Merge pull request #6 from JacekZubielik/cadvisor

chore(init): init

charts/cadvisor/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+appVersion: v0.49.1
+description: Cadvisor - Container Advisor
+name: cadvisor
+version: 0.0.1
+type: application
+keywords:
+- prometheus
+- cadvisor
+- monitoring
+home: https://github.com/JacekZubielik/jz-helm-charts/tree/master/charts/cadvisor
+sources:
+- https://github.com/google/cadvisor
+maintainers:
+- name: Jacek Zubielik
+  email: [email protected]

charts/cadvisor/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/* Expand the name of the chart. */}}
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name. */}}
+{{- define "app.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Create chart name and version as used by the chart label. */}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Common labels */}}
+{{- define "app.labels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+helm.sh/chart: {{ include "app.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/* Selector labels */}}
+{{- define "app.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/* Create the name of the service account to use */}}
+{{- define "app.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "app.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/cadvisor/templates/clusterrole.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.podSecurityPolicy.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames:
+    - {{ template "app.name" . }}
+{{- end -}}

charts/cadvisor/templates/clusterrolebinding.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.podSecurityPolicy.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "app.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "app.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/cadvisor/templates/daemonset.yaml

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+      seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "app.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "app.name" . }}
+        release: {{ .Release.Name }}
+        {{- range $key, $value := .Values.podLabels }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      annotations:
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+    spec:
+      {{ if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
+      {{ if .Values.image.pullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.image.pullSecrets }}
+      - name: {{ . }}
+      {{- end }}
+      {{- end }}
+      serviceAccountName: {{ template "app.serviceAccountName" . }}
+      {{ if .Values.hostNetwork }} 
+      hostNetwork: true
+      {{- end }}
+      containers:
+      - name: {{ template "app.name" . }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+        {{- with .Values.container.additionalArgs }}
+{{ toYaml . | indent 10 }}
+        {{- end }}
+        volumeMounts:
+        {{- range .Values.container.hostPaths }}
+        - name: {{ .name }}
+          mountPath: {{ default .path .mount }}
+          readOnly: {{ list nil true | has .readOnly }}
+        {{- end }}
+        {{ if .Values.podSecurityContext.create }}
+        securityContext:
+          privileged: {{ .Values.podSecurityContext.privileged }}
+        {{- end }}
+        ports:
+        - name: http
+          containerPort: {{ .Values.container.port }}
+          protocol: TCP
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+      automountServiceAccountToken: false
+      terminationGracePeriodSeconds: 30
+      volumes:
+      {{- range .Values.container.hostPaths }}
+      - name: {{ .name }}
+        hostPath:
+          path: {{ .path }}
+      {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+

charts/cadvisor/templates/psp.yaml

@@ -0,0 +1,25 @@
+{{- if .Values.podSecurityPolicy.create -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  volumes:
+  - '*'
+  {{ if .Values.podSecurityPolicy.privileged }}
+  privileged: true
+  {{- end }}
+  allowedHostPaths:
+  {{- range .Values.container.hostPaths }}
+  - pathPrefix: {{ .path }}
+  {{- end }}
+{{- end -}}

charts/cadvisor/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+  - name: http
+    port: {{ .Values.container.port }}
+    targetPort: {{ .Values.container.port }}
+    protocol: TCP
+  selector:
+    app: {{ template "app.name" . }}
+  type: ClusterIP

charts/cadvisor/templates/serviceaccount.yaml

@@ -0,0 +1,7 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "app.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/cadvisor/templates/servicemonitor.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.metrics.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "app.name" . }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  endpoints:
+    - path: /metrics
+      interval: {{ .Values.metrics.interval }}
+      scrapeTimeout: {{ .Values.metrics.scrapeTimeout }}
+      port: http
+      {{- if .Values.metrics.relabelings }}
+      relabelings:
+        {{- toYaml .Values.metrics.relabelings | nindent 8 }}
+      {{- end -}}
+      {{- if .Values.metrics.metricRelabelings }}
+      metricRelabelings:
+        {{- toYaml .Values.metrics.metricRelabelings | nindent 8 }}
+      {{- end -}}
+{{- end -}}

charts/cadvisor/values.yaml

@@ -0,0 +1,105 @@
+image:
+  repository: gcr.io/cadvisor/cadvisor
+  tag: ""
+  pullPolicy: IfNotPresent
+
+  ## Reference to one or more secrets to be used when pulling images
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  pullSecrets: []
+
+container:
+  port: 8080
+  additionalArgs:
+    - --housekeeping_interval=10s                       # kubernetes default args
+    - --max_housekeeping_interval=15s
+    - --event_storage_event_limit=default=0
+    - --event_storage_age_limit=default=0
+    - --disable_metrics=percpu,process,sched,tcp,udp    # enable only diskIO, cpu, memory, network, disk
+    - --docker_only
+  hostPaths:
+    - name: rootfs
+      path: "/"
+      mount: "/rootfs"
+      readOnly: true
+    - name: varrun
+      path: "/var/run"
+      readOnly: true
+    - name: sys
+      path: "/sys"
+      readOnly: true
+    - name: docker
+      path: "/var/lib/docker"
+      readOnly: true
+    - name: disk
+      path: "/dev/disk"
+      readOnly: true
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+podAnnotations: {}
+podLabels: {}
+
+# priorityClassName: system-cluster-critical
+priorityClassName: {}
+
+# sometimes errors are encountered when using the cpu load reader without being on the host network
+hostNetwork: false
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityPolicy:
+  create: false
+  privileged: false
+
+# Specifies whether a securityContext should be created. Required for privileged operations.
+podSecurityContext:
+  create: false
+  privileged: false
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# This will create a ServiceMonitor Custom Resource indicating the prometheus operator what to scrape.
+metrics:
+  enabled: false
+  interval: 30s
+  scrapeTimeout: 30s
+  # This will allow you to specify relabelings on the metrics before ingestion. E.g. to use the kubernetes monitoring
+  # mixin with this chart set metrics.enabled above to true and use:
+  # relabelings:
+  #  - sourceLabels:
+  #    - name
+  #    targetLabel: container
+  #  - sourceLabels:
+  #    - container_label_io_kubernetes_pod_namespace
+  #    targetLabel: namespace
+  #  - sourceLabels:
+  #    - container_label_io_kubernetes_pod_name
+  #    targetLabel: pod
+  metricRelabelings: []
+  # This will allow you to specify relabelings on the metrics before scraping.
+  # relabelings:
+  #  - action: replace
+  #    sourceLabels:
+  #    - __meta_kubernetes_pod_node_name
+  #    targetLabel: node
+  relabelings: []