Skip to content

Commit

Permalink
Merge branch 'develop' into dependabot/github_actions/helm/chart-test…
Browse files Browse the repository at this point in the history 
…ing-action-2.7.0
  • Loading branch information
@jessegoodier
jessegoodier authored Jan 27, 2025
2 parents 360abf7 + 577da17 commit e8dd0ff
Show file tree
Hide file tree
Showing 4 changed files with 103 additions and 42 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ Parameter | Description | Default
`ingress.hosts` | Ingress hostnames | `[cost-analyzer.local]`
`ingress.tls` | Ingress TLS configuration (YAML) | `[]`
`networkCosts.enabled` | If true, collect network allocation metrics [More info](https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/cost-allocation/network-allocation) | `false`
`networkCosts.podMonitor.enabled` | If true, a [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor) for the network-cost daemonset is created | `false`
`networkCosts.podMonitor.enabled` | If true, a PodMonitor for the network-cost daemonset is created | `false`
`serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false`
`serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}`
`prometheusRule.enabled` | Set this to `true` to create PrometheusRule for Prometheus operator | `false`
Expand Down
2 changes: 1 addition & 1 deletion cost-analyzer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ The following table lists commonly used configuration parameters for the Kubecos
| `ingress.hosts` | Ingress hostnames | `[cost-analyzer.local]` |
| `ingress.tls` | Ingress TLS configuration (YAML) | `[]` |
| `networkCosts.enabled` | If true, collect network allocation metrics [More info](http://docs.kubecost.com/network-allocation) | `false` |
| `networkCosts.podMonitor.enabled` | If true, a [PodMonitor](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor) for the network-cost daemonset is created | `false` |
| `networkCosts.podMonitor.enabled` | If true, a PodMonitor for the network-cost daemonset is created | `false` |
| `serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
| `serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `serviceMonitor.relabelings` | Sets Prometheus metric_relabel_configs on the scrape job | `[]` |
Expand Down
62 changes: 61 additions & 1 deletion cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,18 @@ data:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# This location is used to remain compatible with older configurations of Kubecost SSO. All SSO logic should now be handled by the Aggregator container.
location /model/oidc/ {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://aggregator/oidc/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{- end }}
{{- if .Values.saml.enabled }}
location /saml/ {
Expand All @@ -290,6 +302,18 @@ data:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# This location is used to remain compatible with older configurations of Kubecost SSO. All SSO logic should now be handled by the Aggregator container.
location /model/saml/ {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://aggregator/saml/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{- end }}
{{- if or .Values.saml.enabled .Values.oidc.enabled}}
location /login {
Expand All @@ -304,7 +328,6 @@ data:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Original-URI $request_uri;
}

location /logout {
proxy_connect_timeout 180;
proxy_send_timeout 180;
Expand All @@ -316,6 +339,31 @@ data:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# This location is used to remain compatible with older configurations of Kubecost SSO. All SSO logic should now be handled by the Aggregator container.
location /model/login {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://aggregator/login;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Original-URI $request_uri;
}
# This location is used to remain compatible with older configurations of Kubecost SSO. All SSO logic should now be handled by the Aggregator container.
location /model/logout {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://aggregator/logout;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{- end }}
{{- end }}
{{- if .Values.global.grafana.proxy }}
Expand All @@ -336,15 +384,27 @@ data:
location /auth {
proxy_pass http://aggregator/isAuthenticated;
}
# This location is used to remain compatible with older configurations of Kubecost SSO. All SSO logic should now be handled by the Aggregator container.
location /model/auth {
proxy_pass http://aggregator/isAuthenticated;
}
{{- end }}
{{- if .Values.saml.enabled }}
location /auth {
proxy_pass http://aggregator/isAuthenticated;
}
# This location is used to remain compatible with older configurations of Kubecost SSO. All SSO logic should now be handled by the Aggregator container.
location /model/auth {
proxy_pass http://aggregator/isAuthenticated;
}
{{- if .Values.saml.rbac.enabled }}
location /authrbac {
proxy_pass http://aggregator/isAdminAuthenticated;
}
# This location is used to remain compatible with older configurations of Kubecost SSO. All SSO logic should now be handled by the Aggregator container.
location /model/authrbac {
proxy_pass http://aggregator/isAdminAuthenticated;
}
{{- end }}
{{- end }}

Expand Down
79 changes: 40 additions & 39 deletions cost-analyzer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -423,43 +423,44 @@ oidc:
# claimValues:
# - "editor"

# teams:
# teamsConfigMapName: kubecost-rbac-teams-config # Name of the ConfigMap containing the teams configuration, if manually created, which overrides any other configured teams
# teamsConfig: # Values-defined teams configuration, if teamsConfigMapName is not set, which will override UI-configured teams
# - id: ''
# name: helm-team
# roles:
# - id: ''
# name: helm-role
# description: helm configrured role
# pages:
# showOverview: true
# showAllocation: true
# showAsset: true
# showCloudCost: true
# showClusters: true
# showExternalCosts: true
# showNetwork: true
# showCollections: true
# showReports: true
# showInsights: true
# showActions: true
# showAlerts: true
# showBudgets: true
# showAnomalies: true
# showEfficiency: true
# showSettings: true
# permissions: admin
# routes: []
# allocationFilters:
# - key: cluster
# operator: ":"
# value: cluster-one
# assetFilters: []
# cloudCostFilters: []
# claims:
# NameID: [email protected]

## Kubecost Teams (enterprise key required)
## Ref: https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/teams
teams:
teamsConfigMapName: "" # Name of the ConfigMap containing the teams configuration, if manually created, which overrides any other configured teams
teamsConfig: [] # List of teams configurations, if teamsConfigMapName is not set, which will override UI-configured teams
# - id: ''
# name: helm-team
# roles:
# - id: ''
# name: helm-role
# description: helm configrured role
# pages:
# showOverview: true
# showAllocation: true
# showAsset: true
# showCloudCost: true
# showClusters: true
# showExternalCosts: true
# showNetwork: true
# showCollections: true
# showReports: true
# showInsights: true
# showActions: true
# showAlerts: true
# showBudgets: true
# showAnomalies: true
# showEfficiency: true
# showSettings: true
# permissions: admin
# routes: []
# allocationFilters:
# - key: cluster
# operator: ":"
# value: cluster-one
# assetFilters: []
# cloudCostFilters: []
# claims:
# NameID: [email protected]

## Adds the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables to all
## containers. Typically used in environments that have firewall rules which
Expand Down Expand Up @@ -1037,7 +1038,7 @@ prometheus:
name: alertmanager
image:
repository: quay.io/prometheus/alertmanager
tag: v0.27.0
tag: v0.28.0
pullPolicy: IfNotPresent
priorityClassName: ""
extraArgs: {}
Expand Down Expand Up @@ -1248,7 +1249,7 @@ prometheus:
# As the scrape endpoints for cAdvisor have changed
# if you are using older version you need to change the replacement to
# replacement: /api/v1/nodes/$1:4194/proxy/metrics
# more info here https://github.com/coreos/prometheus-operator/issues/633
# more info here https://github.com/prometheus-operator/prometheus-operator/issues/633
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
Expand Down

0 comments on commit e8dd0ff

Please sign in to comment.