts/super-agent-deployment/README.md index 6a9f8f03a..97796cd27 100644 --- a/charts/super-agent-deployment/README.md +++ b/charts/super-agent-deployment/README.md @@ -45,36 +45,36 @@ Other TODOs: | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Sets pod/node affinities. Can be configured also with `global.affinity` | -| cluster | string | `""` | Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. | +| cluster | string | `""` | TODO: Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. | | config | object | See `values.yaml` for examples | Here you can set New Relic' Super Agent configuration. | | containerSecurityContext | object | `{}` | Sets security context (at container level). Can be configured also with `global.containerSecurityContext` | -| customAttributes | object | `{}` | Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` | -| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | -| customSecretName | string | `""` | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | +| customAttributes | object | `{}` | TODO: Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` | +| customSecretLicenseKey | string | `""` | TODO: In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | +| customSecretName | string | `""` | TODO: In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | | dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | | extraVolumeMounts | list | `[]` | Defines where to mount volumes specified with `extraVolumes` | | extraVolumes | list | `[]` | Volumes to mount in the containers | -| fedramp.enabled | bool | `false` | Enables FedRAMP. Can be configured also with `global.fedramp.enabled` | +| fedramp.enabled | bool | `false` | TODO: Enables FedRAMP. Can be configured also with `global.fedramp.enabled` | | fullnameOverride | string | `""` | Override the full name of the release | | hostNetwork | bool | `false` | Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` | | image | object | See `values.yaml` | Image for the New Relic Super Agent | | image.pullSecrets | list | `[]` | The secrets that are needed to pull images from a custom registry. | | labels | object | `{}` | Additional labels for chart objects. Can be configured also with `global.labels` | -| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` | +| licenseKey | string | `""` | TODO: This set this license key to use. Can be configured also with `global.licenseKey` | | nameOverride | string | `""` | Override the name of the chart | | nodeSelector | object | `{}` | Sets pod's node selector. Can be configured also with `global.nodeSelector` | -| nrStaging | bool | `false` | Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` | +| nrStaging | bool | `false` | TODO: Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` | | podAnnotations | object | `{}` | Annotations to be added to all pods created by the integration. | | podLabels | object | `{}` | Additional labels for chart pods. Can be configured also with `global.podLabels` | | podSecurityContext | object | `{}` | Sets security context (at pod level). Can be configured also with `global.podSecurityContext` | | priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` | -| proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` | +| proxy | string | `""` | TODO: Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` | | rbac.create | bool | `true` | Whether the chart should automatically create the RBAC objects required to run. | | resources | object | `{}` | Resource limits to be added to all pods created by the integration. | | serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation. | | serviceAccount.create | bool | `true` | Whether the chart should automatically create the ServiceAccount objects required to run. | | tolerations | list | `[]` | Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` | -| verboseLog | bool | `false` | Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` | +| verboseLog | bool | `false` | TODO: Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` | ## Maintainers diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml index 5564e9837..d70a14d2c 100644 --- a/charts/super-agent-deployment/templates/deployment-superagent.yaml +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -52,11 +52,6 @@ spec: image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.image "context" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} - # ports: - # - name: http - # containerPort: 80 - # protocol: TCP - # TODO: Add probes # livenessProbe: # httpGet: @@ -70,6 +65,9 @@ spec: volumeMounts: - name: super-agent-config mountPath: /etc/newrelic-super-agent/config.yaml + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} @@ -77,6 +75,9 @@ spec: - name: super-agent-config configMap: name: {{ include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" ) }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with include "newrelic.common.nodeSelector" . }} nodeSelector: diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml index 09819e3db..3c8dcab60 100644 --- a/charts/super-agent-deployment/values.yaml +++ b/charts/super-agent-deployment/values.yaml @@ -3,13 +3,13 @@ nameOverride: "" # -- Override the full name of the release fullnameOverride: "" -# -- Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. +# -- TODO: Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. cluster: "" -# -- This set this license key to use. Can be configured also with `global.licenseKey` +# -- TODO: This set this license key to use. Can be configured also with `global.licenseKey` licenseKey: "" -# -- In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` +# -- TODO: In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` customSecretName: "" -# -- In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` +# -- TODO: In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` customSecretLicenseKey: "" # -- Image for the New Relic Super Agent @@ -73,22 +73,22 @@ nodeSelector: {} # -- Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` tolerations: [] -# -- Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` +# -- TODO: Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` customAttributes: {} -# -- Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` +# -- TODO: Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` proxy: "" -# -- (bool) Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` +# -- (bool) TODO: Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` # @default -- `false` nrStaging: fedramp: - # -- (bool) Enables FedRAMP. Can be configured also with `global.fedramp.enabled` + # -- (bool) TODO: Enables FedRAMP. Can be configured also with `global.fedramp.enabled` # @default -- `false` enabled: -# -- (bool) Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` +# -- (bool) TODO: Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` # @default -- `false` verboseLog: From 6b31e5fa129a97e2e585cf0117981ad3df4a4233 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Thu, 19 Oct 2023 15:49:49 +0200 Subject: [PATCH 08/21] improve appversion on the chart --- charts/super-agent-deployment/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/super-agent-deployment/Chart.yaml b/charts/super-agent-deployment/Chart.yaml index d7283660f..2bb244f8e 100644 --- a/charts/super-agent-deployment/Chart.yaml +++ b/charts/super-agent-deployment/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart to install New Relic Super agent on Kubernetes type: application version: 0.0.0-beta -appVersion: TODO-FILL-THIS-WITH-CI +appVersion: TODO # Change this with the version of the image and configure it on renovatebot. dependencies: - name: common-library From de2946fd6510b28a08d7ee18503d368ecc88bc41 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Thu, 19 Oct 2023 15:52:55 +0200 Subject: [PATCH 09/21] change chart's url to the definitive one --- charts/super-agent-deployment/README.md | 6 +++--- charts/super-agent-deployment/README.md.gotmpl | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/super-agent-deployment/README.md b/charts/super-agent-deployment/README.md index 97796cd27..3eeeef0f8 100644 --- a/charts/super-agent-deployment/README.md +++ b/charts/super-agent-deployment/README.md @@ -2,7 +2,7 @@ # super-agent-deployment -![Version: 0.0.0-beta](https://img.shields.io/badge/Version-0.0.0--beta-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: TODO-FILL-THIS-WITH-CI](https://img.shields.io/badge/AppVersion-TODO--FILL--THIS--WITH--CI-informational?style=flat-square) +![Version: 0.0.0-beta](https://img.shields.io/badge/Version-0.0.0--beta-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: TODO](https://img.shields.io/badge/AppVersion-TODO-informational?style=flat-square) A Helm chart to install New Relic Super agent on Kubernetes @@ -11,8 +11,8 @@ A Helm chart to install New Relic Super agent on Kubernetes You can install this chart using directly this Helm repository: ```shell -helm repo add newrelic https://newrelic.github.io/helm-charts -helm upgrade --install newrelic/CHART-TEMPLATE -f your-custom-values.yaml +helm repo add newrelic https://helm-charts.newrelic.com +helm upgrade --install newrelic/super-agent-deployment -f your-custom-values.yaml ``` ## Values managed globally diff --git a/charts/super-agent-deployment/README.md.gotmpl b/charts/super-agent-deployment/README.md.gotmpl index 4ccb4cc58..9835df0d0 100644 --- a/charts/super-agent-deployment/README.md.gotmpl +++ b/charts/super-agent-deployment/README.md.gotmpl @@ -14,8 +14,8 @@ You can install this chart using directly this Helm repository: ```shell -helm repo add newrelic https://newrelic.github.io/helm-charts -helm upgrade --install newrelic/CHART-TEMPLATE -f your-custom-values.yaml +helm repo add newrelic https://helm-charts.newrelic.com +helm upgrade --install newrelic/super-agent-deployment -f your-custom-values.yaml ``` {{ template "chart.sourcesSection" . }} From 0a141392c9c249476c8ca69630b65908defff74a Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Thu, 19 Oct 2023 15:57:21 +0200 Subject: [PATCH 10/21] remove the TODO section from the README --- charts/super-agent-deployment/README.md | 12 +----------- charts/super-agent-deployment/README.md.gotmpl | 12 +----------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/charts/super-agent-deployment/README.md b/charts/super-agent-deployment/README.md index 3eeeef0f8..bd2ddc085 100644 --- a/charts/super-agent-deployment/README.md +++ b/charts/super-agent-deployment/README.md @@ -28,17 +28,7 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera > **TODO:** Here is where you should add particularities for this chart like what does the chart do with the privileged and low data modes or any other quirk that it could have. -### TODOs -There are values that should be planned at some point of removed from the `values.yaml`. I leave them here documented -as TODO: - * `licenseKey`: comes from the common library but it would not be needed as it is an ingestion API Key, not a REST one. - * `rbac`: the is a placeholder for RBAC that simply list pods. this has to be narrowed to the use case of this agent. - * `customAttributes`: decorate everything with this custom attributes, maybe as they come from opamp. - * `proxy`, `nrStaging` and `fedramp` support on the meta agent. This could be made from the chart itself changing the opamp endpoint. - * `verboseLog`: legacy toggle to enable verbosity. - -Other TODOs: - * Add probes for liveness and readiness. +At the point of the creation of the chart, it has no particularities and this section can be removed safely. ## Values diff --git a/charts/super-agent-deployment/README.md.gotmpl b/charts/super-agent-deployment/README.md.gotmpl index 9835df0d0..e81307e4f 100644 --- a/charts/super-agent-deployment/README.md.gotmpl +++ b/charts/super-agent-deployment/README.md.gotmpl @@ -33,17 +33,7 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera > **TODO:** Here is where you should add particularities for this chart like what does the chart do with the privileged and low data modes or any other quirk that it could have. -### TODOs -There are values that should be planned at some point of removed from the `values.yaml`. I leave them here documented -as TODO: - * `licenseKey`: comes from the common library but it would not be needed as it is an ingestion API Key, not a REST one. - * `rbac`: the is a placeholder for RBAC that simply list pods. this has to be narrowed to the use case of this agent. - * `customAttributes`: decorate everything with this custom attributes, maybe as they come from opamp. - * `proxy`, `nrStaging` and `fedramp` support on the meta agent. This could be made from the chart itself changing the opamp endpoint. - * `verboseLog`: legacy toggle to enable verbosity. - -Other TODOs: - * Add probes for liveness and readiness. +At the point of the creation of the chart, it has no particularities and this section can be removed safely. {{ template "chart.valuesSection" . }} From 403ce07302dd2d6189d019db329d7f06464857d6 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Thu, 19 Oct 2023 17:24:22 +0200 Subject: [PATCH 11/21] mount the whole config map --- .../templates/deployment-superagent.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml index d70a14d2c..4c17aee4f 100644 --- a/charts/super-agent-deployment/templates/deployment-superagent.yaml +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -64,7 +64,9 @@ spec: volumeMounts: - name: super-agent-config - mountPath: /etc/newrelic-super-agent/config.yaml + mountPath: /etc/newrelic-super-agent + readOnly: true + {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -75,6 +77,7 @@ spec: - name: super-agent-config configMap: name: {{ include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" ) }} + {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} From cef489ec5fdd577cc4fc46010ee5d57b1e368705 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 20 Oct 2023 09:10:45 +0200 Subject: [PATCH 12/21] remove redundant TODO --- .../super-agent-deployment/templates/_helpers.tpl | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/charts/super-agent-deployment/templates/_helpers.tpl b/charts/super-agent-deployment/templates/_helpers.tpl index fc344f1f3..6b1f0b08b 100644 --- a/charts/super-agent-deployment/templates/_helpers.tpl +++ b/charts/super-agent-deployment/templates/_helpers.tpl @@ -5,18 +5,17 @@ cluster name, licenses, and custom attributes {{- define "newrelic-super-agent.config" -}} {{- /* TODO: - * `licenseKey`: comes from the common library but it would not be needed as it is an ingestion API Key, not a REST one. - * `rbac`: the is a placeholder for RBAC that simply list pods. this has to be narrowed to the use case of this agent. - * `customAttributes`: decorate everything with this custom attributes, maybe as they come from opamp. - * `proxy`, `nrStaging` and `fedramp` support on the meta agent. This could be made from the chart itself changing the opamp endpoint. - * `verboseLog`: legacy toggle to enable verbosity. -For this iteration, the chart has no way to template tehe license. You might reuse the common-library secret creation helpers: -{{- include "newrelic.common.license.secret" . -}} +There are a lot of TODOs to be made in this chart yet and some of them are going to impact the YAML that holds the +config. +This is the helper that templates the config. For this iteration we simply copy the `config` object from the values +and template it in the config map. + +If you need a list of TODOs, just `grep TODO` on the `values.yaml` and look for things that are yet to be implemented. */ -}} -{{ if .Values.config }} +{{- if .Values.config -}} {{- .Values.config | toYaml -}} {{- end -}} From 3c3578f9820de214bc5aeb9f12c9bc9de34163b9 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 20 Oct 2023 09:18:17 +0200 Subject: [PATCH 13/21] fake testing values.yaml --- charts/super-agent-deployment/ci/test-values.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/super-agent-deployment/ci/test-values.yaml b/charts/super-agent-deployment/ci/test-values.yaml index 3fb7df050..42659f60a 100644 --- a/charts/super-agent-deployment/ci/test-values.yaml +++ b/charts/super-agent-deployment/ci/test-values.yaml @@ -1,3 +1,5 @@ -global: - licenseKey: 1234567890abcdef1234567890abcdef12345678 - cluster: test-cluster +# chart-testing need values files to test that the chart is installable and upgradable. +# The values file is needed to be populated. As we have nothing to test for now, I am filling this files with gibberish +# so the test triggers at the same time that it does not affect the default values file or any other function of the +# chart of the common library. +fake: values From 3c097cf00104f992cfa83cf948302cd184772c81 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 20 Oct 2023 09:20:31 +0200 Subject: [PATCH 14/21] remove commented probes --- .../templates/deployment-superagent.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml index 4c17aee4f..30bfb2fe9 100644 --- a/charts/super-agent-deployment/templates/deployment-superagent.yaml +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -53,14 +53,6 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add probes - # livenessProbe: - # httpGet: - # path: / - # port: http - # readinessProbe: - # httpGet: - # path: / - # port: http volumeMounts: - name: super-agent-config From 51cefaa5326aac44f1e1754647f953d3aed05a87 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 20 Oct 2023 09:26:06 +0200 Subject: [PATCH 15/21] remove useless RBAC permissions --- charts/super-agent-deployment/templates/rbac.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/super-agent-deployment/templates/rbac.yaml b/charts/super-agent-deployment/templates/rbac.yaml index 4b2d75b45..52270c17c 100644 --- a/charts/super-agent-deployment/templates/rbac.yaml +++ b/charts/super-agent-deployment/templates/rbac.yaml @@ -9,10 +9,8 @@ metadata: namespace: {{ .Release.Namespace }} rules: - apiGroups: - - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io resources: ["*"] verbs: From 5196f042a6012be2ee17bc63fe050b9956ff1d25 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 20 Oct 2023 13:29:12 +0200 Subject: [PATCH 16/21] change image to a working one --- .github/renovate.json5 | 9 +++++++++ charts/super-agent-deployment/Chart.yaml | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 1ed29374f..5875d9313 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -48,6 +48,15 @@ "patch" ], "enabled": true + }, + { + // Update Super Agent chart + "fileMatch": [ "^charts/super-agent-deployment/Chart.yaml$" ], + "datasourceTemplate": "docker", + "depNameTemplate": "newrelic/newrelic-super-agent", + "matchStrings": [ + "appVersion: (?.*) # .*" + ] } ] } diff --git a/charts/super-agent-deployment/Chart.yaml b/charts/super-agent-deployment/Chart.yaml index 2bb244f8e..0250878a7 100644 --- a/charts/super-agent-deployment/Chart.yaml +++ b/charts/super-agent-deployment/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart to install New Relic Super agent on Kubernetes type: application version: 0.0.0-beta -appVersion: TODO # Change this with the version of the image and configure it on renovatebot. +appVersion: nightly # Change this with a proper version of the image. dependencies: - name: common-library From f7bd4974816942f4a052776a05a9393c6d07c6c0 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 20 Oct 2023 14:03:51 +0200 Subject: [PATCH 17/21] set a minimal config for the configmap to render --- charts/super-agent-deployment/ci/test-values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/super-agent-deployment/ci/test-values.yaml b/charts/super-agent-deployment/ci/test-values.yaml index 42659f60a..a4a18b631 100644 --- a/charts/super-agent-deployment/ci/test-values.yaml +++ b/charts/super-agent-deployment/ci/test-values.yaml @@ -1,5 +1,5 @@ -# chart-testing need values files to test that the chart is installable and upgradable. -# The values file is needed to be populated. As we have nothing to test for now, I am filling this files with gibberish -# so the test triggers at the same time that it does not affect the default values file or any other function of the -# chart of the common library. -fake: values +config: + opamp: + endpoint: https://opamp.service.newrelic.com/v1/opamp + headers: + api-key: 1234567890abcdef1234567890abcdef12345678 From 8251ec6767fd6a5b79b7864f81a0ca8b2af6f3d1 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 20 Oct 2023 14:49:15 +0200 Subject: [PATCH 18/21] fix default image --- .../super-agent-deployment/templates/deployment-superagent.yaml | 2 ++ charts/super-agent-deployment/values.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml index 30bfb2fe9..718165b97 100644 --- a/charts/super-agent-deployment/templates/deployment-superagent.yaml +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -51,6 +51,8 @@ spec: {{- end }} image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.image "context" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --running-mode=Kubernetes # TODO: Add probes diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml index 3c8dcab60..d8008709c 100644 --- a/charts/super-agent-deployment/values.yaml +++ b/charts/super-agent-deployment/values.yaml @@ -16,7 +16,7 @@ customSecretLicenseKey: "" # @default -- See `values.yaml` image: registry: - repository: nginx # TODO: Add a image here + repository: newrelic/newrelic-super-agent tag: "" # Defaults to chart's appVersion imagePullPolicy: IfNotPresent # -- The secrets that are needed to pull images from a custom registry. From 7ec3d4ba9073b07f1ca579fc3547ebcb10695eef Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Mon, 23 Oct 2023 12:59:25 +0200 Subject: [PATCH 19/21] support staging and licenseKey on the config --- .../ci/test-values.yaml | 10 +-- .../templates/_helpers.tpl | 68 ++++++++++++++++--- .../configmap-superagent-config.yaml | 12 ++-- .../templates/deployment-superagent.yaml | 5 +- .../tests/configmap_config_test.yaml | 18 +++-- .../tests/licenseKey_test.yaml | 36 ++++++++++ charts/super-agent-deployment/values.yaml | 28 ++++---- 7 files changed, 139 insertions(+), 38 deletions(-) create mode 100644 charts/super-agent-deployment/tests/licenseKey_test.yaml diff --git a/charts/super-agent-deployment/ci/test-values.yaml b/charts/super-agent-deployment/ci/test-values.yaml index a4a18b631..53b91efd7 100644 --- a/charts/super-agent-deployment/ci/test-values.yaml +++ b/charts/super-agent-deployment/ci/test-values.yaml @@ -1,5 +1,5 @@ -config: - opamp: - endpoint: https://opamp.service.newrelic.com/v1/opamp - headers: - api-key: 1234567890abcdef1234567890abcdef12345678 +global: + licenseKey: 1234567890abcdef1234567890abcdef12345678 + +# The agent is going to test that is able to call OpAmp service so we set a valid server to connect to. +nrStaging: true diff --git a/charts/super-agent-deployment/templates/_helpers.tpl b/charts/super-agent-deployment/templates/_helpers.tpl index 6b1f0b08b..138e05f32 100644 --- a/charts/super-agent-deployment/templates/_helpers.tpl +++ b/charts/super-agent-deployment/templates/_helpers.tpl @@ -1,22 +1,72 @@ {{- /* -`newrelic-super-agent.config` builds the configuration from config on the values and add more config options like +Return the name of the configMap holding the Super Agent's config. Defaults to release's fill name suffiexed with "-config" +*/ -}} +{{- define "newrelic-super-agent.config.name" -}} +{{- .Values.config.name | default (include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" )) -}} +{{- end -}} + + +{{- /* +Return the key name of the configMap holding the Super Agent's config. Defaults to "config.yaml" +*/ -}} +{{- define "newrelic-super-agent.config.key" -}} +{{- .Values.config.key | default "config.yaml" -}} +{{- end -}} + + +{{- /* +This function simply templates the default configuration for the agent. +*/ -}} +{{- define "newrelic-super-agent.config.defaultConfig" -}} +opamp: + endpoint: COMPLETE-ME + headers: + api-key: COMPLETE-ME +{{- end -}} + + +{{- /* +Builds the configuration from config on the values and add more config options like cluster name, licenses, and custom attributes */ -}} -{{- define "newrelic-super-agent.config" -}} +{{- define "newrelic-super-agent.config.content" -}} {{- /* -TODO: +This snippet should execute always to block all unsupported features from the common-lirary that are not yet supported +by this chart. -There are a lot of TODOs to be made in this chart yet and some of them are going to impact the YAML that holds the -config. +TODO: Remove this file when the Super Agent supports licensekey as an envVar. +*/ -}} +{{ $licenseKey := include "newrelic.common.license._licenseKey" . }} +{{- if or (include "newrelic.common.license._customSecretName" .) (include "newrelic.common.license._customSecretKey" .) -}} + {{- fail "Common library supports setting an external custom secret for the license but the super agent still does not support the license by an env var. You must specify a .licenseKey or .global.licenseKey" -}} +{{- end -}} +{{- if not $licenseKey -}} + {{- fail "You must specify .licenseKey or .global.licenseKey" -}} +{{- end -}} -This is the helper that templates the config. For this iteration we simply copy the `config` object from the values -and template it in the config map. +{{- /* +TODO: There are a lot of TODOs to be made in this chart yet and some of them are going to impact the YAML that holds +the config. If you need a list of TODOs, just `grep TODO` on the `values.yaml` and look for things that are yet to be implemented. */ -}} +{{- $config := fromYaml (include "newrelic-super-agent.config.defaultConfig" .) -}} +{{- if .Values.config.content -}} + {{- $_ := deepCopy .Values.config.content | mustMergeOverwrite $config -}} +{{- end -}} -{{- if .Values.config -}} - {{- .Values.config | toYaml -}} +{{- if include "newrelic.common.fedramp.enabled" . -}} + {{- fail "FedRAMP is not supported yet" -}}{{- /* TODO: Add FedRamp support */ -}} +{{- else if include "newrelic.common.nrStaging" . -}} + {{- $_ := set $config.opamp "endpoint" "https://opamp.staging-service.newrelic.com/v1/opamp" -}} +{{- else -}} + {{- /* TODO: Is this the prod URL? */ -}} + {{- $_ := set $config.opamp "endpoint" "https://opamp.service.newrelic.com/v1/opamp" -}} {{- end -}} +{{- /* We have to use common library internals because the agent does not support envvars yet */ -}} +{{- /* TODO: Remove this when the sa supports licenseKeys from envVars */ -}} +{{- $_ := set $config.opamp.headers "api-key" $licenseKey -}} + +{{- $config | toYaml -}} {{- end -}} diff --git a/charts/super-agent-deployment/templates/configmap-superagent-config.yaml b/charts/super-agent-deployment/templates/configmap-superagent-config.yaml index 839d02536..cccd74384 100644 --- a/charts/super-agent-deployment/templates/configmap-superagent-config.yaml +++ b/charts/super-agent-deployment/templates/configmap-superagent-config.yaml @@ -1,15 +1,13 @@ -{{- $name := include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" ) -}} -{{- $namespace := .Release.Namespace -}} -{{- with ( include "newrelic-super-agent.config" . ) -}} +{{- if .Values.config.create -}} --- kind: ConfigMap metadata: - name: {{ $name }} - namespace: {{ $namespace }} + name: {{ include "newrelic-super-agent.config.name" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "newrelic.common.labels" $ | nindent 4 }} apiVersion: v1 data: - config.yaml: | - {{- . | nindent 4 }} + {{ include "newrelic-super-agent.config.key" . }}: | + {{- include "newrelic-super-agent.config.content" . | nindent 4 }} {{- end }} diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml index 718165b97..8b67f5d39 100644 --- a/charts/super-agent-deployment/templates/deployment-superagent.yaml +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -70,7 +70,10 @@ spec: volumes: - name: super-agent-config configMap: - name: {{ include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config" ) }} + name: {{ include "newrelic-super-agent.config.name" . }} + items: + - key: {{ include "newrelic-super-agent.config.key" . }} + path: config.yaml {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} diff --git a/charts/super-agent-deployment/tests/configmap_config_test.yaml b/charts/super-agent-deployment/tests/configmap_config_test.yaml index eb040ed39..7583ecf80 100644 --- a/charts/super-agent-deployment/tests/configmap_config_test.yaml +++ b/charts/super-agent-deployment/tests/configmap_config_test.yaml @@ -5,20 +5,30 @@ release: name: my-release namespace: my-namespace tests: - - it: super agent's config does not template + - it: super agent's config can be disabled set: - config: "" + global: + licenseKey: test + config: + create: false asserts: - hasDocuments: count: 0 - it: super agent's config templates set: + global: + licenseKey: test config: - test: value - test2: value2 + content: + test: value + test2: value2 asserts: - equal: path: data["config.yaml"] value: | + opamp: + endpoint: https://opamp.service.newrelic.com/v1/opamp + headers: + api-key: test test: value test2: value2 diff --git a/charts/super-agent-deployment/tests/licenseKey_test.yaml b/charts/super-agent-deployment/tests/licenseKey_test.yaml new file mode 100644 index 000000000..5157af6ca --- /dev/null +++ b/charts/super-agent-deployment/tests/licenseKey_test.yaml @@ -0,0 +1,36 @@ +suite: licenseKey temporary tests +# These tests are to test that a missing licenseKey actually aborts templating the chart. +# This should be something that the common-library should do, but the common library does +# it while templating the secret with the license to be used as a envVar. +# As the super agent does not support it as a envvar (yet), we added it directly on the +# configuration file. The consequence is that the chart is able to template without +# license. +# TODO: Remove this file when the Super Agent supports licensekey as an envVar. +templates: + - templates/configmap-superagent-config.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: Empty licenses abort the template + set: + global: + licenseKey: "" + licenseKey: "" + asserts: + - failedTemplate: + errorMessage: You must specify .licenseKey or .global.licenseKey + - it: Using custom secret abort the template + set: + global: + customSecretName: non-empty + asserts: + - failedTemplate: + errorMessage: Common library supports setting an external custom secret for the license but the super agent still does not support the license by an env var. You must specify a .licenseKey or .global.licenseKey + - it: Using custom secret abort the template + set: + global: + customSecretLicenseKey: non-empty + asserts: + - failedTemplate: + errorMessage: Common library supports setting an external custom secret for the license but the super agent still does not support the license by an env var. You must specify a .licenseKey or .global.licenseKey diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml index d8008709c..0fbdb4e2c 100644 --- a/charts/super-agent-deployment/values.yaml +++ b/charts/super-agent-deployment/values.yaml @@ -5,7 +5,7 @@ fullnameOverride: "" # -- TODO: Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. cluster: "" -# -- TODO: This set this license key to use. Can be configured also with `global.licenseKey` +# -- This set this license key to use. Can be configured also with `global.licenseKey` licenseKey: "" # -- TODO: In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` customSecretName: "" @@ -79,12 +79,12 @@ customAttributes: {} # -- TODO: Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` proxy: "" -# -- (bool) TODO: Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` +# -- (bool) Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` # @default -- `false` nrStaging: fedramp: - # -- (bool) TODO: Enables FedRAMP. Can be configured also with `global.fedramp.enabled` + # -- (bool) Enables FedRAMP. Can be configured also with `global.fedramp.enabled` # @default -- `false` enabled: @@ -92,12 +92,16 @@ fedramp: # @default -- `false` verboseLog: -# -- Here you can set New Relic' Super Agent configuration. -# @default -- See `values.yaml` for examples -config: {} -# opamp: -# headers: -# some-key: some-value -# agents: -# agent_1: -# agent_type: namespace/agent_type:0.0.1 +config: + create: true + name: "" + key: "" + # -- Here you can set New Relic' Super Agent configuration. + # @default -- See `values.yaml` for examples + content: + # opamp: + # headers: + # some-key: some-value + # agents: + # agent_1: + # agent_type: namespace/agent_type:0.0.1 From 2e7ea0a72b79ef91f8fdc94f8231798b34553883 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Mon, 23 Oct 2023 14:10:59 +0200 Subject: [PATCH 20/21] address pr comments --- charts/super-agent-deployment/Chart.yaml | 2 +- charts/super-agent-deployment/README.md | 15 ++++++++++----- .../templates/deployment-superagent.yaml | 8 ++++++++ charts/super-agent-deployment/templates/rbac.yaml | 1 - charts/super-agent-deployment/values.yaml | 7 +++++++ 5 files changed, 26 insertions(+), 7 deletions(-) diff --git a/charts/super-agent-deployment/Chart.yaml b/charts/super-agent-deployment/Chart.yaml index 0250878a7..a9f038239 100644 --- a/charts/super-agent-deployment/Chart.yaml +++ b/charts/super-agent-deployment/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart to install New Relic Super agent on Kubernetes type: application version: 0.0.0-beta -appVersion: nightly # Change this with a proper version of the image. +appVersion: nightly # TODO: Change this with a proper version of the image. dependencies: - name: common-library diff --git a/charts/super-agent-deployment/README.md b/charts/super-agent-deployment/README.md index bd2ddc085..861c3675f 100644 --- a/charts/super-agent-deployment/README.md +++ b/charts/super-agent-deployment/README.md @@ -2,7 +2,7 @@ # super-agent-deployment -![Version: 0.0.0-beta](https://img.shields.io/badge/Version-0.0.0--beta-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: TODO](https://img.shields.io/badge/AppVersion-TODO-informational?style=flat-square) +![Version: 0.0.0-beta](https://img.shields.io/badge/Version-0.0.0--beta-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: nightly](https://img.shields.io/badge/AppVersion-nightly-informational?style=flat-square) A Helm chart to install New Relic Super agent on Kubernetes @@ -36,24 +36,29 @@ At the point of the creation of the chart, it has no particularities and this se |-----|------|---------|-------------| | affinity | object | `{}` | Sets pod/node affinities. Can be configured also with `global.affinity` | | cluster | string | `""` | TODO: Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. | -| config | object | See `values.yaml` for examples | Here you can set New Relic' Super Agent configuration. | +| config.content | string | See `values.yaml` for examples | Here you can set New Relic' Super Agent configuration. | +| config.create | bool | `true` | Set if the configMap is going to be created by this chart or the user will provide its own. | +| config.key | string | `""` | The key in the configMap that has the configuration for the Super Agent. | +| config.name | string | `""` | The name the configMap is going to have. If create is set to false, the name of an existing configMap that will be used to config the Super Agent. | | containerSecurityContext | object | `{}` | Sets security context (at container level). Can be configured also with `global.containerSecurityContext` | | customAttributes | object | `{}` | TODO: Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` | | customSecretLicenseKey | string | `""` | TODO: In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | | customSecretName | string | `""` | TODO: In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | | dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | +| extraEnv | list | `[]` | Add user environment variables to the agent | +| extraEnvFrom | list | `[]` | Add user environment from configMaps or secrets as variables to the agent | | extraVolumeMounts | list | `[]` | Defines where to mount volumes specified with `extraVolumes` | | extraVolumes | list | `[]` | Volumes to mount in the containers | -| fedramp.enabled | bool | `false` | TODO: Enables FedRAMP. Can be configured also with `global.fedramp.enabled` | +| fedramp.enabled | bool | `false` | Enables FedRAMP. Can be configured also with `global.fedramp.enabled` | | fullnameOverride | string | `""` | Override the full name of the release | | hostNetwork | bool | `false` | Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` | | image | object | See `values.yaml` | Image for the New Relic Super Agent | | image.pullSecrets | list | `[]` | The secrets that are needed to pull images from a custom registry. | | labels | object | `{}` | Additional labels for chart objects. Can be configured also with `global.labels` | -| licenseKey | string | `""` | TODO: This set this license key to use. Can be configured also with `global.licenseKey` | +| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` | | nameOverride | string | `""` | Override the name of the chart | | nodeSelector | object | `{}` | Sets pod's node selector. Can be configured also with `global.nodeSelector` | -| nrStaging | bool | `false` | TODO: Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` | +| nrStaging | bool | `false` | Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` | | podAnnotations | object | `{}` | Annotations to be added to all pods created by the integration. | | podLabels | object | `{}` | Additional labels for chart pods. Can be configured also with `global.podLabels` | | podSecurityContext | object | `{}` | Sets security context (at pod level). Can be configured also with `global.podSecurityContext` | diff --git a/charts/super-agent-deployment/templates/deployment-superagent.yaml b/charts/super-agent-deployment/templates/deployment-superagent.yaml index 8b67f5d39..bd77a8150 100644 --- a/charts/super-agent-deployment/templates/deployment-superagent.yaml +++ b/charts/super-agent-deployment/templates/deployment-superagent.yaml @@ -54,6 +54,14 @@ spec: args: - --running-mode=Kubernetes + {{- with .Values.extraEnv }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} # TODO: Add probes volumeMounts: diff --git a/charts/super-agent-deployment/templates/rbac.yaml b/charts/super-agent-deployment/templates/rbac.yaml index 52270c17c..ac1bdb699 100644 --- a/charts/super-agent-deployment/templates/rbac.yaml +++ b/charts/super-agent-deployment/templates/rbac.yaml @@ -11,7 +11,6 @@ rules: - apiGroups: - source.toolkit.fluxcd.io - helm.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io resources: ["*"] verbs: - get diff --git a/charts/super-agent-deployment/values.yaml b/charts/super-agent-deployment/values.yaml index 0fbdb4e2c..b2f736451 100644 --- a/charts/super-agent-deployment/values.yaml +++ b/charts/super-agent-deployment/values.yaml @@ -23,6 +23,10 @@ image: pullSecrets: [] # - name: regsecret +# -- Add user environment variables to the agent +extraEnv: [] +# -- Add user environment from configMaps or secrets as variables to the agent +extraEnvFrom: [] # -- Volumes to mount in the containers extraVolumes: [] # -- Defines where to mount volumes specified with `extraVolumes` @@ -93,8 +97,11 @@ fedramp: verboseLog: config: + # -- Set if the configMap is going to be created by this chart or the user will provide its own. create: true + # -- The name the configMap is going to have. If create is set to false, the name of an existing configMap that will be used to config the Super Agent. name: "" + # -- The key in the configMap that has the configuration for the Super Agent. key: "" # -- Here you can set New Relic' Super Agent configuration. # @default -- See `values.yaml` for examples From afc593edb6916dd33d2361fd8f9f25c546d35dfd Mon Sep 17 00:00:00 2001 From: Guillermo Sanchez Gavier Date: Mon, 23 Oct 2023 15:13:39 +0200 Subject: [PATCH 21/21] remove tests --- .../ci/test-values.yaml | 5 --- .../tests/__snapshot__/.gitignore | 2 -- .../tests/configmap_config_test.yaml | 34 ------------------ .../tests/licenseKey_test.yaml | 36 ------------------- .../tests/rbac_test.yaml | 21 ----------- 5 files changed, 98 deletions(-) delete mode 100644 charts/super-agent-deployment/ci/test-values.yaml delete mode 100644 charts/super-agent-deployment/tests/__snapshot__/.gitignore delete mode 100644 charts/super-agent-deployment/tests/configmap_config_test.yaml delete mode 100644 charts/super-agent-deployment/tests/licenseKey_test.yaml delete mode 100644 charts/super-agent-deployment/tests/rbac_test.yaml diff --git a/charts/super-agent-deployment/ci/test-values.yaml b/charts/super-agent-deployment/ci/test-values.yaml deleted file mode 100644 index 53b91efd7..000000000 --- a/charts/super-agent-deployment/ci/test-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -global: - licenseKey: 1234567890abcdef1234567890abcdef12345678 - -# The agent is going to test that is able to call OpAmp service so we set a valid server to connect to. -nrStaging: true diff --git a/charts/super-agent-deployment/tests/__snapshot__/.gitignore b/charts/super-agent-deployment/tests/__snapshot__/.gitignore deleted file mode 100644 index d6b7ef32c..000000000 --- a/charts/super-agent-deployment/tests/__snapshot__/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/charts/super-agent-deployment/tests/configmap_config_test.yaml b/charts/super-agent-deployment/tests/configmap_config_test.yaml deleted file mode 100644 index 7583ecf80..000000000 --- a/charts/super-agent-deployment/tests/configmap_config_test.yaml +++ /dev/null @@ -1,34 +0,0 @@ -suite: super agent's config values are honored -templates: - - templates/configmap-superagent-config.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: super agent's config can be disabled - set: - global: - licenseKey: test - config: - create: false - asserts: - - hasDocuments: - count: 0 - - it: super agent's config templates - set: - global: - licenseKey: test - config: - content: - test: value - test2: value2 - asserts: - - equal: - path: data["config.yaml"] - value: | - opamp: - endpoint: https://opamp.service.newrelic.com/v1/opamp - headers: - api-key: test - test: value - test2: value2 diff --git a/charts/super-agent-deployment/tests/licenseKey_test.yaml b/charts/super-agent-deployment/tests/licenseKey_test.yaml deleted file mode 100644 index 5157af6ca..000000000 --- a/charts/super-agent-deployment/tests/licenseKey_test.yaml +++ /dev/null @@ -1,36 +0,0 @@ -suite: licenseKey temporary tests -# These tests are to test that a missing licenseKey actually aborts templating the chart. -# This should be something that the common-library should do, but the common library does -# it while templating the secret with the license to be used as a envVar. -# As the super agent does not support it as a envvar (yet), we added it directly on the -# configuration file. The consequence is that the chart is able to template without -# license. -# TODO: Remove this file when the Super Agent supports licensekey as an envVar. -templates: - - templates/configmap-superagent-config.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: Empty licenses abort the template - set: - global: - licenseKey: "" - licenseKey: "" - asserts: - - failedTemplate: - errorMessage: You must specify .licenseKey or .global.licenseKey - - it: Using custom secret abort the template - set: - global: - customSecretName: non-empty - asserts: - - failedTemplate: - errorMessage: Common library supports setting an external custom secret for the license but the super agent still does not support the license by an env var. You must specify a .licenseKey or .global.licenseKey - - it: Using custom secret abort the template - set: - global: - customSecretLicenseKey: non-empty - asserts: - - failedTemplate: - errorMessage: Common library supports setting an external custom secret for the license but the super agent still does not support the license by an env var. You must specify a .licenseKey or .global.licenseKey diff --git a/charts/super-agent-deployment/tests/rbac_test.yaml b/charts/super-agent-deployment/tests/rbac_test.yaml deleted file mode 100644 index 2913a2cc8..000000000 --- a/charts/super-agent-deployment/tests/rbac_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -suite: RBAC values are honored -templates: - - templates/rbac.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: RBAC templates - set: - rbac: - create: true - asserts: - - hasDocuments: - count: 2 - - it: RBAC does not template - set: - rbac: - create: false - asserts: - - hasDocuments: - count: 0