From 9a02aeb5463018375bd8128eb23fd03a40c6be72 Mon Sep 17 00:00:00 2001 From: Rudi MK Date: Wed, 20 Nov 2024 04:47:53 +0000 Subject: [PATCH 1/4] Bumped up the Datadog chart to 3.80.0. --- addons/datadog/CHANGELOG.md | 340 +- addons/datadog/Chart.yaml | 5 +- addons/datadog/README.md | 942 +- addons/datadog/README.md.gotmpl | 504 + addons/datadog/charts/datadog-crds-1.7.2.tgz | Bin 0 -> 65280 bytes .../datadog/charts/datadog-crds/.helmignore | 26 - .../datadog/charts/datadog-crds/CHANGELOG.md | 138 - addons/datadog/charts/datadog-crds/Chart.yaml | 18 - addons/datadog/charts/datadog-crds/README.md | 43 - .../charts/datadog-crds/README.md.gotmpl | 30 - .../datadog-crds/ci/kubeval-values.yaml | 4 - .../charts/datadog-crds/templates/NOTES.txt | 10 - .../datadog-crds/templates/_helpers.tpl | 31 - .../datadoghq.com_datadogagents_v1.yaml | 8398 ----------------- .../datadoghq.com_datadogagents_v1beta1.yaml | 8385 ---------------- .../datadoghq.com_datadogmetrics_v1.yaml | 126 - .../datadoghq.com_datadogmetrics_v1beta1.yaml | 127 - .../datadoghq.com_datadogmonitors_v1.yaml | 285 - ...datadoghq.com_datadogmonitors_v1beta1.yaml | 286 - .../datadoghq.com_datadogslos_v1.yaml | 205 - .../charts/datadog-crds/update-crds.sh | 62 - .../datadog/charts/datadog-crds/values.yaml | 28 - .../charts/kube-state-metrics-2.13.2.tgz | Bin 0 -> 7313 bytes .../charts/kube-state-metrics/.helmignore | 21 - .../charts/kube-state-metrics/Chart.yaml | 26 - .../charts/kube-state-metrics/README.md | 85 - .../kube-state-metrics/templates/NOTES.txt | 23 - .../kube-state-metrics/templates/_helpers.tpl | 156 - .../templates/ciliumnetworkpolicy.yaml | 33 - .../templates/clusterrolebinding.yaml | 20 - .../templates/crs-configmap.yaml | 16 - .../templates/deployment.yaml | 314 - .../templates/extra-manifests.yaml | 4 - .../templates/kubeconfig-secret.yaml | 12 - .../templates/networkpolicy.yaml | 43 - .../kube-state-metrics/templates/pdb.yaml | 18 - .../templates/podsecuritypolicy.yaml | 39 - .../templates/psp-clusterrole.yaml | 19 - .../templates/psp-clusterrolebinding.yaml | 16 - .../templates/rbac-configmap.yaml | 22 - .../kube-state-metrics/templates/role.yaml | 212 - .../templates/rolebinding.yaml | 24 - .../kube-state-metrics/templates/service.yaml | 49 - .../templates/serviceaccount.yaml | 17 - .../templates/servicemonitor.yaml | 120 - .../templates/stsdiscovery-role.yaml | 26 - .../templates/stsdiscovery-rolebinding.yaml | 17 - .../templates/verticalpodautoscaler.yaml | 44 - .../charts/kube-state-metrics/values.yaml | 480 - ...agent-otel-collector-no-config-values.yaml | 16 + .../ci/agent-otel-collector-ports-values.yaml | 41 + .../ci/agent-otel-collector-values.yaml | 34 + addons/datadog/ci/autoscaling.yaml | 14 + addons/datadog/ci/cluster-agent-values.yaml | 1 + addons/datadog/ci/gke-gdc-values.yaml | 20 + ...al-values.yaml => kubeconform-values.yaml} | 7 +- ...s.yaml => no-hardened-seccomp-values.yaml} | 0 addons/datadog/form.yaml | 67 - addons/datadog/requirements.lock | 6 +- addons/datadog/requirements.yaml | 4 +- addons/datadog/templates/NOTES.txt | 89 +- .../templates/_ac-agent-sidecar-env.yaml | 47 + .../templates/_components-common-env.yaml | 22 +- .../datadog/templates/_container-agent.yaml | 54 +- .../_container-cri-volumemounts.yaml | 2 +- .../_container-host-release-volumemounts.yaml | 2 + .../templates/_container-otel-agent.yaml | 81 + .../templates/_container-process-agent.yaml | 13 +- .../templates/_container-security-agent.yaml | 10 +- .../templates/_container-trace-agent.yaml | 4 +- .../templates/_containers-common-env.yaml | 12 +- .../templates/_containers-init-linux.yaml | 12 +- .../templates/_daemonset-volumes-linux.yaml | 38 +- .../templates/_daemonset-volumes-windows.yaml | 2 +- addons/datadog/templates/_helpers.tpl | 202 +- .../_kubernetes_apiserver_config.yaml | 7 +- .../templates/_language_detection_env.yaml | 8 + .../datadog/templates/_otel_agent_config.yaml | 51 + .../templates/_processes-common-env.yaml | 17 + .../datadog/templates/_system-probe-init.yaml | 3 + .../agent-cilium-network-policy.yaml | 4 + .../agent-clusterchecks-deployment.yaml | 46 +- addons/datadog/templates/agent-services.yaml | 8 + .../cluster-agent-cilium-network-policy.yaml | 16 + .../templates/cluster-agent-deployment.yaml | 54 +- .../datadog/templates/cluster-agent-rbac.yaml | 152 +- addons/datadog/templates/daemonset.yaml | 24 +- .../templates/kpi-telemetry-configmap.yaml | 7 +- addons/datadog/templates/otel-configmap.yaml | 12 + .../templates/system-probe-configmap.yaml | 3 +- 90 files changed, 2754 insertions(+), 20307 deletions(-) create mode 100644 addons/datadog/README.md.gotmpl create mode 100644 addons/datadog/charts/datadog-crds-1.7.2.tgz delete mode 100644 addons/datadog/charts/datadog-crds/.helmignore delete mode 100644 addons/datadog/charts/datadog-crds/CHANGELOG.md delete mode 100644 addons/datadog/charts/datadog-crds/Chart.yaml delete mode 100644 addons/datadog/charts/datadog-crds/README.md delete mode 100644 addons/datadog/charts/datadog-crds/README.md.gotmpl delete mode 100644 addons/datadog/charts/datadog-crds/ci/kubeval-values.yaml delete mode 100644 addons/datadog/charts/datadog-crds/templates/NOTES.txt delete mode 100644 addons/datadog/charts/datadog-crds/templates/_helpers.tpl delete mode 100644 addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml delete mode 100644 addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml delete mode 100644 addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml delete mode 100644 addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml delete mode 100644 addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml delete mode 100644 addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml delete mode 100644 addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml delete mode 100755 addons/datadog/charts/datadog-crds/update-crds.sh delete mode 100644 addons/datadog/charts/datadog-crds/values.yaml create mode 100644 addons/datadog/charts/kube-state-metrics-2.13.2.tgz delete mode 100644 addons/datadog/charts/kube-state-metrics/.helmignore delete mode 100644 addons/datadog/charts/kube-state-metrics/Chart.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/README.md delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/NOTES.txt delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/crs-configmap.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/deployment.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/extra-manifests.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/kubeconfig-secret.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/networkpolicy.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/pdb.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/rbac-configmap.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/role.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/rolebinding.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/service.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml delete mode 100644 addons/datadog/charts/kube-state-metrics/values.yaml create mode 100644 addons/datadog/ci/agent-otel-collector-no-config-values.yaml create mode 100644 addons/datadog/ci/agent-otel-collector-ports-values.yaml create mode 100644 addons/datadog/ci/agent-otel-collector-values.yaml create mode 100644 addons/datadog/ci/autoscaling.yaml create mode 100644 addons/datadog/ci/gke-gdc-values.yaml rename addons/datadog/ci/{kubeval-values.yaml => kubeconform-values.yaml} (93%) rename addons/datadog/ci/{no_hardened_seccomp-values.yaml => no-hardened-seccomp-values.yaml} (100%) delete mode 100644 addons/datadog/form.yaml create mode 100644 addons/datadog/templates/_ac-agent-sidecar-env.yaml create mode 100644 addons/datadog/templates/_container-otel-agent.yaml create mode 100644 addons/datadog/templates/_language_detection_env.yaml create mode 100644 addons/datadog/templates/_otel_agent_config.yaml create mode 100644 addons/datadog/templates/_processes-common-env.yaml create mode 100644 addons/datadog/templates/otel-configmap.yaml diff --git a/addons/datadog/CHANGELOG.md b/addons/datadog/CHANGELOG.md index b3d4fa869..7ed4ebbd8 100644 --- a/addons/datadog/CHANGELOG.md +++ b/addons/datadog/CHANGELOG.md @@ -1,12 +1,346 @@ # Datadog changelog +## 3.80.0 + +* Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. + +## 3.79.1 + +* Document how to use `datadog.envDict` option with the `--set` helm's flag. + +## 3.79.0 + +* Add Logs Collection support for Google GKE on GDC + +## 3.78.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.59.0`. + +## 3.77.3 + +* Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. + +## 3.77.2 + +* Add the ability to include Security Contexts at the container level for Cluster Checks Runners. + +## 3.77.1 + +* Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. + +## 3.77.0 + +* Add experimental support for overlayfs direct scan for SBOMs + +## 3.76.3 + +* Add `podisruptionbudgets` RBAC to the Cluster Agent. + +## 3.76.2 + +* Fix warning message displayed when installing/upgrading the Agent with OTel collector. +* Add preview message in values.yaml file. + +## 3.76.1 + +* Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. + +## 3.76.0 + +* Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. + +## 3.75.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.58.0`. + +## 3.74.6 + +* Fix error message for when System Probe is enabled on GKE Autopilot + +## 3.74.5 + +* Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. + +## 3.74.4 + +* Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. + +## 3.74.3 + +* Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. + +## 3.74.2 + +* Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). + +## 3.74.1 + +* Pass components env variables to the cluster checks runner deployment pod spec. + +## 3.74.0 + +* Simplify OTel Agent OOTB pipelines: + * Remove `traces/otlp` pipeline from the default OTel Agent config + * Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. + +## 3.73.3 + +* Fix a few typos on OTel Agent configs. + +## 3.73.2 + +* Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. + +## 3.73.1 + +* Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. + +## 3.73.0 + +* Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. + +## 3.72.1 + +* Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. + +## 3.72.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.57.2`. + +## 3.71.2 + +* Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger +* Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger + +## 3.71.1 + +* Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 + +## 3.71.0 + +* Add `datadog.profiling` section to configure Continuous Profiler. Disabled by default. + +## 3.70.7 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.2`. + +## 3.70.6 + +* Add private beta note for OTel Collector. + +## 3.70.5 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.1`. + +## 3.70.4 + +* Improve support for `processAgent.runInCoreAgent` feature. + +## 3.70.3 + +* Update `fips.image.tag` to `1.1.4` + +## 3.70.2 + +* Add admission controller port to cilium network policy for the cluster agent + +## 3.70.1 + +* Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value + +## 3.70.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.0`. + +## 3.69.3 + +* Update `datadog-crds` dependency to `1.7.2`. + +## 3.69.2 + +* Allow activation of autoscaling. + +## 3.69.1 + +* Set default `Agent` and `Cluster-Agent` version to `7.55.2`. + +## 3.69.0 + +* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. + +## 3.68.2 + +* Fix datadog.containerLifecycle.enabled conditional statement to accept false value + +## 3.68.1 + +* Add automatic detection for enablement of process agent container. + +## 3.68.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.55.1`. + +## 3.67.5 + +* Add support for `processAgent.runInCoreAgent` as an experimental feature. + +## 3.67.4 + +* Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. + +## 3.67.3 + +* Make sure that disabling CSPM host benchmarks is propagated to the agent. + +## 3.67.2 + +* Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions + +## 3.67.1 + +* Update `fips.image.tag` to `1.1.3` + +## 3.67.0 + +* Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. + +## 3.66.1 + +* Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. + +## 3.66.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.54.0`. + +## 3.65.3 + +* Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. + +## 3.65.2 + +* Do not enable live process collection by default when language detection is enabled for `APM SSI`. + +## 3.65.1 + +* Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. + +## 3.65.0 + +* Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). + +## 3.64.1 + +* Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). + +## 3.64.0 + +* Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default + +## 3.63.0 + +* Set kubelet core check to be enabled by default + +## 3.62.1 + +* Update `fips.image.tag` to `1.1.2` + +## 3.62.0 + +* Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default + +## 3.61.0 + +* Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used + Note: this requires agent/cluster agent version 7.53.0+ + +## 3.60.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.53.0` + +## 3.59.7 + +* Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry +* No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback, + that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`. + +## 3.59.6 + +* Add configuration option datadog.apm.instrumentation.skipKPITelemetry. + +## 3.59.5 + +* Set default `Agent` and `Cluster-Agent` version to `7.52.1`. + +## 3.59.4 + +* Add language detection enable option for `APM` instrumentation. + +## 3.59.3 + +* Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. + +## 3.59.2 + +* Disable language detection reporting by default in Cluster Agent with Agent 7.52+. + +## 3.59.1 + +* Add support for configuring Agent sidecar injection using Admission Controller. + +## 3.59.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.52.0`. + +## 3.58.1 + +* Fix typo in PodSecurityPolicy warning note. + +## 3.58.0 + +* Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: +* `datadog.apm.instrumentation.enabled` - set to `true` to enable automatic instrumentation. +* `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. +* `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. + +## 3.57.3 + +* Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. + +## 3.57.2 + +* Add `networkpolicies` default permission for the cluster agent. + +## 3.57.1 + +* Allow configuring CWS security profile based auto suppression feature and enable it by default. + +## 3.57.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.51.0`. + +## 3.56.0 + +* Allow templating of `datadog.clusterName`. + +## 3.55.0 + +* Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. + +## 3.54.2 + +* Set `DD_APM_ENABLED` value in the core agent container to properly report its value. + +## 3.54.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 3.53.3 * Update `fips.image.tag` to `1.1.1` ## 3.53.2 -* Exclude agent pod from labels injection from the admission controller +* Exclude agent pod from labels injection from the admission controller. ## 3.53.1 @@ -86,7 +420,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.49.2 -* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set +* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set ## 3.49.1 @@ -143,7 +477,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.42.1 -* Bump FIPS proxy OpenSSL version to 3.0.12 +* Bump FIPS proxy OpenSSL version to 3.0.12 ## 3.42.0 diff --git a/addons/datadog/Chart.yaml b/addons/datadog/Chart.yaml index 0e94d6313..f8279e5d2 100644 --- a/addons/datadog/Chart.yaml +++ b/addons/datadog/Chart.yaml @@ -1,15 +1,12 @@ apiVersion: v1 name: datadog -version: 0.27.0 +version: 3.80.0 appVersion: "7" description: Datadog Agent keywords: - monitoring - alerting - metric - - APP - - MONITORING - - POPULAR home: https://www.datadoghq.com icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png sources: diff --git a/addons/datadog/README.md b/addons/datadog/README.md index 5459da033..765f1db4c 100644 --- a/addons/datadog/README.md +++ b/addons/datadog/README.md @@ -1,5 +1,943 @@ # Datadog -Deploy the Datadog agent on your cluster to pipe logs, metrics and APM data for your workloads. For additional help and instructions, please reach out to Porter support. +![Version: 3.80.0](https://img.shields.io/badge/Version-3.80.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) -This template is based off of Datadog's official Helm chart. \ No newline at end of file +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). + +Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). + +See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. + +## How to use Datadog Helm repository + +You need to add this repository to your Helm repositories: + +``` +helm repo add datadog https://helm.datadoghq.com +helm repo update +``` + +## Prerequisites + +Kubernetes 1.10+ or OpenShift 3.10+, note that: + +- the Datadog Agent supports Kubernetes 1.4+ +- The Datadog chart's defaults are tailored to Kubernetes 1.10+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/main/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://helm.datadoghq.com | datadog-crds | 1.7.2 | +| https://prometheus-community.github.io/helm-charts | kube-state-metrics | 2.13.2 | + +## Quick start + +By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. + +**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. + +### Installing the Datadog Chart + +To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: + +```bash +helm install \ + --set datadog.apiKey= datadog/datadog +``` + +By default, this Chart creates a Secret and puts an API key in that Secret. +However, you can use manually created secrets by setting the `datadog.apiKeyExistingSecret` and/or `datadog.appKeyExistingSecret` values (see [Creating a Secret](#create-and-provide-a-secret-that-contains-your-datadog-api-and-app-keys), below). + +**Note:** When creating the secret(s), be sure to name the key fields `api-key` and `app-key`. + +After a few minutes, you should see hosts and metrics being reported in Datadog. + +**Note:** You can set your [Datadog site](https://docs.datadoghq.com/getting_started/site) using the `datadog.site` field. + +```bash +helm install \ + --set datadog.appKey= \ + --set datadog.site= \ + datadog/datadog +``` + +#### Create and provide a secret that contains your Datadog API and APP Keys + +To create a secret that contains your Datadog API key, replace the below with the API key for your organization. This secret is used in the manifest to deploy the Datadog Agent. + +```bash +DATADOG_API_SECRET_NAME=datadog-api-secret +kubectl create secret generic $DATADOG_API_SECRET_NAME --from-literal api-key="" +``` + +**Note**: This creates a secret in the default namespace. If you are in a custom namespace, update the namespace parameter of the command before running it. + +Now, the installation command contains the reference to the secret. + +```bash +helm install \ + --set datadog.apiKeyExistingSecret=$DATADOG_API_SECRET_NAME datadog/datadog +``` + +### Enabling the Datadog Cluster Agent + +The Datadog Cluster Agent is now enabled by default. + +Read about the Datadog Cluster Agent in the [official documentation](https://docs.datadoghq.com/agent/kubernetes/cluster/). + +#### Custom Metrics Server + +If you plan to use the [Custom Metrics Server](https://docs.datadoghq.com/agent/cluster_agent/external_metrics/?tab=helm) feature, provide a secret for the application key (AppKey) using the `datadog.appKeyExistingSecret` chart variable. + +```bash +DATADOG_APP_SECRET_NAME=datadog-app-secret +kubectl create secret generic $DATADOG_APP_SECRET_NAME --from-literal app-key="" +``` + +**Note**: the same secret can store the API and APP keys + +```bash +DATADOG_SECRET_NAME=datadog-secret +kubectl create secret generic $DATADOG_SECRET_NAME --from-literal api-key="" --from-literal app-key="" +``` + +Run the following if you want to deploy the chart with the Custom Metrics Server enabled in the Cluster Agent: + +```bash +helm install datadog-monitoring \ + --set datadog.apiKeyExistingSecret=$DATADOG_API_SECRET_NAME \ + --set datadog.appKeyExistingSecret=$DATADOG_APP_SECRET_NAME \ + --set clusterAgent.enabled=true \ + --set clusterAgent.metricsProvider.enabled=true \ + datadog/datadog +``` + +If you want to learn to use this feature, you can check out this [Datadog Cluster Agent walkthrough](https://github.com/DataDog/datadog-agent/blob/main/docs/cluster-agent/CUSTOM_METRICS_SERVER.md). + +The Leader Election is enabled by default in the chart for the Cluster Agent. Only the Cluster Agent(s) participate in the election, in case you have several replicas configured (using `clusterAgent.replicas`. + +#### Cluster Agent Token + +You can specify the Datadog Cluster Agent token used to secure the communication between the Cluster Agent(s) and the Agents with `clusterAgent.token`. + +### Upgrading + +#### From 2.x to 3.x + +The migration from 2.x to 3.x does not require manual action. +As per the Changelog, we do not be guaranteeing support of Helm 2 moving forward. +If you already have the legacy Kubernetes State Metrics Check enabled, migrating will only show you the deprecation notice. + +#### From 1.x to 2.x + +⚠️ Migrating from 1.x to 2.x requires a manual action. + +The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. +Please follow the [migration guide](https://github.com/DataDog/helm-charts/blob/main/charts/datadog/docs/Migration_1.x_to_2.x.md) to update your `values.yaml` file. + +#### From 1.19.0 onwards + +Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). +E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. +The suggested approach is to delete the release and reinstall it. + +#### From 1.0.0 onwards + +Starting with version 1.0.0, this chart does not support deploying Agent 5.x anymore. If you cannot upgrade to Agent 6.x or later, you can use a previous version of the chart by calling helm install with `--version 0.18.0`. + +See [0.18.1's README](https://github.com/helm/charts/blob/847f737479bb78d89f8fb650db25627558fbe1f0/datadog/datadog/README.md) to see which options were supported at the time. + +### Uninstalling the Chart + +To uninstall/delete the `` deployment: + +```bash +helm uninstall +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +As a best practice, a YAML file that specifies the values for the chart parameters should be used to configure the chart. Any parameters not specified in this file will default to those set in [values.yaml](values.yaml). + +1. Create an empty `datadog-values.yaml` file. +2. Create a Kubernetes `secret` to store your [Datadog API key](https://app.datadoghq.com/organization-settings/api-keys) and [App key](https://app.datadoghq.com/organization-settings/application-keys) + +```bash +kubectl create secret generic datadog-secret --from-literal api-key=$DD_API_KEY --from-literal app-key=$DD_APP_KEY +``` + +3. Set the following parameters in your `datadog-values.yaml` file to reference the secret: + +```yaml +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret +``` + +3. Install or upgrade the Datadog Helm chart with the new `datadog-values.yaml` file: + +```bash +helm install -f datadog-values.yaml datadog/datadog +``` + +OR + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +See the [All configuration options](#all-configuration-options) section to discover all configuration possibilities in the Datadog chart. + +### Configuring Dogstatsd in the agent + +The agent will start a server running Dogstatsd in order to process custom metrics sent from your applications. Check out the [official documentation on Dogstatsd](https://docs.datadoghq.com/developers/dogstatsd/?tab=hostagent) for more details. + +By default the agent will create a unix domain socket to process the datagrams (not supported on Windows, see [below](#windows-config)). + +To disable the socket in favor of the hostPort, use the following configuration: + +```yaml +datadog: + #(...) + dogstatsd: + useSocketVolume: false + useHostPort: true +``` + +### Enabling APM and Tracing + +APM is enabled by default using a socket for communication in the out-of-the-box [values.yaml](values.yaml) file; more details about application configuration are available on the [official documentation](https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm). +Update your `datadog-values.yaml` file with the following configration to enable TCP communication using a `hostPort`: + +```yaml +datadog: + # (...) + apm: + portEnabled: true +``` + +To disable APM, set `socketEnabled` to `false` in your `datadog-values.yaml` file (`portEnabled` is `false` by default): + +```yaml +datadog: + # (...) + apm: + socketEnabled: false +``` + +### Enabling APM Single Step Instrumentation (beta) + +APM tracing libraries and configurations can be automatically injected in your application pods in the whole cluster or specific namespaces using Single Step Instrumentation. + +Update your `datadog-values.yaml` file with the following configration to enable Single Step Instrumentation in the whole cluster: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true +``` + +Single Step Instrumentation can be disabled in specific namespaces using configuration option `disabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + disabledNamespaces: + - namespaceA + - namespaceB +``` + +Single Step Instrumentation can be enabled in specific namespaces using configuration option `enabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + enabledNamespaces: + - namespaceC +``` + +To confiure the version of Tracing library that Single Step Instrumentation will instrument applications with, set the configuration `libVersions`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + libVersions: + java: v1.18.0 + python: v1.20.0 +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Enabling Log Collection + +Update your `datadog-values.yaml` file with the following log collection configuration: + +```yaml +datadog: + # (...) + logs: + enabled: true + containerCollectAll: true +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Enabling Process Collection + +Update your `datadog-values.yaml` file with the process collection configuration: + +```yaml +datadog: + # (...) + processAgent: + enabled: true + processCollection: true +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Enabling NPM Collection + +The system-probe agent only runs in dedicated container environment. Update your `datadog-values.yaml` file with the NPM collection configuration: + +```yaml +datadog: + # (...) + networkMonitoring: + # (...) + enabled: true + +# (...) +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Kubernetes event collection + +Use the [Datadog Cluster Agent](#enabling-the-datadog-cluster-agent) to collect Kubernetes events. Please read [the official documentation](https://docs.datadoghq.com/agent/kubernetes/event_collection/) for more context. + +Alternatively set the `datadog.leaderElection`, `datadog.collectEvents` and `rbac.create` options to `true` in order to enable Kubernetes event collection. + +### conf.d and checks.d + +The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/main/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/checks.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. + +The keys for `datadog.confd` and `datadog.checksd` should mirror the content found in their respective ConfigMaps. Update your `datadog-values.yaml` file with the check configurations: + +```yaml +datadog: + confd: + redisdb.yaml: |- + ad_identifiers: + - redis + - bitnami/redis + init_config: + instances: + - host: "%%host%%" + port: "%%port%%" + jmx.yaml: |- + ad_identifiers: + - openjdk + instance_config: + instances: + - host: "%%host%%" + port: "%%port_0%%" + redisdb.yaml: |- + init_config: + instances: + - host: "outside-k8s.example.com" + port: 6379 +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +For more details, please refer to [the documentation](https://docs.datadoghq.com/agent/kubernetes/integrations/). + +### Kubernetes Labels and Annotations + +To map Kubernetes node labels and pod labels and annotations to Datadog tags, provide a dictionary with kubernetes labels/annotations as keys and Datadog tags key as values in your `datadog-values.yaml` file: + +```yaml +nodeLabelsAsTags: + beta.kubernetes.io/instance-type: aws_instance_type + kubernetes.io/role: kube_role +``` + +```yaml +podAnnotationsAsTags: + iam.amazonaws.com/role: kube_iamrole +``` + +```yaml +podLabelsAsTags: + app: kube_app + release: helm_release +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### CRI integration + +As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath`; default is the Docker container runtime socket. To deactivate this support, you just need to unset the `datadog.criSocketPath` setting. +Standard paths are: + +- Docker socket: `/var/run/docker.sock` +- Containerd socket: `/var/run/containerd/containerd.sock` +- Cri-o socket: `/var/run/crio/crio.sock` + +### Configuration required for Amazon Linux 2 based nodes + +Amazon Linux 2 does not support apparmor profile enforcement. +Amazon Linux 2 is the default operating system for AWS Elastic Kubernetes Service (EKS) based clusters. +Update your `datadog-values.yaml` file to disable apparmor enforcement: + +```yaml +agents: + # (...) + podSecurity: + # (...) + apparmor: + # (...) + enabled: false + +# (...) +``` + +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + +## All configuration options + +The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +helm install \ + --set datadog.apiKey=,datadog.logLevel=DEBUG \ + datadog/datadog +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| agents.additionalLabels | object | `{}` | Adds labels to the Agent daemonset and pods | +| agents.affinity | object | `{}` | Allow the DaemonSet to schedule using affinity rules | +| agents.containers.agent.env | list | `[]` | Additional environment variables for the agent container | +| agents.containers.agent.envDict | object | `{}` | Set environment variables specific to agent container defined in a dict | +| agents.containers.agent.envFrom | list | `[]` | Set environment variables specific to agent container from configMaps and/or secrets | +| agents.containers.agent.healthPort | int | `5555` | Port number to use in the node agent for the healthz endpoint | +| agents.containers.agent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | +| agents.containers.agent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. | +| agents.containers.agent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.agent.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent readiness probe settings | +| agents.containers.agent.resources | object | `{}` | Resource requests and limits for the agent container. | +| agents.containers.agent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the agent container. | +| agents.containers.agent.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default agent startup probe settings | +| agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers | +| agents.containers.initContainers.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the init containers. | +| agents.containers.initContainers.volumeMounts | list | `[]` | Specify additional volumes to mount for the init containers | +| agents.containers.otelAgent.env | list | `[]` | Additional environment variables for the otel-agent container | +| agents.containers.otelAgent.envDict | object | `{}` | Set environment variables specific to otel-agent defined in a dict | +| agents.containers.otelAgent.envFrom | list | `[]` | Set environment variables specific to otel-agent from configMaps and/or secrets | +| agents.containers.otelAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.otelAgent.resources | object | `{}` | Resource requests and limits for the otel-agent container | +| agents.containers.otelAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the otel-agent container. | +| agents.containers.processAgent.env | list | `[]` | Additional environment variables for the process-agent container | +| agents.containers.processAgent.envDict | object | `{}` | Set environment variables specific to process-agent defined in a dict | +| agents.containers.processAgent.envFrom | list | `[]` | Set environment variables specific to process-agent from configMaps and/or secrets | +| agents.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. | +| agents.containers.processAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.processAgent.resources | object | `{}` | Resource requests and limits for the process-agent container | +| agents.containers.processAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the process-agent container. | +| agents.containers.securityAgent.env | list | `[]` | Additional environment variables for the security-agent container | +| agents.containers.securityAgent.envDict | object | `{}` | Set environment variables specific to security-agent defined in a dict | +| agents.containers.securityAgent.envFrom | list | `[]` | Set environment variables specific to security-agent from configMaps and/or secrets | +| agents.containers.securityAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. | +| agents.containers.securityAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.securityAgent.resources | object | `{}` | Resource requests and limits for the security-agent container | +| agents.containers.systemProbe.env | list | `[]` | Additional environment variables for the system-probe container | +| agents.containers.systemProbe.envDict | object | `{}` | Set environment variables specific to system-probe defined in a dict | +| agents.containers.systemProbe.envFrom | list | `[]` | Set environment variables specific to system-probe from configMaps and/or secrets | +| agents.containers.systemProbe.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. | +| agents.containers.systemProbe.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.systemProbe.resources | object | `{}` | Resource requests and limits for the system-probe container | +| agents.containers.systemProbe.securityContext | object | `{"capabilities":{"add":["SYS_ADMIN","SYS_RESOURCE","SYS_PTRACE","NET_ADMIN","NET_BROADCAST","NET_RAW","IPC_LOCK","CHOWN","DAC_READ_SEARCH"]},"privileged":false}` | Allows you to overwrite the default container SecurityContext for the system-probe container. | +| agents.containers.traceAgent.env | list | `[]` | Additional environment variables for the trace-agent container | +| agents.containers.traceAgent.envDict | object | `{}` | Set environment variables specific to trace-agent defined in a dict | +| agents.containers.traceAgent.envFrom | list | `[]` | Set environment variables specific to trace-agent from configMaps and/or secrets | +| agents.containers.traceAgent.livenessProbe | object | Every 15s | Override default agent liveness probe settings | +| agents.containers.traceAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off | +| agents.containers.traceAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.traceAgent.resources | object | `{}` | Resource requests and limits for the trace-agent container | +| agents.containers.traceAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the trace-agent container. | +| agents.customAgentConfig | object | `{}` | Specify custom contents for the datadog agent config (datadog.yaml) | +| agents.daemonsetAnnotations | object | `{}` | Annotations to add to the DaemonSet | +| agents.dnsConfig | object | `{}` | specify dns configuration options for datadog cluster agent containers e.g ndots | +| agents.enabled | bool | `true` | You should keep Datadog DaemonSet enabled! | +| agents.image.digest | string | `""` | Define Agent image digest to use, takes precedence over tag if specified | +| agents.image.doNotCheckTag | string | `nil` | Skip the version and chart compatibility check | +| agents.image.name | string | `"agent"` | Datadog Agent image name to use (relative to `registry`) | +| agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | +| agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | +| agents.image.repository | string | `nil` | Override default registry + image.name for Agent | +| agents.image.tag | string | `"7.59.0"` | Define the Agent version to use | +| agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | +| agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | +| agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | +| agents.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the agents. DEPRECATED. Use datadog.networkPolicy.create instead | +| agents.nodeSelector | object | `{}` | Allow the DaemonSet to schedule on selected nodes | +| agents.podAnnotations | object | `{}` | Annotations to add to the DaemonSet's Pods | +| agents.podLabels | object | `{}` | Sets podLabels if defined | +| agents.podSecurity.allowedUnsafeSysctls | list | `[]` | Allowed unsafe sysclts | +| agents.podSecurity.apparmor.enabled | bool | `true` | If true, enable apparmor enforcement | +| agents.podSecurity.apparmorProfiles | list | `["runtime/default","unconfined"]` | Allowed apparmor profiles | +| agents.podSecurity.capabilities | list | `["SYS_ADMIN","SYS_RESOURCE","SYS_PTRACE","NET_ADMIN","NET_BROADCAST","NET_RAW","IPC_LOCK","CHOWN","AUDIT_CONTROL","AUDIT_READ","DAC_READ_SEARCH"]` | Allowed capabilities | +| agents.podSecurity.defaultApparmor | string | `"runtime/default"` | Default AppArmor profile for all containers but system-probe | +| agents.podSecurity.podSecurityPolicy.create | bool | `false` | If true, create a PodSecurityPolicy resource for Agent pods | +| agents.podSecurity.privileged | bool | `false` | If true, Allow to run privileged containers | +| agents.podSecurity.seLinuxContext | object | Must run as spc_t | Provide seLinuxContext configuration for PSP/SCC | +| agents.podSecurity.seccompProfiles | list | `["runtime/default","localhost/system-probe"]` | Allowed seccomp profiles | +| agents.podSecurity.securityContextConstraints.create | bool | `false` | If true, create a SecurityContextConstraints resource for Agent pods | +| agents.podSecurity.volumes | list | `["configMap","downwardAPI","emptyDir","hostPath","secret"]` | Allowed volumes types | +| agents.priorityClassCreate | bool | `false` | Creates a priorityClass for the Datadog Agent's Daemonset pods. | +| agents.priorityClassName | string | `nil` | Sets PriorityClassName if defined | +| agents.priorityClassValue | int | `1000000000` | Value used to specify the priority of the scheduling of Datadog Agent's Daemonset pods. | +| agents.priorityPreemptionPolicyValue | string | `"PreemptLowerPriority"` | Set to "Never" to change the PriorityClass to non-preempting | +| agents.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if agents.rbac.create is true | +| agents.rbac.create | bool | `true` | If true, create & use RBAC resources | +| agents.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if agents.rbac.create is true | +| agents.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if agents.rbac.create is false | +| agents.revisionHistoryLimit | int | `10` | The number of ControllerRevision to keep in this DaemonSet. | +| agents.shareProcessNamespace | bool | `false` | Set the process namespace sharing on the Datadog Daemonset | +| agents.tolerations | list | `[]` | Allow the DaemonSet to schedule on tainted nodes (requires Kubernetes >= 1.6) | +| agents.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":"10%"},"type":"RollingUpdate"}` | Allow the DaemonSet to perform a rolling update on helm update | +| agents.useConfigMap | string | `nil` | Configures a configmap to provide the agent configuration. Use this in combination with the `agents.customAgentConfig` parameter. | +| agents.useHostNetwork | bool | `false` | Bind ports on the hostNetwork | +| agents.volumeMounts | list | `[]` | Specify additional volumes to mount in all containers of the agent pod | +| agents.volumes | list | `[]` | Specify additional volumes to mount in the dd-agent container | +| clusterAgent.additionalLabels | object | `{}` | Adds labels to the Cluster Agent deployment and pods | +| clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled | bool | `true` | Enable communication between Agent sidecars and the Cluster Agent. | +| clusterAgent.admissionController.agentSidecarInjection.containerRegistry | string | `nil` | Override the default registry for the sidecar Agent. | +| clusterAgent.admissionController.agentSidecarInjection.enabled | bool | `false` | Enables Datadog Agent sidecar injection. | +| clusterAgent.admissionController.agentSidecarInjection.imageName | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.imageTag | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.profiles | list | `[]` | Defines the sidecar configuration override, currently only one profile is supported. | +| clusterAgent.admissionController.agentSidecarInjection.provider | string | `nil` | Used by the admission controller to add infrastructure provider-specific configurations to the Agent sidecar. | +| clusterAgent.admissionController.agentSidecarInjection.selectors | list | `[]` | Defines the pod selector for sidecar injection, currently only one rule is supported. | +| clusterAgent.admissionController.configMode | string | `nil` | The kind of configuration to be injected, it can be "hostip", "service", or "socket". | +| clusterAgent.admissionController.containerRegistry | string | `nil` | Override the default registry for the admission controller. | +| clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | +| clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | +| clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | +| clusterAgent.admissionController.mutation | object | `{"enabled":true}` | Mutation Webhook configuration options | +| clusterAgent.admissionController.mutation.enabled | bool | `true` | Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). | +| clusterAgent.admissionController.port | int | `8000` | Set port of cluster-agent admission controller service | +| clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `false` | Enable polling and applying library injection using Remote Config. # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. | +| clusterAgent.admissionController.validation | object | `{"enabled":true}` | Validation Webhook configuration options | +| clusterAgent.admissionController.validation.enabled | bool | `true` | Enabled enables the Admission Controller validation webhook. Default: true. (Requires Agent 7.59.0+). | +| clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent | +| clusterAgent.advancedConfd | object | `{}` | Provide additional cluster check configurations. Each key is an integration containing several config files. | +| clusterAgent.affinity | object | `{}` | Allow the Cluster Agent Deployment to schedule using affinity rules | +| clusterAgent.command | list | `[]` | Command to run in the Cluster Agent container as entrypoint | +| clusterAgent.confd | object | `{}` | Provide additional cluster check configurations. Each key will become a file in /conf.d. | +| clusterAgent.containerExclude | string | `nil` | Exclude containers from the Cluster Agent Autodiscovery, as a space-separated list. (Requires Agent/Cluster Agent 7.50.0+) | +| clusterAgent.containerInclude | string | `nil` | Include containers in the Cluster Agent Autodiscovery, as a space-separated list. If a container matches an include rule, it’s always included in the Autodiscovery. (Requires Agent/Cluster Agent 7.50.0+) | +| clusterAgent.containers.clusterAgent.securityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true}` | Specify securityContext on the cluster-agent container. | +| clusterAgent.containers.initContainers.securityContext | object | `{}` | | +| clusterAgent.createPodDisruptionBudget | bool | `false` | Create pod disruption budget for Cluster Agent deployments | +| clusterAgent.datadog_cluster_yaml | object | `{}` | Specify custom contents for the datadog cluster agent config (datadog-cluster.yaml) | +| clusterAgent.deploymentAnnotations | object | `{}` | Annotations to add to the cluster-agents's deployment | +| clusterAgent.dnsConfig | object | `{}` | Specify dns configuration options for datadog cluster agent containers e.g ndots | +| clusterAgent.enabled | bool | `true` | Set this to false to disable Datadog Cluster Agent | +| clusterAgent.env | list | `[]` | Set environment variables specific to Cluster Agent | +| clusterAgent.envDict | object | `{}` | Set environment variables specific to Cluster Agent defined in a dict | +| clusterAgent.envFrom | list | `[]` | Set environment variables specific to Cluster Agent from configMaps and/or secrets | +| clusterAgent.healthPort | int | `5556` | Port number to use in the Cluster Agent for the healthz endpoint | +| clusterAgent.image.digest | string | `""` | Cluster Agent image digest to use, takes precedence over tag if specified | +| clusterAgent.image.doNotCheckTag | string | `nil` | Skip the version and chart compatibility check | +| clusterAgent.image.name | string | `"cluster-agent"` | Cluster Agent image name to use (relative to `registry`) | +| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | +| clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | +| clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | +| clusterAgent.image.tag | string | `"7.59.0"` | Cluster Agent image tag to use | +| clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | +| clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | +| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | +| clusterAgent.metricsProvider.enabled | bool | `false` | Set this to true to enable Metrics Provider | +| clusterAgent.metricsProvider.endpoint | string | `nil` | Override the external metrics provider endpoint. If not set, the cluster-agent defaults to `datadog.site` | +| clusterAgent.metricsProvider.registerAPIService | bool | `true` | Set this to false to disable external metrics registration as an APIService | +| clusterAgent.metricsProvider.service.port | int | `8443` | Set port of cluster-agent metrics server service (Kubernetes >= 1.15) | +| clusterAgent.metricsProvider.service.type | string | `"ClusterIP"` | Set type of cluster-agent metrics server service | +| clusterAgent.metricsProvider.useDatadogMetrics | bool | `false` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries | +| clusterAgent.metricsProvider.wpaController | bool | `false` | Enable informer and controller of the watermark pod autoscaler | +| clusterAgent.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster agent. DEPRECATED. Use datadog.networkPolicy.create instead | +| clusterAgent.nodeSelector | object | `{}` | Allow the Cluster Agent Deployment to be scheduled on selected nodes | +| clusterAgent.podAnnotations | object | `{}` | Annotations to add to the cluster-agents's pod(s) | +| clusterAgent.podSecurity.podSecurityPolicy.create | bool | `false` | If true, create a PodSecurityPolicy resource for Cluster Agent pods | +| clusterAgent.podSecurity.securityContextConstraints.create | bool | `false` | If true, create a SCC resource for Cluster Agent pods | +| clusterAgent.priorityClassName | string | `nil` | Name of the priorityClass to apply to the Cluster Agent | +| clusterAgent.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterAgent.rbac.create is true | +| clusterAgent.rbac.create | bool | `true` | If true, create & use RBAC resources | +| clusterAgent.rbac.flareAdditionalPermissions | bool | `true` | If true, add Secrets and Configmaps get/list permissions to retrieve user Datadog Helm values from Cluster Agent namespace | +| clusterAgent.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterAgent.rbac.create is true | +| clusterAgent.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if clusterAgent.rbac.create is false | +| clusterAgent.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent readiness probe settings | +| clusterAgent.replicas | int | `1` | Specify the of cluster agent replicas, if > 1 it allow the cluster agent to work in HA mode. | +| clusterAgent.resources | object | `{}` | Datadog cluster-agent resource requests and limits. | +| clusterAgent.revisionHistoryLimit | int | `10` | The number of old ReplicaSets to keep in this Deployment. | +| clusterAgent.securityContext | object | `{}` | Allows you to overwrite the default PodSecurityContext on the cluster-agent pods. | +| clusterAgent.shareProcessNamespace | bool | `false` | Set the process namespace sharing on the Datadog Cluster Agent | +| clusterAgent.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent startup probe settings | +| clusterAgent.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Allow the Cluster Agent deployment to perform a rolling update on helm update | +| clusterAgent.token | string | `""` | Cluster Agent token is a preshared key between node agents and cluster agent (autogenerated if empty, needs to be at least 32 characters a-zA-z) | +| clusterAgent.tokenExistingSecret | string | `""` | Existing secret name to use for Cluster Agent token. Put the Cluster Agent token in a key named `token` inside the Secret | +| clusterAgent.tolerations | list | `[]` | Allow the Cluster Agent Deployment to schedule on tainted nodes ((requires Kubernetes >= 1.6)) | +| clusterAgent.topologySpreadConstraints | list | `[]` | Allow the Cluster Agent Deployment to schedule using pod topology spreading | +| clusterAgent.useHostNetwork | bool | `false` | Bind ports on the hostNetwork | +| clusterAgent.volumeMounts | list | `[]` | Specify additional volumes to mount in the cluster-agent container | +| clusterAgent.volumes | list | `[]` | Specify additional volumes to mount in the cluster-agent container | +| clusterChecksRunner.additionalLabels | object | `{}` | Adds labels to the cluster checks runner deployment and pods | +| clusterChecksRunner.affinity | object | `{}` | Allow the ClusterChecks Deployment to schedule using affinity rules. | +| clusterChecksRunner.containers.agent.securityContext | object | `{}` | Specify securityContext on the agent container | +| clusterChecksRunner.containers.initContainers.securityContext | object | `{}` | Specify securityContext on the init containers | +| clusterChecksRunner.createPodDisruptionBudget | bool | `false` | Create the pod disruption budget to apply to the cluster checks agents | +| clusterChecksRunner.deploymentAnnotations | object | `{}` | Annotations to add to the cluster-checks-runner's Deployment | +| clusterChecksRunner.dnsConfig | object | `{}` | specify dns configuration options for datadog cluster agent containers e.g ndots | +| clusterChecksRunner.enabled | bool | `false` | If true, deploys agent dedicated for running the Cluster Checks instead of running in the Daemonset's agents. | +| clusterChecksRunner.env | list | `[]` | Environment variables specific to Cluster Checks Runner | +| clusterChecksRunner.envDict | object | `{}` | Set environment variables specific to Cluster Checks Runner defined in a dict | +| clusterChecksRunner.envFrom | list | `[]` | Set environment variables specific to Cluster Checks Runner from configMaps and/or secrets | +| clusterChecksRunner.healthPort | int | `5557` | Port number to use in the Cluster Checks Runner for the healthz endpoint | +| clusterChecksRunner.image.digest | string | `""` | Define Agent image digest to use, takes precedence over tag if specified | +| clusterChecksRunner.image.name | string | `"agent"` | Datadog Agent image name to use (relative to `registry`) | +| clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | +| clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | +| clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | +| clusterChecksRunner.image.tag | string | `"7.59.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | +| clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | +| clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | +| clusterChecksRunner.nodeSelector | object | `{}` | Allow the ClusterChecks Deployment to schedule on selected nodes | +| clusterChecksRunner.podAnnotations | object | `{}` | Annotations to add to the cluster-checks-runner's pod(s) | +| clusterChecksRunner.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| clusterChecksRunner.priorityClassName | string | `nil` | Name of the priorityClass to apply to the Cluster checks runners | +| clusterChecksRunner.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterChecksRunner.rbac.create is true | +| clusterChecksRunner.rbac.create | bool | `true` | If true, create & use RBAC resources | +| clusterChecksRunner.rbac.dedicated | bool | `false` | If true, use a dedicated RBAC resource for the cluster checks agent(s) | +| clusterChecksRunner.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true | +| clusterChecksRunner.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if clusterChecksRunner.rbac.create is false | +| clusterChecksRunner.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent readiness probe settings | +| clusterChecksRunner.replicas | int | `2` | Number of Cluster Checks Runner instances | +| clusterChecksRunner.resources | object | `{}` | Datadog clusterchecks-agent resource requests and limits. | +| clusterChecksRunner.revisionHistoryLimit | int | `10` | The number of old ReplicaSets to keep in this Deployment. | +| clusterChecksRunner.securityContext | object | `{}` | Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. | +| clusterChecksRunner.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default agent startup probe settings | +| clusterChecksRunner.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Allow the ClusterChecks deployment to perform a rolling update on helm update | +| clusterChecksRunner.tolerations | list | `[]` | Tolerations for pod assignment | +| clusterChecksRunner.topologySpreadConstraints | list | `[]` | Allow the ClusterChecks Deployment to schedule using pod topology spreading | +| clusterChecksRunner.volumeMounts | list | `[]` | Specify additional volumes to mount in the cluster checks container | +| clusterChecksRunner.volumes | list | `[]` | Specify additional volumes to mount in the cluster checks container | +| commonLabels | object | `{}` | Labels to apply to all resources | +| datadog-crds.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | +| datadog-crds.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | +| datadog.apiKey | string | `nil` | Your Datadog API key | +| datadog.apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. | +| datadog.apm.enabled | bool | `false` | Enable this to enable APM and tracing, on port 8126 DEPRECATED. Use datadog.apm.portEnabled instead | +| datadog.apm.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the trace-agent socket | +| datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | +| datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | +| datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | +| datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | +| datadog.apm.port | int | `8126` | Override the trace Agent port | +| datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | +| datadog.apm.socketEnabled | bool | `true` | Enable APM over Socket (Unix Socket or windows named pipe) | +| datadog.apm.socketPath | string | `"/var/run/datadog/apm.socket"` | Path to the trace-agent socket | +| datadog.apm.useSocketVolume | bool | `false` | Enable APM over Unix Domain Socket DEPRECATED. Use datadog.apm.socketEnabled instead | +| datadog.appKey | string | `nil` | Datadog APP key required to use metricsProvider | +| datadog.appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one. The value should be set with the `app-key` key inside the secret. | +| datadog.asm.iast.enabled | bool | `false` | Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.sca.enabled | bool | `false` | Enable Application Security Management Software Composition Analysis by injecting `DD_APPSEC_SCA_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.threats.enabled | bool | `false` | Enable Application Security Management Threats App & API Protection by injecting `DD_APPSEC_ENABLED=true` environment variable to all pods in the cluster | +| datadog.checksCardinality | string | `nil` | Sets the tag cardinality for the checks run by the Agent. | +| datadog.checksd | object | `{}` | Provide additional custom checks as python code | +| datadog.clusterChecks.enabled | bool | `true` | Enable the Cluster Checks feature on both the cluster-agents and the daemonset | +| datadog.clusterChecks.shareProcessNamespace | bool | `false` | Set the process namespace sharing on the cluster checks agent | +| datadog.clusterName | string | `nil` | Set a unique cluster name to allow scoping hosts and Cluster Checks easily | +| datadog.clusterTagger.collectKubernetesTags | bool | `false` | Enables Kubernetes resources tags collection. | +| datadog.collectEvents | bool | `true` | Enables this to start event collection from the kubernetes API | +| datadog.confd | object | `{}` | Provide additional check configurations (static and Autodiscovery) | +| datadog.containerExclude | string | `nil` | Exclude containers from Agent Autodiscovery, as a space-separated list | +| datadog.containerExcludeLogs | string | `nil` | Exclude logs from Agent Autodiscovery, as a space-separated list | +| datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from Agent Autodiscovery, as a space-separated list | +| datadog.containerImageCollection.enabled | bool | `true` | Enable collection of container image metadata | +| datadog.containerInclude | string | `nil` | Include containers in Agent Autodiscovery, as a space-separated list. If a container matches an include rule, it’s always included in Autodiscovery | +| datadog.containerIncludeLogs | string | `nil` | Include logs in Agent Autodiscovery, as a space-separated list | +| datadog.containerIncludeMetrics | string | `nil` | Include metrics in Agent Autodiscovery, as a space-separated list | +| datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection | +| datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. | +| datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) | +| datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | +| datadog.dockerSocketPath | string | `nil` | Path to the docker socket | +| datadog.dogstatsd.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the DogStatsD socket | +| datadog.dogstatsd.nonLocalTraffic | bool | `true` | Enable this to make each node accept non-local statsd traffic (from outside of the pod) | +| datadog.dogstatsd.originDetection | bool | `false` | Enable origin detection for container tagging | +| datadog.dogstatsd.port | int | `8125` | Override the Agent DogStatsD port | +| datadog.dogstatsd.socketPath | string | `"/var/run/datadog/dsd.socket"` | Path to the DogStatsD socket | +| datadog.dogstatsd.tagCardinality | string | `"low"` | Sets the tag cardinality relative to the origin detection | +| datadog.dogstatsd.tags | list | `[]` | List of static tags to attach to every custom metric, event and service check collected by Dogstatsd. | +| datadog.dogstatsd.useHostPID | bool | `false` | Run the agent in the host's PID namespace # DEPRECATED: use datadog.useHostPID instead. | +| datadog.dogstatsd.useHostPort | bool | `false` | Sets the hostPort to the same value of the container port | +| datadog.dogstatsd.useSocketVolume | bool | `true` | Enable dogstatsd over Unix Domain Socket with an HostVolume | +| datadog.env | list | `[]` | Set environment variables for all Agents | +| datadog.envDict | object | `{}` | Set environment variables for all Agents defined in a dict | +| datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets | +| datadog.excludePauseContainer | bool | `true` | Exclude pause containers from Agent Autodiscovery. | +| datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 | +| datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true | +| datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true | +| datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true | +| datadog.hostVolumeMountPropagation | string | `"None"` | Allow to specify the `mountPropagation` value on all volumeMounts using HostPath | +| datadog.ignoreAutoConfig | list | `[]` | List of integration to ignore auto_conf.yaml. | +| datadog.kubeStateMetricsCore.annotationsAsTags | object | `{}` | Extra annotations to collect from resources and to turn into datadog tag. | +| datadog.kubeStateMetricsCore.collectApiServicesMetrics | bool | `false` | Enable watching apiservices objects and collecting their corresponding metrics kubernetes_state.apiservice.* (Requires Cluster Agent 7.45.0+) | +| datadog.kubeStateMetricsCore.collectConfigMaps | bool | `true` | Enable watching configmap objects and collecting their corresponding metrics kubernetes_state.configmap.* | +| datadog.kubeStateMetricsCore.collectCrdMetrics | bool | `false` | Enable watching CRD objects and collecting their corresponding metrics kubernetes_state.crd.* | +| datadog.kubeStateMetricsCore.collectSecretMetrics | bool | `true` | Enable watching secret objects and collecting their corresponding metrics kubernetes_state.secret.* | +| datadog.kubeStateMetricsCore.collectVpaMetrics | bool | `false` | Enable watching VPA objects and collecting their corresponding metrics kubernetes_state.vpa.* | +| datadog.kubeStateMetricsCore.enabled | bool | `true` | Enable the kubernetes_state_core check in the Cluster Agent (Requires Cluster Agent 1.12.0+) | +| datadog.kubeStateMetricsCore.ignoreLegacyKSMCheck | bool | `true` | Disable the auto-configuration of legacy kubernetes_state check (taken into account only when datadog.kubeStateMetricsCore.enabled is true) | +| datadog.kubeStateMetricsCore.labelsAsTags | object | `{}` | Extra labels to collect from resources and to turn into datadog tag. | +| datadog.kubeStateMetricsCore.rbac.create | bool | `true` | If true, create & use RBAC resources | +| datadog.kubeStateMetricsCore.useClusterCheckRunners | bool | `false` | For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. | +| datadog.kubeStateMetricsEnabled | bool | `false` | If true, deploys the kube-state-metrics deployment | +| datadog.kubeStateMetricsNetworkPolicy.create | bool | `false` | If true, create a NetworkPolicy for kube state metrics | +| datadog.kubelet.agentCAPath | string | /var/run/host-kubelet-ca.crt if hostCAPath else /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | Path (inside Agent containers) where the Kubelet CA certificate is stored | +| datadog.kubelet.coreCheckEnabled | bool | true | Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) | +| datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | +| datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | +| datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | +| datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | +| datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | +| datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | +| datadog.kubernetesEvents.sourceDetectionEnabled | bool | `false` | Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). | +| datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | +| datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | +| datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | +| datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | +| datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. | +| datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | +| datadog.logLevel | string | `"INFO"` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, off | +| datadog.logs.autoMultiLineDetection | bool | `false` | Allows the Agent to detect common multi-line patterns automatically. | +| datadog.logs.containerCollectAll | bool | `false` | Enable this to allow log collection for all containers | +| datadog.logs.containerCollectUsingFiles | bool | `true` | Collect logs from files in /var/log/pods instead of using container runtime API | +| datadog.logs.enabled | bool | `false` | Enables this to activate Datadog Agent log collection | +| datadog.namespaceAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Namespace Annotations to Datadog Tags | +| datadog.namespaceLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Namespace Labels to Datadog Tags | +| datadog.networkMonitoring.enabled | bool | `false` | Enable network performance monitoring | +| datadog.networkPolicy.cilium.dnsSelector | object | kube-dns in namespace kube-system | Cilium selector of the DNS server entity | +| datadog.networkPolicy.create | bool | `false` | If true, create NetworkPolicy for all the components | +| datadog.networkPolicy.flavor | string | `"kubernetes"` | Flavor of the network policy to use. Can be: * kubernetes for networking.k8s.io/v1/NetworkPolicy * cilium for cilium.io/v2/CiliumNetworkPolicy | +| datadog.nodeLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Node Labels to Datadog Tags | +| datadog.orchestratorExplorer.container_scrubbing | object | `{"enabled":true}` | Enable the scrubbing of containers in the kubernetes resource YAML for sensitive information | +| datadog.orchestratorExplorer.customResources | list | `[]` | Defines custom resources for the orchestrator explorer to collect | +| datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | +| datadog.originDetectionUnified.enabled | bool | `false` | Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). | +| datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | +| datadog.otelCollector.config | string | `nil` | OTel collector configuration | +| datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | +| datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | +| datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | +| datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | +| datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | +| datadog.otlp.receiver.protocols.grpc.useHostPort | bool | `true` | Enable the Host Port for the OTLP/gRPC endpoint | +| datadog.otlp.receiver.protocols.http.enabled | bool | `false` | Enable the OTLP/HTTP endpoint | +| datadog.otlp.receiver.protocols.http.endpoint | string | `"0.0.0.0:4318"` | OTLP/HTTP endpoint | +| datadog.otlp.receiver.protocols.http.useHostPort | bool | `true` | Enable the Host Port for the OTLP/HTTP endpoint | +| datadog.podAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Annotations to Datadog Tags | +| datadog.podLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Labels to Datadog Tags | +| datadog.processAgent.containerCollection | bool | `true` | Set this to true to enable container collection # ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm | +| datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | +| datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | +| datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | +| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.57.0+ and Linux. | +| datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | +| datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | +| datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | +| datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. | +| datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. | +| datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | +| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | +| datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | +| datadog.sbom.containerImage.overlayFSDirectScan | bool | `false` | Use experimental overlayFS direct scan | +| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `true` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers | +| datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | +| datadog.secretAnnotations | object | `{}` | | +| datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | +| datadog.secretBackend.command | string | `nil` | Configure the secret backend command, path to the secret backend binary. | +| datadog.secretBackend.enableGlobalPermissions | bool | `true` | Whether to create a global permission allowing Datadog agents to read all secrets when `datadog.secretBackend.command` is set to `"/readsecret_multiple_providers.sh"`. | +| datadog.secretBackend.roles | list | `[]` | Creates roles for Datadog to read the specified secrets - replacing `datadog.secretBackend.enableGlobalPermissions`. | +| datadog.secretBackend.timeout | string | `nil` | Configure the secret backend command timeout in seconds. | +| datadog.securityAgent.compliance.checkInterval | string | `"20m"` | Compliance check run interval | +| datadog.securityAgent.compliance.configMap | string | `nil` | Contains CSPM compliance benchmarks that will be used | +| datadog.securityAgent.compliance.enabled | bool | `false` | Set to true to enable Cloud Security Posture Management (CSPM) | +| datadog.securityAgent.compliance.host_benchmarks.enabled | bool | `true` | Set to false to disable host benchmarks. If enabled, this feature requires 160 MB extra memory for the `security-agent` container. (Requires Agent 7.47.0+) | +| datadog.securityAgent.compliance.xccdf.enabled | bool | `false` | | +| datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout | int | `20` | Set to the desired duration of a single container tracing (in minutes) | +| datadog.securityAgent.runtime.activityDump.cgroupWaitListSize | int | `0` | Set to the size of the wait list for already traced containers | +| datadog.securityAgent.runtime.activityDump.enabled | bool | `true` | Set to true to enable the collection of CWS activity dumps | +| datadog.securityAgent.runtime.activityDump.pathMerge.enabled | bool | `false` | Set to true to enable the merging of similar paths | +| datadog.securityAgent.runtime.activityDump.tracedCgroupsCount | int | `3` | Set to the number of containers that should be traced concurrently | +| datadog.securityAgent.runtime.enabled | bool | `false` | Set to true to enable Cloud Workload Security (CWS) | +| datadog.securityAgent.runtime.fimEnabled | bool | `false` | Set to true to enable Cloud Workload Security (CWS) File Integrity Monitoring | +| datadog.securityAgent.runtime.network.enabled | bool | `true` | Set to true to enable the collection of CWS network events | +| datadog.securityAgent.runtime.policies.configMap | string | `nil` | Contains CWS policies that will be used | +| datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled | bool | `true` | Set to true to enable CWS runtime drift events | +| datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled | bool | `true` | Set to true to enable CWS runtime auto suppression | +| datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | +| datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | +| datadog.securityAgent.runtime.useSecruntimeTrack | bool | `true` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer | +| datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | +| datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | +| datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) | +| datadog.systemProbe.apparmor | string | `"unconfined"` | Specify a apparmor profile for system-probe | +| datadog.systemProbe.bpfDebug | bool | `false` | Enable logging for kernel debug | +| datadog.systemProbe.btfPath | string | `""` | Specify the path to a BTF file for your kernel | +| datadog.systemProbe.collectDNSStats | bool | `true` | Enable DNS stat collection | +| datadog.systemProbe.conntrackInitTimeout | string | `"10s"` | the time to wait for conntrack to initialize before failing | +| datadog.systemProbe.conntrackMaxStateSize | int | `131072` | the maximum size of the userspace conntrack cache | +| datadog.systemProbe.debugPort | int | `0` | Specify the port to expose pprof and expvar for system-probe agent | +| datadog.systemProbe.enableConntrack | bool | `true` | Enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data | +| datadog.systemProbe.enableDefaultKernelHeadersPaths | bool | `true` | Enable mount of default paths where kernel headers are stored | +| datadog.systemProbe.enableDefaultOsReleasePaths | bool | `true` | enable default os-release files mount | +| datadog.systemProbe.enableOOMKill | bool | `false` | Enable the OOM kill eBPF-based check | +| datadog.systemProbe.enableTCPQueueLength | bool | `false` | Enable the TCP queue length eBPF-based check | +| datadog.systemProbe.maxTrackedConnections | int | `131072` | the maximum number of tracked connections | +| datadog.systemProbe.mountPackageManagementDirs | list | `[]` | Enables mounting of specific package management directories when runtime compilation is enabled | +| datadog.systemProbe.runtimeCompilationAssetDir | string | `"/var/tmp/datadog-agent/system-probe"` | Specify a directory for runtime compilation assets to live in | +| datadog.systemProbe.seccomp | string | `"localhost/system-probe"` | Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges | +| datadog.systemProbe.seccompRoot | string | `"/var/lib/kubelet/seccomp"` | Specify the seccomp profile root directory | +| datadog.tags | list | `[]` | List of static tags to attach to every metric, event and service check collected by this Agent. | +| datadog.useHostPID | bool | `true` | Run the agent in the host's PID namespace, required for origin detection / unified service tagging | +| existingClusterAgent.clusterchecksEnabled | bool | `true` | set this to false if you don’t want the agents to run the cluster checks of the joined external cluster agent | +| existingClusterAgent.join | bool | `false` | set this to true if you want the agents deployed by this chart to connect to a Cluster Agent deployed independently | +| existingClusterAgent.serviceName | string | `nil` | Existing service name to use for reaching the external Cluster Agent | +| existingClusterAgent.tokenSecretName | string | `nil` | Existing secret name to use for external Cluster Agent token | +| fips.customFipsConfig | object | `{}` | Configure a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. | +| fips.enabled | bool | `false` | Enable fips sidecar | +| fips.image.digest | string | `""` | Define the FIPS sidecar image digest to use, takes precedence over `fips.image.tag` if specified. | +| fips.image.name | string | `"fips-proxy"` | | +| fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | +| fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | +| fips.image.tag | string | `"1.1.5"` | Define the FIPS sidecar container version to use. | +| fips.local_address | string | `"127.0.0.1"` | Set local IP address | +| fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | +| fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | +| fips.resources | object | `{}` | Resource requests and limits for the FIPS sidecar container. | +| fips.use_https | bool | `false` | Option to enable https | +| fullnameOverride | string | `nil` | Override the full qualified app name | +| kube-state-metrics.image.repository | string | `"registry.k8s.io/kube-state-metrics/kube-state-metrics"` | Default kube-state-metrics image repository. | +| kube-state-metrics.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for KSM. KSM only supports Linux. | +| kube-state-metrics.rbac.create | bool | `true` | If true, create & use RBAC resources | +| kube-state-metrics.resources | object | `{}` | Resource requests and limits for the kube-state-metrics container. | +| kube-state-metrics.serviceAccount.create | bool | `true` | If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true | +| kube-state-metrics.serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. | +| nameOverride | string | `nil` | Override name of app | +| providers.aks.enabled | bool | `false` | Activate all specificities related to AKS configuration. Required as currently we cannot auto-detect AKS. | +| providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | +| providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | +| providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | +| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | +| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | +| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | + +## Configuration options for Windows deployments + +Some options above are not working/not available on Windows, here is the list of **unsupported** options: + +| Parameter | Reason | +|------------------------------------------|--------------------------------------------------| +| `datadog.dogstatsd.useHostPID` | Host PID not supported by Windows Containers | +| `datadog.useHostPID` | Host PID not supported by Windows Containers | +| `datadog.dogstatsd.useSocketVolume` | Unix sockets not supported on Windows | +| `datadog.dogstatsd.socketPath` | Unix sockets not supported on Windows | +| `datadog.processAgent.processCollection` | Unable to access host/other containers processes | +| `datadog.systemProbe.seccomp` | System probe is not available for Windows | +| `datadog.systemProbe.seccompRoot` | System probe is not available for Windows | +| `datadog.systemProbe.debugPort` | System probe is not available for Windows | +| `datadog.systemProbe.enableConntrack` | System probe is not available for Windows | +| `datadog.systemProbe.bpfDebug` | System probe is not available for Windows | +| `datadog.systemProbe.apparmor` | System probe is not available for Windows | +| `agents.useHostNetwork` | Host network not supported by Windows Containers | + +### How to join a Cluster Agent from another helm chart deployment (Linux) + +Because the Cluster Agent can only be deployed on Linux Node, the communication between +the Agents deployed on the Windows nodes with the a Cluster Agent need to be configured. + +The following `datadog-values.yaml` file contains all the parameters needed to configure this communication. + +```yaml +targetSystem: windows + +existingClusterAgent: + join: true + serviceName: "" # from the other datadog helm chart release + tokenSecretName: "" # from the other datadog helm chart release + +# Disabled datadogMetrics deployment since it should have been already deployed with the other chart release. +datadog-crds: + crds: + datadogMetrics: false + +# Disable kube-state-metrics deployment +datadog: + kubeStateMetricsEnabled: false +``` diff --git a/addons/datadog/README.md.gotmpl b/addons/datadog/README.md.gotmpl new file mode 100644 index 000000000..5e99e6f20 --- /dev/null +++ b/addons/datadog/README.md.gotmpl @@ -0,0 +1,504 @@ +# Datadog + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). + +Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). + +See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. + +## How to use Datadog Helm repository + +You need to add this repository to your Helm repositories: + +``` +helm repo add datadog https://helm.datadoghq.com +helm repo update +``` + +## Prerequisites + +Kubernetes 1.10+ or OpenShift 3.10+, note that: + +- the Datadog Agent supports Kubernetes 1.4+ +- The Datadog chart's defaults are tailored to Kubernetes 1.10+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/main/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions + +{{ template "chart.requirementsSection" . }} + +## Quick start + +By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. + +**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. + +### Installing the Datadog Chart + +To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: + +```bash +helm install \ + --set datadog.apiKey= datadog/datadog +``` + +By default, this Chart creates a Secret and puts an API key in that Secret. +However, you can use manually created secrets by setting the `datadog.apiKeyExistingSecret` and/or `datadog.appKeyExistingSecret` values (see [Creating a Secret](#create-and-provide-a-secret-that-contains-your-datadog-api-and-app-keys), below). + +**Note:** When creating the secret(s), be sure to name the key fields `api-key` and `app-key`. + +After a few minutes, you should see hosts and metrics being reported in Datadog. + +**Note:** You can set your [Datadog site](https://docs.datadoghq.com/getting_started/site) using the `datadog.site` field. + +```bash +helm install \ + --set datadog.appKey= \ + --set datadog.site= \ + datadog/datadog +``` + +#### Create and provide a secret that contains your Datadog API and APP Keys + +To create a secret that contains your Datadog API key, replace the below with the API key for your organization. This secret is used in the manifest to deploy the Datadog Agent. + +```bash +DATADOG_API_SECRET_NAME=datadog-api-secret +kubectl create secret generic $DATADOG_API_SECRET_NAME --from-literal api-key="" +``` + +**Note**: This creates a secret in the default namespace. If you are in a custom namespace, update the namespace parameter of the command before running it. + +Now, the installation command contains the reference to the secret. + +```bash +helm install \ + --set datadog.apiKeyExistingSecret=$DATADOG_API_SECRET_NAME datadog/datadog +``` + +### Enabling the Datadog Cluster Agent + +The Datadog Cluster Agent is now enabled by default. + +Read about the Datadog Cluster Agent in the [official documentation](https://docs.datadoghq.com/agent/kubernetes/cluster/). + +#### Custom Metrics Server + +If you plan to use the [Custom Metrics Server](https://docs.datadoghq.com/agent/cluster_agent/external_metrics/?tab=helm) feature, provide a secret for the application key (AppKey) using the `datadog.appKeyExistingSecret` chart variable. + +```bash +DATADOG_APP_SECRET_NAME=datadog-app-secret +kubectl create secret generic $DATADOG_APP_SECRET_NAME --from-literal app-key="" +``` + +**Note**: the same secret can store the API and APP keys + +```bash +DATADOG_SECRET_NAME=datadog-secret +kubectl create secret generic $DATADOG_SECRET_NAME --from-literal api-key="" --from-literal app-key="" +``` + +Run the following if you want to deploy the chart with the Custom Metrics Server enabled in the Cluster Agent: + +```bash +helm install datadog-monitoring \ + --set datadog.apiKeyExistingSecret=$DATADOG_API_SECRET_NAME \ + --set datadog.appKeyExistingSecret=$DATADOG_APP_SECRET_NAME \ + --set clusterAgent.enabled=true \ + --set clusterAgent.metricsProvider.enabled=true \ + datadog/datadog +``` + +If you want to learn to use this feature, you can check out this [Datadog Cluster Agent walkthrough](https://github.com/DataDog/datadog-agent/blob/main/docs/cluster-agent/CUSTOM_METRICS_SERVER.md). + +The Leader Election is enabled by default in the chart for the Cluster Agent. Only the Cluster Agent(s) participate in the election, in case you have several replicas configured (using `clusterAgent.replicas`. + +#### Cluster Agent Token + +You can specify the Datadog Cluster Agent token used to secure the communication between the Cluster Agent(s) and the Agents with `clusterAgent.token`. + +### Upgrading + +#### From 2.x to 3.x + +The migration from 2.x to 3.x does not require manual action. +As per the Changelog, we do not be guaranteeing support of Helm 2 moving forward. +If you already have the legacy Kubernetes State Metrics Check enabled, migrating will only show you the deprecation notice. + +#### From 1.x to 2.x + +⚠️ Migrating from 1.x to 2.x requires a manual action. + +The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. +Please follow the [migration guide](https://github.com/DataDog/helm-charts/blob/main/charts/datadog/docs/Migration_1.x_to_2.x.md) to update your `values.yaml` file. + +#### From 1.19.0 onwards + +Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). +E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. +The suggested approach is to delete the release and reinstall it. + +#### From 1.0.0 onwards + +Starting with version 1.0.0, this chart does not support deploying Agent 5.x anymore. If you cannot upgrade to Agent 6.x or later, you can use a previous version of the chart by calling helm install with `--version 0.18.0`. + +See [0.18.1's README](https://github.com/helm/charts/blob/847f737479bb78d89f8fb650db25627558fbe1f0/datadog/datadog/README.md) to see which options were supported at the time. + +### Uninstalling the Chart + +To uninstall/delete the `` deployment: + +```bash +helm uninstall +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +As a best practice, a YAML file that specifies the values for the chart parameters should be used to configure the chart. Any parameters not specified in this file will default to those set in [values.yaml](values.yaml). + +1. Create an empty `datadog-values.yaml` file. +2. Create a Kubernetes `secret` to store your [Datadog API key](https://app.datadoghq.com/organization-settings/api-keys) and [App key](https://app.datadoghq.com/organization-settings/application-keys) + +```bash +kubectl create secret generic datadog-secret --from-literal api-key=$DD_API_KEY --from-literal app-key=$DD_APP_KEY +``` + +3. Set the following parameters in your `datadog-values.yaml` file to reference the secret: + +```yaml +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret +``` + +3. Install or upgrade the Datadog Helm chart with the new `datadog-values.yaml` file: + +```bash +helm install -f datadog-values.yaml datadog/datadog +``` + +OR + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + + +See the [All configuration options](#all-configuration-options) section to discover all configuration possibilities in the Datadog chart. + +### Configuring Dogstatsd in the agent + +The agent will start a server running Dogstatsd in order to process custom metrics sent from your applications. Check out the [official documentation on Dogstatsd](https://docs.datadoghq.com/developers/dogstatsd/?tab=hostagent) for more details. + +By default the agent will create a unix domain socket to process the datagrams (not supported on Windows, see [below](#windows-config)). + +To disable the socket in favor of the hostPort, use the following configuration: + +```yaml +datadog: + #(...) + dogstatsd: + useSocketVolume: false + useHostPort: true +``` + +### Enabling APM and Tracing + +APM is enabled by default using a socket for communication in the out-of-the-box [values.yaml](values.yaml) file; more details about application configuration are available on the [official documentation](https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm). +Update your `datadog-values.yaml` file with the following configration to enable TCP communication using a `hostPort`: + +```yaml +datadog: + # (...) + apm: + portEnabled: true +``` + +To disable APM, set `socketEnabled` to `false` in your `datadog-values.yaml` file (`portEnabled` is `false` by default): + +```yaml +datadog: + # (...) + apm: + socketEnabled: false +``` + +### Enabling APM Single Step Instrumentation (beta) + +APM tracing libraries and configurations can be automatically injected in your application pods in the whole cluster or specific namespaces using Single Step Instrumentation. + +Update your `datadog-values.yaml` file with the following configration to enable Single Step Instrumentation in the whole cluster: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true +``` + +Single Step Instrumentation can be disabled in specific namespaces using configuration option `disabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + disabledNamespaces: + - namespaceA + - namespaceB +``` + +Single Step Instrumentation can be enabled in specific namespaces using configuration option `enabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + enabledNamespaces: + - namespaceC +``` + +To confiure the version of Tracing library that Single Step Instrumentation will instrument applications with, set the configuration `libVersions`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + libVersions: + java: v1.18.0 + python: v1.20.0 +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Enabling Log Collection + +Update your `datadog-values.yaml` file with the following log collection configuration: + +```yaml +datadog: + # (...) + logs: + enabled: true + containerCollectAll: true +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Enabling Process Collection + +Update your `datadog-values.yaml` file with the process collection configuration: + +```yaml +datadog: + # (...) + processAgent: + enabled: true + processCollection: true +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Enabling NPM Collection + +The system-probe agent only runs in dedicated container environment. Update your `datadog-values.yaml` file with the NPM collection configuration: + +```yaml +datadog: + # (...) + networkMonitoring: + # (...) + enabled: true + +# (...) +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### Kubernetes event collection + +Use the [Datadog Cluster Agent](#enabling-the-datadog-cluster-agent) to collect Kubernetes events. Please read [the official documentation](https://docs.datadoghq.com/agent/kubernetes/event_collection/) for more context. + +Alternatively set the `datadog.leaderElection`, `datadog.collectEvents` and `rbac.create` options to `true` in order to enable Kubernetes event collection. + +### conf.d and checks.d + +The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/main/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/checks.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. + +The keys for `datadog.confd` and `datadog.checksd` should mirror the content found in their respective ConfigMaps. Update your `datadog-values.yaml` file with the check configurations: + +```yaml +datadog: + confd: + redisdb.yaml: |- + ad_identifiers: + - redis + - bitnami/redis + init_config: + instances: + - host: "%%host%%" + port: "%%port%%" + jmx.yaml: |- + ad_identifiers: + - openjdk + instance_config: + instances: + - host: "%%host%%" + port: "%%port_0%%" + redisdb.yaml: |- + init_config: + instances: + - host: "outside-k8s.example.com" + port: 6379 +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +For more details, please refer to [the documentation](https://docs.datadoghq.com/agent/kubernetes/integrations/). + +### Kubernetes Labels and Annotations + +To map Kubernetes node labels and pod labels and annotations to Datadog tags, provide a dictionary with kubernetes labels/annotations as keys and Datadog tags key as values in your `datadog-values.yaml` file: + +```yaml +nodeLabelsAsTags: + beta.kubernetes.io/instance-type: aws_instance_type + kubernetes.io/role: kube_role +``` + +```yaml +podAnnotationsAsTags: + iam.amazonaws.com/role: kube_iamrole +``` + +```yaml +podLabelsAsTags: + app: kube_app + release: helm_release +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + +### CRI integration + +As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath`; default is the Docker container runtime socket. To deactivate this support, you just need to unset the `datadog.criSocketPath` setting. +Standard paths are: + +- Docker socket: `/var/run/docker.sock` +- Containerd socket: `/var/run/containerd/containerd.sock` +- Cri-o socket: `/var/run/crio/crio.sock` + +### Configuration required for Amazon Linux 2 based nodes + +Amazon Linux 2 does not support apparmor profile enforcement. +Amazon Linux 2 is the default operating system for AWS Elastic Kubernetes Service (EKS) based clusters. +Update your `datadog-values.yaml` file to disable apparmor enforcement: + +```yaml +agents: + # (...) + podSecurity: + # (...) + apparmor: + # (...) + enabled: false + +# (...) +``` + +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + +## All configuration options + +The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +helm install \ + --set datadog.apiKey=,datadog.logLevel=DEBUG \ + datadog/datadog +``` + +{{ template "chart.valuesSection" . }} + +## Configuration options for Windows deployments + +Some options above are not working/not available on Windows, here is the list of **unsupported** options: + +| Parameter | Reason | +|------------------------------------------|--------------------------------------------------| +| `datadog.dogstatsd.useHostPID` | Host PID not supported by Windows Containers | +| `datadog.useHostPID` | Host PID not supported by Windows Containers | +| `datadog.dogstatsd.useSocketVolume` | Unix sockets not supported on Windows | +| `datadog.dogstatsd.socketPath` | Unix sockets not supported on Windows | +| `datadog.processAgent.processCollection` | Unable to access host/other containers processes | +| `datadog.systemProbe.seccomp` | System probe is not available for Windows | +| `datadog.systemProbe.seccompRoot` | System probe is not available for Windows | +| `datadog.systemProbe.debugPort` | System probe is not available for Windows | +| `datadog.systemProbe.enableConntrack` | System probe is not available for Windows | +| `datadog.systemProbe.bpfDebug` | System probe is not available for Windows | +| `datadog.systemProbe.apparmor` | System probe is not available for Windows | +| `agents.useHostNetwork` | Host network not supported by Windows Containers | + +### How to join a Cluster Agent from another helm chart deployment (Linux) + +Because the Cluster Agent can only be deployed on Linux Node, the communication between +the Agents deployed on the Windows nodes with the a Cluster Agent need to be configured. + +The following `datadog-values.yaml` file contains all the parameters needed to configure this communication. + +```yaml +targetSystem: windows + +existingClusterAgent: + join: true + serviceName: "" # from the other datadog helm chart release + tokenSecretName: "" # from the other datadog helm chart release + +# Disabled datadogMetrics deployment since it should have been already deployed with the other chart release. +datadog-crds: + crds: + datadogMetrics: false + +# Disable kube-state-metrics deployment +datadog: + kubeStateMetricsEnabled: false +``` diff --git a/addons/datadog/charts/datadog-crds-1.7.2.tgz b/addons/datadog/charts/datadog-crds-1.7.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e1bc76ddae0f0b34d985369834f42c58886020b6 GIT binary patch literal 65280 zcmeFYQ;aXs`>)y9ZCks&+qP}nwszaLd$(=dwr$(Ct?%^jf6mFAi!(WsxtY0`N@}H2 zRmrMUDy!D#d7p(J35g2ypAA3(L}ehZNN*%A!z%60!D7gyN^h*hVxg(T!78V!$||Gw z*V4eo*j-t{mPg#=uQkx+m#6Dy^AdR!pYMl~e%ndqx`k+S0<$|_jh-)0xp9e)5gBK4 zR`tst4sQZvrof0_m_Uil79U$XA_18nh@OGF=EMEp1^-wGs&PI-yd}!=$}*#nlg`b| zl*%W^qK?;mgMvueJE%|ca@GQUYNB=VK^EH-qq|lAez=$zdm;}7N4jqV5EQId|mjUc- z?1R13bQwre4bn5a_*VXu%^uGwA77HBVJn@c%w%tEZ)Y>NvV1-LiF+f?R`zb}X>m)r z!*S_8wn&dusJJd-3=1D+#d$G;l@qQRd5R}H#X;`aLF7tUa7j~d%jf;pJD?rM_ zQX2j?n~vHaE68*(Ajgnis?v~ke~v$`Cog0KSUHOZL26F5X{-=`)Ewd5iBBk!R9=^7 zanM98CGiwU5J?$iTbP!Qo$ky*p&YM0d1WMbXWKE+)SSD936x++BlDutD;^~Uq%*Bh~*DwmtYF!RFS0>Hxga&NnBdiA3X zpt<6~HJKmSY=>1h%jaQ5M@YN-3wZhKXair>v%33oGYN*I0#xMh^k?K0kEQQA%YLx5 zoD{LM;+*|ztW{2BRNK22*J(kf9BLKE>M#;7QBbUKM2PP9KOLE(&SqcIpm6Azg`rC- zbra+(IIOL8IkEIIoNQ{gWiXj?x=WS{Uvd^Mqw&sy0NGT{YhT$`{2ecW217|bZlA|f zS7$!HP5L6Y@p9{Qfa?=zoRMJU{+vTW%Ax(&Uh8Ci7QWhsCQE9Zo>clBgPFyW!q!>A z6Ws;gO@^ijBplVJuWVY5H((%CErslOItX)s1mOF2)cy$=q3ix6x(9gkQ!V6l@%iTG zAk#MHX^1@HeLdt5_m3PNicz839LxZ|UkYYa-|W87P%NI5#310*biTX4QEneNR5`6s zh~@-n6~DrlYt>2)_xq)WBaRa5aX{S21iPc6_ibtvx{RgC{$P51ca4XY?QO*G`x?n% z6sWiNiFZDCAC2gd&uDHu9veDe$8h{5C2plCY|&G%Af14Tv4S3k4cD!0WnyKRxx)yO z#>FV}v<4F#(XK-VGmUbIqF!U}lO#i>vAm@Dhr{wX{+^!7bq5B*cKxx11TouT;kqb= ztxGK;s|_I|q&nY&kj;DQ3g*1}`9Sj`L6rns(~YikEJwM%PH-{Svf1eN(b%n2Fn2mv zKbMA{xrIeq?t7MS0azr{=IwC5J57&#B;lZHihJ`ky{bJ~;@MB41dyABs5(|UIa3BP zH-+@fp8kv17+y5*9~^UbAF7tjE|Ol#nz`DVk?ZDlzYB{kY~R<8K;Sl8pY3#$5Kc3R zS#JD7`{dJTAz4Z3PU}rHc?-|xt+;uWy8rO~POytJHfaxp%#8H~e7roRG?L4rha6b8 zyIYfpi>Wbf%w^8&XetSfl(;;1h_z%ES>0;lBSLB6wCC;j_$o8>TaKZSOc-`6P(44H zN?p3!F#KNXG1bnvacOd!Xllwp)hIJ>{^C9d_n=IA^I;$-B#xi&{~jJHoGe{`{~0En zh+v-My>`<7&WkxZN-u1L%`#Wb#h7BCwN+OOsvaBiYAzk)Yev9W7SoM|vo0pSABLE6 zXSJBeS$@@+s>0RCd^OH3;nGAzHB7;?0j{s>yF|%w)btxZpf*l9i%gejT^{;1tJ3+- zjmI6@S8+Ay?LF>}N9gEQdt$He_7MJ*1@<2Gc+!_`g^NjnHMbeT- zDr&uDgH^w~SyOh@P;A6gO%7d%;B0CeHHwnb+p1d|4AY^c;w>*S3GUDFsTs%$+Z(0N zpp_=5t^dY^kSC9Z@Agc2E~tJQ7aos9=fM-{zO;{&i_m z(2h#0rx}qvcBYdq3_k2vpQAaD#>}6n$jmrL^`%K;UE;`$ZAc$lWb{(l^YRefhI9~h zOwLkyv^%Y;c2SNgzY4T{W(?i@?7dzdm!qNCap%;sIWp;sPtuBGoKguMDn?E}aw8jZ z-H|iocuSRI1#Ew*fYmo?*?uKe#@=6N6BJCDart^~Z$Wdhnu4Prvn^~nU4>~$T=0A} z9Y!2ArA;@tTFSD=xhr5dw|ZNaT|w#dPfCi@;3#7tFE88LrgWn>;1Ay(qp>x;l;zK$ z6mxfPIyiUa<`(b&q8kHv-#_4gvv|CpkjeRY@V?jRecv9QB)s$SdcL2O04xD_p(S!T z+;3+ct~)-hZci}2?=?BXX?h#JUl(I?mrHcLve~>}4*(#!JDWyCA~EgMIA!9F@sy_t zyxIbl>D%Vv02b}ZGu)Yp%vtT^e&s_`TrQS84N_aGh^}DK8t9HPX(y396xGyszF{xL z^^yTmX#A-TT$=0m2Iu%r7#GEDo!R@`un%-R%Ih9mlQ@>klm758IQ!~f$qZ>PO5su* zE!Q}TNbS4YIVd)oo_aKatS`}O{WL5~DVNowZv8T>6(S+)pYI%TrsIn=D^DFfXhA0; zst-Z$-%*uOv!lf$t{6yDeKKk@uaz44-pM`r>14(xYs)O5(29|YktoD`su737dR9vr z@%xx(gckZFunQ^{A^oxj$1(|VVdg;*Yz#TWS4RU+BKTiBDI5^tJngbLFi zv-C{|rY2b=#UtrBs^xMVtAA!>hsu-G<5~%Jy62ia=5wEx%a}=nLGliDofcL3^HHKz z3T@pvNzrwULQ~z7Vp)8D8lTH5P`u7f(s;0X8!g2a8^%w zFyS-wob7w2xwt3+vr*sZhfR?OM`Y#J!v&Oy=K%U+tN zI_kMYuK$NNacu58W%|s~SANO!6l2xwc&D}en%7LLUH6{7TBf3uUNgC#U^oX;N6Mg_0AWUJO!EG-SNu6@#GQ$937L&EA`K zsrtRla$4GdH@$O0yT7FbjCiTjaCNHRvRB$HRUjkwq((JN>|T`C4rRt;Nxi@E?Dh1% z<{~V2WKBX{n_hQg=TucxA4OJ-gjq^Z+0KQ=Xk*b0hs4D|71wWRuZ84fvTgQIEM+=l zQo+!b$6cVN(b4pefMO)bCgb9UMMAR3lF8f|WaD_--dXkd*^Rdi%vCxqkGmnD5;ba8 za+Sf+HQ^}lWchI+lFhMV5en;{XfmF8!Fb{E5Ly>h$x$O;9J= zMzMU1#>6EbAFuVy^~p$1LJqzjIfsI@nsVd2&`_0+kJmJ5L^1W(oBhTUzUBE#HBrz` z-CE8$yqZsYb+Bu+3NW2!Kj`wFoln=`egRIE9-G02Vbo~#aDHHw8G)@{$xarY2fjMj#sVn zwKF~i(1^KrG6InCLBA@jlHYE9`24t|&6^{XF;UJyh=88j5M#*QZGAKNuv7UGlzxJ+ z60vTXoYYcduQb-xgNwvbO{q>S5WMWzEj?f8E9FeHnr3$bAhuM%Z>Yq35I11?E5&!WIQQ?>`S zM}ZO&!=W@$szcNMR_jfYbF+WrEEJj?`z1KmD4kl4rDo(Ko(#2EssGH%?DO}sdj0WD zsKGnZRN0PUZYow=3&ap>sa}|61>s!7BAZbq{L@%bQ6$)ax@vSrqAF{BWCv`lAd+n5 znRUIwGF*ja=s0cJk}9_1eg6$3%Z%5yMT;#*tH_rV_Y0r%{VIiQ%9k7eYh{Pe_ie&V z3h-GpkqS!yyJ2#Ld%8d$r`l~P_xO-LFv{?jEBVafF2gj%ONK8ph3#UCjbgH0)y-Ya zxjF4{B6B|1zQN3N)*$1IvP!xXFJsM>qm*7$;;pFEDVfe?@n?V&+V$+L2U%iAfq@vN z-t?%|S$d^7Uxryh@qz@#d$`z|)9VuQ4mU})HF_~cT z--LGFCgw$tLeKfh!$$B~O0i)r1HV~Q}E?pJKP$m~z!n{hfhA8Z!Dlg39$iLcN7gT%>=9G|Bu z-`Ql%CLP~D^p%^#pDh3Fe%4aLLt7wKgl~-m?#gN{oS4<470~@)=K09wTfJQWBo_PR zl2WCAR8=vLCdxr0y7IRHxoVMyzc1Ex5(psIR?X8i$WVm<1WMEsU(Cp zM1H*@;aj}}oP+GiW!tI4bQbYS^3yWwU$YZbTqBp6b_YHunN?NUGHt)BjapMy&^m2~ zScPURzs&)>@#ei56@7JQsVan)1q_uhRZVkiKQndW=fh46`sSh~TXJTVTP1IEXSp*^ z6`;*HpOEkCK8#uY$>@Sc^XpE$fA;+qpvNFYC;$Wx0Py)d4Xs>!19rR~WF7%K5Rdl& z0N~4_703^}%@DO$K?K;TVZ@n( z4G;#!XXQ9SUiljoO46_h-}7zY_1>ak+wyTQ#^+A5?)jS7@im6qeMp<2 zpMv22h>ySO`+J}3`Vj}=fa$vRQm1<#^ex==EsX1PK&N|e%V#gTYV`^M&%5vC5C;Ah zl#d+$RyOKfG1T8@M~8O@_j?<+dzu= z0uY75{g*VU7w>F#w%(Qe`LQ$8?540WZg0p~&Y2}wl_$o2@_3rmy`Kcnz5kEVk4)yP z=NRaiujPC8A6gvq)J4yBwJKtxPnnsOY`o0BUK7!7W%6207>{y8sE+0KtGNS9Gm$Gg zK&8F2jT$@PmZxLy@_7V}R`2fZ2i7gyt&Nyf-PvEL2Zx=_Pgt zX3A(dRPCe)(jQ?{m2E^TZ(*_=?=%hB7a zE4-ZcHUdtZM#ym6o{kG2jN4zXaaGhBlxFmHR$H7Y$6f7&>IHjA%LFqMos+p8zm(~P z5(I^ZlvrqkI_+xN<&jeN8I$od&fNT^20w1C$KIf51Hy^Md$%6?9@164vwv_Dkz(~y za_3<10?aW=bC7VR+GmTBygk$N3BrJ74hwgDD=OsxRNAIf+CagX-S5qKRo_3VjG3<* z9-8ux>j|P*pAFM~sleQXP!UjtSO#Deo}<*Qwnn5|dB+I#Xp0T(?FhBKGEXQ8EKHx%1^dfUJi%{;c2{m=RM6Cc@dIAyaMp2PyJ7CWGe64*xWF0iTmb6=LP3JZ zX~?{^1<^WOi*Ow|#ULldqjGd!P5Z2`5D6#XvsWo6Qg}-6kEIqNa+67zu=RzQCxK;e zQEu(;F2hZUd}r!KFS~QlpCDF^;HNhfw0CC$3v_2fJt<5hEJO#HpNDa;!u|u%^#Xvrk7rwNRCI%T|pgKi?Q*vfYKU=O?$*vJb>#Qq$h>m+%?7f zv8iU-nJ7tbNb=rb)w0s+`Upwb;8DZ41o42!2AlM+3TV4^!@6}~D{~6gpR^wj`>ob; zsqEX_vNw2OIe(7|)dx?Tu?&tiJyGf+cm+HNc5O8|t@IrrD)|hsh{6diy^?M_cZcg$ z**d&FbxWkC?-)bjBAkOXCt&Y?TO^a4646}+K@3Xu{mXl38sY%*0HWW5&_!6)`3ue> zXO5I^k}7FUTX^nu7TA5$XYMm>o2sv=NAAAlPLaEkx@Apj@_ZH9t2}~^D2jSm6oMn) z`(hyNu1fiAP@bASKH0`U*+84QC8vz^*a!`A-|XjII1ELv74h526;|+&K4aGk#VMmi>hcRU zMQUMd;@A_?Z61Uq@byJGcCiEPc{=$HWqK{l3{FFV_S1V5f9tp-sgz?(3wopH!+Hnd zV|CQYCi}|y%PM>~#j9sPCkez~jZ1fLg%H%@0|noEF*r+AXdhQyj6oMivs$Q;uVEQ^ z)`^Izo@1;)$j?$SpONFu(aOm+E{%xm3*^T-o|=$Ao^itKz$=xp09o?Em)}e7b^xFu z^Y_3}AXBfXJ*^bAzL%!6hb0|gH-FF<7&e!gx}mju6oyD4jDKu7Tq`-1OM*JVp@-2b zYGs#$vgBPE9V`6XV|_0W#yG$Kbb^0Ahbdn>q=8HY3ys+JUD*VBxb*81i#-|p2XUB_ zr}9Dl>3w?RMg&PoAEh=5cXuB69gh(8<->WMfz}q`WD6tQ-m>Oc=qV=lf{IWAKEoAA zj;kLfQ9-M68!fPrP>ioqqJ(T-t1R1?M;i6Xesc*iM5dj|G=LoD1G9qTsEI1AL(XxW zmVv&ntwf1u*Ii`%c8vvUF`n7Q?=j39qlV)zp6ln+G0ffV$+1rWiI+<;93&dM0moc~ z)CfZ`TqtVy@q3;dt3aF8GfIJ$i_qg3akmo`jd_uN`6|f*sPY=&c4K;4)Rg$F6 z8dQ)V|0k><9#!qn_#_bFl zqDJD^9C5AYV6Pf%9$&5vrmAb0cCDiy@qWNPiy?C-~=lQ@(!O<_Q$4a0N)b6x$7b-uOdgGQf2H}++-tdKUHB_-3O+r=kJYjOd0n^ z&favf3ZX_$;R>M>?t&%4S;)Eb+HJE%j&?##-25ejUJc=j0e>Ywb7%ENZuknJNq-EK zf+^r5Q(VVg9=`%`mIZ1GG`0pN3fK;qeS4ne9ZC((f|^jmt*KozB}&puK~rvEk0*Y{ zgrxmP-WAmtKo{ywkrOnz9Yk&WN=!OOmq4gSqN!~g`HfF0?q)zS=BPIM+tQdIQ}QTv zWBejB{FVh2yOMEslr9NFpN+ln_&v zE$AeCC?ROOVYSjPu^A`B&7ydSv6o+L@I)-^K?;as4e}bvej)s&NQhUzE_pw-XcgTn zAa=15v=^9$6iH!A)=c(%B8gT9R)2$FpZhlyYayr6!}VKa4!mlcV(On07HJ*0aq}cj zdZs&93YbbOkQGD7Knx5UB?Cq2hZ%td>k_JJapQ~Xlg^>A<89R7e6oPCLXTI_+^iDB22=1*D71(SXs%tqstphj2z>#bJ72UT&%4(P%y*8 z33&aUBJf6VW2oVn44x&v_h^L)=>WZ|3&ipD0+7CXyTjF=?p;sRGEat7BDm;1CQ`D> z->`qGQ==|-X1R&~mQZKFg=jfBQnVvB&wN2YI9)fh6>Y5 zquLG;voqS4rWo-R|BVFugrb&%&oG9eWu%S?SO@ug2~7G#?vLSC=U2$74)wRTMPGZE z>^EH>BIQ(I0{M_Fc$_-;(UoBFWq#*)Yql;gwP+^-&Tbh)gkBPO=JNamhqHT#&=tn~ zsp3v>ECy>*%YJhC<0FW^ab*1v{B0bK9SQO02x0aSF|}Jb^I%P)a1GL(;;%b$+B$BL zpjiI=OtDTYYi5*3VegrC9Q4jQe4W4nkapxyFo4JJiXBht$6Qb{RYLh-c$imCT=Zw@ zE%_v_WV0|L8(!?qywjgQw1#f#8V7=n;iSg66n_@uzQM+EPhAW5NiL+ypRcy@WQA;B{h!(?=pSph?o1{jC4CY(7`#6cpx$*fuTU6` z@QF2#IEB&y^E8^brgQ8tDlkh>Iv%y`dK^`%iu`j98M8tj{+^brl!>g?~8<2+yM33d_sa2g}@w$*K#6$ebEs>zs|qIgc0K4GQx>Cpve}%RUMHL8QPU0W^Vp2GeB{=eMZEEPsB2MCT&d zywyB<>@~u~?1Q8}$TN64Kd#(Kn?29;q~OikN4Yo6YlI299Xxi0UNgkaojU^UvRThL zjtvU^4nE3dFoS1FpC~1#ff?2kHh}h^ZILw<^#yjtv6ZI^-W&cksHR=N1Jt?eB*2^- z9P<%=xP^@hUtB&r&$54V=ll5!X;^4;+d+Jim!s6e$VPhj+NW|%-f5iJk!-Bs1uHTR zG!`Lx5ZE?z?2yxIRZv8y>YWrS6WSTh4817s2 za!FJ!yBH>L6xYogcz+o1ARL@OhBF?|Ea}0lVQnDO06p6u33xAPZ3M)yL}?3q&Ga*l zmGDjj_I9Y0?hOOlE6+aqKv?p{RZU7!qTkhZ#GjnM)GTU`|CNq%2DkIz)@YQ*j?0%0 zz1vOVE4&4J0nz2EWZckNYPY(w_WA~A&X%@|j)Ch+a8Q#N$s+v_uw|5vFvcTH>F< z70dW_nlK%qM6S^kAiZ}=yrQr@7&uZ*e2?^m6ZYD!=>D$v^pN`SoN{q?9SldK=Vu%H z2J-$sV+cC4BKEx5$op;Gy=`5Zy8`xjYx(eG@emGt#|y80p8o{A*J<~}b?B3SUr4>X zP~y&OAuae%#-oT;gCEFN>&A%;*lcdbY=sSL9K@q-N0j#1`P^HvoH`f4a+zdm0t{@E zZ+4yp_6SKQSS$uJC7%!gFYK6{*sU$BlP}+J=={f zGG>RB&l&~bwH%-gTen;B^PCT1QDWmZDEW_O!8>XdGT+^~pq@-&W@sz10%_n1CWh{& z4W`{TV%_kZN5ZQ-=osULvOsv#4UwGBheZx~vZAOvMX=Ur*J21VBkU+orx+pA$_mPX zi$hup6k#x04MCYP&pWsE0jlFk8@AFJ+ajz3<~xKlKf+Lw;7>VHr%`nXKlg%!Q6299 zdDD0*1^KqyN-4FZhO+1o_A_D6!}5F>K#Hq}V!2F)ABct_fs>-Vd(%EnL^x=|t*QM0 zy+vE*^dvb|0Y^KX+ps|Kg;kAeJ_8t%`{bFe*BU6Y7(E2TiVNYS16gwQ5Y#R|eS;OX z@=sjMdHUfhUd5|p&@799dIO=|hEnUX+Rd53R@HAxfFnG!YXS}-NOj@H4^lc-hUk%^ z!k)HI4aZTrI72_%Ak*%QS;I~~*D*m0KsPC@?OuFi&9E?sa+!ese1S(p9avCRQ(>)` z{@`t=DO31KmubfaBd)wmbgpiPYATAKO0~w-bdQxwY=#9W$TY4B4?iS$1dX3!B*Vy1_TiV#hgeB*TcNB%47kgH+I;@COR=twJ>zUgm7+b?lW)$w$Y6LEL-h{3Zg4MrI<}vbgIC#qk@Ht7? zHn)PN$zqnzsYyf+Lmy=MLmo4|DN*wC5m97|90vNcV62TGX#8_j$Gbme>M9Pn!#O`F z@xB=anjN6@Bjv3gqm%73VknIH!2|*-=STER2L0k@Hd>sG?hru8!OY zQ>+PEV~=7?arjltJIPI@Ne&-Jg31|WKhU#^;62fI>?cnSFxg|_~HFbm#p#t4xH zJuj=z(P38>Gs6nh9dGnEHYl%J|AW51;P2To>{t%mI||HLh#<)-KgojK6vjSco__xl zLCDx=pps%%Rcn3H@+zv1Zf}S*xZv3EKHY4q1-KdRp?haM+~tfwo{x3o;D~yrwH1DWs+SF{ zc~@E%d*f(ry*b-73mFWt3Yzr1zZ?GFUn=E7!o?e$DOt`DVtQE9hu{ zOB%vS4%Lx6uWyO9jr_eJ<)$}OSqR7P8|a&C=gN;e~2?Q7owLVgkVdMJ5$h( zmXJLZv6TyQ9P8H+G>9JlINab0lyT~5wEx#p#!b}Z+jacILDaU>P6nc|M*80pV$Psw z@??6ovcKd!l!?rYaW+nUh^^t2K+aEh!YF&fQrsXT=)sH-`I)6sd@SIJkrXzDJH>?g zq|pDPa_lK0iz-PfeZwt1YOln?ks7MMFZT~6?L^th@I0>aPin~0ov{r3<|fLvH^^tE zjMsLT-OTzc;V9nbAVjqC^B8r+3E2RL9r0J4y$Qwb>aLPY|G^~pxMZ$aUk+Ba^soEF zPfF}vx!DFo{}IA`D&$-$#8Jmn!7y^G2 z(uoAU4|>67$vqk8F|f+fXh-PRY}3e`YNI`tn{uCA6PWN7{7LQDYr~Guz@^8y80(Tx zNj`I1%=uIZOkZQ>xiN105oRpeQ=1UYh-e2 zuA%(|L9a1rxhCt5^2D)bMG#_fC3WVqY=u6Ygw<)-8W7}2rs5Ut7bf6{HJ=e|NkoRr z3j7cg?Mal9wOjV8Y1_d_gJg(U@R*OrHwEEYob!aKYG+0j%B3w5Gb_~DC z+!On0?y{J=9j^mkr_X{$rTYH!X8zq|-bQbENO}E>l2djJtBJF^-HpLsluqiuwE>4H zBJjT=3PNQ(fHLFMv_z04k4V-;6qcef&D>4avA}p&1Y9>Q^t^tc1I^Fm?AqEv{#9mSySPFI=0SKhd6$? zp`(MlBHf>b=fh<~A&kl&b8ejiS3V=gTtSm>;thDwvRA$un2hVKc*!G`L^M?rE+H%` zXlyUTP`qNWj!(k!ecjt~+t>`=$9I_+f=J~2x?mAC6^jX039F$7Vvkiz zKCMIKLD&A-#UIt}gno9x!=hb*=-3p|7%;byIU_<|qo3Pp^acyy&D-XvITGCMRW~lM znI5qQ8NoRti(g`ouZkyL6gl;VbHA4C6U-DbT~;i51L76aP41rs?{Ko~pgfCE(g`W0 z1Xn!-VLXPI;M)=~!y}3bpn&)O`X`3c$6S=f=b{#e(reK>(`q(CoxK$pEB0tZG-S2J z)GyIgIv%gg80?u=O4^tAsMI^*-Nq}tUDWU&2w}?de7`6vU%+&h$Fy@bF=G8yNbfqz z@BHY~Axk0{6CJj}6!#X`q9fS?OP$MF{wL(B2{MhkMzKj1N-`EO1pZ&ay1L=lMaJ)5 zjov41Dwz<@;QyA8TebeDgxts9HluJ-%P~mMoe4+jT$HnYiKG2hRa6Bk&GR1T{D}QE znvb7m$GQbqA#IpIk0#ZWUU6OJ!otI2a;Ge zkQNO@ez`d^6t;C_acy9Fz<|N?zzCIAuO!Ad+x_>)1Cp$J?5s?7Nt4#lG}V^gmJZ4U zye;8MNkSSxP_DL?;Btu_i+dk#aNU)!EP>P?C(ayF=WaJsyYciP$F%EqK@2XvSps*x zpm&;u!@ZgVf9#tAqwLT7_?N;ggWO}ez7bFIF0xfVcZH=;=~hR}9US#vgF3`&4U;M9 zPf>e$5nhuZsFivXLinX`1cNM*3a8P%j5SU`6Dt{nX_DYIo5=CeI|BhXC^TyNi+}w9 z;YGd()jJ34P`9?^Jwy>Ix0lqBGPrE`c*Xus1yn|FyXE4c_=+t&N!syKw25`2;2nBC z#!I>&Bt4I#3A!-+8Gk30`g39d$6}cD+W!T&{yqO^w+ZHTfwew1EpyUujG6l+1R+u@U9E9} zPQS5QfQQ`Zi-58$v>Frc2|b_2o=RA2pYd`*J_b$WJ%WlSmDx}z7T@jMF|JhO2X0dd z=QqQ~m0Ew9BM8H_qM{}js6}x}G)4!*>~c^2;JmcS z2gTdMY4ay|`7kW6#Xc&xlcKy3Z`7u5lt#0uML4-ksCFo?Hv;KTVM!I%wx#J}>bB*) z3zhD6gJ|Wr*=ycB%cO&8=iLZN5UG{G8lJEiI71BJ$Z7FwC^|X5#yvQtcpv^`SQK@C zl2eGWX&R{VYlbSD{RY20NVCsh)oAgnZmYZfVBLCp~aMuxJ9$gc4U{}2k;Wrgg^i_~hAA{Y(Zp`oh zxO~7?Xy}R@Tm!2#dz3xQ1{_{Jk27bcPMhLWS^uh0IdL#Da&f6aQJHVYNEYcfyD3r;=}dkS@h@bHu5hlX8-|eXFQx4ejmp^> zSnnvhNhIzrvDR)t#@7!o^PfiV6vp1ic-*uS-f^;Rr9VBQAZlpgapRa_qwGw}B|G;N z4b!?E_Hk-#1#_Bg1p|!UE!}k0GvU?dJX8LPAZhW7A#bTQI}eFq(90%_Xnixc3(Zd; z;M?9tm9j%^rLvqef4zF0C<*Dm*i? zm%CIk%{cymKuyPJ=~p;Ke8t4XTohucqKYap&%YuEI4Sff<4 zRQ7Z}aOh1qvtYB$xo`3cps3kU|uxoKb?lWwNqOc$sLlp}y{;XJ`=z+MISRrkM5)Qjc zyB>c0g~pPR3-i)5ZL)`O19LL1k6ZAL7CSH@SjPN$Auu-VEXaFy|8VzK2wNosS!{(x zmMIpm&fKO1gO$PMt%v*fQu*@lVcvlLO4J^AL}FuHXTja-5t1>N+aQ&0-R}$5r|h1g zi@0&zlaugheS87kCjb?oh)#J45veh>n0~h2j=|GTC};5k>G*a}=aMleiAEeWaTY2kF?4wGmRuL$%zmGa6vfb_0U4(fFe}NNqS1V_Kt9@}F zcYYmtw0jx|Obf5K0L+ouvNwQX4JUiP@Xyi^K`Czd9QmJ@^{97>V>$w z^Gh=vAKk=$gpViG`^n`TzZEh-v9O*cts4UacUpHXWc|t%;mgt4F(!vOJ@Ub6OI;~@ zktnP8`(CM4OHTs()f%2%riMOCoH;5OmYctn?O{C{2ZpHuiDzou$7VeN0`Dj3`Nvs< zpN?ot&XO1YY{iNnj+SVrzl07;)EX1uy%?f{*tAy-{89*KRczzdFPk8o-0u~;0$b$m zUQ$P`G(ET-Uyam%4PAZi;GIGp2ZBvq52T&9^#8N5|999J6(h$)+9|3{CW_$}Wlu(# z>-qqp*;C9XyuPcS1V%LzNS2&}X&T9lKzlulK35!CZeyRj@h;?%-{aiu^axyUVrD{{ zX(cFYEPYih?hwgQEsz z+rdhE*s>@b!Rk8eW+QwJjHT#sQugo7k_pp5i;xC$=7yn27)oLom(ELNa=DG=^iA9<{gF6$F!}p1rD>Vh7M7X~L38S?N zk63F$i`bjSjfeCpIkq03Ys_dG-W|A)b8;udV@1UwR^K8qUnzwD6)6JU+Ln9R7bk*$|Jvs9vJ%VS#{E+Sgm3+O z3ObFK-D<&bY{>?J1mnLJF=3P-g2rt>4R@WY=9Z9dm0HLkVd_WH(p=F>DvU0(+eO%kselv)B7v& zf(LLEO7vP`+?H4y6Ebn60ed}rPQrQ4h)z62xV(c!EwhwDm{j5mlRV9$736ITHj>x` zn@eejcw?W}5lQLU7eOS5iaiJN-7cOGDKsF4udDuq3ap<={renV*g6ualJJFk>D%ri zM3gR?Ha<{K1k}L61SZgrbdwsc`4b}$e^i~r3iDGi**8qsuK&g3Vd)L;Ppn>#{e+KK z#$`cfq8ff?B3B>mf1`6@mjHnuC5QiyCC*RB?-)NZCha&6x#=fffafevq&7&*bCofx zB*;zz<-*_k>38g>Ez-xi%Zi-T;g3nCww|>`cuwfUN3()R&^Tn?}M{etUF_m|z>ImY*+ z9$z?PPcz_sB_U_ELeDRY+xz_l0Gz!Ky>i?iRfxT&()~v?DOOtIe-eGxh?L?|T>3%x zi*|?W`ePgV5ebzhKy9K??U8 z5vEwt)+d|LzJd=E>b>v z%eGnKUOSQ>)0t!R-F}%kwmrV2#qSH7_i>+Py#(XoMv z8fGOG7ucOjNOq;;vI5egOeKgO_65fnTyHSWl}!X2B(EW!|Cefo!!_M(X~<82JD^(p zE->R{xaRK?h{x>x7bp$~Z-Dxn-V)9nG6)+u5TY5$VM2t`_6dmFDBjAWSbaQbkGX?- z(^lb^CuW8azs{HavXc}MO0fX@KgVC$6RU?yNks<;0d=1WSnbN&Z>>xkJ|uwC zX}XrA-j!H?(yNYPj-k2U^nzkNx8PE$PnRV0?M6Pf|G8=R`Y$y^+edwk(X1xG+ zfEu++Cr6JfR7IA!_*(e4Dy7Txle77!lsV&(;k|6}0D-~y6ASn1T){)k%?|ARiyy|1 zR?nS0i;LjiXXl#B<6?L4bKzGHU5xHjEL`71zZG8$6eH7Hl4m)eFhT_B}5+l z&_LB1&I$4vzS_>wQs8*j7)kcY*+lFJ6%BSzub!GiK@p8Z)KCG|5>a6?AJB! z=I&<7oDz2R^00uwg)uEZ;?1_0UzBcRJ&J|>K}GLWE;G3lE=NKV&_P6U0^>$PMcwFv z`W}Uf1Z)Q(iiCytoJ)d~))dx2OTp`nY6s_*Q{Rm^1cZt0{5PxOsdPE|TfP9=yLneG z^$W(gc~>K-ex{Jd4fU6G-bvCe9U}H$5Faohty^9um@c!MiszLeuqGsKXZc5yrdJh{O0v!et+xOy_F}A_uH^(aqJ^A^E$N=#9 z;F0b9S9>I~?3Mrbi81dP)}A1E(X02`mVI;2sn@M?h%*q+{f7lBzn&VB&I>w-br(EQ z5R*?Mi2@x=dv^QN8v@x23GIqxHN!NHu{UB~?oQHA!b!w~=76k#{vsk#(#%XY^_X@h zvc-(H=`Xr*NtOE0rJp1Kg=T4X3XFpcwYr4tf$vknu5>4+te4HRksGl>rz~VdwXEa) z{UE07Lx|sd@wE8A&yDR@|KG}uDedOo{OokvU+`@?rQ8%Sua6ela@Yy-MhUuQGU$lC z8_Qf<61^Ia4{J{{A@zQ`*DZ08?pYo=iIgy>zHpvJ8XEk58K-F;Ccr%X;nYEpl$uv% z{|9S#85D<_?F%1w3-0dj?he5nf;$9vcMmSXJvhN3xVyW%ySs$j$=-Wr&zy7SJ$3K< zp&N?os_swp^Q^W0zqJs8tLYaPylEhg?lsduy9rcWC!v%KeoH+4_HBPB)~5}ku2Ni) zSv#Z{ey1a5xe7LqeU)u9tIpt833bsTeo!d|@j5NHj^Tp!tI2Tc;-_gg;YFP;Rh^29 zcrqoyKrwVbn!0A|dH%ZI&6XxTQNm6Xj)!W>4Ro&lBKRX&BdEi_11E-9(-__nnv(_Bh$gl2(bH z`M0}Ol@PWv(Y>LG2yoR+N}eqPv=9^nr72jAY<)P1mDqDb)}{>>?Q_2wNRjbpk7QgM zv^MOZx%dLLcWaqdg0&6jfbeB03e+{)mv%aod0wZ{Tmn2VqYS|4D5 z%{Q-ihREvNgnW_dL2hcCe={lAXWf_h$U+j;wnQA$4KAFkEa0s{3qfyEoeTb6NKNljZP*5 zUh6(*vYq8f2d&78rBVN-ad#URD+<7T#en*_Gg$#Uvq0I}lj|6Q1B~VAI9+)F6G69}Una2K_!6m!7`Yi2N@jPIqj34BJy(`HIZw{r@}Gc~_bCG7 zQMa>r&JEQtZS5|Xqvg?G}8YiU|((Bp9Zb`SoaP#e^`kU9S|jz8uRwh^?k}fVANR*)#pwUO=r)Qx;0Y3o&bfqF zMS%G^uoUmc8?1@78xJ$rl#DDx;T#G(E=k zbb#w&(>Q#6cE=yJ_ERtAK&SaN&|Pv}mLdbVAacePfgGA2U~F30qsb}Ld55miVuOyf z+gvVDGxpJiBNXdgBT6hSH@>+;Y%4lI(`3j_a*m_LRCD*Wj+s_sYz**hr+6$86wflH zy7$>34q39A)2Y(Xyu9_oAd#2q}&=?^$gb-J9~4$SzLX7atmm<-2`Qw%!$d1~d2mKIar& zP&_Sf>SccIjPKSb7V}3EKqtEBGP4ppwAqNxy#COG{}?CWWxKyXv~=}0d$Z(eT_kcf z(M$eRYCK$5f>y5XDn>qMLt#4Diop&STY}+&LgIRxLE_%H$|Ng54TQIf(PZi>K85Hs z{jddk*L?h$Y0m1Q{a7?fT|F8TuNSYTd?b88VWJdiVmLUSi$z)Octmt+&4-=S!#vg5 z*Af$s3`dzNK<;6iEmOcXSj^=-Vt?g(KOVtZMi@YIz*(7e9(L+(82H3}rpl3MHphkV znN3c*z-5&2kq{8iD+=2aJx#39hLPx_cV&=qO=a(<<;Y+5qMeRjh;Yd$9UHU@MJqT_ z44!hL*g>dGgE@HP@Op^?_SHov*yYkEd7-UdS!dH)?ZxZhSZv!_fY@<))ym$8-dL_T zqB0?Y%f2t_TOuJ(F47IyK#R@D(_y%T^zKDPT98Xw;k6h(9-C zgc>ToGka@CHEf9>ppy88%Of6!_jkog$XNjS zCd6Q~g%3HFI-kj!-6->Eqyk*RlE@BLFSys2fU=@w?BL6=R1cmo>!8 z04{&L<6`0fqzOpOF}M#Sm#&BTI`M!B9!SqyVbjb&kQ@2)BltxgG$IIyxi_#lq7h-|~3$^4~qXdlUWvtC5J22An$_?~xdA4b>D>x<|fNte(0ify~C1NQmL zHnSbqD0aBxTj@K0v?~*=o~X~1V6fko?#vqP@-J?Fsvp9kct*!N4#a7Lg})Py!S4(9 zNJN8CR48_(%FU-HMs4*{$nF+;5Jl%50drRd$6-YwOX`A%ikDuT@It2LR+hR;`5<0I z#)m9R2ULykbzNezXb5xx!pk-2Hf|t}4BKu&xWBQ}jdeUc5& z+r$d-Y5CJ=pXt>xA0d62I&9V*tEc3<#?oYftuuT1Z1gb5d_Zze%m$>2OBMR_wOeHZ z{#Wq0LW6JSae3Cl-^@?+L?aqZ(jdjA5Iz<|jFC6Z*#@zfj;1oQCcY@x72!*sp%DuE zHIQjYUZh-?tI#U!@3*qfR>csPoomHD3C)sD&ZaHy5th{3EX}D5pLp*^eCw0z2F>60m@PgL`MrhE4Dy;p@oyd09pD);>G3808M9! zWDu!%+Ue2aLaVXpr)n zl=g*1x{zdk!uYq3p}fv4s*x@oKXA`)GiB8PXAa?6DmI>#$T}?UC3vFnbBdF>YJS@w zgX6-LJz!CLtK9q!#yArLG>DWPK zCSm3K{#9w@*|+xBDaXyb(~O_TspfL|?>k4~eCrj>0y)8=+my*-O{4IN^eaoe!zO-(2D{89k3nA?O|90`^zRzr zGcy#E9E4bGo;}%n9~kwx0(H=K#<7V)Ra}GDW}BkB6IDw+pKN^W^;EqP-@Cic;gkbR zW#Q{S7TP=)e1}oD%BQkG674;rmpPgtvqvx2hCmf?n$Nn;WbmJ3zRltUUf?`s0&9S2 ztVP(~*Yi~%aV zBCLn4YJFx0OJ}7tTs$tJ#1}7Zzz|VZ7M>|Z3UNHr?khBH9 z5Y+wzA@%826lH-`n0?6oJnL?`Z>(pLGRBJ%bK%tN((HF<37vctT7I4iv=DXz8n)3u zrrMM~Ols4#1st8hjl!>FMsWnP^&os#N0eF&|96pl8XhEE*KQTn%C=%(k((%glMekZ~L2< zyOKBYs}i^(ljh@Y-H@)`BnEo(6g$S^A%!nNl+uPo zrCFCa^UG%?d>;m}&-C7UF0HmLsoGj&Qs616BN>1Lntm6kJ`)NmD^S0pT@_IOY~Urb z1eU(t`c_!QmMu3_j9pbV6gre2r;CSR2g%Zw8Ds^pYk>@@Vw>Xp7LT31#oyLPq`A%8ZB&N!IaBymEvqPNfKMuCc@Q*R`rl&J$cCUGWXIva@loz?p5~@=7Vjb?X{Xen(}L zO*`e>mFrc)fzN(Jh;lMl!7W{t0{E%(Ih81f2Z&ZeHn%{HAghDjEBF)Ijmaoh(VT}X zNToUK$JS8o{3=^k8v#o_i(QJ5OB`wwiaQ<|Q|afPC_$7Xw}MN3S|EEd0WnYKUmQ4f z$DCoJm5IL5&3f9sXbs*nBCe`_U*QVbZz%vd7$`Jiz|{tAeWaK6hfO|Qm02RH>W-Q7 z&OdY;6*EJ2NFi04%277cyZmYO@z3eC=so7tn!3@(l-5)zuJ@ZVp09}&N=)bw3GJsc zseV|5UgCth+xsA~!U-3sbUCZBT9>giTAeV(LJ)n>-(fE~p<(&4A>W>z}b~B#v=3(!cNQeJ0Z7-yFEQ{_Y#H^x;PO3m(8NY&kG`7wVx}LH$zBg1uEGSoZw}ad zlXqg`1qVlEMVch<~nz-!78Piabz1@_SYaBfcK? zjmBkZ~V@MgQ``YF^RnL;nGdew~JbZ zPBow33uco*C`Yy3&OM@5BTQi*`k)PonTz~==M>Our>T{$zhBiIPD>Ro)kG;i+*{KB(o zkXA|ZUp^YP9^}r6z8Bu=8fQC#_{<}>=u9JMo`n|=;O9>5Be#YKsedkH6loPKF|>9- zs1OL?)sSALm4SZZPI09+569K&V0CYPLu1M{kQq3wuNL;D4kh%7xHpmD-xog4om)B5 z;Tm4~NQ_G>5ol&9Z?#HEG;@>NfP6nCqz+_rn6~5VP(ywsj7c_&BU5{Z6Z7gdl`jGE zndO7*CLPivfcr}C3(OxtEhl-0RG0&jIM$_*=h(vmr7D!Rs6qw({l)d9#AsVsyb`-<|BUcls5O)mZ-p$>=&vO1C zq`4&pgdH}_t1Sd_d_j?ba0aO9~U{9}b2kd_} zi;`|U44}YTjE0cpYXsjKgGFllb8QxW9rR9nRG9dZu*|147{D|1nHBp8i;hdF+TdO; zdx|xRYa!VvGOdtaGgbBo?GD8EWPO8a^+zU%KU2Qf7v6ON_f%Rw_W;#vLVrIg;sn z+BFxO6JxmXc_SiTm&B7eq=U~iQ)81%+&=KOh1w@Uf@Fip_BQ^!0f;k>=!QlMgs@X{u-^NRx3$xC=AFWgAiq=@vTRMe0)E@uh258nX1 z9Rq5|7FK$dIv~9iTrk+hO-WIgqt3gdupLRZ$I7?-KrXCA*46qjX&Te4Aoj&Fr>EOM zBiHy^?kk9~wvhD~L)JGT-{Z-kutMs2W*wh&BP_>2 zzu)GY=4g}{V3aO>q91M{fRPw{1DTZSAZ!OOOORMqCo}K}RX@0c6mixCnb^p8L{+qO z>H&6clp$wLm$pVSiUs9iaFUMJ{IGiN_`6Nz=j!~oHkCdCbMHYpduTUU>2~%m-7}d? zU;(5T)N)1zVq+rFs0ar$jicH}#N2DYO-6>wkdT2ek{_e@6~;mo`d9dTgZflVT34_$ zT(}m_?re+g9NrzxG=7l?R9_7Z$qq0fEZ?9d)C}2sCLlnTF$D8PnJgDyXqLNz2oG(> zFz4@eN++8Na)J;s>#d zA`78JYLcgrE#r1W28R*Im#og{vnBo=}&IsALF183^2QM(PPJKmuMopm)&U%ita7M7^k?K zVU2`UR90DXEil5x=ktcIP8b8Pmk}^6ED?Z`m&13S1_+l==q`vwx!nWmXpzr?kwD8T zn~5Oi!1zN^p<>_mvzfg0JunQ;oL)BAyyU>`l&gqVmYsL3}}ZJlv^ zJ?ut=$8BR{TqFtA50=AeVkB=+V>~EVQ`T2_P$i`psWBcZ!S7avqF;6P7L!y&G>;kX z47jXIKU7u{q^8r5o_rC=Cz2l+BJBGEJhdR4KMZMSYdTRNwuj#H^^vI~u zlo>3J6j)507|rd-UC;}vPGhKZSgjabpUs<0@IqPakmMkzM4U_i`lr&e`BM0pCCIet zPjA%u%a^+hsWKG|Q7S^p_%U~ov8=(ndElxcA|#(fWFtevzjnE^Y0w@ri&Q+|YHOJn zAxR_WbR)Qt>|?A@S_r>@swZ?FURaZwYrt9B~$3 zrvV13g9<<;z|@Ec%$ek~CSA7!37O8k{Z{pEzgaJUHpLSwe6*dZphA2;Fnaf{T*6Yp(Id~_(Ig5jwBK(WQ|DF>lPadB_j$Eg4j6} zy)OhEz0J`@7SYvM1(<1~tYoezN=EdzMzAL1`Q0(?yzdi`c(U^hV%C~%#6Ko3yjELP zO3KpZ98**T(Ew=$^Mg*j#|v}=m;H2!#2qFNsSO$+hcLmw;#un&m}Rtli*#dP{rcNdXeOV!)YT(igbBt5_G(~ zX3JPCZP4wc97W_MEDtQ-bLYgrc8R1=v`K3qZ!mxT76W7ejNQ#Nxaph`yx`)V9Uq)^ zbFbW^bx9W|#XDlWe6buT?t3~G_v%{G-err&McN>O=`s&0a4)SIrQ*~LbcF8$AEs^i z$r@4}h-c%7etNfUoDs zT3m7{v(BUS;Nn^go1%N;xFNEx?*$THdfvoS#XjUYCi}Rt10H)ZQ9;PDfA?ToyMPbe zc_!j|wNy8K%Ct5Pxy&Kwg1o@jW=Tk)NRcp>`j4<7W~;4c!EhcdO{La+VLBkTzC>&U z#V0rj&W^a0*k;wu`l0Db%ZzC3_=(|lvA7C0Nt;IlANs5f8=`}x`2W>S9uNAZIRjNEg87b}jp^>%Zy{2P8a=lh&D ze*SR?kQN;S6{-=G)-d3Pc@!;uUGwyM&UOGg=;}Q?%7O}l=IGfO18cjU6E8luMN!5v zp^kCNTR1Ig@1>S@tLrGI(gVo@Tr&Dy1vKR@hTdeDB1QI_LXG7P{;RoB_y?cjKyj47 zn}%DgphvDVx2LDutG?^o-s3%`AlOG8KfS{Xkmo1e?QZ`CiMwTL-wi5(2`bT)ZID*J z!q?Y=%Q&DcNI$x^7GBI&po?quVm?vhY>m#Mj{}!f#NCk}J-$V02-+gbPN*PvnNALj z%rH##f_OAqiR%Udy*r`79(vAse5=wByja;!nl}Vq-y%VOhKwt}pD`kdrq1aV-mF4~ z^`T-yx0{&7$YeAE<_ohWIJ%$QQ;F$1J&{V>%ael%El#lc^+0HV%yg>1o`rNDL&A_9#@3=Cwu|;T2`J+Rs-_7a(Y7G)B1jEnntp_J`0w90U`Q2&h54r^ttC|k{ zzB=B9)_r%S#he4vB#)VAIAXNK?WLBu{9u@rPlj1aIOSLHaVv4a0S#;R?ftM-hahN^ z1(QSfTnl4sXR@=bb*e9s%7yiO#W9Y4XNb13@=og=6rXpN&Qd|b-p>{VDNf&rCjmB4 zJn%9XEi@wXGt00AQ?qHU+^F-YZLKm-QU>~`4*T-Lor6pP3lZ6->W~UgDGI9=*=6U{ zBR~+k;Pz~pDU5R;y**y31dj!de^9Sv-Tf#7gRX!!xjXKne+_m<=Ye$8fu(e8fcUJK zaVlE59t*1-2R7J>c>z>C+!TF^6+IDaPxlod5n9^a63@F^3ShipuP?&g^$8n)D z5ynNKnwwrTjZyye#X5zew&2=_@l(7y7QW^rt^<+J-n>*ioEE(N7i=b&+I`E^&lHe!h z1MSOJfFyX(h6>kLe4aKsP2TGEQ|!QL|ICG5OLXqdiThc=>2`%dKJDEN0C9Kt{=80} z`1! zFC6o}n0~2Sb(YSD$aMLs{oRCs+u(tucidecA0Kt3z`)Fz8|$TG&nAA4_|iyRw!|gD zcQB9;(0V#xDQcx&2j}uUb%y0XM76T(2s^%m);B7{nB;H{)$^A@RBHE2v7{+nzV1p- z5hx8#5wJvH@onpua8QA$V_4){51n<=+(L0H>!eBZmG?u8e7((@c| zEBtW-;>RvveS_Ujd@vH*CLdWud%P$E^tL%^Xb!RnqHwp9C>^HgEcQ4huRba5GMf_~ z44JJPw;)V$*R{UI*SR^fiwzaJ<;&p_Q)!W#;fyrn=i>^6hDakB%Vy{~E2?8k5P0qM zskTJwO2_I+<+7_dGrCg&GE2{@mnmVdhr;$;+at8VqycR~sHPqqockUKsToeC5ddmP z21Q&S2N=zx~ zm~LY37R3exVrpw^IXA(jQJW>~(91+I*_-^fzgtXx-T_EK=$ZW7lOrg&1BFTp1$Ey= zE)`d=T!v$_LS_0O$>F>>h0`2#F0Oe$&3+)$S|1x`b*vrhnk+kd+&VJ{w3f`sCZ%8Z z8n?U*x@13gU08{4eN5G^H6r$%giG8K!^O;>5yHePT1n`AycG-KL164Y3i6R2VN&iZ ze(^qc`wC{+fNbs?yRBWav}DQ-bZ{;L>30^7KypGp2eS^rliox)cDe|KjZIM{lEK)MjaQ54QA>bJ{?Ak0*AbE3eSN?a;XOVK0}gK*x+{d>swn&9p)fHXL6<=?zFHq8ewdifFB7cK?)B z1Am`6`xn#NP-FHM#2)c}+eOXvTb6SFo%XMQl@#4|{D*x=c_^y7Y|4D93EWyVIlU@G z4ooT!Rr#?AlMuD4tbAjBa?7!AS{JXsGz#o%jYFpXPh3;6a6@(kHw_0PnpyVtcnuGm zjSR5l$8Fvtjz01phD0-)1Ns`e+SnzByYEI9ddVa|s=*Z(JKj*Cd{MSaZHlz_K22~I zcHq~m?9ErCyOaz^bFOFMhl!fziGi>J6_U2#+3W7KuDi#hkPfy|vV_+QGA242Q;kEgy}qDzw2EK#DOfSBJONKcGuse)2SETr##iPHpb!3fy%c=L*e1PsR}ke!0iuxifLC zmZ-bChf~VK5D6~HSvs=?vIyplZPk3h^JS9^^6m`_?1NHZNkDzq1lR?phSS!5OJ-3JpW7iPl>ps2-7hE6sq#c{0<6%_v;e8jDj1~z&QfncW)KwsofX>{F~OKO$Q_qo}X$f->>g#<+A`bF^8V-8?-z7z(JpA(XLeEM*F2hGN6r+V`i00|`Ao z0=}0>+|0=U-Rnqo(fvbJ_aW?8{%8O6eSx7Fm<|EFDDiCiIZ*Pt&C`BH#f^~sviFLZ z#@8C53i-2oZp~`?tQsbayQpVYvyj3u5jZsA<=&dHB$@r_vV3S12{fD*TKBKasxgz% z0-i3nYg0G!Cyig8Z~j=C^OzOJJi>1sS#1pd7Nb_tUle5gk!rJub|mKZcEngZ=_$+W z=gURV7g8E!asE&3781^Z6N4X~c48(@7%UWV=^m}wCNf~S4UP`4=Utp`vrHl_U1krt z@v@gKYzf+)+dS<6E1-xCTtg}jb>EWcHLQu#C^gY<@X{{A8$S}rCr_6AbR<(~)p|K% zTQCidt+4Wb`;sMX^7W7busx^no`Rm-M11bp3~fu+xDR(9%erj;M8!9Jo1u=C*;5X% z&nlbY=R7OHcg}6Kh&1jv%~S@87`(XmMz@CsA5RL2hWC8%PmfQw@;?_8`+odhjoW%%mwHRmUCO= z;g>WsS&n`!#Qi=MDBIF7?<_6*BC%o)?Pz%`T}Z3v!Sxj!W#GU}z{lJEAoR>|<=*o6 z6Py3@vk(r0^4uLFyQC2vmPQDDYOQ#XtWx1e1s(1BotD}5GNxW3{2WoPy(It{0WS25 zj7T%HVG|c-1p}m=PY)sgK{bD!o2Gu1ABp@jwDg;5Uak5T^sNh+dX!V7IgINV^|JfHIo;Q?X`@{9q~}TZ>TmP;epm$8(%U;dUi2FR(CFq7gxaRKDXU~ z0g&i%YuesBeq`09KjkNcY%=v?25(2+;k&fUa!u*Mp&J6u*>}kuFFeGs{8uW1N#Iwq zD{!7YI&Tg}^myaR;@eNfI)LuX(mPTQ_d==F^&4W&`~@)!`ZzIrJN*NTD9tW41iy(w zqDcuPRAUVFLZe9mEo%LNHk!_H8bD5qJQ@WEX+aTp0nR|s>uyK%@%!Vr0G)fcNw6 z&_w0>>*dyKAH(ZWhcCK`kIDPp1%*H@Mh6g&`}3{sJ3Mb6+WkZ@mK0k}nfB25c>p@z z!@n8L5`P%Ycyj}wlc0V_{Ffd;<-$ddS^Nc@MM~+8CER+?ITxOcY1vm;C^9FGWDJ3` z%Z3~$QmNiA#Ef&*!QRC>pzVmiPRZ4X%6+#grsLoU$`5!-Rv%Qcru|##^a)DrK_VO2 zUlMCWoRSf@0^l7x`Ko&{;Gf=Q(8L;R%c`klh?^L z^J6=^cY7lh5QE*O&sP6AR|DrKexzDXrzy9aCdapVG}30H51$HZPF%a-Nz<;#BA1^_BM&ZsSfFtkcgF@pj;=5>I_4EewHm@~Ig=;cxkphY`^PolW!U<${RaBoIsVeKoZ z&=5J-6l%O)BK=uS#&rq#jIsyHq6A451Uqz$@Hg6U?UBF`CsB=rNe0g#(x#!7!I6xV zNE*EnEV2L;^9f%+W%73lM4dw32z&gE`k%pIvz_Hf)dLa~-p$j*-lR%$*xo{>@{~`qN{E z`!|m{;4hE)2L*tgLh0S{DEC#UaT3=<6lqTHk}p(|S!^101Gzo+Hzud)yYjC1j{pAs zzw?+Yn<#D9=MZd!l;Mo&zq}qB=VE;{M%R+E#11{L1IwVQQD#h-qLnh%Wlbds$SRdF zSCjbG`AqI$z#6g1U5ypy?8mV;BK2|U@nE1|Cu$kd)zGv-YCI&FwV=W~v4CzdUA~zdYuyKRsrv*mlU)6m{Hv;lmH^ ze5>F+YyS6(T~Pw<07G3q->glRdVGJMZioYWHiaSc^IjDXnKdowtslo}t7#>cmw4pD`0{p5OwBm zz}gf|{_cQeNs(7+saxz13}Q$z+sGrzqEOJJ!|uH;^WrQ*^0N=+Ee2gUFH>xsv^g~P z8kdy=)z57M!VlbbhG-zFhgE)+GX@3&v+$}-Mt?>I&%XQ-8EoR)>ynM+`sfZ_tSruJ zwerewpLT$Ynj7)$4`Ak$>%Rgsa{mNo;3tv+T`-vPU5l4qu7NyM`!YX zqcfMP7*?J+6%X1-Q3F7M>+6sArh6pN!z?PYDNjd5KOiv??Y+l{m|l!43!|Etuv(s~ z$wj89Vn#Db5!cOV#SsMgIgub+?a33$E)8g?*i;ZP%@=RquXYGOV1&J;&rEA*q0_``Vo5#8x ztX0A(?3Tb_i9?U)xyD<|WDeNI)dyodZ#}?)B7s2SUgv zbxCE%CrGHoT+nB4QCOr+;m~jAghKEAqepx3A;16vOQE>BUL{hLQ`<=5(HW{@T7N9{ zPma0bPmbBc_wO9@_~-wbV-EbyG4uUT95d8EIc5X^$9yjI5007c7sm_<;FyKX`lu4i zwS)@oF5^xpZMVCO7Ct6GxkRX)3qy1$IvIX!fTd}Zk581w@6elx4~KXCnz z9CHh3xBJ$y>)@N{o|I;1&;KtRv;N;XX1>33%!vOJ$ISDKV`j;!+98cAU?kW@6S2@+ zx1b$KWT~$G_Bp63J%9w3w*sVMb*E7CWfGZydb>%YJ^U!vbp!O{R5l!H(9LHm23w-P zIObaQ{|(0s@pq1SMQaEz?*f!wn`{qh-C`;k>AK56^=oM*dGQ_+Td|Wci_87FpX5>y zwu@}2!9Z|)2wBpj7hpqK=+$zx`r;e#Bh2T_Hl$nTK$zRZv$}8r2paK~TVH#YY ziDT~a^gC1jPaLzx`>w>la?ImSOePU{86rQmgGSvPcmN!8CKH4>WTW!(=J`9}1T$lV zkQtEVGdwOz|BRZpI$+}*UxKIx!O&Qc|&vxwul9EkRhuy>_COTZO>W0w|8ufbpT`h7kv@$l1j!$=R;6SQiKE1$P|_ zbK;p>Fc%eg<0G~v=;JHo4sy}e-zXW{?M`KEi;-6{lpd`QfGNDd64@U=Y z4FD|2)zx+fW|t}}o9-jBxoUDHQeGp5lWPIuBhuWQxTH~L zdUAp8znL3agTZBory`g7{X0L%8KDJIFZJQybz!3#OQ zsBBpqI;E(rnxc}MuJF59p}|3}JwmS90IeH%c$9n-Q2?x{Y%+O6YXRqL+IF(2!jDq< zxGCQ_7#-@w-N_dtRHqT-0x>b<&tqU!0l(``=x7f2s0}?4=nri#SY#=<@6=nQFNlvs zT@OMX6`(f^7IO>bnFT{6xD2Wt5hz3w;b#FextFG2Md$P-vwA^a4uT}c}FOB*9pBi)02GD=in2Vtoy8cCD#-xekZ}qR^kw8XqjW}gFo2cm{HMlT_Wz_Y@81Ky;vXV1C=+E; z);&^UcM2_QI1syfv#}|dCrS=`XF)Zk7~#uyhSE-(nkZUdz#h5MA6q@Qvg)ryV(}Wo z5phdS6EsmL~I!R9QQ-bIkfcVnjsM zNd?sjFDp4WH4XG9vZtgPVL%=ufO#7IieZ2TUqU?%DdLh1A-Du}BcSfWpD?+zkB5Yf ztg^HkQM+{8KBY}IQ6H*~xs9(04f}{oF}n6RvXOGE7}3usc;?d6{dI2#Xw0_8O*8*l zV}|>sF*DfwO=GV9hsHep-BzUK4~-f2?;7*NziP|?FYSNOn1%jLWA^{wY0L}1G-kj) zvwzo^Z36$HF$3<%|E@8+ZcY)f6{k`MZ>_;0NDG0ih(S>q_oIwE)y#XsB<>}$7!=&2$;+0KsGOQ0eNN>x{c)kS&i95BtErEy=n?tdix>r z1g2PvpzGy3XX(AczU1cIivkK6R4rBBOzgCx*4nINiAxIm&~W6%dYgNnh_P?Ynl~rc z`$T-wDH{rkg#X24;!VBSCg4&Z@8%m9w);MdCP zLEFg_jSqW;1$epDBQd_S;7F9|Q26MVgk{}@lw5hjuS}DgtZkvJwj4U`$AZ2>Rq1k|=!uEbvabcbXUoV#*{q||8vq+mg{;7a)2 zycI>#0ZJ+7Jyu<_P3BYN-wtBprQRIyMqSqVht+;mji>4fga)TqQ}6dIa#@BApf zchL?Ug=oNe_h?&CJdfd~O5p5jX~Mji$LcvI=6*B&C&p|F_pLqWJURXxWb{z(q(7I3 z4%jT>6!ko*C*HWrF!1-SdOC+bslu}yHv$dxFKKD*(Cevc|EBl&0R`*sYtr44B@qrV0Xhcy>!h0tnUR9B`jIzh-@4ti4M4 zlI5NXSn6G!PhhUsfQQ3Upy8pV_OV5>kd}^xp4<$D=)l*q*k;6)qwg{C1WzgA~^qh@DNW1Sx1 zaX`JFSHI3rsM=prw2y9#X88z%vAIl$kNRIRW|H3+ z^Ys6KF_Zj>F~6Ea{$F9tM87d+sDIhU2nF^B#(eglG3I#y#@wO@cz=Vm7wK7mxQ6GZ z!C*8_E@g(ssgT;sdcfAh9rt@u=7_z^J&i&p1yGYO*p$kgI)=|dVtFhMRKFbmC<6aN zY57KBK9N>}^$(2Mi?Dz?ebtfzFqm{Sc}J}`nnI#VTGs-p^4(#z2|-&?O8>~?vL5oP zTIiHme+p}eZ)@);l)cqJdKz&s-T;KA3hWJtz17F$fav6gh67Q{lGeFt-3ai6X6R1e zscl#?a+%+&lw3V)0{9!eVaZ1dQC%4PT_AU=MtfRk=t;aqSuqZa`w*35{##J{u-t(6nX^5Z+BB&TeL{G^EE2 zzq(-bK1NQpQ;>m(Fr!ZfdUkNDtdAs+C>BKSom#=cD&ymfE*~3*6)at(;br&0Ivb!Y zlPh3hJYjpBV7YIp@>5f@c-YaJbF0QicX#W{dI_Nj4Es(s#N81nq50HCeZT;F1la|< z4zIlDo2?-PQUT-U2LK>UxdzNg^)HFJI+~$*=B0F}>>s1#KZM;K^d*7EX+VxqbAA=( z8Y+Z%l{Z67zO}=7*-AV_-ay)8o34c1IRRkytx$p!<$>qf9Mfuk=W==Y6PEd+c2LOQ z7;_5%W7g^z{Dm=l0`B#&|1HMs@;8im>8S0a#+j(_u-xqrrE2Ah$^cKbY2)EOFl3n; zUJJ%wYs|Vfa(I8OG5fP@*2>e+)v`mxfO(EkH-KRCdiADx`EreHEZDi0Y+!+TKZYJo z;317hX*ZnjitCfJ9w6~0JhV412yMpR?na0noI?pupYTXpu3Zb`KjE$)yw#)^ka|oTJsn; zugcLcDXMt6tn8rwBDO^78cFFo2i0LEO9PWSAv`_0`;Ty^}7wz6GROb_#am+_$m1n_1ZZhqb$Y>$>d{y-#;a zgMff^cXvp4cXxM4cSs}M-Q5k+-AGG!ckVBG-8D1!%(I(q>5FMX}|ce3y|?O-Id#*lybTDSk=Yv~04u9n@9NreD>t2II_<{2!h6H&eHzxYvR%jCCsl{{SL)ebmXU46??Xv>bQ>|&)vkFx*Jrw&of|i zE--Z`mvPqD%D#T)cYEIx=Y6@p1==F0sC09;o#|gmidcPCjmzGT|FSC`3wg$fP6YW0 z|6>T~8e80u(tTAzJa!2r9Fyha+r3?M2<(qnsSnQM@w-cOdO;zXUXmA2!W@`A$1>YB zT86S8w|BWI4bM48m8^=f3nEkWf6H1X|K4Km`d?biTho#<0E;=|*FK5nqjhj|)fsp% z97C3D@B4aqsBKe!;BK5yY>U*7}ui*l}5|4cxk@Y z_>V9s6-MzbWL7fnLrdkyY}%GfAK)2^6_X%eOXe{w$irW+*j0)7;5jO%2@I8>8Nxu~ zH%DHQ;Bh(Q#zYmZ^Zi&z7@m16$s9;)?9`NTp|v!90Qu@aiZQw1jgI5$H$>WAFe=)#sbnq zL!!jUqBH2jRF@5%)o=w1Vxe`WBO3-=*M`>yxyUm|6Y4ajuf;S8DGTg9cxeQRq18W0 zF_Lb0t{dflBjaVbIhV!d)$E}KhteIQdM1gXP_Wp|zC9rfND(ypyN<78{V!Cl#d6Tv z^efG?MQOk@+4st{BXMynLofN(E1Oi@ZQ~^$AB8VUh)90E`mkBE`lF1u!~aRuvT-2c z2*lY7P;DGOGd@hewH;J@q3i@+#MPY+Jc{7kQ;1hH9&!LI=fE#Y8-kNr+2Ucb39x_i zWU9Ne1EnM0GpzXQ38Uc20YT|zCVhV4XP_?NO{COX5(HVb?;~-tZXyxdV~&{5D@d#v z8JY5?Lbg9(C1wmrubYn&d~tSXAK12dC}!Ln?>kIdMO3Xtmlbx=>@TuDc)+bYh3z_A zZm+2&=t$R?i^%R*59|Xw5tG$B5-@Kh1|y6}3Z$l5X!=qCyW*y1ClX;7gaVp_dBvZt z+svifel*OiKkz7&4Y{&479gsTTTi-0j3u2$&=FE#x0Efpj6=7~Kt*BGju93SBkK8? zvmSW-+9-c@#LLEcjeP;70xuhOijiU(I{wI9{Xi}QsA^1~Nf5BK8aE-?@k0QE+?<;2 z>i@9L@IYk5iE7>`NCfQn6&w6h@1+jVdx`nedl@GY7=L@-3?e4}OinLbAyiOavIpgI zc}vE7q!k5?E4+2IcZ$qDL$uaaIUalGjVMU><&)ORl&e*f5OU|`yI_}Q(`ed7+W zx#PrV-==wC@AMU$7Q-1o+Fz5ACmCdmAm~98Xc<(ZP2F$)H6AmwuK1K2k3(YrGDDN2$vIE+E;;Lm0_YJ-x}*1$YZ+`B>TCb>Iq!kjN4 zA}-8DU;cx|9Pn;2YyCTmS>!K^`F;u^WC{5H#$rbLZ7~P@3l$CK_s3$s{qHSi3&4uc z>U-9OZp`yN>vD|1RrWjU;v#QWLXw^Y%!j)H-0j@QSgc2Ql@>N`z#E-FM}PEB7PG`Z zEM~M;-2eX;Gy8wAn0dCabNS@#o)DU>VTtmroL?mJG&N-nl0K}*y}fLAzCNE#0akb1 zF0X2*-tKoM01G}vuTi{!4WAkB#<%;cnL>cm{Cqfuh(E6L+>`nGWFoh#a;x*^b;;;) z0b3PUDD!r^-ld@VYe_RHMv_$*Y8__M+XHGzTl7N3*6peFBzLB;L-^z#r`z$Z!> z-F6wB&|v)3sN_Wc;n#fsj(qS&jMHvh+o^H z=>qgCQGdKizCJzx7%3i2gZ;rZ)PwaZgvKvZYWv9sb`jDz4QeKDBv=y67b@vkaE>RS zC%%}z5An38Ey*B79G-(@mbrNM0Z~Mu;FQ;Ub3+o(6!ZcQcw!?x!U2$deIfWP6p@Un z{(w>MCJPfVnfsNAtnPGHgLrBvzB~FA$Q1AQd3{a9nxD8jT;C_yf+oo`Czuw=4+S^e z5-=p>G=}z0KwtM`xPsq=OnY19*hom9&TaX@I~R;%gEA7?Z?si+(fU z(B1Kpn~WIi2tS@G{OP@LP5NHA)->j_d%X6k7Ejo`|6RCN4g=)Bz)_nFWLA&9v^O_g zGr-l7jcGf`t+i2djL0|oAR{m)20A#^OhO?g2P(&={Qd1`)R0NyLo&vmcx1Cjr)(hw zN{W&_Z zEo62BNu(P%cm8+gn$A@hhhRZ7?@}GHi;<+cfb{p4du@2n3%YPsa5WFu>>R#{RO4p` zJ?wxPwl5paqjX)fg5r&g$qDQpL=scwXJFslM@oO`PSJ;0Rku^9O+p9e+3-8zammX3 zS#rw6^LK4&`}>P(6_^TIm-e26rCr0Gha&pN&XF0|UG01m)|oAlO$uDbWuH+QELQa)m=SIJKQn;^gnio(KuNMJ)J(Z18_g_B60=KG9f@_JJZ%0%dv@)8!{J79vl@UhTR$W=+AGq65c_5;FbWV?b!TMQ z77N<8fe98dAxh_IdkDvnZ`c1z?Dc(FrxeA`b2#z}OtbqgB| zn2*vPzmn=%l$=Dl;YMLlfA99#i@@%qenWpoVXgptD^_{^`Bpp>fxQQdM0W;suE}u| z|LR}}aj9x9Py?L0t!$G~Fdo8Fa!4#rB67p$hB37vYpghjA~eic5Xet!C` z3*GqadKc?QNI6jS7b;p}KsO23N_s=Du*s!JiV4K8s?tao`+qhn+VSR=rtr-bvnSA> zp=-T=O`vmy%ibo}fk*jeQD3)xcm)^mm+Gq2HHBR>G0wg__MGcL|Jug@d*722PRk7w z(J<*Be)E&IvL}~1K>vTjZNM#ct_4sY`@rFEuPZ87tA zy~p|=Rcrshs@4d9s@4?$W!1W0?r&A=q(4>bpPBzn)jHFzsrSI=LN(k8g8Q;;HmLY~ zs_(rN7Wwsy%X`%t@;_FsmuUW7)mk&1Q9aA z!XmO4u3ssWssqU%iaGdi6!RMXKU2(C|4qW@6CmN!Vukqc5O^KYrcj7*2IPUvv`U$?*b3)={C5c`Nn8b69(|=U#2E%HDxJ zhiA~?(|J>~+;~|1_X(fGmi<#7TkWPtTzg(QH+l5)^ZzFlv+6%l%({sGOfmQVJBm5- zonnq4J!TU#Bp-!z>yuqdbip2ZKQN{`z$Q2@*eIb{aOwU)p4CkV+l8jS%4C7Bz9}fo zbvMXLk9&FQp-cW4=j&(dMZL2_{dbD__J2b$kNh*m?5siAEO_nN6~vM$hfEnG=?6OP&c( zZDUzqy!LdKivis})700A;7yE2<^PUic15i6{O>4cNC3q=_^%XmGEISGwZFq)W_UD~ zj5Xv%S|?+F*FKPoIL^uo{m`BkXWa$L60i{P7&{~$J(jG)T-8iH0IoEUaL-* zl@6!YVP8myUmASQbKYBL;T#;R0|qXPEW!H(2HJXD{FXx=9wa4&Q8`HHpqS!G45|4GjOc3~emUSw?~j%| zU13{LwZQ5h26kb;Ao`3zMqW2v(IIZ2TBgwhTZ{7T9Eq4ooZn<$+B_B9d=!zwRz0`u zU}V@^c3_QSg4RUHJFj^w3NnvfBo;;ZDUo6qW%zH!QHdbPhA<+m| z9UO*+C9^+Y&kt8?O;i?xRa@bz0ck&}iP@;XMKAI344O}U!_cM6OScTZ#Ch}%d3zel zMK@q+%7O=5mt6OyINUNv%y_RTR0^i~WZH>_QjW@~=bW0nS#wYVb}f64gLT&Hbu-AK zw{JV=N(z2j%>^+!)wM4zh#o1W%ks^qV&%iEsTrM)zIb@fIy*YSM0LpCBD3@WdkRga z>mHTF*zx#VI*E#<2e4?O=p_3XeQtqb>cqHH4cc5A-E0*rptZP)GK)$#7Hg#t#1t+tb=`ZUvpRK!^%8;`c8F-Dq-o@?y=$wP&y+h3d8;|+Kw z>0V$}r$*gEo=oGH53&O&Nj{o`OpDOi-!U-86b#;8vz!-L=PMg}!*T6ZoSmBU#S0`; z)w|v86b$99T=auRJ@k5klHK)K>FvKvu*VLJ;Lcptwe%2%gD5%C?X0puw4GS zq)+|pl3wP|CH-y1)Fz4bLwolrbtemEyBGzoJ;Aa9|RGp z3jxptMS5l?JqRYOtsQTz?1igs`fIfH$ejHzHT|)U821Z;DdvksZ{$rk>@H5NUU-BesZMd{jMHqjmK(-XS#mr4sYcu@ zs$*MDMCZQA8SIWu9^OZppN$1YSO{L}&s3Bzh(0Xfm8#hk+bT-Uy7yQul!-inSO*vn}TV~4fooXFi?(R#GU6v ziOr4h_kn!Wasobx;Y3Ai`v$p05eLfKp);e;c*06`e3>Lp(kA%hHW0(m76%xyYA+W^ z56I{_3UMzNm;mTxTPp-uUcC>L5&QN1*Tqu3nFh}2F@xcaA$0LbEp0(CFZ)H18^%Rn z_>4e^)I_Xr++e#Ec;@km;vfnVYUfh9Tz56Deb(IKLDxetXUQmQ7BU*=V(Y6Ovg=H1 zU}K)j-Mn$FGI%bZ-L!mc=8AZl7AoZxX)X7aa7zXTJ*&DK(c@XAuc?h@Az9rMX%7SO zxW&ZgL#bTR@h=NtSWrpDDg5EFi4&?aAM&gmNs12X zi6W!{(nzH`kUsZ)yzfG40S%yDq8+Cd}YravpKL9 z`Ls&^ZFFUOpQfdC)f(ugePI2DT7GTtbyNa8_5J+UUh$Kn6@6+~=*N3czMYR2*|br2 z90z)8NM_g~Vd&&b97195hgMU7L#s-%B`@f?te>A39wkk4hXFhNg3XBFE{DE~j=+Rq zrW$_WFj3?a;(Z`H{(q*pHHQ`8$@oH2AX4R_AqcTmM=4s;`E5(W5aQ~VH>rzyCCCB= z?>9%1E@mb2BC-ZlHL8}crwTEBzkY(3-*V(AxD^DfF`N8>8 zNChK$EHHTeWD8_70cgqrcWpZUd$15sdCMuqP5Nzx9bH{E5H z;RLYL9SiK2_KH)B_3NJ6jl2ubENec@)?nmF7yle`&l{U0cZ3piIBQ$ve)>!`oW5md20wBx4mj6GVPMEDM~=NSwfgfXH(NdI%jGPp$Au^qr%p$E)F7_}acX)v&T2l*Fyh z1pd@NIam%C*F`7@O%nyg0GW!f$a-9dubcd{Rooaza>&J~= z2Dn-4g0Vb!0t64LS>9bBFQi#Lk9w-DLk%??P~mb^dTm?ZFqULy#s`IhJQdT6^vewu z)_I^;9CE;$Ap7)z?)+~ap>+ELH!&0p(m;?yQ!%s5LiR#>)Fq|g2X9srWi>JsBH4!H zqwxukgmR7^G2*htwGSFGPVpeJa!8rx8J~5S*y>d#Oi!0SAx-^slZ1kN_3WYXY;I>m z9*%X{r8t4e_fecYzGa0BCWTB%+~(QD^b>LDM_Fq{ab}?xyT~M_{Aoc#vW)iXnImr0 zX-M6gY`ixSC#h{cF7!*i%ie9m%jsdk{qWY=|Cp+)6y6a>Z_NVmyA}(Hk4Xv&ero!0 zO63#NE+UVJTrY`6pp1)*HK|54-M(W9I4<#EDEctAk9M4H7~)+lm@{;(8Av+;|MBw4 zGYl7rPpt)4!HL1G=B?h~ ztMGrZne9LRzp$Bi{$Vp?EmRH1hotQA)DKTF58ovjKop6s<;-$x$2r4fTZh&&d>Ox@ zV?!)bBW?uy;44|+Z5S2>Y_r?Gm5q|ZK7GM=?m(r~Q&xY-oF%dUOl{whN}uoAc){@l zMVy4R@@IrqpV}Vg6~kkLx|Pc=P8vFfzNeJmg>@Y6d2(tBP;e^D>i0bec5P5eFI)XE z+7)=Omy5wV2+wprUTTR5_@4QV!Y){3Mq$bhT90ketamo%ojv^9lvqkFW$**=y~~3jzgC zZW|TmtK;-c>ojO=yezmLzc#Qp`ds8-G@FF>jE50?(Y(q|afAm9XgK1cdq2m7LEv&e z`Q4dl)X*!045M5&yo1vGzC3?2bHyNMIf)e4lSF?(pzgj;N* zYt;~$SQ+U0;DbLf;&R708kq&z@_sLF;(UIg)Yq}33l9!k407+Qb@`$Oy96E-yAU1e z!eCTReGaNH=@Cf?Eoa#Z8{@$C$v$!nsjmSoB(V~7b7%Q=%u9#onlFif4u@Mk5z+Z| zUUu*rd3g{$ywcfQG?X$ok;)d$ORuc>VAgR+gk7|JHmm4;*)I#kpGkYr|DqW znAfY@J&`=fFN7JIq4y3Xn-l4xQCb4rj)2Bq?H$E+SCsbX$A_OQyyUSekV2PX0ixP= z>%x~|K7vG*f;bdhcfEVhf3C~B4(qv%Lppsw8!!^OvDwXdKEK+^Cyurp}*ZJbN6jILy_+5+DCgc-f(%37M?2Uj<8Oki z74$o5#f!nk`tB5rlR4GeFl^n1Ibr(;LC1+AsCaCpHQ${3;I!c zEh|5^!Yyt&D*0+>wWQz>&in ztV_TIoJOsw!sQDdrgW$mBzj>98O;EON3>(W)2cL0znD0Uu-e-Js}EI7O}z{ke&jSW z?a7feaRFxSU*sdj!eEm%aX;Ba%o-s)*}lLluw&dDoxcx|+6Km+PE*fa#~nx{YDwdP z+G;DrD@$=f&JhTkeK{2X*S96J4gh_bRVbmw!N>o@U5ypE~99(&URYoJqX<;OH#tv~|y`CM%CqXEYzwtahQK z$fEOoIp7t=+Rrg=cJi%7!Fgh0#otC#lj8Lv%;w@{inIO2K06F}?nChmvvNdV@ege5 zG6<(Yh7_t<0efl&(Ldglx*{kpIzlfDaU5$6>ZdIja}Cto1J0OL<$w+1 ziKLFXAm1J`J4)Gnws~GMHNR-UFFu0YiH-7#7I>!l_{^Yv;_$7qe@(nT65PS^k-qrd zqnAnJ+36$%9N=oFFW|$?xj}PzM~%w~6;HuK&i-OZp0uQ>=a1mOJ#L#MXSWXDaL)X5 z4BS>4r#bVtV_;y1XaXLSdLC2~S+uv$HdC~E*i_sbf|I+Bo?ZEHdUz>AWut1;+yTR& ze!XpN*w}bPkt+<#t+C+gK7Ah7pZxQGnD)_1?%C$e?d<42tzExt7637D*CZri) z7TthGmi@2{%7h22qxBI9)t{}pORV#U=AT?mp)WgWRm^sf;D^RtiH7e0*X?Bv!t_V8 z3?PYQmCS{k#uMim2Rbovy`^W{f*W(Sf;Lm_$CN@2GNjEVo+X@F(1p`-zz3yQRE4sU zffr6ws5mg14-`Y1UPI2PX8s<+JPRAO-j80_9$S_ak^T9F6W~1c{k8@u{|4wFe?r;LtW1JC*WLt^OI4?DUJEgPv4DCIS~Yd zcXtdR`A|U|ghhM`ppq00@d&Mz6r!tNz%YdeQDs3cI=-ur(Hyz@N0_f#v4F!BzlX$~ zM?d!85=7vABnNJdHV9#4S>eQ@C}HZ&kStEB@?nBM)W-7?wl%RQTLr1lCN zRD{wL3lQT2+*-Wb%t-$iHna0@n>p(LyUh%qGHvlf_--?w0c>WPi2uoEUOQoLs+*K1 zi2uyzO^L?2)6&ah0lecW9!HK5$J&*Mh?@n;Gpt+sr2XXFU== zmtoDYy>diHODuz0lL{q#H#;%h2IsofT%udfJ=wMddVP)`72U@2H$-}-eThIyqY>+p zNM-gpFSMhRZh81lY2BwAj(jymAsw%T+JgjZ<=`CGm!FW2Ask{_FzO(4t|nPGeREGh zQHLQz52b!D^cW#`#Hr$)-CrHT{8zW0`?!v zwwQ~%lgc%JCa9J=&kpg3jbF%eg})tT)96!F_Ax6RTr|&oL?iYg?vemX;xk*P4^f${ z14qpEzXy}O!yKyw!XU|Wce5{wpNUd@y$q+cDcB8M)281==c50JWn&GDdi(Xp zA`11~13%cBK$NKk+)}b75LcdBDE{$s1xX0Dl5@3_2kbOyClGL#&i~CGaF-q`DhywL zf4RPBk>MbFXac5nkxgQXU9%9MOWN*3r174zwf4mJw^D9oANnh0i}hK{ejH9}3fuA(!rV@Jc=;}^c=9KkdRaY!W>#cKT1s+f7%Z{lsYv2ooaUZ82I%u*UGqJ zyf-n&t)H4;fagRv!>7R1)Euw~ON14#iUNb5B{>ZW7P=F+cV|C4?Rph3*DVb)xI$g! zsX$9?YV^lmBY&de6J&$HYKyErU!plvsF`$F^DY@l_jpFCmTRxjC^rW2Y41+h$t-`(&oznN9i;ANc zi1wl+T$}cghxQB1sO&*%~*mLV^k?QZzCHWb;ZX&AprAbt2@w&Xx%S#Z@G}(jDSJ zeK>vzx3DUPRemvTmdy3`-LF6o6;UZ}K>}I&)`<6Zzs7JBr;9kgR=Hn&b?P2Bp!kLw zY?3c_#=IxQ{Iv=tdKfT6^-+7R3fW(oAI2XiaO2JHP%%Ax5W5R4; zWTG&N_In|zGHoKEX4e_Wvw%0oV3$i|w}L{y-^un)w2ou#r49rhdnzj~54#IQaS564axm>3--I6?JXBDC7aqo89y z01I}X|Lc=z;}cDxJDjnOOb!)>lRTSHx+5dtk7pI`eqL!pAk*Ta(Gc;U z7kQ7@0zoPR;kEOr=3tyaXN@Ko%Cesi?K!ZrE>Qq$w!@Pz zc)GsW!4ktuP$1tb?#2h- zJ$%D(aB$e@o8|Bz*f)YeDTu)_MInQeKd(M``U<69X;ZKFD{f%Zo(4_`I@JTgl>Ljh z=(78OpPW>*(WUN7EFjjxUuF-6PoT`M?w1Yo0baEQRoab8C5C_X4RL(=Mh=R{-)?KC z!U>rN0lsbc&%D%bJtN!^Ffa9gQeQvt?(z?A5r#h`LpZkrA^c!zX=1N8X^O;Cw<#NA zXC=Z;EuwPVfZ~9ArExYZOOul{O#lK*adrn*L=v)YZE!8_YL)OR;gch2uM?ld}|ur19+r!8pOw9Vo^mT0uu zPJb?ng_488jW_ejZrMi>MFpB7Q4sr{cXqdDZ~a*xQkUu=&xy6;18~@2> zesFoWnQMRB%v=DQS>_}&jA)?QNP^Q4G^@< zbvqqa*PA)4w_fv5H>OV)@fVi!s#yFClwN#+s&>Ll3Wn^nH(L}-m+pVHX-+q6hI&qt zQz$vv#=ra|I+M1*E+vykCvL3P7)N^jt(t`)WAJwx6kOn=OV@;%(;Wtv5ww!Yrp`Pk z{r1y-4Y;lmmcQFlbv6gYQ;ESU&}+i_CudMzJBG4SU;^P}qg!&fNdg*k9k?nL3IXsM7EiRx|uSNCvw)$N-Vhj1&G61`^|Qf8hbMr+(A3Doh6jX1m7RcEu0d zR&8*eo2z@!2in!k9>b-ZTG6!w+Kn6j(%leu;YA&sz?PObAddy7=akV0{KFVX3RZoJ z8a%EjS6}LpuD*;B>_!pNd&koXS4UpRnJ+zT$eCZti%w=fmd_kK;Tk%tu4cGCg{^~c zKUQ^YA5Bg-c2lzh=1MC~h6FxHm7k|1{Mayu2#S78`bPuCO0W>f^+AjpGeT>@G%$iksv~kpy;>{$Gohz=FJx4s8Af-vmA(xsLdR z`_Y<8x+zmYIG})5lD&tMa|cUWaU45j>yf$UNccIoFHlzYm|N4t-O#FJko+cdX1+kW zyZLP`Djv4PH#kA@gmA7&V@+R07vFaU_#%E0Rj4@9$}kD%$PyY^R!cUvZeYiBXU662 zz#Y3c+A0H65AFQOnnp|2WJZ4fZH(+IK^&#C=r&@CFGE`hsDUE~RPL6eLo8-y$Dr*1 zun1fFWN_U_K=-p{eGkDzEX$bE_tt}aJRv2$%mmc-l*bWhk>-G|##+97LlU#V*m?n% zu3iFgUhwKd5^E-{bVsjmEU}w$Q8>$X#$i4TrU8y;F)Z|R$N2+M085d(dce8U^)u!E zgFDo*lM+>0sKY*mI#2&7lC*Y`=l;=pJw8_S*#w1h@mp{7nP4K$FvbOWE$)wNjVWn)MASnJAEz&wB*gp1PT1)b-?HYN zO93fR8_Nq$UG>N;^k7Blx@-}bNSM{>d%^}i5?`Gk?>SI-JFJ}NpWZa+InT{LWZohV z4$ugaukm3rO>9O|#B*IATcrIR1(b%t$C{w`UQpHn+Ydq2gw-SZnw^Lzzi`kkfonNf zwZAvlp7~1YH#Dj^^ql8l8#L0I0Blxb)Av(L6wmHiDoODl8`xy;7m_N_s4HNUqVIL? zv>vXoYI(o_lkzW{8RIXTS>=DSnfbF|O5BPC7O)`^b$}v3G0R~pzNlr|7DP@=(3G*d z$eJXIPs!}$=_UPY>7XH_BBw9Vn6#5p`wkg5hMi4PM#kvFrYATYc>~E|Cp|N9cAfG0 zM110XcLYLEChxEf=-eM|oCT0ka(H5igG|3B`#YR)* zP8wx0UHP3meZam@LgE;J70ipAhasa^3ekj{<31+a{#@5>i6#}rm=(uj*m>&w`o2m6 z?M8KtxdqrG5e+hIigH`N>azma%xM3xnaBRcX2vYu4*);La9kG3LV^l^0i5bn5EC{* zxDW=?g*hLk@Zg?(9}!LN1pG8J$xO~u9Evwn*n4(;-zN#AfBf>BPX2}D^n*BrBPXzk z$Qm3+^a3x%7E4rXvR@oZ(rZeC2#G!B7vE5dSOOhmWbH518*NeOpxtRq^Irt$RhaNou|Ypvi>_?s z%LKW`BRtG1sUFS0uMbwAQt3XGMWTuCj!LQ((|!qyQ+K5 z=^kkJIt-i>^e;ilA`*tcIAL@?968mGGCexM$`hguf>GeFU0w&8hH?AkR(s0%Y90;s z6oL#Hj+|u-NR!qY5_^pO$Xf=gotUkHi?g)6Q*dDd{8lm|gY#OJoKo$WUlZ0)Nieov zmt9cS7(@b1DH(S?Y2Ay40r-JhJ8|fZs#a_||I8TEBhL8fad}0XxumVeF@dZ4a&fo* zCBaeh^?qwcMu6Yk^F<_7{3bC7P}G5+(P8nCV1R#=Tz1`pT_u*~VAg`^1u_>@XHc8*0n;4Vt{Y{YNVq?ALEAIiCA(R(p@leSEYfxzba- z(L+pzSF&U=!+P9=_glJcjG@u+pvg$%agp^o7CWK$^M%_BF?CojxK0^KiUL0=6|UCW zQe@;>ZG_xdBzAh=8u&Yk>x081&nW5s;>m_biU*1@8^`V+DDYUHUhO5u=@j#Q-yns>N&Y^tvlM`Vr zgO2nV2jSba{4DMA_TcnoF1Xd}Umh~rfAEm+gSbK8J!DcBAoor%Z5d6;*HFY zvRC8aO0Ne;BchC%_Z=YW1;Fu?j(c6gKcr+x0r>)yz9ai$7rKl|0B4a>=h4>}Aj)6V zvMnO#wA?__`CXD4c5ykN>ZE>3h2+AGc_xUh5Y5aeC5hbP3|1m_2brD3c$itPOjfdS zsG*csVG2s*%a5R0vz)@3(djUVi6jQ0Y9VQ`H> zI%dBznA>qJ}rQ1|*J){X>jYR72&TZW3y zXA!)ZxD>ZoiFr-`>yR{PdjW^<>5A80`{fnRicuve{x-J^XF6}X{-*1fCFO;+_PDe# z-^*5l{)quT{lN&)8FMGOZ|Ymi3_x z8=G>{Hm_o&$8TJHH2HXo&9QG~g##ybsO{F^AM5&ex>lmG3@=!^Cs|*u zl5cE!g_h)If<|A~l!;o_eRS9%OE4B+Ja$Dap{<5?hO>$ctOBh2K?{w^gXSdVkX>eN z?AoEgX)nBQxGid^ZnXGQ*i>Er-mXKB@Gy${%tJiZFr(CdK2iOaa{YdVDU-lRuW0=RBZ}!XszVZ4|buQzPSFL^3*z>iU(U@;eFUz-{ z3!{N&tri#Z=Wm8|SoXpus_7%->q!|-1%UeIt8vgJ?Ry2-|2`%XvJ1cJmM&9w8JSv1R-b zYkmfFSn~wKSC4;QklM}4;E>$W7~ST+?J~k!H^$bX56ACXo@mjm{;YuHu_B>up>cfY zYju~3x--V|WLkOGuwaAgeztUw`)zGqq|?ry_2(`t1+0tJrQqULBUavu^Suwt{mBF- zj@8+dvCBHg%ePx+Z;hvUyN2aO7h|1uhQ=}1c4J`d!HkZZ3k=;ah&F=j?q8R!_U;T> z*Yz3KtJ~X_l@aRW5N(Kpv665_ctf2pt5PG4_N#g{+hllNow&H1bWXfpD%HK6f@t2Z?+)U(gSyrt zPTejKfUa0?qBCZ_*p=c|vHMU5b-7LSy7^Y#D=%~3Iy737XqeDxAJsfem0)^$c()fw zmVHwR_fyVPg9|UC*wbi)tY_ zIdr-@h~sExIVHkE64=k8F@?lX_^Teml~O_&9b9ctOxe8l13aGRNUqI8Z=HsV^{s8k z4m>m%PHp01-ji}HTK1k6u(Pt(i=U#rmQ@fHmBnXpB_@-C9!Q$Q%+txVz9JkE2e*I% z&6$yib{o{z3QdJlkCs=h<-}Dbb?jt?-Z=Ku%7zA|Poc#;bg`r0E!6%kJ+Yhsgltr_ zROEHuSW# zWjkLnV0BjGRXBfq{!+xkXL?i-*X!jN%k9!?yl;kfcS6u$PS<^=-~<2LgO#=f>=o(f ziXoj2@7v?>griBxhy!)-YO2fDvrbRto6FU^buSMg9>vCZ3wd)En%c)ryf;UFX$G|d zUb#5QBRO+WuI9X68|LI`_@P@{SFbz&# z`(jL~g0jbHNwgV-WGkmUm-YJH93OVYJ^3>v2TE1yq6a^ZDXLOKI<3me*vgcXBJh^5 zV7n=(wxCo?gAgc7H^2y|q1CXm?6}Yvxkh^cM%#YXQ7A(+X7$5&dj;Nb%{6rtiTZ{x zwgPsH$Kp3f@YdICj_r)u{P{$v^4d$qw~qMfMQC(k7G8X!p{6nf0h|&FJ7>+%@*Cdw z_3btM!II5Lp?@l{(a{W#%?RD&|}4u%i@{%tl8jg}thlZ?3FsX5+ZY%@mEwEdz$XvOA0#-t z^kd(*q0jzmn;zzn0IHD3(Xq9vA(HWcp*V19h_i@*Iue>3}rkV`XAzS+)n zV$Mh!7RHbpmb#p;F+*6#MtDZS&}?f}Bv->cJIkOpHqw-2O1W0Y@{{&^OKECV9ZAi6 z#8n`32Rf6PC0?MUn1HabZ!C$DPCmGpe4JV9tT_fHASk@hK*X@cpg}cIv(`tX#B6w^ zZpittw_`PTGLgxQ`}KANxwyV|<#30p{M>Sig|@!hQ7$nt;eL(_wqeA&S@UIJNoOxI z=?l(4;f+)g2G4r1`2$+3dYMwSSm4sO{uapV^@x6@siMp!}6a&R*^p} zCI`zS!7Q9bY>ZT(fg{KoK1Yn2eWlj1`h2mLC>h48sbY`&b!`N-qMF;3Az=X>)SQLB zlfRxsZ3q`_X%3=~I4D}Yzyex?UZKR;h-F|;ZtP8ckG(XwVWmx=KR(K0q6EgN(6K+C zkeo6}6z6Q+$gz4~%_^{OtVu@=lX30=3c4sq5 zsAq(P#>}4PqE<^0PH=_LPTw&$?hnc0s<_9T0+BIcBHl^+o{mp8nB{dbv?W$vGVmHo z!Pj*xybHG~R-z|Arc{@4q>6ry9Cpr=uU|aiT=FX=-l$F<&z}o<^PBI=y(F9HM90SVhRZxY5v@!vG$#p334a2h8Z%URbxZcaYQ;b7=|S8L!V{;_2JX`jv@ zVO#Tvuw1b8qeji#hMYfWxe_5aAum0{PMp~{ns3)q)<$O3xJqXU_JWL7v{^Jo)8#Ue zuRXB=78O`i3_9NnsLke7+Q>@eq;bTD>Q6>92}VN`R|SeH%D+*>HJ{5~ZK}JfUcOkB zMK2dX44J4|{fa1FKHbtvT{~E@sMA+SE)xTMtL-wy7=ZoGnaDz+<4+ra|HpJVmOreXV0?@T9 zM2WVW?U$dywQ*Yu)&}UlgaVwIccbabYuuH$&R}U-$7LA}PU2_U;Aw(po^tIZmlr3c zjb~o&IJPVciqJG9+O-b{_br3lDV%i_HGjj+R@mZ>uzJHSn!XiE5h1i7u zp`B{zj8R)em5_(6u9e=g$fkE&dsZo}bkj}~yVL`Bh@mSs=hT_zaL7L4Hs@vaJ%zVK zxm*VSNt@p!Ab)5AR+PGjFYi-Xa}FTQl;F^;Kb`O)rS3()p1Z_iqZL&#V)cVayf9Ps zjA{B%fUOx;(Wa2YqpAPMM_s+uFE~7{KdE3?H~B(_n15k0p&DA`HwVH_`jCSfi5aEd zeP<+m4%QP8*^>nPH>~J?W$$kHbR?mY#+2oq2PQm98WJfAr0=CDbh{#XU<(5sKm}1? znGN=#f)0(OAQ-}Jho_4YbncoB7eVYJW6~U`UK>7{m7E{ry{Rp|IvZV)P?q@|Xx(!(t>l}GF}vK&6|MzmM7n5_gfpfE&m?dfvv2 z*iFEP;zGM&l#lIF@=UxbqOA(B9hG_0WUzvG<+~@^1!^~*(^%EllF5QtTxwr2C&yK( z^yC;#NI)X7kODRCbE~8>KYnb#WYLgZ+y+D4abHFTYhKJ9YKwxv(b-99dBd+`{vNo! zC_SP9!>wEb?qVk>y8gH}7!s>SvTG7y-_Iq>1u@TNm#Dd_R)4*DL`rU4YA?9!PJV3_ zDUI#QUv+7d6gTgpO<_c5*uj)@Ceqnu5RI%g71?EG@kp#Y$Q=iHW7;uOOu$6 zN{Kh%f=f?MuiKw;pR~C~9%CwmXeFB zX$h8%GiknnYf?B30B{I^hJv)VrleNt6qU7URVh$X3xL|nrueqLPtpB?0ScFSMTY!c`<1YC#jDbuYcr#Yb znPIlSI&o#R$&+C;3_0*)thq5($c?ca2qgeA%w8%$c@hY?PP<(Y96w8Sej=U51m~&#;_B-%Qe488- z=8fHjTcTB72^+G@jZflBa7kEEO->vVE98%G5=}G+Dl=!q9q>ii=7o(Xq6Ll!>j1lQ zL$t{YVXc&&4`L}U2y3|(4v6LXAFMU7@IEZh`QTcEh3CWkJP%8)X#=;z{o-|4Mi|g` zfsV&vB^(Z>7U^3vXE<3G&IauSvT!x5c^X#3)1WamSiSz;LLWBM6f|)%w9d!yMH<%N zsk;d8f~JzqxC^&f$8GQ|7{C`R3oq=(tuRk~;kG#y)=`BQY05gP@H(oni?Hd?H;Zr} zSPX#QP*mY&ZiAM14Qz{8I}92wgZ6j~^d;;03+@$nfwlo=&VoDOD=-2ejXVWrqpO9V zU?B`+os*yyJ_3D1TzLrY69>VUU`2cZ^DACo4NpKjdR;qejFl6heLesOb-_hCzY7k4C4_gQ zpZy9Xbwl}X5_>}(D_`Y4wt2kkY8>|FfY>%dfVHQ8o6kJ{{~;UUG-2@&`vh1390>r- z{{K%8`cG^A|GWFUYybaMJQn}|Gd4QPhrGrD@Z0FE30D{}wuKk;^|UjF52zV`Jm z`ufl5#9f*`@N>YCNlRP{W&ZC=*lN=*#)1drV+jJL0N-zOLjBYA@~eo zfmhKCL|Jfm(p-?WwbxvA8RnfDveEOi-_C_wdab0lkO)0L`wg9wKNe|LLwRq=j77JW zB1NLMN?qyH`CS$+CJyW`4ig8`E!9@1X(QEaQ(K#rfD)O8mSqEJ^t{rUqI6I3YIbwg zc(S0Qvy(#JI_0~WWusP`&%K)N)h72wE%O$+IBI!YxH)R+SH;!gYNx7FcDM{yt3)2! z(OQ<+qn2@<=%bdTMEtSpu`3XPI9s9{_&|`!R#N2!sSS72PT|ZDQWtCU#}X1GP9jW$ z#3?3-N}JWG@V>B$%9SoX->>-Gi5D6|LXtue(YI~k*Zl`;p129j(cnn((bINLE|#B0hold)ijDs&lKnz1wi z7pX#q`qEv(5h@xFEj4LF$G;G7NPmt3hm|0ODYQnNr>aGzNszm9@G~e%wGq$6W21go zk5Bo&I7f3{!waR=-ZXhdz6F?xeehj}0KuvH=}5prZ7It%d#?Gzd%^AL*d?LDaG3e} zb?;aL2IfzQ6E1E%L;rW<^83%d&7U?l-tF}M_Wt{gOAr2dy!q4SXZ7Lx&CQLCcfY)O z_4e$=d%F4gU69T`icg<6-jNsY9W&Y7{OO@XaHR|%nM z7?McLs%(yBhxvT74B7dCi_eS(>#6o1Jk_${%`Vy5%@>(!jtQHHvkdJk(r6WL5eo;) zb3q%>ecS~UDp=YC1&V_VQmngmeyMJpqyFcr=WQp>f8x#6=R_7OmKXDn%qg@h2G2qbJ=3`k58NlVyl zpqJUx48PwrUL;6ox-NXp>!tba9IC4ASzQP!xX5kpT9{Xo4!r(r5mySCWL-REH#tv+ z^fJpCM}UxTF}q!M-K<|}vd%|-b2qsg*^X3MXhaec&7ft~RuxTYdD9edHb-aZcj6we zs=6-c5`49YjflV%zamdhvERtBsIq$lNmP!2Jr!>?t}tD>nu39tyW5(=}Gb^M%a%T3RxUedA%1CpTMQR&!->ee+q0h zthg<3h=4!&Vivaq2oJNt3qEF7M1$YNJA*AWI96{-*J1(e9-uKL{zzL#{ld)#+B$BQ zJ~i&l2FWe!1~(p)tka5{rr0T<)5UM>MobEE8JyWgb=~8lxJ7A$ue!FLMiV(g=V{HE zJ!A<95{muI5)G{aC_Eib6(JvRM@m**nb0i59Vt>w7Gxcz7+>O$41ou+NCZ?^Oy!#y zQJUOPZ>aC{EJidQ;%FpT$Y=n|(@-DFHAAf*4He;isQmn4aNw-WK^4^4jDfSrF3^kX}gg47ooJu|G_G zEfHt+DTr=I;v$BQA-k9~5*L;q^L~>*J(;;v(vz_qdEj_+R9u{N#*jpmjV=Ud?_G@C zS+Rg@*@?|7C;9?!96m$EiZASJa(sc=$bMndRHj<;6OisCv)`X2VsMQ3Bo>DbpETqT zek605{fC_$w6V9tk)h_Ba2}v|;d36Bd;x1N&&{Cu=LPoU6c4Xm4Czk?^5m1^WNiM>= zb~4I1TPbX3JL2pLr3A<&JvDByRni!ZXhepB%_SJA#i#HbeB9FjR*cw?b9(;r4%PaK zQER}yT-?`yi$Mm#%qne?*3^v-@YO^xv)Z`Guo-;Bqw}l537gTO_Qg1fa6%?p(k(RS ziwNAL!3C&5@I^kL;G(2maaIF)rb;7kyxYh~3CY{juv$#;#IF%vC z0X;8fqEHmlwM^-29yqy3PB@78CY*hW7yZpc0s)}-#v%nh03YyDM6vCMyAaCKIcY?9 zRhWBaO4aCy06G7VsB6sJJ44kTw_xjRKq209nx8bFH8W8@EE>Bbnr5>RYfgAJi4y3wh-3#5 zMN`lnWzG-&x&?Ou9_m&vQ! zY_46A&k&P}2gT7>?s@gSg4-6~$P3*<>N>^C- z{GjeRA>CzyZrOm+exO>_)N^QKTnL7V_IGyBjQTzuvWPUt1TH`K7*4(K7y+zmeT$v}+2LbMW%M7g8yOtx8?w=yg1}k+Mok1bJ3YRe z!+(9cu20wX>AF5$8|t+_UDu~;wXC~8H_c0;VJQ$v4V}o?E-pK^?I7wE4`XAxn)YsK zyJ1b)M!+!APDX9rMaNth9QsQ3gsr*Z`^-e#ajbQ7d?7o;V~z-BOOQip;+fT|Scqw+ z;)az%y<}C=VP_DphTgSk8GD&7q?xgs7PXAI^555LekZZbkTcUhayto)fx~KTx|`r( zj#V`U5v$d-jX+|K^)dw%tJSN$pkj`-oA*d61Q-+Xv$HxbQ4Ra)pba*LR(g2oLmC+C z;TnVt<#D%6uIo+lx2mq|Y9lVWtH+glfpap>Pm!8$tmQtnQPMQafH@S=+N_+9I158t zS{emZqr|Fg0gJqJG+oGxIVY5LV+?qmrx(#-RA3<)F?XE$nNRD8FW_1iYf71ij(2)DQOxOa`v9M%h zd&qb!ZkC(I36B#Ql4{A8M3z496*_Zib>D!&6Nj+VQ6n(`mBU?HkF-ak z&V28%eOF>0I3xY4^GOjHH_WD-p2=#9aGgtTGpWFi@7%6e`8)NckCOsGy-b_|N7ST& za$na(mrcQGOR(L~R5cHA^FnJxJedJDLuP_MQ3JYUxfeiCGg}=aUUxwierI+u~W<`l7O3YBV}V6fL;cDmzu<+6)4% z)ue&~t!z;W5DE)i?aFOb)MZHThLucC4S%+;C%XM(dUEHLipL*LJoR%Cd62s+Hh=*KWE0Zq@bd+fczu!RAcubXcnM zEK%pBS;pv{9_O{qw3c+nXX^8_-*Ot|h9EH;nd~^Cap>b)ldbh$ZUhT&0M!V8U&A<; zDqI=rnTSNV9__{lj336$v}{#@gWd^aY%~Z6s0;~q2<_b9^^cses zcz~?Xu4Nnf9?}IcZAhmJJX%d^8ImQnY{So*pBlcl#^jgZrB_j1W0nXE^w+PV_jf$MSXvq#fS|!;9u1-TbFI z=FXn8S{z<&V%Lhm6Js>@y9mmC@%mIbpJ5R_Az_LyPX=+olPoSbf}IBtxW8m`6b=0} zPRiK0C1Z3yYBM5tn-REe5w}+sVY|v^p%uEVA+{g28c@5n0NM=!v&#XpzaTM+wzFG_ zh;4C4kca7M=2nbS}9y(PcPXig;Xk%Xf*xj>~+Ri$e ztC#2)QLy^)J%`M~!x~J9k)x7KbkCa53$ZLgK{7;@rRRdm;T*@JG4dBtMg^(3JQgPm6{)ArltSKZOo9rhY>7=Zg~B zw7-W1=lb7H#PWKEX!7WhIPP-Z$zrrRS*k!e#zeFY4lNjDP!uRu42oV8z21E|pTs50 z+i67NDf1gAli>!^<>t|PSTEq z>{@yzOz1Vwg3id8OZr=7zC8Z^72)GKYxbePSGSdO-%@7Hwl3(mQ^LH@)GNU+e3G3v@%c7^l2+`mP6jr{pdCH$u?GZRfjBZjJ1-I$wFsFmCFTO9-4 z0=>k=>r*FE30!!gI+X3RNfbO)3)V?|jj0ce0-}C0F0R@_T&jxZV3p|R6cQO1zv3<6 z%ZvpC;W#A24Ef!_dqHDhTUJ*{9_saaV*SKPl!|E6e76CoPJyL~z|;O9N;A@q_(hyZw6qnoN zsh58V*iFz>1t=3o~5jU?peep5s70OO!yaE&b#a$lSza}WOUh8S$`km zWH^08q6zth+#W)PrJoc}{NaqJ$$sNf5kFoIXE-c<`38rjj0*GY-TN6y@O9tIhkEd@ zm<7)+yLp?o*o;q^FuA?#qEZc>U3Q@k>U&k`XO~@G8vifhcWNKz9KLR)Er2+3JM|qjKbHPOKG~4V=5fAqf*cA@3z`N=B2yC4?m@ zR76)x8z>HheNR?a-}o8+^cqZa&(PlP(}N$DX}dZ?Bwp7D(<*gC{l)5WkY6xP@-#3* z%JcFDiwGpb29t)oUtSh?`oP<+F*6z$RK)(Ske;CE+K%_`(|fO>$}~oQ+p5%u#)uCU z8^i1pigHB62_o;|8kv(+eeJVWZ@fcpEN(7H!MP}QBx6H%fMULNO(HxKcNug@dr4lcU$LEiI{PrTE!OH6UkNiY|3l}9p_#%OU+ z-AoDW${Dy(7|aS$#W0$rIKn|f$Oy~>pj-(dIp6Ydex0XQqgbk9v*J~hSAfDI@3K_; zJG;g)&(diV<#PDDqu&3)y+7Y?$Uk;^fBUfY?ET}y$M+^oZQD#pajQ&7c2c}9&#?K( z&5}TA<}|V<%XHHmluSyIF6=agYhwgE9+&1kDH(c0Hrp;-D|3 z1R_HXBNoR6cNL$0Bq$U1#AbO#h8Sen=!zy0j&2K@Kp|%1IQ7v+ObGGYc#_O(LOvmyh**Qd?Qvri#Qpy6-bH#fVlzyGm$PJh z^QVnJQtU&J$6xV`yqqO^^m_4F>>oI+qK$WAt-RlO*OPxeR$p!Y#8pw#@0*XeL5azP z3_ptMO!?=EZeFl^gk;Ef6uwofU{dhily|OF8~EWL5HbQ)T-=4v-4bda>yu;Eg}lp7 zj&n~nzIV$y&s{KIy)RibBp0{AP^SXc_#jGeH0yp`y;9QN@&=wkX;ne z6+RZsbm-mtjwqarepgsk{^gx|O)P-_zaj~q%L%}O|KESIzf-~g@Adn;YyAHzo<;Eg z|2Vum2LPB{YcGJW!3)3)pzopoadG;q20UK@&ewMGrk87gc^z2ZoSPLSUj@jQ!0}(D z=R^JQDjZx8&V-H%mO>4#e?^%7CJTErmVb@oUl_;VC^}W~`)lm};@JJh4sOEiH%h8i ztiJBn$%@fm4L;v=DdvdFUnwTvgvZyKH4HfX|2Pc3R1hF&`b8nN@=C~n?(Dw*-}cZ`)c+SH5~`Mbc! z8){?1+L82B%7R#@=v8n~|w>T87ge$Dvydjq(qRf&V8?B^aT8{IjTgUTytoTi+=>%#2P1A->?UmZ9pS=Fm~aao+=c}=$vRYG1=O}tXS+Xi^E=c=IOE5cZs{!RHtF%sC<>< zE^|`ZDkE<*>#Pl+{k0;m@5fWZe|uBn&*&sz5oxmwGyZ#LXa8WgjQ{TMJ>7e{#(%Hk zd4SG@Czy(|2&^Vmyf{BIV~N$0WmC*>a!9C?#J`5*k>|JQkde#a4IX^c*eU&I|Rj2LWr z9vu<9E%J!izdGJ^JY*xXeb081()xe?^U<%bUc5ei<;_MdmSI`{`+Ix))%E{mx4&Nh zt9Txu=OEGfY|`mGc!2ueQ*XD^d5q4>aS5*THnI6irhqhdZBN9C)Q9{Rb$ou0BI737pZz>z6Gu}MmSpZGDAy-qzKJu@| zbdpAe$*|+?dwwlO} z;_p1CeV)@x`UyQh*+N&hC?Wx#!C=b;2@Z_;s=UU2PkLm)4_QV}R7S!H4x)zQh$@@+ zj0U`XIfg?P1w0LoiI?{btnk7>?5QjTaHE=S%#iehg`Lq5fxh$#jGS#&kby?tUdoRZj(4$=?}grP(@;>FVe66NHncV%P2)FJNi zp@|7YQ7Q)7nn!=G65U7TDIb+=p1k-Zu?)wUa3T7FB!&0kS_Y;)*ogTg@qKhf1nR+0 zZjsN1%A&(trLq&b#Uzn$%X;pK5#*b8UPx0FR6W&ePsD~I93cU!Jdo3WP^vCLFODyS zPiWylm)7hHQ4Mw91q0X{fce56pQSAh zCiZ=`?q#)EVK6Io-JRpr{qn1QQNuTUQgBTQ4aCTa?bV^>g?8`eneK>zqY1@+76DNV z#Gu>*@~|$Qd}46#nW}X!pOXG}{^IEP&5L%GKfC_7cd%d6|8}0P{r^|;JjnKXSTUXN z-en&8pbEa57PE%Ak5i-Tm30cZhdk%_HojS|44B} zHqm$Qj>0f6z>;~Mw%51j-RZo|4jr(|k4Q`>frx|)PAC#^rQG4WQZ57Wa*88@20Frl zcpxCRSeVbt8_+;(T0gTJo>Lm<^7PMqE00LXVlJfLb~^u?rEqBiRT_;lM`W3Re+|wH z2ovHdB-d0}Kstwxot*jWAinTG6;aw-oVjbqUgy6gY9|W@Oh%1T zCJbEP>mPhC2STt|bUL5WFXR?|7O?TpnRfZPG~}N7%XV;QViv|GWuHX5m~xo(+#h z{_8*KSMUFx>>cc^<-b)tRr&9)zmQ@9LtUZC$@TJITqYCDK@EwL+mM)3;7pn;q+3gE zYpJby(t#9rLBIf}=E~Q$xqbytY5yP6?ZORJ(H_2388-aK?p}5OKR7tpU+@2`c=)(K z>mXEC4>Gt_Nph-wtHk!|_gt24%t7fp)gR09x%~A@_sqBPl-7TFvuv#l%lbdq-Px(h ze^1ugq`O(|c^AG1Q&Q1@dOtoD-bsN&ZJ$iLG!!+p7 zF?#n7J$!(A+4$DOerHTOoe{eUe1=CKhS6wa6a57*a4Cu>K!RfA z@Zm1}34WOm_uy~v(DHpj1$FrF33?#tdF17Ieg`cRX1A#uiqwk+sBlyYp9U%E96sFd z$WmTXpB$EXbszG2z)O(kfdJIOeWoHjJG^+l+us+yLo7`iGU-At-4ES|vdnItV~CUK z;X^)zf|fKR_O0^$K9qUGTVyz8sCz8?6WV&&eJEOR+0E{kFS8OayW*M%WY){>L;n9| zmv=b-l;FvwMBon7$mf%X`XoryEFw|FBGl{g`G$HuxEbX6_j)W%!ZbnMhrAtK)KxNb zgm1hFO{VEp8k1}h4l_jq z!;#lT#p%bN+doi`B65v=^k_u<4bMZLQA~U?Og5%C-cV)?WgqBnZhDokyxg;Q^O0)Z zJOyO-OObi@v635K6@?b6>A@Q*FF_re2k4eYP=L0y%*pz&tD_fwSXy;ehT+SMV)$|n zj^VDpvGsPgQp+C~tt704FrV0RiSjk6+ab!G{QJ@C-(DPci!{HN4J^Z#lIgdLE<18` z#n9%Svx36d>z3$?dAE_^dIO5te1wcokCx_vp$rqzF^p6*)p7SxwG4andB4rk`eq(w zmu^_5^~yQ8)^^FY+j8&SitYL zjCQgY$3$6AYPSKJ5?bmVb@Nia#%Xs9^rf^@Kte^Gsg`WQ(00960iY9b>0Mriv&lbN^ literal 0 HcmV?d00001 diff --git a/addons/datadog/charts/datadog-crds/.helmignore b/addons/datadog/charts/datadog-crds/.helmignore deleted file mode 100644 index 27c3714d9..000000000 --- a/addons/datadog/charts/datadog-crds/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*.zip -*.tar.gz -*.tgz -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/datadog/charts/datadog-crds/CHANGELOG.md b/addons/datadog/charts/datadog-crds/CHANGELOG.md deleted file mode 100644 index 3e4c23ef8..000000000 --- a/addons/datadog/charts/datadog-crds/CHANGELOG.md +++ /dev/null @@ -1,138 +0,0 @@ -# Changelog - -## 1.3.0 -* Update CRDs from Datadog Operator v1.3.0 tag. - -## 1.2.0 -* Update CRDs from Datadog Operator v1.2.0 tag. - -## 1.1.0 -* Update CRDs from Datadog Operator v1.1.0-rc.1 tag. - -## 1.0.1 - -* Update CRDs from Datadog Operator v1.0.3. - -## 1.0.0 - -* Default DatadogAgent stored version is `v2alpha1` to align with the GA of the Datadog Operator. - -## 0.6.1 - -* Add missing `nodeLabelsAsTags` and `namespaceLabelsAsTags` to the v2alpha1 spec. - -## 0.6.0 - -* Support Certificate Manager. -* Document conversion webhook configuration. - -## 0.5.9 - -* Updating DatadogMonitors CRD and DatadogAgents CRDs. - -## 0.5.8 - -* Updating CRD of the Datadog Operator for Kubernetes cluster < 1.21.0. - -## 0.5.7 - -* Update CRD of DatadogAgent to have new fields for the cws feature. - -## 0.5.6 - -* Introduce option to store DatadogAgent v2alpha1 or v1alpha1. - -## 0.5.5 - -* Fix CI, by renaming `kubeval.yaml` to `kubeval-values.yaml` - -## 0.5.4 - -* Fix semver comparison for minor version corner case. -* Update charts. - -## 0.5.3 - -* Fix the semver comparison so v1beta1 is used on 1.21. - -## 0.5.2 - -* Rely on the Kubernetes version to deploy the CRD v1 or v1beta1. - -## 0.5.1 - -* Remove `preserveUnknownFields` to maintain compatibility with Kubernetes versions <1.15. - -## 0.5.0 - -* Update CRDs from Datadog Operator v0.8.0. - -## 0.4.7 - -* Fix Capabilities.APIVersions check - -## 0.4.6 - -* Nothing - -## 0.4.5 - -* Reduce DatadogAgent CRD size by removing description. - -## 0.4.4 - -* Update CRDs from Datadog Operator v0.7.2. - -## 0.4.3 - -* Cleanup `update-crds.sh` script. - -## 0.4.2 - -* Fixed instructions to run the `update-crds.sh` script. - -## 0.4.1 - -* Cleanup `update-crds.sh` script. - -## 0.4.0 - -* Update CRDs from Datadog Operator v0.7.0. -* Remove Extended Daemon Set CRDs from this chart. They will be direclty located in the ExtendedDaemonset chart. - -## 0.3.5 - -* Add CRDs from Extended Daemon Set v0.7.0. - -## 0.3.4 - -* Include only `v1beta1` CRDs from the EDS v0.6.0 tag. - -## 0.3.3 - -* Add CRDs from Extended Daemon Set v0.6.0 tag. - -## 0.3.2 - -* Set `apiVersion` to `v1` for compatibility with helm 2. - -## 0.3.1 - -* Fix typo in DatadogMetrics CRD - -## 0.3.0 - -* Update all the CRDs from operator v0.6.0 tag. - -## 0.2.0 - -* Update all the CRDs from operator v0.5.0 tag. - -## 0.1.1 - -* Move back `chart.yaml` `apiVersion` to `v1` for compatibily with helm2. - -## 0.1.0 - -* Initial version -* Add `DatadogMetrics` and `DatadogAgents` CRDs diff --git a/addons/datadog/charts/datadog-crds/Chart.yaml b/addons/datadog/charts/datadog-crds/Chart.yaml deleted file mode 100644 index 416ef901b..000000000 --- a/addons/datadog/charts/datadog-crds/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -name: datadog-crds -description: Datadog Kubernetes CRDs chart -version: 1.3.0 -appVersion: "1" -keywords: -- monitoring -- alerting -- metric -home: https://www.datadoghq.com -icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png -sources: -- https://app.datadoghq.com/account/settings#agent/kubernetes -- https://github.com/DataDog/datadog-operator -- https://docs.datadoghq.com/agent/cluster_agent/external_metrics -maintainers: -- name: Datadog - email: support@datadoghq.com diff --git a/addons/datadog/charts/datadog-crds/README.md b/addons/datadog/charts/datadog-crds/README.md deleted file mode 100644 index 40d5ee6d0..000000000 --- a/addons/datadog/charts/datadog-crds/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Datadog CRDs - -![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) - -This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. - -## How to use Datadog Helm repository - -You need to add this repository to your Helm repositories: - -``` -helm repo add datadog https://helm.datadoghq.com -helm repo update -``` - -## Prerequisites - -This chart can be used with Kubernetes `1.11+` or OpenShift `3.11+` since `CustomResourceDefinitions` are supported starting with these versions. -But the recommended Kubernetes versions are `1.16+`. - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | -| crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | -| crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | -| crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | -| fullnameOverride | string | `""` | Override the fully qualified app name | -| migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | -| migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | -| migration.datadogAgents.conversionWebhook.namespace | string | `"default"` | | -| migration.datadogAgents.useCertManager | bool | `false` | | -| migration.datadogAgents.version | string | `"v2alpha1"` | | -| nameOverride | string | `""` | Override name of app | - -## Developers - -### How to update CRDs - -```shell -./update-crds.sh -``` diff --git a/addons/datadog/charts/datadog-crds/README.md.gotmpl b/addons/datadog/charts/datadog-crds/README.md.gotmpl deleted file mode 100644 index 0cdfbdaaf..000000000 --- a/addons/datadog/charts/datadog-crds/README.md.gotmpl +++ /dev/null @@ -1,30 +0,0 @@ -# Datadog CRDs - -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} - -This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. - -## How to use Datadog Helm repository - -You need to add this repository to your Helm repositories: - -``` -helm repo add datadog https://helm.datadoghq.com -helm repo update -``` - -## Prerequisites - -This chart can be used with Kubernetes `1.11+` or OpenShift `3.11+` since `CustomResourceDefinitions` are supported starting with these versions. -But the recommended Kubernetes versions are `1.16+`. - -{{ template "chart.valuesSection" . }} - - -## Developers - -### How to update CRDs - -```shell -./update-crds.sh -``` diff --git a/addons/datadog/charts/datadog-crds/ci/kubeval-values.yaml b/addons/datadog/charts/datadog-crds/ci/kubeval-values.yaml deleted file mode 100644 index 1cc095b47..000000000 --- a/addons/datadog/charts/datadog-crds/ci/kubeval-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -crds: - datadogMetrics: true - datadogAgents: true - datadogMonitors: true diff --git a/addons/datadog/charts/datadog-crds/templates/NOTES.txt b/addons/datadog/charts/datadog-crds/templates/NOTES.txt deleted file mode 100644 index 2b8179602..000000000 --- a/addons/datadog/charts/datadog-crds/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -Datadog CRD(s) installed: -{{- if .Values.crds.datadogMetrics }} -* DatadogMetric -{{- end }} -{{- if .Values.crds.datadogAgents }} -* DatadogAgent -{{- end }} -{{- if .Values.crds.datadogMonitors }} -* DatadogMonitor -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/_helpers.tpl b/addons/datadog/charts/datadog-crds/templates/_helpers.tpl deleted file mode 100644 index a6a7ae84f..000000000 --- a/addons/datadog/charts/datadog-crds/templates/_helpers.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "datadog-crds.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "datadog-crds.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "datadog-crds.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml deleted file mode 100644 index d54a9d840..000000000 --- a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ /dev/null @@ -1,8398 +0,0 @@ -{{- if and .Values.crds.datadogAgents (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - {{- if .Values.migration.datadogAgents.useCertManager }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}-serving-cert - {{- end }} - creationTimestamp: null - name: datadogagents.datadoghq.com - labels: - helm.sh/chart: '{{ include "datadog-crds.chart" . }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' -spec: - {{- if .Values.migration.datadogAgents.conversionWebhook.enabled }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: {{ .Values.migration.datadogAgents.conversionWebhook.namespace }} - name: {{ .Values.migration.datadogAgents.conversionWebhook.name }} - path: /convert - conversionReviewVersions: - - v1 - {{- end }} - group: datadoghq.com - names: - kind: DatadogAgent - listKind: DatadogAgentList - plural: datadogagents - shortNames: - - dd - singular: datadogagent - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - agent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apm: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: - type: boolean - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - serviceName: - type: string - webhookName: - type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - global: - properties: - clusterAgentToken: - type: string - clusterAgentTokenSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - criSocketPath: - type: string - dockerSocketPath: - type: string - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - localService: - properties: - forceEnableLocalService: - type: boolean - nameOverride: - type: string - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - registry: - type: string - site: - type: string - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - override: - additionalProperties: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - name: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - seccompConfig: - properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: - type: string - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - replicas: - format: int32 - type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: - type: string - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - {{- if eq .Values.migration.datadogAgents.version "v2alpha1" }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml deleted file mode 100644 index fd1004c1e..000000000 --- a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ /dev/null @@ -1,8385 +0,0 @@ -{{- if and .Values.crds.datadogAgents (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null - name: datadogagents.datadoghq.com - labels: - helm.sh/chart: '{{ include "datadog-crds.chart" . }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' -spec: - group: datadoghq.com - names: - kind: DatadogAgent - listKind: DatadogAgentList - plural: datadogagents - shortNames: - - dd - singular: datadogagent - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - versions: - - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - JSONPath: .status.agent.status - name: agent - type: string - - JSONPath: .status.clusterAgent.status - name: cluster-agent - type: string - - JSONPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - agent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apm: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: - type: boolean - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - defaultOverride: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} - - additionalPrinterColumns: - - JSONPath: .status.agent.status - name: agent - type: string - - JSONPath: .status.clusterAgent.status - name: cluster-agent - type: string - - JSONPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - serviceName: - type: string - webhookName: - type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - global: - properties: - clusterAgentToken: - type: string - clusterAgentTokenSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - criSocketPath: - type: string - dockerSocketPath: - type: string - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - localService: - properties: - forceEnableLocalService: - type: boolean - nameOverride: - type: string - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - registry: - type: string - site: - type: string - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - override: - additionalProperties: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - name: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - seccompConfig: - properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: - type: string - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - replicas: - format: int32 - type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: - type: string - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - {{- if eq .Values.migration.datadogAgents.version "v2alpha1" }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml b/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml deleted file mode 100644 index af440ca92..000000000 --- a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml +++ /dev/null @@ -1,126 +0,0 @@ -{{- if and .Values.crds.datadogMetrics (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null - name: datadogmetrics.datadoghq.com - labels: - helm.sh/chart: '{{ include "datadog-crds.chart" . }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' -spec: - group: datadoghq.com - names: - kind: DatadogMetric - listKind: DatadogMetricList - plural: datadogmetrics - singular: datadogmetric - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - jsonPath: .status.conditions[?(@.type=='Valid')].status - name: valid - type: string - - jsonPath: .status.currentValue - name: value - type: string - - jsonPath: .status.autoscalerReferences - name: references - type: string - - jsonPath: .status.conditions[?(@.type=='Updated')].lastUpdateTime - name: update time - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: DatadogMetric allows autoscaling on arbitrary Datadog query - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DatadogMetricSpec defines the desired state of DatadogMetric - properties: - externalMetricName: - description: ExternalMetricName is reserved for internal use - type: string - maxAge: - description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) - type: string - query: - description: Query is the raw datadog query - type: string - timeWindow: - description: TimeWindow provides the time window for the metric query, defaults to MaxAge. - type: string - type: object - status: - description: DatadogMetricStatus defines the observed state of DatadogMetric - properties: - autoscalerReferences: - description: List of autoscalers currently using this DatadogMetric - type: string - conditions: - description: Conditions Represents the latest available observations of a DatadogMetric's current state. - items: - description: DatadogMetricCondition describes the state of a DatadogMetric at a certain point. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - type: string - lastUpdateTime: - description: Last time the condition was updated. - format: date-time - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of DatadogMetric condition. - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentValue: - description: Value is the latest value of the metric - type: string - required: - - currentValue - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml b/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml deleted file mode 100644 index 2512a24f8..000000000 --- a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml +++ /dev/null @@ -1,127 +0,0 @@ -{{- if and .Values.crds.datadogMetrics (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null - name: datadogmetrics.datadoghq.com - labels: - helm.sh/chart: '{{ include "datadog-crds.chart" . }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - JSONPath: .status.conditions[?(@.type=='Valid')].status - name: valid - type: string - - JSONPath: .status.currentValue - name: value - type: string - - JSONPath: .status.autoscalerReferences - name: references - type: string - - JSONPath: .status.conditions[?(@.type=='Updated')].lastUpdateTime - name: update time - type: date - group: datadoghq.com - names: - kind: DatadogMetric - listKind: DatadogMetricList - plural: datadogmetrics - singular: datadogmetric - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: DatadogMetric allows autoscaling on arbitrary Datadog query - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DatadogMetricSpec defines the desired state of DatadogMetric - properties: - externalMetricName: - description: ExternalMetricName is reserved for internal use - type: string - maxAge: - description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) - type: string - query: - description: Query is the raw datadog query - type: string - timeWindow: - description: TimeWindow provides the time window for the metric query, defaults to MaxAge. - type: string - type: object - status: - description: DatadogMetricStatus defines the observed state of DatadogMetric - properties: - autoscalerReferences: - description: List of autoscalers currently using this DatadogMetric - type: string - conditions: - description: Conditions Represents the latest available observations of a DatadogMetric's current state. - items: - description: DatadogMetricCondition describes the state of a DatadogMetric at a certain point. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - type: string - lastUpdateTime: - description: Last time the condition was updated. - format: date-time - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of DatadogMetric condition. - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentValue: - description: Value is the latest value of the metric - type: string - required: - - currentValue - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml deleted file mode 100644 index fe62dd6b6..000000000 --- a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ /dev/null @@ -1,285 +0,0 @@ -{{- if and .Values.crds.datadogMonitors (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null - name: datadogmonitors.datadoghq.com - labels: - helm.sh/chart: '{{ include "datadog-crds.chart" . }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' -spec: - group: datadoghq.com - names: - kind: DatadogMonitor - listKind: DatadogMonitorList - plural: datadogmonitors - singular: datadogmonitor - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.id - name: id - type: string - - jsonPath: .status.monitorState - name: monitor state - type: string - - jsonPath: .status.monitorStateLastTransitionTime - name: last state transition - type: string - - format: date - jsonPath: .status.monitorStateLastUpdateTime - name: last state sync - type: string - - jsonPath: .status.syncStatus - name: sync status - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: DatadogMonitor allows to define and manage Monitors from your Kubernetes Cluster - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DatadogMonitorSpec defines the desired state of DatadogMonitor - properties: - controllerOptions: - description: ControllerOptions are the optional parameters in the DatadogMonitor controller - properties: - disableRequiredTags: - description: DisableRequiredTags disables the automatic addition of required tags to monitors. - type: boolean - type: object - message: - description: Message is a message to include with notifications for this monitor - type: string - name: - description: Name is the monitor name - type: string - options: - description: Options are the optional parameters associated with your monitor - properties: - enableLogsSample: - description: A Boolean indicating whether to send a log sample when the log monitor triggers. - type: boolean - escalationMessage: - description: A message to include with a re-notification. - type: string - evaluationDelay: - description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. - format: int64 - type: integer - includeTags: - description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. - type: boolean - locked: - description: Whether or not the monitor is locked (only editable by creator and admins). - type: boolean - newGroupDelay: - description: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. - format: int64 - type: integer - noDataTimeframe: - description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. - format: int64 - type: integer - notifyAudit: - description: A Boolean indicating whether tagged users are notified on changes to this monitor. - type: boolean - notifyNoData: - description: A Boolean indicating whether this monitor notifies when data stops reporting. - type: boolean - renotifyInterval: - description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. - format: int64 - type: integer - requireFullWindow: - description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. - type: boolean - thresholdWindows: - description: A struct of the alerting time window options. - properties: - recoveryWindow: - description: Describes how long an anomalous metric must be normal before the alert recovers. - type: string - triggerWindow: - description: Describes how long a metric must be anomalous before an alert triggers. - type: string - type: object - thresholds: - description: A struct of the different monitor threshold values. - properties: - critical: - description: The monitor CRITICAL threshold. - type: string - criticalRecovery: - description: The monitor CRITICAL recovery threshold. - type: string - ok: - description: The monitor OK threshold. - type: string - unknown: - description: The monitor UNKNOWN threshold. - type: string - warning: - description: The monitor WARNING threshold. - type: string - warningRecovery: - description: The monitor WARNING recovery threshold. - type: string - type: object - timeoutH: - description: The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. - format: int64 - type: integer - type: object - priority: - description: Priority is an integer from 1 (high) to 5 (low) indicating alert severity - format: int64 - type: integer - query: - description: Query is the Datadog monitor query - type: string - restrictedRoles: - description: RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). - items: - type: string - type: array - x-kubernetes-list-type: set - tags: - description: Tags is the monitor tags associated with your monitor - items: - type: string - type: array - x-kubernetes-list-type: set - type: - description: Type is the monitor type - type: string - type: object - status: - description: DatadogMonitorStatus defines the observed state of DatadogMonitor - properties: - conditions: - description: Conditions Represents the latest available observations of a DatadogMonitor's current state. - items: - description: DatadogMonitorCondition describes the current state of a DatadogMonitor - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - type: string - lastUpdateTime: - description: Last time the condition was updated. - format: date-time - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of DatadogMonitor condition - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - created: - description: Created is the time the monitor was created - format: date-time - type: string - creator: - description: Creator is the identify of the monitor creator - type: string - currentHash: - description: CurrentHash tracks the hash of the current DatadogMonitorSpec to know if the Spec has changed and needs an update - type: string - downtimeStatus: - description: DowntimeStatus defines whether the monitor is downtimed - properties: - downtimeId: - type: integer - isDowntimed: - type: boolean - type: object - id: - description: ID is the monitor ID generated in Datadog - type: integer - monitorLastForceSyncTime: - description: MonitorLastForceSyncTime is the last time the API monitor was last force synced with the DatadogMonitor resource - format: date-time - type: string - monitorState: - description: MonitorState is the overall state of monitor - type: string - monitorStateLastTransitionTime: - description: MonitorStateLastTransitionTime is the last time the monitor state changed - format: date-time - type: string - monitorStateLastUpdateTime: - description: MonitorStateLastUpdateTime is the last time the monitor state updated - format: date-time - type: string - primary: - description: Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) - type: boolean - syncStatus: - description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog - type: string - triggeredState: - description: TriggeredState only includes details for monitor groups that are triggering - items: - description: DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data - properties: - lastTransitionTime: - format: date-time - type: string - monitorGroup: - description: MonitorGroup is the name of the triggering group - type: string - state: - description: DatadogMonitorState represents the overall DatadogMonitor state - type: string - required: - - monitorGroup - type: object - type: array - x-kubernetes-list-map-keys: - - monitorGroup - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml b/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml deleted file mode 100644 index a17c7fa58..000000000 --- a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml +++ /dev/null @@ -1,286 +0,0 @@ -{{- if and .Values.crds.datadogMonitors (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null - name: datadogmonitors.datadoghq.com - labels: - helm.sh/chart: '{{ include "datadog-crds.chart" . }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' -spec: - additionalPrinterColumns: - - JSONPath: .status.id - name: id - type: string - - JSONPath: .status.monitorState - name: monitor state - type: string - - JSONPath: .status.monitorStateLastTransitionTime - name: last state transition - type: string - - JSONPath: .status.monitorStateLastUpdateTime - format: date - name: last state sync - type: string - - JSONPath: .status.syncStatus - name: sync status - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - group: datadoghq.com - names: - kind: DatadogMonitor - listKind: DatadogMonitorList - plural: datadogmonitors - singular: datadogmonitor - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: DatadogMonitor allows to define and manage Monitors from your Kubernetes Cluster - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DatadogMonitorSpec defines the desired state of DatadogMonitor - properties: - controllerOptions: - description: ControllerOptions are the optional parameters in the DatadogMonitor controller - properties: - disableRequiredTags: - description: DisableRequiredTags disables the automatic addition of required tags to monitors. - type: boolean - type: object - message: - description: Message is a message to include with notifications for this monitor - type: string - name: - description: Name is the monitor name - type: string - options: - description: Options are the optional parameters associated with your monitor - properties: - enableLogsSample: - description: A Boolean indicating whether to send a log sample when the log monitor triggers. - type: boolean - escalationMessage: - description: A message to include with a re-notification. - type: string - evaluationDelay: - description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. - format: int64 - type: integer - includeTags: - description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. - type: boolean - locked: - description: Whether or not the monitor is locked (only editable by creator and admins). - type: boolean - newGroupDelay: - description: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. - format: int64 - type: integer - noDataTimeframe: - description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. - format: int64 - type: integer - notifyAudit: - description: A Boolean indicating whether tagged users are notified on changes to this monitor. - type: boolean - notifyNoData: - description: A Boolean indicating whether this monitor notifies when data stops reporting. - type: boolean - renotifyInterval: - description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. - format: int64 - type: integer - requireFullWindow: - description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. - type: boolean - thresholdWindows: - description: A struct of the alerting time window options. - properties: - recoveryWindow: - description: Describes how long an anomalous metric must be normal before the alert recovers. - type: string - triggerWindow: - description: Describes how long a metric must be anomalous before an alert triggers. - type: string - type: object - thresholds: - description: A struct of the different monitor threshold values. - properties: - critical: - description: The monitor CRITICAL threshold. - type: string - criticalRecovery: - description: The monitor CRITICAL recovery threshold. - type: string - ok: - description: The monitor OK threshold. - type: string - unknown: - description: The monitor UNKNOWN threshold. - type: string - warning: - description: The monitor WARNING threshold. - type: string - warningRecovery: - description: The monitor WARNING recovery threshold. - type: string - type: object - timeoutH: - description: The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. - format: int64 - type: integer - type: object - priority: - description: Priority is an integer from 1 (high) to 5 (low) indicating alert severity - format: int64 - type: integer - query: - description: Query is the Datadog monitor query - type: string - restrictedRoles: - description: RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). - items: - type: string - type: array - x-kubernetes-list-type: set - tags: - description: Tags is the monitor tags associated with your monitor - items: - type: string - type: array - x-kubernetes-list-type: set - type: - description: Type is the monitor type - type: string - type: object - status: - description: DatadogMonitorStatus defines the observed state of DatadogMonitor - properties: - conditions: - description: Conditions Represents the latest available observations of a DatadogMonitor's current state. - items: - description: DatadogMonitorCondition describes the current state of a DatadogMonitor - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - type: string - lastUpdateTime: - description: Last time the condition was updated. - format: date-time - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of DatadogMonitor condition - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - created: - description: Created is the time the monitor was created - format: date-time - type: string - creator: - description: Creator is the identify of the monitor creator - type: string - currentHash: - description: CurrentHash tracks the hash of the current DatadogMonitorSpec to know if the Spec has changed and needs an update - type: string - downtimeStatus: - description: DowntimeStatus defines whether the monitor is downtimed - properties: - downtimeId: - type: integer - isDowntimed: - type: boolean - type: object - id: - description: ID is the monitor ID generated in Datadog - type: integer - monitorLastForceSyncTime: - description: MonitorLastForceSyncTime is the last time the API monitor was last force synced with the DatadogMonitor resource - format: date-time - type: string - monitorState: - description: MonitorState is the overall state of monitor - type: string - monitorStateLastTransitionTime: - description: MonitorStateLastTransitionTime is the last time the monitor state changed - format: date-time - type: string - monitorStateLastUpdateTime: - description: MonitorStateLastUpdateTime is the last time the monitor state updated - format: date-time - type: string - primary: - description: Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) - type: boolean - syncStatus: - description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog - type: string - triggeredState: - description: TriggeredState only includes details for monitor groups that are triggering - items: - description: DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data - properties: - lastTransitionTime: - format: date-time - type: string - monitorGroup: - description: MonitorGroup is the name of the triggering group - type: string - state: - description: DatadogMonitorState represents the overall DatadogMonitor state - type: string - required: - - monitorGroup - type: object - type: array - x-kubernetes-list-map-keys: - - monitorGroup - x-kubernetes-list-type: map - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml b/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml deleted file mode 100644 index d95be534c..000000000 --- a/addons/datadog/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml +++ /dev/null @@ -1,205 +0,0 @@ -{{- if and .Values.crds.datadogSLOs (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null - name: datadogslos.datadoghq.com - labels: - helm.sh/chart: '{{ include "datadog-crds.chart" . }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' -spec: - group: datadoghq.com - names: - kind: DatadogSLO - listKind: DatadogSLOList - plural: datadogslos - shortNames: - - ddslo - singular: datadogslo - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.id - name: id - type: string - - jsonPath: .status.syncStatus - name: sync status - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - controllerOptions: - description: ControllerOptions are the optional parameters in the DatadogSLO controller - properties: - disableRequiredTags: - description: DisableRequiredTags disables the automatic addition of required tags to SLOs. - type: boolean - type: object - description: - description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. - type: string - groups: - description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. - items: - type: string - type: array - x-kubernetes-list-type: set - monitorIDs: - description: MonitorIDs is a list of monitor IDs that defines the scope of a monitor service level objective. Required if type is monitor. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: set - name: - description: Name is the name of the service level objective. - type: string - query: - description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. - properties: - denominator: - description: Denominator is a Datadog metric query for total (valid) events. - type: string - numerator: - description: Numerator is a Datadog metric query for good events. - type: string - required: - - denominator - - numerator - type: object - tags: - description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' - items: - type: string - type: array - x-kubernetes-list-type: set - targetThreshold: - anyOf: - - type: integer - - type: string - description: TargetThreshold is the target threshold such that when the service level indicator is above this threshold over the given timeframe, the objective is being met. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - timeframe: - description: The SLO time window options. - type: string - type: - description: Type is the type of the service level objective. - type: string - warningThreshold: - anyOf: - - type: integer - - type: string - description: WarningThreshold is a optional warning threshold such that when the service level indicator is below this value for the given threshold, but above the target threshold, the objective appears in a "warning" state. This value must be greater than the target threshold. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - name - - targetThreshold - - timeframe - - type - type: object - status: - description: DatadogSLOStatus defines the observed state of a DatadogSLO. - properties: - conditions: - description: Conditions represents the latest available observations of the state of a DatadogSLO. - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - created: - description: Created is the time the SLO was created. - format: date-time - type: string - creator: - description: Creator is the identity of the SLO creator. - type: string - currentHash: - description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. - type: string - id: - description: ID is the SLO ID generated in Datadog. - type: string - lastForceSyncTime: - description: LastForceSyncTime is the last time the API SLO was last force synced with the DatadogSLO resource. - format: date-time - type: string - syncStatus: - description: SyncStatus shows the health of syncing the SLO state to Datadog. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/addons/datadog/charts/datadog-crds/update-crds.sh b/addons/datadog/charts/datadog-crds/update-crds.sh deleted file mode 100755 index c1ff364ce..000000000 --- a/addons/datadog/charts/datadog-crds/update-crds.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash - -set -euox pipefail - -ROOT=$(git rev-parse --show-toplevel) - -DATADOG_OPERATOR_REPO=Datadog/datadog-operator - -DATADOG_OPERATOR_TAG=main -if [[ $# -eq 1 ]]; then - DATADOG_OPERATOR_TAG=$1 -fi - -download_crd() { - repo=$1 - tag=$2 - name=$3 - installOption=$4 # Name of the option to install the CRD (defined in values.yaml) - version=$5 - - inFile=datadoghq.com_$name.yaml - # shellcheck disable=SC2154 - outFile=datadoghq.com_"$name"_"$version".yaml - path=$ROOT/charts/datadog-crds/templates/$outFile - echo "Download CRD \"$inFile\" version \"$version\" from repo \"$repo\" tag \"$tag\"" - curl --silent --show-error --fail --location --output "$path" "https://raw.githubusercontent.com/$repo/$tag/config/crd/bases/$version/$inFile" - - if [ "$name" = "datadogagents" ]; then - yq -i eval 'del(.. | select(has("defaultOverride")).defaultOverride.properties)' "$path" - yq -i eval 'del(.. | select(has("description")).description)' "$path" - fi - - if [ "$version" = "v1beta1" ]; then - yq -i eval 'del(.spec.preserveUnknownFields)' "$path" - fi - - ifCondition="{{- if and .Values.crds.$installOption (semverCompare \"<=1.21-0\" .Capabilities.KubeVersion.GitVersion ) }}" - if [ "$version" = "v1" ]; then - ifCondition="{{- if and .Values.crds.$installOption (semverCompare \">1.21-0\" .Capabilities.KubeVersion.GitVersion ) }}" - cp "$path" "$ROOT/crds/datadoghq.com_$name.yaml" - fi - - VALUE="'{{ include \"datadog-crds.chart\" . }}'" \ - yq eval '.metadata.labels."helm.sh/chart" = env(VALUE)' -i "$path" - yq eval '.metadata.labels."app.kubernetes.io/managed-by" = "{{ .Release.Service }}"' -i "$path" - VALUE="'{{ include \"datadog-crds.name\" . }}'" \ - yq eval '.metadata.labels."app.kubernetes.io/name" = env(VALUE)' -i "$path" - yq eval '.metadata.labels."app.kubernetes.io/instance" = "{{ .Release.Name }}"' -i "$path" - - { echo "$ifCondition"; cat "$path"; } > tmp.file - mv tmp.file "$path" - echo '{{- end }}' >> "$path" -} - -mkdir -p "$ROOT/crds" -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1beta1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1beta1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1beta1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 diff --git a/addons/datadog/charts/datadog-crds/values.yaml b/addons/datadog/charts/datadog-crds/values.yaml deleted file mode 100644 index 696f33411..000000000 --- a/addons/datadog/charts/datadog-crds/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Default values for datadog-operator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -crds: - # crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD - datadogMetrics: false - # crds.datadogAgents -- Set to true to deploy the DatadogAgents CRD - datadogAgents: false - # crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD - datadogMonitors: false - # crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD - datadogSLOs: false - -migration: - datadogAgents: - conversionWebhook: - enabled: false - name: datadog-operator-webhook-service - namespace: default - useCertManager: false - version: "v2alpha1" - -# nameOverride -- Override name of app -nameOverride: "" - -# fullnameOverride -- Override the fully qualified app name -fullnameOverride: "" diff --git a/addons/datadog/charts/kube-state-metrics-2.13.2.tgz b/addons/datadog/charts/kube-state-metrics-2.13.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f188ae8efb85a6742a0f2449451637ddfd1295a8 GIT binary patch literal 7313 zcmV;C9B$(uiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKB#bKADEX#eJ?*eB&aC!LUz{3|({mpj)@a?Z)LNjz~*J7+SP z79v*?YLZ|8(2m;refB%}K@y}WiMCXyH&@6^ERl=d#RAyH0=v*2>gRnQkJ@YIV?gq&tlKYEo4N#YomM-4~@ zGfa^ai9pf_@N>olLKx>lBKKpw!Wb;DH)jcsVJ>AR#)H9(%6UEsLY52^VxFQzF=!c? z-X$)s8IQ!+^DQp*fu&S3PScs^L&jNxa*nz1e5kN_38ASZG)1l}V?t;=21z*m6wnDL zbDI2DlE*06R4Pt9fRrdEHOT1c--cDKgrqsf|HX5h1(=tRiF)9f&&$kvg5^9!P5t%_ zzbZQAFc=*Lhu+TmzlGQpiE|V?Q~>Me|LE|^@o{7RpNx)A_w)ZgN*`X}l;p7l)9o;2 zyk+zTUNx~ULQXO@GkA_3O~?$#9stLT2{jKFW4L@Of?3D|%Gw5V%iI8vWTq65RyhD! z9>?b_rr}}?ucmL9Jm)Adm7bw@p2zV8h8(3B!-tPvAACCpd-}bv>ia@N^gOQ*ucjbS zDjlVmehhL>1zgiOh6uBmE!q?s5kTNVJ(}k61xl^ejW7KbqOZF^g$P#D7A@A_2Le=}cprN zyTGct9aA!iF&e{^!~#99Xy+J4O7K5WA%RVSL=jacgv1cW6bPT?ioP}*Axo!prg&%> z8GSt<@iR%X7{}oIhM+(Djb=WkAybSz2H%g_%%9R29|OuTP|}QJE#Qm^K_{_l*Gxc2 zQq^fwmZuS@=H9^!O=30~Bt+S@LBv8a2xID(O$w68!_ShFGd?rJ(-X+AXsD-2#<(2A z)8W&h2T)BuB?e48PxaUYHBXk{`$fWBX*zgnWbYn(@o3Gbbb*Yd&91?aT=| zDhvOAAr}bmzB_vk9Ia*Zz`nJrL07ym(~baVF{(MLzNxzSnF^^UfqDTxh)bGf<#&xp zee+?GOAu1eRi>U;VUjRpd1_{*sxqNzq~{a^Dj!$m)Vx>y9B6iOfiErLcT5ea1B)->Lpr4>;Cim~IagY)1_xr!@;Fk{#PnzM7&v~)DMwHv!XR&SwnF`Wj)rwM)ibYw z)^vPOh&N?Yw^((c9aU7=QASD;6l==JQJK>`j?GZQB#Vi}VhN^Ezr!hVOhYXqmTHM5 zjH{8LErymH8rfdYG1bOKq1L8DXdE1;m0qZnfih@%!b>79#h_GNe#Rm{WOji$(ALKq zB2KTA>fkt|Lh{AH186m2X0FuaD<@Xox>g=^1>Bel^?gl$G zTAHGm56HC$NJ4&Nsn&IPDF#Z2LJo3)e3sJ)2SSgMg>O;%7Nwpb!CWSBn^LKk2&yOS zvRr*!G85`iWfB}Uq+XPB#wss>IZGKYpsa4{7ejfW<{5!=7QqFEIae0TtQ}UYWgy9g zbVj#A^=?Clhb#>-lVXr*%mdZo!cz0?Gq2zGG8Pp~*!9b@ja-(TYNOMhj72U;@p>0L z_DPlzo-n>sqyj@_rgn>SAwn5jl;#guIza&(kT{!@piY9sF}ud-oHMl?c%uf>7!JNY zxDAfTm}LjY7!D#9UMh=k-WB)?fmR47C_CZfc`9jw6++LQ6hE>!*Q}cbgu(rsr4m2O z+Mu%Pm*?r3_y=csHipxalcVF}*}nwx>d~|gqsIOl79qrXcIg?Tho2C1ma6qkm)W88 zhHn&yT8#JtV+>U@2A=wUp}#V2v_!uTXVWQ7)jSm_l>xjf-EtrmnpjVmfkC2`vLZk5 zh^1FD@SeqJfOkwcA&X7#uXHWpy9L-epcn0=sO$CJ+R81lgFf)8=V~s5$R(XB zE>X#brZcr(L7{AGu~^ZpCnR$oahCqdCe?$8V8T*?PBr5m>UDkj4AUrM)O|8%oc^ZF zf1I&Mdq^RPkyikkBO$PQQX?GGgi21*nFEmIQm=roaWZG@vNp^rsM1zCkIW)o>rv`H zXOZ(QLoTS0n93`yXu_D#Wc6$34U3|((bOXZz3fHli{N+m0tAJY95q+2tfv3ly9bt^j?6O#ur72}M zR&2c~oe`sPEIvIi?S#?}SmDqu&CF`F>Dg%OsQK7$tlE^KdV7VO(+JI`NjZ@!NVQ-p zzZB4>ddY)bANAoUwPerr9t+2iB?+dH_8}w#yIL)IEo+-y4F)liD>S~9-qs0ODniO~ zvqTQ(Of8$07!<3@ngwRRM0;#BRSQLd0>Zg+tMy+lg)*r>DP+ri2)EFfm^f zO!N-l>G5l7+h-MR4ZHz;boiR;A#u*xl^PKQE}sgpo7$?~5l(4}Kr*VAC#6-cFQyAe zSbM;MLil%gb4UsGJ>fHy_6(yMQ=?#X9Q;iUxHUk=H0sH#yv2B0oL4|iMbv$*G%EZy zcx^l$uXRsVVvGviqJhkANHN1jgsG<}zpk98mRVoo`X>`|48uVGtG_xgHkw9j4+~nh zw+gRX4Botb|MDV`pXGLY%p1=CMn^}Z#{U25@o>1`|G$sY;vOr#2ZE|ORSt7GClX@4 zA`pd{`o3H?!rA#N4T@Y(h+@-5loN3Y*-up~@Lr{Q zZ&7d9Jci$YFE^{8*RlpKwzPT>z|Bpt3B0tL7G7M1f!#k2ViuBk{QK`v96i`R3>05* zb2D%oywEMxT^9jTvmYoRiE{H5K3(Ew#8FZ1f5&KStA4L|ATE+HrpiJVy%Tu5 zJ0bnL%Ub>a^BiO42?R3R<|ufB{y%(j*o^;pax^^J>;L;GzyCh?7OrSA)_d{FXON2w zpCw8x;T*^C?cnCdQ&8T^&slK<>hALE#c<$RIKNoRtx{V(@GC&QND55Ak>0^5be4iF z{f9r4W0i(*dZa(n1XKq6*A=wsLzJg=jJ?tlr)rnUBIWD#B@qA0+MCA5rOv; z8tfWgDjKRm0wx%eTp$RR)J&aj`jlcE87rYz%f-eG74UGf&|-P<=0d^h6RQlvM}hZh z3LInQNf;#7&9m-=J@Js`xpHy%Lp1Z2+b&YBY)K&;IxPiTyex%Vz^nx5Bz=8EX1_ep zEg3)S-oXx^rBDo(;GL0}sa*0}dwOdIGfq=Eh2DP%|35^pfz8mp&5&F5xi%D=v!-!Y zV-LqV^>6)D@6D>7u7d^kh)n?kfLf3g-Sd#9VVp-B7bcHZq1Nqc3c5k0XFv2hAz3NS zGv)ni0lHJk-PEWYDeZP8c`T`40XZ9bKvT84m{7G+F)n>)EoK*ArlAeNFKuZ!^6)o8 zwFt2>;7vmu=oV>p*8gkmzg(wj=W&G&vd_+&p%6B+b(kiyi*7Sh~u+#-ji&1oPEiR?b;3m*gd)>WV zg&MoL@kDO+2gaUnxvz&v+?7Nv#^9E|_TAL%U$(5(|CO=aDjIl0{I3r7t?U2c@bGxA z|L>!?3Y=t_P`bLI7Tl1}pg1$Sxv?tUiIA<$e)IN4IfC4I?dtsdpTPHFXL{WXO>d*Y z=(SjkRkd9E)N40TtE!gy1rFn9WiE)W*ccUV1gTMrAlbi361PMA0W^&;m2lkD@fqqE zQ&9woXbux1!}$+RH|?mSs__n{^`{fz*o4XBPb9nqbCNz0ps9PNx;z$Nc zoK_~ztWhPdiDzdc`EDa}N2B9uV{|mo)`D6sl?G%PHIiJ4MHebtTy>ewudI}F^IvNbg;u%*f-_-s>M z1yygg(;>|vuoU%FR&0rOawxB?*q{eh{6#srd}jq*)9T&zg(;X`RlQPRJ%9V+=Qn4s zUzRVx9320hvt;Z%1hemG7yV1m&xxFmOD&+&tTV1Ow*)kYyEtwLkD_R@S zwic;{X`*b$SVhFG!&yOfWYpb+TZgv->xj4v&0B}I1nP)%RdnAv8msDbBw5A_uA@-` zbws*pXtWKB6{wtm#dR1Ru#Sk=Mm?@0wYFkM;!b$m8cG#ZSG4tj%(b}dpj`>DXaiaW z&=FaCVCXvR?KSR5?pBmK6KRQAT}!70zB{Q+sJo(a;%C=kbii(hxDkZgfkvZ7XL4>( z?|L#WWJmNxTGtx97Nj#m6J5L>qk-v)(uq%Ai`IebjM|NIUXR>`?1+9twDdZ98>)6? zpfwD8E#1}{UCA}0y4O-_0AmKJBN`9O8W_qR+6pa(^nC#Af63aCI^>K#XwiH$s{XLJ5jJfE#9?Bp?v8p zxBOYn*Ia|5qT7xvV_ZJd;j;}FZ+)B1ka(^0FPA;Ns;=WuB?{O$QwD$`1fixV74=yySNtHM$}yRB0LuWodJo15{{Ye{D1hN3D;V6`TfZuGgE^KME^ zuP{X+&N-W)>s`*J%>IG0?r>&CICCVioc~sTwTv5prc_cAzrdI*E|kC{F@_TdK+*(R zE?eFyIn!Hn_NTDaJe@0(8r)5mGI+mb+pDTk?s$!c>o?e%xyco+rL5%^f=ji#?&}o^ zdd`ksk+Ro9riAW_-c3TRNYqjjTgcREbtUDb`c;(N{J$1LZk?`lmbFkxt;pEwrhSV1 zAa?|tXLs4!cJ#f={FgrE+Lu*j?fGxjnf5ZByBz~>ivJlN9yjBE4v+TtzuimOytrwG z`INytM#*n|nCsWn(*9icj_11OUZA%b`IMtq^oPwIg#%~x=5(={)Npfi@Rdci>`T|O zR{v+wWEa-}ZqENZTF(DF-0T1QD9Z=z%_|+241m3%a}-a0{(X<1#IjW(u{-K90Ruo!$yUlae75#oVgcK)Ha%YI56(SK?mNOx16n1_Zus& zWV{i*SMaPJzB+$ie{lZlMfISHThs00d5mK?c%2LRPQ7`<(szvM>)!DygqcDVlyPYZO~)`QckdGN z*<9^*;@tIiuSAQ33MHh!(-_4$4je4kIy0tNq| zCA_;q*m^^jvn~;sTp@qXl8kVK-haX<7@Y(|f7ol|WhO$UW9WyoI+K1QYb2TeShCXjJ1LKaF7es4~v@ST3F9U5#KRA@k`I$U6kAC z|GVaZZ`}Vo88-C);nC54|LB|YHRjj*_=JNqdj|YM}ziY2ltvhfZGqCrh#ZG{?bQMNFUrT2XM(J>AApmO!Yq2 zJQ8gM*JKEmj>(5!Ooi+{hTb)i;k@^;2ub$KSm;)EtK7k5_F8$V(g?SvT_hMTQ=V8n z%jAoM!)=K>xroc;D_>FJC0QogcySUHx8}x4VZ1XtPJZLI{8X8b-9|-~1i3BcmFbbo zj1+HaI&0%;WzyufELQ21o4U#-;3+S6_3W+^FSljvwv%Zm6Uj~9>^4~3JkD*Yug~yo z88cBrh3X&s6I!l0U*=VxPOMD@-IjkRNwk~roP5!(X*V)Sml^0Zew$gQTeGF}PdiFO zr=o64aYd49Hx^dptL~boyRx$bPTJC4mzgnpuTt3bP+ zRz7H+Xxy8DT&w?!Uyj=H2yj#U|HzRu?(kizN_WIIVzbakqzx|D>J1+w^`G1GY{@>}z zKK|!kO6MO9TenasR?Yh;&M)fp_&)Vf#Gp`z&4be_~Dj zpQQf}506fo`v1xB$zK28M_IY}50d32qiX}~Ynsl2ka1)}{~CAGG88|FzxO1+>@WUo z?&d1BdYzNmrDEMoG@P-o;9indh&HVZ%8|$j2ioYqm$7-{^Nd1AI^!C$WsB5f$4R)o?{A= zoW}YVxQv9CWQHQ}`tW{Eg}&F0aVbE|F^*vtvx(Viq3P@~aEythSEzp*#d%KB$m>Ij zGp$nKVa9PvKVt;fRLQhcq_L z|KXEn{MXTw(SH8lOCedtmFd>bpd_4r8a@5n(DNbTInF$eR}`;TzW&nO@5{EOW&Xc= zdG_M<%OHt%MPtMKKRP;j(wP6phsXQ)k9#S7SRMiJPmB}Lo{8tZQVv8M3w;^vhZbNm z!&H8JIF~XL#3^eb=pf9qh)7h#Jn!cVMEFp?s~S?cZxIWH{-Xc;Spf|m!IW_b zS&}HnIbvb1Z~4`}($BhGR&0e7op$w&c#pgX+Cv0tAwRr(`NPYziui)U+&|>e(n1sm|)DVl>{8AT23|!*1~m=?Y~mmS-N@J zE?-AteFGU`j1s~3vz*VG5;HQ;t6z=@yFvj9r6CqZ*q@>F)puWgf22W5ru%sz zL|^ykBUrGU1KMPhqC5501LUH(Mmxo8+y4r&?v3Z}-0?gupy&FuoBmc*)BObB;Z(V0 zR;SQ(wnBC^m7EPU(Vw*(`(cI8mvb~M`xA}NrzO5e0la4*5cQ}oC-o#oV3`U2(xW&+ zNob6b?hVvO*-I*0%-JD|I^1H}vw)kO(e0Eq>IUz(VH0hWSP(@(eHK){CxGfX2) rLyF?#!@m2~jF>7gp=d;~U$E}WzU<4s6y?7I00960#M?^A0KxzOOEOss literal 0 HcmV?d00001 diff --git a/addons/datadog/charts/kube-state-metrics/.helmignore b/addons/datadog/charts/kube-state-metrics/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/addons/datadog/charts/kube-state-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/addons/datadog/charts/kube-state-metrics/Chart.yaml b/addons/datadog/charts/kube-state-metrics/Chart.yaml deleted file mode 100644 index 05da94e1d..000000000 --- a/addons/datadog/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: kube-state-metrics -description: Install kube-state-metrics to generate and expose cluster-level metrics -keywords: -- metric -- monitoring -- prometheus -- kubernetes -type: application -version: 5.16.0 -appVersion: 2.10.1 -home: https://github.com/kubernetes/kube-state-metrics/ -sources: -- https://github.com/kubernetes/kube-state-metrics/ -maintainers: -- name: tariq1890 - email: tariq.ibrahim@mulesoft.com -- name: mrueg - email: manuel@rueg.eu -- name: dotdc - email: david@0xdc.me -annotations: - "artifacthub.io/license": Apache-2.0 - "artifacthub.io/links": | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts diff --git a/addons/datadog/charts/kube-state-metrics/README.md b/addons/datadog/charts/kube-state-metrics/README.md deleted file mode 100644 index 843be89e6..000000000 --- a/addons/datadog/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# kube-state-metrics Helm Chart - -Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Get Repository Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - - -## Install Chart - -```console -helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] -``` - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics - -You can upgrade in-place: - -1. [get repository info](#get-repository-info) -1. [upgrade](#upgrading-chart) your existing release name using the new chart repository - -## Upgrading to v3.0.0 - -v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. - -The upgraded chart now the following changes: - -* Dropped support for helm v2 (helm v3 or later is required) -* collectors key was renamed to resources -* namespace key was renamed to namespaces - -## Configuration - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: - -```console -helm show values prometheus-community/kube-state-metrics -``` - -### kube-rbac-proxy - -You can enable `kube-state-metrics` endpoint protection using `kube-rbac-proxy`. By setting `kubeRBACProxy.enabled: true`, this chart will deploy one RBAC proxy container per endpoint (metrics & telemetry). -To authorize access, authenticate your requests (via a `ServiceAccount` for example) with a `ClusterRole` attached such as: - -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kube-state-metrics-read -rules: - - apiGroups: [ "" ] - resources: ["services/kube-state-metrics"] - verbs: - - get -``` - -See [kube-rbac-proxy examples](https://github.com/brancz/kube-rbac-proxy/tree/master/examples/resource-attributes) for more details. diff --git a/addons/datadog/charts/kube-state-metrics/templates/NOTES.txt b/addons/datadog/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100644 index 3589c24ec..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,23 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - -{{- if .Values.kubeRBACProxy.enabled}} - -kube-rbac-proxy endpoint protections is enabled: -- Metrics endpoints are now HTTPS -- Ensure that the client authenticates the requests (e.g. via service account) with the following role permissions: -``` -rules: - - apiGroups: [ "" ] - resources: ["services/{{ template "kube-state-metrics.fullname" . }}"] - verbs: - - get -``` -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/_helpers.tpl b/addons/datadog/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100644 index a4358c87a..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,156 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kube-state-metrics.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate basic labels -*/}} -{{- define "kube-state-metrics.labels" }} -helm.sh/chart: {{ template "kube-state-metrics.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: metrics -app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }} -{{- include "kube-state-metrics.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels }} -{{- end }} -{{- if .Values.releaseLabel }} -release: {{ .Release.Name }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kube-state-metrics.selectorLabels" }} -{{- if .Values.selectorOverride }} -{{ toYaml .Values.selectorOverride }} -{{- else }} -app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} -{{- end }} - -{{/* Sets default scrape limits for servicemonitor */}} -{{- define "servicemonitor.scrapeLimits" -}} -{{- with .sampleLimit }} -sampleLimit: {{ . }} -{{- end }} -{{- with .targetLimit }} -targetLimit: {{ . }} -{{- end }} -{{- with .labelLimit }} -labelLimit: {{ . }} -{{- end }} -{{- with .labelNameLengthLimit }} -labelNameLengthLimit: {{ . }} -{{- end }} -{{- with .labelValueLengthLimit }} -labelValueLengthLimit: {{ . }} -{{- end }} -{{- end -}} - -{{/* -Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{specific imagePullSecrets}) -*/}} -{{- define "kube-state-metrics.imagePullSecrets" -}} -{{- range (concat .Values.global.imagePullSecrets .imagePullSecrets) }} - {{- if eq (typeOf .) "map[string]interface {}" }} -- {{ toYaml . | trim }} - {{- else }} -- name: {{ . }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -The image to use for kube-state-metrics -*/}} -{{- define "kube-state-metrics.image" -}} -{{- if .Values.image.sha }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} -{{- else }} -{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} -{{- end }} -{{- else }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- else }} -{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -The image to use for kubeRBACProxy -*/}} -{{- define "kubeRBACProxy.image" -}} -{{- if .Values.kubeRBACProxy.image.sha }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }} -{{- else }} -{{- printf "%s/%s:%s@%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }} -{{- end }} -{{- else }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }} -{{- else }} -{{- printf "%s/%s:%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }} -{{- end }} -{{- end }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml b/addons/datadog/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml deleted file mode 100644 index 025cd47a8..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }} -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - {{- if .Values.annotations }} - annotations: - {{ toYaml .Values.annotations | nindent 4 }} - {{- end }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -spec: - endpointSelector: - matchLabels: - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - egress: - {{- if and .Values.networkPolicy.cilium .Values.networkPolicy.cilium.kubeApiServerSelector }} - {{ toYaml .Values.networkPolicy.cilium.kubeApiServerSelector | nindent 6 }} - {{- else }} - - toEntities: - - kube-apiserver - {{- end }} - ingress: - - toPorts: - - ports: - - port: {{ .Values.service.port | quote }} - protocol: TCP - {{- if .Values.selfMonitor.enabled }} - - port: {{ .Values.selfMonitor.telemetryPort | default 8081 | quote }} - protocol: TCP - {{ end }} -{{ end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/addons/datadog/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100644 index cf9f628d0..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- if .Values.rbac.useExistingRole }} - name: {{ .Values.rbac.useExistingRole }} -{{- else }} - name: {{ template "kube-state-metrics.fullname" . }} -{{- end }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} diff --git a/addons/datadog/charts/kube-state-metrics/templates/crs-configmap.yaml b/addons/datadog/charts/kube-state-metrics/templates/crs-configmap.yaml deleted file mode 100644 index d38a75a51..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/crs-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.customResourceState.enabled}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- if .Values.annotations }} - annotations: - {{ toYaml .Values.annotations | nindent 4 }} - {{- end }} -data: - config.yaml: | - {{- toYaml .Values.customResourceState.config | nindent 4 }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/deployment.yaml b/addons/datadog/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100644 index 373f7dcc5..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,314 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- if .Values.annotations }} - annotations: -{{ toYaml .Values.annotations | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - replicas: {{ .Values.replicas }} - {{- if not .Values.autosharding.enabled }} - strategy: - type: {{ .Values.updateStrategy | default "RollingUpdate" }} - {{- end }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] - {{- end }} - template: - metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 8 }} - {{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 6 }} - {{- end }} - containers: - {{- $servicePort := ternary 9090 (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}} - {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} - - name: {{ template "kube-state-metrics.name" . }} - {{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - args: - {{- if .Values.extraArgs }} - {{- .Values.extraArgs | toYaml | nindent 8 }} - {{- end }} - - --port={{ $servicePort }} - {{- if .Values.collectors }} - - --resources={{ .Values.collectors | join "," }} - {{- end }} - {{- if .Values.metricLabelsAllowlist }} - - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }} - {{- end }} - {{- if .Values.metricAnnotationsAllowList }} - - --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }} - {{- end }} - {{- if .Values.metricAllowlist }} - - --metric-allowlist={{ .Values.metricAllowlist | join "," }} - {{- end }} - {{- if .Values.metricDenylist }} - - --metric-denylist={{ .Values.metricDenylist | join "," }} - {{- end }} - {{- $namespaces := list }} - {{- if .Values.namespaces }} - {{- range $ns := join "," .Values.namespaces | split "," }} - {{- $namespaces = append $namespaces (tpl $ns $) }} - {{- end }} - {{- end }} - {{- if .Values.releaseNamespace }} - {{- $namespaces = append $namespaces ( include "kube-state-metrics.namespace" . ) }} - {{- end }} - {{- if $namespaces }} - - --namespaces={{ $namespaces | mustUniq | join "," }} - {{- end }} - {{- if .Values.namespacesDenylist }} - - --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }} - {{- end }} - {{- if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - {{- end }} - {{- if .Values.kubeconfig.enabled }} - - --kubeconfig=/opt/k8s/.kube/config - {{- end }} - {{- if .Values.kubeRBACProxy.enabled }} - - --telemetry-host=127.0.0.1 - - --telemetry-port={{ $telemetryPort }} - {{- else }} - {{- if .Values.selfMonitor.telemetryHost }} - - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} - {{- end }} - {{- if .Values.selfMonitor.telemetryPort }} - - --telemetry-port={{ $telemetryPort }} - {{- end }} - {{- if .Values.customResourceState.enabled }} - - --custom-resource-state-config-file=/etc/customresourcestate/config.yaml - {{- end }} - {{- end }} - {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }} - volumeMounts: - {{- if .Values.kubeconfig.enabled }} - - name: kubeconfig - mountPath: /opt/k8s/.kube/ - readOnly: true - {{- end }} - {{- if .Values.customResourceState.enabled }} - - name: customresourcestate-config - mountPath: /etc/customresourcestate - readOnly: true - {{- end }} - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 8 }} - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: {{ include "kube-state-metrics.image" . }} - {{- if eq .Values.kubeRBACProxy.enabled false }} - ports: - - containerPort: {{ .Values.service.port | default 8080}} - name: "http" - {{- if .Values.selfMonitor.enabled }} - - containerPort: {{ $telemetryPort }} - name: "metrics" - {{- end }} - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - httpGet: - {{- if .Values.kubeRBACProxy.enabled }} - host: 127.0.0.1 - {{- end }} - httpHeaders: - {{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }} - - name: {{ $header.name }} - value: {{ $header.value }} - {{- end }} - path: /healthz - port: {{ $servicePort }} - scheme: {{ upper .Values.livenessProbe.httpGet.scheme }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - httpGet: - {{- if .Values.kubeRBACProxy.enabled }} - host: 127.0.0.1 - {{- end }} - httpHeaders: - {{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }} - - name: {{ $header.name }} - value: {{ $header.value }} - {{- end }} - path: / - port: {{ $servicePort }} - scheme: {{ upper .Values.readinessProbe.httpGet.scheme }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.containerSecurityContext }} - securityContext: -{{ toYaml .Values.containerSecurityContext | indent 10 }} -{{- end }} - {{- if .Values.kubeRBACProxy.enabled }} - - name: kube-rbac-proxy-http - args: - {{- if .Values.kubeRBACProxy.extraArgs }} - {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} - {{- end }} - - --secure-listen-address=:{{ .Values.service.port | default 8080}} - - --upstream=http://127.0.0.1:{{ $servicePort }}/ - - --proxy-endpoints-port=8888 - - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml - volumeMounts: - - name: kube-rbac-proxy-config - mountPath: /etc/kube-rbac-proxy-config - {{- with .Values.kubeRBACProxy.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} - image: {{ include "kubeRBACProxy.image" . }} - ports: - - containerPort: {{ .Values.service.port | default 8080}} - name: "http" - - containerPort: 8888 - name: "http-healthz" - readinessProbe: - httpGet: - scheme: HTTPS - port: 8888 - path: healthz - initialDelaySeconds: 5 - timeoutSeconds: 5 - {{- if .Values.kubeRBACProxy.resources }} - resources: -{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }} -{{- end }} -{{- if .Values.kubeRBACProxy.containerSecurityContext }} - securityContext: -{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }} -{{- end }} - {{- if .Values.selfMonitor.enabled }} - - name: kube-rbac-proxy-telemetry - args: - {{- if .Values.kubeRBACProxy.extraArgs }} - {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} - {{- end }} - - --secure-listen-address=:{{ .Values.selfMonitor.telemetryPort | default 8081 }} - - --upstream=http://127.0.0.1:{{ $telemetryPort }}/ - - --proxy-endpoints-port=8889 - - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml - volumeMounts: - - name: kube-rbac-proxy-config - mountPath: /etc/kube-rbac-proxy-config - {{- with .Values.kubeRBACProxy.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} - image: {{ include "kubeRBACProxy.image" . }} - ports: - - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - name: "metrics" - - containerPort: 8889 - name: "metrics-healthz" - readinessProbe: - httpGet: - scheme: HTTPS - port: 8889 - path: healthz - initialDelaySeconds: 5 - timeoutSeconds: 5 - {{- if .Values.kubeRBACProxy.resources }} - resources: -{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }} -{{- end }} -{{- if .Values.kubeRBACProxy.containerSecurityContext }} - securityContext: -{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }} -{{- end }} - {{- end }} - {{- end }} - {{- with .Values.containers }} - {{- toYaml . | nindent 6 }} - {{- end }} -{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.imagePullSecrets) | indent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml .Values.topologySpreadConstraints | indent 8 }} - {{- end }} - {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumes) (.Values.kubeRBACProxy.enabled) }} - volumes: - {{- if .Values.kubeconfig.enabled}} - - name: kubeconfig - secret: - secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig - {{- end }} - {{- if .Values.kubeRBACProxy.enabled}} - - name: kube-rbac-proxy-config - configMap: - name: {{ template "kube-state-metrics.fullname" . }}-rbac-config - {{- end }} - {{- if .Values.customResourceState.enabled}} - - name: customresourcestate-config - configMap: - name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config - {{- end }} - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/extra-manifests.yaml b/addons/datadog/charts/kube-state-metrics/templates/extra-manifests.yaml deleted file mode 100644 index 567f7bf32..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/extra-manifests.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{ range .Values.extraManifests }} ---- -{{ tpl (toYaml .) $ }} -{{ end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/addons/datadog/charts/kube-state-metrics/templates/kubeconfig-secret.yaml deleted file mode 100644 index 6af008450..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/kubeconfig-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.kubeconfig.enabled -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -type: Opaque -data: - config: '{{ .Values.kubeconfig.secret }}' -{{- end -}} diff --git a/addons/datadog/charts/kube-state-metrics/templates/networkpolicy.yaml b/addons/datadog/charts/kube-state-metrics/templates/networkpolicy.yaml deleted file mode 100644 index 309b38ec5..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/networkpolicy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "kubernetes") }} -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - {{- if .Values.annotations }} - annotations: - {{ toYaml .Values.annotations | nindent 4 }} - {{- end }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -spec: - {{- if .Values.networkPolicy.egress }} - ## Deny all egress by default - egress: - {{- toYaml .Values.networkPolicy.egress | nindent 4 }} - {{- end }} - ingress: - {{- if .Values.networkPolicy.ingress }} - {{- toYaml .Values.networkPolicy.ingress | nindent 4 }} - {{- else }} - ## Allow ingress on default ports by default - - ports: - - port: {{ .Values.service.port | default 8080 }} - protocol: TCP - {{- if .Values.selfMonitor.enabled }} - {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} - - port: {{ $telemetryPort }} - protocol: TCP - {{- end }} - {{- end }} - podSelector: - {{- if .Values.networkPolicy.podSelector }} - {{- toYaml .Values.networkPolicy.podSelector | nindent 4 }} - {{- else }} - matchLabels: - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - {{- end }} - policyTypes: - - Ingress - - Egress -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/pdb.yaml b/addons/datadog/charts/kube-state-metrics/templates/pdb.yaml deleted file mode 100644 index 3771b511d..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/pdb.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} -apiVersion: policy/v1 -{{- else -}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} diff --git a/addons/datadog/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/addons/datadog/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100644 index 8905e113e..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' -{{- if .Values.podSecurityPolicy.additionalVolumes }} -{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/addons/datadog/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index 654e4a3d5..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/addons/datadog/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 5b62a18bd..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/rbac-configmap.yaml b/addons/datadog/charts/kube-state-metrics/templates/rbac-configmap.yaml deleted file mode 100644 index 671dc9d66..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/rbac-configmap.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.kubeRBACProxy.enabled}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kube-state-metrics.fullname" . }}-rbac-config - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- if .Values.annotations }} - annotations: - {{ toYaml .Values.annotations | nindent 4 }} - {{- end }} -data: - config-file.yaml: |+ - authorization: - resourceAttributes: - namespace: {{ template "kube-state-metrics.namespace" . }} - apiVersion: v1 - resource: services - subresource: {{ template "kube-state-metrics.fullname" . }} - name: {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/role.yaml b/addons/datadog/charts/kube-state-metrics/templates/role.yaml deleted file mode 100644 index d33687f2d..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/role.yaml +++ /dev/null @@ -1,212 +0,0 @@ -{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} -{{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if eq $.Values.rbac.useClusterRole false }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - labels: - {{- include "kube-state-metrics.labels" $ | indent 4 }} - name: {{ template "kube-state-metrics.fullname" $ }} -{{- if eq $.Values.rbac.useClusterRole false }} - namespace: {{ . }} -{{- end }} -rules: -{{ if has "certificatesigningrequests" $.Values.collectors }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if has "configmaps" $.Values.collectors }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if has "cronjobs" $.Values.collectors }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if has "daemonsets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "deployments" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if has "endpoints" $.Values.collectors }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if has "endpointslices" $.Values.collectors }} -- apiGroups: ["discovery.k8s.io"] - resources: - - endpointslices - verbs: ["list", "watch"] -{{ end -}} -{{ if has "horizontalpodautoscalers" $.Values.collectors }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if has "ingresses" $.Values.collectors }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if has "jobs" $.Values.collectors }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if has "leases" $.Values.collectors }} -- apiGroups: ["coordination.k8s.io"] - resources: - - leases - verbs: ["list", "watch"] -{{ end -}} -{{ if has "limitranges" $.Values.collectors }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if has "mutatingwebhookconfigurations" $.Values.collectors }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if has "namespaces" $.Values.collectors }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if has "networkpolicies" $.Values.collectors }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if has "nodes" $.Values.collectors }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if has "persistentvolumeclaims" $.Values.collectors }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if has "persistentvolumes" $.Values.collectors }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if has "poddisruptionbudgets" $.Values.collectors }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "pods" $.Values.collectors }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if has "replicasets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "replicationcontrollers" $.Values.collectors }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if has "resourcequotas" $.Values.collectors }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if has "secrets" $.Values.collectors }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "services" $.Values.collectors }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if has "statefulsets" $.Values.collectors }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "storageclasses" $.Values.collectors }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if has "validatingwebhookconfigurations" $.Values.collectors }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if has "volumeattachments" $.Values.collectors }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{- if $.Values.kubeRBACProxy.enabled }} -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] -{{- end }} -{{- if $.Values.customResourceState.enabled }} -- apiGroups: ["apiextensions.k8s.io"] - resources: - - customresourcedefinitions - verbs: ["list", "watch"] -{{- end }} -{{ if $.Values.rbac.extraRules }} -{{ toYaml $.Values.rbac.extraRules }} -{{ end }} -{{- end -}} -{{- end -}} diff --git a/addons/datadog/charts/kube-state-metrics/templates/rolebinding.yaml b/addons/datadog/charts/kube-state-metrics/templates/rolebinding.yaml deleted file mode 100644 index 330651b73..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/rolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} -{{- range (join "," $.Values.namespaces) | split "," }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" $ | indent 4 }} - name: {{ template "kube-state-metrics.fullname" $ }} - namespace: {{ . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role -{{- if (not $.Values.rbac.useExistingRole) }} - name: {{ template "kube-state-metrics.fullname" $ }} -{{- else }} - name: {{ $.Values.rbac.useExistingRole }} -{{- end }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" $ }} - namespace: {{ template "kube-state-metrics.namespace" $ }} -{{- end -}} -{{- end -}} diff --git a/addons/datadog/charts/kube-state-metrics/templates/service.yaml b/addons/datadog/charts/kube-state-metrics/templates/service.yaml deleted file mode 100644 index 6c486a662..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port | default 8080}} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: {{ .Values.service.port | default 8080}} - {{ if .Values.selfMonitor.enabled }} - - name: "metrics" - protocol: TCP - port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - {{- if .Values.selfMonitor.telemetryNodePort }} - nodePort: {{ .Values.selfMonitor.telemetryNodePort }} - {{- end }} - {{ end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- if .Values.autosharding.enabled }} - clusterIP: None -{{- else if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} - selector: - {{- include "kube-state-metrics.selectorLabels" . | indent 4 }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/serviceaccount.yaml b/addons/datadog/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100644 index 38a93b31d..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.serviceAccount.annotations | indent 4 }} -{{- end }} -{{- if or .Values.serviceAccount.imagePullSecrets .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.serviceAccount.imagePullSecrets) | indent 2 }} -{{- end }} -{{- end -}} diff --git a/addons/datadog/charts/kube-state-metrics/templates/servicemonitor.yaml b/addons/datadog/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100644 index e2cde649a..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,120 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- with .Values.prometheus.monitor.additionalLabels }} - {{- tpl (toYaml . | nindent 4) $ }} - {{- end }} - {{- with .Values.prometheus.monitor.annotations }} - annotations: - {{- tpl (toYaml . | nindent 4) $ }} - {{- end }} -spec: - jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }} - {{- with .Values.prometheus.monitor.targetLabels }} - targetLabels: - {{- toYaml . | trim | nindent 4 }} - {{- end }} - {{- with .Values.prometheus.monitor.podTargetLabels }} - podTargetLabels: - {{- toYaml . | trim | nindent 4 }} - {{- end }} - {{- include "servicemonitor.scrapeLimits" .Values.prometheus.monitor | indent 2 }} - {{- if .Values.prometheus.monitor.namespaceSelector }} - namespaceSelector: - matchNames: - {{- with .Values.prometheus.monitor.namespaceSelector }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - selector: - matchLabels: - {{- with .Values.prometheus.monitor.selectorOverride }} - {{- toYaml . | nindent 6 }} - {{- else }} - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - {{- end }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.interval }} - interval: {{ .Values.prometheus.monitor.interval }} - {{- end }} - {{- if .Values.prometheus.monitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} - {{- end }} - {{- if .Values.prometheus.monitor.proxyUrl }} - proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} - {{- end }} - {{- if .Values.prometheus.monitor.enableHttp2 }} - enableHttp2: {{ .Values.prometheus.monitor.enableHttp2}} - {{- end }} - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.prometheus.monitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.scheme }} - scheme: {{ .Values.prometheus.monitor.scheme }} - {{- end }} - {{- if .Values.prometheus.monitor.tlsConfig }} - tlsConfig: - {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.bearerTokenFile }} - bearerTokenFile: {{ .Values.prometheus.monitor.bearerTokenFile }} - {{- end }} - {{- with .Values.prometheus.monitor.bearerTokenSecret }} - bearerTokenSecret: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.selfMonitor.enabled }} - - port: metrics - {{- if .Values.prometheus.monitor.interval }} - interval: {{ .Values.prometheus.monitor.interval }} - {{- end }} - {{- if .Values.prometheus.monitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} - {{- end }} - {{- if .Values.prometheus.monitor.proxyUrl }} - proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} - {{- end }} - {{- if .Values.prometheus.monitor.enableHttp2 }} - enableHttp2: {{ .Values.prometheus.monitor.enableHttp2}} - {{- end }} - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.prometheus.monitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.scheme }} - scheme: {{ .Values.prometheus.monitor.scheme }} - {{- end }} - {{- if .Values.prometheus.monitor.tlsConfig }} - tlsConfig: - {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.bearerTokenFile }} - bearerTokenFile: {{ .Values.prometheus.monitor.bearerTokenFile }} - {{- end }} - {{- with .Values.prometheus.monitor.bearerTokenSecret }} - bearerTokenSecret: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100644 index 489de147c..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} - resources: - - statefulsets - verbs: - - get - - list - - watch -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100644 index 73b37a4f6..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml b/addons/datadog/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml deleted file mode 100644 index f46305b51..000000000 --- a/addons/datadog/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.verticalPodAutoscaler.enabled) }} -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -spec: - {{- with .Values.verticalPodAutoscaler.recommenders }} - recommenders: - {{- toYaml . | nindent 4 }} - {{- end }} - resourcePolicy: - containerPolicies: - - containerName: {{ template "kube-state-metrics.name" . }} - {{- with .Values.verticalPodAutoscaler.controlledResources }} - controlledResources: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.verticalPodAutoscaler.controlledValues }} - controlledValues: {{ .Values.verticalPodAutoscaler.controlledValues }} - {{- end }} - {{- if .Values.verticalPodAutoscaler.maxAllowed }} - maxAllowed: - {{ toYaml .Values.verticalPodAutoscaler.maxAllowed | nindent 8 }} - {{- end }} - {{- if .Values.verticalPodAutoscaler.minAllowed }} - minAllowed: - {{ toYaml .Values.verticalPodAutoscaler.minAllowed | nindent 8 }} - {{- end }} - targetRef: - apiVersion: apps/v1 - {{- if .Values.autosharding.enabled }} - kind: StatefulSet - {{- else }} - kind: Deployment - {{- end }} - name: {{ template "kube-state-metrics.fullname" . }} - {{- with .Values.verticalPodAutoscaler.updatePolicy }} - updatePolicy: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/addons/datadog/charts/kube-state-metrics/values.yaml b/addons/datadog/charts/kube-state-metrics/values.yaml deleted file mode 100644 index 7f312961d..000000000 --- a/addons/datadog/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,480 +0,0 @@ -# Default values for kube-state-metrics. -prometheusScrape: true -image: - registry: registry.k8s.io - repository: kube-state-metrics/kube-state-metrics - # If unset use v + .Charts.appVersion - tag: "" - sha: "" - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -global: - # To help compatibility with other charts which use global.imagePullSecrets. - # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). - # global: - # imagePullSecrets: - # - name: pullSecret1 - # - name: pullSecret2 - # or - # global: - # imagePullSecrets: - # - pullSecret1 - # - pullSecret2 - imagePullSecrets: [] - # - # Allow parent charts to override registry hostname - imageRegistry: "" - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -# Change the deployment strategy when autosharding is disabled -# updateStrategy: Recreate - -# Number of old history to retain to allow rollback -# Default Kubernetes value is set to 10 -revisionHistoryLimit: 10 - -# List of additional cli arguments to configure kube-state-metrics -# for example: --enable-gzip-encoding, --log-file, etc. -# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md -extraArgs: [] - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - # Only allow access to the loadBalancerIP from these IPs - loadBalancerSourceRanges: [] - clusterIP: "" - annotations: {} - -## Additional labels to add to all resources -customLabels: {} - # app: kube-state-metrics - -## Override selector labels -selectorOverride: {} - -## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box -releaseLabel: false - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - - # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. - # useExistingRole: your-existing-role - - # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) - useClusterRole: true - - # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration - # Example: - # - apiGroups: ["monitoring.coreos.com"] - # resources: ["prometheuses"] - # verbs: ["list", "watch"] - extraRules: [] - -# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled). -# The requests are served through the same service but requests are then HTTPS. -kubeRBACProxy: - enabled: false - image: - registry: quay.io - repository: brancz/kube-rbac-proxy - tag: v0.14.0 - sha: "" - pullPolicy: IfNotPresent - - # List of additional cli arguments to configure kube-rbac-prxy - # for example: --tls-cipher-suites, --log-file, etc. - # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage - extraArgs: [] - - ## Specify security settings for a Container - ## Allows overrides and additional options compared to (Pod) securityContext - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - containerSecurityContext: {} - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## volumeMounts enables mounting custom volumes in rbac-proxy containers - ## Useful for TLS certificates and keys - volumeMounts: [] - # - mountPath: /etc/tls - # name: kube-rbac-proxy-tls - # readOnly: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - # ServiceAccount annotations. - # Use case: AWS EKS IAM roles for service accounts - # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html - annotations: {} - -prometheus: - monitor: - enabled: false - annotations: {} - additionalLabels: {} - namespace: "" - namespaceSelector: [] - jobLabel: "" - targetLabels: [] - podTargetLabels: [] - interval: "" - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 - - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 - - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 - - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 - - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 - scrapeTimeout: "" - proxyUrl: "" - ## Whether to enable HTTP2 for servicemonitor - # enableHttp2: false - selectorOverride: {} - honorLabels: false - metricRelabelings: [] - relabelings: [] - scheme: "" - ## File to read bearer token for scraping targets - bearerTokenFile: "" - ## Secret to mount to read bearer token for scraping targets. The secret needs - ## to be in the same namespace as the service monitor and accessible by the - ## Prometheus Operator - bearerTokenSecret: {} - # name: secret-name - # key: key-name - tlsConfig: {} - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - additionalVolumes: [] - -## Configure network policy for kube-state-metrics -networkPolicy: - enabled: false - # networkPolicy.flavor -- Flavor of the network policy to use. - # Can be: - # * kubernetes for networking.k8s.io/v1/NetworkPolicy - # * cilium for cilium.io/v2/CiliumNetworkPolicy - flavor: kubernetes - - ## Configure the cilium network policy kube-apiserver selector - # cilium: - # kubeApiServerSelector: - # - toEntities: - # - kube-apiserver - - # egress: - # - {} - # ingress: - # - {} - # podSelector: - # matchLabels: - # app.kubernetes.io/name: kube-state-metrics - -securityContext: - enabled: true - runAsGroup: 65534 - runAsUser: 65534 - fsGroup: 65534 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - -## Specify security settings for a Container -## Allows overrides and additional options compared to (Pod) securityContext -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -## Topology spread constraints for pod assignment -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -topologySpreadConstraints: [] - -# Annotations to be added to the deployment/statefulset -annotations: {} - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} - -# Comma-separated list of metrics to be exposed. -# This list comprises of exact metric names and/or regex patterns. -# The allowlist and denylist are mutually exclusive. -metricAllowlist: [] - -# Comma-separated list of metrics not to be enabled. -# This list comprises of exact metric names and/or regex patterns. -# The allowlist and denylist are mutually exclusive. -metricDenylist: [] - -# Comma-separated list of additional Kubernetes label keys that will be used in the resource's -# labels metric. By default the metric contains only name and namespace labels. -# To include additional labels, provide a list of resource names in their plural form and Kubernetes -# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. -# A single '*' can be provided per resource instead to allow any labels, but that has -# severe performance implications (Example: '=pods=[*]'). -metricLabelsAllowlist: [] - # - namespaces=[k8s-label-1,k8s-label-n] - -# Comma-separated list of Kubernetes annotations keys that will be used in the resource' -# labels metric. By default the metric contains only name and namespace labels. -# To include additional annotations provide a list of resource names in their plural form and Kubernetes -# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. -# A single '*' can be provided per resource instead to allow any annotations, but that has -# severe performance implications (Example: '=pods=[*]'). -metricAnnotationsAllowList: [] - # - pods=[k8s-annotation-1,k8s-annotation-n] - -# Available collectors for kube-state-metrics. -# By default, all available resources are enabled, comment out to disable. -collectors: - - certificatesigningrequests - - configmaps - - cronjobs - - daemonsets - - deployments - - endpoints - - horizontalpodautoscalers - - ingresses - - jobs - - leases - - limitranges - - mutatingwebhookconfigurations - - namespaces - - networkpolicies - - nodes - - persistentvolumeclaims - - persistentvolumes - - poddisruptionbudgets - - pods - - replicasets - - replicationcontrollers - - resourcequotas - - secrets - - services - - statefulsets - - storageclasses - - validatingwebhookconfigurations - - volumeattachments - -# Enabling kubeconfig will pass the --kubeconfig argument to the container -kubeconfig: - enabled: false - # base64 encoded kube-config file - secret: - -# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics -customResourceState: - enabled: false - # Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules - config: {} - -# Enable only the release namespace for collecting resources. By default all namespaces are collected. -# If releaseNamespace and namespaces are both set a merged list will be collected. -releaseNamespace: false - -# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected. -namespaces: "" - -# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, -# only namespaces that are excluded in namespaces-denylist will be used. -namespacesDenylist: "" - -## Override the deployment namespace -## -namespaceOverride: "" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - -## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. -## For example: kubeTargetVersionOverride: 1.14.9 -## -kubeTargetVersionOverride: "" - -# Enable self metrics configuration for service and Service Monitor -# Default values for telemetry configuration can be overridden -# If you set telemetryNodePort, you must also set service.type to NodePort -selfMonitor: - enabled: false - # telemetryHost: 0.0.0.0 - # telemetryPort: 8081 - # telemetryNodePort: 0 - -# Enable vertical pod autoscaler support for kube-state-metrics -verticalPodAutoscaler: - enabled: false - - # Recommender responsible for generating recommendation for the object. - # List should be empty (then the default recommender will generate the recommendation) - # or contain exactly one recommender. - # recommenders: [] - # - name: custom-recommender-performance - - # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory - controlledResources: [] - # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. - # controlledValues: RequestsAndLimits - - # Define the max allowed resources for the pod - maxAllowed: {} - # cpu: 200m - # memory: 100Mi - # Define the min allowed resources for the pod - minAllowed: {} - # cpu: 200m - # memory: 100Mi - - # updatePolicy: - # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction - # minReplicas: 1 - # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates - # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". - # updateMode: Auto - -# volumeMounts are used to add custom volume mounts to deployment. -# See example below -volumeMounts: [] -# - mountPath: /etc/config -# name: config-volume - -# volumes are used to add custom volumes to deployment -# See example below -volumes: [] -# - configMap: -# name: cm-for-volume -# name: config-volume - -# Extra manifests to deploy as an array -extraManifests: [] - # - apiVersion: v1 - # kind: ConfigMap - # metadata: - # labels: - # name: prometheus-extra - # data: - # extra-data: "value" - -## Containers allows injecting additional containers. -containers: [] - # - name: crd-init - # image: kiwigrid/k8s-sidecar:latest - -## InitContainers allows injecting additional initContainers. -initContainers: [] - # - name: crd-sidecar - # image: kiwigrid/k8s-sidecar:latest - -## Liveness probe -## -livenessProbe: - failureThreshold: 3 - httpGet: - httpHeaders: [] - scheme: http - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - -## Readiness probe -## -readinessProbe: - failureThreshold: 3 - httpGet: - httpHeaders: [] - scheme: http - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 diff --git a/addons/datadog/ci/agent-otel-collector-no-config-values.yaml b/addons/datadog/ci/agent-otel-collector-no-config-values.yaml new file mode 100644 index 000000000..f62b4cb66 --- /dev/null +++ b/addons/datadog/ci/agent-otel-collector-no-config-values.yaml @@ -0,0 +1,16 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true diff --git a/addons/datadog/ci/agent-otel-collector-ports-values.yaml b/addons/datadog/ci/agent-otel-collector-ports-values.yaml new file mode 100644 index 000000000..5e82a3350 --- /dev/null +++ b/addons/datadog/ci/agent-otel-collector-ports-values.yaml @@ -0,0 +1,41 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + ports: + - containerPort: "5317" + hostPort: "5317" + name: "otel-grpc" + config: | + receivers: + otlp: + protocols: + grpc: + endpoint: "localhost:5317" + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + exporters: [datadog] + metrics: + receivers: [otlp] + exporters: [datadog] + logs: + receivers: [otlp] + exporters: [datadog] diff --git a/addons/datadog/ci/agent-otel-collector-values.yaml b/addons/datadog/ci/agent-otel-collector-values.yaml new file mode 100644 index 000000000..1f845f2d9 --- /dev/null +++ b/addons/datadog/ci/agent-otel-collector-values.yaml @@ -0,0 +1,34 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + config: | + receivers: + otlp: + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + exporters: [datadog] + metrics: + receivers: [otlp] + exporters: [datadog] + logs: + receivers: [otlp] + exporters: [datadog] diff --git a/addons/datadog/ci/autoscaling.yaml b/addons/datadog/ci/autoscaling.yaml new file mode 100644 index 000000000..1c2602297 --- /dev/null +++ b/addons/datadog/ci/autoscaling.yaml @@ -0,0 +1,14 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + orchestratorExplorer: + customResources: + - datadoghq.com/v1alpha1/datadogpodautoscalers + autoscaling: + workload: + enabled: true + kubernetesEvents: + unbundleEvents: true +clusterAgent: + image: + tag: beta diff --git a/addons/datadog/ci/cluster-agent-values.yaml b/addons/datadog/ci/cluster-agent-values.yaml index e51445d2b..ed84b4d0e 100644 --- a/addons/datadog/ci/cluster-agent-values.yaml +++ b/addons/datadog/ci/cluster-agent-values.yaml @@ -6,6 +6,7 @@ datadog: clusterChecks: enabled: true kubernetesEvents: + filteringEnabled: true unbundleEvents: true clusterTagger: collectKubernetesTags: true diff --git a/addons/datadog/ci/gke-gdc-values.yaml b/addons/datadog/ci/gke-gdc-values.yaml new file mode 100644 index 000000000..1c6fcc087 --- /dev/null +++ b/addons/datadog/ci/gke-gdc-values.yaml @@ -0,0 +1,20 @@ +providers: + gke: + gdc: true + +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + + apm: + socketEnabled: false + portEnabled: false + + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true + + kubeStateMetricsCore: + enabled: true diff --git a/addons/datadog/ci/kubeval-values.yaml b/addons/datadog/ci/kubeconform-values.yaml similarity index 93% rename from addons/datadog/ci/kubeval-values.yaml rename to addons/datadog/ci/kubeconform-values.yaml index 162127c79..5494bd6c4 100644 --- a/addons/datadog/ci/kubeval-values.yaml +++ b/addons/datadog/ci/kubeconform-values.yaml @@ -4,6 +4,7 @@ datadog: kubelet: hostCAPath: /foo/bar/cert.ca agentCAPath: /bar/foo/cert.ca + coreCheckEnabled: true env: - name: "DD_KUBELET_TLS_VERIFY" value: "false" @@ -36,7 +37,7 @@ clusterAgent: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd metricsProvider: enabled: false admissionController: @@ -46,10 +47,10 @@ clusterChecksRunner: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd agents: nodeSelector: - kubernetes.io/os: linux + disktype: ssd podSecurity: podSecurityPolicy: create: true diff --git a/addons/datadog/ci/no_hardened_seccomp-values.yaml b/addons/datadog/ci/no-hardened-seccomp-values.yaml similarity index 100% rename from addons/datadog/ci/no_hardened_seccomp-values.yaml rename to addons/datadog/ci/no-hardened-seccomp-values.yaml diff --git a/addons/datadog/form.yaml b/addons/datadog/form.yaml deleted file mode 100644 index 576e04e95..000000000 --- a/addons/datadog/form.yaml +++ /dev/null @@ -1,67 +0,0 @@ -name: datadog -tabs: - - name: main - label: Info - sections: - - name: section_one - contents: - - type: heading - label: Deploy DataDog Agent - - type: subtitle - label: This installs the DataDog agent, which forwards all logs & metrics from your applications to DataDog for ingestion. It may take around 30 minutes for the logs to arrive in your DataDog instance. - - type: string-input - label: DataDog Site - variable: datadog.site - required: true - settings: - default: "datadoghq.com" - - type: string-input - label: DataDog API Key - variable: datadog.apiKey - required: true - settings: - default: "" - - type: heading - label: Logging - - type: subtitle - label: Forward logs from all containers to DataDog. Be aware that this may incur additional cost based on your retention settings. - - type: checkbox - label: Enable Logging - variable: datadog.logs.enabled - - type: heading - label: DogStatsD - - type: subtitle - label: Gather custom application metrics with DogStatsD. This automatically injects DD_AGENT_HOST as an environment variable to your pods to use in the code. - - type: checkbox - label: Enable DogStatsD - variable: clusterAgent.admissionController.enabled - - type: heading - label: APM - - type: subtitle - label: Use APM to trace your applications. This automatically injects environment variables to be used by standard datadog tracing libraries. - - type: checkbox - label: Enable APM - variable: datadog.apm.enabled - - name: resources - label: Resources - sections: - - name: main_section - contents: - - type: heading - label: Resources - - type: subtitle - label: Configure resources assigned to the Datadog agent. - - type: number-input - label: Datadog agent RAM - variable: agents.containers.agent.resources.requests.memory - placeholder: "ex: 256" - settings: - unit: Mi - default: 256 - - type: number-input - label: Datadog agent CPU - variable: agents.containers.agent.resources.requests.cpu - placeholder: "ex: 100" - settings: - unit: m - default: 100 diff --git a/addons/datadog/requirements.lock b/addons/datadog/requirements.lock index 6455e2890..87e35aad2 100644 --- a/addons/datadog/requirements.lock +++ b/addons/datadog/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.0.1 + version: 1.7.2 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts version: 2.13.2 -digest: sha256:10386038ff3fcdc2e2402135f2b94a587bdd4c2f13f5a3ff0eba381942e84bdc -generated: "2023-07-12T12:26:01.725393+02:00" +digest: sha256:ffe3215351a645d08a42bdb49ea28563f77f63372f4ed926e5bae5b5dc1511c6 +generated: "2024-08-02T09:23:56.854712+02:00" diff --git a/addons/datadog/requirements.yaml b/addons/datadog/requirements.yaml index 18ca3dc6c..a80b3b360 100644 --- a/addons/datadog/requirements.yaml +++ b/addons/datadog/requirements.yaml @@ -1,8 +1,8 @@ dependencies: - name: datadog-crds - version: 1.0.1 + version: 1.7.2 repository: https://helm.datadoghq.com - condition: clusterAgent.metricsProvider.useDatadogMetrics + condition: datadog.autoscaling.workload.enabled,clusterAgent.metricsProvider.useDatadogMetrics tags: - install-crds - name: kube-state-metrics diff --git a/addons/datadog/templates/NOTES.txt b/addons/datadog/templates/NOTES.txt index c91017e0a..e6002afba 100644 --- a/addons/datadog/templates/NOTES.txt +++ b/addons/datadog/templates/NOTES.txt @@ -27,6 +27,7 @@ Then run: {{- end }} {{- $healthPort := .Values.agents.containers.agent.healthPort }} + {{- with $liveness := .Values.agents.containers.agent.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -37,6 +38,7 @@ Then run: Node Agent liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.agents.containers.agent.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -47,6 +49,18 @@ Node Agent liveness probe port ({{ $liveness.port }}) is different from the conf Node Agent readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + +{{- with $startup := .Values.agents.containers.agent.startupProbe.httpGet }} +{{- if and $startup.port (ne $healthPort $startup.port) }} + +############################################################################## +#### ERROR: Node Agent startup probe misconfiguration #### +############################################################################## + +Node Agent readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). +{{- end }} +{{- end }} + {{- if eq (include "should-deploy-cluster-agent" .) "true" }} {{- if .Values.clusterAgent.metricsProvider.enabled }} @@ -65,6 +79,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api {{- end }} {{- end }} {{- $healthPort := .Values.clusterAgent.healthPort }} + {{- with $liveness := .Values.clusterAgent.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -75,6 +90,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api Cluster Agent liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.clusterAgent.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -85,8 +101,21 @@ Cluster Agent liveness probe port ({{ $liveness.port }}) is different from the c Cluster Agent readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + + {{- with $startup := .Values.clusterAgent.startupProbe.httpGet }} + {{- if and $startup.port (ne $healthPort $startup.port) }} + +############################################################################## +#### ERROR: Cluster Agent startup probe misconfiguration #### +############################################################################## + +Cluster Agent readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). + {{- end }} + {{- end }} + {{- if (eq (include "should-enable-cluster-check-workers" .) "true") }} {{- $healthPort := .Values.clusterChecksRunner.healthPort }} + {{- with $liveness := .Values.clusterChecksRunner.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -97,6 +126,7 @@ Cluster Agent readiness probe port ({{ $readiness.port }}) is different from the Cluster Checks Runner liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.clusterChecksRunner.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -107,6 +137,18 @@ Cluster Checks Runner liveness probe port ({{ $liveness.port }}) is different fr Cluster Checks Runner readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + + {{- with $startup := .Values.clusterChecksRunner.startupProbe.httpGet }} + {{- if and $startup.port (ne $healthPort $startup.port) }} + +##################################################################################### +#### ERROR: Cluster Checks Runner startup probe misconfiguration #### +##################################################################################### + +Cluster Checks Runner readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- if or .Values.datadog.apm.enabled .Values.datadog.apm.portEnabled }} @@ -135,44 +177,44 @@ The Datadog Agent is listening on port {{ $apmPort }} for APM service. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled (eq (include "cluster-agent-enabled" .) "false")}} +{{- if and (((.Values.datadog.autoscaling).workload).enabled) (not .Values.remoteConfiguration.enabled) }} -################################################################# -#### WARNING: Configuration notice #### -################################################################# +################################################################################### +#### ERROR: Container Autoscaling misconfiguration #### +################################################################################### -{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. To enable it please set clusterAgent.enabled to 'true'." }} +{{- fail "Workload autoscaling is activated without remote configuration. Remote configuration is required (remoteConfiguration.enabled = true)" }} {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled (not .Values.clusterAgent.admissionController.enabled)}} +{{- if and .Values.datadog.apm.instrumentation.enabled (eq (include "cluster-agent-enabled" .) "false")}} ################################################################# #### WARNING: Configuration notice #### ################################################################# -{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the admission controller. This configuration is unsupported. To enable it please set clusterAgent.admissionController.enabled to 'true'." }} +{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. To enable it please set clusterAgent.enabled to 'true'." }} {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled_namespaces (eq (include "cluster-agent-enabled" .) "false")}} +{{- if and .Values.datadog.apm.instrumentation.enabled (not .Values.clusterAgent.admissionController.enabled)}} ################################################################# #### WARNING: Configuration notice #### ################################################################# -You are using datadog.apm.instrumentation.enabledNamespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. -To enable it please set clusterAgent.enabled to 'true'. +{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the admission controller. This configuration is unsupported. To enable it please set clusterAgent.admissionController.enabled to 'true'." }} + {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabledNamespaces }} +{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) }} ################################################################# #### WARNING: Configuration notice #### ################################################################# -The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabledNamespaces` are set together. -APM Single Step Instrumentation will be enabled in the whole cluster. +The option `datadog.apm.instrumentation.enabledNamespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. +APM Single Step Instrumentation will be disabled in the whole cluster. {{- end }} @@ -296,7 +338,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ##################################################################### #### WARNING: System Probe is not supported on GKE Autopilot #### ##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} +{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill' and 'datadog.serviceMonitoring.enabled' must be set 'false'" }} {{- end }} @@ -534,7 +576,7 @@ To send OTLP data to the Agent use the Service created by specifying "http://{{ ################################################################# #### WARNING: Incompatibility #### ################################################################# -You have enabled creataion of PodSecurityPolicy, however PSP have been removed from Kubernetes >= 1.25, thus PSP will not be created. +You have enabled creation of PodSecurityPolicy, however PSP have been removed from Kubernetes >= 1.25, thus PSP will not be created. You should deactivate these options: clusterAgent.podSecurity.podSecurityPolicy.create and/or agents.podSecurity.podSecurityPolicy.create {{- end }} @@ -548,3 +590,20 @@ You are using the datadog.securityAgent.compliance.xccdf.enabled parameter which This version still supports both but the support of the old name will be dropped in the next major version of our Helm chart. More information about this change: https://github.com/DataDog/helm-charts/pull/1161 {{- end }} + + +{{- if and (eq (include "should-enable-otel-agent" .) "true") .Values.providers.gke.autopilot }} +################################################################# +#### WARNING: Configuration notice #### +################################################################# +OTel collector is not supported on GKE Autopilot. +{{- fail "The OTel collector cannot be run on GKE Autopilot." }} +{{- end }} + + +{{- if (eq (include "should-enable-otel-agent" .) "true") }} +################################################################# +#### WARNING: Private Beta notice #### +################################################################# +OTel collector is in preview. Please reach out to your Datadog representative for more information. +{{- end }} diff --git a/addons/datadog/templates/_ac-agent-sidecar-env.yaml b/addons/datadog/templates/_ac-agent-sidecar-env.yaml new file mode 100644 index 000000000..0e9799d38 --- /dev/null +++ b/addons/datadog/templates/_ac-agent-sidecar-env.yaml @@ -0,0 +1,47 @@ +{{- define "ac-agent-sidecar-env" -}} +{{- if and .Values.clusterAgent.admissionController.enabled .Values.clusterAgent.admissionController.agentSidecarInjection.enabled }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" +{{- else }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" +{{- end }} +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +{{- else if .Values.agents.image.name}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.agents.image.name }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +{{- else if .Values.agents.image.tag}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.agents.image.tag }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }}' +{{- end }} +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }}' +{{- end }} +{{- end }} +{{- end }} diff --git a/addons/datadog/templates/_components-common-env.yaml b/addons/datadog/templates/_components-common-env.yaml index 8ddd83a99..0ca7b0363 100644 --- a/addons/datadog/templates/_components-common-env.yaml +++ b/addons/datadog/templates/_components-common-env.yaml @@ -1,5 +1,5 @@ # The purpose of this template is to define a minimal set of environment -# variables shared between components: agent, cluster-agent +# variables shared between components: agent, cluster-agent and cluster checks runner {{- define "components-common-env" -}} {{- if .Values.datadog.secretBackend.command }} - name: DD_SECRET_BACKEND_COMMAND @@ -16,7 +16,7 @@ {{- if .Values.datadog.clusterName }} {{- template "check-cluster-name" . }} - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} + value: {{ tpl .Values.datadog.clusterName . | quote }} {{- end }} {{- if .Values.datadog.tags }} - name: DD_TAGS @@ -38,6 +38,18 @@ - name: DD_KUBERNETES_NAMESPACE_LABELS_AS_TAGS value: '{{ toJson .Values.datadog.namespaceLabelsAsTags }}' {{- end }} +{{- if .Values.datadog.namespaceAnnotationsAsTags }} +- name: DD_KUBERNETES_NAMESPACE_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.namespaceAnnotationsAsTags }}' +{{- end }} +{{- if .Values.datadog.kubernetesResourcesLabelsAsTags }} +- name: DD_KUBERNETES_RESOURCES_LABELS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesLabelsAsTags }}' +{{- end}} +{{- if .Values.datadog.kubernetesResourcesAnnotationsAsTags }} +- name: DD_KUBERNETES_RESOURCES_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesAnnotationsAsTags }}' +{{- end}} - name: KUBERNETES value: "yes" {{- if .Values.datadog.site }} @@ -52,4 +64,10 @@ - name: DD_EXCLUDE_PAUSE_CONTAINER value: "false" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt +- name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key +{{- end }} {{- end }} diff --git a/addons/datadog/templates/_container-agent.yaml b/addons/datadog/templates/_container-agent.yaml index cc71feddd..5219db7ed 100644 --- a/addons/datadog/templates/_container-agent.yaml +++ b/addons/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" .Values.datadog.sbom.containerImage.uncompressedLayersSupport) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") (and .Values.datadog.sbom.containerImage.uncompressedLayersSupport (not .Values.datadog.sbom.containerImage.overlayFSDirectScan)))) | indent 2 }} resources: {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: @@ -58,6 +58,8 @@ env: {{- include "containers-common-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} + {{- include "processes-common-envs" . | nindent 4 }} + {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} @@ -73,6 +75,12 @@ {{- if .Values.datadog.dogstatsd.originDetection }} - name: DD_DOGSTATSD_ORIGIN_DETECTION value: {{ .Values.datadog.dogstatsd.originDetection | quote }} + - name: DD_DOGSTATSD_ORIGIN_DETECTION_CLIENT + value: {{ .Values.datadog.dogstatsd.originDetection | quote }} + {{- end }} + {{- if .Values.datadog.originDetectionUnified.enabled }} + - name: DD_ORIGIN_DETECTION_UNIFIED + value: {{ .Values.datadog.originDetectionUnified.enabled | quote }} {{- end }} {{- if .Values.datadog.dogstatsd.tagCardinality }} - name: DD_DOGSTATSD_TAG_CARDINALITY @@ -101,7 +109,7 @@ {{- include "containers-cluster-agent-env" . | nindent 4 }} {{- end }} - name: DD_APM_ENABLED - value: "false" + value: {{ include "should-enable-trace-agent" . | quote }} - name: DD_LOGS_ENABLED value: {{ (default false (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled)) | quote}} - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL @@ -113,7 +121,7 @@ - name: DD_HEALTH_PORT {{- $healthPort := .Values.agents.containers.agent.healthPort }} value: {{ $healthPort | quote }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} @@ -150,10 +158,8 @@ - name: DD_CHECKS_TAG_CARDINALITY value: {{ .Values.datadog.checksCardinality | quote }} {{- end }} - {{- if .Values.datadog.containerLifecycle.enabled }} - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: {{ .Values.datadog.containerLifecycle.enabled | quote }} - {{- end }} + value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - name: DD_EXPVAR_PORT @@ -171,10 +177,17 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} + {{- if (eq (include "should-enable-sbom-container-image-collection" .) "true") }} {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if .Values.datadog.sbom.containerImage.overlayFSDirectScan }} + - name: DD_SBOM_CONTAINER_IMAGE_OVERLAYFS_DIRECT_SCAN + value: "true" + {{- else }} - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} + {{- end }} + {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" @@ -182,6 +195,12 @@ value: /host {{- end }} {{- end }} + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: {{ .Values.datadog.kubelet.coreCheckEnabled | quote | default "true" }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: DD_OTELCOLLECTOR_ENABLED + value: "true" + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: @@ -218,6 +237,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -238,6 +258,12 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true + {{- if (eq (include "should-run-process-checks-on-core-agent" .) "true") }} + - name: passwd + mountPath: /etc/passwd + readOnly: true + {{- end }} + {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir mountPath: /opt/datadog-agent/run @@ -251,17 +277,20 @@ mountPath: /var/log/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if not .Values.datadog.criSocketPath }} + {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} {{- end }} - {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") (or .Values.datadog.sbom.containerImage.uncompressedLayersSupport .Values.datadog.sbom.containerImage.overlayFSDirectScan)}} - name: host-containerd-dir mountPath: /host/var/lib/containerd readOnly: true + - name: host-docker-dir + mountPath: /host/var/lib/docker + readOnly: true {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: host-apk-dir @@ -311,6 +340,10 @@ {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} {{- end }} + {{- if .Values.providers.gke.gdc }} + - name: kubelet-cert-volume + mountPath: /certs + {{- end }} {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} @@ -320,4 +353,9 @@ readinessProbe: {{- $ready := .Values.agents.containers.agent.readinessProbe }} {{ include "probe.http" (dict "path" "/ready" "port" $healthPort "settings" $ready) | indent 4 }} +{{- if (not .Values.providers.gke.autopilot) }} + startupProbe: +{{- $startup := .Values.agents.containers.agent.startupProbe }} +{{ include "probe.http" (dict "path" "/startup" "port" $healthPort "settings" $startup) | indent 4 }} +{{- end }} {{- end -}} diff --git a/addons/datadog/templates/_container-cri-volumemounts.yaml b/addons/datadog/templates/_container-cri-volumemounts.yaml index fa85ce44e..af88ed5f3 100644 --- a/addons/datadog/templates/_container-cri-volumemounts.yaml +++ b/addons/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/addons/datadog/templates/_container-host-release-volumemounts.yaml b/addons/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..b775b7953 100644 --- a/addons/datadog/templates/_container-host-release-volumemounts.yaml +++ b/addons/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,4 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} +{{- if not .Values.providers.gke.gdc }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -9,3 +10,4 @@ readOnly: true {{- end }} {{- end }} +{{- end }} diff --git a/addons/datadog/templates/_container-otel-agent.yaml b/addons/datadog/templates/_container-otel-agent.yaml new file mode 100644 index 000000000..16e56bbe2 --- /dev/null +++ b/addons/datadog/templates/_container-otel-agent.yaml @@ -0,0 +1,81 @@ +{{- define "container-otel-agent" -}} +- name: otel-agent + image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + {{- if eq .Values.targetSystem "linux" }} + command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml"] + {{- end -}} + {{- if eq .Values.targetSystem "windows" }} + command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/datadog.yaml"] + {{- end -}} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.otelAgent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} + resources: +{{ toYaml .Values.agents.containers.otelAgent.resources | indent 4 }} + ports: + {{- range .Values.datadog.otelCollector.ports }} + - containerPort: {{ .containerPort }} + {{- if .hostPort }} + hostPort: {{ .hostPort }} + {{- end }} + protocol: TCP + name: {{ .name }} + {{- end }} +{{- if or .Values.datadog.envFrom .Values.agents.containers.otelAgent.envFrom }} + envFrom: +{{- if .Values.datadog.envFrom }} +{{ .Values.datadog.envFrom | toYaml | indent 4 }} +{{- end }} +{{- if .Values.agents.containers.otelAgent.envFrom }} +{{ .Values.agents.containers.otelAgent.envFrom | toYaml | indent 4 }} +{{- end }} +{{- end }} + env: + {{- include "containers-common-env" . | nindent 4 }} + {{- include "containers-cluster-agent-env" . | nindent 4 }} + {{- include "fips-envvar" . | nindent 4 }} + - name: DD_LOG_LEVEL + value: {{ .Values.agents.containers.otelAgent.logLevel | default .Values.datadog.logLevel | quote }} + {{- include "additional-env-entries" .Values.agents.containers.otelAgent.env | indent 4 }} + {{- include "additional-env-dict-entries" .Values.agents.containers.otelAgent.envDict | indent 4 }} + volumeMounts: + - name: config + mountPath: {{ template "datadog.confPath" . }} + readOnly: true + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs + {{- if (not .Values.providers.gke.autopilot) }} + - name: auth-token + mountPath: {{ template "datadog.confPath" . }}/auth + readOnly: true + {{- end }} + - name: otelconfig + mountPath: {{ template "datadog.otelconfPath" . }} + readOnly: true + {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.autopilot }} + - name: procdir + mountPath: /host/proc + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true + {{- end }} + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} + readOnly: true + {{- end }} + {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- include "container-cloudinit-volumemounts" . | nindent 4 }} + {{- if .Values.datadog.kubelet.hostCAPath }} +{{ include "datadog.kubelet.volumeMount" . | indent 4 }} + {{- end }} +{{- if .Values.agents.volumeMounts }} +{{ toYaml .Values.agents.volumeMounts | indent 4 }} +{{- end }} +{{- end -}} diff --git a/addons/datadog/templates/_container-process-agent.yaml b/addons/datadog/templates/_container-process-agent.yaml index b69179bbc..baeccc41a 100644 --- a/addons/datadog/templates/_container-process-agent.yaml +++ b/addons/datadog/templates/_container-process-agent.yaml @@ -28,16 +28,7 @@ {{- include "containers-common-env" . | nindent 4 }} {{- include "containers-cluster-agent-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} - {{- if .Values.datadog.processAgent.processCollection }} - - name: DD_PROCESS_AGENT_ENABLED - value: "true" - {{- end }} - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: {{ .Values.datadog.processAgent.processDiscovery | quote }} - {{- if .Values.datadog.processAgent.stripProcessArguments }} - - name: DD_STRIP_PROCESS_ARGS - value: "true" - {{- end }} + {{- include "processes-common-envs" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} - name: DD_SYSTEM_PROBE_ENABLED @@ -88,7 +79,7 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery}} + {{- if or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery .Values.datadog.processAgent.containerCollection}} - name: passwd mountPath: /etc/passwd readOnly: true diff --git a/addons/datadog/templates/_container-security-agent.yaml b/addons/datadog/templates/_container-security-agent.yaml index 29656fc2c..0a6be843e 100644 --- a/addons/datadog/templates/_container-security-agent.yaml +++ b/addons/datadog/templates/_container-security-agent.yaml @@ -34,22 +34,22 @@ {{- if .Values.datadog.securityAgent.compliance.enabled }} - name: DD_COMPLIANCE_CONFIG_CHECK_INTERVAL value: {{ .Values.datadog.securityAgent.compliance.checkInterval | quote }} - {{- if or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled }} - name: DD_COMPLIANCE_CONFIG_XCCDF_ENABLED - value: "true" + value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }} - name: DD_COMPLIANCE_CONFIG_HOST_BENCHMARKS_ENABLED - value: "true" - {{- end }} + value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }} - name: HOST_ROOT value: /host/root {{- end }} - name: DD_RUNTIME_SECURITY_CONFIG_ENABLED - value: {{ .Values.datadog.securityAgent.runtime.enabled | quote }} + value: {{ .Values.datadog.securityAgent.runtime.enabled | quote }} {{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled }} - name: DD_RUNTIME_SECURITY_CONFIG_POLICIES_DIR value: "/etc/datadog-agent/runtime-security.d" - name: DD_RUNTIME_SECURITY_CONFIG_SOCKET value: /var/run/sysprobe/runtime-security.sock + - name: DD_RUNTIME_SECURITY_CONFIG_USE_SECRUNTIME_TRACK + value: {{ .Values.datadog.securityAgent.runtime.useSecruntimeTrack | quote }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - name: DD_DOGSTATSD_SOCKET diff --git a/addons/datadog/templates/_container-trace-agent.yaml b/addons/datadog/templates/_container-trace-agent.yaml index c14094a09..66130e2f1 100644 --- a/addons/datadog/templates/_container-trace-agent.yaml +++ b/addons/datadog/templates/_container-trace-agent.yaml @@ -86,7 +86,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -99,6 +99,7 @@ - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket @@ -109,6 +110,7 @@ {{- end }} {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/addons/datadog/templates/_containers-common-env.yaml b/addons/datadog/templates/_containers-common-env.yaml index dfb27ea2d..84428aeb1 100644 --- a/addons/datadog/templates/_containers-common-env.yaml +++ b/addons/datadog/templates/_containers-common-env.yaml @@ -13,6 +13,7 @@ value: {{ template "datadog.confPath" . }}/auth/token {{- end }} {{ include "components-common-env" . }} +{{ include "language-detection-common-env" . }} {{- if .Values.datadog.kubelet.host }} - name: DD_KUBERNETES_KUBELET_HOST {{ toYaml .Values.datadog.kubelet.host | indent 2 }} @@ -29,6 +30,15 @@ - name: DD_KUBERNETES_HTTPS_KUBELET_PORT value: "0" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName +- name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" +{{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} - name: DD_HOSTNAME_FILE @@ -115,7 +125,7 @@ {{- end }} {{- end }} {{- else }} # No support for env AD -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} diff --git a/addons/datadog/templates/_containers-init-linux.yaml b/addons/datadog/templates/_containers-init-linux.yaml index 089555505..fd0636250 100644 --- a/addons/datadog/templates/_containers-init-linux.yaml +++ b/addons/datadog/templates/_containers-init-linux.yaml @@ -1,7 +1,7 @@ {{- define "containers-init-linux" -}} - name: init-volume {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -16,7 +16,7 @@ {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -26,9 +26,6 @@ args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: {{ template "datadog.logDirectoryPath" . }} - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path @@ -42,11 +39,16 @@ mountPath: /checks.d readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config mountPath: /etc/datadog-agent/system-probe.yaml diff --git a/addons/datadog/templates/_daemonset-volumes-linux.yaml b/addons/datadog/templates/_daemonset-volumes-linux.yaml index 636503362..de1e13924 100644 --- a/addons/datadog/templates/_daemonset-volumes-linux.yaml +++ b/addons/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,6 +3,14 @@ emptyDir: {} - name: tmpdir emptyDir: {} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ include "agents.confd-configmap-name" . }} +{{- end }} +{{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc name: procdir @@ -58,13 +66,6 @@ type: DirectoryOrCreate name: apmsocket {{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ include "agents.confd-configmap-name" . }} -{{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config configMap: @@ -137,7 +138,7 @@ name: btf-path {{- end }} {{- end }} -{{- if or .Values.datadog.processAgent.enabled (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} +{{- if or (eq (include "process-checks-enabled" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} - hostPath: path: /etc/passwd name: passwd @@ -147,10 +148,13 @@ path: / name: hostroot {{- end }} -{{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} +{{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - hostPath: path: /var/lib/containerd name: host-containerd-dir +- hostPath: + path: /var/lib/docker + name: host-docker-dir {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - hostPath: @@ -180,6 +184,12 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} +- hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir +{{- end }} +{{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs @@ -190,15 +200,15 @@ - hostPath: path: /var/log/containers name: logscontainerspath -{{- if not .Values.datadog.criSocketPath }} +{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} -- hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir +{{- if .Values.providers.gke.gdc }} +- secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume {{- end }} {{- end -}} diff --git a/addons/datadog/templates/_daemonset-volumes-windows.yaml b/addons/datadog/templates/_daemonset-volumes-windows.yaml index 39598e91b..55a606065 100644 --- a/addons/datadog/templates/_daemonset-volumes-windows.yaml +++ b/addons/datadog/templates/_daemonset-volumes-windows.yaml @@ -21,7 +21,7 @@ path: C:/ProgramData name: logdockercontainerpath {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ template "datadog.dockerOrCriSocketPath" . }} name: runtimesocket diff --git a/addons/datadog/templates/_helpers.tpl b/addons/datadog/templates/_helpers.tpl index a66fc4e10..3a3eeced0 100644 --- a/addons/datadog/templates/_helpers.tpl +++ b/addons/datadog/templates/_helpers.tpl @@ -1,18 +1,24 @@ {{/* vim: set filetype=mustache: */}} -{{- define "check-version" -}} -{{- if not .Values.agents.image.doNotCheckTag -}} +{{/* + Returns node agent version based on image tag. This assumes `agents.image.doNotCheckTag` is false. +*/}} +{{- define "get-agent-version" -}} {{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} {{- $length := len (split "." $version) -}} {{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.36.0" -}} +{{- $version = "6.55.1" -}} {{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.36.0" -}} +{{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} +{{- $version = "7.58.1" -}} {{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.36.0" -}} +{{- $version -}} {{- end -}} + + +{{- define "check-version" -}} +{{- if not .Values.agents.image.doNotCheckTag -}} +{{- $version := (include "get-agent-version" .) -}} {{- if not (semverCompare "^6.36.0-0 || ^7.36.0-0" $version) -}} {{- fail "This version of the chart requires an agent image 7.36.0 or greater. If you want to force and skip this check, use `--set agents.image.doNotCheckTag=true`" -}} {{- end -}} @@ -45,17 +51,7 @@ false {{- define "agent-has-env-ad" -}} {{- if not .Values.agents.image.doNotCheckTag -}} -{{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} -{{- $length := len (split "." $version) -}} -{{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.27.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.27.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.27.0" -}} -{{- end -}} +{{- $version := (include "get-agent-version" .) -}} {{- if semverCompare "^6.27.0-0 || ^7.27.0-0" $version -}} true {{- else -}} @@ -67,11 +63,12 @@ true {{- end -}} {{- define "check-cluster-name" }} -{{- $length := len .Values.datadog.clusterName -}} +{{- $clusterName := tpl .Values.datadog.clusterName . -}} +{{- $length := len $clusterName -}} {{- if (gt $length 80)}} {{- fail "Your `clusterName` isn’t valid it has to be below 81 chars." -}} {{- end}} -{{- if not (regexMatch "^([a-z]([a-z0-9\\-]*[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]*[a-z0-9])?)$" .Values.datadog.clusterName) -}} +{{- if not (regexMatch "^([a-z]([a-z0-9\\-]*[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]*[a-z0-9])?)$" $clusterName) -}} {{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by lowercase letters, numbers, or hyphens, can only end with a with [a-z0-9] and has to be below 80 chars." -}} {{- end -}} {{- end -}} @@ -109,6 +106,19 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Return true if the OTelAgent needs to be deployed +*/}} +{{- define "should-enable-otel-agent" -}} +{{- if and .Values.datadog.otelCollector.enabled (not .Values.providers.gke.gdc) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + + + {{/* Return secret name to be used based on provided values. */}} @@ -209,12 +219,26 @@ C:/ProgramData/Datadog {{- end -}} {{- end -}} +{{/* +Return agent config path +*/}} +{{- define "datadog.otelconfPath" -}} +{{- if eq .Values.targetSystem "linux" -}} +/etc/otel-agent +{{- end -}} +{{- if eq .Values.targetSystem "windows" -}} +C:/ProgramData/Datadog +{{- end -}} +{{- end -}} + {{/* Return agent host mount root */}} {{- define "datadog.hostMountRoot" -}} {{- if .Values.providers.gke.autopilot -}} /var/autopilot/addon/datadog +{{- else if .Values.providers.gke.gdc -}} +/var/datadog {{- else -}} /var/lib/datadog-agent {{- end -}} @@ -273,6 +297,8 @@ eu.gcr.io/datadoghq public.ecr.aws/datadog {{- else if eq .datadog.site "ap1.datadoghq.com" -}} asia.gcr.io/datadoghq +{{- else if eq .datadog.site "us3.datadoghq.com" -}} +datadoghq.azurecr.io {{- else -}} gcr.io/datadoghq {{- end -}} @@ -316,7 +342,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -339,7 +365,7 @@ false Return true if the fips side car container should be created. */}} {{- define "should-enable-fips" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} true {{- else -}} false @@ -361,7 +387,7 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} true {{- else -}} false @@ -372,7 +398,7 @@ false Return true if the compliance features should be enabled. */}} {{- define "should-enable-compliance" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} true {{- else -}} false @@ -383,7 +409,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -396,7 +422,7 @@ Return true if the hostPid features should be enabled for the Agent pod. {{- define "should-enable-host-pid" -}} {{- if eq .Values.targetSystem "windows" -}} false -{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- else if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false @@ -450,10 +476,10 @@ false {{- end -}} {{/* -Return true hostPath should be use for DSD socket. Return always false on GKE autopilot. +Return true hostPath should be use for DSD socket. Return always false on GKE autopilot or GDC. */}} {{- define "should-mount-hostPath-for-dsd-socket" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if .Values.datadog.dogstatsd.useSocketVolume -}} @@ -464,13 +490,13 @@ false {{- end -}} {{/* -Return true if a APM over UDS is configured. Return always false on GKE autopilot. +Return true if a APM over UDS is configured. Return always false on GKE Autopilot or Google Distributed Cloud. */}} {{- define "trace-agent-use-uds" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} -{{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} +{{- if and (or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -518,6 +544,9 @@ Returns provider kind {{- if .Values.providers.gke.autopilot -}} gke-autopilot {{- end -}} +{{- if .Values.providers.gke.gdc -}} +gke-gdc +{{- end -}} {{- end -}} {{/* @@ -573,6 +602,10 @@ datadog-agent-fips-config {{- end -}} {{- end -}} +{{- define "agents-install-otel-configmap-name" -}} +{{ template "datadog.fullname" . }}-otel-config +{{- end -}} + {{/* Common template labels */}} @@ -826,7 +859,7 @@ In 7.36, `--config` was deprecated and `--cfgpath` should be used instead. {{/* Returns whether or not the underlying OS is Google Container-Optimized-OS -Note: GKE Autopilot clusters only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) +Note: GKE Autopilot only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) */}} {{- define "can-mount-host-usr-src" -}} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.cos -}} @@ -840,7 +873,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -851,7 +884,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.clusterAgent.admissionController.remoteInstrumentation.enabled) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -874,11 +907,22 @@ Create RBACs for custom resources {{- end }} {{- end }} +{{/* + Return true if Container Runtime Support is enabled +*/}} +{{- define "container-runtime-support-enabled" -}} + {{- if and .Values.datadog.containerRuntimeSupport.enabled (not .Values.providers.gke.gdc) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} + {{- if and (not (include "container-runtime-support-enabled" .)) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} @@ -903,33 +947,83 @@ Create RBACs for custom resources {{- end -}} {{/* -Return all namespaces with enabled Single Step Instrumentation. If instrumentation.enabledNamespaces contains the namespace where Datadog is installed, -it will be removed. + Return true if language detection feature is enabled */}} -{{- define "apmInstrumentation.enabledNamespaces" -}} -{{- if and .Values.datadog.apm .Values.datadog.apm.instrumentation -}} -{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) -}} -{{- if has .Release.Namespace .Values.datadog.apm.instrumentation.enabledNamespaces -}} -{{- $ns := mustWithout .Values.datadog.apm.instrumentation.enabledNamespaces .Release.Namespace -}} -{{- if $ns -}} -{{- $ns | toJson | quote -}} -{{- end -}} -{{- else -}} -{{- .Values.datadog.apm.instrumentation.enabledNamespaces | toJson | quote -}} +{{- define "language-detection-enabled" -}} + {{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.language_detection.enabled -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} + +{{/* + Return true if any process-related check is enabled +*/}} +{{- define "process-checks-enabled" -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} + {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} + +{{/* + Return value of "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" env var in core agent container. +*/}} +{{- define "get-process-checks-in-core-agent-envvar" -}} + {{- range .Values.agents.containers.agent.env -}} + {{- if eq .name "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" -}} + {{- .value -}} + {{- end -}} + {{- end -}} {{- end -}} + +{{/* + Returns true if process-related checks should run on the core agent. +*/}} +{{- define "should-run-process-checks-on-core-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} + {{- if ne .Values.targetSystem "linux" -}} + false + {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} + {{- include "get-process-checks-in-core-agent-envvar" . -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.57.0-0" (include "get-agent-version" .)) -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} {{/* -Return all namespaces with disabled Single Step Instrumentation + Returns true if the process-agent container should be created. */}} -{{- define "apmInstrumentation.disabledNamespaces" -}} -{{- if and .Values.datadog.apm .Values.datadog.apm.instrumentation -}} -{{- if and .Values.datadog.apm.instrumentation.disabledNamespaces .Values.datadog.apm.instrumentation.enabled -}} -{{- append .Values.datadog.apm.instrumentation.disabledNamespaces .Release.Namespace | toJson | quote -}} -{{- else if .Values.datadog.apm.instrumentation.enabled -}} -{{- list .Release.Namespace | toJson | quote -}} +{{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} + {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} + true + {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} + true + {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}} + false + {{- else -}} + {{- include "process-checks-enabled" . -}} + {{- end -}} {{- end -}} + + +{{- define "get-port-number-from-name" -}} +{{- $portName := .portName -}} +{{- range .ports -}} + {{- if eq .name $portName -}} + {{ .containerPort }} + {{- end -}} {{- end -}} {{- end -}} diff --git a/addons/datadog/templates/_kubernetes_apiserver_config.yaml b/addons/datadog/templates/_kubernetes_apiserver_config.yaml index 0454838a2..208e21594 100644 --- a/addons/datadog/templates/_kubernetes_apiserver_config.yaml +++ b/addons/datadog/templates/_kubernetes_apiserver_config.yaml @@ -1,10 +1,13 @@ {{- define "kubernetes_apiserver-config" -}} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents -}} +{{- if .Values.datadog.collectEvents -}} kubernetes_apiserver.yaml: |- init_config: instances: - - unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + - filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} + unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + {{- if .Values.datadog.kubernetesEvents.unbundleEvents }} collected_event_types: {{ .Values.datadog.kubernetesEvents.collectedEventTypes | toYaml | nindent 8 }} + {{- end -}} {{- end -}} {{- end -}} diff --git a/addons/datadog/templates/_language_detection_env.yaml b/addons/datadog/templates/_language_detection_env.yaml new file mode 100644 index 000000000..5ac676110 --- /dev/null +++ b/addons/datadog/templates/_language_detection_env.yaml @@ -0,0 +1,8 @@ +# The purpose of this template is to define a minimal set of environment +# variables to enable language detection +{{- define "language-detection-common-env" -}} +- name: DD_LANGUAGE_DETECTION_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +- name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +{{- end -}} diff --git a/addons/datadog/templates/_otel_agent_config.yaml b/addons/datadog/templates/_otel_agent_config.yaml new file mode 100644 index 000000000..dd18d93c4 --- /dev/null +++ b/addons/datadog/templates/_otel_agent_config.yaml @@ -0,0 +1,51 @@ +{{- define "otel-agent-config-configmap-content" -}} +otel-config.yaml: {{- if .Values.datadog.otelCollector.config }} {{ toYaml .Values.datadog.otelCollector.config | indent 4 }} + {{- else }} | + receivers: + prometheus: + config: + scrape_configs: + - job_name: "otelcol" + scrape_interval: 10s + static_configs: + - targets: ["0.0.0.0:8888"] + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:{{ include "get-port-number-from-name" (dict "ports" .Values.datadog.otelCollector.ports "portName" "otel-grpc") }} + http: + endpoint: 0.0.0.0:{{ include "get-port-number-from-name" (dict "ports" .Values.datadog.otelCollector.ports "portName" "otel-http") }} + exporters: + debug: + verbosity: detailed + datadog: + api: + key: ${env:DD_API_KEY} + processors: + infraattributes: + cardinality: 2 + batch: + timeout: 10s + connectors: + datadog/connector: + traces: + compute_top_level_by_span_kind: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true + service: + pipelines: + traces: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog, datadog/connector] + metrics: + receivers: [otlp, datadog/connector, prometheus] + processors: [infraattributes, batch] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] +{{- end -}} +{{- end -}} + diff --git a/addons/datadog/templates/_processes-common-env.yaml b/addons/datadog/templates/_processes-common-env.yaml new file mode 100644 index 000000000..65fcd07f8 --- /dev/null +++ b/addons/datadog/templates/_processes-common-env.yaml @@ -0,0 +1,17 @@ +# Defines set of environment variables for Processes-related checks. +{{- define "processes-common-envs" -}} +{{- if not .Values.providers.gke.gdc }} +- name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: {{ .Values.datadog.processAgent.processCollection | quote }} +- name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: {{ .Values.datadog.processAgent.containerCollection | quote }} +- name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: {{ .Values.datadog.processAgent.processDiscovery | quote }} +- name: DD_STRIP_PROCESS_ARGS + value: {{ .Values.datadog.processAgent.stripProcessArguments | quote }} +{{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} +- name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/addons/datadog/templates/_system-probe-init.yaml b/addons/datadog/templates/_system-probe-init.yaml index 99b1f4fbf..cfea181fc 100644 --- a/addons/datadog/templates/_system-probe-init.yaml +++ b/addons/datadog/templates/_system-probe-init.yaml @@ -1,5 +1,8 @@ {{- define "system-probe-init" -}} - name: seccomp-setup +{{- if not .Values.providers.gke.autopilot }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: diff --git a/addons/datadog/templates/agent-cilium-network-policy.yaml b/addons/datadog/templates/agent-cilium-network-policy.yaml index 7e7a4c09a..480ac0a7e 100644 --- a/addons/datadog/templates/agent-cilium-network-policy.yaml +++ b/addons/datadog/templates/agent-cilium-network-policy.yaml @@ -89,6 +89,8 @@ specs: - matchName: "api.{{ $.Values.datadog.site }}" - matchName: "agent-intake.logs.{{ $.Values.datadog.site }}" - matchName: "agent-http-intake.logs.{{ $.Values.datadog.site }}" + - matchName: "contimage-intake.{{ $.Values.datadog.site }}" + - matchName: "contlcycle-intake.{{ $.Values.datadog.site }}" - matchName: "process.{{ $.Values.datadog.site }}" - matchName: "orchestrator.{{ $.Values.datadog.site }}" - matchName: "instrumentation-telemetry-intake.{{ $.Values.datadog.site }}" @@ -105,6 +107,8 @@ specs: - matchName: "api.datadoghq.com" - matchName: "agent-intake.logs.datadoghq.com" - matchName: "agent-http-intake.logs.datadoghq.com" + - matchName: "contimage-intake.datadoghq.com" + - matchName: "contlcycle-intake.datadoghq.com" - matchName: "process.datadoghq.com" - matchName: "orchestrator.datadoghq.com" - matchName: "instrumentation-telemetry-intake.datadoghq.com" diff --git a/addons/datadog/templates/agent-clusterchecks-deployment.yaml b/addons/datadog/templates/agent-clusterchecks-deployment.yaml index 5f036010f..6ae0de1c5 100644 --- a/addons/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/addons/datadog/templates/agent-clusterchecks-deployment.yaml @@ -27,6 +27,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-clusterchecks {{- if .Values.clusterChecksRunner.additionalLabels }} {{ toYaml .Values.clusterChecksRunner.additionalLabels | indent 8 }} @@ -77,6 +78,10 @@ spec: command: ["bash", "-c"] args: - cp -r /etc/datadog-agent /opt +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /opt/datadog-agent @@ -89,6 +94,10 @@ spec: command: ["bash", "-c"] args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -108,7 +117,7 @@ spec: image: "{{ include "image-path" (dict "root" .Values "image" .Values.clusterChecksRunner.image) }}" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} {{- if .Values.clusterChecksRunner.ports }} ports: @@ -124,33 +133,12 @@ spec: {{- end }} {{- end }} env: + {{- include "components-common-env" . | nindent 10 }} - name: DD_API_KEY valueFrom: secretKeyRef: name: {{ template "datadog.apiSecretName" . }} key: api-key - {{- if .Values.datadog.secretBackend.command }} - - name: DD_SECRET_BACKEND_COMMAND - value: {{ .Values.datadog.secretBackend.command | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.arguments }} - - name: DD_SECRET_BACKEND_ARGUMENTS - value: {{ .Values.datadog.secretBackend.arguments | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.timeout }} - - name: DD_SECRET_BACKEND_TIMEOUT - value: {{ .Values.datadog.secretBackend.timeout | quote }} - {{- end }} - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.datadog.logLevel | quote }} @@ -191,17 +179,16 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - {{- if .Values.datadog.clusterName }} - {{- template "check-cluster-name" . }} - - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} - {{- end }} {{- include "provider-env" . | nindent 10 }} {{- include "fips-envvar" . | nindent 10 }} {{- include "additional-env-entries" .Values.clusterChecksRunner.env | indent 10 }} {{- include "additional-env-dict-entries" .Values.clusterChecksRunner.envDict | indent 10 }} resources: {{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} +{{- if .Values.clusterChecksRunner.containers.agent.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.agent.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: installinfo subPath: install_info @@ -226,6 +213,9 @@ spec: readinessProbe: {{- $ready := .Values.clusterChecksRunner.readinessProbe }} {{ include "probe.http" (dict "settings" $ready "path" "/ready" "port" $healthPort) | indent 10 }} + startupProbe: +{{- $startup := .Values.clusterChecksRunner.startupProbe }} +{{ include "probe.http" (dict "settings" $startup "path" "/startup" "port" $healthPort) | indent 10 }} volumes: - name: installinfo configMap: diff --git a/addons/datadog/templates/agent-services.yaml b/addons/datadog/templates/agent-services.yaml index 491a87862..ce6080d04 100644 --- a/addons/datadog/templates/agent-services.yaml +++ b/addons/datadog/templates/agent-services.yaml @@ -100,5 +100,13 @@ spec: targetPort: {{ .Values.datadog.otlp.receiver.protocols.http.endpoint | regexFind ":[0-9]+$" | trimPrefix ":" }} name: otlphttpport {{- end }} +{{- if eq (include "should-enable-otel-agent" .) "true" }} +{{- range .Values.datadog.otelCollector.ports }} + - protocol: TCP + port: {{ .containerPort }} + targetPort: {{ .containerPort }} + name: {{ .name }} +{{- end }} +{{- end }} internalTrafficPolicy: Local {{ end }} diff --git a/addons/datadog/templates/cluster-agent-cilium-network-policy.yaml b/addons/datadog/templates/cluster-agent-cilium-network-policy.yaml index af98d78de..db2742802 100644 --- a/addons/datadog/templates/cluster-agent-cilium-network-policy.yaml +++ b/addons/datadog/templates/cluster-agent-cilium-network-policy.yaml @@ -189,4 +189,20 @@ specs: - port: {{ include "clusterAgent.metricsProvider.port" . | quote }} protocol: TCP {{- end }} +{{- if .Values.clusterAgent.admissionController.enabled }} + - description: Ingress from API server for admission controller + endpointSelector: + matchLabels: + app: {{ template "datadog.fullname" . }}-cluster-agent + {{- if .Values.clusterAgent.podLabels }} + {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} + {{- end }} + ingress: + - fromEntities: + - kube-apiserver + toPorts: + - ports: + - port: {{ .Values.clusterAgent.admissionController.port | quote }} + protocol: TCP +{{- end }} {{- end }} diff --git a/addons/datadog/templates/cluster-agent-deployment.yaml b/addons/datadog/templates/cluster-agent-deployment.yaml index 636649ee1..9549a90ae 100644 --- a/addons/datadog/templates/cluster-agent-deployment.yaml +++ b/addons/datadog/templates/cluster-agent-deployment.yaml @@ -38,6 +38,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-cluster-agent {{- if .Values.clusterAgent.podLabels }} {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} @@ -169,6 +170,7 @@ spec: key: api-key optional: true {{- include "components-common-env" . | nindent 10 }} + {{- include "language-detection-common-env" . | nindent 10 }} {{- if .Values.clusterAgent.metricsProvider.enabled }} - name: DD_APP_KEY valueFrom: @@ -201,6 +203,10 @@ spec: {{- if .Values.clusterAgent.admissionController.enabled }} - name: DD_ADMISSION_CONTROLLER_ENABLED value: {{ .Values.clusterAgent.admissionController.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.validation.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.mutation.enabled | quote }} - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: {{ .Values.clusterAgent.admissionController.webhookName | quote }} - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -230,28 +236,51 @@ spec: - name: DD_ADMISSION_CONTROLLER_PORT value: {{ .Values.clusterAgent.admissionController.port | quote }} {{- end }} - {{- if eq (include "clusterAgent-remoteConfiguration-enabled" .) "true" }} + {{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }} - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" {{- end }} + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + {{- if .Values.clusterAgent.admissionController.containerRegistry }} + value: {{ .Values.clusterAgent.admissionController.containerRegistry | quote }} + {{- else }} + value: {{ include "registry" .Values | quote }} + {{- end }} + {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} {{- if .Values.datadog.apm.instrumentation.enabled }} - name: DD_APM_INSTRUMENTATION_ENABLED - value: "true" + value: {{ .Values.datadog.apm.instrumentation.enabled | quote }} {{- end }} - {{- if ne (include "apmInstrumentation.enabledNamespaces" .) "" }} + {{- if .Values.datadog.apm.instrumentation.enabledNamespaces }} - name: DD_APM_INSTRUMENTATION_ENABLED_NAMESPACES - value: {{ include "apmInstrumentation.enabledNamespaces" . }} + value: {{ .Values.datadog.apm.instrumentation.enabledNamespaces | toJson | quote }} {{- end }} - {{- if ne (include "apmInstrumentation.disabledNamespaces" .) "" }} + {{- if .Values.datadog.apm.instrumentation.disabledNamespaces }} - name: DD_APM_INSTRUMENTATION_DISABLED_NAMESPACES - value: {{ include "apmInstrumentation.disabledNamespaces" . }} + value: {{ .Values.datadog.apm.instrumentation.disabledNamespaces | toJson | quote }} {{- end }} {{- if .Values.datadog.apm.instrumentation.libVersions }} - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.asm.threats.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.sca.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_SCA_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.iast.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_IAST_ENABLED + value: "true" + {{- end }} + {{- if not (eq .Values.datadog.profiling.enabled nil) }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PROFILING_ENABLED + value: {{ .Values.datadog.profiling.enabled | quote }} + {{- end }} {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED value: {{ .Values.datadog.clusterChecks.enabled | quote }} @@ -283,6 +312,8 @@ spec: - name: DD_COLLECT_KUBERNETES_EVENTS value: {{ .Values.datadog.collectEvents | quote }} {{- end }} + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: {{ .Values.datadog.kubernetesEvents.sourceDetectionEnabled | quote }} - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: {{ template "datadog.fullname" . }}-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN @@ -306,6 +337,8 @@ spec: - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED value: {{ .Values.datadog.orchestratorExplorer.container_scrubbing.enabled | quote }} {{- end }} + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: {{ include "language-detection-enabled" . | quote }} {{- if eq (include "should-enable-security-agent" .) "true" }} - name: DD_COMPLIANCE_CONFIG_ENABLED value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }} @@ -328,6 +361,10 @@ spec: value: {{ .Values.datadog.prometheusScrape.version | quote }} {{- end }} {{- end }} + {{- if (((.Values.datadog.autoscaling).workload).enabled) }} + - name: DD_AUTOSCALING_WORKLOAD_ENABLED + value: {{ (((.Values.datadog.autoscaling).workload).enabled) | quote }} + {{- end }} - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: @@ -352,6 +389,9 @@ spec: readinessProbe: {{- $ready := .Values.clusterAgent.readinessProbe }} {{ include "probe.http" (dict "path" "/ready" "port" $healthPort "settings" $ready) | indent 10 }} + startupProbe: +{{- $startup := .Values.clusterAgent.startupProbe }} +{{ include "probe.http" (dict "path" "/startup" "port" $healthPort "settings" $startup) | indent 10 }} {{- if .Values.clusterAgent.containers.clusterAgent.securityContext }} securityContext: {{ toYaml .Values.clusterAgent.containers.clusterAgent.securityContext | indent 10 }} @@ -424,7 +464,7 @@ spec: - key: helm.yaml path: helm.yaml {{- end }} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents }} +{{- if .Values.datadog.collectEvents }} - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml {{- end }} diff --git a/addons/datadog/templates/cluster-agent-rbac.yaml b/addons/datadog/templates/cluster-agent-rbac.yaml index 975098c8e..e02be2434 100644 --- a/addons/datadog/templates/cluster-agent-rbac.yaml +++ b/addons/datadog/templates/cluster-agent-rbac.yaml @@ -15,6 +15,7 @@ rules: - nodes - namespaces - componentstatuses + - limitranges verbs: - get - list @@ -115,6 +116,17 @@ rules: - "get" - "watch" {{- end }} +{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.language_detection.enabled }} +- apiGroups: + - "apps" + resources: + - deployments + verbs: + - list + - get + - watch + - patch +{{- end }} {{- if eq (include "should-enable-k8s-resource-monitoring" .) "true" }} - apiGroups: # to get the kube-system namespace UID and generate a cluster ID - "" @@ -155,7 +167,7 @@ rules: - list - get - watch -{{- if eq (include "clusterAgent-remoteConfiguration-enabled" .) "true" }} +{{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }} - patch {{- end }} - apiGroups: @@ -171,6 +183,7 @@ rules: - networking.k8s.io resources: - ingresses + - networkpolicies verbs: - list - get @@ -186,6 +199,14 @@ rules: - list - get - watch +- apiGroups: + - "storage.k8s.io" + resources: + - storageclasses + verbs: + - list + - get + - watch - apiGroups: - autoscaling.k8s.io resources: @@ -224,6 +245,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations resourceNames: - {{ .Values.clusterAgent.admissionController.webhookName | quote }} @@ -231,6 +253,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations verbs: ["create"] - apiGroups: ["batch"] @@ -249,16 +272,17 @@ rules: - namespaces verbs: - list -{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: - "policy" resources: + - poddisruptionbudgets + {{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - podsecuritypolicies + {{- end }} verbs: - get - list - watch -{{- end }} - apiGroups: - rbac.authorization.k8s.io resources: @@ -401,3 +425,125 @@ subjects: name: {{ template "datadog.fullname" . }}-cluster-agent namespace: {{ .Release.Namespace }} {{- end -}} + +{{- if (((.Values.datadog.autoscaling).workload).enabled) }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling + namespace: {{ .Release.Namespace }} +rules: +# Access to own CRD +- apiGroups: + - "datadoghq.com" + resources: + - "datadogpodautoscalers" + - "datadogpodautoscalers/status" + verbs: + - "*" +# Scale subresource for all resources +- apiGroups: + - "*" + resources: + - "*/scale" + verbs: + - 'update' + - 'get' +# Ability to generate events +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +# Patching POD to add annotations. TODO: Remove when we have a better way to generate single event +- apiGroups: + - "" + resources: + - pods + verbs: + - patch +# Triggering rollout on Deployments +- apiGroups: + - apps + resources: + - deployments + verbs: + - patch +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +{{- end}} + +{{- if or .Values.datadog.kubernetesResourcesAnnotationsAsTags .Values.datadog.kubernetesResourcesLabelsAsTags}} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags + namespace: {{ .Release.Namespace }} + +{{- $groupedResources := dict }} +{{- $mergedResources := merge (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags) (default dict .Values.datadog.kubernetesResourcesLabelsAsTags)}} +{{- range $resource, $labels := $mergedResources }} + {{- $parts := split "." $resource }} + {{- $apiGroup := "" }} + {{- $resourceName := $resource }} + {{- if eq (len $parts) 2 }} + {{- $apiGroup = index $parts "_1" }} + {{- $resourceName = index $parts "_0" }} + {{- end }} + {{- $existing := index $groupedResources $apiGroup | default (list) }} + {{- $groupedResources = set $groupedResources $apiGroup (append $existing $resourceName) }} +{{- end }} + +rules: + +# Iterate through the apiGroups and create rules for each resource +{{- range $apiGroup, $resources := $groupedResources }} +- apiGroups: + - "{{ $apiGroup }}" + resources: + {{- range $resource := $resources }} + - {{ $resource }} + {{- end }} + verbs: + - get + - list + - watch +{{- end }} + +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +{{- end -}} \ No newline at end of file diff --git a/addons/datadog/templates/daemonset.yaml b/addons/datadog/templates/daemonset.yaml index 5aba67ff2..45dc64663 100644 --- a/addons/datadog/templates/daemonset.yaml +++ b/addons/datadog/templates/daemonset.yaml @@ -9,7 +9,6 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" {{- if .Values.agents.additionalLabels }} {{ toYaml .Values.agents.additionalLabels | indent 4 }} {{- end }} @@ -30,6 +29,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }} {{- if .Values.agents.podLabels }} {{ toYaml .Values.agents.podLabels | indent 8 }} @@ -48,6 +48,9 @@ spec: checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + checksum/otel-config: {{ include "otel-agent-config-configmap-content" . | sha256sum }} + {{- end }} {{- if .Values.agents.customAgentConfig }} checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} @@ -59,7 +62,7 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} - {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} {{- if .Values.agents.podAnnotations }} @@ -70,7 +73,7 @@ spec: shareProcessNamespace: {{ .Values.agents.shareProcessNamespace }} {{- end }} {{- if .Values.datadog.securityContext -}} - {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version ) | nindent 6 }} + {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | nindent 6 }} {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} {{- if .Values.agents.podSecurity.securityContext }} {{- if .Values.agents.podSecurity.securityContext.seLinuxOptions }} @@ -119,7 +122,7 @@ spec: {{- if eq (include "should-enable-fips" .) "true" }} {{- include "fips-proxy" . | nindent 6 }} {{- end }} - {{- if .Values.datadog.processAgent.enabled }} + {{- if eq (include "should-enable-process-agent" .) "true" }} {{- include "container-process-agent" . | nindent 6 }} {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} @@ -128,12 +131,15 @@ spec: {{- if eq (include "should-enable-security-agent" .) "true" }} {{- include "container-security-agent" . | nindent 6 }} {{- end }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + {{- include "container-otel-agent" . | nindent 6 }} + {{- end }} initContainers: {{- if eq .Values.targetSystem "windows" }} {{ include "containers-init-windows" . | nindent 6 }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} + {{- include "containers-init-linux" . | nindent 6 -}} {{- end }} {{- if and (eq (include "should-enable-system-probe" .) "true") (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 6 }} @@ -164,6 +170,14 @@ spec: {{- if eq .Values.targetSystem "linux" }} {{ include "daemonset-volumes-linux" . | nindent 6 }} {{- end }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: otelconfig + configMap: + name: {{ include "agents-install-otel-configmap-name" . }} + items: + - key: otel-config.yaml + path: otel-config.yaml + {{- end }} {{- if .Values.agents.volumes }} {{ toYaml .Values.agents.volumes | indent 6 }} {{- end }} diff --git a/addons/datadog/templates/kpi-telemetry-configmap.yaml b/addons/datadog/templates/kpi-telemetry-configmap.yaml index 1ab531945..fe46598dc 100644 --- a/addons/datadog/templates/kpi-telemetry-configmap.yaml +++ b/addons/datadog/templates/kpi-telemetry-configmap.yaml @@ -6,6 +6,11 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} data: - install_id: {{ uuidv4 | quote }} install_type: k8s_manual + {{- if .Values.datadog.apm.instrumentation.skipKPITelemetry }} + install_id: "00000000-0000-0000-0000-000000000000" + install_time: "0" + {{- else }} + install_id: {{ uuidv4 | quote }} install_time: {{ now | unixEpoch | quote }} + {{- end }} diff --git a/addons/datadog/templates/otel-configmap.yaml b/addons/datadog/templates/otel-configmap.yaml new file mode 100644 index 000000000..0e7fbb162 --- /dev/null +++ b/addons/datadog/templates/otel-configmap.yaml @@ -0,0 +1,12 @@ +{{- if eq (include "should-enable-otel-agent" .) "true" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "agents-install-otel-configmap-name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{ include "datadog.labels" . | nindent 4 }} + annotations: + checksum/otel-config: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} +data: {{ include "otel-agent-config-configmap-content" . | nindent 2 }} +{{- end }} diff --git a/addons/datadog/templates/system-probe-configmap.yaml b/addons/datadog/templates/system-probe-configmap.yaml index 233e18fda..4897b7bb9 100644 --- a/addons/datadog/templates/system-probe-configmap.yaml +++ b/addons/datadog/templates/system-probe-configmap.yaml @@ -46,6 +46,7 @@ data: runtime_security_config: enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} fim_enabled: {{ $.Values.datadog.securityAgent.runtime.fimEnabled }} + use_secruntime_track: {{ $.Values.datadog.securityAgent.runtime.useSecruntimeTrack }} socket: /var/run/sysprobe/runtime-security.sock policies: dir: /etc/datadog-agent/runtime-security.d @@ -73,7 +74,7 @@ data: anomaly_detection: enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled }} auto_suppression: - enabled: false + enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled }} {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} --- From ab20bcd7ff09f65ae50b776fb87a81036dc319d2 Mon Sep 17 00:00:00 2001 From: Rudi MK Date: Wed, 20 Nov 2024 06:35:20 +0000 Subject: [PATCH 2/4] Bumped up the nri-bundle chart to 5.0.102. --- addons/nri-bundle-deprecated/.helmignore | 22 - addons/nri-bundle-deprecated/Chart.lock | 36 - addons/nri-bundle-deprecated/Chart.yaml | 96 - addons/nri-bundle-deprecated/README.md | 204 - addons/nri-bundle-deprecated/README.md.gotmpl | 5 - .../charts/common/.helmignore | 23 - .../charts/common/Chart.yaml | 27 - .../charts/common/DEVELOPERS.md | 620 -- .../charts/common/README.md | 106 - .../charts/common/templates/_affinity.tpl | 10 - .../charts/common/templates/_agent-config.tpl | 26 - .../charts/common/templates/_cluster.tpl | 15 - .../common/templates/_custom-attributes.tpl | 17 - .../charts/common/templates/_dnsconfig.tpl | 10 - .../charts/common/templates/_fedramp.tpl | 25 - .../charts/common/templates/_hostnetwork.tpl | 39 - .../charts/common/templates/_images.tpl | 94 - .../charts/common/templates/_labels.tpl | 54 - .../charts/common/templates/_license.tpl | 55 - .../common/templates/_license_secret.yaml.tpl | 21 - .../common/templates/_low-data-mode.tpl | 26 - .../charts/common/templates/_naming.tpl | 73 - .../charts/common/templates/_nodeselector.tpl | 10 - .../common/templates/_priority-class-name.tpl | 10 - .../charts/common/templates/_privileged.tpl | 28 - .../charts/common/templates/_proxy.tpl | 10 - .../common/templates/_security-context.tpl | 23 - .../common/templates/_serviceaccount.tpl | 90 - .../charts/common/templates/_staging.tpl | 39 - .../charts/common/templates/_tolerations.tpl | 10 - .../charts/common/templates/_verbose-log.tpl | 54 - .../charts/common/values.yaml | 1 - .../charts/kube-state-metrics/.helmignore | 21 - .../charts/kube-state-metrics/Chart.yaml | 21 - .../charts/kube-state-metrics/README.md | 85 - .../kube-state-metrics/templates/NOTES.txt | 23 - .../kube-state-metrics/templates/_helpers.tpl | 156 - .../templates/ciliumnetworkpolicy.yaml | 33 - .../templates/clusterrolebinding.yaml | 20 - .../templates/deployment.yaml | 265 - .../templates/kubeconfig-secret.yaml | 12 - .../templates/networkpolicy.yaml | 43 - .../kube-state-metrics/templates/pdb.yaml | 18 - .../templates/podsecuritypolicy.yaml | 39 - .../templates/psp-clusterrole.yaml | 19 - .../templates/psp-clusterrolebinding.yaml | 16 - .../templates/rbac-configmap.yaml | 15 - .../kube-state-metrics/templates/role.yaml | 206 - .../templates/rolebinding.yaml | 24 - .../kube-state-metrics/templates/service.yaml | 49 - .../templates/serviceaccount.yaml | 15 - .../templates/servicemonitor.yaml | 100 - .../templates/stsdiscovery-role.yaml | 26 - .../templates/stsdiscovery-rolebinding.yaml | 17 - .../templates/verticalpodautoscaler.yaml | 34 - .../charts/kube-state-metrics/values.yaml | 410 - .../newrelic-infra-operator/.helmignore | 1 - .../charts/newrelic-infra-operator/Chart.lock | 6 - .../charts/newrelic-infra-operator/Chart.yaml | 39 - .../charts/newrelic-infra-operator/README.md | 114 - .../newrelic-infra-operator/README.md.gotmpl | 77 - .../ci/test-values.yaml | 39 - .../templates/NOTES.txt | 4 - .../templates/_helpers.tpl | 135 - .../admission-webhooks/job-patch/README.md | 3 - .../job-patch/clusterrole.yaml | 27 - .../job-patch/clusterrolebinding.yaml | 20 - .../job-patch/job-createSecret.yaml | 58 - .../job-patch/job-patchWebhook.yaml | 58 - .../admission-webhooks/job-patch/psp.yaml | 50 - .../admission-webhooks/job-patch/role.yaml | 21 - .../job-patch/rolebinding.yaml | 21 - .../job-patch/serviceaccount.yaml | 14 - .../mutatingWebhookConfiguration.yaml | 32 - .../templates/cert-manager.yaml | 52 - .../templates/clusterrole.yaml | 39 - .../templates/clusterrolebinding.yaml | 26 - .../templates/configmap.yaml | 9 - .../templates/deployment.yaml | 93 - .../templates/secret.yaml | 2 - .../templates/service.yaml | 13 - .../templates/serviceaccount.yaml | 13 - .../tests/job_patch_psp_test.yaml | 23 - .../tests/job_serviceaccount_test.yaml | 41 - .../tests/rbac_test.yaml | 41 - .../newrelic-infra-operator/values.yaml | 215 - .../newrelic-infrastructure/.helmignore | 1 - .../charts/newrelic-infrastructure/Chart.lock | 6 - .../charts/newrelic-infrastructure/Chart.yaml | 42 - .../charts/newrelic-infrastructure/README.md | 226 - .../newrelic-infrastructure/README.md.gotmpl | 137 - .../test-cplane-kind-deployment-values.yaml | 135 - .../ci/test-values.yaml | 134 - .../templates/NOTES.txt | 131 - .../templates/_helpers.tpl | 118 - .../templates/_helpers_compatibility.tpl | 202 - .../templates/clusterrole.yaml | 34 - .../templates/clusterrolebinding.yaml | 16 - .../controlplane/_affinity_helper.tpl | 11 - .../controlplane/_agent-config_helper.tpl | 20 - .../templates/controlplane/_host_network.tpl | 22 - .../templates/controlplane/_naming.tpl | 16 - .../templates/controlplane/_rbac.tpl | 40 - .../controlplane/_tolerations_helper.tpl | 11 - .../controlplane/agent-configmap.yaml | 18 - .../templates/controlplane/clusterrole.yaml | 47 - .../controlplane/clusterrolebinding.yaml | 16 - .../templates/controlplane/daemonset.yaml | 204 - .../templates/controlplane/rolebinding.yaml | 21 - .../controlplane/scraper-configmap.yaml | 36 - .../controlplane/serviceaccount.yaml | 13 - .../templates/ksm/_affinity_helper.tpl | 14 - .../templates/ksm/_agent-config_helper.tpl | 20 - .../templates/ksm/_host_network.tpl | 22 - .../templates/ksm/_naming.tpl | 8 - .../templates/ksm/_tolerations_helper.tpl | 11 - .../templates/ksm/agent-configmap.yaml | 18 - .../templates/ksm/deployment.yaml | 191 - .../templates/ksm/scraper-configmap.yaml | 15 - .../templates/kubelet/_affinity_helper.tpl | 33 - .../kubelet/_agent-config_helper.tpl | 31 - .../templates/kubelet/_host_network.tpl | 22 - .../templates/kubelet/_naming.tpl | 12 - .../kubelet/_security_context_helper.tpl | 32 - .../templates/kubelet/_tolerations_helper.tpl | 11 - .../templates/kubelet/agent-configmap.yaml | 18 - .../templates/kubelet/daemonset.yaml | 258 - .../kubelet/integrations-configmap.yaml | 72 - .../templates/kubelet/scraper-configmap.yaml | 18 - .../templates/podsecuritypolicy.yaml | 26 - .../templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 13 - .../tests/affinity_controlPlane_test.yaml | 162 - .../tests/affinity_ksm_test.yaml | 178 - .../tests/affinity_kubelet_test.yaml | 158 - .../tests/annotations_test.yaml | 130 - .../tests/configmap_cp_agent_test.yaml | 198 - .../tests/configmap_cp_scraper_test.yaml | 168 - .../tests/configmap_integrations_test.yaml | 234 - .../tests/configmap_ksm_agent_test.yaml | 166 - .../tests/configmap_ksm_scraper_test.yaml | 110 - .../tests/configmap_kubelet_agent_test.yaml | 248 - .../tests/controlplane_rbac_test.yaml | 47 - .../controlplane_serviceAccount_test.yaml | 46 - .../tests/controlplane_strategy_test.yaml | 91 - .../tests/disable_dns_test.yaml | 29 - .../tests/hostNetwork_test.yaml | 200 - .../tests/hostname_override_test.yaml | 33 - .../tests/initContainers_test.yaml | 96 - .../tests/interval_override_test.yaml | 18 - .../tests/interval_test.yaml | 34 - .../tests/nodeSelectors_test.yaml | 165 - .../tests/podName_test.yaml | 50 - .../tests/roleBinding_control_plane_test.yaml | 84 - .../tests/securityContext_test.yaml | 197 - .../tests/serviceaccount_create_test.yaml | 92 - .../tests/tolerations_controlPlane_test.yaml | 148 - .../tests/tolerations_ksm_test.yaml | 145 - .../tests/tolerations_kubelet_test.yaml | 152 - .../unprivileged_override_host_root_test.yaml | 33 - .../newrelic-infrastructure/values.yaml | 602 -- .../newrelic-k8s-metrics-adapter/.helmignore | 25 - .../newrelic-k8s-metrics-adapter/Chart.lock | 6 - .../newrelic-k8s-metrics-adapter/Chart.yaml | 41 - .../newrelic-k8s-metrics-adapter/README.md | 144 - .../README.md.gotmpl | 107 - .../ci/test-values.yaml | 13 - .../templates/_helpers.tpl | 57 - .../templates/adapter-clusterrolebinding.yaml | 14 - .../templates/adapter-rolebinding.yaml | 15 - .../templates/apiservice/apiservice.yaml | 19 - .../apiservice/job-patch/clusterrole.yaml | 26 - .../job-patch/clusterrolebinding.yaml | 19 - .../job-patch/job-createSecret.yaml | 56 - .../job-patch/job-patchAPIService.yaml | 54 - .../templates/apiservice/job-patch/psp.yaml | 49 - .../templates/apiservice/job-patch/role.yaml | 20 - .../apiservice/job-patch/rolebinding.yaml | 20 - .../apiservice/job-patch/serviceaccount.yaml | 18 - .../templates/configmap.yaml | 18 - .../templates/deployment.yaml | 114 - .../templates/hpa-clusterrole.yaml | 15 - .../templates/hpa-clusterrolebinding.yaml | 14 - .../templates/secret.yaml | 10 - .../templates/service.yaml | 13 - .../templates/serviceaccount.yaml | 13 - .../tests/apiservice_test.yaml | 22 - .../tests/common_extra_naming_test.yaml | 27 - .../tests/configmap_test.yaml | 98 - .../tests/deployment_test.yaml | 68 - .../tests/hpa_clusterrolebinding_test.yaml | 18 - .../job_patch_cluster_rolebinding_test.yaml | 22 - .../tests/job_patch_clusterrole_test.yaml | 20 - .../tests/job_patch_common_test.yaml | 27 - .../job_patch_job_createsecret_test.yaml | 47 - .../job_patch_job_patchapiservice_test.yaml | 56 - .../tests/job_serviceaccount_test.yaml | 50 - .../tests/rbac_test.yaml | 50 - .../newrelic-k8s-metrics-adapter/values.yaml | 152 - .../charts/newrelic-logging/Chart.lock | 6 - .../charts/newrelic-logging/Chart.yaml | 19 - .../charts/newrelic-logging/README.md | 227 - .../ci/test-enable-windows-values.yaml | 2 - .../ci/test-lowdatamode-values.yaml | 1 - .../ci/test-override-global-lowdatamode.yaml | 3 - .../ci/test-staging-values.yaml | 1 - .../ci/test-with-empty-global.yaml | 1 - .../ci/test-with-empty-values.yaml | 0 .../charts/newrelic-logging/k8s/README.md | 63 - .../newrelic-logging/k8s/fluent-conf.yml | 69 - .../k8s/new-relic-fluent-plugin.yml | 70 - .../charts/newrelic-logging/k8s/rbac.yml | 31 - .../newrelic-logging/templates/NOTES.txt | 18 - .../newrelic-logging/templates/_helpers.tpl | 187 - .../templates/clusterrole.yaml | 23 - .../templates/clusterrolebinding.yaml | 15 - .../newrelic-logging/templates/configmap.yaml | 35 - .../templates/daemonset-windows.yaml | 151 - .../newrelic-logging/templates/daemonset.yaml | 171 - .../templates/podsecuritypolicy.yaml | 25 - .../newrelic-logging/templates/secret.yaml | 12 - .../templates/serviceaccount.yaml | 17 - .../newrelic-logging/tests/rbac_test.yaml | 48 - .../charts/newrelic-logging/values.yaml | 289 - .../charts/newrelic-pixie/Chart.yaml | 24 - .../charts/newrelic-pixie/README.md | 162 - .../charts/newrelic-pixie/ci/test-values.yaml | 5 - .../charts/newrelic-pixie/templates/NOTES.txt | 27 - .../newrelic-pixie/templates/_helpers.tpl | 172 - .../newrelic-pixie/templates/configmap.yaml | 12 - .../charts/newrelic-pixie/templates/job.yaml | 149 - .../newrelic-pixie/templates/secret.yaml | 20 - .../newrelic-pixie/tests/configmap.yaml | 44 - .../charts/newrelic-pixie/tests/jobs.yaml | 138 - .../charts/newrelic-pixie/values.yaml | 59 - .../newrelic-prometheus-agent/.helmignore | 23 - .../newrelic-prometheus-agent/CHANGELOG.md | 106 - .../newrelic-prometheus-agent/Chart.lock | 6 - .../newrelic-prometheus-agent/Chart.yaml | 36 - .../newrelic-prometheus-agent/README.md | 250 - .../README.md.gotmpl | 209 - .../ci/test-values.yaml | 6 - .../static/lowdatamodedefaults.yaml | 6 - .../static/metrictyperelabeldefaults.yaml | 17 - .../templates/_helpers.tpl | 165 - .../templates/clusterrole.yaml | 24 - .../templates/clusterrolebinding.yaml | 16 - .../templates/configmap.yaml | 31 - .../templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 13 - .../templates/statefulset.yaml | 151 - .../tests/configmap_test.yaml | 572 -- .../tests/configurator_image_test.yaml | 32 - .../tests/integration_filters_test.yaml | 119 - .../tests/lowdatamode_configmap_test.yaml | 138 - .../newrelic-prometheus-agent/values.yaml | 472 - .../charts/nri-kube-events/Chart.lock | 6 - .../charts/nri-kube-events/Chart.yaml | 42 - .../charts/nri-kube-events/README.md | 85 - .../charts/nri-kube-events/README.md.gotmpl | 43 - .../ci/test-bare-minimum-values.yaml | 3 - .../ci/test-custom-attributes-as-map.yaml | 12 - .../ci/test-custom-attributes-as-string.yaml | 11 - .../nri-kube-events/ci/test-values.yaml | 60 - .../nri-kube-events/templates/NOTES.txt | 3 - .../nri-kube-events/templates/_helpers.tpl | 45 - .../templates/_helpers_compatibility.tpl | 262 - .../templates/agent-configmap.yaml | 12 - .../templates/clusterrole.yaml | 23 - .../templates/clusterrolebinding.yaml | 16 - .../nri-kube-events/templates/configmap.yaml | 23 - .../nri-kube-events/templates/deployment.yaml | 125 - .../nri-kube-events/templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 11 - .../tests/agent_configmap_test.yaml | 46 - .../nri-kube-events/tests/configmap_test.yaml | 139 - .../tests/deployment_test.yaml | 81 - .../nri-kube-events/tests/images_test.yaml | 168 - .../tests/security_context_test.yaml | 77 - .../charts/nri-kube-events/values.yaml | 135 - .../charts/nri-metadata-injection/.helmignore | 1 - .../charts/nri-metadata-injection/Chart.lock | 6 - .../charts/nri-metadata-injection/Chart.yaml | 43 - .../charts/nri-metadata-injection/README.md | 72 - .../nri-metadata-injection/README.md.gotmpl | 41 - .../charts/common/.helmignore | 23 - .../charts/common/Chart.yaml | 27 - .../charts/common/DEVELOPERS.md | 620 -- .../charts/common/README.md | 106 - .../charts/common/templates/_affinity.tpl | 10 - .../charts/common/templates/_agent-config.tpl | 26 - .../charts/common/templates/_cluster.tpl | 15 - .../common/templates/_custom-attributes.tpl | 17 - .../charts/common/templates/_dnsconfig.tpl | 10 - .../charts/common/templates/_fedramp.tpl | 25 - .../charts/common/templates/_hostnetwork.tpl | 39 - .../charts/common/templates/_images.tpl | 94 - .../charts/common/templates/_labels.tpl | 54 - .../charts/common/templates/_license.tpl | 55 - .../common/templates/_license_secret.yaml.tpl | 21 - .../common/templates/_low-data-mode.tpl | 26 - .../charts/common/templates/_naming.tpl | 73 - .../charts/common/templates/_nodeselector.tpl | 10 - .../common/templates/_priority-class-name.tpl | 10 - .../charts/common/templates/_privileged.tpl | 28 - .../charts/common/templates/_proxy.tpl | 10 - .../common/templates/_security-context.tpl | 23 - .../common/templates/_serviceaccount.tpl | 90 - .../charts/common/templates/_staging.tpl | 39 - .../charts/common/templates/_tolerations.tpl | 10 - .../charts/common/templates/_verbose-log.tpl | 54 - .../charts/common/values.yaml | 1 - .../ci/test-values.yaml | 5 - .../templates/NOTES.txt | 23 - .../templates/_helpers.tpl | 72 - .../job-patch/clusterrole.yaml | 27 - .../job-patch/clusterrolebinding.yaml | 20 - .../job-patch/job-createSecret.yaml | 62 - .../job-patch/job-patchWebhook.yaml | 62 - .../admission-webhooks/job-patch/psp.yaml | 50 - .../admission-webhooks/job-patch/role.yaml | 21 - .../job-patch/rolebinding.yaml | 21 - .../job-patch/serviceaccount.yaml | 14 - .../mutatingWebhookConfiguration.yaml | 35 - .../templates/cert-manager.yaml | 53 - .../templates/deployment.yaml | 86 - .../templates/service.yaml | 13 - .../tests/cluster_test.yaml | 20 - .../tests/job_serviceaccount_test.yaml | 38 - .../tests/rbac_test.yaml | 38 - .../tests/volume_mounts_test.yaml | 30 - .../charts/nri-metadata-injection/values.yaml | 98 - .../charts/nri-prometheus/.helmignore | 22 - .../charts/nri-prometheus/Chart.lock | 6 - .../charts/nri-prometheus/Chart.yaml | 39 - .../charts/nri-prometheus/README.md | 116 - .../charts/nri-prometheus/README.md.gotmpl | 83 - .../ci/test-lowdatamode-values.yaml | 9 - .../ci/test-override-global-lowdatamode.yaml | 10 - .../charts/nri-prometheus/ci/test-values.yaml | 104 - .../static/lowdatamodedefaults.yaml | 10 - .../nri-prometheus/templates/_helpers.tpl | 15 - .../nri-prometheus/templates/clusterrole.yaml | 23 - .../templates/clusterrolebinding.yaml | 16 - .../nri-prometheus/templates/configmap.yaml | 21 - .../nri-prometheus/templates/deployment.yaml | 100 - .../nri-prometheus/templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 13 - .../nri-prometheus/tests/configmap_test.yaml | 86 - .../nri-prometheus/tests/deployment_test.yaml | 82 - .../nri-prometheus/tests/labels_test.yaml | 32 - .../charts/nri-prometheus/values.yaml | 251 - .../charts/pixie-operator-chart/Chart.yaml | 4 - .../pixie-operator-chart/crds/olm_crd.yaml | 8336 ----------------- .../pixie-operator-chart/crds/vizier_crd.yaml | 283 - .../templates/00_olm.yaml | 232 - .../templates/01_px_olm.yaml | 13 - .../templates/02_catalog.yaml | 13 - .../templates/03_subscription.yaml | 11 - .../templates/04_vizier.yaml | 95 - .../templates/deleter.yaml | 25 - .../templates/deleter_role.yaml | 77 - .../charts/pixie-operator-chart/values.yaml | 69 - .../nri-bundle-deprecated/ci/test-values.yaml | 21 - addons/nri-bundle-deprecated/form.yaml | 62 - addons/nri-bundle-deprecated/values.yaml | 170 - addons/nri-bundle/Chart.lock | 29 +- addons/nri-bundle/Chart.yaml | 46 +- addons/nri-bundle/README.md | 2 + addons/nri-bundle/README.md.gotmpl | 169 +- .../charts/common-library/.helmignore | 23 - .../charts/common-library/Chart.yaml | 18 - .../charts/common-library/DEVELOPERS.md | 620 -- .../common-library/templates/_affinity.tpl | 10 - .../templates/_agent-config.tpl | 26 - .../common-library/templates/_cluster.tpl | 15 - .../templates/_custom-attributes.tpl | 17 - .../common-library/templates/_dnsconfig.tpl | 10 - .../common-library/templates/_fedramp.tpl | 25 - .../common-library/templates/_hostnetwork.tpl | 39 - .../common-library/templates/_images.tpl | 94 - .../common-library/templates/_labels.tpl | 54 - .../common-library/templates/_license.tpl | 55 - .../templates/_license_secret.yaml.tpl | 21 - .../templates/_low-data-mode.tpl | 26 - .../common-library/templates/_naming.tpl | 73 - .../templates/_nodeselector.tpl | 10 - .../templates/_priority-class-name.tpl | 10 - .../common-library/templates/_privileged.tpl | 28 - .../common-library/templates/_proxy.tpl | 10 - .../templates/_security-context.tpl | 23 - .../templates/_serviceaccount.tpl | 90 - .../common-library/templates/_staging.tpl | 39 - .../common-library/templates/_tolerations.tpl | 10 - .../common-library/templates/_verbose-log.tpl | 54 - .../charts/common-library/values.yaml | 1 - .../charts/k8s-agents-operator-0.18.0.tgz | Bin 0 -> 29884 bytes .../charts/kube-state-metrics-5.26.0.tgz | Bin 0 -> 14232 bytes .../charts/kube-state-metrics/.helmignore | 21 - .../charts/kube-state-metrics/Chart.yaml | 26 - .../kube-state-metrics/templates/NOTES.txt | 23 - .../kube-state-metrics/templates/_helpers.tpl | 156 - .../templates/ciliumnetworkpolicy.yaml | 33 - .../templates/clusterrolebinding.yaml | 20 - .../templates/crs-configmap.yaml | 16 - .../templates/deployment.yaml | 314 - .../templates/extra-manifests.yaml | 4 - .../templates/kubeconfig-secret.yaml | 12 - .../templates/networkpolicy.yaml | 43 - .../kube-state-metrics/templates/pdb.yaml | 18 - .../templates/podsecuritypolicy.yaml | 39 - .../templates/psp-clusterrole.yaml | 19 - .../templates/psp-clusterrolebinding.yaml | 16 - .../templates/rbac-configmap.yaml | 22 - .../kube-state-metrics/templates/role.yaml | 212 - .../templates/rolebinding.yaml | 24 - .../kube-state-metrics/templates/service.yaml | 49 - .../templates/serviceaccount.yaml | 17 - .../templates/servicemonitor.yaml | 120 - .../templates/stsdiscovery-role.yaml | 26 - .../templates/stsdiscovery-rolebinding.yaml | 17 - .../templates/verticalpodautoscaler.yaml | 44 - .../charts/kube-state-metrics/values.yaml | 489 - .../charts/newrelic-infra-operator-2.13.1.tgz | Bin 0 -> 24368 bytes .../newrelic-infra-operator/.helmignore | 1 - .../charts/newrelic-infra-operator/Chart.lock | 6 - .../charts/newrelic-infra-operator/Chart.yaml | 35 - .../newrelic-infra-operator/README.md.gotmpl | 77 - .../ci/test-values.yaml | 39 - .../templates/NOTES.txt | 4 - .../templates/_helpers.tpl | 136 - .../admission-webhooks/job-patch/README.md | 3 - .../job-patch/clusterrole.yaml | 27 - .../job-patch/clusterrolebinding.yaml | 20 - .../job-patch/job-createSecret.yaml | 57 - .../job-patch/job-patchWebhook.yaml | 57 - .../admission-webhooks/job-patch/psp.yaml | 50 - .../admission-webhooks/job-patch/role.yaml | 21 - .../job-patch/rolebinding.yaml | 21 - .../job-patch/serviceaccount.yaml | 14 - .../mutatingWebhookConfiguration.yaml | 32 - .../templates/cert-manager.yaml | 52 - .../templates/clusterrole.yaml | 39 - .../templates/clusterrolebinding.yaml | 26 - .../templates/configmap.yaml | 9 - .../templates/deployment.yaml | 92 - .../templates/secret.yaml | 2 - .../templates/service.yaml | 13 - .../templates/serviceaccount.yaml | 13 - .../tests/deployment_test.yaml | 32 - .../tests/job_patch_psp_test.yaml | 23 - .../tests/job_serviceaccount_test.yaml | 64 - .../tests/rbac_test.yaml | 41 - .../newrelic-infra-operator/values.yaml | 215 - .../charts/newrelic-infrastructure-3.37.0.tgz | Bin 0 -> 36752 bytes .../newrelic-infrastructure/.helmignore | 1 - .../charts/newrelic-infrastructure/Chart.lock | 6 - .../charts/newrelic-infrastructure/Chart.yaml | 26 - .../newrelic-infrastructure/README.md.gotmpl | 137 - .../test-cplane-kind-deployment-values.yaml | 135 - .../ci/test-values.yaml | 134 - .../templates/NOTES.txt | 131 - .../templates/_helpers.tpl | 118 - .../templates/_helpers_compatibility.tpl | 202 - .../templates/clusterrole.yaml | 35 - .../templates/clusterrolebinding.yaml | 16 - .../controlplane/_affinity_helper.tpl | 11 - .../controlplane/_agent-config_helper.tpl | 20 - .../templates/controlplane/_host_network.tpl | 22 - .../templates/controlplane/_naming.tpl | 16 - .../templates/controlplane/_rbac.tpl | 40 - .../controlplane/_tolerations_helper.tpl | 11 - .../controlplane/agent-configmap.yaml | 18 - .../templates/controlplane/clusterrole.yaml | 47 - .../controlplane/clusterrolebinding.yaml | 16 - .../templates/controlplane/daemonset.yaml | 205 - .../templates/controlplane/rolebinding.yaml | 21 - .../controlplane/scraper-configmap.yaml | 36 - .../controlplane/serviceaccount.yaml | 13 - .../templates/ksm/_affinity_helper.tpl | 14 - .../templates/ksm/_agent-config_helper.tpl | 20 - .../templates/ksm/_host_network.tpl | 22 - .../templates/ksm/_naming.tpl | 8 - .../templates/ksm/_tolerations_helper.tpl | 11 - .../templates/ksm/agent-configmap.yaml | 18 - .../templates/ksm/deployment.yaml | 192 - .../templates/ksm/scraper-configmap.yaml | 15 - .../templates/kubelet/_affinity_helper.tpl | 33 - .../kubelet/_agent-config_helper.tpl | 31 - .../templates/kubelet/_host_network.tpl | 22 - .../templates/kubelet/_naming.tpl | 12 - .../kubelet/_security_context_helper.tpl | 32 - .../templates/kubelet/_tolerations_helper.tpl | 11 - .../templates/kubelet/agent-configmap.yaml | 18 - .../templates/kubelet/daemonset.yaml | 264 - .../kubelet/integrations-configmap.yaml | 72 - .../templates/kubelet/scraper-configmap.yaml | 18 - .../templates/podsecuritypolicy.yaml | 26 - .../templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 13 - .../tests/affinity_controlPlane_test.yaml | 162 - .../tests/affinity_ksm_test.yaml | 178 - .../tests/affinity_kubelet_test.yaml | 158 - .../tests/annotations_test.yaml | 130 - .../tests/configmap_cp_agent_test.yaml | 198 - .../tests/configmap_cp_scraper_test.yaml | 168 - .../tests/configmap_integrations_test.yaml | 234 - .../tests/configmap_ksm_agent_test.yaml | 166 - .../tests/configmap_ksm_scraper_test.yaml | 110 - .../tests/configmap_kubelet_agent_test.yaml | 248 - .../tests/controlplane_rbac_test.yaml | 47 - .../controlplane_serviceAccount_test.yaml | 46 - .../tests/controlplane_strategy_test.yaml | 91 - .../tests/disable_dns_test.yaml | 29 - .../tests/hostNetwork_test.yaml | 200 - .../tests/hostname_override_test.yaml | 33 - .../tests/initContainers_test.yaml | 96 - .../tests/interval_override_test.yaml | 18 - .../tests/interval_test.yaml | 34 - .../tests/nodeSelectors_test.yaml | 183 - .../tests/podName_test.yaml | 50 - .../tests/roleBinding_control_plane_test.yaml | 84 - .../tests/securityContext_test.yaml | 197 - .../tests/serviceaccount_create_test.yaml | 92 - .../tests/tolerations_controlPlane_test.yaml | 148 - .../tests/tolerations_ksm_test.yaml | 145 - .../tests/tolerations_kubelet_test.yaml | 152 - .../unprivileged_override_host_root_test.yaml | 33 - .../newrelic-infrastructure/values.yaml | 602 -- .../newrelic-k8s-metrics-adapter-1.13.1.tgz | Bin 0 -> 24761 bytes .../newrelic-k8s-metrics-adapter/.helmignore | 25 - .../newrelic-k8s-metrics-adapter/Chart.lock | 6 - .../newrelic-k8s-metrics-adapter/Chart.yaml | 26 - .../README.md.gotmpl | 107 - .../ci/test-values.yaml | 14 - .../templates/_helpers.tpl | 57 - .../templates/adapter-clusterrolebinding.yaml | 14 - .../templates/adapter-rolebinding.yaml | 15 - .../templates/apiservice/apiservice.yaml | 19 - .../templates/apiservice/job-patch/README.md | 3 - .../apiservice/job-patch/clusterrole.yaml | 26 - .../job-patch/clusterrolebinding.yaml | 19 - .../job-patch/job-createSecret.yaml | 55 - .../job-patch/job-patchAPIService.yaml | 53 - .../templates/apiservice/job-patch/psp.yaml | 49 - .../templates/apiservice/job-patch/role.yaml | 20 - .../apiservice/job-patch/rolebinding.yaml | 20 - .../apiservice/job-patch/serviceaccount.yaml | 18 - .../templates/configmap.yaml | 19 - .../templates/deployment.yaml | 113 - .../templates/hpa-clusterrole.yaml | 15 - .../templates/hpa-clusterrolebinding.yaml | 14 - .../templates/secret.yaml | 10 - .../templates/service.yaml | 13 - .../templates/serviceaccount.yaml | 13 - .../tests/apiservice_test.yaml | 22 - .../tests/common_extra_naming_test.yaml | 27 - .../tests/configmap_test.yaml | 104 - .../tests/deployment_test.yaml | 99 - .../tests/hpa_clusterrolebinding_test.yaml | 18 - .../job_patch_cluster_rolebinding_test.yaml | 22 - .../tests/job_patch_clusterrole_test.yaml | 20 - .../tests/job_patch_common_test.yaml | 27 - .../job_patch_job_createsecret_test.yaml | 47 - .../job_patch_job_patchapiservice_test.yaml | 56 - .../tests/job_serviceaccount_test.yaml | 79 - .../tests/rbac_test.yaml | 50 - .../newrelic-k8s-metrics-adapter/values.yaml | 156 - .../charts/newrelic-logging-1.23.5.tgz | Bin 0 -> 39503 bytes .../charts/newrelic-logging/Chart.lock | 6 - .../charts/newrelic-logging/Chart.yaml | 19 - .../ci/test-enable-windows-values.yaml | 2 - .../ci/test-lowdatamode-values.yaml | 1 - .../ci/test-override-global-lowdatamode.yaml | 3 - .../ci/test-staging-values.yaml | 1 - .../ci/test-with-empty-global.yaml | 1 - .../ci/test-with-empty-values.yaml | 0 .../newrelic-logging/templates/NOTES.txt | 18 - .../newrelic-logging/templates/_helpers.tpl | 215 - .../templates/clusterrole.yaml | 23 - .../templates/clusterrolebinding.yaml | 15 - .../newrelic-logging/templates/configmap.yaml | 38 - .../templates/daemonset-windows.yaml | 171 - .../newrelic-logging/templates/daemonset.yaml | 208 - .../templates/persistentvolume.yaml | 57 - .../templates/podsecuritypolicy.yaml | 24 - .../newrelic-logging/templates/secret.yaml | 12 - .../templates/serviceaccount.yaml | 17 - .../tests/cri_parser_test.yaml | 37 - .../tests/dns_config_test.yaml | 62 - .../tests/endpoint_region_selection_test.yaml | 128 - .../tests/fluentbit_persistence_test.yaml | 317 - .../tests/fluentbit_sendmetrics_test.yaml | 74 - .../newrelic-logging/tests/images_test.yaml | 96 - .../tests/linux_volume_mount_test.yaml | 37 - .../newrelic-logging/tests/rbac_test.yaml | 48 - .../charts/newrelic-logging/values.yaml | 357 - .../charts/newrelic-pixie-2.1.6.tgz | Bin 0 -> 7472 bytes .../charts/newrelic-pixie/Chart.yaml | 19 - .../charts/newrelic-pixie/ci/test-values.yaml | 5 - .../charts/newrelic-pixie/templates/NOTES.txt | 27 - .../newrelic-pixie/templates/_helpers.tpl | 172 - .../newrelic-pixie/templates/configmap.yaml | 12 - .../charts/newrelic-pixie/templates/job.yaml | 164 - .../newrelic-pixie/templates/secret.yaml | 20 - .../newrelic-pixie/tests/configmap.yaml | 44 - .../charts/newrelic-pixie/tests/jobs.yaml | 138 - .../charts/newrelic-pixie/values.yaml | 70 - .../newrelic-prometheus-agent-1.15.2.tgz | Bin 0 -> 30060 bytes .../newrelic-prometheus-agent/.helmignore | 23 - .../newrelic-prometheus-agent/Chart.lock | 6 - .../newrelic-prometheus-agent/Chart.yaml | 24 - .../README.md.gotmpl | 209 - .../ci/test-values.yaml | 6 - .../static/lowdatamodedefaults.yaml | 6 - .../static/metrictyperelabeldefaults.yaml | 17 - .../templates/_helpers.tpl | 165 - .../templates/clusterrole.yaml | 24 - .../templates/clusterrolebinding.yaml | 16 - .../templates/configmap.yaml | 31 - .../templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 13 - .../templates/statefulset.yaml | 153 - .../tests/configmap_test.yaml | 572 -- .../tests/configurator_image_test.yaml | 57 - .../tests/integration_filters_test.yaml | 119 - .../tests/lowdatamode_configmap_test.yaml | 138 - .../newrelic-prometheus-agent/values.yaml | 473 - .../charts/nri-kube-events-3.11.2.tgz | Bin 0 -> 22771 bytes .../charts/nri-kube-events/Chart.lock | 6 - .../charts/nri-kube-events/Chart.yaml | 26 - .../charts/nri-kube-events/README.md.gotmpl | 43 - .../ci/test-bare-minimum-values.yaml | 3 - .../ci/test-custom-attributes-as-map.yaml | 12 - .../ci/test-custom-attributes-as-string.yaml | 11 - .../nri-kube-events/ci/test-values.yaml | 60 - .../nri-kube-events/templates/NOTES.txt | 3 - .../nri-kube-events/templates/_helpers.tpl | 45 - .../templates/_helpers_compatibility.tpl | 262 - .../templates/agent-configmap.yaml | 12 - .../templates/clusterrole.yaml | 42 - .../templates/clusterrolebinding.yaml | 16 - .../nri-kube-events/templates/configmap.yaml | 23 - .../nri-kube-events/templates/deployment.yaml | 124 - .../nri-kube-events/templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 11 - .../tests/agent_configmap_test.yaml | 46 - .../nri-kube-events/tests/configmap_test.yaml | 139 - .../tests/deployment_test.yaml | 104 - .../nri-kube-events/tests/images_test.yaml | 168 - .../tests/security_context_test.yaml | 77 - .../charts/nri-kube-events/values.yaml | 135 - .../charts/nri-metadata-injection-4.22.2.tgz | Bin 0 -> 21271 bytes .../charts/nri-metadata-injection/.helmignore | 1 - .../charts/nri-metadata-injection/Chart.lock | 6 - .../charts/nri-metadata-injection/Chart.yaml | 25 - .../nri-metadata-injection/README.md.gotmpl | 41 - .../ci/test-values.yaml | 5 - .../templates/NOTES.txt | 23 - .../templates/_helpers.tpl | 72 - .../job-patch/clusterrole.yaml | 27 - .../job-patch/clusterrolebinding.yaml | 20 - .../job-patch/job-createSecret.yaml | 61 - .../job-patch/job-patchWebhook.yaml | 61 - .../admission-webhooks/job-patch/psp.yaml | 50 - .../admission-webhooks/job-patch/role.yaml | 21 - .../job-patch/rolebinding.yaml | 21 - .../job-patch/serviceaccount.yaml | 14 - .../mutatingWebhookConfiguration.yaml | 36 - .../templates/cert-manager.yaml | 53 - .../templates/deployment.yaml | 85 - .../templates/service.yaml | 13 - .../tests/cluster_test.yaml | 39 - .../tests/job_serviceaccount_test.yaml | 59 - .../tests/rbac_test.yaml | 38 - .../tests/volume_mounts_test.yaml | 30 - .../charts/nri-metadata-injection/values.yaml | 102 - .../charts/nri-prometheus-2.1.19.tgz | Bin 0 -> 22390 bytes .../charts/nri-prometheus/.helmignore | 22 - .../charts/nri-prometheus/Chart.lock | 6 - .../charts/nri-prometheus/Chart.yaml | 39 - .../charts/nri-prometheus/README.md.gotmpl | 83 - .../ci/test-lowdatamode-values.yaml | 9 - .../ci/test-override-global-lowdatamode.yaml | 10 - .../charts/nri-prometheus/ci/test-values.yaml | 104 - .../static/lowdatamodedefaults.yaml | 10 - .../nri-prometheus/templates/_helpers.tpl | 15 - .../nri-prometheus/templates/clusterrole.yaml | 23 - .../templates/clusterrolebinding.yaml | 16 - .../nri-prometheus/templates/configmap.yaml | 21 - .../nri-prometheus/templates/deployment.yaml | 100 - .../nri-prometheus/templates/secret.yaml | 2 - .../templates/serviceaccount.yaml | 13 - .../nri-prometheus/tests/configmap_test.yaml | 86 - .../nri-prometheus/tests/deployment_test.yaml | 82 - .../nri-prometheus/tests/labels_test.yaml | 32 - .../charts/nri-prometheus/values.yaml | 251 - .../charts/pixie-operator-chart-0.1.6.tgz | Bin 0 -> 99022 bytes .../charts/pixie-operator-chart/Chart.yaml | 4 - .../pixie-operator-chart/crds/olm_crd.yaml | 8336 ----------------- .../pixie-operator-chart/crds/vizier_crd.yaml | 304 - .../templates/00_olm.yaml | 232 - .../templates/01_px_olm.yaml | 13 - .../templates/02_catalog.yaml | 37 - .../templates/03_subscription.yaml | 11 - .../templates/04_vizier.yaml | 95 - .../templates/deleter.yaml | 25 - .../templates/deleter_role.yaml | 77 - .../charts/pixie-operator-chart/values.yaml | 74 - addons/nri-bundle/form.yaml | 62 - addons/nri-bundle/values.yaml | 4 + 711 files changed, 220 insertions(+), 61329 deletions(-) delete mode 100644 addons/nri-bundle-deprecated/.helmignore delete mode 100644 addons/nri-bundle-deprecated/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/README.md delete mode 100644 addons/nri-bundle-deprecated/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/common/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/common/DEVELOPERS.md delete mode 100644 addons/nri-bundle-deprecated/charts/common/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_affinity.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_agent-config.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_cluster.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_custom-attributes.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_dnsconfig.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_fedramp.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_hostnetwork.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_images.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_labels.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_license.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_license_secret.yaml.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_low-data-mode.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_naming.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_nodeselector.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_priority-class-name.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_privileged.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_proxy.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_security-context.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_serviceaccount.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_staging.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_tolerations.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/templates/_verbose-log.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/common/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/NOTES.txt delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/deployment.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/kubeconfig-secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/networkpolicy.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/pdb.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rbac-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/role.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/service.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/kube-state-metrics/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/NOTES.txt delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-createSecret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-patchWebhook.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/psp.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/role.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/rolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/mutatingWebhookConfiguration.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/cert-manager.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/deployment.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/service.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_patch_psp_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_serviceaccount_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infra-operator/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-cplane-kind-deployment-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/NOTES.txt delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers_compatibility.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_affinity_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_agent-config_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_host_network.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_naming.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_rbac.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_tolerations_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/agent-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/daemonset.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/rolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/scraper-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_affinity_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_agent-config_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_host_network.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_naming.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_tolerations_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/agent-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/deployment.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/scraper-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_affinity_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_agent-config_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_host_network.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_naming.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_security_context_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_tolerations_helper.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/agent-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/integrations-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/scraper-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/podsecuritypolicy.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_controlPlane_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_ksm_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_kubelet_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/annotations_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_agent_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_scraper_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_integrations_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_agent_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_scraper_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_kubelet_agent_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_rbac_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_serviceAccount_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_strategy_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/disable_dns_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostNetwork_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostname_override_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/initContainers_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_override_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/nodeSelectors_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/podName_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/roleBinding_control_plane_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/securityContext_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/serviceaccount_create_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_controlPlane_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_ksm_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_kubelet_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/unprivileged_override_host_root_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-infrastructure/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-rolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/apiservice.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-createSecret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-patchAPIService.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/psp.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/role.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/rolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/deployment.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/service.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/apiservice_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/common_extra_naming_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/deployment_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/hpa_clusterrolebinding_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_cluster_rolebinding_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_clusterrole_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_common_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_createsecret_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_patchapiservice_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_serviceaccount_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-enable-windows-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-lowdatamode-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-override-global-lowdatamode.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-staging-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-with-empty-global.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-with-empty-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/k8s/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/k8s/fluent-conf.yml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/k8s/new-relic-fluent-plugin.yml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/k8s/rbac.yml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/NOTES.txt delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/daemonset-windows.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/daemonset.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/podsecuritypolicy.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-logging/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/templates/NOTES.txt delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/templates/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/templates/job.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/tests/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/tests/jobs.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-pixie/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/CHANGELOG.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/static/lowdatamodedefaults.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/static/metrictyperelabeldefaults.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/templates/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/templates/statefulset.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/tests/configurator_image_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/tests/integration_filters_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/tests/lowdatamode_configmap_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/newrelic-prometheus-agent/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/ci/test-bare-minimum-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/ci/test-custom-attributes-as-map.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/ci/test-custom-attributes-as-string.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/NOTES.txt delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/_helpers_compatibility.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/agent-configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/deployment.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/tests/agent_configmap_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/tests/deployment_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/tests/images_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/tests/security_context_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-kube-events/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/DEVELOPERS.md delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_affinity.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_agent-config.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_cluster.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_custom-attributes.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_dnsconfig.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_fedramp.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_hostnetwork.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_images.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_labels.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_license.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_license_secret.yaml.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_low-data-mode.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_naming.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_nodeselector.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_priority-class-name.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_privileged.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_proxy.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_security-context.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_serviceaccount.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_staging.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_tolerations.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/templates/_verbose-log.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/charts/common/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/NOTES.txt delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-createSecret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-patchWebhook.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/psp.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/role.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/rolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/cert-manager.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/deployment.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/templates/service.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/tests/cluster_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/tests/job_serviceaccount_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/tests/volume_mounts_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-metadata-injection/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/.helmignore delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/Chart.lock delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/README.md delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/README.md.gotmpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/ci/test-lowdatamode-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/ci/test-override-global-lowdatamode.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/static/lowdatamodedefaults.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/templates/_helpers.tpl delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/templates/configmap.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/templates/deployment.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/templates/secret.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/tests/deployment_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/tests/labels_test.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/nri-prometheus/values.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/Chart.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/crds/olm_crd.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/crds/vizier_crd.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/templates/00_olm.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/templates/01_px_olm.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/templates/02_catalog.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/templates/03_subscription.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/templates/04_vizier.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/templates/deleter.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/templates/deleter_role.yaml delete mode 100644 addons/nri-bundle-deprecated/charts/pixie-operator-chart/values.yaml delete mode 100644 addons/nri-bundle-deprecated/ci/test-values.yaml delete mode 100644 addons/nri-bundle-deprecated/form.yaml delete mode 100644 addons/nri-bundle-deprecated/values.yaml delete mode 100644 addons/nri-bundle/charts/common-library/.helmignore delete mode 100644 addons/nri-bundle/charts/common-library/Chart.yaml delete mode 100644 addons/nri-bundle/charts/common-library/DEVELOPERS.md delete mode 100644 addons/nri-bundle/charts/common-library/templates/_affinity.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_agent-config.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_cluster.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_custom-attributes.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_dnsconfig.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_fedramp.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_hostnetwork.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_images.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_labels.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_license.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_license_secret.yaml.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_low-data-mode.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_naming.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_nodeselector.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_priority-class-name.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_privileged.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_proxy.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_security-context.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_serviceaccount.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_staging.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_tolerations.tpl delete mode 100644 addons/nri-bundle/charts/common-library/templates/_verbose-log.tpl delete mode 100644 addons/nri-bundle/charts/common-library/values.yaml create mode 100644 addons/nri-bundle/charts/k8s-agents-operator-0.18.0.tgz create mode 100644 addons/nri-bundle/charts/kube-state-metrics-5.26.0.tgz delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/.helmignore delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/Chart.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/NOTES.txt delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/crs-configmap.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/deployment.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/extra-manifests.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/kubeconfig-secret.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/networkpolicy.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/pdb.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/rbac-configmap.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/role.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/rolebinding.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/service.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml delete mode 100644 addons/nri-bundle/charts/kube-state-metrics/values.yaml create mode 100644 addons/nri-bundle/charts/newrelic-infra-operator-2.13.1.tgz delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/.helmignore delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/Chart.lock delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/Chart.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/README.md.gotmpl delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/NOTES.txt delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/README.md delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-createSecret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-patchWebhook.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/psp.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/role.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/rolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/admission-webhooks/mutatingWebhookConfiguration.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/cert-manager.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/deployment.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/service.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/tests/deployment_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/tests/job_patch_psp_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/tests/job_serviceaccount_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infra-operator/values.yaml create mode 100644 addons/nri-bundle/charts/newrelic-infrastructure-3.37.0.tgz delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/.helmignore delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/Chart.lock delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/Chart.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/README.md.gotmpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/ci/test-cplane-kind-deployment-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/NOTES.txt delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/_helpers_compatibility.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/_affinity_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/_agent-config_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/_host_network.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/_naming.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/_rbac.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/_tolerations_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/agent-configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/daemonset.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/rolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/scraper-configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/controlplane/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/_affinity_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/_agent-config_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/_host_network.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/_naming.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/_tolerations_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/agent-configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/deployment.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/ksm/scraper-configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/_affinity_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/_agent-config_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/_host_network.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/_naming.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/_security_context_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/_tolerations_helper.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/agent-configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/integrations-configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/scraper-configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/podsecuritypolicy.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/affinity_controlPlane_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/affinity_ksm_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/affinity_kubelet_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/annotations_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/configmap_cp_agent_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/configmap_cp_scraper_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/configmap_integrations_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/configmap_ksm_agent_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/configmap_ksm_scraper_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/configmap_kubelet_agent_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/controlplane_rbac_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/controlplane_serviceAccount_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/controlplane_strategy_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/disable_dns_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/hostNetwork_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/hostname_override_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/initContainers_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/interval_override_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/interval_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/nodeSelectors_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/podName_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/roleBinding_control_plane_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/securityContext_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/serviceaccount_create_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/tolerations_controlPlane_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/tolerations_ksm_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/tolerations_kubelet_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/tests/unprivileged_override_host_root_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-infrastructure/values.yaml create mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter-1.13.1.tgz delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/.helmignore delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.lock delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/adapter-clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/adapter-rolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/apiservice.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/README.md delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-createSecret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-patchAPIService.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/psp.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/role.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/rolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/deployment.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/service.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/apiservice_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/common_extra_naming_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/deployment_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/hpa_clusterrolebinding_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/job_patch_cluster_rolebinding_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/job_patch_clusterrole_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/job_patch_common_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_createsecret_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_patchapiservice_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/job_serviceaccount_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-k8s-metrics-adapter/values.yaml create mode 100644 addons/nri-bundle/charts/newrelic-logging-1.23.5.tgz delete mode 100644 addons/nri-bundle/charts/newrelic-logging/Chart.lock delete mode 100644 addons/nri-bundle/charts/newrelic-logging/Chart.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/ci/test-enable-windows-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/ci/test-lowdatamode-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/ci/test-override-global-lowdatamode.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/ci/test-staging-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/ci/test-with-empty-global.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/ci/test-with-empty-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/NOTES.txt delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/daemonset-windows.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/daemonset.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/persistentvolume.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/podsecuritypolicy.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/cri_parser_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/dns_config_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/endpoint_region_selection_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/fluentbit_persistence_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/fluentbit_sendmetrics_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/images_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/linux_volume_mount_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-logging/values.yaml create mode 100644 addons/nri-bundle/charts/newrelic-pixie-2.1.6.tgz delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/Chart.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/templates/NOTES.txt delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/templates/configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/templates/job.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/tests/configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/tests/jobs.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-pixie/values.yaml create mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent-1.15.2.tgz delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/.helmignore delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/Chart.lock delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/README.md.gotmpl delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/static/lowdatamodedefaults.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/static/metrictyperelabeldefaults.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/templates/configmap.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/templates/statefulset.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/tests/configurator_image_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/tests/integration_filters_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/tests/lowdatamode_configmap_test.yaml delete mode 100644 addons/nri-bundle/charts/newrelic-prometheus-agent/values.yaml create mode 100644 addons/nri-bundle/charts/nri-kube-events-3.11.2.tgz delete mode 100644 addons/nri-bundle/charts/nri-kube-events/Chart.lock delete mode 100644 addons/nri-bundle/charts/nri-kube-events/Chart.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/README.md.gotmpl delete mode 100644 addons/nri-bundle/charts/nri-kube-events/ci/test-bare-minimum-values.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/ci/test-custom-attributes-as-map.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/ci/test-custom-attributes-as-string.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/NOTES.txt delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/_helpers_compatibility.tpl delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/agent-configmap.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/configmap.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/deployment.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/tests/agent_configmap_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/tests/deployment_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/tests/images_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/tests/security_context_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-kube-events/values.yaml create mode 100644 addons/nri-bundle/charts/nri-metadata-injection-4.22.2.tgz delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/.helmignore delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/Chart.lock delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/Chart.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/README.md.gotmpl delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/NOTES.txt delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-createSecret.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-patchWebhook.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/psp.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/role.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/rolebinding.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/cert-manager.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/deployment.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/templates/service.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/tests/cluster_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/tests/job_serviceaccount_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/tests/rbac_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/tests/volume_mounts_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-metadata-injection/values.yaml create mode 100644 addons/nri-bundle/charts/nri-prometheus-2.1.19.tgz delete mode 100644 addons/nri-bundle/charts/nri-prometheus/.helmignore delete mode 100644 addons/nri-bundle/charts/nri-prometheus/Chart.lock delete mode 100644 addons/nri-bundle/charts/nri-prometheus/Chart.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/README.md.gotmpl delete mode 100644 addons/nri-bundle/charts/nri-prometheus/ci/test-lowdatamode-values.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/ci/test-override-global-lowdatamode.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/ci/test-values.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/static/lowdatamodedefaults.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/templates/_helpers.tpl delete mode 100644 addons/nri-bundle/charts/nri-prometheus/templates/clusterrole.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/templates/clusterrolebinding.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/templates/configmap.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/templates/deployment.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/templates/secret.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/templates/serviceaccount.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/tests/configmap_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/tests/deployment_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/tests/labels_test.yaml delete mode 100644 addons/nri-bundle/charts/nri-prometheus/values.yaml create mode 100644 addons/nri-bundle/charts/pixie-operator-chart-0.1.6.tgz delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/Chart.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/crds/olm_crd.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/crds/vizier_crd.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/templates/00_olm.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/templates/01_px_olm.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/templates/02_catalog.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/templates/03_subscription.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/templates/04_vizier.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/templates/deleter_role.yaml delete mode 100644 addons/nri-bundle/charts/pixie-operator-chart/values.yaml delete mode 100644 addons/nri-bundle/form.yaml diff --git a/addons/nri-bundle-deprecated/.helmignore b/addons/nri-bundle-deprecated/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/addons/nri-bundle-deprecated/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/nri-bundle-deprecated/Chart.lock b/addons/nri-bundle-deprecated/Chart.lock deleted file mode 100644 index 01b8e5d04..000000000 --- a/addons/nri-bundle-deprecated/Chart.lock +++ /dev/null @@ -1,36 +0,0 @@ -dependencies: -- name: newrelic-infrastructure - repository: https://newrelic.github.io/nri-kubernetes - version: 3.17.0 -- name: nri-prometheus - repository: https://newrelic.github.io/nri-prometheus - version: 2.1.16 -- name: newrelic-prometheus-agent - repository: https://newrelic.github.io/newrelic-prometheus-configurator - version: 1.2.0 -- name: nri-metadata-injection - repository: https://newrelic.github.io/k8s-metadata-injection - version: 4.3.0 -- name: newrelic-k8s-metrics-adapter - repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter - version: 1.2.0 -- name: kube-state-metrics - repository: https://prometheus-community.github.io/helm-charts - version: 4.23.0 -- name: nri-kube-events - repository: https://newrelic.github.io/nri-kube-events - version: 3.0.0 -- name: newrelic-logging - repository: https://newrelic.github.io/helm-charts - version: 1.14.1 -- name: newrelic-pixie - repository: https://newrelic.github.io/helm-charts - version: 2.1.0 -- name: pixie-operator-chart - repository: https://pixie-operator-charts.storage.googleapis.com - version: 0.1.0 -- name: newrelic-infra-operator - repository: https://newrelic.github.io/newrelic-infra-operator - version: 2.2.0 -digest: sha256:0a1f51c3e283d5a873e74ef4994b8569b6b85a9d46adc7514447d4ce2399146d -generated: "2023-05-16T17:44:36.052686458Z" diff --git a/addons/nri-bundle-deprecated/Chart.yaml b/addons/nri-bundle-deprecated/Chart.yaml deleted file mode 100644 index 9ca45c22f..000000000 --- a/addons/nri-bundle-deprecated/Chart.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: v2 -name: nri-bundle -description: Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment. -home: https://github.com/newrelic/helm-charts -icon: https://companieslogo.com/img/orig/NEWR-de5fcb2e.png?t=1681801483 -sources: - - https://github.com/newrelic/nri-bundle/ - - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle - - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure - - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus - - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent - - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection - - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter - - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events - - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging - - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie - - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator -version: 0.13.0 -appVersion: 5.0.15 -dependencies: - - name: newrelic-infrastructure - repository: https://newrelic.github.io/nri-kubernetes - condition: infrastructure.enabled,newrelic-infrastructure.enabled - version: 3.17.0 - - name: nri-prometheus - repository: https://newrelic.github.io/nri-prometheus - condition: prometheus.enabled,nri-prometheus.enabled - version: 2.1.16 - - name: newrelic-prometheus-agent - repository: https://newrelic.github.io/newrelic-prometheus-configurator - condition: newrelic-prometheus-agent.enabled - version: 1.2.0 - - name: nri-metadata-injection - repository: https://newrelic.github.io/k8s-metadata-injection - condition: webhook.enabled,nri-metadata-injection.enabled - version: 4.3.0 - - name: newrelic-k8s-metrics-adapter - repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled - version: 1.2.0 - - name: kube-state-metrics - version: 4.23.0 - condition: ksm.enabled,kube-state-metrics.enabled - repository: https://prometheus-community.github.io/helm-charts - # Due to https://github.com/kubernetes/kube-state-metrics/pull/1906 hpa metrics cannot be reported anymore if - # kube-state-metrics version is > 2.6.0 (included by default in helm chart versions after 4.23) for kubernetes - # versions lower than 1.23, as it uses autoscaler/v2 API which - # [is not available until that kubernetes version](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#horizontalpodautoscaler-v2-graduates-to-ga). - - name: nri-kube-events - repository: https://newrelic.github.io/nri-kube-events - condition: kubeEvents.enabled,nri-kube-events.enabled - version: 3.0.0 - - name: newrelic-logging - repository: https://newrelic.github.io/helm-charts - condition: logging.enabled,newrelic-logging.enabled - version: 1.14.1 - - name: newrelic-pixie - repository: https://newrelic.github.io/helm-charts - condition: newrelic-pixie.enabled - version: 2.1.0 - # Keep the version of pixie-operator-chart in sync with the CRD versions for - # olm_crd.yaml and px.dev_viziers.yaml in - # https://github.com/newrelic/open-install-library/blob/main/recipes/newrelic/infrastructure/kubernetes.yml - - name: pixie-operator-chart - alias: pixie-chart - repository: https://pixie-operator-charts.storage.googleapis.com - condition: pixie-chart.enabled - version: 0.1.0 - - name: newrelic-infra-operator - repository: https://newrelic.github.io/newrelic-infra-operator - condition: newrelic-infra-operator.enabled - version: 2.2.0 -maintainers: - - name: nserrino - url: https://github.com/nserrino - - name: philkuz - url: https://github.com/philkuz - - name: htroisi - url: https://github.com/htroisi - - name: juanjjaramillo - url: https://github.com/juanjjaramillo - - name: svetlanabrennan - url: https://github.com/svetlanabrennan - - name: nrepai - url: https://github.com/nrepai - - name: csongnr - url: https://github.com/csongnr - - name: vuqtran88 - url: https://github.com/vuqtran88 - - name: xqi-nr - url: https://github.com/xqi-nr -keywords: - - infrastructure - - newrelic - - MONITORING - - APP diff --git a/addons/nri-bundle-deprecated/README.md b/addons/nri-bundle-deprecated/README.md deleted file mode 100644 index 01e3f00a4..000000000 --- a/addons/nri-bundle-deprecated/README.md +++ /dev/null @@ -1,204 +0,0 @@ -# nri-bundle - -Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment. - -**Homepage:** - -## Bundled charts - -This chart does not deploy anything by itself but has many charts as dependencies. This allows you to easily install and upgrade the New Relic -Kubernetes Integration using only one chart. - -In case you need more information about each component this chart installs, or you are an advanced user that want to install each component separately, -here is a list of components that this chart installs and where you can find more information about them: - -| Component | Installed by default? | Description | -|------------------------------|-----------------------|-------------| -| [newrelic-infrastructure](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) | Yes | Sends metrics about nodes, cluster objects (e.g. Deployments, Pods), and the control plane to New Relic. | -| [nri-metadata-injection](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) | Yes | Enriches New Relic-instrumented applications (APM) with Kubernetes information. | -| [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) | | Required for `newrelic-infrastructure` to gather cluster-level metrics. | -| [nri-kube-events](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) | | Reports Kubernetes events to New Relic. | -| [newrelic-infra-operator](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) | | (Beta) Used with Fargate or serverless environments to inject `newrelic-infrastructure` as a sidecar instead of the usual DaemonSet. | -| [newrelic-k8s-metrics-adapter](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) | | (Beta) Provides a source of data for Horizontal Pod Autoscalers (HPA) based on a NRQL query from New Relic. | -| [newrelic-logging](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) | | Sends logs for Kubernetes components and workloads running on the cluster to New Relic. | -| [nri-prometheus](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) | | Sends metrics from applications exposing Prometheus metrics to New Relic. | -| [newrelic-prometheus-configurator](https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent) | | Configures instances of Prometheus in Agent mode to send metrics to the New Relic Prometheus endpoint. | -| [newrelic-pixie](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) | | Connects to the Pixie API and enables the New Relic plugin in Pixie. The plugin allows you to export data from Pixie to New Relic for long-term data retention. | -| [Pixie](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) | | Is an open source observability tool for Kubernetes applications that uses eBPF to automatically capture telemetry data without the need for manual instrumentation. | - -## Configure components - -It is possible to configure settings for the individual charts this chart groups by specifying values for them under a key using the name of the chart, -as specified in [helm documentation](https://helm.sh/docs/chart_template_guide/subcharts_and_globals). - -For example, by adding the following to the `values.yml` file: - -```yaml -# Configuration settings for the newrelic-infrastructure chart -newrelic-infrastructure: - # Any key defined in the values.yml file for the newrelic-infrastructure chart can be configured here: - # https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml - - verboseLog: false - - resources: - limits: - memory: 512M -``` - -It is possible to override any entry of the [`newrelic-infrastructure`](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) -chart, as defined in their [`values.yml` file](https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml). - -The same approach can be followed to update any of the subcharts. - -After making these changes to the `values.yml` file, or a custom values file, make sure to apply them using: - -``` -$ helm upgrade --reuse-values -f values.yaml [RELEASE] newrelic/nri-bundle -``` - -Where `[RELEASE]` is the name of the helm release, e.g. `newrelic-bundle`. - -## Monitor on host integrations - -If you wish to monitor services running on Kubernetes you can provide integrations -configuration under `integrations_config` that it will passed down to the `newrelic-infrastructure` chart. - -You just need to create a new entry where the "name" is the filename of the configuration file and the data is the content of -the integration configuration. The name must end in ".yaml" as this will be the -filename generated and the Infrastructure agent only looks for YAML files. - -The data part is the actual integration configuration as described in the spec here: -https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180 - -In the following example you can see how to monitor a Redis integration with autodiscovery - -```yaml -newrelic-infrastructure: - integrations: - nri-redis-sampleapp: - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes --tls --port 10250 - match: - label.app: sampleapp - integrations: - - name: nri-redis - env: - # using the discovered IP as the hostname address - HOSTNAME: ${discovery.ip} - PORT: 6379 - labels: - env: test -``` - -## Bring your own KSM - -New Relic Kubernetes Integration requires an instance of kube-state-metrics (KSM) to be running in the cluster, which this chart pulls as a dependency. If you are already running or want to run your own KSM instance, you will need to make some small adjustments as described below. - -### Bring your own KSM - -If you already have one KSM instance running, you can point `nri-kubernetes` to your instance: - -```yaml -kube-state-metrics: - # Disable bundled KSM. - enabled: false -newrelic-infrastructure: - ksm: - config: - # Selector for your pre-installed KSM Service. You may need to adjust this to fit your existing installation. - selector: "app.kubernetes.io/name=kube-state-metrics" - # Alternatively, you can specify a fixed URL where KSM is available. Doing so will bypass autodiscovery. - #staticUrl: http://ksm.ksm.svc.cluster.local:8080/metrics -``` - -### Run KSM alongside a different version - -If you need to run a different instance of KSM in your cluster, you can still run a separate instance for the Kubernetes Integration to work as intended: - -```yaml -kube-state-metrics: - # Enable bundled KSM. - enabled: true - prometheusScrape: false - customLabels: - # Label unique to this KSM instance. - newrelic.com/custom-ksm: "true" -newrelic-infrastructure: - ksm: - config: - # Use label above as a selector. - selector: "newrelic.com/custom-ksm=true" -``` - -For more information on supported KSM version visit the [requirements documentation](https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/kubernetes-integration-compatibility-requirements#reqs) - -## Values managed globally - -Some of the subchart implement the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which -means that it honors a wide range of defaults and globals common to most New Relic Helm charts. - -Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at -[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md). - -At the time of writing this document, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this library and -honors global options as described below. - -Note, the value table below is automatically generated from `values.yaml` by `helm-docs`. If you need to add new fields or update existing fields, please update the `values.yaml` and then run `helm-docs` to update this value table. - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| global | object | See [`values.yaml`](values.yaml) | change the behaviour globally to all the supported helm charts. See [user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) for further information. | -| global.affinity | object | `{}` | Sets pod/node affinities | -| global.cluster | string | `""` | The cluster name for the Kubernetes cluster. | -| global.containerSecurityContext | object | `{}` | Sets security context (at container level) | -| global.customAttributes | object | `{}` | Adds extra attributes to the cluster and all the metrics emitted to the backend | -| global.customSecretLicenseKey | string | `""` | Key in the Secret object where the license key is stored | -| global.customSecretName | string | `""` | Name of the Secret object where the license key is stored | -| global.dnsConfig | object | `{}` | Sets pod's dnsConfig | -| global.fargate | bool | false | Must be set to `true` when deploying in an EKS Fargate environment | -| global.hostNetwork | bool | false | Sets pod's hostNetwork | -| global.images.pullSecrets | list | `[]` | Set secrets to be able to fetch images | -| global.images.registry | string | `""` | Changes the registry where to get the images. Useful when there is an internal image cache/proxy | -| global.insightsKey | string | `""` | The license key for your New Relic Account. This will be preferred configuration option if both `insightsKey` and `customSecret` are specified. | -| global.labels | object | `{}` | Additional labels for chart objects | -| global.licenseKey | string | `""` | The license key for your New Relic Account. This will be preferred configuration option if both `licenseKey` and `customSecret` are specified. | -| global.lowDataMode | bool | false | Reduces number of metrics sent in order to reduce costs | -| global.nodeSelector | object | `{}` | Sets pod's node selector | -| global.nrStaging | bool | false | Send the metrics to the staging backend. Requires a valid staging license key | -| global.podLabels | object | `{}` | Additional labels for chart pods | -| global.podSecurityContext | object | `{}` | Sets security context (at pod level) | -| global.priorityClassName | string | `""` | Sets pod's priorityClassName | -| global.privileged | bool | false | In each integration it has different behavior. See [Further information](#values-managed-globally-3) but all aims to send less metrics to the backend to try to save costs | | -| global.proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port` | -| global.serviceAccount.annotations | object | `{}` | Add these annotations to the service account we create | -| global.serviceAccount.create | string | `nil` | Configures if the service account should be created or not | -| global.serviceAccount.name | string | `nil` | Change the name of the service account. This is honored if you disable on this chart the creation of the service account so you can use your own | -| global.tolerations | list | `[]` | Sets pod's tolerations to node taints | -| global.verboseLog | bool | false | Sets the debug logs to this integration or all integrations if it is set globally | -| kube-state-metrics.enabled | bool | `false` | Install the [`kube-state-metrics` chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) from the stable helm charts repository. This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0. Note, kube-state-metrics v2+ disables labels/annotations metrics by default. You can enable the target labels/annotations metrics to be monitored by using the metricLabelsAllowlist/metricAnnotationsAllowList options described [here](https://github.com/prometheus-community/helm-charts/blob/159cd8e4fb89b8b107dcc100287504bb91bf30e0/charts/kube-state-metrics/values.yaml#L274) in your Kubernetes clusters. | -| newrelic-infra-operator.enabled | bool | `false` | Install the [`newrelic-infra-operator` chart](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) (Beta) | -| newrelic-infrastructure.enabled | bool | `true` | Install the [`newrelic-infrastructure` chart](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) | -| newrelic-k8s-metrics-adapter.enabled | bool | `false` | Install the [`newrelic-k8s-metrics-adapter.` chart](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) (Beta) | -| newrelic-logging.enabled | bool | `false` | Install the [`newrelic-logging` chart](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) | -| newrelic-pixie.enabled | bool | `false` | Install the [`newrelic-pixie`](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie) | -| newrelic-prometheus-agent.enabled | bool | `false` | Install the [`newrelic-prometheus-agent` chart](https://github.com/newrelic/newrelic-prometheus-configurator/tree/main/charts/newrelic-prometheus-agent) | -| nri-kube-events.enabled | bool | `false` | Install the [`nri-kube-events` chart](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) | -| nri-metadata-injection.enabled | bool | `true` | Install the [`nri-metadata-injection` chart](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) | -| nri-prometheus.enabled | bool | `false` | Install the [`nri-prometheus` chart](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus) | -| pixie-chart.enabled | bool | `false` | Install the [`pixie-chart` chart](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy) | - -## Maintainers - -* [nserrino](https://github.com/nserrino) -* [philkuz](https://github.com/philkuz) -* [htroisi](https://github.com/htroisi) -* [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) -* [nrepai](https://github.com/nrepai) -* [csongnr](https://github.com/csongnr) -* [vuqtran88](https://github.com/vuqtran88) -* [xqi-nr](https://github.com/xqi-nr) diff --git a/addons/nri-bundle-deprecated/README.md.gotmpl b/addons/nri-bundle-deprecated/README.md.gotmpl deleted file mode 100644 index cfb927737..000000000 --- a/addons/nri-bundle-deprecated/README.md.gotmpl +++ /dev/null @@ -1,5 +0,0 @@ -## Info -[New Relic](https://newrelic.com/) is an all-in-one observability platform. - -## Docs -For more information about monitoring Kubernetes with New Relic, please refer to the [New Relic documentation](https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/introduction-kubernetes-integration/). diff --git a/addons/nri-bundle-deprecated/charts/common/.helmignore b/addons/nri-bundle-deprecated/charts/common/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/addons/nri-bundle-deprecated/charts/common/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/nri-bundle-deprecated/charts/common/Chart.yaml b/addons/nri-bundle-deprecated/charts/common/Chart.yaml deleted file mode 100644 index d01fcb482..000000000 --- a/addons/nri-bundle-deprecated/charts/common/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -description: Provides helpers to provide consistency on all the charts -keywords: -- newrelic -- chart-library -maintainers: -- name: nserrino - url: https://github.com/nserrino -- name: philkuz - url: https://github.com/philkuz -- name: htroisi - url: https://github.com/htroisi -- name: juanjjaramillo - url: https://github.com/juanjjaramillo -- name: svetlanabrennan - url: https://github.com/svetlanabrennan -- name: nrepai - url: https://github.com/nrepai -- name: csongnr - url: https://github.com/csongnr -- name: vuqtran88 - url: https://github.com/vuqtran88 -- name: xqi-nr - url: https://github.com/xqi-nr -name: common-library -type: library -version: 1.1.1 diff --git a/addons/nri-bundle-deprecated/charts/common/DEVELOPERS.md b/addons/nri-bundle-deprecated/charts/common/DEVELOPERS.md deleted file mode 100644 index f19983a67..000000000 --- a/addons/nri-bundle-deprecated/charts/common/DEVELOPERS.md +++ /dev/null @@ -1,620 +0,0 @@ -# Functions/templates documented for chart writers -Here is some rough documentation separated by the file that contains the function, the function -name and how to use it. We are not covering functions that start with `_` (e.g. -`newrelic.common.license._licenseKey`) because they are used internally by this library for -other helpers. Helm does not have the concept of "public" or "private" functions/templates so -this is a convention of ours. - -## _naming.tpl -These functions are used to name objects. - -### `newrelic.common.naming.name` -This is the same as the idiomatic `CHART-NAME.name` that is created when you use `helm create`. - -It honors `.Values.nameOverride`. - -Usage: -```mustache -{{ include "newrelic.common.naming.name" . }} -``` - -### `newrelic.common.naming.fullname` -This is the same as the idiomatic `CHART-NAME.fullname` that is created when you use `helm create` - -It honors `.Values.fullnameOverride`. - -Usage: -```mustache -{{ include "newrelic.common.naming.fullname" . }} -``` - -### `newrelic.common.naming.chart` -This is the same as the idiomatic `CHART-NAME.chart` that is created when you use `helm create`. - -It is mostly useless for chart writers. It is used internally for templating the labels but there -is no reason to keep it "private". - -Usage: -```mustache -{{ include "newrelic.common.naming.chart" . }} -``` - -### `newrelic.common.naming.truncateToDNS` -This is a useful template that could be used to trim a string to 63 chars and does not end with a dash (`-`). -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). - -Usage: -```mustache -{{ $nameToTruncate := "a-really-really-really-really-REALLY-long-string-that-should-be-truncated-because-it-is-enought-long-to-brak-something" -{{- $truncatedName := include "newrelic.common.naming.truncateToDNS" $nameToTruncate }} -{{- $truncatedName }} -{{- /* This should print: a-really-really-really-really-REALLY-long-string-that-should-be */ -}} -``` - -### `newrelic.common.naming.truncateToDNSWithSuffix` -This template function is the same as the above but instead of receiving a string you should give a `dict` -with a `name` and a `suffix`. This function will join them with a dash (`-`) and trim the `name` so the -result of `name-suffix` is no more than 63 chars - -Usage: -```mustache -{{ $nameToTruncate := "a-really-really-really-really-REALLY-long-string-that-should-be-truncated-because-it-is-enought-long-to-brak-something" -{{- $suffix := "A-NOT-SO-LONG-SUFFIX" }} -{{- $truncatedName := include "truncateToDNSWithSuffix" (dict "name" $nameToTruncate "suffix" $suffix) }} -{{- $truncatedName }} -{{- /* This should print: a-really-really-really-really-REALLY-long-A-NOT-SO-LONG-SUFFIX */ -}} -``` - - - -## _labels.tpl -### `newrelic.common.labels`, `newrelic.common.labels.selectorLabels` and `newrelic.common.labels.podLabels` -These are functions that are used to label objects. They are configured by this `values.yaml` -```yaml -global: - podLabels: {} # included in all the pods of all the charts that implement this library - labels: {} # included in all the objects of all the charts that implement this library -podLabels: {} # included in all the pods of this chart -labels: {} # included in all the objects of this chart -``` - -label maps are merged from global to local values. - -And chart writer should use them like this: -```mustache -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} -``` - -`newrelic.common.labels.podLabels` includes `newrelic.common.labels.selectorLabels` automatically. - - - -## _priority-class-name.tpl -### `newrelic.common.priorityClassName` -Like almost everything in this library, it reads global and local variables: -```yaml -global: - priorityClassName: "" -priorityClassName: "" -``` - -Be careful: chart writers should put an empty string (or any kind of Helm falsiness) for this -library to work properly. If in your values a non-falsy `priorityClassName` is found, the global -one is going to be always ignored. - -Usage (example in a pod spec): -```mustache -spec: - {{- with include "newrelic.common.priorityClassName" . }} - priorityClassName: {{ . }} - {{- end }} -``` - - - -## _hostnetwork.tpl -### `newrelic.common.hostNetwork` -Like almost everything in this library, it reads global and local variables: -```yaml -global: - hostNetwork: # Note that this is empty (nil) -hostNetwork: # Note that this is empty (nil) -``` - -Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you -values a `hostNetwork` is defined, the global one is going to be always ignored. - -This function returns "true" of "" (empty string) so it can be used for evaluating conditionals. - -Usage (example in a pod spec): -```mustache -spec: - {{- with include "newrelic.common.hostNetwork" . }} - hostNetwork: {{ . }} - {{- end }} -``` - -### `newrelic.common.hostNetwork.value` -This function is an abstraction of the function above but this returns directly "true" or "false". - -Be careful with using this with an `if` as Helm does evaluate "false" (string) as `true`. - -Usage (example in a pod spec): -```mustache -spec: - hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }} -``` - - - -## _dnsconfig.tpl -### `newrelic.common.dnsConfig` -Like almost everything in this library, it reads global and local variables: -```yaml -global: - dnsConfig: {} -dnsConfig: {} -``` - -Be careful: chart writers should put an empty string (or any kind of Helm falsiness) for this -library to work properly. If in your values a non-falsy `dnsConfig` is found, the global -one is going to be always ignored. - -Usage (example in a pod spec): -```mustache -spec: - {{- with include "newrelic.common.dnsConfig" . }} - dnsConfig: - {{- . | nindent 4 }} - {{- end }} -``` - - - -## _images.tpl -These functions help us to deal with how images are templated. This allows setting `registries` -where to fetch images globally while being flexible enough to fit in different maps of images -and deployments with one or more images. This is the example of a complex `values.yaml` that -we are going to use during the documentation of these functions: - -```yaml -global: - images: - registry: nexus-3-instance.internal.clients-domain.tld -jobImage: - registry: # defaults to "example.tld" when empty in these examples - repository: ingress-nginx/kube-webhook-certgen - tag: v1.1.1 - pullPolicy: IfNotPresent - pullSecrets: [] -images: - integration: - registry: - repository: newrelic/nri-kube-events - tag: 1.8.0 - pullPolicy: IfNotPresent - agent: - registry: - repository: newrelic/k8s-events-forwarder - tag: 1.22.0 - pullPolicy: IfNotPresent - pullSecrets: [] -``` - -### `newrelic.common.images.image` -This will return a string with the image ready to be downloaded that includes the registry, the image and the tag. -`defaultRegistry` is used to keep `registry` field empty in `values.yaml` so you can override the image using -`global.images.registry`, your local `jobImage.registry` and be able to fallback to a registry that is not `docker.io` -(Or the default repository that the client could have set in the CRI). - -Usage: -```mustache -{{- /* For the integration */}} -{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.integration "context" .) }} -{{- /* For the agent */}} -{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.agent "context" .) }} -{{- /* For jobImage */}} -{{ include "newrelic.common.images.image" ( dict "defaultRegistry" "example.tld" "imageRoot" .Values.jobImage "context" .) }} -``` - -### `newrelic.common.images.registry` -It returns the registry from the global or local values. You should avoid using this helper to create your image -URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed. - -Usage: -```mustache -{{- /* For the integration */}} -{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.images.integration "context" .) }} -{{- /* For the agent */}} -{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.images.agent "context" .) }} -{{- /* For jobImage */}} -{{ include "newrelic.common.images.registry" ( dict "defaultRegistry" "example.tld" "imageRoot" .Values.jobImage "context" .) }} -``` - -### `newrelic.common.images.repository` -It returns the image from the values. You should avoid using this helper to create your image -URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed. - -Usage: -```mustache -{{- /* For jobImage */}} -{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.jobImage "context" .) }} -{{- /* For the integration */}} -{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.images.integration "context" .) }} -{{- /* For the agent */}} -{{ include "newrelic.common.images.repository" ( dict "imageRoot" .Values.images.agent "context" .) }} -``` - -### `newrelic.common.images.tag` -It returns the image's tag from the values. You should avoid using this helper to create your image -URL and use `newrelic.common.images.image` instead, but it is there to be used in case it is needed. - -Usage: -```mustache -{{- /* For jobImage */}} -{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.jobImage "context" .) }} -{{- /* For the integration */}} -{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.images.integration "context" .) }} -{{- /* For the agent */}} -{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.images.agent "context" .) }} -``` - -### `newrelic.common.images.renderPullSecrets` -If returns a merged map that contains the pull secrets from the global configuration and the local one. - -Usage: -```mustache -{{- /* For jobImage */}} -{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.jobImage.pullSecrets "context" .) }} -{{- /* For the integration */}} -{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.images.pullSecrets "context" .) }} -{{- /* For the agent */}} -{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" .Values.images.pullSecrets "context" .) }} -``` - - - -## _serviceaccount.tpl -These functions are used to evaluate if the service account should be created, with which name and add annotations to it. - -The functions that the common library has implemented for service accounts are: -* `newrelic.common.serviceAccount.create` -* `newrelic.common.serviceAccount.name` -* `newrelic.common.serviceAccount.annotations` - -Usage: -```mustache -{{- if include "newrelic.common.serviceAccount.create" . -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- with (include "newrelic.common.serviceAccount.annotations" .) }} - annotations: - {{- . | nindent 4 }} - {{- end }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -``` - - - -## _affinity.tpl, _nodeselector.tpl and _tolerations.tpl -These three files are almost the same and they follow the idiomatic way of `helm create`. - -Each function also looks if there is a global value like the other helpers. -```yaml -global: - affinity: {} - nodeSelector: {} - tolerations: [] -affinity: {} -nodeSelector: {} -tolerations: [] -``` - -The values here are replaced instead of be merged. If a value at root level is found, the global one is ignored. - -Usage (example in a pod spec): -```mustache -spec: - {{- with include "newrelic.common.nodeSelector" . }} - nodeSelector: - {{- . | nindent 4 }} - {{- end }} - {{- with include "newrelic.common.affinity" . }} - affinity: - {{- . | nindent 4 }} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 4 }} - {{- end }} -``` - - - -## _agent-config.tpl -### `newrelic.common.agentConfig.defaults` -This returns a YAML that the agent can use directly as a config that includes other options from the values file like verbose mode, -custom attributes, FedRAMP and such. - -Usage: -```mustache -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include newrelic.common.naming.truncateToDNSWithSuffix (dict "name" (include "newrelic.common.naming.fullname" .) suffix "agent-config") }} - namespace: {{ .Release.Namespace }} -data: - newrelic-infra.yml: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - {{- include "newrelic.common.agentConfig.defaults" . | nindent 4 }} -``` - - - -## _cluster.tpl -### `newrelic.common.cluster` -Returns the cluster name - -Usage: -```mustache -{{ include "newrelic.common.cluster" . }} -``` - - - -## _custom-attributes.tpl -### `newrelic.common.customAttributes` -Return custom attributes in YAML format. - -Usage: -```mustache -apiVersion: v1 -kind: ConfigMap -metadata: - name: example -data: - custom-attributes.yaml: | - {{- include "newrelic.common.customAttributes" . | nindent 4 }} - custom-attributes.json: | - {{- include "newrelic.common.customAttributes" . | fromYaml | toJson | nindent 4 }} -``` - - - -## _fedramp.tpl -### `newrelic.common.fedramp.enabled` -Returns true if FedRAMP is enabled or an empty string if not. It can be safely used in conditionals as an empty string is a Helm falsiness. - -Usage: -```mustache -{{ include "newrelic.common.fedramp.enabled" . }} -``` - -### `newrelic.common.fedramp.enabled.value` -Returns true if FedRAMP is enabled or false if not. This is to have the value of FedRAMP ready to be templated. - -Usage: -```mustache -{{ include "newrelic.common.fedramp.enabled.value" . }} -``` - - - -## _license.tpl -### `newrelic.common.license.secretName` and ### `newrelic.common.license.secretKeyName` -Returns the secret and key inside the secret where to read the license key. - -The common library will take care of using a user-provided custom secret or creating a secret that contains the license key. - -To create the secret use `newrelic.common.license.secret`. - -Usage: -```mustache -{{- if and (.Values.controlPlane.enabled) (not (include "newrelic.fargate" .)) }} -apiVersion: v1 -kind: Pod -metadata: - name: example -spec: - containers: - - name: agent - env: - - name: "NRIA_LICENSE_KEY" - valueFrom: - secretKeyRef: - name: {{ include "newrelic.common.license.secretName" . }} - key: {{ include "newrelic.common.license.secretKeyName" . }} -``` - - - -## _license_secret.tpl -### `newrelic.common.license.secret` -This function templates the secret that is used by agents and integrations with the license Key provided by the user. It will -template nothing (empty string) if the user provides a custom pair of secret name and key. - -This template also fails in case the user has not provided any license key or custom secret so no safety checks have to be done -by chart writers. - -You just must have a template with these two lines: -```mustache -{{- /* Common library will take care of creating the secret or not. */ -}} -{{- include "newrelic.common.license.secret" . -}} -``` - - - -## _low-data-mode.tpl -### `newrelic.common.lowDataMode` -Like almost everything in this library, it reads global and local variables: -```yaml -global: - lowDataMode: # Note that this is empty (nil) -lowDataMode: # Note that this is empty (nil) -``` - -Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you -values a `lowdataMode` is defined, the global one is going to be always ignored. - -This function returns "true" of "" (empty string) so it can be used for evaluating conditionals. - -Usage: -```mustache -{{ include "newrelic.common.lowDataMode" . }} -``` - - - -## _privileged.tpl -### `newrelic.common.privileged` -Like almost everything in this library, it reads global and local variables: -```yaml -global: - privileged: # Note that this is empty (nil) -privileged: # Note that this is empty (nil) -``` - -Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you -values a `privileged` is defined, the global one is going to be always ignored. - -Chart writers could override this and put directly a `true` in the `values.yaml` to override the -default of the common library. - -This function returns "true" of "" (empty string) so it can be used for evaluating conditionals. - -Usage: -```mustache -{{ include "newrelic.common.privileged" . }} -``` - -### `newrelic.common.privileged.value` -Returns true if privileged mode is enabled or false if not. This is to have the value of privileged ready to be templated. - -Usage: -```mustache -{{ include "newrelic.common.privileged.value" . }} -``` - - - -## _proxy.tpl -### `newrelic.common.proxy` -Returns the proxy URL configured by the user. - -Usage: -```mustache -{{ include "newrelic.common.proxy" . }} -``` - - - -## _security-context.tpl -Use these functions to share the security context among all charts. Useful in clusters that have security enforcing not to -use the root user (like OpenShift) or users that have an admission webhooks. - -The functions are: -* `newrelic.common.securityContext.container` -* `newrelic.common.securityContext.pod` - -Usage: -```mustache -apiVersion: v1 -kind: Pod -metadata: - name: example -spec: - spec: - {{- with include "newrelic.common.securityContext.pod" . }} - securityContext: - {{- . | nindent 8 }} - {{- end }} - - containers: - - name: example - {{- with include "nriKubernetes.securityContext.container" . }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} -``` - - - -## _staging.tpl -### `newrelic.common.nrStaging` -Like almost everything in this library, it reads global and local variables: -```yaml -global: - nrStaging: # Note that this is empty (nil) -nrStaging: # Note that this is empty (nil) -``` - -Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you -values a `nrStaging` is defined, the global one is going to be always ignored. - -This function returns "true" of "" (empty string) so it can be used for evaluating conditionals. - -Usage: -```mustache -{{ include "newrelic.common.nrStaging" . }} -``` - -### `newrelic.common.nrStaging.value` -Returns true if staging is enabled or false if not. This is to have the staging value ready to be templated. - -Usage: -```mustache -{{ include "newrelic.common.nrStaging.value" . }} -``` - - - -## _verbose-log.tpl -### `newrelic.common.verboseLog` -Like almost everything in this library, it reads global and local variables: -```yaml -global: - verboseLog: # Note that this is empty (nil) -verboseLog: # Note that this is empty (nil) -``` - -Be careful: chart writers should NOT PUT ANY VALUE for this library to work properly. If in you -values a `verboseLog` is defined, the global one is going to be always ignored. - -Usage: -```mustache -{{ include "newrelic.common.verboseLog" . }} -``` - -### `newrelic.common.verboseLog.valueAsBoolean` -Returns true if verbose is enabled or false if not. This is to have the verbose value ready to be templated as a boolean - -Usage: -```mustache -{{ include "newrelic.common.verboseLog.valueAsBoolean" . }} -``` - -### `newrelic.common.verboseLog.valueAsInt` -Returns 1 if verbose is enabled or 0 if not. This is to have the verbose value ready to be templated as an integer - -Usage: -```mustache -{{ include "newrelic.common.verboseLog.valueAsInt" . }} -``` diff --git a/addons/nri-bundle-deprecated/charts/common/README.md b/addons/nri-bundle-deprecated/charts/common/README.md deleted file mode 100644 index 10f08ca67..000000000 --- a/addons/nri-bundle-deprecated/charts/common/README.md +++ /dev/null @@ -1,106 +0,0 @@ -# Helm Common library - -The common library is a way to unify the UX through all the Helm charts that implement it. - -The tooling suite that New Relic is huge and growing and this allows to set things globally -and locally for a single chart. - -## Documentation for chart writers - -If you are writing a chart that is going to use this library you can check the [developers guide](/library/common-library/DEVELOPERS.md) to see all -the functions/templates that we have implemented, what they do and how to use them. - -## Values managed globally - -We want to have a seamless experience through all the charts so we created this library that tries to standardize the behaviour -of all the charts. Sadly, because of the complexity of all these integrations, not all the charts behave exactly as expected. - -An example is `newrelic-infrastructure` that ignores `hostNetwork` in the control plane scraper because most of the users has the -control plane listening in the node to `localhost`. - -For each chart that has a special behavior (or further information of the behavior) there is a "chart particularities" section -in its README.md that explains which is the expected behavior. - -At the time of writing this, all the charts from `nri-bundle` except `newrelic-logging` and `synthetics-minion` implements this -library and honors global options as described in this document. - -Here is a list of global options: - -| Global keys | Local keys | Default | Merged[1](#values-managed-globally-1) | Description | -|-------------|------------|---------|--------------------------------------------------|-------------| -| global.cluster | cluster | `""` | | Name of the Kubernetes cluster monitored | -| global.licenseKey | licenseKey | `""` | | This set this license key to use | -| global.customSecretName | customSecretName | `""` | | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there | -| global.customSecretLicenseKey | customSecretLicenseKey | `""` | | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located | -| global.podLabels | podLabels | `{}` | yes | Additional labels for chart pods | -| global.labels | labels | `{}` | yes | Additional labels for chart objects | -| global.priorityClassName | priorityClassName | `""` | | Sets pod's priorityClassName | -| global.hostNetwork | hostNetwork | `false` | | Sets pod's hostNetwork | -| global.dnsConfig | dnsConfig | `{}` | | Sets pod's dnsConfig | -| global.images.registry | See [Further information](#values-managed-globally-2) | `""` | | Changes the registry where to get the images. Useful when there is an internal image cache/proxy | -| global.images.pullSecrets | See [Further information](#values-managed-globally-2) | `[]` | yes | Set secrets to be able to fetch images | -| global.podSecurityContext | podSecurityContext | `{}` | | Sets security context (at pod level) | -| global.containerSecurityContext | containerSecurityContext | `{}` | | Sets security context (at container level) | -| global.affinity | affinity | `{}` | | Sets pod/node affinities | -| global.nodeSelector | nodeSelector | `{}` | | Sets pod's node selector | -| global.tolerations | tolerations | `[]` | | Sets pod's tolerations to node taints | -| global.serviceAccount.create | serviceAccount.create | `true` | | Configures if the service account should be created or not | -| global.serviceAccount.name | serviceAccount.name | name of the release | | Change the name of the service account. This is honored if you disable on this cahrt the creation of the service account so you can use your own. | -| global.serviceAccount.annotations | serviceAccount.annotations | `{}` | yes | Add these annotations to the service account we create | -| global.customAttributes | customAttributes | `{}` | | Adds extra attributes to the cluster and all the metrics emitted to the backend | -| global.fedramp | fedramp | `false` | | Enables FedRAMP | -| global.lowDataMode | lowDataMode | `false` | | Reduces number of metrics sent in order to reduce costs | -| global.privileged | privileged | Depends on the chart | | In each integration it has different behavior. See [Further information](#values-managed-globally-3) but all aims to send less metrics to the backend to try to save costs | -| global.proxy | proxy | `""` | | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port` | -| global.nrStaging | nrStaging | `false` | | Send the metrics to the staging backend. Requires a valid staging license key | -| global.verboseLog | verboseLog | `false` | | Sets the debug/trace logs to this integration or all integrations if it is set globally | - -### Further information - -#### 1. Merged - -Merged means that the values from global are not replaced by the local ones. Think in this example: -```yaml -global: - labels: - global: global - hostNetwork: true - nodeSelector: - global: global - -labels: - local: local -nodeSelector: - local: local -hostNetwork: false -``` - -This values will template `hostNetwork` to `false`, a map of labels `{ "global": "global", "local": "local" }` and a `nodeSelector` with -`{ "local": "local" }`. - -As Helm by default merges all the maps it could be confusing that we have two behaviors (merging `labels` and replacing `nodeSelector`) -the `values` from global to local. This is the rationale behind this: -* `hostNetwork` is templated to `false` because is overriding the value defined globally. -* `labels` are merged because the user may want to label all the New Relic pods at once and label other solution pods differently for - clarity' sake. -* `nodeSelector` does not merge as `labels` because could make it harder to overwrite/delete a selector that comes from global because - of the logic that Helm follows merging maps. - - -#### 2. Fine grain registries - -Some charts only have 1 image while others that can have 2 or more images. The local path for the registry can change depending -on the chart itself. - -As this is mostly unique per helm chart, you should take a look to the chart's values table (or directly to the `values.yaml` file to see all the -images that you can change. - -This should only be needed if you have an advanced setup that forces you to have granularity enough to force a proxy/cache registry per integration. - - - -#### 3. Privileged mode - -By default, from the common library, the privileged mode is set to false. But most of the helm charts require this to be true to fetch more -metrics so could see a true in some charts. The consequences of the privileged mode differ from one chart to another so for each chart that -honors the privileged mode toggle should be a section in the README explaining which is the behavior with it enabled or disabled. diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_affinity.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_affinity.tpl deleted file mode 100644 index 1b2636754..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_affinity.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{- /* Defines the Pod affinity */ -}} -{{- define "newrelic.common.affinity" -}} - {{- if .Values.affinity -}} - {{- toYaml .Values.affinity -}} - {{- else if .Values.global -}} - {{- if .Values.global.affinity -}} - {{- toYaml .Values.global.affinity -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_agent-config.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_agent-config.tpl deleted file mode 100644 index 9c32861a0..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_agent-config.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -This helper should return the defaults that all agents should have -*/}} -{{- define "newrelic.common.agentConfig.defaults" -}} -{{- if include "newrelic.common.verboseLog" . }} -log: - level: trace -{{- end }} - -{{- if (include "newrelic.common.nrStaging" . ) }} -staging: true -{{- end }} - -{{- with include "newrelic.common.proxy" . }} -proxy: {{ . | quote }} -{{- end }} - -{{- with include "newrelic.common.fedramp.enabled" . }} -fedramp: {{ . }} -{{- end }} - -{{- with fromYaml ( include "newrelic.common.customAttributes" . ) }} -custom_attributes: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_cluster.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_cluster.tpl deleted file mode 100644 index 0197dd35a..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_cluster.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{/* -Return the cluster -*/}} -{{- define "newrelic.common.cluster" -}} -{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}} -{{- $global := index .Values "global" | default dict -}} - -{{- if .Values.cluster -}} - {{- .Values.cluster -}} -{{- else if $global.cluster -}} - {{- $global.cluster -}} -{{- else -}} - {{ fail "There is not cluster name definition set neither in `.global.cluster' nor `.cluster' in your values.yaml. Cluster name is required." }} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_custom-attributes.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_custom-attributes.tpl deleted file mode 100644 index 92020719c..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_custom-attributes.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -This will render custom attributes as a YAML ready to be templated or be used with `fromYaml`. -*/}} -{{- define "newrelic.common.customAttributes" -}} -{{- $customAttributes := dict -}} - -{{- $global := index .Values "global" | default dict -}} -{{- if $global.customAttributes -}} -{{- $customAttributes = mergeOverwrite $customAttributes $global.customAttributes -}} -{{- end -}} - -{{- if .Values.customAttributes -}} -{{- $customAttributes = mergeOverwrite $customAttributes .Values.customAttributes -}} -{{- end -}} - -{{- toYaml $customAttributes -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_dnsconfig.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_dnsconfig.tpl deleted file mode 100644 index d4e40aa8a..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_dnsconfig.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{- /* Defines the Pod dnsConfig */ -}} -{{- define "newrelic.common.dnsConfig" -}} - {{- if .Values.dnsConfig -}} - {{- toYaml .Values.dnsConfig -}} - {{- else if .Values.global -}} - {{- if .Values.global.dnsConfig -}} - {{- toYaml .Values.global.dnsConfig -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_fedramp.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_fedramp.tpl deleted file mode 100644 index 9df8d6b5e..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_fedramp.tpl +++ /dev/null @@ -1,25 +0,0 @@ -{{- /* Defines the fedRAMP flag */ -}} -{{- define "newrelic.common.fedramp.enabled" -}} - {{- if .Values.fedramp -}} - {{- if .Values.fedramp.enabled -}} - {{- .Values.fedramp.enabled -}} - {{- end -}} - {{- else if .Values.global -}} - {{- if .Values.global.fedramp -}} - {{- if .Values.global.fedramp.enabled -}} - {{- .Values.global.fedramp.enabled -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} - - - -{{- /* Return FedRAMP value directly ready to be templated */ -}} -{{- define "newrelic.common.fedramp.enabled.value" -}} -{{- if include "newrelic.common.fedramp.enabled" . -}} -true -{{- else -}} -false -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_hostnetwork.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_hostnetwork.tpl deleted file mode 100644 index 4cf017ef7..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_hostnetwork.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{- /* -Abstraction of the hostNetwork toggle. -This helper allows to override the global `.global.hostNetwork` with the value of `.hostNetwork`. -Returns "true" if `hostNetwork` is enabled, otherwise "" (empty string) -*/ -}} -{{- define "newrelic.common.hostNetwork" -}} -{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}} -{{- $global := index .Values "global" | default dict -}} - -{{- /* -`get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs - -We also want only to return when this is true, returning `false` here will template "false" (string) when doing -an `(include "newrelic.common.hostNetwork" .)`, which is not an "empty string" so it is `true` if it is used -as an evaluation somewhere else. -*/ -}} -{{- if get .Values "hostNetwork" | kindIs "bool" -}} - {{- if .Values.hostNetwork -}} - {{- .Values.hostNetwork -}} - {{- end -}} -{{- else if get $global "hostNetwork" | kindIs "bool" -}} - {{- if $global.hostNetwork -}} - {{- $global.hostNetwork -}} - {{- end -}} -{{- end -}} -{{- end -}} - - -{{- /* -Abstraction of the hostNetwork toggle. -This helper abstracts the function "newrelic.common.hostNetwork" to return true or false directly. -*/ -}} -{{- define "newrelic.common.hostNetwork.value" -}} -{{- if include "newrelic.common.hostNetwork" . -}} -true -{{- else -}} -false -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_images.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_images.tpl deleted file mode 100644 index d4fb43290..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_images.tpl +++ /dev/null @@ -1,94 +0,0 @@ -{{- /* -Return the proper image name -{{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.path.to.the.image "defaultRegistry" "your.private.registry.tld" "context" .) }} -*/ -}} -{{- define "newrelic.common.images.image" -}} - {{- $registryName := include "newrelic.common.images.registry" ( dict "imageRoot" .imageRoot "defaultRegistry" .defaultRegistry "context" .context ) -}} - {{- $repositoryName := include "newrelic.common.images.repository" .imageRoot -}} - {{- $tag := include "newrelic.common.images.tag" ( dict "imageRoot" .imageRoot "context" .context) -}} - - {{- if $registryName -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag | quote -}} - {{- else -}} - {{- printf "%s:%s" $repositoryName $tag | quote -}} - {{- end -}} -{{- end -}} - - - -{{- /* -Return the proper image registry -{{ include "newrelic.common.images.registry" ( dict "imageRoot" .Values.path.to.the.image "defaultRegistry" "your.private.registry.tld" "context" .) }} -*/ -}} -{{- define "newrelic.common.images.registry" -}} -{{- $globalRegistry := "" -}} -{{- if .context.Values.global -}} - {{- if .context.Values.global.images -}} - {{- with .context.Values.global.images.registry -}} - {{- $globalRegistry = . -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{- $localRegistry := "" -}} -{{- if .imageRoot.registry -}} - {{- $localRegistry = .imageRoot.registry -}} -{{- end -}} - -{{- $registry := $localRegistry | default $globalRegistry | default .defaultRegistry -}} -{{- if $registry -}} - {{- $registry -}} -{{- end -}} -{{- end -}} - - - -{{- /* -Return the proper image repository -{{ include "newrelic.common.images.repository" .Values.path.to.the.image }} -*/ -}} -{{- define "newrelic.common.images.repository" -}} - {{- .repository -}} -{{- end -}} - - - -{{- /* -Return the proper image tag -{{ include "newrelic.common.images.tag" ( dict "imageRoot" .Values.path.to.the.image "context" .) }} -*/ -}} -{{- define "newrelic.common.images.tag" -}} - {{- .imageRoot.tag | default .context.Chart.AppVersion | toString -}} -{{- end -}} - - - -{{- /* -Return the proper Image Pull Registry Secret Names evaluating values as templates -{{ include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.path.to.the.images.pullSecrets1, .Values.path.to.the.images.pullSecrets2) "context" .) }} -*/ -}} -{{- define "newrelic.common.images.renderPullSecrets" -}} - {{- $flatlist := list }} - - {{- if .context.Values.global -}} - {{- if .context.Values.global.images -}} - {{- if .context.Values.global.images.pullSecrets -}} - {{- range .context.Values.global.images.pullSecrets -}} - {{- $flatlist = append $flatlist . -}} - {{- end -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- range .pullSecrets -}} - {{- if not (empty .) -}} - {{- range . -}} - {{- $flatlist = append $flatlist . -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if $flatlist -}} - {{- toYaml $flatlist -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_labels.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_labels.tpl deleted file mode 100644 index b02594828..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -This will render the labels that should be used in all the manifests used by the helm chart. -*/}} -{{- define "newrelic.common.labels" -}} -{{- $global := index .Values "global" | default dict -}} - -{{- $chart := dict "helm.sh/chart" (include "newrelic.common.naming.chart" . ) -}} -{{- $managedBy := dict "app.kubernetes.io/managed-by" .Release.Service -}} -{{- $selectorLabels := fromYaml (include "newrelic.common.labels.selectorLabels" . ) -}} - -{{- $labels := mustMergeOverwrite $chart $managedBy $selectorLabels -}} -{{- if .Chart.AppVersion -}} -{{- $labels = mustMergeOverwrite $labels (dict "app.kubernetes.io/version" .Chart.AppVersion) -}} -{{- end -}} - -{{- $globalUserLabels := $global.labels | default dict -}} -{{- $localUserLabels := .Values.labels | default dict -}} - -{{- $labels = mustMergeOverwrite $labels $globalUserLabels $localUserLabels -}} - -{{- toYaml $labels -}} -{{- end -}} - - - -{{/* -This will render the labels that should be used in deployments/daemonsets template pods as a selector. -*/}} -{{- define "newrelic.common.labels.selectorLabels" -}} -{{- $name := dict "app.kubernetes.io/name" ( include "newrelic.common.naming.name" . ) -}} -{{- $instance := dict "app.kubernetes.io/instance" .Release.Name -}} - -{{- $selectorLabels := mustMergeOverwrite $name $instance -}} - -{{- toYaml $selectorLabels -}} -{{- end }} - - - -{{/* -Pod labels -*/}} -{{- define "newrelic.common.labels.podLabels" -}} -{{- $selectorLabels := fromYaml (include "newrelic.common.labels.selectorLabels" . ) -}} - -{{- $global := index .Values "global" | default dict -}} -{{- $globalPodLabels := $global.podLabels | default dict }} - -{{- $localPodLabels := .Values.podLabels | default dict }} - -{{- $podLabels := mustMergeOverwrite $selectorLabels $globalPodLabels $localPodLabels -}} - -{{- toYaml $podLabels -}} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_license.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_license.tpl deleted file mode 100644 index d1ec88e49..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_license.tpl +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -Return the name of the secret holding the License Key. -*/}} -{{- define "newrelic.common.license.secretName" -}} -{{ include "newrelic.common.license._customSecretName" . | default (printf "%s-license" (include "newrelic.common.naming.fullname" . )) }} -{{- end -}} - -{{/* -Return the name key for the License Key inside the secret. -*/}} -{{- define "newrelic.common.license.secretKeyName" -}} -{{ include "newrelic.common.license._customSecretKey" . | default "licenseKey" }} -{{- end -}} - -{{/* -Return local licenseKey if set, global otherwise. -This helper is for internal use. -*/}} -{{- define "newrelic.common.license._licenseKey" -}} -{{- if .Values.licenseKey -}} - {{- .Values.licenseKey -}} -{{- else if .Values.global -}} - {{- if .Values.global.licenseKey -}} - {{- .Values.global.licenseKey -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the name of the secret holding the License Key. -This helper is for internal use. -*/}} -{{- define "newrelic.common.license._customSecretName" -}} -{{- if .Values.customSecretName -}} - {{- .Values.customSecretName -}} -{{- else if .Values.global -}} - {{- if .Values.global.customSecretName -}} - {{- .Values.global.customSecretName -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the name key for the License Key inside the secret. -This helper is for internal use. -*/}} -{{- define "newrelic.common.license._customSecretKey" -}} -{{- if .Values.customSecretLicenseKey -}} - {{- .Values.customSecretLicenseKey -}} -{{- else if .Values.global -}} - {{- if .Values.global.customSecretLicenseKey }} - {{- .Values.global.customSecretLicenseKey -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_license_secret.yaml.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_license_secret.yaml.tpl deleted file mode 100644 index 610a0a337..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_license_secret.yaml.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Renders the license key secret if user has not specified a custom secret. -*/}} -{{- define "newrelic.common.license.secret" }} -{{- if not (include "newrelic.common.license._customSecretName" .) }} -{{- /* Fail if licenseKey is empty and required: */ -}} -{{- if not (include "newrelic.common.license._licenseKey" .) }} - {{- fail "You must specify a licenseKey or a customSecretName containing it" }} -{{- end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "newrelic.common.license.secretName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -data: - {{ include "newrelic.common.license.secretKeyName" . }}: {{ include "newrelic.common.license._licenseKey" . | b64enc }} -{{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_low-data-mode.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_low-data-mode.tpl deleted file mode 100644 index 3dd55ef2f..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_low-data-mode.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{- /* -Abstraction of the lowDataMode toggle. -This helper allows to override the global `.global.lowDataMode` with the value of `.lowDataMode`. -Returns "true" if `lowDataMode` is enabled, otherwise "" (empty string) -*/ -}} -{{- define "newrelic.common.lowDataMode" -}} -{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}} -{{- if (get .Values "lowDataMode" | kindIs "bool") -}} - {{- if .Values.lowDataMode -}} - {{- /* - We want only to return when this is true, returning `false` here will template "false" (string) when doing - an `(include "newrelic.common.lowDataMode" .)`, which is not an "empty string" so it is `true` if it is used - as an evaluation somewhere else. - */ -}} - {{- .Values.lowDataMode -}} - {{- end -}} -{{- else -}} -{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}} -{{- $global := index .Values "global" | default dict -}} -{{- if get $global "lowDataMode" | kindIs "bool" -}} - {{- if $global.lowDataMode -}} - {{- $global.lowDataMode -}} - {{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_naming.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_naming.tpl deleted file mode 100644 index 19fa92648..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_naming.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -This is an function to be called directly with a string just to truncate strings to -63 chars because some Kubernetes name fields are limited to that. -*/}} -{{- define "newrelic.common.naming.truncateToDNS" -}} -{{- . | trunc 63 | trimSuffix "-" }} -{{- end }} - - - -{{- /* -Given a name and a suffix returns a 'DNS Valid' which always include the suffix, truncating the name if needed. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If suffix is too long it gets truncated but it always takes precedence over name, so a 63 chars suffix would suppress the name. -Usage: -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" ( dict "name" "" "suffix" "my-suffix" ) }} -*/ -}} -{{- define "newrelic.common.naming.truncateToDNSWithSuffix" -}} -{{- $suffix := (include "newrelic.common.naming.truncateToDNS" .suffix) -}} -{{- $maxLen := (max (sub 63 (add1 (len $suffix))) 0) -}} {{- /* We prepend "-" to the suffix so an additional character is needed */ -}} - -{{- $newName := .name | trunc ($maxLen | int) | trimSuffix "-" -}} -{{- if $newName -}} -{{- printf "%s-%s" $newName $suffix -}} -{{- else -}} -{{ $suffix }} -{{- end -}} - -{{- end -}} - - - -{{/* -Expand the name of the chart. -Uses the Chart name by default if nameOverride is not set. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "newrelic.common.naming.name" -}} -{{- $name := .Values.nameOverride | default .Chart.Name -}} -{{- include "newrelic.common.naming.truncateToDNS" $name -}} -{{- end }} - - - -{{/* -Create a default fully qualified app name. -By default the full name will be "" just in if it has the chart name included in that, if not -it will be concatenated like "-". This could change if fullnameOverride or -nameOverride are set. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "newrelic.common.naming.fullname" -}} -{{- $name := include "newrelic.common.naming.name" . -}} - -{{- if .Values.fullnameOverride -}} - {{- $name = .Values.fullnameOverride -}} -{{- else if not (contains $name .Release.Name) -}} - {{- $name = printf "%s-%s" .Release.Name $name -}} -{{- end -}} - -{{- include "newrelic.common.naming.truncateToDNS" $name -}} - -{{- end -}} - - - -{{/* -Create chart name and version as used by the chart label. -This function should not be used for naming objects. Use "common.naming.{name,fullname}" instead. -*/}} -{{- define "newrelic.common.naming.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_nodeselector.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_nodeselector.tpl deleted file mode 100644 index d48887341..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_nodeselector.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{- /* Defines the Pod nodeSelector */ -}} -{{- define "newrelic.common.nodeSelector" -}} - {{- if .Values.nodeSelector -}} - {{- toYaml .Values.nodeSelector -}} - {{- else if .Values.global -}} - {{- if .Values.global.nodeSelector -}} - {{- toYaml .Values.global.nodeSelector -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_priority-class-name.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_priority-class-name.tpl deleted file mode 100644 index 50182b734..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_priority-class-name.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{- /* Defines the pod priorityClassName */ -}} -{{- define "newrelic.common.priorityClassName" -}} - {{- if .Values.priorityClassName -}} - {{- .Values.priorityClassName -}} - {{- else if .Values.global -}} - {{- if .Values.global.priorityClassName -}} - {{- .Values.global.priorityClassName -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_privileged.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_privileged.tpl deleted file mode 100644 index f3ae814dd..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_privileged.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{- /* -This is a helper that returns whether the chart should assume the user is fine deploying privileged pods. -*/ -}} -{{- define "newrelic.common.privileged" -}} -{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists. */ -}} -{{- $global := index .Values "global" | default dict -}} -{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}} -{{- if get .Values "privileged" | kindIs "bool" -}} - {{- if .Values.privileged -}} - {{- .Values.privileged -}} - {{- end -}} -{{- else if get $global "privileged" | kindIs "bool" -}} - {{- if $global.privileged -}} - {{- $global.privileged -}} - {{- end -}} -{{- end -}} -{{- end -}} - - - -{{- /* Return directly "true" or "false" based in the exist of "newrelic.common.privileged" */ -}} -{{- define "newrelic.common.privileged.value" -}} -{{- if include "newrelic.common.privileged" . -}} -true -{{- else -}} -false -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_proxy.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_proxy.tpl deleted file mode 100644 index 60f34c7ec..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_proxy.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{- /* Defines the proxy */ -}} -{{- define "newrelic.common.proxy" -}} - {{- if .Values.proxy -}} - {{- .Values.proxy -}} - {{- else if .Values.global -}} - {{- if .Values.global.proxy -}} - {{- .Values.global.proxy -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_security-context.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_security-context.tpl deleted file mode 100644 index 9edfcabfd..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_security-context.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{- /* Defines the container securityContext context */ -}} -{{- define "newrelic.common.securityContext.container" -}} -{{- $global := index .Values "global" | default dict -}} - -{{- if .Values.containerSecurityContext -}} - {{- toYaml .Values.containerSecurityContext -}} -{{- else if $global.containerSecurityContext -}} - {{- toYaml $global.containerSecurityContext -}} -{{- end -}} -{{- end -}} - - - -{{- /* Defines the pod securityContext context */ -}} -{{- define "newrelic.common.securityContext.pod" -}} -{{- $global := index .Values "global" | default dict -}} - -{{- if .Values.podSecurityContext -}} - {{- toYaml .Values.podSecurityContext -}} -{{- else if $global.podSecurityContext -}} - {{- toYaml $global.podSecurityContext -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_serviceaccount.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_serviceaccount.tpl deleted file mode 100644 index 2d352f6ea..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_serviceaccount.tpl +++ /dev/null @@ -1,90 +0,0 @@ -{{- /* Defines if the service account has to be created or not */ -}} -{{- define "newrelic.common.serviceAccount.create" -}} -{{- $valueFound := false -}} - -{{- /* Look for a global creation of a service account */ -}} -{{- if get .Values "serviceAccount" | kindIs "map" -}} - {{- if (get .Values.serviceAccount "create" | kindIs "bool") -}} - {{- $valueFound = true -}} - {{- if .Values.serviceAccount.create -}} - {{- /* - We want only to return when this is true, returning `false` here will template "false" (string) when doing - an `(include "newrelic.common.serviceAccount.name" .)`, which is not an "empty string" so it is `true` if it is used - as an evaluation somewhere else. - */ -}} - {{- .Values.serviceAccount.create -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{- /* Look for a local creation of a service account */ -}} -{{- if not $valueFound -}} - {{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}} - {{- $global := index .Values "global" | default dict -}} - {{- if get $global "serviceAccount" | kindIs "map" -}} - {{- if get $global.serviceAccount "create" | kindIs "bool" -}} - {{- $valueFound = true -}} - {{- if $global.serviceAccount.create -}} - {{- $global.serviceAccount.create -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{- /* In case no serviceAccount value has been found, default to "true" */ -}} -{{- if not $valueFound -}} -true -{{- end -}} -{{- end -}} - - - -{{- /* Defines the name of the service account */ -}} -{{- define "newrelic.common.serviceAccount.name" -}} -{{- $localServiceAccount := "" -}} -{{- if get .Values "serviceAccount" | kindIs "map" -}} - {{- if (get .Values.serviceAccount "name" | kindIs "string") -}} - {{- $localServiceAccount = .Values.serviceAccount.name -}} - {{- end -}} -{{- end -}} - -{{- $globalServiceAccount := "" -}} -{{- $global := index .Values "global" | default dict -}} -{{- if get $global "serviceAccount" | kindIs "map" -}} - {{- if get $global.serviceAccount "name" | kindIs "string" -}} - {{- $globalServiceAccount = $global.serviceAccount.name -}} - {{- end -}} -{{- end -}} - -{{- if (include "newrelic.common.serviceAccount.create" .) -}} - {{- $localServiceAccount | default $globalServiceAccount | default (include "newrelic.common.naming.fullname" .) -}} -{{- else -}} - {{- $localServiceAccount | default $globalServiceAccount | default "default" -}} -{{- end -}} -{{- end -}} - - - -{{- /* Merge the global and local annotations for the service account */ -}} -{{- define "newrelic.common.serviceAccount.annotations" -}} -{{- $localServiceAccount := dict -}} -{{- if get .Values "serviceAccount" | kindIs "map" -}} - {{- if get .Values.serviceAccount "annotations" -}} - {{- $localServiceAccount = .Values.serviceAccount.annotations -}} - {{- end -}} -{{- end -}} - -{{- $globalServiceAccount := dict -}} -{{- $global := index .Values "global" | default dict -}} -{{- if get $global "serviceAccount" | kindIs "map" -}} - {{- if get $global.serviceAccount "annotations" -}} - {{- $globalServiceAccount = $global.serviceAccount.annotations -}} - {{- end -}} -{{- end -}} - -{{- $merged := mustMergeOverwrite $globalServiceAccount $localServiceAccount -}} - -{{- if $merged -}} - {{- toYaml $merged -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_staging.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_staging.tpl deleted file mode 100644 index bd9ad09bb..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_staging.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{- /* -Abstraction of the nrStaging toggle. -This helper allows to override the global `.global.nrStaging` with the value of `.nrStaging`. -Returns "true" if `nrStaging` is enabled, otherwise "" (empty string) -*/ -}} -{{- define "newrelic.common.nrStaging" -}} -{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}} -{{- if (get .Values "nrStaging" | kindIs "bool") -}} - {{- if .Values.nrStaging -}} - {{- /* - We want only to return when this is true, returning `false` here will template "false" (string) when doing - an `(include "newrelic.common.nrStaging" .)`, which is not an "empty string" so it is `true` if it is used - as an evaluation somewhere else. - */ -}} - {{- .Values.nrStaging -}} - {{- end -}} -{{- else -}} -{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}} -{{- $global := index .Values "global" | default dict -}} -{{- if get $global "nrStaging" | kindIs "bool" -}} - {{- if $global.nrStaging -}} - {{- $global.nrStaging -}} - {{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - - - -{{- /* -Returns "true" of "false" directly instead of empty string (Helm falsiness) based on the exit of "newrelic.common.nrStaging" -*/ -}} -{{- define "newrelic.common.nrStaging.value" -}} -{{- if include "newrelic.common.nrStaging" . -}} -true -{{- else -}} -false -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_tolerations.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_tolerations.tpl deleted file mode 100644 index e016b38e2..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_tolerations.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{- /* Defines the Pod tolerations */ -}} -{{- define "newrelic.common.tolerations" -}} - {{- if .Values.tolerations -}} - {{- toYaml .Values.tolerations -}} - {{- else if .Values.global -}} - {{- if .Values.global.tolerations -}} - {{- toYaml .Values.global.tolerations -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/templates/_verbose-log.tpl b/addons/nri-bundle-deprecated/charts/common/templates/_verbose-log.tpl deleted file mode 100644 index 2286d4681..000000000 --- a/addons/nri-bundle-deprecated/charts/common/templates/_verbose-log.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{- /* -Abstraction of the verbose toggle. -This helper allows to override the global `.global.verboseLog` with the value of `.verboseLog`. -Returns "true" if `verbose` is enabled, otherwise "" (empty string) -*/ -}} -{{- define "newrelic.common.verboseLog" -}} -{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}} -{{- if (get .Values "verboseLog" | kindIs "bool") -}} - {{- if .Values.verboseLog -}} - {{- /* - We want only to return when this is true, returning `false` here will template "false" (string) when doing - an `(include "newrelic.common.verboseLog" .)`, which is not an "empty string" so it is `true` if it is used - as an evaluation somewhere else. - */ -}} - {{- .Values.verboseLog -}} - {{- end -}} -{{- else -}} -{{- /* This allows us to use `$global` as an empty dict directly in case `Values.global` does not exists */ -}} -{{- $global := index .Values "global" | default dict -}} -{{- if get $global "verboseLog" | kindIs "bool" -}} - {{- if $global.verboseLog -}} - {{- $global.verboseLog -}} - {{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - - - -{{- /* -Abstraction of the verbose toggle. -This helper abstracts the function "newrelic.common.verboseLog" to return true or false directly. -*/ -}} -{{- define "newrelic.common.verboseLog.valueAsBoolean" -}} -{{- if include "newrelic.common.verboseLog" . -}} -true -{{- else -}} -false -{{- end -}} -{{- end -}} - - - -{{- /* -Abstraction of the verbose toggle. -This helper abstracts the function "newrelic.common.verboseLog" to return 1 or 0 directly. -*/ -}} -{{- define "newrelic.common.verboseLog.valueAsInt" -}} -{{- if include "newrelic.common.verboseLog" . -}} -1 -{{- else -}} -0 -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/common/values.yaml b/addons/nri-bundle-deprecated/charts/common/values.yaml deleted file mode 100644 index 75e2d112a..000000000 --- a/addons/nri-bundle-deprecated/charts/common/values.yaml +++ /dev/null @@ -1 +0,0 @@ -# values are not needed for the library chart, however this file is still needed for helm lint to work. diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/.helmignore b/addons/nri-bundle-deprecated/charts/kube-state-metrics/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/Chart.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/Chart.yaml deleted file mode 100644 index bc9bfeeea..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: kube-state-metrics -description: Install kube-state-metrics to generate and expose cluster-level metrics -keywords: -- metric -- monitoring -- prometheus -- kubernetes -type: application -version: 5.6.2 -appVersion: 2.8.2 -home: https://github.com/kubernetes/kube-state-metrics/ -sources: -- https://github.com/kubernetes/kube-state-metrics/ -maintainers: -- name: tariq1890 - email: tariq.ibrahim@mulesoft.com -- name: mrueg - email: manuel@rueg.eu -- name: dotdc - email: david@0xdc.me diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/README.md b/addons/nri-bundle-deprecated/charts/kube-state-metrics/README.md deleted file mode 100644 index 843be89e6..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# kube-state-metrics Helm Chart - -Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Get Repository Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - - -## Install Chart - -```console -helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] -``` - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics - -You can upgrade in-place: - -1. [get repository info](#get-repository-info) -1. [upgrade](#upgrading-chart) your existing release name using the new chart repository - -## Upgrading to v3.0.0 - -v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. - -The upgraded chart now the following changes: - -* Dropped support for helm v2 (helm v3 or later is required) -* collectors key was renamed to resources -* namespace key was renamed to namespaces - -## Configuration - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: - -```console -helm show values prometheus-community/kube-state-metrics -``` - -### kube-rbac-proxy - -You can enable `kube-state-metrics` endpoint protection using `kube-rbac-proxy`. By setting `kubeRBACProxy.enabled: true`, this chart will deploy one RBAC proxy container per endpoint (metrics & telemetry). -To authorize access, authenticate your requests (via a `ServiceAccount` for example) with a `ClusterRole` attached such as: - -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kube-state-metrics-read -rules: - - apiGroups: [ "" ] - resources: ["services/kube-state-metrics"] - verbs: - - get -``` - -See [kube-rbac-proxy examples](https://github.com/brancz/kube-rbac-proxy/tree/master/examples/resource-attributes) for more details. diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/NOTES.txt b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100644 index 3589c24ec..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,23 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - -{{- if .Values.kubeRBACProxy.enabled}} - -kube-rbac-proxy endpoint protections is enabled: -- Metrics endpoints are now HTTPS -- Ensure that the client authenticates the requests (e.g. via service account) with the following role permissions: -``` -rules: - - apiGroups: [ "" ] - resources: ["services/{{ template "kube-state-metrics.fullname" . }}"] - verbs: - - get -``` -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/_helpers.tpl b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100644 index a4358c87a..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,156 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kube-state-metrics.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate basic labels -*/}} -{{- define "kube-state-metrics.labels" }} -helm.sh/chart: {{ template "kube-state-metrics.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: metrics -app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }} -{{- include "kube-state-metrics.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels }} -{{- end }} -{{- if .Values.releaseLabel }} -release: {{ .Release.Name }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kube-state-metrics.selectorLabels" }} -{{- if .Values.selectorOverride }} -{{ toYaml .Values.selectorOverride }} -{{- else }} -app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} -{{- end }} - -{{/* Sets default scrape limits for servicemonitor */}} -{{- define "servicemonitor.scrapeLimits" -}} -{{- with .sampleLimit }} -sampleLimit: {{ . }} -{{- end }} -{{- with .targetLimit }} -targetLimit: {{ . }} -{{- end }} -{{- with .labelLimit }} -labelLimit: {{ . }} -{{- end }} -{{- with .labelNameLengthLimit }} -labelNameLengthLimit: {{ . }} -{{- end }} -{{- with .labelValueLengthLimit }} -labelValueLengthLimit: {{ . }} -{{- end }} -{{- end -}} - -{{/* -Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{specific imagePullSecrets}) -*/}} -{{- define "kube-state-metrics.imagePullSecrets" -}} -{{- range (concat .Values.global.imagePullSecrets .imagePullSecrets) }} - {{- if eq (typeOf .) "map[string]interface {}" }} -- {{ toYaml . | trim }} - {{- else }} -- name: {{ . }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -The image to use for kube-state-metrics -*/}} -{{- define "kube-state-metrics.image" -}} -{{- if .Values.image.sha }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} -{{- else }} -{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} -{{- end }} -{{- else }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- else }} -{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -The image to use for kubeRBACProxy -*/}} -{{- define "kubeRBACProxy.image" -}} -{{- if .Values.kubeRBACProxy.image.sha }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }} -{{- else }} -{{- printf "%s/%s:%s@%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) .Values.kubeRBACProxy.image.sha }} -{{- end }} -{{- else }} -{{- if .Values.global.imageRegistry }} -{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }} -{{- else }} -{{- printf "%s/%s:%s" .Values.kubeRBACProxy.image.registry .Values.kubeRBACProxy.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.kubeRBACProxy.image.tag) }} -{{- end }} -{{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml deleted file mode 100644 index 025cd47a8..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }} -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - {{- if .Values.annotations }} - annotations: - {{ toYaml .Values.annotations | nindent 4 }} - {{- end }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -spec: - endpointSelector: - matchLabels: - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - egress: - {{- if and .Values.networkPolicy.cilium .Values.networkPolicy.cilium.kubeApiServerSelector }} - {{ toYaml .Values.networkPolicy.cilium.kubeApiServerSelector | nindent 6 }} - {{- else }} - - toEntities: - - kube-apiserver - {{- end }} - ingress: - - toPorts: - - ports: - - port: {{ .Values.service.port | quote }} - protocol: TCP - {{- if .Values.selfMonitor.enabled }} - - port: {{ .Values.selfMonitor.telemetryPort | default 8081 | quote }} - protocol: TCP - {{ end }} -{{ end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100644 index cf9f628d0..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- if .Values.rbac.useExistingRole }} - name: {{ .Values.rbac.useExistingRole }} -{{- else }} - name: {{ template "kube-state-metrics.fullname" . }} -{{- end }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/deployment.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100644 index cd1dc4656..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,265 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- if .Values.annotations }} - annotations: -{{ toYaml .Values.annotations | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - replicas: {{ .Values.replicas }} - {{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] - {{- end }} - template: - metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 8 }} - {{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - containers: - {{- $httpPort := ternary 9090 (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}} - {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} - - name: {{ template "kube-state-metrics.name" . }} - {{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - args: - {{- if .Values.extraArgs }} - {{- .Values.extraArgs | toYaml | nindent 8 }} - {{- end }} - - --port={{ $httpPort }} - {{- if .Values.collectors }} - - --resources={{ .Values.collectors | join "," }} - {{- end }} - {{- if .Values.metricLabelsAllowlist }} - - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }} - {{- end }} - {{- if .Values.metricAnnotationsAllowList }} - - --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }} - {{- end }} - {{- if .Values.metricAllowlist }} - - --metric-allowlist={{ .Values.metricAllowlist | join "," }} - {{- end }} - {{- if .Values.metricDenylist }} - - --metric-denylist={{ .Values.metricDenylist | join "," }} - {{- end }} - {{- $namespaces := list }} - {{- if .Values.namespaces }} - {{- range $ns := join "," .Values.namespaces | split "," }} - {{- $namespaces = append $namespaces (tpl $ns $) }} - {{- end }} - {{- end }} - {{- if .Values.releaseNamespace }} - {{- $namespaces = append $namespaces ( include "kube-state-metrics.namespace" . ) }} - {{- end }} - {{- if $namespaces }} - - --namespaces={{ $namespaces | mustUniq | join "," }} - {{- end }} - {{- if .Values.namespacesDenylist }} - - --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }} - {{- end }} - {{- if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - {{- end }} - {{- if .Values.kubeconfig.enabled }} - - --kubeconfig=/opt/k8s/.kube/config - {{- end }} - {{- if .Values.kubeRBACProxy.enabled }} - - --telemetry-host=127.0.0.1 - - --telemetry-port={{ $telemetryPort }} - {{- else }} - {{- if .Values.selfMonitor.telemetryHost }} - - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} - {{- end }} - {{- if .Values.selfMonitor.telemetryPort }} - - --telemetry-port={{ $telemetryPort }} - {{- end }} - {{- end }} - {{- if or (.Values.kubeconfig.enabled) (.Values.volumeMounts) }} - volumeMounts: - {{- if .Values.kubeconfig.enabled }} - - name: kubeconfig - mountPath: /opt/k8s/.kube/ - readOnly: true - {{- end }} - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 8 }} - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: {{ include "kube-state-metrics.image" . }} - {{- if eq .Values.kubeRBACProxy.enabled false }} - ports: - - containerPort: {{ .Values.service.port | default 8080}} - name: "http" - {{- if .Values.selfMonitor.enabled }} - - containerPort: {{ $telemetryPort }} - name: "metrics" - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: {{ $httpPort }} - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: {{ $httpPort }} - initialDelaySeconds: 5 - timeoutSeconds: 5 - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.containerSecurityContext }} - securityContext: -{{ toYaml .Values.containerSecurityContext | indent 10 }} -{{- end }} - {{- if .Values.kubeRBACProxy.enabled }} - - name: kube-rbac-proxy-http - args: - {{- if .Values.kubeRBACProxy.extraArgs }} - {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} - {{- end }} - - --secure-listen-address=:{{ .Values.service.port | default 8080}} - - --upstream=http://127.0.0.1:{{ $httpPort }}/ - - --proxy-endpoints-port=8888 - - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml - volumeMounts: - - name: kube-rbac-proxy-config - mountPath: /etc/kube-rbac-proxy-config - {{- with .Values.kubeRBACProxy.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} - image: {{ include "kubeRBACProxy.image" . }} - ports: - - containerPort: {{ .Values.service.port | default 8080}} - name: "http" - - containerPort: 8888 - name: "http-healthz" - readinessProbe: - httpGet: - scheme: HTTPS - port: 8888 - path: healthz - initialDelaySeconds: 5 - timeoutSeconds: 5 - {{- if .Values.kubeRBACProxy.resources }} - resources: -{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }} -{{- end }} -{{- if .Values.kubeRBACProxy.containerSecurityContext }} - securityContext: -{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }} -{{- end }} - {{- if .Values.selfMonitor.enabled }} - - name: kube-rbac-proxy-telemetry - args: - {{- if .Values.kubeRBACProxy.extraArgs }} - {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} - {{- end }} - - --secure-listen-address=:{{ .Values.selfMonitor.telemetryPort | default 8081 }} - - --upstream=http://127.0.0.1:{{ $telemetryPort }}/ - - --proxy-endpoints-port=8889 - - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml - volumeMounts: - - name: kube-rbac-proxy-config - mountPath: /etc/kube-rbac-proxy-config - {{- with .Values.kubeRBACProxy.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} - image: {{ include "kubeRBACProxy.image" . }} - ports: - - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - name: "metrics" - - containerPort: 8889 - name: "metrics-healthz" - readinessProbe: - httpGet: - scheme: HTTPS - port: 8889 - path: healthz - initialDelaySeconds: 5 - timeoutSeconds: 5 - {{- if .Values.kubeRBACProxy.resources }} - resources: -{{ toYaml .Values.kubeRBACProxy.resources | indent 10 }} -{{- end }} -{{- if .Values.kubeRBACProxy.containerSecurityContext }} - securityContext: -{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | indent 10 }} -{{- end }} - {{- end }} - {{- end }} -{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.imagePullSecrets) | indent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml .Values.topologySpreadConstraints | indent 8 }} - {{- end }} - {{- if or (.Values.kubeconfig.enabled) (.Values.volumes) (.Values.kubeRBACProxy.enabled) }} - volumes: - {{- if .Values.kubeconfig.enabled}} - - name: kubeconfig - secret: - secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig - {{- end }} - {{- if .Values.kubeRBACProxy.enabled}} - - name: kube-rbac-proxy-config - configMap: - name: {{ template "kube-state-metrics.fullname" . }}-rbac-config - {{- end }} - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/kubeconfig-secret.yaml deleted file mode 100644 index 6af008450..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/kubeconfig-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.kubeconfig.enabled -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -type: Opaque -data: - config: '{{ .Values.kubeconfig.secret }}' -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/networkpolicy.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/networkpolicy.yaml deleted file mode 100644 index 309b38ec5..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/networkpolicy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "kubernetes") }} -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - {{- if .Values.annotations }} - annotations: - {{ toYaml .Values.annotations | nindent 4 }} - {{- end }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -spec: - {{- if .Values.networkPolicy.egress }} - ## Deny all egress by default - egress: - {{- toYaml .Values.networkPolicy.egress | nindent 4 }} - {{- end }} - ingress: - {{- if .Values.networkPolicy.ingress }} - {{- toYaml .Values.networkPolicy.ingress | nindent 4 }} - {{- else }} - ## Allow ingress on default ports by default - - ports: - - port: {{ .Values.service.port | default 8080 }} - protocol: TCP - {{- if .Values.selfMonitor.enabled }} - {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} - - port: {{ $telemetryPort }} - protocol: TCP - {{- end }} - {{- end }} - podSelector: - {{- if .Values.networkPolicy.podSelector }} - {{- toYaml .Values.networkPolicy.podSelector | nindent 4 }} - {{- else }} - matchLabels: - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - {{- end }} - policyTypes: - - Ingress - - Egress -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/pdb.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/pdb.yaml deleted file mode 100644 index 3771b511d..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/pdb.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} -apiVersion: policy/v1 -{{- else -}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100644 index 8905e113e..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' -{{- if .Values.podSecurityPolicy.additionalVolumes }} -{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index 654e4a3d5..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 5b62a18bd..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rbac-configmap.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rbac-configmap.yaml deleted file mode 100644 index 812c13b87..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rbac-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.kubeRBACProxy.enabled}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kube-state-metrics.fullname" . }}-rbac-config -data: - config-file.yaml: |+ - authorization: - resourceAttributes: - namespace: {{ template "kube-state-metrics.namespace" . }} - apiVersion: v1 - resource: services - subresource: {{ template "kube-state-metrics.fullname" . }} - name: {{ template "kube-state-metrics.fullname" . }} -{{- end }} \ No newline at end of file diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/role.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/role.yaml deleted file mode 100644 index 24c057da1..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/role.yaml +++ /dev/null @@ -1,206 +0,0 @@ -{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} -{{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if eq $.Values.rbac.useClusterRole false }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - labels: - {{- include "kube-state-metrics.labels" $ | indent 4 }} - name: {{ template "kube-state-metrics.fullname" $ }} -{{- if eq $.Values.rbac.useClusterRole false }} - namespace: {{ . }} -{{- end }} -rules: -{{ if has "certificatesigningrequests" $.Values.collectors }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if has "configmaps" $.Values.collectors }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if has "cronjobs" $.Values.collectors }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if has "daemonsets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "deployments" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if has "endpoints" $.Values.collectors }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if has "horizontalpodautoscalers" $.Values.collectors }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if has "ingresses" $.Values.collectors }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if has "jobs" $.Values.collectors }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if has "leases" $.Values.collectors }} -- apiGroups: ["coordination.k8s.io"] - resources: - - leases - verbs: ["list", "watch"] -{{ end -}} -{{ if has "limitranges" $.Values.collectors }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if has "mutatingwebhookconfigurations" $.Values.collectors }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if has "namespaces" $.Values.collectors }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if has "networkpolicies" $.Values.collectors }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if has "nodes" $.Values.collectors }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if has "persistentvolumeclaims" $.Values.collectors }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if has "persistentvolumes" $.Values.collectors }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if has "poddisruptionbudgets" $.Values.collectors }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "pods" $.Values.collectors }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if has "replicasets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "replicationcontrollers" $.Values.collectors }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if has "resourcequotas" $.Values.collectors }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if has "secrets" $.Values.collectors }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "services" $.Values.collectors }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if has "statefulsets" $.Values.collectors }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "storageclasses" $.Values.collectors }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if has "validatingwebhookconfigurations" $.Values.collectors }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if has "volumeattachments" $.Values.collectors }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{ if has "verticalpodautoscalers" $.Values.collectors }} -- apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{- if $.Values.kubeRBACProxy.enabled }} -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] -{{- end }} -{{ if $.Values.rbac.extraRules }} -{{ toYaml $.Values.rbac.extraRules }} -{{ end }} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rolebinding.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rolebinding.yaml deleted file mode 100644 index 330651b73..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/rolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} -{{- range (join "," $.Values.namespaces) | split "," }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" $ | indent 4 }} - name: {{ template "kube-state-metrics.fullname" $ }} - namespace: {{ . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role -{{- if (not $.Values.rbac.useExistingRole) }} - name: {{ template "kube-state-metrics.fullname" $ }} -{{- else }} - name: {{ $.Values.rbac.useExistingRole }} -{{- end }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" $ }} - namespace: {{ template "kube-state-metrics.namespace" $ }} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/service.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/service.yaml deleted file mode 100644 index 6c486a662..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port | default 8080}} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: {{ .Values.service.port | default 8080}} - {{ if .Values.selfMonitor.enabled }} - - name: "metrics" - protocol: TCP - port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - {{- if .Values.selfMonitor.telemetryNodePort }} - nodePort: {{ .Values.selfMonitor.telemetryNodePort }} - {{- end }} - {{ end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- if .Values.autosharding.enabled }} - clusterIP: None -{{- else if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} - selector: - {{- include "kube-state-metrics.selectorLabels" . | indent 4 }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/serviceaccount.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100644 index a7ff4dd3d..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.serviceAccount.annotations | indent 4 }} -{{- end }} -imagePullSecrets: - {{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.serviceAccount.imagePullSecrets) | indent 2 }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/servicemonitor.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100644 index e2173d8ed..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- with .Values.prometheus.monitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.prometheus.monitor.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }} - {{- with .Values.prometheus.monitor.targetLabels }} - targetLabels: - {{- toYaml . | trim | nindent 4 }} - {{- end }} - {{- with .Values.prometheus.monitor.podTargetLabels }} - podTargetLabels: - {{- toYaml . | trim | nindent 4 }} - {{- end }} - {{- include "servicemonitor.scrapeLimits" .Values.prometheus.monitor | indent 2 }} - selector: - matchLabels: - {{- with .Values.prometheus.monitor.selectorOverride }} - {{- toYaml . | nindent 6 }} - {{- else }} - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - {{- end }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.interval }} - interval: {{ .Values.prometheus.monitor.interval }} - {{- end }} - {{- if .Values.prometheus.monitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} - {{- end }} - {{- if .Values.prometheus.monitor.proxyUrl }} - proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} - {{- end }} - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.prometheus.monitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.scheme }} - scheme: {{ .Values.prometheus.monitor.scheme }} - {{- end }} - {{- if .Values.prometheus.monitor.tlsConfig }} - tlsConfig: - {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.bearerTokenFile }} - bearerTokenFile: {{ .Values.prometheus.monitor.bearerTokenFile }} - {{- end }} - {{- with .Values.prometheus.monitor.bearerTokenSecret }} - bearerTokenSecret: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.selfMonitor.enabled }} - - port: metrics - {{- if .Values.prometheus.monitor.interval }} - interval: {{ .Values.prometheus.monitor.interval }} - {{- end }} - {{- if .Values.prometheus.monitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} - {{- end }} - {{- if .Values.prometheus.monitor.proxyUrl }} - proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} - {{- end }} - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.prometheus.monitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.scheme }} - scheme: {{ .Values.prometheus.monitor.scheme }} - {{- end }} - {{- if .Values.prometheus.monitor.tlsConfig }} - tlsConfig: - {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100644 index 489de147c..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} - resources: - - statefulsets - verbs: - - get - - list - - watch -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100644 index 73b37a4f6..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml deleted file mode 100644 index e825e5c86..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.verticalPodAutoscaler.enabled) }} -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -spec: - resourcePolicy: - containerPolicies: - - containerName: {{ template "kube-state-metrics.name" . }} - {{- if .Values.verticalPodAutoscaler.controlledResources }} - controlledResources: {{ .Values.verticalPodAutoscaler.controlledResources }} - {{- end }} - {{- if .Values.verticalPodAutoscaler.maxAllowed }} - maxAllowed: - {{ toYaml .Values.verticalPodAutoscaler.maxAllowed | nindent 8 }} - {{- end }} - {{- if .Values.verticalPodAutoscaler.minAllowed }} - minAllowed: - {{ toYaml .Values.verticalPodAutoscaler.minAllowed | nindent 8 }} - {{- end }} - targetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "kube-state-metrics.fullname" . }} - {{- if .Values.verticalPodAutoscaler.updatePolicy }} - updatePolicy: - {{- if .Values.verticalPodAutoscaler.updatePolicy.updateMode }} - updateMode: {{ .Values.verticalPodAutoscaler.updatePolicy.updateMode }} - {{- end }} - {{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/kube-state-metrics/values.yaml b/addons/nri-bundle-deprecated/charts/kube-state-metrics/values.yaml deleted file mode 100644 index c02b89708..000000000 --- a/addons/nri-bundle-deprecated/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,410 +0,0 @@ -# Default values for kube-state-metrics. -prometheusScrape: true -image: - registry: registry.k8s.io - repository: kube-state-metrics/kube-state-metrics - # If unset use v + .Charts.appVersion - tag: "" - sha: "" - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -global: - # To help compatibility with other charts which use global.imagePullSecrets. - # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). - # global: - # imagePullSecrets: - # - name: pullSecret1 - # - name: pullSecret2 - # or - # global: - # imagePullSecrets: - # - pullSecret1 - # - pullSecret2 - imagePullSecrets: [] - # - # Allow parent charts to override registry hostname - imageRegistry: "" - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -# List of additional cli arguments to configure kube-state-metrics -# for example: --enable-gzip-encoding, --log-file, etc. -# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md -extraArgs: [] - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - # Only allow access to the loadBalancerIP from these IPs - loadBalancerSourceRanges: [] - clusterIP: "" - annotations: {} - -## Additional labels to add to all resources -customLabels: {} - # app: kube-state-metrics - -## Override selector labels -selectorOverride: {} - -## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box -releaseLabel: false - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - - # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. - # useExistingRole: your-existing-role - - # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) - useClusterRole: true - - # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration - # Example: - # - apiGroups: ["monitoring.coreos.com"] - # resources: ["prometheuses"] - # verbs: ["list", "watch"] - extraRules: [] - -# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled). -# The requests are served through the same service but requests are then HTTPS. -kubeRBACProxy: - enabled: false - image: - registry: quay.io - repository: brancz/kube-rbac-proxy - tag: v0.14.0 - sha: "" - pullPolicy: IfNotPresent - - # List of additional cli arguments to configure kube-rbac-prxy - # for example: --tls-cipher-suites, --log-file, etc. - # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage - extraArgs: [] - - ## Specify security settings for a Container - ## Allows overrides and additional options compared to (Pod) securityContext - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - containerSecurityContext: {} - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## volumeMounts enables mounting custom volumes in rbac-proxy containers - ## Useful for TLS certificates and keys - volumeMounts: [] - # - mountPath: /etc/tls - # name: kube-rbac-proxy-tls - # readOnly: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - # ServiceAccount annotations. - # Use case: AWS EKS IAM roles for service accounts - # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html - annotations: {} - -prometheus: - monitor: - enabled: false - annotations: {} - additionalLabels: {} - namespace: "" - jobLabel: "" - targetLabels: [] - podTargetLabels: [] - interval: "" - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 - - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 - - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 - - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 - - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 - scrapeTimeout: "" - proxyUrl: "" - selectorOverride: {} - honorLabels: false - metricRelabelings: [] - relabelings: [] - scheme: "" - ## File to read bearer token for scraping targets - bearerTokenFile: "" - ## Secret to mount to read bearer token for scraping targets. The secret needs - ## to be in the same namespace as the service monitor and accessible by the - ## Prometheus Operator - bearerTokenSecret: {} - # name: secret-name - # key: key-name - tlsConfig: {} - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - additionalVolumes: [] - -## Configure network policy for kube-state-metrics -networkPolicy: - enabled: false - # networkPolicy.flavor -- Flavor of the network policy to use. - # Can be: - # * kubernetes for networking.k8s.io/v1/NetworkPolicy - # * cilium for cilium.io/v2/CiliumNetworkPolicy - flavor: kubernetes - - ## Configure the cilium network policy kube-apiserver selector - # cilium: - # kubeApiServerSelector: - # - toEntities: - # - kube-apiserver - - # egress: - # - {} - # ingress: - # - {} - # podSelector: - # matchLabels: - # app.kubernetes.io/name: kube-state-metrics - -securityContext: - enabled: true - runAsGroup: 65534 - runAsUser: 65534 - fsGroup: 65534 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - -## Specify security settings for a Container -## Allows overrides and additional options compared to (Pod) securityContext -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -## Topology spread constraints for pod assignment -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -topologySpreadConstraints: [] - -# Annotations to be added to the deployment/statefulset -annotations: {} - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} - -# Comma-separated list of metrics to be exposed. -# This list comprises of exact metric names and/or regex patterns. -# The allowlist and denylist are mutually exclusive. -metricAllowlist: [] - -# Comma-separated list of metrics not to be enabled. -# This list comprises of exact metric names and/or regex patterns. -# The allowlist and denylist are mutually exclusive. -metricDenylist: [] - -# Comma-separated list of additional Kubernetes label keys that will be used in the resource's -# labels metric. By default the metric contains only name and namespace labels. -# To include additional labels, provide a list of resource names in their plural form and Kubernetes -# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. -# A single '*' can be provided per resource instead to allow any labels, but that has -# severe performance implications (Example: '=pods=[*]'). -metricLabelsAllowlist: [] - # - namespaces=[k8s-label-1,k8s-label-n] - -# Comma-separated list of Kubernetes annotations keys that will be used in the resource' -# labels metric. By default the metric contains only name and namespace labels. -# To include additional annotations provide a list of resource names in their plural form and Kubernetes -# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. -# A single '*' can be provided per resource instead to allow any annotations, but that has -# severe performance implications (Example: '=pods=[*]'). -metricAnnotationsAllowList: [] - # - pods=[k8s-annotation-1,k8s-annotation-n] - -# Available collectors for kube-state-metrics. -# By default, all available resources are enabled, comment out to disable. -collectors: - - certificatesigningrequests - - configmaps - - cronjobs - - daemonsets - - deployments - - endpoints - - horizontalpodautoscalers - - ingresses - - jobs - - leases - - limitranges - - mutatingwebhookconfigurations - - namespaces - - networkpolicies - - nodes - - persistentvolumeclaims - - persistentvolumes - - poddisruptionbudgets - - pods - - replicasets - - replicationcontrollers - - resourcequotas - - secrets - - services - - statefulsets - - storageclasses - - validatingwebhookconfigurations - - volumeattachments - # - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers - -# Enabling kubeconfig will pass the --kubeconfig argument to the container -kubeconfig: - enabled: false - # base64 encoded kube-config file - secret: - -# Enable only the release namespace for collecting resources. By default all namespaces are collected. -# If releaseNamespace and namespaces are both set a merged list will be collected. -releaseNamespace: false - -# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected. -namespaces: "" - -# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, -# only namespaces that are excluded in namespaces-denylist will be used. -namespacesDenylist: "" - -## Override the deployment namespace -## -namespaceOverride: "" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - -## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. -## For example: kubeTargetVersionOverride: 1.14.9 -## -kubeTargetVersionOverride: "" - -# Enable self metrics configuration for service and Service Monitor -# Default values for telemetry configuration can be overridden -# If you set telemetryNodePort, you must also set service.type to NodePort -selfMonitor: - enabled: false - # telemetryHost: 0.0.0.0 - # telemetryPort: 8081 - # telemetryNodePort: 0 - -# Enable vertical pod autoscaler support for kube-state-metrics -verticalPodAutoscaler: - enabled: false - # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory - controlledResources: [] - - # Define the max allowed resources for the pod - maxAllowed: {} - # cpu: 200m - # memory: 100Mi - # Define the min allowed resources for the pod - minAllowed: {} - # cpu: 200m - # memory: 100Mi - - # updatePolicy: - # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates - # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". - # updateMode: Auto - -# volumeMounts are used to add custom volume mounts to deployment. -# See example below -volumeMounts: [] -# - mountPath: /etc/config -# name: config-volume - -# volumes are used to add custom volumes to deployment -# See example below -volumes: [] -# - configMap: -# name: cm-for-volume -# name: config-volume diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/.helmignore b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/.helmignore deleted file mode 100644 index f62b5519e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/.helmignore +++ /dev/null @@ -1 +0,0 @@ -templates/admission-webhooks/job-patch/README.md diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.lock b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.lock deleted file mode 100644 index 4ba89500a..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common-library - repository: https://helm-charts.newrelic.com - version: 1.1.1 -digest: sha256:3c9053021f3c22aa3cdfc6781d3498bcbedb0b973af9121b1722469744fb5162 -generated: "2023-03-22T00:04:09.514396222Z" diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.yaml deleted file mode 100644 index b9a7e176f..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/Chart.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v2 -name: newrelic-infra-operator -description: A Helm chart to deploy the New Relic Infrastructure Kubernetes Operator. -icon: https://newrelic.com/themes/custom/curio/assets/mediakit/new_relic_logo_vertical.svg -home: https://hub.docker.com/r/newrelic/newrelic-infra-operator -sources: - - https://github.com/newrelic/newrelic-infra-operator - - https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator - -version: 2.2.0 -appVersion: 0.10.0 - -dependencies: - - name: common-library - version: 1.1.1 - repository: "https://helm-charts.newrelic.com" - -maintainers: - - name: alvarocabanas - url: https://github.com/alvarocabanas - - name: carlossscastro - url: https://github.com/carlossscastro - - name: sigilioso - url: https://github.com/sigilioso - - name: gsanchezgavier - url: https://github.com/gsanchezgavier - - name: kang-makes - url: https://github.com/kang-makes - - name: marcsanmi - url: https://github.com/marcsanmi - - name: paologallinaharbur - url: https://github.com/paologallinaharbur - - name: roobre - url: https://github.com/roobre - -keywords: - - infrastructure - - newrelic - - monitoring diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md deleted file mode 100644 index e4f34366d..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md +++ /dev/null @@ -1,114 +0,0 @@ -# newrelic-infra-operator - -A Helm chart to deploy the New Relic Infrastructure Kubernetes Operator. - -**Homepage:** - -## Helm installation - -You can install this chart using [`nri-bundle`](https://github.com/newrelic/helm-charts/tree/master/charts/nri-bundle) located in the -[helm-charts repository](https://github.com/newrelic/helm-charts) or directly from this repository by adding this Helm repository: - -```shell -helm repo add newrelic-infra-operator https://newrelic.github.io/newrelic-infra-operator -helm upgrade --install newrelic-infra-operator/newrelic-infra-operator -f your-custom-values.yaml -``` - -## Source Code - -* -* - -## Usage example - -Make sure you have [added the New Relic chart repository.](../../README.md#install) - -Then, to install this chart, run the following command: - -```sh -helm upgrade --install [release-name] newrelic-infra-operator/newrelic-infra-operator --set cluster=my_cluster_name --set licenseKey [your-license-key] -``` - -When installing on Fargate add as well `--set fargate=true` - -### Configure in which pods the sidecar should be injected - -Policies are available in order to configure in which pods the sidecar should be injected. -Each policy is evaluated independently and if at least one policy matches the operator will inject the sidecar. - -Policies are composed by `namespaceSelector` checking the labels of the Pod namespace, `podSelector` checking -the labels of the Pod and `namespace` checking the namespace name. Each of those, if specified, are ANDed. - -By default, the policies are configured in order to inject the sidecar in each pod belonging to a Fargate profile. - -> Moreover, it is possible to add the label `infra-operator.newrelic.com/disable-injection` to Pods to exclude injection -for a single Pod that otherwise would be selected by the policies. - -Please make sure to configure policies correctly to avoid injecting sidecar for pods running on EC2 nodes -already monitored by the infrastructure DaemonSet. - -### Configure the sidecar with labelsSelectors - -It is also possible to configure `resourceRequirements` and `extraEnvVars` based on the labels of the mutating Pod. - -The current configuration increases the resource requirements for sidecar injected on `KSM` instances. Moreover, -injectes disable the `DISABLE_KUBE_STATE_METRICS` environment variable for Pods not running on `KSM` instances -to decrease the load on the API server. - -## Values managed globally - -This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which -means that it honors a wide range of defaults and globals common to most New Relic Helm charts. - -Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at -[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md). - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| admissionWebhooksPatchJob | object | See `values.yaml` | Image used to create certificates and inject them to the admission webhook | -| admissionWebhooksPatchJob.image.pullSecrets | list | `[]` | The secrets that are needed to pull images from a custom registry. | -| admissionWebhooksPatchJob.volumeMounts | list | `[]` | Volume mounts to add to the job, you might want to mount tmp if Pod Security Policies. Enforce a read-only root. | -| admissionWebhooksPatchJob.volumes | list | `[]` | Volumes to add to the job container. | -| affinity | object | `{}` | Sets pod/node affinities. Can be configured also with `global.affinity` | -| certManager.enabled | bool | `false` | Use cert manager for webhook certs | -| cluster | string | `""` | Name of the Kubernetes cluster monitored. Mandatory. Can be configured also with `global.cluster` | -| config | object | See `values.yaml` | Operator configuration | -| config.ignoreMutationErrors | bool | `true` | IgnoreMutationErrors instruments the operator to ignore injection error instead of failing. If set to false errors of the injection could block the creation of pods. | -| config.infraAgentInjection | object | See `values.yaml` | configuration of the sidecar injection webhook | -| config.infraAgentInjection.agentConfig | object | See `values.yaml` | agentConfig contains the configuration for the container agent injected | -| config.infraAgentInjection.agentConfig.configSelectors | list | See `values.yaml` | configSelectors is the way to configure resource requirements and extra envVars of the injected sidecar container. When mutating it will be applied the first configuration having the labelSelector matching with the mutating pod. | -| config.infraAgentInjection.agentConfig.image | object | See `values.yaml` | Image of the infrastructure agent to be injected. | -| containerSecurityContext | object | `{}` | Sets security context (at container level). Can be configured also with `global.containerSecurityContext` | -| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | -| customSecretName | string | `""` | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | -| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | -| fullnameOverride | string | `""` | Override the full name of the release | -| hostNetwork | bool | `false` | Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` | -| image | object | See `values.yaml` | Image for the New Relic Infrastructure Operator | -| image.pullSecrets | list | `[]` | The secrets that are needed to pull images from a custom registry. | -| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` | -| nameOverride | string | `""` | Override the name of the chart | -| nodeSelector | object | `{}` | Sets pod's node selector. Can be configured also with `global.nodeSelector` | -| podAnnotations | object | `{}` | Annotations to add to the pod. | -| podSecurityContext | object | `{"fsGroup":1001,"runAsGroup":1001,"runAsUser":1001}` | Sets security context (at pod level). Can be configured also with `global.podSecurityContext` | -| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` | -| rbac.pspEnabled | bool | `false` | Whether the chart should create Pod Security Policy objects. | -| replicas | int | `1` | | -| resources | object | `{"limits":{"memory":"80M"},"requests":{"cpu":"100m","memory":"30M"}}` | Resources available for this pod | -| serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation | -| serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created | -| timeoutSeconds | int | `28` | Webhook timeout Ref: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts | -| tolerations | list | `[]` | Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` | - -## Maintainers - -* [alvarocabanas](https://github.com/alvarocabanas) -* [carlossscastro](https://github.com/carlossscastro) -* [sigilioso](https://github.com/sigilioso) -* [gsanchezgavier](https://github.com/gsanchezgavier) -* [kang-makes](https://github.com/kang-makes) -* [marcsanmi](https://github.com/marcsanmi) -* [paologallinaharbur](https://github.com/paologallinaharbur) -* [roobre](https://github.com/roobre) diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md.gotmpl b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md.gotmpl deleted file mode 100644 index 1ef603355..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/README.md.gotmpl +++ /dev/null @@ -1,77 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -## Helm installation - -You can install this chart using [`nri-bundle`](https://github.com/newrelic/helm-charts/tree/master/charts/nri-bundle) located in the -[helm-charts repository](https://github.com/newrelic/helm-charts) or directly from this repository by adding this Helm repository: - -```shell -helm repo add newrelic-infra-operator https://newrelic.github.io/newrelic-infra-operator -helm upgrade --install newrelic-infra-operator/newrelic-infra-operator -f your-custom-values.yaml -``` - -{{ template "chart.sourcesSection" . }} - -## Usage example - -Make sure you have [added the New Relic chart repository.](../../README.md#install) - -Then, to install this chart, run the following command: - -```sh -helm upgrade --install [release-name] newrelic-infra-operator/newrelic-infra-operator --set cluster=my_cluster_name --set licenseKey [your-license-key] -``` - -When installing on Fargate add as well `--set fargate=true` - -### Configure in which pods the sidecar should be injected - -Policies are available in order to configure in which pods the sidecar should be injected. -Each policy is evaluated independently and if at least one policy matches the operator will inject the sidecar. - -Policies are composed by `namespaceSelector` checking the labels of the Pod namespace, `podSelector` checking -the labels of the Pod and `namespace` checking the namespace name. Each of those, if specified, are ANDed. - -By default, the policies are configured in order to inject the sidecar in each pod belonging to a Fargate profile. - -> Moreover, it is possible to add the label `infra-operator.newrelic.com/disable-injection` to Pods to exclude injection -for a single Pod that otherwise would be selected by the policies. - -Please make sure to configure policies correctly to avoid injecting sidecar for pods running on EC2 nodes -already monitored by the infrastructure DaemonSet. - -### Configure the sidecar with labelsSelectors - -It is also possible to configure `resourceRequirements` and `extraEnvVars` based on the labels of the mutating Pod. - -The current configuration increases the resource requirements for sidecar injected on `KSM` instances. Moreover, -injectes disable the `DISABLE_KUBE_STATE_METRICS` environment variable for Pods not running on `KSM` instances -to decrease the load on the API server. - -## Values managed globally - -This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which -means that it honors a wide range of defaults and globals common to most New Relic Helm charts. - -Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at -[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md). - -{{ template "chart.valuesSection" . }} - -{{ if .Maintainers }} -## Maintainers -{{ range .Maintainers }} -{{- if .Name }} -{{- if .Url }} -* [{{ .Name }}]({{ .Url }}) -{{- else }} -* {{ .Name }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/ci/test-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/ci/test-values.yaml deleted file mode 100644 index 3e154e1d4..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/ci/test-values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -cluster: test-cluster -licenseKey: pleasePassCIThanks -serviceAccount: - name: newrelic-infra-operator-test -image: - repository: e2e/newrelic-infra-operator - tag: test # Defaults to AppVersion - pullPolicy: IfNotPresent - pullSecrets: - - name: test-pull-secret -admissionWebhooksPatchJob: - volumeMounts: - - name: tmp - mountPath: /tmp - volumes: - - name: tmp - emptyDir: -podAnnotations: - test-annotation: test-value -affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: topology.kubernetes.io/zone - labelSelector: - matchExpressions: - - key: test-key - operator: In - values: - - test-value -tolerations: -- key: "key1" - operator: "Exists" - effect: "NoSchedule" -nodeSelector: - beta.kubernetes.io/os: linux - -fargate: true diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/NOTES.txt b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/NOTES.txt deleted file mode 100644 index 5b11d2d83..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -Your deployment of the New Relic Infrastructure Operator is complete. -You can check on the progress of this by running the following command: - - kubectl get deployments -o wide -w --namespace {{ .Release.Namespace }} {{ include "newrelic.common.naming.fullname" . }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/_helpers.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/_helpers.tpl deleted file mode 100644 index d72b09c3c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/_helpers.tpl +++ /dev/null @@ -1,135 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{- /* -Naming helpers -*/ -}} -{{- define "newrelic-infra-operator.name.admission" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.name" .) "suffix" "admission") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.admission" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "admission") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.admission.serviceAccount" -}} -{{- if include "newrelic.common.serviceAccount.create" . -}} - {{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "admission") -}} -{{- else -}} - {{- include "newrelic.common.serviceAccount.name" . -}} -{{- end -}} -{{- end -}} - -{{- define "newrelic-infra-operator.name.admission-create" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.name" .) "suffix" "admission-create") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.admission-create" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "admission-create") }} -{{- end -}} - -{{- define "newrelic-infra-operator.name.admission-patch" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.name" .) "suffix" "admission-patch") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.admission-patch" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "admission-patch") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.self-signed-issuer" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "self-signed-issuer") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.root-cert" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "root-cert") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.root-issuer" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "root-issuer") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.webhook-cert" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "webhook-cert") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.infra-agent" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "infra-agent") }} -{{- end -}} - -{{- define "newrelic-infra-operator.fullname.config" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config") }} -{{- end -}} - -{{/* -Returns Infra-agent rules -*/}} -{{- define "newrelic-infra-operator.infra-agent-monitoring-rules" -}} -- apiGroups: [""] - resources: - - "nodes" - - "nodes/metrics" - - "nodes/stats" - - "nodes/proxy" - - "pods" - - "services" - verbs: ["get", "list"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- end -}} - -{{/* -Returns fargate -*/}} -{{- define "newrelic-infra-operator.fargate" -}} -{{- if .Values.global }} - {{- if .Values.global.fargate }} - {{- .Values.global.fargate -}} - {{- end -}} -{{- else if .Values.fargate }} - {{- .Values.fargate -}} -{{- end -}} -{{- end -}} - -{{/* -Returns fargate configuration for configmap data -*/}} -{{- define "newrelic-infra-operator.fargate-config" -}} -infraAgentInjection: - resourcePrefix: {{ include "newrelic.common.naming.fullname" . }} -{{- if include "newrelic-infra-operator.fargate" . }} -{{- if not .Values.config.infraAgentInjection.policies }} - policies: - - podSelector: - matchExpressions: - - key: "eks.amazonaws.com/fargate-profile" - operator: Exists -{{- end }} - agentConfig: -{{- if not .Values.config.infraAgentInjection.agentConfig.customAttributes }} - customAttributes: - - name: computeType - defaultValue: serverless - - name: fargateProfile - fromLabel: eks.amazonaws.com/fargate-profile -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Returns configmap data -*/}} -{{- define "newrelic-infra-operator.configmap.data" -}} -{{ toYaml (merge (include "newrelic-infra-operator.fargate-config" . | fromYaml) .Values.config) }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/README.md b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/README.md deleted file mode 100644 index ca01036ba..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/README.md +++ /dev/null @@ -1,3 +0,0 @@ -The manifests in this directory are modified version of the manifests coming from -the [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/f1729dcfd2040660d4f3dcbe3b2f797415990711/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch) -Helm chart. diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrole.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrole.yaml deleted file mode 100644 index 44c2b3eba..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrole.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "newrelic-infra-operator.fullname.admission" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - get - - update - {{- if .Values.rbac.pspEnabled }} - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "newrelic-infra-operator.fullname.admission" . }} -{{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrolebinding.yaml deleted file mode 100644 index 902206c22..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "newrelic-infra-operator.fullname.admission" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "newrelic-infra-operator.fullname.admission" . }} -subjects: - - kind: ServiceAccount - name: {{ include "newrelic-infra-operator.fullname.admission.serviceAccount" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-createSecret.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-createSecret.yaml deleted file mode 100644 index 045665511..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.admission-create" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission-create" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - template: - metadata: - name: {{ include "newrelic-infra-operator.fullname.admission-create" . }} - labels: - app: {{ include "newrelic-infra-operator.name.admission-create" . }} - {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} - spec: - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" ( list .Values.admissionWebhooksPatchJob.image.pullSecrets ) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - containers: - - name: create - image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.admissionWebhooksPatchJob.image "context" .) }} - imagePullPolicy: {{ .Values.admissionWebhooksPatchJob.image.pullPolicy }} - args: - - create - - --host={{ include "newrelic.common.naming.fullname" . }},{{ include "newrelic.common.naming.fullname" . }}.{{ .Release.Namespace }}.svc - - --namespace={{ .Release.Namespace }} - - --secret-name={{ include "newrelic-infra-operator.fullname.admission" . }} - - --cert-name=tls.crt - - --key-name=tls.key - {{- if .Values.admissionWebhooksPatchJob.image.volumeMounts }} - volumeMounts: - {{- include "tplvalues.render" ( dict "value" .Values.admissionWebhooksPatchJob.image.volumeMounts "context" $ ) | nindent 10 }} - {{- end }} - {{- if .Values.admissionWebhooksPatchJob.image.volumes }} - volumes: - {{- include "tplvalues.render" ( dict "value" .Values.admissionWebhooksPatchJob.image.volumes "context" $ ) | nindent 8 }} - {{- end }} - restartPolicy: OnFailure - serviceAccountName: {{ include "newrelic-infra-operator.fullname.admission.serviceAccount" . }} - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - {{- with include "newrelic.common.nodeSelector" . }} - nodeSelector: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 -}} - {{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-patchWebhook.yaml deleted file mode 100644 index e6acc6b90..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.admission-patch" . }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission-patch" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - template: - metadata: - name: {{ include "newrelic-infra-operator.fullname.admission-patch" . }} - labels: - app: {{ include "newrelic-infra-operator.name.admission-patch" . }} - {{- include "newrelic.common.labels" . | nindent 8 }} - spec: - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" ( list .Values.admissionWebhooksPatchJob.image.pullSecrets ) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - containers: - - name: patch - image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.admissionWebhooksPatchJob.image "context" .) }} - imagePullPolicy: {{ .Values.admissionWebhooksPatchJob.image.pullPolicy }} - args: - - patch - - --webhook-name={{ include "newrelic.common.naming.fullname" . }} - - --namespace={{ .Release.Namespace }} - - --secret-name={{ include "newrelic-infra-operator.fullname.admission" . }} - - --patch-failure-policy=Ignore - - --patch-validating=false - {{- if .Values.admissionWebhooksPatchJob.image.volumeMounts }} - volumeMounts: - {{- include "tplvalues.render" ( dict "value" .Values.admissionWebhooksPatchJob.image.volumeMounts "context" $ ) | nindent 10 }} - {{- end }} - {{- if .Values.admissionWebhooksPatchJob.image.volumes }} - volumes: - {{- include "tplvalues.render" ( dict "value" .Values.admissionWebhooksPatchJob.image.volumes "context" $ ) | nindent 8 }} - {{- end }} - restartPolicy: OnFailure - serviceAccountName: {{ include "newrelic-infra-operator.fullname.admission.serviceAccount" . }} - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - {{- with include "newrelic.common.nodeSelector" . }} - nodeSelector: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 -}} - {{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/psp.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/psp.yaml deleted file mode 100644 index 64237abb4..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/psp.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled) (.Values.rbac.pspEnabled)) }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "newrelic-infra-operator.fullname.admission" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - privileged: false - # Required to prevent escalations to root. - # allowPrivilegeEscalation: false - # This is redundant with non-root + disallow privilege escalation, - # but we can provide it for defense in depth. - # requiredDropCapabilities: - # - ALL - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }} - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/role.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/role.yaml deleted file mode 100644 index e3213f7c5..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.admission" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/rolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/rolebinding.yaml deleted file mode 100644 index 67eb79298..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.admission" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "newrelic-infra-operator.fullname.admission" . }} -subjects: - - kind: ServiceAccount - name: {{ include "newrelic-infra-operator.fullname.admission.serviceAccount" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/serviceaccount.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/serviceaccount.yaml deleted file mode 100644 index 18eb7347d..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- $createServiceAccount := include "newrelic.common.serviceAccount.create" . -}} -{{- if (and $createServiceAccount (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.admission.serviceAccount" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ include "newrelic-infra-operator.name.admission" . }} - {{- include "newrelic.common.labels" . | nindent 4 }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/mutatingWebhookConfiguration.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/mutatingWebhookConfiguration.yaml deleted file mode 100644 index efa605255..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/admission-webhooks/mutatingWebhookConfiguration.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ include "newrelic.common.naming.fullname" . }} -{{- if .Values.certManager.enabled }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "newrelic.common.naming.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "newrelic.common.naming.fullname" .) | quote }} -{{- end }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -webhooks: -- name: newrelic-infra-operator.newrelic.com - clientConfig: - service: - name: {{ include "newrelic.common.naming.fullname" . }} - namespace: {{ .Release.Namespace }} - path: "/mutate-v1-pod" -{{- if not .Values.certManager.enabled }} - caBundle: "" -{{- end }} - rules: - - operations: ["CREATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Ignore - timeoutSeconds: {{ .Values.timeoutSeconds }} - sideEffects: NoneOnDryRun - admissionReviewVersions: - - v1 - reinvocationPolicy: IfNeeded diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/cert-manager.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/cert-manager.yaml deleted file mode 100644 index 800dc2453..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/cert-manager.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{ if .Values.certManager.enabled }} ---- -# Create a selfsigned Issuer, in order to create a root CA certificate for -# signing webhook serving certificates -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.self-signed-issuer" . }} -spec: - selfSigned: {} ---- -# Generate a CA Certificate used to sign certificates for the webhook -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.root-cert" . }} -spec: - secretName: {{ include "newrelic-infra-operator.fullname.root-cert" . }} - duration: 43800h # 5y - issuerRef: - name: {{ include "newrelic-infra-operator.fullname.self-signed-issuer" . }} - commonName: "ca.webhook.nri" - isCA: true ---- -# Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.root-issuer" . }} -spec: - ca: - secretName: {{ include "newrelic-infra-operator.fullname.root-cert" . }} ---- -# Finally, generate a serving certificate for the webhook to use -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.webhook-cert" . }} -spec: - secretName: {{ include "newrelic-infra-operator.fullname.admission" . }} - duration: 8760h # 1y - issuerRef: - name: {{ include "newrelic-infra-operator.fullname.root-issuer" . }} - dnsNames: - - {{ include "newrelic.common.naming.fullname" . }} - - {{ include "newrelic.common.naming.fullname" . }}.{{ .Release.Namespace }} - - {{ include "newrelic.common.naming.fullname" . }}.{{ .Release.Namespace }}.svc -{{ end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrole.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrole.yaml deleted file mode 100644 index cb20e310d..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrole.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -rules: - {{/* Allow creating and updating secrets with license key for infra agent. */ -}} - - apiGroups: [""] - resources: - - "secrets" - verbs: ["get", "update", "patch"] - resourceNames: [ {{ include "newrelic-infra-operator.fullname.config" . | quote }} ] - {{/* resourceNames used above do not support "create" verb. */ -}} - - apiGroups: [""] - resources: - - "secrets" - verbs: ["create"] - {{/* "list" and "watch" are required for controller-runtime caching. */ -}} - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterrolebindings"] - verbs: ["list", "watch", "get"] - {{/* Our controller needs permission to add the ServiceAccounts from the user to the -infra-agent CRB. */ -}} - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["clusterrolebindings"] - verbs: ["update"] - resourceNames: [ {{ include "newrelic-infra-operator.fullname.infra-agent" . | quote }} ] - {{- /* Controller must have permissions it will grant to other ServiceAccounts. */ -}} - {{- include "newrelic-infra-operator.infra-agent-monitoring-rules" . | nindent 2 }} ---- -{{/* infra-agent is the ClusterRole to be used by the injected agents to get metrics */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "newrelic-infra-operator.fullname.infra-agent" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -rules: - {{- include "newrelic-infra-operator.infra-agent-monitoring-rules" . | nindent 2 }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrolebinding.yaml deleted file mode 100644 index 1f5f8b89b..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "newrelic.common.naming.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} ---- -{{/* infra-agent is the ClusterRoleBinding to be used by the ServiceAccounts of the injected agents */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "newrelic-infra-operator.fullname.infra-agent" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "newrelic-infra-operator.fullname.infra-agent" . }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/configmap.yaml deleted file mode 100644 index fdb4a1e3b..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-infra-operator.fullname.config" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -data: - operator.yaml: {{- include "newrelic-infra-operator.configmap.data" . | toYaml | nindent 4 }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/deployment.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/deployment.yaml deleted file mode 100644 index 51a7a8b7a..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/deployment.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - labels: - {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} - spec: - serviceAccountName: {{ template "newrelic.common.serviceAccount.name" . }} - {{- with include "newrelic.common.securityContext.pod" . }} - securityContext: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" ( list .Values.image.pullSecrets ) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - containers: - - name: {{ include "newrelic.common.naming.name" . }} - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.image "context" .) }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- with include "newrelic.common.securityContext.container" . }} - securityContext: - {{- . | nindent 10 }} - {{- end }} - env: - - name: CLUSTER_NAME - value: {{ include "newrelic.common.cluster" . }} - - name: NRIA_LICENSE_KEY - valueFrom: - secretKeyRef: - name: {{ include "newrelic.common.license.secretName" . }} - key: {{ include "newrelic.common.license.secretKeyName" . }} - volumeMounts: - - name: config - mountPath: /etc/newrelic/newrelic-infra-operator/ - - name: tls-key-cert-pair - mountPath: /tmp/k8s-webhook-server/serving-certs/ - readinessProbe: - httpGet: - path: /healthz - port: 9440 - initialDelaySeconds: 1 - periodSeconds: 1 - {{- if .Values.resources }} - resources: - {{- toYaml .Values.resources | nindent 10 }} - {{- end }} - volumes: - - name: config - configMap: - name: {{ include "newrelic-infra-operator.fullname.config" . }} - - name: tls-key-cert-pair - secret: - secretName: {{ include "newrelic-infra-operator.fullname.admission" . }} - {{- with include "newrelic.common.priorityClassName" . }} - priorityClassName: {{ . }} - {{- end }} - {{- with include "newrelic.common.nodeSelector" . }} - nodeSelector: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.affinity" . }} - affinity: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.dnsConfig" . }} - dnsConfig: - {{- . | nindent 8 }} - {{- end }} - hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }} - {{- if include "newrelic.common.hostNetwork" . }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/secret.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/secret.yaml deleted file mode 100644 index f558ee86c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/secret.yaml +++ /dev/null @@ -1,2 +0,0 @@ -{{- /* Common library will take care of creating the secret or not. */}} -{{- include "newrelic.common.license.secret" . }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/service.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/service.yaml deleted file mode 100644 index 04af4d09c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/serviceaccount.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/serviceaccount.yaml deleted file mode 100644 index b1e74523e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if include "newrelic.common.serviceAccount.create" . -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- if include "newrelic.common.serviceAccount.annotations" . }} - annotations: - {{- include "newrelic.common.serviceAccount.annotations" . | nindent 4 }} - {{- end }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_patch_psp_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_patch_psp_test.yaml deleted file mode 100644 index 78f1b1f6a..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_patch_psp_test.yaml +++ /dev/null @@ -1,23 +0,0 @@ -suite: test rendering for PSPs -templates: - - templates/admission-webhooks/job-patch/psp.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: If PSPs are enabled PodSecurityPolicy is rendered - set: - cluster: test-cluster - licenseKey: use-whatever - rbac: - pspEnabled: true - asserts: - - hasDocuments: - count: 1 - - it: If PSPs are disabled PodSecurityPolicy isn't rendered - set: - cluster: test-cluster - licenseKey: use-whatever - asserts: - - hasDocuments: - count: 0 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_serviceaccount_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_serviceaccount_test.yaml deleted file mode 100644 index 2ab9f137b..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/job_serviceaccount_test.yaml +++ /dev/null @@ -1,41 +0,0 @@ -suite: test job' serviceAccount -templates: - - templates/admission-webhooks/job-patch/job-createSecret.yaml - - templates/admission-webhooks/job-patch/job-patchWebhook.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: RBAC points to the service account that is created by default - set: - cluster: test-cluster - licenseKey: use-whatever - rbac.create: true - serviceAccount.create: true - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: my-release-newrelic-infra-operator-admission - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - cluster: test-cluster - licenseKey: use-whatever - rbac.create: true - serviceAccount.create: false - serviceAccount.name: sa-test - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: sa-test - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - cluster: test-cluster - licenseKey: use-whatever - rbac.create: true - serviceAccount.create: false - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: default diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/rbac_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/rbac_test.yaml deleted file mode 100644 index 03473cb39..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/tests/rbac_test.yaml +++ /dev/null @@ -1,41 +0,0 @@ -suite: test RBAC creation -templates: - - templates/admission-webhooks/job-patch/rolebinding.yaml - - templates/admission-webhooks/job-patch/clusterrolebinding.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: RBAC points to the service account that is created by default - set: - cluster: test-cluster - licenseKey: use-whatever - rbac.create: true - serviceAccount.create: true - asserts: - - equal: - path: subjects[0].name - value: my-release-newrelic-infra-operator-admission - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - cluster: test-cluster - licenseKey: use-whatever - rbac.create: true - serviceAccount.create: false - serviceAccount.name: sa-test - asserts: - - equal: - path: subjects[0].name - value: sa-test - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - cluster: test-cluster - licenseKey: use-whatever - rbac.create: true - serviceAccount.create: false - asserts: - - equal: - path: subjects[0].name - value: default diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/values.yaml deleted file mode 100644 index 676d12c6d..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infra-operator/values.yaml +++ /dev/null @@ -1,215 +0,0 @@ -# -- Override the name of the chart -nameOverride: "" -# -- Override the full name of the release -fullnameOverride: "" - -# -- Name of the Kubernetes cluster monitored. Mandatory. Can be configured also with `global.cluster` -cluster: "" -# -- This set this license key to use. Can be configured also with `global.licenseKey` -licenseKey: "" -# -- In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` -customSecretName: "" -# -- In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` -customSecretLicenseKey: "" - -# -- Image for the New Relic Infrastructure Operator -# @default -- See `values.yaml` -image: - repository: newrelic/newrelic-infra-operator - tag: "" - pullPolicy: IfNotPresent - # -- The secrets that are needed to pull images from a custom registry. - pullSecrets: [] - # - name: regsecret - -# -- Image used to create certificates and inject them to the admission webhook -# @default -- See `values.yaml` -admissionWebhooksPatchJob: - image: - registry: # Defaults to registry.k8s.io - repository: ingress-nginx/kube-webhook-certgen - tag: v1.3.0 - pullPolicy: IfNotPresent - # -- The secrets that are needed to pull images from a custom registry. - pullSecrets: [] - # - name: regsecret - - # -- Volume mounts to add to the job, you might want to mount tmp if Pod Security Policies. - # Enforce a read-only root. - volumeMounts: [] - # - name: tmp - # mountPath: /tmp - # -- Volumes to add to the job container. - volumes: [] - # - name: tmp - # emptyDir: {} - -rbac: - # rbac.pspEnabled -- Whether the chart should create Pod Security Policy objects. - pspEnabled: false - -replicas: 1 - -# -- Resources available for this pod -resources: - limits: - memory: 80M - requests: - cpu: 100m - memory: 30M - -# -- Settings controlling ServiceAccount creation -# @default -- See `values.yaml` -serviceAccount: - # serviceAccount.create -- (bool) Specifies whether a ServiceAccount should be created - # @default -- `true` - create: - # If not set and create is true, a name is generated using the fullname template - name: "" - # Specify any annotations to add to the ServiceAccount - annotations: - -# -- Annotations to add to the pod. -podAnnotations: {} - -# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` -priorityClassName: "" -# -- (bool) Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` -# @default -- `false` -hostNetwork: -# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` -dnsConfig: {} -# -- Sets security context (at pod level). Can be configured also with `global.podSecurityContext` -podSecurityContext: - fsGroup: 1001 - runAsUser: 1001 - runAsGroup: 1001 -# -- Sets security context (at container level). Can be configured also with `global.containerSecurityContext` -containerSecurityContext: {} - -# -- Sets pod/node affinities. Can be configured also with `global.affinity` -affinity: {} -# -- Sets pod's node selector. Can be configured also with `global.nodeSelector` -nodeSelector: {} -# -- Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` -tolerations: [] - -certManager: - # certManager.enabled -- Use cert manager for webhook certs - enabled: false - -# -- Webhook timeout -# Ref: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts -timeoutSeconds: 28 - -# -- Operator configuration -# @default -- See `values.yaml` -config: - # -- IgnoreMutationErrors instruments the operator to ignore injection error instead of failing. - # If set to false errors of the injection could block the creation of pods. - ignoreMutationErrors: true - - # -- configuration of the sidecar injection webhook - # @default -- See `values.yaml` - infraAgentInjection: - # All policies are ORed, if one policy matches the sidecar is injected. - # Within a policy PodSelectors, NamespaceSelector and NamespaceName are ANDed, any of these, if not specified, is ignored. - # The following policy is injected if global.fargate=true and matches all pods belonging to any fargate profile. - # policies: - # - podSelector: - # matchExpressions: - # - key: "eks.amazonaws.com/fargate-profile" - # operator: Exists - # Also NamespaceName and NamespaceSelector can be leveraged. - # namespaceName: "my-namespace" - # namespaceSelector: {} - - # -- agentConfig contains the configuration for the container agent injected - # @default -- See `values.yaml` - agentConfig: - # Custom Attributes allows to pass any custom attribute to the injected infra agents. - # The value is computed either from the defaultValue or taken at injected time from Label specified in "fromLabel". - # Either the label should exist or the default should be specified in order to have the injection working. - # customAttributes: - # - name: computeType - # defaultValue: serverless - # - name: fargateProfile - # fromLabel: eks.amazonaws.com/fargate-profile - - # -- Image of the infrastructure agent to be injected. - # @default -- See `values.yaml` - image: - repository: newrelic/infrastructure-k8s - tag: 2.13.7-unprivileged - pullPolicy: IfNotPresent - - # -- configSelectors is the way to configure resource requirements and extra envVars of the injected sidecar container. - # When mutating it will be applied the first configuration having the labelSelector matching with the mutating pod. - # @default -- See `values.yaml` - configSelectors: - - resourceRequirements: # resourceRequirements to apply to the injected sidecar. - limits: - memory: 100M - cpu: 200m - requests: - memory: 50M - cpu: 100m - extraEnvVars: # extraEnvVars to pass to the injected sidecar. - DISABLE_KUBE_STATE_METRICS: "true" - # NRIA_VERBOSE: "1" - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/name" - operator: NotIn - values: ["kube-state-metrics"] - - key: "app" - operator: NotIn - values: ["kube-state-metrics"] - - key: "k8s-app" - operator: NotIn - values: ["kube-state-metrics"] - - - resourceRequirements: - limits: - memory: 300M - cpu: 300m - requests: - memory: 150M - cpu: 150m - labelSelector: - matchLabels: - k8s-app: kube-state-metrics - # extraEnvVars: - # NRIA_VERBOSE: "1" - - - resourceRequirements: - limits: - memory: 300M - cpu: 300m - requests: - memory: 150M - cpu: 150m - labelSelector: - matchLabels: - app: kube-state-metrics - # extraEnvVars: - # NRIA_VERBOSE: "1" - - - resourceRequirements: - limits: - memory: 300M - cpu: 300m - requests: - memory: 150M - cpu: 150m - labelSelector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics - # extraEnvVars: - # NRIA_VERBOSE: "1" - - # pod Security Context of the sidecar injected. - # Notice that ReadOnlyRootFilesystem and AllowPrivilegeEscalation enforced respectively to true and to false. - # podSecurityContext: - # RunAsUser: - # RunAsGroup: diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/.helmignore b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/.helmignore deleted file mode 100644 index 2bfa6a4d9..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/.helmignore +++ /dev/null @@ -1 +0,0 @@ -tests/ diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.lock b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.lock deleted file mode 100644 index baf795d4a..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common-library - repository: https://helm-charts.newrelic.com - version: 1.1.1 -digest: sha256:3c9053021f3c22aa3cdfc6781d3498bcbedb0b973af9121b1722469744fb5162 -generated: "2023-03-15T19:27:04.098609519Z" diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.yaml deleted file mode 100644 index 86c2867fd..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: v2 -name: newrelic-infrastructure -description: A Helm chart to deploy the New Relic Kubernetes monitoring solution -home: https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/introduction-kubernetes-integration/ -icon: https://newrelic.com/themes/custom/curio/assets/mediakit/NR_logo_Horizontal.svg -sources: - - https://github.com/newrelic/nri-kubernetes/ - - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure - - https://github.com/newrelic/infrastructure-agent/ - -version: 3.17.0 -appVersion: 3.12.0 - -dependencies: - - name: common-library - version: 1.1.1 - repository: "https://helm-charts.newrelic.com" - -maintainers: - - name: nserrino - url: https://github.com/nserrino - - name: philkuz - url: https://github.com/philkuz - - name: htroisi - url: https://github.com/htroisi - - name: juanjjaramillo - url: https://github.com/juanjjaramillo - - name: svetlanabrennan - url: https://github.com/svetlanabrennan - - name: nrepai - url: https://github.com/nrepai - - name: csongnr - url: https://github.com/csongnr - - name: vuqtran88 - url: https://github.com/vuqtran88 - - name: xqi-nr - url: https://github.com/xqi-nr - -keywords: - - infrastructure - - newrelic - - monitoring diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md deleted file mode 100644 index 56cadee19..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md +++ /dev/null @@ -1,226 +0,0 @@ -# newrelic-infrastructure - -A Helm chart to deploy the New Relic Kubernetes monitoring solution - -**Homepage:** - -# Helm installation - -You can install this chart using [`nri-bundle`](https://github.com/newrelic/helm-charts/tree/master/charts/nri-bundle) located in the -[helm-charts repository](https://github.com/newrelic/helm-charts) or directly from this repository by adding this Helm repository: - -```shell -helm repo add nri-kubernetes https://newrelic.github.io/nri-kubernetes -helm upgrade --install newrelic-infrastructure nri-kubernetes/newrelic-infrastructure -f your-custom-values.yaml -``` - -## Source Code - -* -* -* - -## Values managed globally - -This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which -means that it honors a wide range of defaults and globals common to most New Relic Helm charts. - -Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at -[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md). - -## Chart particularities - -### Low data mode -There are two mechanisms to reduce the amount of data that this integration sends to New Relic. See this snippet from the `values.yaml` file: -```yaml -common: - config: - interval: 15s - -lowDataMode: false -``` - -The `lowDataMode` toggle is the simplest way to reduce data send to Newrelic. Setting it to `true` changes the default scrape interval from 15 seconds -(the default) to 30 seconds. - -If you need for some reason to fine-tune the number of seconds you can use `common.config.interval` directly. If you take a look at the `values.yaml` -file, the value there is `nil`. If any value is set there, the `lowDataMode` toggle is ignored as this value takes precedence. - -Setting this interval above 40 seconds can make you experience issues with the Kubernetes Cluster Explorer so this chart limits setting the interval -inside the range of 10 to 40 seconds. - -### Affinities and tolerations - -The New Relic common library allows to set affinities, tolerations, and node selectors globally using e.g. `.global.affinity` to ease the configuration -when you use this chart using `nri-bundle`. This chart has an extra level of granularity to the components that it deploys: -control plane, ksm, and kubelet. - -Take this snippet as an example: -```yaml -global: - affinity: {} -affinity: {} - -kubelet: - affinity: {} -ksm: - affinity: {} -controlPlane: - affinity: {} -``` - -The order to set an affinity is to set first any `kubelet.affinity`, `ksm.affinity`, or `controlPlane.affinity`. If these values are empty the chart -fallbacks to `affinity` (at root level), and if that value is empty, the chart fallbacks to `global.affinity`. - -The same procedure applies to `nodeSelector` and `tolerations`. - -On the other hand, some components have affinities and tolerations predefined e.g. to be able to run kubelet pods on nodes that are tainted as master -nodes or to schedule the KSM scraper on the same node of KSM to reduce the inter-node traffic. - -If you are having problems assigning pods to nodes it may be because of this. Take a look at the [`values.yaml`](values.yaml) to see if the pod that is -not having your expected behavior has any predefined value. - -### `hostNetwork` toggle - -In versions below v3, changing the `privileged` mode affected the `hostNetwork`. We changed this behavior and now you can set pods to use `hostNetwork` -using the corresponding [flags from the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) -(`.global.hostNetwork` and `.hostNetwork`) but the component that scrapes data from the control plane has always set `hostNetwork` enabled by default -(Look in the [`values.yaml`](values.yaml) for `controlPlane.hostNetwork: true`) - -This is because the most common configuration of the control plane components is to be configured to listen only to `localhost`. - -If your cluster security policy does not allow to use `hostNetwork`, you can disable it control plane monitoring by setting `controlPlane.enabled` to -`false.` - -### `privileged` toggle - -The default value for `privileged` [from the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) is -`false` but in this particular this chart it is set to `true` (Look in the [`values.yaml`](values.yaml) for `privileged: true`) - -This is because when `kubelet` pods need to run in privileged mode to fetch cpu, memory, process, and network metrics of your nodes. - -If your cluster security policy does not allow to have `privileged` in your pod' security context, you can disable it by setting `privileged` to -`false` taking into account that you will lose all the metrics from the host and some metadata from the host that are added to the metrics of the -integrations that you have configured. - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | Sets pod/node affinities set almost globally. (See [Affinities and tolerations](README.md#affinities-and-tolerations)) | -| cluster | string | `""` | Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster` | -| common | object | See `values.yaml` | Config that applies to all instances of the solution: kubelet, ksm, control plane and sidecars. | -| common.agentConfig | object | `{}` | Config for the Infrastructure agent. Will be used by the forwarder sidecars and the agent running integrations. See: https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ | -| common.config.interval | duration | `15s` (See [Low data mode](README.md#low-data-mode)) | Intervals larger than 40s are not supported and will cause the NR UI to not behave properly. Any non-nil value will override the `lowDataMode` default. | -| common.config.namespaceSelector | object | `{}` | Config for filtering ksm and kubelet metrics by namespace. | -| containerSecurityContext | object | `{}` | Sets security context (at container level). Can be configured also with `global.containerSecurityContext` | -| controlPlane | object | See `values.yaml` | Configuration for the control plane scraper. | -| controlPlane.affinity | object | Deployed only in master nodes. | Affinity for the control plane DaemonSet. | -| controlPlane.agentConfig | object | `{}` | Config for the Infrastructure agent that will forward the metrics to the backend. It will be merged with the configuration in `.common.agentConfig` See: https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ | -| controlPlane.config.apiServer | object | Common settings for most K8s distributions. | API Server monitoring configuration | -| controlPlane.config.apiServer.enabled | bool | `true` | Enable API Server monitoring | -| controlPlane.config.controllerManager | object | Common settings for most K8s distributions. | Controller manager monitoring configuration | -| controlPlane.config.controllerManager.enabled | bool | `true` | Enable controller manager monitoring. | -| controlPlane.config.etcd | object | Common settings for most K8s distributions. | etcd monitoring configuration | -| controlPlane.config.etcd.enabled | bool | `true` | Enable etcd monitoring. Might require manual configuration in some environments. | -| controlPlane.config.retries | int | `3` | Number of retries after timeout expired | -| controlPlane.config.scheduler | object | Common settings for most K8s distributions. | Scheduler monitoring configuration | -| controlPlane.config.scheduler.enabled | bool | `true` | Enable scheduler monitoring. | -| controlPlane.config.timeout | string | `"10s"` | Timeout for the Kubernetes APIs contacted by the integration | -| controlPlane.enabled | bool | `true` | Deploy control plane monitoring component. | -| controlPlane.hostNetwork | bool | `true` | Run Control Plane scraper with `hostNetwork`. `hostNetwork` is required for most control plane configurations, as they only accept connections from localhost. | -| controlPlane.kind | string | `"DaemonSet"` | How to deploy the control plane scraper. If autodiscovery is in use, it should be `DaemonSet`. Advanced users using static endpoints set this to `Deployment` to avoid reporting metrics twice. | -| controlPlane.tolerations | list | Schedules in all tainted nodes | Tolerations for the control plane DaemonSet. | -| customAttributes | object | `{}` | Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` | -| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | -| customSecretName | string | `""` | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | -| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | -| enableProcessMetrics | bool | `false` | Collect detailed metrics from processes running in the host. This defaults to true for accounts created before July 20, 2020. ref: https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes/new-relic-infrastructure-agent-1120 | -| fedramp.enabled | bool | `false` | Enables FedRAMP. Can be configured also with `global.fedramp.enabled` | -| fullnameOverride | string | `""` | Override the full name of the release | -| hostNetwork | bool | `false` | Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` | -| images | object | See `values.yaml` | Images used by the chart for the integration and agents. | -| images.agent | object | See `values.yaml` | Image for the New Relic Infrastructure Agent plus integrations. | -| images.forwarder | object | See `values.yaml` | Image for the New Relic Infrastructure Agent sidecar. | -| images.integration | object | See `values.yaml` | Image for the New Relic Kubernetes integration. | -| images.pullSecrets | list | `[]` | The secrets that are needed to pull images from a custom registry. | -| integrations | object | `{}` | Config files for other New Relic integrations that should run in this cluster. | -| ksm | object | See `values.yaml` | Configuration for the Deployment that collects state metrics from KSM (kube-state-metrics). | -| ksm.affinity | object | Deployed in the same node as KSM | Affinity for the KSM Deployment. | -| ksm.agentConfig | object | `{}` | Config for the Infrastructure agent that will forward the metrics to the backend. It will be merged with the configuration in `.common.agentConfig` See: https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ | -| ksm.config.retries | int | `3` | Number of retries after timeout expired | -| ksm.config.scheme | string | `"http"` | Scheme to use to connect to kube-state-metrics. Supported values are `http` and `https`. | -| ksm.config.selector | string | `"app.kubernetes.io/name=kube-state-metrics"` | Label selector that will be used to automatically discover an instance of kube-state-metrics running in the cluster. | -| ksm.config.timeout | string | `"10s"` | Timeout for the ksm API contacted by the integration | -| ksm.enabled | bool | `true` | Enable cluster state monitoring. Advanced users only. Setting this to `false` is not supported and will break the New Relic experience. | -| ksm.hostNetwork | bool | Not set | Sets pod's hostNetwork. When set bypasses global/common variable | -| ksm.resources | object | 100m/150M -/850M | Resources for the KSM scraper pod. Keep in mind that sharding is not supported at the moment, so memory usage for this component ramps up quickly on large clusters. | -| ksm.tolerations | list | Schedules in all tainted nodes | Tolerations for the KSM Deployment. | -| kubelet | object | See `values.yaml` | Configuration for the DaemonSet that collects metrics from the Kubelet. | -| kubelet.agentConfig | object | `{}` | Config for the Infrastructure agent that will forward the metrics to the backend and will run the integrations in this cluster. It will be merged with the configuration in `.common.agentConfig`. You can see all the agent configurations in [New Relic docs](https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/) e.g. you can set `passthrough_environment` int the [config file](https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/configure-infrastructure-agent/#config-file) so the agent let use that environment variables to the integrations. | -| kubelet.config.retries | int | `3` | Number of retries after timeout expired | -| kubelet.config.scraperMaxReruns | int | `4` | Max number of scraper rerun when scraper runtime error happens | -| kubelet.config.timeout | string | `"10s"` | Timeout for the kubelet APIs contacted by the integration | -| kubelet.enabled | bool | `true` | Enable kubelet monitoring. Advanced users only. Setting this to `false` is not supported and will break the New Relic experience. | -| kubelet.extraEnv | list | `[]` | Add user environment variables to the agent | -| kubelet.extraEnvFrom | list | `[]` | Add user environment from configMaps or secrets as variables to the agent | -| kubelet.extraVolumeMounts | list | `[]` | Defines where to mount volumes specified with `extraVolumes` | -| kubelet.extraVolumes | list | `[]` | Volumes to mount in the containers | -| kubelet.hostNetwork | bool | Not set | Sets pod's hostNetwork. When set bypasses global/common variable | -| kubelet.tolerations | list | Schedules in all tainted nodes | Tolerations for the control plane DaemonSet. | -| labels | object | `{}` | Additional labels for chart objects. Can be configured also with `global.labels` | -| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` | -| lowDataMode | bool | `false` (See [Low data mode](README.md#low-data-mode)) | Send less data by incrementing the interval from `15s` (the default when `lowDataMode` is `false` or `nil`) to `30s`. Non-nil values of `common.config.interval` will override this value. | -| nameOverride | string | `""` | Override the name of the chart | -| nodeSelector | object | `{}` | Sets pod's node selector almost globally. (See [Affinities and tolerations](README.md#affinities-and-tolerations)) | -| nrStaging | bool | `false` | Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` | -| podAnnotations | object | `{}` | Annotations to be added to all pods created by the integration. | -| podLabels | object | `{}` | Additional labels for chart pods. Can be configured also with `global.podLabels` | -| podSecurityContext | object | `{}` | Sets security context (at pod level). Can be configured also with `global.podSecurityContext` | -| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` | -| privileged | bool | `true` | Run the integration with full access to the host filesystem and network. Running in this mode allows reporting fine-grained cpu, memory, process and network metrics for your nodes. | -| proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` | -| rbac.create | bool | `true` | Whether the chart should automatically create the RBAC objects required to run. | -| rbac.pspEnabled | bool | `false` | Whether the chart should create Pod Security Policy objects. | -| selfMonitoring.pixie.enabled | bool | `false` | Enables the Pixie Health Check nri-flex config. This Flex config performs periodic checks of the Pixie /healthz and /statusz endpoints exposed by the Pixie Cloud Connector. A status for each endpoint is sent to New Relic in a pixieHealthCheck event. | -| serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation. | -| serviceAccount.create | bool | `true` | Whether the chart should automatically create the ServiceAccount objects required to run. | -| sink.http.probeBackoff | string | `"5s"` | The amount of time the scraper container to backoff when it fails to probe infra agent sidecar. | -| sink.http.probeTimeout | string | `"90s"` | The amount of time the scraper container to probe infra agent sidecar container before giving up and restarting during pod starts. | -| strategy | object | `type: Recreate` | Update strategy for the deployed Deployments. | -| tolerations | list | `[]` | Sets pod's tolerations to node taints almost globally. (See [Affinities and tolerations](README.md#affinities-and-tolerations)) | -| updateStrategy | object | See `values.yaml` | Update strategy for the deployed DaemonSets. | -| verboseLog | bool | `false` | Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` | - -## Maintainers - -* [nserrino](https://github.com/nserrino) -* [philkuz](https://github.com/philkuz) -* [htroisi](https://github.com/htroisi) -* [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) -* [nrepai](https://github.com/nrepai) -* [csongnr](https://github.com/csongnr) -* [vuqtran88](https://github.com/vuqtran88) -* [xqi-nr](https://github.com/xqi-nr) - -## Past Contributors - -Previous iterations of this chart started as a community project in the [stable Helm chart repository](github.com/helm/charts/). New Relic is very thankful for all the 15+ community members that contributed and helped maintain the chart there over the years: - -* coreypobrien -* sstarcher -* jmccarty3 -* slayerjain -* ryanhope2 -* rk295 -* michaelajr -* isindir -* idirouhab -* ismferd -* enver -* diclophis -* jeffdesc -* costimuraru -* verwilst -* ezelenka diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md.gotmpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md.gotmpl deleted file mode 100644 index 84f2f9083..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/README.md.gotmpl +++ /dev/null @@ -1,137 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -# Helm installation - -You can install this chart using [`nri-bundle`](https://github.com/newrelic/helm-charts/tree/master/charts/nri-bundle) located in the -[helm-charts repository](https://github.com/newrelic/helm-charts) or directly from this repository by adding this Helm repository: - -```shell -helm repo add nri-kubernetes https://newrelic.github.io/nri-kubernetes -helm upgrade --install newrelic-infrastructure nri-kubernetes/newrelic-infrastructure -f your-custom-values.yaml -``` - -{{ template "chart.sourcesSection" . }} - -## Values managed globally - -This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which -means that it honors a wide range of defaults and globals common to most New Relic Helm charts. - -Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at -[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md). - -## Chart particularities - -### Low data mode -There are two mechanisms to reduce the amount of data that this integration sends to New Relic. See this snippet from the `values.yaml` file: -```yaml -common: - config: - interval: 15s - -lowDataMode: false -``` - -The `lowDataMode` toggle is the simplest way to reduce data send to Newrelic. Setting it to `true` changes the default scrape interval from 15 seconds -(the default) to 30 seconds. - -If you need for some reason to fine-tune the number of seconds you can use `common.config.interval` directly. If you take a look at the `values.yaml` -file, the value there is `nil`. If any value is set there, the `lowDataMode` toggle is ignored as this value takes precedence. - -Setting this interval above 40 seconds can make you experience issues with the Kubernetes Cluster Explorer so this chart limits setting the interval -inside the range of 10 to 40 seconds. - -### Affinities and tolerations - -The New Relic common library allows to set affinities, tolerations, and node selectors globally using e.g. `.global.affinity` to ease the configuration -when you use this chart using `nri-bundle`. This chart has an extra level of granularity to the components that it deploys: -control plane, ksm, and kubelet. - -Take this snippet as an example: -```yaml -global: - affinity: {} -affinity: {} - -kubelet: - affinity: {} -ksm: - affinity: {} -controlPlane: - affinity: {} -``` - -The order to set an affinity is to set first any `kubelet.affinity`, `ksm.affinity`, or `controlPlane.affinity`. If these values are empty the chart -fallbacks to `affinity` (at root level), and if that value is empty, the chart fallbacks to `global.affinity`. - -The same procedure applies to `nodeSelector` and `tolerations`. - -On the other hand, some components have affinities and tolerations predefined e.g. to be able to run kubelet pods on nodes that are tainted as master -nodes or to schedule the KSM scraper on the same node of KSM to reduce the inter-node traffic. - -If you are having problems assigning pods to nodes it may be because of this. Take a look at the [`values.yaml`](values.yaml) to see if the pod that is -not having your expected behavior has any predefined value. - -### `hostNetwork` toggle - -In versions below v3, changing the `privileged` mode affected the `hostNetwork`. We changed this behavior and now you can set pods to use `hostNetwork` -using the corresponding [flags from the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) -(`.global.hostNetwork` and `.hostNetwork`) but the component that scrapes data from the control plane has always set `hostNetwork` enabled by default -(Look in the [`values.yaml`](values.yaml) for `controlPlane.hostNetwork: true`) - -This is because the most common configuration of the control plane components is to be configured to listen only to `localhost`. - -If your cluster security policy does not allow to use `hostNetwork`, you can disable it control plane monitoring by setting `controlPlane.enabled` to -`false.` - -### `privileged` toggle - -The default value for `privileged` [from the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) is -`false` but in this particular this chart it is set to `true` (Look in the [`values.yaml`](values.yaml) for `privileged: true`) - -This is because when `kubelet` pods need to run in privileged mode to fetch cpu, memory, process, and network metrics of your nodes. - -If your cluster security policy does not allow to have `privileged` in your pod' security context, you can disable it by setting `privileged` to -`false` taking into account that you will lose all the metrics from the host and some metadata from the host that are added to the metrics of the -integrations that you have configured. - -{{ template "chart.valuesSection" . }} - -{{ if .Maintainers }} -## Maintainers -{{ range .Maintainers }} -{{- if .Name }} -{{- if .Url }} -* [{{ .Name }}]({{ .Url }}) -{{- else }} -* {{ .Name }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -## Past Contributors - -Previous iterations of this chart started as a community project in the [stable Helm chart repository](github.com/helm/charts/). New Relic is very thankful for all the 15+ community members that contributed and helped maintain the chart there over the years: - -* coreypobrien -* sstarcher -* jmccarty3 -* slayerjain -* ryanhope2 -* rk295 -* michaelajr -* isindir -* idirouhab -* ismferd -* enver -* diclophis -* jeffdesc -* costimuraru -* verwilst -* ezelenka diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-cplane-kind-deployment-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-cplane-kind-deployment-values.yaml deleted file mode 100644 index 1e2c36d21..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-cplane-kind-deployment-values.yaml +++ /dev/null @@ -1,135 +0,0 @@ -global: - licenseKey: 1234567890abcdef1234567890abcdef12345678 - cluster: test-cluster - -common: - agentConfig: - # We set it in order for the kubelet to not crash when posting tho the agent. Since the License_Key is - # not valid, the Identity Api doesn't return an AgentID and the server from the Agent takes to long to respond - is_forward_only: true - config: - sink: - http: - timeout: 180s - -customAttributes: - new: relic - loren: ipsum - -# Disable KSM scraper as it is not enabled when testing this chart individually. -ksm: - enabled: false - -# K8s DaemonSets update strategy. -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - -enableProcessMetrics: "false" -serviceAccount: - create: true - -podAnnotations: - annotation1: "annotation" -podLabels: - label1: "label" - -securityContext: - runAsUser: 1000 - runAsGroup: 2000 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -privileged: true - -rbac: - create: true - pspEnabled: false - -prefixDisplayNameWithCluster: false -useNodeNameAsDisplayName: true -integrations_config: [] - -kubelet: - enabled: true - annotations: {} - tolerations: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" - extraEnv: - - name: ENV_VAR1 - value: "var1" - - name: ENV_VAR2 - value: "var2" - resources: - limits: - memory: 400M - requests: - cpu: 100m - memory: 180M - config: - scheme: "http" - -controlPlane: - kind: Deployment - enabled: true - config: - etcd: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=etcd" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:4001 - insecureSkipVerify: true - auth: - type: bearer - - url: http://localhost:2381 - scheduler: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-scheduler" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10259 - insecureSkipVerify: true - auth: - type: bearer - controllerManager: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-controller-manager" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: bearer - mtls: - secretName: secret-name - secretNamespace: default - apiServer: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-apiserver" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:8443 - insecureSkipVerify: true - auth: - type: bearer - mtls: - secretName: secret-name4 - - url: http://localhost:8080 - -images: - integration: - tag: test - repository: e2e/nri-kubernetes diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-values.yaml deleted file mode 100644 index 125a49607..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/ci/test-values.yaml +++ /dev/null @@ -1,134 +0,0 @@ -global: - licenseKey: 1234567890abcdef1234567890abcdef12345678 - cluster: test-cluster - -common: - agentConfig: - # We set it in order for the kubelet to not crash when posting tho the agent. Since the License_Key is - # not valid, the Identity Api doesn't return an AgentID and the server from the Agent takes to long to respond - is_forward_only: true - config: - sink: - http: - timeout: 180s - -customAttributes: - new: relic - loren: ipsum - -# Disable KSM scraper as it is not enabled when testing this chart individually. -ksm: - enabled: false - -# K8s DaemonSets update strategy. -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - -enableProcessMetrics: "false" -serviceAccount: - create: true - -podAnnotations: - annotation1: "annotation" -podLabels: - label1: "label" - -securityContext: - runAsUser: 1000 - runAsGroup: 2000 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -privileged: true - -rbac: - create: true - pspEnabled: false - -prefixDisplayNameWithCluster: false -useNodeNameAsDisplayName: true -integrations_config: [] - -kubelet: - enabled: true - annotations: {} - tolerations: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" - extraEnv: - - name: ENV_VAR1 - value: "var1" - - name: ENV_VAR2 - value: "var2" - resources: - limits: - memory: 400M - requests: - cpu: 100m - memory: 180M - config: - scheme: "http" - -controlPlane: - enabled: true - config: - etcd: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=etcd" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:4001 - insecureSkipVerify: true - auth: - type: bearer - - url: http://localhost:2381 - scheduler: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-scheduler" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10259 - insecureSkipVerify: true - auth: - type: bearer - controllerManager: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-controller-manager" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: bearer - mtls: - secretName: secret-name - secretNamespace: default - apiServer: - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-apiserver" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:8443 - insecureSkipVerify: true - auth: - type: bearer - mtls: - secretName: secret-name4 - - url: http://localhost:8080 - -images: - integration: - tag: test - repository: e2e/nri-kubernetes diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/NOTES.txt b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/NOTES.txt deleted file mode 100644 index 16cc6ea13..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/NOTES.txt +++ /dev/null @@ -1,131 +0,0 @@ -{{- if not .Values.forceUnsupportedInterval }} -{{- $max := 40 }} -{{- $min := 10 }} -{{- if not (.Values.common.config.interval | hasSuffix "s") }} -{{ fail (printf "Interval must be between %ds and %ds" $min $max ) }} -{{- end }} -{{- if gt ( .Values.common.config.interval | trimSuffix "s" | int64 ) $max }} -{{ fail (printf "Intervals larger than %ds are not supported" $max) }} -{{- end }} -{{- if lt ( .Values.common.config.interval | trimSuffix "s" | int64 ) $min }} -{{ fail (printf "Intervals smaller than %ds are not supported" $min) }} -{{- end }} -{{- end }} - -{{- if or (not .Values.ksm.enabled) (not .Values.kubelet.enabled) }} -Warning: -======== - -You have specified ksm or kubelet integration components as not enabled. -Those components are needed to have the full experience on NROne kubernetes explorer. -{{- end }} - -{{- if and .Values.controlPlane.enabled (not (include "nriKubernetes.controlPlane.hostNetwork" .)) }} -Warning: -======== - -Most Control Plane components listen in the loopback address only, which is not reachable without `hostNetwork: true`. -Control plane autodiscovery might not work as expected. -You can enable hostNetwork for all pods by setting `global.hotNetwork`, `hostNetwork` or only for the control -plane pods by setting `controlPlane.hostNetwork: true`. Alternatively, you can disable control plane monitoring altogether with -`controlPlane.enabled: false`. -{{- end }} - -{{- if and (include "newrelic.fargate" .) .Values.kubelet.affinity }} -Warning: -======== - -You have specified both an EKS Fargate environment (global.fargate) and custom -nodeAffinity rules, so we couldn't automatically exclude the kubelet daemonSet from -Fargate nodes. In order for the integration to work, you MUST manually exclude -the daemonSet from Fargate nodes. - -Please make sure your `values.yaml' contains a .kubelet.affinity.nodeAffinity that achieve the same effect as: - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate -{{- end }} - -{{- if and .Values.nodeAffinity .Values.controlPlane.enabled }} -WARNING: `nodeAffinity` is deprecated -===================================== - -We have applied the old `nodeAffinity` to KSM and Kubelet components, but *NOT* to the control plane component as it -might conflict with the default nodeSelector. -This shimming will be removed in the future, please convert your `nodeAffinity` item into: -`ksm.affinity.nodeAffinity`, `controlPlane.affinity.nodeAffinity`, and `kubelet.affinity.nodeAffinity`. -{{- end }} - -{{- if and .Values.integrations_config }} -WARNING: `integrations_config` is deprecated -============================================ - -We have automatically translated `integrations_config` to the new format, but this shimming will be removed in the -future. Please migrate your configs to the new format in the `integrations` key. -{{- end }} - -{{- if or .Values.kubeStateMetricsScheme .Values.kubeStateMetricsPort .Values.kubeStateMetricsUrl .Values.kubeStateMetricsPodLabel .Values.kubeStateMetricsNamespace }} -WARNING: `kubeStateMetrics*` are deprecated -=========================================== - -We have automatically translated your `kubeStateMetrics*` values to the new format, but this shimming will be removed in -the future. Please migrate your configs to the new format in the `ksm.config` key. -{{- end }} - -{{- if .Values.runAsUser }} -WARNING: `runAsUser` is deprecated -================================== - -We have automatically translated your `runAsUser` setting to the new format, but this shimming will be removed in the -future. Please migrate your configs to the new format in the `securityContext` key. -{{- end }} - -{{- if .Values.config }} -WARNING: `config` is deprecated -=============================== - -We have automatically translated your `config` setting to the new format, but this shimming will be removed in the -future. Please migrate your agent config to the new format in the `common.agentConfig` key. -{{- end }} - - -{{ $errors:= "" }} - -{{- if .Values.logFile }} -{{ $errors = printf "%s\n\n%s" $errors (include "newrelic.compatibility.message.logFile" . ) }} -{{- end }} - -{{- if .Values.resources }} -{{ $errors = printf "%s\n\n%s" $errors (include "newrelic.compatibility.message.resources" . ) }} -{{- end }} - -{{- if .Values.image }} -{{ $errors = printf "%s\n\n%s" $errors (include "newrelic.compatibility.message.image" . ) }} -{{- end }} - -{{- if .Values.enableWindows }} -{{ $errors = printf "%s\n\n%s" $errors (include "newrelic.compatibility.message.windows" . ) }} -{{- end }} - -{{- if ( or .Values.controllerManagerEndpointUrl .Values.schedulerEndpointUrl .Values.etcdEndpointUrl .Values.apiServerEndpointUrl )}} -{{ $errors = printf "%s\n\n%s" $errors (include "newrelic.compatibility.message.apiURL" . ) }} -{{- end }} - -{{- if ( or .Values.etcdTlsSecretName .Values.etcdTlsSecretNamespace )}} -{{ $errors = printf "%s\n\n%s" $errors (include "newrelic.compatibility.message.etcdSecrets" . ) }} -{{- end }} - -{{- if .Values.apiServerSecurePort }} -{{ $errors = printf "%s\n\n%s" $errors (include "newrelic.compatibility.message.apiServerSecurePort" . ) }} -{{- end }} - -{{- if $errors | trim}} -{{- fail (printf "\n\n%s\n%s" (include "newrelic.compatibility.message.common" . ) $errors ) }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers.tpl deleted file mode 100644 index 033ef0bfc..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers.tpl +++ /dev/null @@ -1,118 +0,0 @@ -{{/* -Create a default fully qualified app name. - -This is a copy and paste from the common-library's name helper because the overriding system was broken. -As we have to change the logic to use "nrk8s" instead of `.Chart.Name` we need to maintain here a version -of the fullname helper - -By default the full name will be "" just in if it has "nrk8s" included in that, if not -it will be concatenated like "-nrk8s". This could change if fullnameOverride or -nameOverride are set. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "nriKubernetes.naming.fullname" -}} -{{- $name := .Values.nameOverride | default "nrk8s" -}} - -{{- if .Values.fullnameOverride -}} - {{- $name = .Values.fullnameOverride -}} -{{- else if not (contains $name .Release.Name) -}} - {{- $name = printf "%s-%s" .Release.Name $name -}} -{{- end -}} - -{{- include "newrelic.common.naming.truncateToDNS" $name -}} -{{- end -}} - - - -{{- /* Naming helpers*/ -}} -{{- define "nriKubernetes.naming.secrets" }} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "secrets") -}} -{{- end -}} - - - -{{- /* Return a YAML with the mode to be added to the labels */ -}} -{{- define "nriKubernetes._mode" -}} -{{- if include "newrelic.common.privileged" . -}} - mode: privileged -{{- else -}} - mode: unprivileged -{{- end -}} -{{- end -}} - - - -{{/* -Add `mode` label to the labels that come from the common library for all the objects -*/}} -{{- define "nriKubernetes.labels" -}} -{{- $labels := include "newrelic.common.labels" . | fromYaml -}} -{{- $mode := fromYaml ( include "nriKubernetes._mode" . ) -}} - -{{- mustMergeOverwrite $labels $mode | toYaml -}} -{{- end -}} - - - -{{/* -Add `mode` label to the labels that come from the common library for podLabels -*/}} -{{- define "nriKubernetes.labels.podLabels" -}} -{{- $labels := include "newrelic.common.labels.podLabels" . | fromYaml -}} -{{- $mode := fromYaml ( include "nriKubernetes._mode" . ) -}} - -{{- mustMergeOverwrite $labels $mode | toYaml -}} -{{- end -}} - - - -{{/* -Returns fargate -*/}} -{{- define "newrelic.fargate" -}} -{{- if .Values.fargate -}} - {{- .Values.fargate -}} -{{- else if .Values.global -}} - {{- if .Values.global.fargate -}} - {{- .Values.global.fargate -}} - {{- end -}} -{{- end -}} -{{- end -}} - - - -{{- define "newrelic.integrationConfigDefaults" -}} -{{- if include "newrelic.common.lowDataMode" . -}} -interval: 30s -{{- else -}} -interval: 15s -{{- end -}} -{{- end -}} - - - -{{- /* These are the defaults that are used for all the containers in this chart (except the kubelet's agent */ -}} -{{- define "nriKubernetes.securityContext.containerDefaults" -}} -runAsUser: 1000 -runAsGroup: 2000 -allowPrivilegeEscalation: false -readOnlyRootFilesystem: true -{{- end -}} - - - -{{- /* Allow to change pod defaults dynamically based if we are running in privileged mode or not */ -}} -{{- define "nriKubernetes.securityContext.container" -}} -{{- $defaults := fromYaml ( include "nriKubernetes.securityContext.containerDefaults" . ) -}} -{{- $compatibilityLayer := include "newrelic.compatibility.securityContext" . | fromYaml -}} -{{- $commonLibrary := include "newrelic.common.securityContext.container" . | fromYaml -}} - -{{- $finalSecurityContext := dict -}} -{{- if $commonLibrary -}} - {{- $finalSecurityContext = mustMergeOverwrite $commonLibrary $compatibilityLayer -}} -{{- else -}} - {{- $finalSecurityContext = mustMergeOverwrite $defaults $compatibilityLayer -}} -{{- end -}} - -{{- toYaml $finalSecurityContext -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers_compatibility.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers_compatibility.tpl deleted file mode 100644 index 07365e5a1..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/_helpers_compatibility.tpl +++ /dev/null @@ -1,202 +0,0 @@ -{{/* -Returns true if .Values.ksm.enabled is true and the legacy disableKubeStateMetrics is not set -*/}} -{{- define "newrelic.compatibility.ksm.enabled" -}} -{{- if and .Values.ksm.enabled (not .Values.disableKubeStateMetrics) -}} -true -{{- end -}} -{{- end -}} - -{{/* -Returns legacy ksm values -*/}} -{{- define "newrelic.compatibility.ksm.legacyData" -}} -enabled: true -{{- if .Values.kubeStateMetricsScheme }} -scheme: {{ .Values.kubeStateMetricsScheme }} -{{- end -}} -{{- if .Values.kubeStateMetricsPort }} -port: {{ .Values.kubeStateMetricsPort }} -{{- end -}} -{{- if .Values.kubeStateMetricsUrl }} -staticURL: {{ .Values.kubeStateMetricsUrl }} -{{- end -}} -{{- if .Values.kubeStateMetricsPodLabel }} -selector: {{ printf "%s=kube-state-metrics" .Values.kubeStateMetricsPodLabel }} -{{- end -}} -{{- if .Values.kubeStateMetricsNamespace }} -namespace: {{ .Values.kubeStateMetricsNamespace}} -{{- end -}} -{{- end -}} - -{{/* -Returns the new value if available, otherwise falling back on the legacy one -*/}} -{{- define "newrelic.compatibility.valueWithFallback" -}} -{{- if .supported }} -{{- toYaml .supported}} -{{- else if .legacy -}} -{{- toYaml .legacy}} -{{- end }} -{{- end -}} - -{{/* -Returns a dictionary with legacy runAsUser config -*/}} -{{- define "newrelic.compatibility.securityContext" -}} -{{- if .Values.runAsUser -}} -{{ dict "runAsUser" .Values.runAsUser | toYaml }} -{{- end -}} -{{- end -}} - -{{/* -Returns legacy annotations if available -*/}} -{{- define "newrelic.compatibility.annotations" -}} -{{- with .Values.daemonSet -}} -{{- with .annotations -}} -{{- toYaml . }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Returns agent configmap merged with legacy config and legacy eventQueueDepth config -*/}} -{{- define "newrelic.compatibility.agentConfig" -}} -{{- $oldConfig := deepCopy (.Values.config | default dict) -}} -{{- $newConfig := deepCopy .Values.common.agentConfig -}} -{{- $eventQueueDepth := dict -}} - -{{- if .Values.eventQueueDepth -}} -{{- $eventQueueDepth = dict "event_queue_depth" .Values.eventQueueDepth -}} -{{- end -}} - -{{- mustMergeOverwrite $oldConfig $newConfig $eventQueueDepth | toYaml -}} -{{- end -}} - -{{- /* -Return a valid podSpec.affinity object from the old `.Values.nodeAffinity`. -*/ -}} -{{- define "newrelic.compatibility.nodeAffinity" -}} -{{- if .Values.nodeAffinity -}} -nodeAffinity: - {{- toYaml .Values.nodeAffinity | nindent 2 }} -{{- end -}} -{{- end -}} - -{{/* -Returns legacy integrations_config configmap data -*/}} -{{- define "newrelic.compatibility.integrations" -}} -{{- if .Values.integrations_config -}} -{{- range .Values.integrations_config }} -{{ .name -}}: |- - {{- toYaml .data | nindent 2 }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "newrelic.compatibility.message.logFile" -}} -The 'logFile' option is no longer supported and has been replaced by: - - common.agentConfig.log_file. - ------- -{{- end -}} - -{{- define "newrelic.compatibility.message.resources" -}} -You have specified the legacy 'resources' option in your values, which is not fully compatible with the v3 version. -This version deploys three different components and therefore you'll need to specify resources for each of them. -Please use - - ksm.resources, - - controlPlane.resources, - - kubelet.resources. - ------- -{{- end -}} - -{{- define "newrelic.compatibility.message.apiServerSecurePort" -}} -You have specified the legacy 'apiServerSecurePort' option in your values, which is not fully compatible with the v3 -version. -Please configure the API Server port as a part of 'apiServer.autodiscover[].endpoints' - ------- -{{- end -}} - -{{- define "newrelic.compatibility.message.windows" -}} -nri-kubernetes v3 does not support deploying into windows Nodes. -Please use the latest 2.x version of the chart. - ------- -{{- end -}} - -{{- define "newrelic.compatibility.message.etcdSecrets" -}} -Values "etcdTlsSecretName" and "etcdTlsSecretNamespace" are no longer supported, please specify them as a part of the -'etcd' config in the values, for example: - - endpoints: - - url: https://localhost:9979 - insecureSkipVerify: true - auth: - type: mTLS - mtls: - secretName: {{ .Values.etcdTlsSecretName | default "etcdTlsSecretName"}} - secretNamespace: {{ .Values.etcdTlsSecretNamespace | default "etcdTlsSecretNamespace"}} - ------- -{{- end -}} - -{{- define "newrelic.compatibility.message.apiURL" -}} -Values "controllerManagerEndpointUrl", "etcdEndpointUrl", "apiServerEndpointUrl", "schedulerEndpointUrl" are no longer -supported, please specify them as a part of the 'controlplane' config in the values, for example - autodiscover: - - selector: "tier=control-plane,component=etcd" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:4001 - insecureSkipVerify: true - auth: - type: bearer - ------- -{{- end -}} - -{{- define "newrelic.compatibility.message.image" -}} -Configuring image repository an tag under 'image' is no longer supported. -The following values are no longer supported and are currently ignored: - - image.repository - - image.tag - - image.pullPolicy - - image.pullSecrets - -Notice that the 3.x version of the integration uses 3 different images. -Please set: - - images.forwarder.* to configure the infrastructure-agent forwarder. - - images.agent.* to configure the image bundling the infrastructure-agent and on-host integrations. - - images.integration.* to configure the image in charge of scraping k8s data. - ------- -{{- end -}} - -{{- define "newrelic.compatibility.message.customAttributes" -}} -We still support using custom attributes but we support it as a map and dropped it as a string. -customAttributes: {{ .Values.customAttributes | quote }} - -You should change your values to something like this: - -customAttributes: -{{- range $k, $v := fromJson .Values.customAttributes -}} - {{- $k | nindent 2 }}: {{ $v | quote }} -{{- end }} - -**NOTE**: If you read above errors like "invalid character ':' after top-level value" or "json: cannot unmarshal string into Go value of type map[string]interface {}" means that the string you have in your values is not a valid JSON, Helm is not able to parse it and we could not show you how you should change it. Sorry. -{{- end -}} - -{{- define "newrelic.compatibility.message.common" -}} -###### -The chart cannot be rendered since the values listed below are not supported. Please replace those with the new ones compatible with newrelic-infrastructure V3. - -Keep in mind that the flag "--reuse-values" is not supported when migrating from V2 to V3. -Further information can be found in the official docs https://docs.newrelic.com/docs/kubernetes-pixie/kubernetes-integration/get-started/changes-since-v3#migration-guide" -###### -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrole.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrole.yaml deleted file mode 100644 index 4913448e7..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "newrelic.common.naming.fullname" . }} -rules: - - apiGroups: [""] - resources: - - "nodes/metrics" - - "nodes/stats" - - "nodes/proxy" - verbs: ["get", "list"] - - apiGroups: [ "" ] - resources: - - "endpoints" - - "services" - - "nodes" - - "namespaces" - verbs: [ "get", "list", "watch" ] - - nonResourceURLs: ["/metrics"] - verbs: ["get"] - {{- if .Values.rbac.pspEnabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - resourceNames: - - privileged-{{ include "newrelic.common.naming.fullname" . }} - verbs: - - use - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrolebinding.yaml deleted file mode 100644 index fc5dfb8da..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "newrelic.common.naming.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "newrelic.common.naming.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_affinity_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_affinity_helper.tpl deleted file mode 100644 index 320d16dae..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_affinity_helper.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- /* -As this chart deploys what it should be three charts to maintain the transition to v3 as smooth as possible. -This means that this chart has 3 affinity so a helper should be done per scraper. -*/ -}} -{{- define "nriKubernetes.controlPlane.affinity" -}} -{{- if .Values.controlPlane.affinity -}} - {{- toYaml .Values.controlPlane.affinity -}} -{{- else if include "newrelic.common.affinity" . -}} - {{- include "newrelic.common.affinity" . -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_agent-config_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_agent-config_helper.tpl deleted file mode 100644 index e113def82..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_agent-config_helper.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{- /* -Defaults for controlPlane's agent config -*/ -}} -{{- define "nriKubernetes.controlPlane.agentConfig.defaults" -}} -is_forward_only: true -http_server_enabled: true -http_server_port: 8001 -{{- end -}} - - - -{{- define "nriKubernetes.controlPlane.agentConfig" -}} -{{- $agentDefaults := fromYaml ( include "newrelic.common.agentConfig.defaults" . ) -}} -{{- $controlPlane := fromYaml ( include "nriKubernetes.controlPlane.agentConfig.defaults" . ) -}} -{{- $agentConfig := fromYaml ( include "newrelic.compatibility.agentConfig" . ) -}} -{{- $cpAgentConfig := .Values.controlPlane.agentConfig -}} -{{- $customAttributes := dict "custom_attributes" (dict "clusterName" (include "newrelic.common.cluster" . )) -}} - -{{- mustMergeOverwrite $agentDefaults $controlPlane $agentConfig $cpAgentConfig $customAttributes | toYaml -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_host_network.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_host_network.tpl deleted file mode 100644 index 2f3bdf2d9..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_host_network.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* Returns whether the controlPlane scraper should run with hostNetwork: true based on the user configuration. */}} -{{- define "nriKubernetes.controlPlane.hostNetwork" -}} -{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}} -{{- if get .Values.controlPlane "hostNetwork" | kindIs "bool" -}} - {{- if .Values.controlPlane.hostNetwork -}} - {{- .Values.controlPlane.hostNetwork -}} - {{- end -}} -{{- else if include "newrelic.common.hostNetwork" . -}} - {{- include "newrelic.common.hostNetwork" . -}} -{{- end -}} -{{- end -}} - - - -{{/* Abstraction of "nriKubernetes.controlPlane.hostNetwork" that returns true of false directly */}} -{{- define "nriKubernetes.controlPlane.hostNetwork.value" -}} -{{- if include "nriKubernetes.controlPlane.hostNetwork" . -}} - true -{{- else -}} - false -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_naming.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_naming.tpl deleted file mode 100644 index 4b9ef22e3..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_naming.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{- /* Naming helpers*/ -}} -{{- define "nriKubernetes.controlplane.fullname" -}} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "controlplane") -}} -{{- end -}} - -{{- define "nriKubernetes.controlplane.fullname.agent" -}} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "agent-controlplane") -}} -{{- end -}} - -{{- define "nriKubernetes.controlplane.fullname.serviceAccount" -}} -{{- if include "newrelic.common.serviceAccount.create" . -}} - {{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "controlplane") -}} -{{- else -}} - {{- include "newrelic.common.serviceAccount.name" . -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_rbac.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_rbac.tpl deleted file mode 100644 index a279df6b4..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_rbac.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -Returns the list of namespaces where secrets need to be accessed by the controlPlane integration to do mTLS Auth -*/}} -{{- define "nriKubernetes.controlPlane.roleBindingNamespaces" -}} -{{ $namespaceList := list }} -{{- range $components := .Values.controlPlane.config }} - {{- if $components }} - {{- if kindIs "map" $components -}} - {{- if $components.staticEndpoint }} - {{- if $components.staticEndpoint.auth }} - {{- if $components.staticEndpoint.auth.mtls }} - {{- if $components.staticEndpoint.auth.mtls.secretNamespace }} - {{- $namespaceList = append $namespaceList $components.staticEndpoint.auth.mtls.secretNamespace -}} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if $components.autodiscover }} - {{- range $autodiscover := $components.autodiscover }} - {{- if $autodiscover }} - {{- if $autodiscover.endpoints }} - {{- range $endpoint := $autodiscover.endpoints }} - {{- if $endpoint.auth }} - {{- if $endpoint.auth.mtls }} - {{- if $endpoint.auth.mtls.secretNamespace }} - {{- $namespaceList = append $namespaceList $endpoint.auth.mtls.secretNamespace -}} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -roleBindingNamespaces: - {{- uniq $namespaceList | toYaml | nindent 2 }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_tolerations_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_tolerations_helper.tpl deleted file mode 100644 index 3c82e82f5..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/_tolerations_helper.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- /* -As this chart deploys what it should be three charts to maintain the transition to v3 as smooth as possible. -This means that this chart has 3 tolerations so a helper should be done per scraper. -*/ -}} -{{- define "nriKubernetes.controlPlane.tolerations" -}} -{{- if .Values.controlPlane.tolerations -}} - {{- toYaml .Values.controlPlane.tolerations -}} -{{- else if include "newrelic.common.tolerations" . -}} - {{- include "newrelic.common.tolerations" . -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/agent-configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/agent-configmap.yaml deleted file mode 100644 index 77f2e11dd..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/agent-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.controlPlane.enabled -}} -{{- if .Values.customAttributes | kindIs "string" }} -{{- fail ( include "newrelic.compatibility.message.customAttributes" . ) -}} -{{- else -}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.controlplane.fullname.agent" . }} -data: - newrelic-infra.yml: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - {{- include "nriKubernetes.controlPlane.agentConfig" . | nindent 4 }} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrole.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrole.yaml deleted file mode 100644 index 57633e7f7..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrole.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and (.Values.controlPlane.enabled) (.Values.rbac.create) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.controlplane.fullname" . }} -rules: - - apiGroups: [""] - resources: - - "nodes/metrics" - - "nodes/stats" - - "nodes/proxy" - verbs: ["get", "list"] - - apiGroups: [ "" ] - resources: - - "pods" - - "nodes" - verbs: [ "get", "list", "watch" ] - - nonResourceURLs: ["/metrics"] - verbs: ["get", "head"] - {{- if .Values.rbac.pspEnabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - resourceNames: - - privileged-{{ include "newrelic.common.naming.fullname" . }} - verbs: - - use - {{- end -}} -{{- $namespaces := include "nriKubernetes.controlPlane.roleBindingNamespaces" . | fromYaml -}} -{{- if $namespaces.roleBindingNamespaces}} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.naming.secrets" . }} -rules: - - apiGroups: [""] - resources: - - "secrets" - verbs: ["get", "list", "watch"] -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrolebinding.yaml deleted file mode 100644 index 4e3530094..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and (.Values.controlPlane.enabled) (.Values.rbac.create) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.controlplane.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "nriKubernetes.controlplane.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "nriKubernetes.controlplane.fullname.serviceAccount" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/daemonset.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/daemonset.yaml deleted file mode 100644 index f7c2464ab..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/daemonset.yaml +++ /dev/null @@ -1,204 +0,0 @@ -{{- if and (.Values.controlPlane.enabled) (not (include "newrelic.fargate" .)) }} -apiVersion: apps/v1 -kind: {{ .Values.controlPlane.kind }} -metadata: - namespace: {{ .Release.Namespace }} - labels: - {{- include "nriKubernetes.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.controlplane.fullname" . }} - {{- $legacyAnnotation:= fromYaml (include "newrelic.compatibility.annotations" .) -}} - {{- with include "newrelic.compatibility.valueWithFallback" (dict "legacy" $legacyAnnotation "supported" .Values.controlPlane.annotations )}} - annotations: {{ . | nindent 4 }} - {{- end }} -spec: - {{- if eq .Values.controlPlane.kind "DaemonSet"}} - {{- with .Values.updateStrategy }} - updateStrategy: {{ toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if eq .Values.controlPlane.kind "Deployment"}} - {{- with .Values.strategy }} - strategy: {{ toYaml . | nindent 4 }} - {{- end }} - {{- end }} - selector: - matchLabels: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: controlplane - template: - metadata: - annotations: - checksum/nri-kubernetes: {{ include (print $.Template.BasePath "/controlplane/scraper-configmap.yaml") . | sha256sum }} - checksum/agent-config: {{ include (print $.Template.BasePath "/controlplane/agent-configmap.yaml") . | sha256sum }} - {{- if include "newrelic.common.license.secret" . }}{{- /* If the is secret to template */}} - checksum/license-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nriKubernetes.labels.podLabels" . | nindent 8 }} - app.kubernetes.io/component: controlplane - spec: - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.images.pullSecrets) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.dnsConfig" . }} - dnsConfig: - {{- . | nindent 8 }} - {{- end }} - hostNetwork: {{ include "nriKubernetes.controlPlane.hostNetwork.value" . }} - {{- if include "nriKubernetes.controlPlane.hostNetwork" . }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - {{- with include "newrelic.common.priorityClassName" . }} - priorityClassName: {{ . }} - {{- end }} - {{- with include "newrelic.common.securityContext.pod" . }} - securityContext: - {{- . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "nriKubernetes.controlplane.fullname.serviceAccount" . }} - - {{- if .Values.controlPlane.initContainers }} - initContainers: {{- tpl (.Values.controlPlane.initContainers | toYaml) . | nindent 8 }} - {{- end }} - containers: - - name: controlplane - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.integration "context" .) }} - imagePullPolicy: {{ .Values.images.integration.pullPolicy }} - {{- with include "nriKubernetes.securityContext.container" . | fromYaml }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: "NRI_KUBERNETES_SINK_HTTP_PORT" - value: {{ get (fromYaml (include "nriKubernetes.controlPlane.agentConfig" .)) "http_server_port" | quote }} - - name: "NRI_KUBERNETES_CLUSTERNAME" - value: {{ include "newrelic.common.cluster" . }} - - name: "NRI_KUBERNETES_VERBOSE" - value: {{ include "newrelic.common.verboseLog.valueAsBoolean" . | quote }} - - - name: "NRI_KUBERNETES_NODENAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - - name: "NRI_KUBERNETES_NODEIP" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "status.hostIP" - - {{- with .Values.controlPlane.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.controlPlane.extraEnvFrom }} - envFrom: {{ toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: nri-kubernetes-config - mountPath: /etc/newrelic-infra/nri-kubernetes.yml - subPath: nri-kubernetes.yml - {{- with .Values.controlPlane.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.controlPlane.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - - name: forwarder - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.forwarder "context" .) }} - imagePullPolicy: {{ .Values.images.forwarder.pullPolicy }} - {{- with include "nriKubernetes.securityContext.container" . | fromYaml }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ get (fromYaml (include "nriKubernetes.controlPlane.agentConfig" .)) "http_server_port" }} - env: - - name: "NRIA_LICENSE_KEY" - valueFrom: - secretKeyRef: - name: {{ include "newrelic.common.license.secretName" . }} - key: {{ include "newrelic.common.license.secretKeyName" . }} - - - name: "NRIA_DNS_HOSTNAME_RESOLUTION" - value: "false" - - - name: "K8S_NODE_NAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - - {{- if .Values.useNodeNameAsDisplayName }} - - name: "NRIA_DISPLAY_NAME" - {{- if .Values.prefixDisplayNameWithCluster }} - value: "{{ include "newrelic.common.cluster" . }}:$(K8S_NODE_NAME)" - {{- else }} - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - {{- end }} - {{- end }} - - {{- with .Values.controlPlane.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.controlPlane.extraEnvFrom }} - envFrom: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /var/db/newrelic-infra/data - name: forwarder-tmpfs-data - - mountPath: /var/db/newrelic-infra/user_data - name: forwarder-tmpfs-user-data - - mountPath: /tmp - name: forwarder-tmpfs-tmp - - name: config - mountPath: /etc/newrelic-infra.yml - subPath: newrelic-infra.yml - {{- with .Values.controlPlane.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.controlPlane.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: nri-kubernetes-config - configMap: - name: {{ include "nriKubernetes.controlplane.fullname" . }} - items: - - key: nri-kubernetes.yml - path: nri-kubernetes.yml - - name: forwarder-tmpfs-data - emptyDir: {} - - name: forwarder-tmpfs-user-data - emptyDir: {} - - name: forwarder-tmpfs-tmp - emptyDir: {} - - name: config - configMap: - name: {{ include "nriKubernetes.controlplane.fullname.agent" . }} - items: - - key: newrelic-infra.yml - path: newrelic-infra.yml - {{- with .Values.controlPlane.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with include "nriKubernetes.controlPlane.affinity" . }} - affinity: - {{- . | nindent 8 }} - {{- end }} - {{- with include "nriKubernetes.controlPlane.tolerations" . }} - tolerations: - {{- . | nindent 8 }} - {{- end }} - {{- with .Values.controlPlane.nodeSelector | default (fromYaml (include "newrelic.common.nodeSelector" .)) }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end -}} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/rolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/rolebinding.yaml deleted file mode 100644 index d97fc181a..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -{{- $namespaces := (include "nriKubernetes.controlPlane.roleBindingNamespaces" . | fromYaml) -}} -{{- range $namespaces.roleBindingNamespaces }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "newrelic.common.labels" $ | nindent 4 }} - name: {{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" $) "suffix" .) }} - namespace: {{ . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "nriKubernetes.naming.secrets" $ }} -subjects: -- kind: ServiceAccount - name: {{ include "nriKubernetes.controlplane.fullname.serviceAccount" $ }} - namespace: {{ $.Release.Namespace }} -{{- end -}} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/scraper-configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/scraper-configmap.yaml deleted file mode 100644 index 454665ded..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/scraper-configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.controlPlane.enabled -}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.controlplane.fullname" . }} - namespace: {{ .Release.Namespace }} -data: - nri-kubernetes.yml: |- - {{- (merge .Values.common.config (include "newrelic.integrationConfigDefaults" . | fromYaml)) | toYaml | nindent 4 }} - controlPlane: - {{- omit .Values.controlPlane.config "etcd" "scheduler" "controllerManager" "apiServer" | toYaml | nindent 6 }} - enabled: true - - {{- if .Values.controlPlane.config.etcd.enabled }} - etcd: - {{- toYaml .Values.controlPlane.config.etcd | nindent 8 -}} - {{- end -}} - - {{- if .Values.controlPlane.config.scheduler.enabled }} - scheduler: - {{- toYaml .Values.controlPlane.config.scheduler | nindent 8 -}} - {{- end -}} - - {{- if .Values.controlPlane.config.controllerManager.enabled }} - controllerManager: - {{- toYaml .Values.controlPlane.config.controllerManager | nindent 8 -}} - {{- end -}} - - {{- if .Values.controlPlane.config.apiServer.enabled }} - apiServer: - {{- toYaml .Values.controlPlane.config.apiServer | nindent 8 -}} - {{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/serviceaccount.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/serviceaccount.yaml deleted file mode 100644 index 502e1c986..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/controlplane/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if include "newrelic.common.serviceAccount.create" . -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- with (include "newrelic.common.serviceAccount.annotations" .) }} - annotations: - {{- . | nindent 4 }} - {{- end }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.controlplane.fullname.serviceAccount" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_affinity_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_affinity_helper.tpl deleted file mode 100644 index ce795708d..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_affinity_helper.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{- /* -As this chart deploys what it should be three charts to maintain the transition to v3 as smooth as possible. -This means that this chart has 3 affinity so a helper should be done per scraper. -*/ -}} -{{- define "nriKubernetes.ksm.affinity" -}} -{{- if or .Values.ksm.affinity .Values.nodeAffinity -}} - {{- $legacyNodeAffinity := fromYaml ( include "newrelic.compatibility.nodeAffinity" . ) | default dict -}} - {{- $valuesAffinity := .Values.ksm.affinity | default dict -}} - {{- $affinity := mustMergeOverwrite $legacyNodeAffinity $valuesAffinity -}} - {{- toYaml $affinity -}} -{{- else if include "newrelic.common.affinity" . -}} - {{- include "newrelic.common.affinity" . -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_agent-config_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_agent-config_helper.tpl deleted file mode 100644 index e7b55644c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_agent-config_helper.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{- /* -Defaults for ksm's agent config -*/ -}} -{{- define "nriKubernetes.ksm.agentConfig.defaults" -}} -is_forward_only: true -http_server_enabled: true -http_server_port: 8002 -{{- end -}} - - - -{{- define "nriKubernetes.ksm.agentConfig" -}} -{{- $agentDefaults := fromYaml ( include "newrelic.common.agentConfig.defaults" . ) -}} -{{- $ksm := fromYaml ( include "nriKubernetes.ksm.agentConfig.defaults" . ) -}} -{{- $agentConfig := fromYaml ( include "newrelic.compatibility.agentConfig" . ) -}} -{{- $ksmAgentConfig := .Values.ksm.agentConfig -}} -{{- $customAttributes := dict "custom_attributes" (dict "clusterName" (include "newrelic.common.cluster" . )) -}} - -{{- mustMergeOverwrite $agentDefaults $ksm $agentConfig $ksmAgentConfig $customAttributes | toYaml -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_host_network.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_host_network.tpl deleted file mode 100644 index 59a6db7be..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_host_network.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* Returns whether the ksm scraper should run with hostNetwork: true based on the user configuration. */}} -{{- define "nriKubernetes.ksm.hostNetwork" -}} -{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}} -{{- if get .Values.ksm "hostNetwork" | kindIs "bool" -}} - {{- if .Values.ksm.hostNetwork -}} - {{- .Values.ksm.hostNetwork -}} - {{- end -}} -{{- else if include "newrelic.common.hostNetwork" . -}} - {{- include "newrelic.common.hostNetwork" . -}} -{{- end -}} -{{- end -}} - - - -{{/* Abstraction of "nriKubernetes.ksm.hostNetwork" that returns true of false directly */}} -{{- define "nriKubernetes.ksm.hostNetwork.value" -}} -{{- if include "nriKubernetes.ksm.hostNetwork" . -}} - true -{{- else -}} - false -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_naming.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_naming.tpl deleted file mode 100644 index d8c283c43..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_naming.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- /* Naming helpers*/ -}} -{{- define "nriKubernetes.ksm.fullname" -}} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "ksm") -}} -{{- end -}} - -{{- define "nriKubernetes.ksm.fullname.agent" -}} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "agent-ksm") -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_tolerations_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_tolerations_helper.tpl deleted file mode 100644 index e1a9fd80c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/_tolerations_helper.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- /* -As this chart deploys what it should be three charts to maintain the transition to v3 as smooth as possible. -This means that this chart has 3 tolerations so a helper should be done per scraper. -*/ -}} -{{- define "nriKubernetes.ksm.tolerations" -}} -{{- if .Values.ksm.tolerations -}} - {{- toYaml .Values.ksm.tolerations -}} -{{- else if include "newrelic.common.tolerations" . -}} - {{- include "newrelic.common.tolerations" . -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/agent-configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/agent-configmap.yaml deleted file mode 100644 index 6a438e9a3..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/agent-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.ksm.enabled -}} -{{- if .Values.customAttributes | kindIs "string" }} -{{- fail ( include "newrelic.compatibility.message.customAttributes" . ) -}} -{{- else -}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.ksm.fullname.agent" . }} -data: - newrelic-infra.yml: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - {{- include "nriKubernetes.ksm.agentConfig" . | nindent 4 }} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/deployment.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/deployment.yaml deleted file mode 100644 index c036ba653..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/deployment.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- if include "newrelic.compatibility.ksm.enabled" . -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: {{ .Release.Namespace }} - labels: - {{- include "nriKubernetes.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.ksm.fullname" . }} - {{- $legacyAnnotation:= fromYaml (include "newrelic.compatibility.annotations" .) -}} - {{- with include "newrelic.compatibility.valueWithFallback" (dict "legacy" $legacyAnnotation "supported" .Values.ksm.annotations )}} - annotations: {{ . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.strategy }} - strategy: {{ toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: ksm - template: - metadata: - annotations: - checksum/nri-kubernetes: {{ include (print $.Template.BasePath "/ksm/scraper-configmap.yaml") . | sha256sum }} - checksum/agent-config: {{ include (print $.Template.BasePath "/ksm/agent-configmap.yaml") . | sha256sum }} - {{- if include "newrelic.common.license.secret" . }}{{- /* If the is secret to template */}} - checksum/license-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nriKubernetes.labels.podLabels" . | nindent 8 }} - app.kubernetes.io/component: ksm - spec: - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.images.pullSecrets) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.dnsConfig" . }} - dnsConfig: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.priorityClassName" . }} - priorityClassName: {{ . }} - {{- end }} - {{- with include "newrelic.common.securityContext.pod" . }} - securityContext: - {{- . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }} - hostNetwork: {{ include "nriKubernetes.ksm.hostNetwork.value" . }} - {{- if include "nriKubernetes.ksm.hostNetwork" . }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - - {{- if .Values.ksm.initContainers }} - initContainers: {{- tpl (.Values.ksm.initContainers | toYaml) . | nindent 8 }} - {{- end }} - containers: - - name: ksm - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.integration "context" .) }} - imagePullPolicy: {{ .Values.images.integration.pullPolicy }} - {{- with include "nriKubernetes.securityContext.container" . | fromYaml }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: "NRI_KUBERNETES_SINK_HTTP_PORT" - value: {{ get (fromYaml (include "nriKubernetes.ksm.agentConfig" .)) "http_server_port" | quote }} - - name: "NRI_KUBERNETES_CLUSTERNAME" - value: {{ include "newrelic.common.cluster" . }} - - name: "NRI_KUBERNETES_VERBOSE" - value: {{ include "newrelic.common.verboseLog.valueAsBoolean" . | quote }} - - - name: "NRI_KUBERNETES_NODENAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - - {{- with .Values.ksm.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.ksm.extraEnvFrom }} - envFrom: {{ toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: nri-kubernetes-config - mountPath: /etc/newrelic-infra/nri-kubernetes.yml - subPath: nri-kubernetes.yml - {{- with .Values.ksm.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.ksm.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - - name: forwarder - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.forwarder "context" .) }} - imagePullPolicy: {{ .Values.images.forwarder.pullPolicy }} - {{- with include "nriKubernetes.securityContext.container" . | fromYaml }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ get (fromYaml (include "nriKubernetes.ksm.agentConfig" .)) "http_server_port" }} - env: - - name: NRIA_LICENSE_KEY - valueFrom: - secretKeyRef: - name: {{ include "newrelic.common.license.secretName" . }} - key: {{ include "newrelic.common.license.secretKeyName" . }} - - - name: "NRIA_DNS_HOSTNAME_RESOLUTION" - value: "false" - - - name: "K8S_NODE_NAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - - {{- if .Values.useNodeNameAsDisplayName }} - - name: "NRIA_DISPLAY_NAME" - {{- if .Values.prefixDisplayNameWithCluster }} - value: "{{ include "newrelic.common.cluster" . }}:$(K8S_NODE_NAME)" - {{- else }} - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - {{- end }} - {{- end }} - - {{- with .Values.ksm.env }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.ksm.extraEnvFrom }} - envFrom: {{ toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /var/db/newrelic-infra/data - name: forwarder-tmpfs-data - - mountPath: /var/db/newrelic-infra/user_data - name: forwarder-tmpfs-user-data - - mountPath: /tmp - name: forwarder-tmpfs-tmp - - name: config - mountPath: /etc/newrelic-infra.yml - subPath: newrelic-infra.yml - {{- with .Values.ksm.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.ksm.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: nri-kubernetes-config - configMap: - name: {{ include "nriKubernetes.ksm.fullname" . }} - items: - - key: nri-kubernetes.yml - path: nri-kubernetes.yml - - name: forwarder-tmpfs-data - emptyDir: {} - - name: forwarder-tmpfs-user-data - emptyDir: {} - - name: forwarder-tmpfs-tmp - emptyDir: {} - - name: config - configMap: - name: {{ include "nriKubernetes.ksm.fullname.agent" . }} - items: - - key: newrelic-infra.yml - path: newrelic-infra.yml - {{- with .Values.ksm.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with include "nriKubernetes.ksm.affinity" . }} - affinity: - {{- . | nindent 8 }} - {{- end }} - {{- with include "nriKubernetes.ksm.tolerations" . }} - tolerations: - {{- . | nindent 8 }} - {{- end }} - {{- with .Values.ksm.nodeSelector | default (fromYaml (include "newrelic.common.nodeSelector" .)) }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end -}} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/scraper-configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/scraper-configmap.yaml deleted file mode 100644 index 3314df9c7..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/ksm/scraper-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if include "newrelic.compatibility.ksm.enabled" . -}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.ksm.fullname" . }} - namespace: {{ .Release.Namespace }} -data: - nri-kubernetes.yml: |- - {{- (merge .Values.common.config (include "newrelic.integrationConfigDefaults" . | fromYaml)) | toYaml | nindent 4 }} - ksm: - {{- mustMergeOverwrite .Values.ksm.config (include "newrelic.compatibility.ksm.legacyData" . | fromYaml) | toYaml | nindent 6 -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_affinity_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_affinity_helper.tpl deleted file mode 100644 index a3abf0855..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_affinity_helper.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{- /* -Patch to add affinity in case we are running in fargate mode -*/ -}} -{{- define "nriKubernetes.kubelet.affinity.fargateDefaults" -}} -nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate -{{- end -}} - - - -{{- /* -As this chart deploys what it should be three charts to maintain the transition to v3 as smooth as possible. -This means that this chart has 3 affinity so a helper should be done per scraper. -*/ -}} -{{- define "nriKubernetes.kubelet.affinity" -}} - -{{- if or .Values.kubelet.affinity .Values.nodeAffinity -}} - {{- $legacyNodeAffinity := fromYaml ( include "newrelic.compatibility.nodeAffinity" . ) | default dict -}} - {{- $valuesAffinity := .Values.kubelet.affinity | default dict -}} - {{- $affinity := mustMergeOverwrite $legacyNodeAffinity $valuesAffinity -}} - {{- toYaml $affinity -}} -{{- else if include "newrelic.common.affinity" . -}} - {{- include "newrelic.common.affinity" . -}} -{{- else if include "newrelic.fargate" . -}} - {{- include "nriKubernetes.kubelet.affinity.fargateDefaults" . -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_agent-config_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_agent-config_helper.tpl deleted file mode 100644 index ea6ffc25f..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_agent-config_helper.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{{- /* -Defaults for kubelet's agent config -*/ -}} -{{- define "nriKubernetes.kubelet.agentConfig.defaults" -}} -http_server_enabled: true -http_server_port: 8003 -features: - docker_enabled: false -{{- if not ( include "newrelic.common.privileged" . ) }} -is_secure_forward_only: true -{{- end }} -{{- /* -`enableProcessMetrics` is commented in the values and we want to configure it when it is set to something -either `true` or `false`. So we test if the variable is a boolean and in that case simply use it. -*/}} -{{- if (get .Values "enableProcessMetrics" | kindIs "bool") }} -enable_process_metrics: {{ .Values.enableProcessMetrics }} -{{- end }} -{{- end -}} - - - -{{- define "nriKubernetes.kubelet.agentConfig" -}} -{{- $agentDefaults := fromYaml ( include "newrelic.common.agentConfig.defaults" . ) -}} -{{- $kubelet := fromYaml ( include "nriKubernetes.kubelet.agentConfig.defaults" . ) -}} -{{- $agentConfig := fromYaml ( include "newrelic.compatibility.agentConfig" . ) -}} -{{- $kubeletAgentConfig := .Values.kubelet.agentConfig -}} -{{- $customAttributes := dict "custom_attributes" (dict "clusterName" (include "newrelic.common.cluster" . )) -}} - -{{- mustMergeOverwrite $agentDefaults $kubelet $agentConfig $kubeletAgentConfig $customAttributes | toYaml -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_host_network.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_host_network.tpl deleted file mode 100644 index 7944f98a7..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_host_network.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* Returns whether the kubelet scraper should run with hostNetwork: true based on the user configuration. */}} -{{- define "nriKubernetes.kubelet.hostNetwork" -}} -{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}} -{{- if get .Values.kubelet "hostNetwork" | kindIs "bool" -}} - {{- if .Values.kubelet.hostNetwork -}} - {{- .Values.kubelet.hostNetwork -}} - {{- end -}} -{{- else if include "newrelic.common.hostNetwork" . -}} - {{- include "newrelic.common.hostNetwork" . -}} -{{- end -}} -{{- end -}} - - - -{{/* Abstraction of "nriKubernetes.kubelet.hostNetwork" that returns true of false directly */}} -{{- define "nriKubernetes.kubelet.hostNetwork.value" -}} -{{- if include "nriKubernetes.kubelet.hostNetwork" . -}} - true -{{- else -}} - false -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_naming.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_naming.tpl deleted file mode 100644 index 71c142156..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_naming.tpl +++ /dev/null @@ -1,12 +0,0 @@ -{{- /* Naming helpers*/ -}} -{{- define "nriKubernetes.kubelet.fullname" -}} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "kubelet") -}} -{{- end -}} - -{{- define "nriKubernetes.kubelet.fullname.agent" -}} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "agent-kubelet") -}} -{{- end -}} - -{{- define "nriKubernetes.kubelet.fullname.integrations" -}} -{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "nriKubernetes.naming.fullname" .) "suffix" "integrations-cfg") -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_security_context_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_security_context_helper.tpl deleted file mode 100644 index 4e334466c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_security_context_helper.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{- /*This defines the defaults that the privileged mode has for the agent's securityContext */ -}} -{{- define "nriKubernetes.kubelet.securityContext.privileged" -}} -runAsUser: 0 -runAsGroup: 0 -allowPrivilegeEscalation: true -privileged: true -readOnlyRootFilesystem: true -{{- end -}} - - - -{{- /* This is the container security context for the agent */ -}} -{{- define "nriKubernetes.kubelet.securityContext.agentContainer" -}} -{{- $defaults := dict -}} -{{- if include "newrelic.common.privileged" . -}} -{{- $defaults = fromYaml ( include "nriKubernetes.kubelet.securityContext.privileged" . ) -}} -{{- else -}} -{{- $defaults = fromYaml ( include "nriKubernetes.securityContext.containerDefaults" . ) -}} -{{- end -}} - -{{- $compatibilityLayer := include "newrelic.compatibility.securityContext" . | fromYaml -}} -{{- $commonLibrary := include "newrelic.common.securityContext.container" . | fromYaml -}} - -{{- $finalSecurityContext := dict -}} -{{- if $commonLibrary -}} - {{- $finalSecurityContext = mustMergeOverwrite $commonLibrary $compatibilityLayer -}} -{{- else -}} - {{- $finalSecurityContext = mustMergeOverwrite $defaults $compatibilityLayer -}} -{{- end -}} - -{{- toYaml $finalSecurityContext -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_tolerations_helper.tpl b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_tolerations_helper.tpl deleted file mode 100644 index e46d83d69..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/_tolerations_helper.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- /* -As this chart deploys what it should be three charts to maintain the transition to v3 as smooth as possible. -This means that this chart has 3 tolerations so a helper should be done per scraper. -*/ -}} -{{- define "nriKubernetes.kubelet.tolerations" -}} -{{- if .Values.kubelet.tolerations -}} - {{- toYaml .Values.kubelet.tolerations -}} -{{- else if include "newrelic.common.tolerations" . -}} - {{- include "newrelic.common.tolerations" . -}} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/agent-configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/agent-configmap.yaml deleted file mode 100644 index 0f71f129a..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/agent-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.kubelet.enabled -}} -{{- if .Values.customAttributes | kindIs "string" }} -{{- fail ( include "newrelic.compatibility.message.customAttributes" . ) -}} -{{- else -}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.kubelet.fullname.agent" . }} -data: - newrelic-infra.yml: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - {{- include "nriKubernetes.kubelet.agentConfig" . | nindent 4 }} -{{- end -}} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml deleted file mode 100644 index a725a3a13..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml +++ /dev/null @@ -1,258 +0,0 @@ -{{- if (.Values.kubelet.enabled) }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - namespace: {{ .Release.Namespace }} - labels: - {{- include "nriKubernetes.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.kubelet.fullname" . }} - {{- $legacyAnnotation:= fromYaml (include "newrelic.compatibility.annotations" .) -}} - {{- with include "newrelic.compatibility.valueWithFallback" (dict "legacy" $legacyAnnotation "supported" .Values.kubelet.annotations )}} - annotations: {{ . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: {{ toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: kubelet - template: - metadata: - annotations: - checksum/nri-kubernetes: {{ include (print $.Template.BasePath "/kubelet/scraper-configmap.yaml") . | sha256sum }} - checksum/agent-config: {{ include (print $.Template.BasePath "/kubelet/agent-configmap.yaml") . | sha256sum }} - {{- if include "newrelic.common.license.secret" . }}{{- /* If the is secret to template */}} - checksum/license-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - checksum/integrations_config: {{ include (print $.Template.BasePath "/kubelet/integrations-configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nriKubernetes.labels.podLabels" . | nindent 8 }} - app.kubernetes.io/component: kubelet - spec: - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.images.pullSecrets) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.dnsConfig" . }} - dnsConfig: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.priorityClassName" . }} - priorityClassName: {{ . }} - {{- end }} - {{- with include "newrelic.common.securityContext.pod" . }} - securityContext: - {{- . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }} - hostNetwork: {{ include "nriKubernetes.kubelet.hostNetwork.value" . }} - {{- if include "nriKubernetes.kubelet.hostNetwork" . }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - - {{- if .Values.kubelet.initContainers }} - initContainers: {{- tpl (.Values.kubelet.initContainers | toYaml) . | nindent 8 }} - {{- end }} - containers: - - name: kubelet - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.integration "context" .) }} - imagePullPolicy: {{ .Values.images.integration.pullPolicy }} - {{- with include "nriKubernetes.securityContext.container" . | fromYaml }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: "NRI_KUBERNETES_SINK_HTTP_PORT" - value: {{ get (fromYaml (include "nriKubernetes.kubelet.agentConfig" .)) "http_server_port" | quote }} - - name: "NRI_KUBERNETES_CLUSTERNAME" - value: {{ include "newrelic.common.cluster" . }} - - name: "NRI_KUBERNETES_VERBOSE" - value: {{ include "newrelic.common.verboseLog.valueAsBoolean" . | quote }} - - - name: "NRI_KUBERNETES_NODENAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - # Required to connect to the kubelet - - name: "NRI_KUBERNETES_NODEIP" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "status.hostIP" - - {{- with .Values.kubelet.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.kubelet.extraEnvFrom }} - envFrom: {{ toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: nri-kubernetes-config - mountPath: /etc/newrelic-infra/nri-kubernetes.yml - subPath: nri-kubernetes.yml - {{- with .Values.kubelet.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.kubelet.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - - name: agent - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.images.agent "context" .) }} - args: [ "newrelic-infra" ] - imagePullPolicy: {{ .Values.images.agent.pullPolicy }} - {{- with include "nriKubernetes.kubelet.securityContext.agentContainer" . | fromYaml }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ get (fromYaml (include "nriKubernetes.kubelet.agentConfig" .)) "http_server_port" }} - env: - - name: NRIA_LICENSE_KEY - valueFrom: - secretKeyRef: - name: {{ include "newrelic.common.license.secretName" . }} - key: {{ include "newrelic.common.license.secretKeyName" . }} - - - name: "NRIA_OVERRIDE_HOSTNAME_SHORT" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - - - name: "NRIA_OVERRIDE_HOSTNAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - - {{- if not (include "newrelic.common.privileged" .) }} - # Override NRIA_OVERRIDE_HOST_ROOT to empty if unprivileged. This must be done as an env var as the - # `k8s-events-forwarder` and `infrastructure-bundle` images ship this very same env var set to /host. - - name: "NRIA_OVERRIDE_HOST_ROOT" - value: "" - {{- end }} - - - name: "NRI_KUBERNETES_NODE_NAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - - {{- if .Values.useNodeNameAsDisplayName }} - - name: "NRIA_DISPLAY_NAME" - {{- if .Values.prefixDisplayNameWithCluster }} - value: "{{ include "newrelic.common.cluster" . }}:$(NRI_KUBERNETES_NODE_NAME)" - {{- else }} - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - {{- end }} - {{- end }} - - {{- /* Needed to populate clustername in integration metrics */}} - - name: "CLUSTER_NAME" - value: {{ include "newrelic.common.cluster" . }} - - name: "NRIA_PASSTHROUGH_ENVIRONMENT" - value: "CLUSTER_NAME" - - {{- /* Needed for autodiscovery since hostNetwork=false */}} - - name: "NRIA_HOST" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "status.hostIP" - - {{- with .Values.kubelet.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.kubelet.extraEnvFrom }} - envFrom: {{ toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: config - mountPath: /etc/newrelic-infra.yml - subPath: newrelic-infra.yml - - name: nri-integrations-cfg-volume - mountPath: /etc/newrelic-infra/integrations.d/ - {{- if include "newrelic.common.privileged" . }} - - name: dev - mountPath: /dev - - name: host-docker-socket - mountPath: /var/run/docker.sock - - name: log - mountPath: /var/log - - name: host-volume - mountPath: /host - readOnly: true - {{- end }} - - mountPath: /var/db/newrelic-infra/data - name: agent-tmpfs-data - - mountPath: /var/db/newrelic-infra/user_data - name: agent-tmpfs-user-data - - mountPath: /tmp - name: agent-tmpfs-tmp - {{- with .Values.kubelet.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.kubelet.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - volumes: - {{- if include "newrelic.common.privileged" . }} - - name: dev - hostPath: - path: /dev - - name: host-docker-socket - hostPath: - path: /var/run/docker.sock - - name: log - hostPath: - path: /var/log - - name: host-volume - hostPath: - path: / - {{- end }} - - name: agent-tmpfs-data - emptyDir: {} - - name: agent-tmpfs-user-data - emptyDir: {} - - name: agent-tmpfs-tmp - emptyDir: {} - - name: nri-kubernetes-config - configMap: - name: {{ include "nriKubernetes.kubelet.fullname" . }} - items: - - key: nri-kubernetes.yml - path: nri-kubernetes.yml - - name: config - configMap: - name: {{ include "nriKubernetes.kubelet.fullname.agent" . }} - items: - - key: newrelic-infra.yml - path: newrelic-infra.yml - - name: nri-integrations-cfg-volume - configMap: - name: {{ include "nriKubernetes.kubelet.fullname.integrations" . }} - {{- with .Values.kubelet.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with include "nriKubernetes.kubelet.affinity" . }} - affinity: - {{- . | nindent 8 }} - {{- end }} - {{- with include "nriKubernetes.kubelet.tolerations" . }} - tolerations: - {{- . | nindent 8 }} - {{- end }} - {{- with .Values.kubelet.nodeSelector | default (fromYaml (include "newrelic.common.nodeSelector" .)) }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end -}} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/integrations-configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/integrations-configmap.yaml deleted file mode 100644 index abf381f38..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/integrations-configmap.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.kubelet.fullname.integrations" . }} -data: - # This ConfigMap holds config files for integrations. They should have the following format: - #redis-config.yml: | - # # Run auto discovery to find pods with label "app=redis" - # discovery: - # command: - # # Run discovery for Kubernetes. Use the following optional arguments: - # # --namespaces: Comma separated list of namespaces to discover pods on - # # --tls: Use secure (TLS) connection - # # --port: Port used to connect to the kubelet. Default is 10255 - # exec: /var/db/newrelic-infra/nri-discovery-kubernetes --port PORT --tls - # match: - # label.app: redis - # integrations: - # - name: nri-redis - # env: - # # using the discovered IP as the hostname address - # HOSTNAME: ${discovery.ip} - # PORT: 6379 - # KEYS: '{"0":[""],"1":[""]}' - # REMOTE_MONITORING: true - # labels: - # env: production - {{- if .Values.integrations -}} - {{- range $k, $v := .Values.integrations -}} - {{- $k | trimSuffix ".yaml" | trimSuffix ".yml" | nindent 2 -}}.yaml: |- - {{- $v | toYaml | nindent 4 -}} - {{- end }} - {{- end }} - - {{- /* This template will add and template the integrations in the old .Values.integrations_config */}} - {{- include "newrelic.compatibility.integrations" . | nindent 2 }} - - {{- /* This template will add Pixie Health check to the integrations */}} - {{- if .Values.selfMonitoring.pixie.enabled }} - pixie-health-check.yaml: | - --- - # This Flex config performs periodic checks of the Pixie - # /healthz and /statusz endpoints exposed by the Pixie Cloud Connector. - # A status for each endpoint is sent to New Relic in a pixieHealthCheck event. - # - # If Pixie is not installed in the cluster, no events will be generated. - # This can also be disabled with enablePixieHealthCheck: false in the values.yaml file. - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes --tls --port 10250 - match: - label.name: vizier-cloud-connector - integrations: - - name: nri-flex - interval: 60s - config: - name: pixie-health-check - apis: - - event_type: pixieHealth - commands: - - run: curl --insecure -s https://${discovery.ip}:50800/healthz | xargs | awk '{print "cloud_connector_health:"$1}' - split_by: ":" - merge: pixieHealthCheck - - event_type: pixieStatus - commands: - - run: curl --insecure -s https://${discovery.ip}:50800/statusz | awk '{if($1 == ""){ print "cloud_connector_status:OK" } else { print "cloud_connector_status:"$1 }}' - split_by: ":" - merge: pixieHealthCheck - {{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/scraper-configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/scraper-configmap.yaml deleted file mode 100644 index e43b5227f..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/kubelet/scraper-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.kubelet.enabled -}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "nriKubernetes.kubelet.fullname" . }} - namespace: {{ .Release.Namespace }} -data: - nri-kubernetes.yml: | - {{- (merge .Values.common.config (include "newrelic.integrationConfigDefaults" . | fromYaml)) | toYaml | nindent 4 }} - kubelet: - enabled: true - {{- if .Values.kubelet.config }} - {{- toYaml .Values.kubelet.config | nindent 6 }} - {{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/podsecuritypolicy.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/podsecuritypolicy.yaml deleted file mode 100644 index 5b5058511..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: privileged-{{ include "newrelic.common.naming.fullname" . }} -spec: - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' - hostPID: true - hostIPC: true - hostNetwork: true - hostPorts: - - min: 1 - max: 65536 -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/secret.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/secret.yaml deleted file mode 100644 index f558ee86c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/secret.yaml +++ /dev/null @@ -1,2 +0,0 @@ -{{- /* Common library will take care of creating the secret or not. */}} -{{- include "newrelic.common.license.secret" . }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/serviceaccount.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/serviceaccount.yaml deleted file mode 100644 index f987cc512..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if include "newrelic.common.serviceAccount.create" . -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- with (include "newrelic.common.serviceAccount.annotations" .) }} - annotations: - {{- . | nindent 4 }} - {{- end }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_controlPlane_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_controlPlane_test.yaml deleted file mode 100644 index 175f19dd9..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_controlPlane_test.yaml +++ /dev/null @@ -1,162 +0,0 @@ -suite: test controlplane's affinity -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: empty affinity defaults to master nodes - set: - licenseKey: test - cluster: test - global: {} - affinity: {} - nodeAffinity: {} - controlPlane.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/controlplane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/etcd - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - template: templates/controlplane/daemonset.yaml - - - it: affinity is set by common-library's global - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: {} - nodeAffinity: {} - controlPlane.affinity: null - asserts: - - equal: - path: spec.template.spec.affinity - value: - global: global - template: templates/controlplane/daemonset.yaml - - - it: affinity is set by common-library's local - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: - local: local - nodeAffinity: {} - controlPlane.affinity: null - asserts: - - equal: - path: spec.template.spec.affinity - value: - local: local - template: templates/controlplane/daemonset.yaml - - - it: legacy affinity is ignored - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: {} - nodeAffinity: - legacy: legacy - controlPlane.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/controlplane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/etcd - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - template: templates/controlplane/daemonset.yaml - - - it: affinity is set by supported value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: {} - nodeAffinity: {} - controlPlane.affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: # We have to override the whole tree if we want to override the defaults - - test: test - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - test: test - template: templates/controlplane/daemonset.yaml - -# This is an expected behavior from the common library and tested there but as we are overwriting this -# helper is a good idea to retest it in case any library update brakes our expected behavior - - it: global is overridable by local in common-library - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: - local: local - nodeAffinity: {} - controlPlane.affinity: null - asserts: - - equal: - path: spec.template.spec.affinity - value: - local: local - template: templates/controlplane/daemonset.yaml - - - it: common-library's local is overridable - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: - local: local - nodeAffinity: {} - controlPlane.affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: # We have to override the whole tree if we want to override the defaults - - test: test - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: # We have to override the whole tree if we want to override the defaults - - test: test - template: templates/controlplane/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_ksm_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_ksm_test.yaml deleted file mode 100644 index 2513d8b9e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_ksm_test.yaml +++ /dev/null @@ -1,178 +0,0 @@ -suite: test ksm's affinity -templates: - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: affinity has defaults - set: - licenseKey: test - cluster: test - asserts: - - equal: - path: spec.template.spec.affinity - value: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics - weight: 100 - template: templates/ksm/deployment.yaml - - - it: affinity is set by legacy value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: {} - nodeAffinity: - legacy: legacy - ksm.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: # Legacy value is nodeAffinity and templates affinity objects - legacy: legacy - podAffinity: # Default podAffinity is not overridden - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics - weight: 100 - template: templates/ksm/deployment.yaml - - - it: affinity is set by supported value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: {} - nodeAffinity: {} - ksm.affinity: - podAffinity: # We have to override the whole tree if we want to override the defaults - preferredDuringSchedulingIgnoredDuringExecution: - - test: test - asserts: - - equal: - path: spec.template.spec.affinity - value: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - test: test - template: templates/ksm/deployment.yaml - -# This is an expected behavior from the common library and tested there but as we are overwriting this -# helper is a good idea to retest it in case any library update brakes our expected behavior - - it: global is overridable by local in common-library - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: - local: local - nodeAffinity: {} - ksm.affinity: null - asserts: - - equal: - path: spec.template.spec.affinity - value: - local: local - template: templates/ksm/deployment.yaml - - - it: global is overridable by legacy value - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: {} - nodeAffinity: - legacy: legacy - ksm.affinity: null - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: # Legacy value is nodeAffinity and templates affinity objects - legacy: legacy - template: templates/ksm/deployment.yaml - - - it: common-library's affinity is overridable by supported value - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: {} - nodeAffinity: {} - ksm.affinity: - podAffinity: # We have to override the whole tree if we want to override the defaults - preferredDuringSchedulingIgnoredDuringExecution: - - test: test - asserts: - - equal: - path: spec.template.spec.affinity - value: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - test: test - template: templates/ksm/deployment.yaml - - - it: common-library's affinity is overridable by legacy value - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: - local: local - nodeAffinity: - legacy: legacy - ksm.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: # Legacy value is nodeAffinity and templates affinity objects - legacy: legacy - podAffinity: # Default podAffinity is not overridden - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics - weight: 100 - template: templates/ksm/deployment.yaml - - - it: common-library's local is overridable by supported value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - local: local - nodeAffinity: {} - ksm.affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - test: test - asserts: - - equal: - path: spec.template.spec.affinity - value: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - test: test - template: templates/ksm/deployment.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_kubelet_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_kubelet_test.yaml deleted file mode 100644 index 38d8278e4..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/affinity_kubelet_test.yaml +++ /dev/null @@ -1,158 +0,0 @@ -suite: test kubelet's affinity -templates: - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: affinity has defaults - set: - licenseKey: test - cluster: test - asserts: - - isNull: - path: spec.template.spec.affinity - template: templates/kubelet/daemonset.yaml - - - it: affinity in fargate mode has defaults - set: - licenseKey: test - cluster: test - fargate: true - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - template: templates/kubelet/daemonset.yaml - - - it: affinity is set by legacy value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: {} - nodeAffinity: - legacy: legacy - kubelet.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: # Legacy value is nodeAffinity and templates affinity objects - legacy: legacy - template: templates/kubelet/daemonset.yaml - - - it: affinity is set by supported value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: {} - nodeAffinity: {} - kubelet.affinity: - supported: supported - asserts: - - equal: - path: spec.template.spec.affinity - value: - supported: supported - template: templates/kubelet/daemonset.yaml - -# This is an expected behavior from the common library and tested there but as we are overwriting this -# helper is a good idea to retest it in case any library update brakes our expected behavior - - it: global is overridable by local in common-library - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: - local: local - nodeAffinity: {} - kubelet.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - local: local - template: templates/kubelet/daemonset.yaml - - - it: global is overridable by legacy value - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: {} - nodeAffinity: - legacy: legacy - kubelet.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: # Legacy value is nodeAffinity and templates affinity objects - legacy: legacy - template: templates/kubelet/daemonset.yaml - - - it: global is overridable by supported value - set: - licenseKey: test - cluster: test - global.affinity: - global: global - affinity: {} - nodeAffinity: {} - kubelet.affinity: - supported: supported - asserts: - - equal: - path: spec.template.spec.affinity - value: - supported: supported - template: templates/kubelet/daemonset.yaml - - - it: common-library's local is overridable by legacy value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: - local: local - nodeAffinity: - legacy: legacy - kubelet.affinity: {} - asserts: - - equal: - path: spec.template.spec.affinity - value: - nodeAffinity: # Legacy value is nodeAffinity and templates affinity objects - legacy: legacy - template: templates/kubelet/daemonset.yaml - - - it: common-library's local is overridable by supported value - set: - licenseKey: test - cluster: test - global.affinity: {} - affinity: - local: local - nodeAffinity: {} - kubelet.affinity: - supported: supported - asserts: - - equal: - path: spec.template.spec.affinity - value: - supported: supported - template: templates/kubelet/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/annotations_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/annotations_test.yaml deleted file mode 100644 index c3ec543d2..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/annotations_test.yaml +++ /dev/null @@ -1,130 +0,0 @@ -suite: test annotations -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: annotations are not populated if nothing is set - set: - licenseKey: test - cluster: test - asserts: - - isNull: - path: metadata.annotations - template: templates/ksm/deployment.yaml - - isNull: - path: metadata.annotations - template: templates/controlplane/daemonset.yaml - - isNull: - path: metadata.annotations - template: templates/kubelet/daemonset.yaml - - it: annotations are populated from supported value - set: - licenseKey: test - cluster: test - kubelet: - annotations: - test1: "one" - test2: "two" - controlPlane: - annotations: - test3: "three" - test4: "four" - ksm: - annotations: - test5: "five" - test6: "six" - asserts: - - equal: - path: metadata.annotations - value: - test5: "five" - test6: "six" - template: templates/ksm/deployment.yaml - - equal: - path: metadata.annotations - value: - test3: "three" - test4: "four" - template: templates/controlplane/daemonset.yaml - - equal: - path: metadata.annotations - value: - test1: "one" - test2: "two" - template: templates/kubelet/daemonset.yaml - - it: annotations are populated from supported value even if legacy is present - set: - licenseKey: test - cluster: test - kubelet: - annotations: - test1: "one" - test2: "two" - controlPlane: - annotations: - test3: "three" - test4: "four" - ksm: - annotations: - test5: "five" - test6: "six" - daemonSet: - annotations: - test1: "one" - test2: "two" - asserts: - - equal: - path: metadata.annotations - value: - test5: "five" - test6: "six" - template: templates/ksm/deployment.yaml - - equal: - path: metadata.annotations - value: - test3: "three" - test4: "four" - template: templates/controlplane/daemonset.yaml - - equal: - path: metadata.annotations - value: - test1: "one" - test2: "two" - template: templates/kubelet/daemonset.yaml - - it: annotations are populated from legacy value - set: - licenseKey: test - cluster: test - daemonSet: - annotations: - test1: "one" - test2: "two" - asserts: - - equal: - path: metadata.annotations - value: - test1: "one" - test2: "two" - template: templates/ksm/deployment.yaml - - equal: - path: metadata.annotations - value: - test1: "one" - test2: "two" - template: templates/controlplane/daemonset.yaml - - equal: - path: metadata.annotations - value: - test1: "one" - test2: "two" - template: templates/kubelet/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_agent_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_agent_test.yaml deleted file mode 100644 index 45e5f4cac..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_agent_test.yaml +++ /dev/null @@ -1,198 +0,0 @@ -suite: test controlplane agent configmap -templates: - - templates/controlplane/agent-configmap.yaml -tests: - - it: agent configMap is created and configured from legacy config - set: - licenseKey: test - cluster: test - config: - test1: one - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8001 - is_forward_only: true - test1: one - test2: two - - - it: agent configMap is created and configured from common.agentConfig - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8001 - is_forward_only: true - test1: one - test2: two - - - it: agentConfigs are merged - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - config: - test3: three - controlPlane.agentConfig: - test4: four - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8001 - is_forward_only: true - test1: one - test2: two - test3: three - test4: four - - - it: common.agentConfig takes precedence - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: override - config: - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8001 - is_forward_only: true - test1: one - test2: override - - - it: controlPlane.agentConfig takes precedence - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - controlPlane.agentConfig: - test2: override - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8001 - is_forward_only: true - test1: one - test2: override - - - it: customAttributes are correctly added - set: - licenseKey: test - cluster: test - global.customAttributes: - global: global - customAttributes: - local: local - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - global: global - local: local - http_server_enabled: true - http_server_port: 8001 - is_forward_only: true - - - it: eventQueueDepth is taken into account - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - config: - test3: three - eventQueueDepth: 1000 - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - event_queue_depth: 1000 - http_server_enabled: true - http_server_port: 8001 - is_forward_only: true - test1: one - test2: two - test3: three - -#I am not able to run this test. TODO -# fails with this message: - -# FAIL test controlplane agent configmap tests/configmap_cp_agent_test.yaml -# - fail if customAttributes is a JSON string instead of a map -# -# - asserts[0] `failedTemplate` fail -# Error: -# template "newrelic-infrastructure/templates/controlplane/daemonset.yaml" not exists or not selected in test suite# - it: fail if customAttributes is a JSON string instead of a map - -# I tested it manually but I am not able to create an automatic test so I am leaving it commented as a TODO. - -# - it: fail if customAttributes is a JSON string instead of a map -# set: -# licenseKey: test -# cluster: test -# customAttributes: 'testTESTtest' -# asserts: -# - template: templates/controlplane/daemonset.yaml -# failedTemplate: -# errorMessage: | -# We still support using custom attributes but we support it as a map and dropped it as a string. -# -# You should change your values from this: -# -# customAttributes: "{\"test\": \"test\"}" -# -# to this: -# -# customAttributes: -# test: "test" diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_scraper_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_scraper_test.yaml deleted file mode 100644 index 46ee69576..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_cp_scraper_test.yaml +++ /dev/null @@ -1,168 +0,0 @@ -suite: test controlplane scraper configmap -templates: - - templates/controlplane/scraper-configmap.yaml -tests: - - it: without any option the chart still render a valid yaml - set: - licenseKey: test - cluster: test - controlPlane.config.etcd.autodiscover: [] - controlPlane.config.apiServer.enabled: false - controlPlane.config.controllerManager.enabled: false - controlPlane.config.scheduler.enabled: false - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - controlPlane: - retries: 3 - timeout: 10s - enabled: true - etcd: - autodiscover: [] - enabled: true - - it: staticEndpoint is defined for etcd - set: - licenseKey: test - cluster: test - controlPlane.config.etcd.autodiscover: [] - controlPlane.config.apiServer.enabled: false - controlPlane.config.controllerManager.enabled: false - controlPlane.config.scheduler.enabled: false - controlPlane.config.etcd.staticEndpoint: - url: http://test2.io:9090/test2 - insecureSkipVerify: false - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - controlPlane: - retries: 3 - timeout: 10s - enabled: true - etcd: - autodiscover: [] - enabled: true - staticEndpoint: - insecureSkipVerify: false - url: http://test2.io:9090/test2 - - it: a valid yaml is generated with all components and options enabled - set: - licenseKey: test - cluster: test - controlPlane.config.etcd.autodiscover: [] - controlPlane.config.apiServer.autodiscover: [] - controlPlane.config.controllerManager.autodiscover: [] - controlPlane.config.etcd.staticEndpoint: - url: http://test2.io:9090/test2 - insecureSkipVerify: false - controlPlane.config.scheduler.staticEndpoint: - url: http://scheduler/test - controlPlane.config.controllerManager.staticEndpoint: - url: http://controller/test - controlPlane.config.apiServer.staticEndpoint: - url: http://apiServer/test - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - controlPlane: - retries: 3 - timeout: 10s - enabled: true - etcd: - autodiscover: [] - enabled: true - staticEndpoint: - insecureSkipVerify: false - url: http://test2.io:9090/test2 - scheduler: - autodiscover: - - endpoints: - - auth: - type: bearer - insecureSkipVerify: true - url: https://localhost:10259 - matchNode: true - namespace: kube-system - selector: tier=control-plane,component=kube-scheduler - - endpoints: - - auth: - type: bearer - insecureSkipVerify: true - url: https://localhost:10259 - matchNode: true - namespace: kube-system - selector: k8s-app=kube-scheduler - - endpoints: - - auth: - type: bearer - insecureSkipVerify: true - url: https://localhost:10259 - matchNode: true - namespace: openshift-kube-scheduler - selector: app=openshift-kube-scheduler,scheduler=true - - endpoints: - - auth: - type: bearer - insecureSkipVerify: true - url: https://localhost:10259 - matchNode: true - namespace: kube-system - selector: app=openshift-kube-scheduler,scheduler=true - enabled: true - staticEndpoint: - url: http://scheduler/test - controllerManager: - autodiscover: [] - enabled: true - staticEndpoint: - url: http://controller/test - apiServer: - autodiscover: [] - enabled: true - staticEndpoint: - url: http://apiServer/test - - it: autodiscovery section is rendered as expected together with the static Endpoint - set: - licenseKey: test - cluster: test - controlPlane.config.apiServer.enabled: false - controlPlane.config.controllerManager.enabled: false - controlPlane.config.scheduler.enabled: false - controlPlane.config.etcd.staticEndpoint: - url: http://test2.io:9090/test2 - insecureSkipVerify: false - controlPlane.config.etcd.autodiscover: - - selector: "tier=control-plane,component=etcd" - namespace: kube-system - matchNode: true - endpoints: - - url: http://localhost:2381 - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - controlPlane: - retries: 3 - timeout: 10s - enabled: true - etcd: - autodiscover: - - endpoints: - - url: http://localhost:2381 - matchNode: true - namespace: kube-system - selector: tier=control-plane,component=etcd - enabled: true - staticEndpoint: - insecureSkipVerify: false - url: http://test2.io:9090/test2 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_integrations_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_integrations_test.yaml deleted file mode 100644 index 9655e6b12..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_integrations_test.yaml +++ /dev/null @@ -1,234 +0,0 @@ -suite: test configmap -templates: - - templates/kubelet/integrations-configmap.yaml -tests: - - it: integrations options is taken into account to populate integrations-configmap - set: - licenseKey: test - cluster: test - integrations: - nri-redis-sampleapp: - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - name: nri-redis - env: - PORT: 6379 - labels: - env: test1 - nri-redis-sampleapp2: - integrations: - - name: nri-redis - env: - PORT: 1 - labels: - env: test2 - asserts: - - equal: - path: data["nri-redis-sampleapp.yaml"] - value: |- - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - env: - PORT: 6379 - labels: - env: test1 - name: nri-redis - - equal: - path: data["nri-redis-sampleapp2.yaml"] - value: |- - integrations: - - env: - PORT: 1 - labels: - env: test2 - name: nri-redis - - it: legacy integrations_config options is taken into account to populate integrations-configmap - set: - licenseKey: test - cluster: test - integrations_config: - - name: nri-redis-sampleapp.yaml - data: - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - name: nri-redis - env: - PORT: 6379 - labels: - env: test1 - - name: nri-redis-sampleapp2.yaml - data: - integrations: - - name: nri-redis - env: - PORT: 1 - labels: - env: test2 - asserts: - - equal: - path: data["nri-redis-sampleapp.yaml"] - value: |- - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - env: - PORT: 6379 - labels: - env: test1 - name: nri-redis - - equal: - path: data["nri-redis-sampleapp2.yaml"] - value: |- - integrations: - - env: - PORT: 1 - labels: - env: test2 - name: nri-redis - - it: both supported and legacy options are taken into account when creating integration file - set: - licenseKey: test - cluster: test - integrations: - nri-redis-sampleapp: - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - name: nri-redis - env: - PORT: 6379 - labels: - env: test1 - nri-redis-sampleapp2: - integrations: - - name: nri-redis - env: - PORT: 1 - labels: - env: test2 - integrations_config: - - name: nri-redis-sampleapp3.yaml - data: - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - name: nri-redis - env: - PORT: 6379 - labels: - env: test1 - - name: nri-redis-sampleapp4.yaml - data: - integrations: - - name: nri-redis - env: - PORT: 1 - labels: - env: test2 - asserts: - - equal: - path: data["nri-redis-sampleapp3.yaml"] - value: |- - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - env: - PORT: 6379 - labels: - env: test1 - name: nri-redis - - equal: - path: data["nri-redis-sampleapp4.yaml"] - value: |- - integrations: - - env: - PORT: 1 - labels: - env: test2 - name: nri-redis - - equal: - path: data["nri-redis-sampleapp3.yaml"] - value: |- - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - env: - PORT: 6379 - labels: - env: test1 - name: nri-redis - - equal: - path: data["nri-redis-sampleapp4.yaml"] - value: |- - integrations: - - env: - PORT: 1 - labels: - env: test2 - name: nri-redis - - it: without any option the file is still rendered - set: - licenseKey: test - cluster: test - asserts: - - hasDocuments: - count: 1 - - it: integrations options works with environment passthrough - set: - licenseKey: test - cluster: test - integrations: - nri-redis-sampleapp: - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - name: nri-redis - env: - PORT: "{{ SUPER_SECRET_VARIABLE }}" - labels: - env: test1 - asserts: - - equal: - path: data["nri-redis-sampleapp.yaml"] - value: |- - discovery: - command: - exec: /var/db/newrelic-infra/nri-discovery-kubernetes - match: - label.app: sampleapp - integrations: - - env: - PORT: '{{ SUPER_SECRET_VARIABLE }}' - labels: - env: test1 - name: nri-redis diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_agent_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_agent_test.yaml deleted file mode 100644 index 6c0558852..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_agent_test.yaml +++ /dev/null @@ -1,166 +0,0 @@ -suite: test ksm agent configmap -templates: - - templates/ksm/agent-configmap.yaml -tests: - - it: agent configMap is created and configured from legacy config - set: - licenseKey: test - cluster: test - config: - test1: one - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8002 - is_forward_only: true - test1: one - test2: two - - - it: agent configMap is created and configured from common.agentConfig - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8002 - is_forward_only: true - test1: one - test2: two - - - it: agentConfigs are merged - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - config: - test3: three - ksm.agentConfig: - test4: four - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8002 - is_forward_only: true - test1: one - test2: two - test3: three - test4: four - - - it: common.agentConfig takes precedence - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: override - config: - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8002 - is_forward_only: true - test1: one - test2: override - - - it: ksm.agentConfig takes precedence - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - ksm.agentConfig: - test2: override - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - http_server_enabled: true - http_server_port: 8002 - is_forward_only: true - test1: one - test2: override - - - it: customAttributes are correctly added - set: - licenseKey: test - cluster: test - global.customAttributes: - global: global - customAttributes: - local: local - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - global: global - local: local - http_server_enabled: true - http_server_port: 8002 - is_forward_only: true - - - it: eventQueueDepth is taken into account - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - config: - test3: three - eventQueueDepth: 1000 - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - event_queue_depth: 1000 - http_server_enabled: true - http_server_port: 8002 - is_forward_only: true - test1: one - test2: two - test3: three diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_scraper_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_scraper_test.yaml deleted file mode 100644 index e67f7e32d..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_ksm_scraper_test.yaml +++ /dev/null @@ -1,110 +0,0 @@ -suite: test configmap -templates: - - templates/ksm/scraper-configmap.yaml -tests: - - it: kubeStateMetric config is not created due to disableKubeStateMetrics and test fails - set: - licenseKey: test - cluster: test - kubeStateMetricsPort: 22 - ksm.enabled: true - disableKubeStateMetrics: true - asserts: - - hasDocuments: - count: 0 - - - it: kubeStateMetric config is not created due to ksm.config.enabled and test fails - set: - licenseKey: test - cluster: test - kubeStateMetricsPort: 22 - ksm.enabled: false - disableKubeStateMetrics: false - asserts: - - hasDocuments: - count: 0 - - - it: kubeStateMetricsPort is taken into account since ksm.config.port is not defined - set: - licenseKey: test - cluster: test - kubeStateMetricsPort: 22 - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - ksm: - enabled: true - port: 22 - retries: 3 - scheme: http - selector: app.kubernetes.io/name=kube-state-metrics - timeout: 10s - - - it: kubeStateMetricsPodLabel is taken into account since ksm.config.label is not defined - set: - licenseKey: test - cluster: test - kubeStateMetricsPodLabel: label-name - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - ksm: - enabled: true - retries: 3 - scheme: http - selector: label-name=kube-state-metrics - timeout: 10s - - - it: kubeStateMetricsPort is ignored since ksm.config.port is defined - set: - licenseKey: test - cluster: test - kubeStateMetricsPort: 22 - ksm.config.port: 25 - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - ksm: - enabled: true - port: 22 - retries: 3 - scheme: http - selector: app.kubernetes.io/name=kube-state-metrics - timeout: 10s - - - it: a mix of values is passed and the config is rendered correctly - set: - licenseKey: test - cluster: test - ksm.config.staticURL: newURL - ksm.config.scheme: https - ksm.config.selector: a=b - ksm.config.namespace: test - ksm.config.distributed: true - kubeStateMetricsPort: 22 - kubeStateMetricsUrl: test2.io - asserts: - - equal: - path: data["nri-kubernetes.yml"] - value: |- - interval: 15s - namespaceSelector: {} - ksm: - distributed: true - enabled: true - namespace: test - port: 22 - retries: 3 - scheme: https - selector: a=b - staticURL: test2.io - timeout: 10s diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_kubelet_agent_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_kubelet_agent_test.yaml deleted file mode 100644 index f840081ed..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/configmap_kubelet_agent_test.yaml +++ /dev/null @@ -1,248 +0,0 @@ -suite: test kubelet agent configmap -templates: - - templates/kubelet/agent-configmap.yaml -tests: - - it: agent configMap is created and configured from legacy config - set: - licenseKey: test - cluster: test - config: - test1: one - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - test1: one - test2: two - - - it: agent configMap is created and configured from common.agentConfig - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - test1: one - test2: two - - - it: agentConfigs are merged - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - config: - test3: three - kubelet.agentConfig: - test4: four - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - test1: one - test2: two - test3: three - test4: four - - - it: common.agentConfig takes precedence - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: override - config: - test2: two - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - test1: one - test2: override - - - it: kubelet.agentConfig takes precedence - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - kubelet.agentConfig: - test2: override - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - test1: one - test2: override - - - it: customAttributes are correctly added - set: - licenseKey: test - cluster: test - global.customAttributes: - global: global - customAttributes: - local: local - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - global: global - local: local - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - - - it: eventQueueDepth is taken into account - set: - licenseKey: test - cluster: test - common.agentConfig: - test1: one - test2: two - config: - test3: three - eventQueueDepth: 1000 - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - event_queue_depth: 1000 - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - test1: one - test2: two - test3: three - - - it: unprivileged sets secure forward mode - set: - licenseKey: test - cluster: test - privileged: false - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - is_secure_forward_only: true - - - it: null enableProcessMetrics does not set enableProcessMetrics - set: - licenseKey: test - cluster: test - enableProcessMetrics: null - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - - - it: true enableProcessMetrics populates enableProcessMetrics as true - set: - licenseKey: test - cluster: test - enableProcessMetrics: true - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - enable_process_metrics: true - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 - - - it: false enableProcessMetrics populates enableProcessMetrics as false - set: - licenseKey: test - cluster: test - enableProcessMetrics: false - asserts: - - equal: - path: data["newrelic-infra.yml"] - value: |- - # This is the configuration file for the infrastructure agent. See: - # https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - custom_attributes: - clusterName: test - enable_process_metrics: false - features: - docker_enabled: false - http_server_enabled: true - http_server_port: 8003 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_rbac_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_rbac_test.yaml deleted file mode 100644 index d466af8d0..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_rbac_test.yaml +++ /dev/null @@ -1,47 +0,0 @@ -suite: test RBAC creation -templates: - - templates/controlplane/rolebinding.yaml - - templates/controlplane/clusterrolebinding.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: RBAC points to the service account that is created by default - set: - licenseKey: test - cluster: test - rbac.create: true - serviceAccount.create: true - # The line below is to create one rolebinding to test it. - controlPlane.config.apiServer.staticEndpoint.auth.mtls.secretNamespace: test - asserts: - - equal: - path: subjects[0].name - value: my-release-nrk8s-controlplane - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - licenseKey: test - cluster: test - rbac.create: true - serviceAccount.create: false - serviceAccount.name: sa-test - # The line below is to create one rolebinding to test it. - controlPlane.config.apiServer.staticEndpoint.auth.mtls.secretNamespace: test - asserts: - - equal: - path: subjects[0].name - value: sa-test - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - licenseKey: test - cluster: test - rbac.create: true - serviceAccount.create: false - # The line below is to create one rolebinding to test it. - controlPlane.config.apiServer.staticEndpoint.auth.mtls.secretNamespace: test - asserts: - - equal: - path: subjects[0].name - value: default diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_serviceAccount_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_serviceAccount_test.yaml deleted file mode 100644 index d9dec9b4b..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_serviceAccount_test.yaml +++ /dev/null @@ -1,46 +0,0 @@ -suite: test control plane' serviceAccount -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/secret.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: RBAC points to the service account that is created by default - set: - licenseKey: test - cluster: test - rbac.create: true - serviceAccount.create: true - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: my-release-nrk8s-controlplane - template: templates/controlplane/daemonset.yaml - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - licenseKey: test - cluster: test - rbac.create: true - serviceAccount.create: false - serviceAccount.name: sa-test - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: sa-test - template: templates/controlplane/daemonset.yaml - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - licenseKey: test - cluster: test - rbac.create: true - serviceAccount.create: false - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: default - template: templates/controlplane/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_strategy_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_strategy_test.yaml deleted file mode 100644 index 8c1df88d7..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/controlplane_strategy_test.yaml +++ /dev/null @@ -1,91 +0,0 @@ -suite: test control plane strategy -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: DaemonSet defaults to global updateStrategy - set: - licenseKey: test - cluster: test - asserts: - - equal: - path: spec.updateStrategy - value: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: templates/controlplane/daemonset.yaml - - - it: DaemonSet updateStrategy can be overridden - set: - licenseKey: test - cluster: test - controlPlane: - kind: Deployment - asserts: - - equal: - path: spec.strategy - value: - type: Recreate - template: templates/controlplane/daemonset.yaml - - isNull: - path: spec.updateStrategy - template: templates/controlplane/daemonset.yaml - - - it: Deployment defaults to recreate - set: - licenseKey: test - cluster: test - controlPlane: - kind: Deployment - asserts: - - equal: - path: spec.strategy - value: - type: Recreate - template: templates/controlplane/daemonset.yaml - - - it: Deployment strategy can be overridden - set: - licenseKey: test - cluster: test - strategy: - type: Foobar - controlPlane: - kind: Deployment - asserts: - - equal: - path: spec.strategy - value: - type: Foobar - template: templates/controlplane/daemonset.yaml - - isNull: - path: spec.updateStrategy - template: templates/controlplane/daemonset.yaml - - - it: Deployment strategy is not rendered on DaemonSet - set: - licenseKey: test - cluster: test - controlPlane: - strategy: - type: Foobar - asserts: - - isNull: - path: spec.strategy - template: templates/controlplane/daemonset.yaml - - - it: DaemonSet strategy is not rendered on Deployment - set: - licenseKey: test - cluster: test - controlPlane: - kind: Deployment - updateStrategy: - type: Foobar - asserts: - - isNull: - path: spec.updateStrategy - template: templates/controlplane/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/disable_dns_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/disable_dns_test.yaml deleted file mode 100644 index ac1e4d070..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/disable_dns_test.yaml +++ /dev/null @@ -1,29 +0,0 @@ -suite: Test dns resolution is disabled for ksm and controlplane -templates: - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: NRIA_DNS_HOSTNAME_RESOLUTION is set for the ksm and controlplane workloads - set: - licenseKey: test - cluster: test - privileged: false - asserts: - - contains: - path: spec.template.spec.containers[1].env - content: - name: "NRIA_DNS_HOSTNAME_RESOLUTION" - value: "false" - template: templates/controlplane/daemonset.yaml - - contains: - path: spec.template.spec.containers[1].env - content: - name: "NRIA_DNS_HOSTNAME_RESOLUTION" - value: "false" - template: templates/ksm/deployment.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostNetwork_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostNetwork_test.yaml deleted file mode 100644 index 7a272f9e7..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostNetwork_test.yaml +++ /dev/null @@ -1,200 +0,0 @@ -suite: test hostNetwork -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: hostNetwork defaults (includes the values.yaml) - set: - licenseKey: test - cluster: test - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/kubelet/daemonset.yaml - - - it: hostNetwork is false if nothing is set - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: null - controlPlane.hostNetwork: null - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/kubelet/daemonset.yaml - - - it: hostNetwork is set by the common library - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: true - controlPlane.hostNetwork: null - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/kubelet/daemonset.yaml - - - it: controlPlane hostNetwork is overridable to true - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: false - controlPlane.hostNetwork: true - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/kubelet/daemonset.yaml - - - it: controlPlane hostNetwork is overridable to false - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: true - controlPlane.hostNetwork: false - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/kubelet/daemonset.yaml - - - it: ksm hostNetwork is overridable to true - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: false - ksm.hostNetwork: true - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/kubelet/daemonset.yaml - - - it: ksm hostNetwork is overridable to false - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: true - ksm.hostNetwork: false - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/kubelet/daemonset.yaml - - - it: kubelet hostNetwork is overridable to true - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: false - kubelet.hostNetwork: true - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/kubelet/daemonset.yaml - - - it: kubelet hostNetwork is overridable to false - set: - licenseKey: test - cluster: test - global.hostNetwork: null - hostNetwork: true - kubelet.hostNetwork: false - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.hostNetwork - value: true - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.hostNetwork - value: false - template: templates/kubelet/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostname_override_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostname_override_test.yaml deleted file mode 100644 index 237ca7233..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/hostname_override_test.yaml +++ /dev/null @@ -1,33 +0,0 @@ -suite: Test override of hostname -templates: - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: NRIA_OVERRIDE_HOSTNAME_SHORT and NRIA_OVERRIDE_HOSTNAME are set for the kubelet daemonset - set: - licenseKey: test - cluster: test - privileged: false - asserts: - - contains: - path: spec.template.spec.containers[1].env - content: - name: "NRIA_OVERRIDE_HOSTNAME_SHORT" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - template: templates/kubelet/daemonset.yaml - - contains: - path: spec.template.spec.containers[1].env - content: - name: "NRIA_OVERRIDE_HOSTNAME" - valueFrom: - fieldRef: - apiVersion: "v1" - fieldPath: "spec.nodeName" - template: templates/kubelet/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/initContainers_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/initContainers_test.yaml deleted file mode 100644 index 25d99ad60..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/initContainers_test.yaml +++ /dev/null @@ -1,96 +0,0 @@ -suite: test initContainers -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: initContainers are not populated if nothing is set - set: - licenseKey: test - cluster: test - asserts: - - isNull: - path: spec.template.spec.initContainers - template: templates/ksm/deployment.yaml - - isNull: - path: spec.template.spec.initContainers - template: templates/controlplane/daemonset.yaml - - isNull: - path: spec.template.spec.initContainers - template: templates/kubelet/daemonset.yaml - - it: init containers are populated - set: - licenseKey: test - cluster: test - kubelet: - initContainers: - - name: controlplane - image: test - securityContext: - mode: kubelet - controlPlane: - initContainers: - - name: controlplane - image: test - securityContext: - mode: controlPlane - ksm: - initContainers: - - name: controlplane - image: test - securityContext: - mode: ksm - asserts: - - equal: - path: spec.template.spec.initContainers - value: - - name: controlplane - image: test - securityContext: - mode: ksm - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.initContainers - value: - - name: controlplane - image: test - securityContext: - mode: controlPlane - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.initContainers - value: - - name: controlplane - image: test - securityContext: - mode: kubelet - template: templates/kubelet/daemonset.yaml - - it: init containers are populated and templated - set: - licenseKey: test - cluster: test - myAwesomeValue: testInjecting - ksm: - initContainers: - - name: controlplane - image: test - securityContext: - mode: "{{ .Values.myAwesomeValue }}" - asserts: - - equal: - path: spec.template.spec.initContainers - value: - - name: controlplane - image: test - securityContext: - mode: testInjecting - template: templates/ksm/deployment.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_override_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_override_test.yaml deleted file mode 100644 index 7181f9c1b..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_override_test.yaml +++ /dev/null @@ -1,18 +0,0 @@ -suite: test interval override -templates: - - templates/controlplane/scraper-configmap.yaml - - templates/ksm/scraper-configmap.yaml - - templates/kubelet/scraper-configmap.yaml -tests: - - it: Does not fail with override - set: - licenseKey: test - cluster: test - common: - config: - interval: 1s - forceUnsupportedInterval: true - asserts: - - matchRegex: - path: data["nri-kubernetes.yml"] - pattern: 'interval: 1s' diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_test.yaml deleted file mode 100644 index 72052d4ce..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/interval_test.yaml +++ /dev/null @@ -1,34 +0,0 @@ -suite: test interval -templates: - - templates/NOTES.txt -tests: - - it: Fails to render with large intervals - set: - licenseKey: test - cluster: test - common: - config: - interval: 41s - asserts: - - failedTemplate: - errorMessage: "raw: Intervals larger than 40s are not supported" - - it: Fails to render with small intervals - set: - licenseKey: test - cluster: test - common: - config: - interval: 1s - asserts: - - failedTemplate: - errorMessage: "raw: Intervals smaller than 10s are not supported" - - it: Non-seconds intervals are rejected - set: - licenseKey: test - cluster: test - common: - config: - interval: 1m - asserts: - - failedTemplate: - errorMessage: "raw: Interval must be between 10s and 40s" diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/nodeSelectors_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/nodeSelectors_test.yaml deleted file mode 100644 index 7644a951c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/nodeSelectors_test.yaml +++ /dev/null @@ -1,165 +0,0 @@ -suite: test nodeSelector -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: nodeSelector is populated from global by common-library - set: - licenseKey: test - cluster: test - global: - nodeSelector: - disktype: ssd - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/controlplane/daemonset.yaml - - - it: nodeSelector is populated from chart's root by common-library - set: - licenseKey: test - cluster: test - nodeSelector: - disktype: ssd - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/controlplane/daemonset.yaml - - - it: nodeSelector is overridable - set: - licenseKey: test - cluster: test - global: - nodeSelector: - disktype: ssd - nodeSelector: - disktype: real - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: real - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: real - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: real - template: templates/controlplane/daemonset.yaml - - - it: nodeSelector is populated from ksm tree value - set: - licenseKey: test - cluster: test - ksm: - nodeSelector: - disktype: real - nodeSelector: - disktype: ssd - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: real - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/controlplane/daemonset.yaml - - - it: nodeSelector is populated from kubelet tree value - set: - licenseKey: test - cluster: test - kubelet: - nodeSelector: - disktype: real - nodeSelector: - disktype: ssd - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: real - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/controlplane/daemonset.yaml - - - it: nodeSelector is populated from controlPlane tree value - set: - licenseKey: test - cluster: test - controlPlane: - nodeSelector: - disktype: real - nodeSelector: - disktype: ssd - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: ssd - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.nodeSelector - value: - disktype: real - template: templates/controlplane/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/podName_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/podName_test.yaml deleted file mode 100644 index 81b36c4af..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/podName_test.yaml +++ /dev/null @@ -1,50 +0,0 @@ -suite: test object names -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: name is created as expected - set: - licenseKey: test - cluster: test - asserts: - - equal: - path: metadata.name - value: RELEASE-NAME-nrk8s-ksm - template: templates/ksm/deployment.yaml - - equal: - path: metadata.name - value: RELEASE-NAME-nrk8s-controlplane - template: templates/controlplane/daemonset.yaml - - equal: - path: metadata.name - value: RELEASE-NAME-nrk8s-kubelet - template: templates/kubelet/daemonset.yaml - - it: name is overridden as expected - set: - licenseKey: test - cluster: test - fullnameOverride: fno - asserts: - - equal: - path: metadata.name - value: fno-ksm - template: templates/ksm/deployment.yaml - - equal: - path: metadata.name - value: fno-controlplane - template: templates/controlplane/daemonset.yaml - - equal: - path: metadata.name - value: fno-kubelet - template: templates/kubelet/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/roleBinding_control_plane_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/roleBinding_control_plane_test.yaml deleted file mode 100644 index 295bb9711..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/roleBinding_control_plane_test.yaml +++ /dev/null @@ -1,84 +0,0 @@ -suite: test RBAC -templates: - - templates/controlplane/rolebinding.yaml -tests: - - it: does not create the rolebinding since no namespace is provided in mtls config - set: - licenseKey: test - cluster: test - asserts: - - hasDocuments: - count: 0 - - it: creates two rolebindings since two secretNamespace are the same - set: - licenseKey: test - cluster: test - controlPlane: - config: - controllerManager: - # -- Enable controller manager monitoring. - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-controller-manager" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: mTLS - mtls: - secretName: secret-name - secretNamespace: secret-namespace - - url: https://localhost:10258 - insecureSkipVerify: true - auth: - type: mTLS - mtls: - secretName: secret-name - secretNamespace: secret-namespace - apiServer: - autodiscover: [] - enabled: true - staticEndpoint: - auth: - type: mTLS - mtls: - secretName: secret-name - secretNamespace: secret-namespace-second - insecureSkipVerify: true - url: https://localhost:6443 - asserts: - - hasDocuments: - count: 2 - - equal: - path: metadata.namespace - value: secret-namespace-second - documentIndex: 0 - - equal: - path: metadata.namespace - value: secret-namespace - documentIndex: 1 - - it: the namespace is created from the staticEndpoint and the namespace is populated correctly - set: - licenseKey: test - cluster: test - controlPlane: - config: - apiServer: - autodiscover: [] - enabled: true - staticEndpoint: - auth: - type: mTLS - mtls: - secretName: secret-name - secretNamespace: secret-namespace-second - insecureSkipVerify: true - url: https://localhost:6443 - asserts: - - hasDocuments: - count: 1 - - equal: - path: metadata.namespace - value: secret-namespace-second diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/securityContext_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/securityContext_test.yaml deleted file mode 100644 index ab8192b91..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/securityContext_test.yaml +++ /dev/null @@ -1,197 +0,0 @@ -suite: test securityContext -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: securityContext.runAsUser is populated with defaults - set: - licenseKey: test - cluster: test - asserts: - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1000 - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 0 # Note that by defaults privileged is true - template: templates/kubelet/daemonset.yaml - - - it: securityContext.runAsUser is populated with unprivileged defaults - set: - licenseKey: test - cluster: test - privileged: false - asserts: - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1000 - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1000 - template: templates/kubelet/daemonset.yaml - - - it: securityContext from the common library is templated - set: - licenseKey: test - cluster: test - global.containerSecurityContext: - runAsUser: 200 - runAsGroup: 2000 - asserts: - - equal: - path: spec.template.spec.containers[0].securityContext - value: - runAsUser: 200 - runAsGroup: 2000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[1].securityContext - value: - runAsUser: 200 - runAsGroup: 2000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[0].securityContext - value: - runAsUser: 200 - runAsGroup: 2000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext - value: - runAsUser: 200 - runAsGroup: 2000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[0].securityContext - value: - runAsUser: 200 - runAsGroup: 2000 - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext - value: - runAsUser: 200 - runAsGroup: 2000 - template: templates/kubelet/daemonset.yaml - - - it: securityContext from the common library is overridden by the compatibility layer - set: - licenseKey: test - cluster: test - global.containerSecurityContext: - runAsUser: 200 - runAsGroup: 2000 - runAsUser: 3000 - asserts: - - equal: - path: spec.template.spec.containers[0].securityContext - value: - runAsUser: 3000 - runAsGroup: 2000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[1].securityContext - value: - runAsUser: 3000 - runAsGroup: 2000 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[0].securityContext - value: - runAsUser: 3000 - runAsGroup: 2000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext - value: - runAsUser: 3000 - runAsGroup: 2000 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[0].securityContext - value: - runAsUser: 3000 - runAsGroup: 2000 - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext - value: - runAsUser: 3000 - runAsGroup: 2000 - template: templates/kubelet/daemonset.yaml - - - it: legacy runAsUser is respected - set: - licenseKey: test - cluster: test - runAsUser: 1111 - asserts: - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1111 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1111 - template: templates/ksm/deployment.yaml - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1111 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1111 - template: templates/controlplane/daemonset.yaml - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1111 - template: templates/kubelet/daemonset.yaml - - equal: - path: spec.template.spec.containers[1].securityContext.runAsUser - value: 1111 - template: templates/kubelet/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/serviceaccount_create_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/serviceaccount_create_test.yaml deleted file mode 100644 index c88902976..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/serviceaccount_create_test.yaml +++ /dev/null @@ -1,92 +0,0 @@ -suite: test service accounts creation -templates: - - templates/serviceaccount.yaml - - templates/controlplane/serviceaccount.yaml -release: - licenseKey: test - cluster: test -tests: - - it: default values template a service account - set: - licenseKey: test - cluster: test - asserts: - - hasDocuments: - count: 1 - - - it: no global values template a service account - set: - licenseKey: test - cluster: test - global: null - asserts: - - hasDocuments: - count: 1 - - - it: create (globally) a service account - set: - licenseKey: test - cluster: test - global: - serviceAccount: - create: true - asserts: - - hasDocuments: - count: 1 - - - it: create (locally) a service account - set: - licenseKey: test - cluster: test - serviceAccount: - create: true - asserts: - - hasDocuments: - count: 1 - - - it: disable (globally) a service account - set: - licenseKey: test - cluster: test - global: - serviceAccount: - create: false - asserts: - - hasDocuments: - count: 0 - - - it: disable (locally) a service account - set: - licenseKey: test - cluster: test - serviceAccount: - create: false - asserts: - - hasDocuments: - count: 0 - - - it: Allow to override the global disable of a service account - set: - licenseKey: test - cluster: test - global: - serviceAccount: - create: true - serviceAccount: - create: false - asserts: - - hasDocuments: - count: 0 - - - it: Allow to override the global creation of a service account - set: - licenseKey: test - cluster: test - global: - serviceAccount: - create: false - serviceAccount: - create: true - asserts: - - hasDocuments: - count: 1 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_controlPlane_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_controlPlane_test.yaml deleted file mode 100644 index 7642f4bef..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_controlPlane_test.yaml +++ /dev/null @@ -1,148 +0,0 @@ -suite: test tolerations for controlplane -templates: - - templates/controlplane/daemonset.yaml - - templates/controlplane/scraper-configmap.yaml - - templates/controlplane/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: Controlplane tolerations has defaults - set: - licenseKey: test - cluster: test - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" - - - it: Controlplane tolerations uses globals - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: [] - controlPlane.tolerations: [] - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: Controlplane tolerations uses local tolerations - set: - licenseKey: test - cluster: test - global: {} - tolerations: - - test: test - - test2: test2 - controlPlane.tolerations: [] - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: Controlplane tolerations uses controlplane tolerations - set: - licenseKey: test - cluster: test - global: {} - tolerations: [] - controlPlane.tolerations: - - test: test - - test2: test2 - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: Controlplane global tolerations overridable by local - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: - - local: local - - local2: local2 - controlPlane.tolerations: [] - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - local: local - - local2: local2 - - - it: Controlplane global tolerations overridable by controlPlane tolerations - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: [] - controlPlane.tolerations: - - controlPlane: controlPlane - - controlPlane2: controlPlane2 - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - controlPlane: controlPlane - - controlPlane2: controlPlane2 - - - it: Controlplane local tolerations overridable by controlPlane tolerations - set: - licenseKey: test - cluster: test - global.tolerations: [] - tolerations: - - local: local - - local2: local2 - controlPlane.tolerations: - - controlPlane: controlPlane - - controlPlane2: controlPlane2 - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - controlPlane: controlPlane - - controlPlane2: controlPlane2 - - - - it: With every toleration, controlplane gets precedence - set: - licenseKey: test - cluster: test - global.tolerations: [] - tolerations: - - local: local - - local2: local2 - controlPlane.tolerations: - - controlPlane: controlPlane - - controlPlane2: controlPlane2 - asserts: - - template: templates/controlplane/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - controlPlane: controlPlane - - controlPlane2: controlPlane2 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_ksm_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_ksm_test.yaml deleted file mode 100644 index 3fe49b4ff..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_ksm_test.yaml +++ /dev/null @@ -1,145 +0,0 @@ -suite: test tolerations for KSM -templates: - - templates/ksm/deployment.yaml - - templates/ksm/scraper-configmap.yaml - - templates/ksm/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: KSM tolerations empty with everything null/empty - set: - licenseKey: test - cluster: test - global: {} - tolerations: [] - ksm.tolerations: [] - asserts: - - template: templates/ksm/deployment.yaml - isNull: - path: spec.template.spec.tolerations - - - it: KSM tolerations uses globals - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: [] - ksm.tolerations: [] - asserts: - - template: templates/ksm/deployment.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: KSM tolerations uses local tolerations - set: - licenseKey: test - cluster: test - global: {} - tolerations: - - test: test - - test2: test2 - ksm.tolerations: [] - asserts: - - template: templates/ksm/deployment.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: KSM tolerations uses KSM tolerations - set: - licenseKey: test - cluster: test - global: {} - tolerations: [] - ksm.tolerations: - - test: test - - test2: test2 - asserts: - - template: templates/ksm/deployment.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: KSM global tolerations overridable by local - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: - - local: local - - local2: local2 - ksm.tolerations: [] - asserts: - - template: templates/ksm/deployment.yaml - equal: - path: spec.template.spec.tolerations - value: - - local: local - - local2: local2 - - - it: KSM global tolerations overridable by ksm tolerations - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: [] - ksm.tolerations: - - ksm: ksm - - ksm2: ksm2 - asserts: - - template: templates/ksm/deployment.yaml - equal: - path: spec.template.spec.tolerations - value: - - ksm: ksm - - ksm2: ksm2 - - - it: KSM local tolerations overridable by ksm tolerations - set: - licenseKey: test - cluster: test - global.tolerations: [] - tolerations: - - local: local - - local2: local2 - ksm.tolerations: - - ksm: ksm - - ksm2: ksm2 - asserts: - - template: templates/ksm/deployment.yaml - equal: - path: spec.template.spec.tolerations - value: - - ksm: ksm - - ksm2: ksm2 - - - it: With every toleration, KSM gets precedence - set: - licenseKey: test - cluster: test - global.tolerations: [] - tolerations: - - local: local - - local2: local2 - ksm.tolerations: - - ksm: ksm - - ksm2: ksm2 - asserts: - - template: templates/ksm/deployment.yaml - equal: - path: spec.template.spec.tolerations - value: - - ksm: ksm - - ksm2: ksm2 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_kubelet_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_kubelet_test.yaml deleted file mode 100644 index 908881898..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/tolerations_kubelet_test.yaml +++ /dev/null @@ -1,152 +0,0 @@ -suite: test tolerations for kubelet -templates: - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: kubelet tolerations uses its defaults with everything null/empty - set: - licenseKey: test - cluster: test - global: {} - tolerations: [] - ksm.tolerations: [] - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" - - - it: kubelet tolerations uses globals - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: [] - kubelet.tolerations: [] - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: kubelet tolerations uses local tolerations - set: - licenseKey: test - cluster: test - global: {} - tolerations: - - test: test - - test2: test2 - kubelet.tolerations: [] - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: kubelet tolerations uses kubelet tolerations - set: - licenseKey: test - cluster: test - global: {} - tolerations: [] - kubelet.tolerations: - - test: test - - test2: test2 - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - test: test - - test2: test2 - - - it: kubelet global tolerations overridable by local - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: - - local: local - - local2: local2 - kubelet.tolerations: [] - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - local: local - - local2: local2 - - - it: kubelet global tolerations overridable by kubelet tolerations - set: - licenseKey: test - cluster: test - global.tolerations: - - test: test - - test2: test2 - tolerations: [] - kubelet.tolerations: - - kubelet: kubelet - - kubelet2: kubelet2 - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - kubelet: kubelet - - kubelet2: kubelet2 - - - it: kubelet local tolerations overridable by kubelet tolerations - set: - licenseKey: test - cluster: test - global.tolerations: [] - tolerations: - - local: local - - local2: local2 - kubelet.tolerations: - - kubelet: kubelet - - kubelet2: kubelet2 - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - kubelet: kubelet - - kubelet2: kubelet2 - - - it: With every toleration, kubelet gets precedence - set: - licenseKey: test - cluster: test - global.tolerations: [] - tolerations: - - local: local - - local2: local2 - kubelet.tolerations: - - kubelet: kubelet - - kubelet2: kubelet2 - asserts: - - template: templates/kubelet/daemonset.yaml - equal: - path: spec.template.spec.tolerations - value: - - kubelet: kubelet - - kubelet2: kubelet2 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/unprivileged_override_host_root_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/unprivileged_override_host_root_test.yaml deleted file mode 100644 index f36aac443..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/tests/unprivileged_override_host_root_test.yaml +++ /dev/null @@ -1,33 +0,0 @@ -suite: Test NRIA_OVERRIDE_HOST_ROOT -templates: - - templates/kubelet/daemonset.yaml - - templates/kubelet/scraper-configmap.yaml - - templates/kubelet/agent-configmap.yaml - - templates/kubelet/integrations-configmap.yaml - - templates/agent-configmap.yaml - - templates/secret.yaml -tests: - - it: NRIA_OVERRIDE_HOST_ROOT is not present in privileged mode - set: - licenseKey: test - cluster: test - privileged: true - asserts: - - notContains: - path: spec.template.spec.containers[1].env - content: - name: "NRIA_OVERRIDE_HOST_ROOT" - value: "" - template: templates/kubelet/daemonset.yaml - - it: NRIA_OVERRIDE_HOST_ROOT is present in unprivileged mode - set: - licenseKey: test - cluster: test - privileged: false - asserts: - - contains: - path: spec.template.spec.containers[1].env - content: - name: "NRIA_OVERRIDE_HOST_ROOT" - value: "" - template: templates/kubelet/daemonset.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/values.yaml deleted file mode 100644 index f62105f99..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-infrastructure/values.yaml +++ /dev/null @@ -1,602 +0,0 @@ -# -- Override the name of the chart -nameOverride: "" -# -- Override the full name of the release -fullnameOverride: "" - -# -- Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster` -cluster: "" -# -- This set this license key to use. Can be configured also with `global.licenseKey` -licenseKey: "" -# -- In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` -customSecretName: "" -# -- In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` -customSecretLicenseKey: "" - -# -- Images used by the chart for the integration and agents. -# @default -- See `values.yaml` -images: - # -- The secrets that are needed to pull images from a custom registry. - pullSecrets: [] - # - name: regsecret - # -- Image for the New Relic Infrastructure Agent sidecar. - # @default -- See `values.yaml` - forwarder: - registry: "" - repository: newrelic/k8s-events-forwarder - tag: 1.41.0 - pullPolicy: IfNotPresent - # -- Image for the New Relic Infrastructure Agent plus integrations. - # @default -- See `values.yaml` - agent: - registry: "" - repository: newrelic/infrastructure-bundle - tag: 3.1.8 - pullPolicy: IfNotPresent - # -- Image for the New Relic Kubernetes integration. - # @default -- See `values.yaml` - integration: - registry: "" - repository: newrelic/nri-kubernetes - tag: - pullPolicy: IfNotPresent - -# -- Config that applies to all instances of the solution: kubelet, ksm, control plane and sidecars. -# @default -- See `values.yaml` -common: - # Configuration entries that apply to all instances of the integration: kubelet, ksm and control plane. - config: - # common.config.interval -- (duration) Intervals larger than 40s are not supported and will cause the NR UI to not - # behave properly. Any non-nil value will override the `lowDataMode` default. - # @default -- `15s` (See [Low data mode](README.md#low-data-mode)) - interval: - # -- Config for filtering ksm and kubelet metrics by namespace. - namespaceSelector: {} - # If you want to include only namespaces with a given label you could do so by adding: - # matchLabels: - # newrelic.com/scrape: true - # Otherwise you can build more complex filters and include or exclude certain namespaces by adding one or multiple - # expressions that are added, for instance: - # matchExpressions: - # - {key: newrelic.com/scrape, operator: NotIn, values: ["false"]} - - # -- Config for the Infrastructure agent. - # Will be used by the forwarder sidecars and the agent running integrations. - # See: https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - agentConfig: {} - -# lowDataMode -- (bool) Send less data by incrementing the interval from `15s` (the default when `lowDataMode` is `false` or `nil`) to `30s`. -# Non-nil values of `common.config.interval` will override this value. -# @default -- `false` (See [Low data mode](README.md#low-data-mode)) -lowDataMode: - -# sink - Configuration for the scraper sink. -sink: - http: - # -- The amount of time the scraper container to probe infra agent sidecar container before giving up and restarting during pod starts. - probeTimeout: 90s - # -- The amount of time the scraper container to backoff when it fails to probe infra agent sidecar. - probeBackoff: 5s - -# kubelet -- Configuration for the DaemonSet that collects metrics from the Kubelet. -# @default -- See `values.yaml` -kubelet: - # -- Enable kubelet monitoring. - # Advanced users only. Setting this to `false` is not supported and will break the New Relic experience. - enabled: true - annotations: {} - # -- Tolerations for the control plane DaemonSet. - # @default -- Schedules in all tainted nodes - tolerations: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" - nodeSelector: {} - # -- (bool) Sets pod's hostNetwork. When set bypasses global/common variable - # @default -- Not set - hostNetwork: - affinity: {} - # -- Config for the Infrastructure agent that will forward the metrics to the backend and will run the integrations in this cluster. - # It will be merged with the configuration in `.common.agentConfig`. You can see all the agent configurations in - # [New Relic docs](https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/) - # e.g. you can set `passthrough_environment` int the [config file](https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/configure-infrastructure-agent/#config-file) - # so the agent let use that environment variables to the integrations. - agentConfig: {} - # passthrough_environment: - # - A_ENVIRONMENT_VARIABLE_SET_IN_extraEnv - # - A_ENVIRONMENT_VARIABLE_SET_IN_A_CONFIG_MAP_SET_IN_entraEnvForm - - # -- Add user environment variables to the agent - extraEnv: [] - # -- Add user environment from configMaps or secrets as variables to the agent - extraEnvFrom: [] - # -- Volumes to mount in the containers - extraVolumes: [] - # -- Defines where to mount volumes specified with `extraVolumes` - extraVolumeMounts: [] - initContainers: [] - resources: - limits: - memory: 300M - requests: - cpu: 100m - memory: 150M - config: - # -- Timeout for the kubelet APIs contacted by the integration - timeout: 10s - # -- Number of retries after timeout expired - retries: 3 - # -- Max number of scraper rerun when scraper runtime error happens - scraperMaxReruns: 4 - # port: - # scheme: - -# ksm -- Configuration for the Deployment that collects state metrics from KSM (kube-state-metrics). -# @default -- See `values.yaml` -ksm: - # -- Enable cluster state monitoring. - # Advanced users only. Setting this to `false` is not supported and will break the New Relic experience. - enabled: true - annotations: {} - # -- Tolerations for the KSM Deployment. - # @default -- Schedules in all tainted nodes - tolerations: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" - nodeSelector: {} - # -- (bool) Sets pod's hostNetwork. When set bypasses global/common variable - # @default -- Not set - hostNetwork: - # -- Affinity for the KSM Deployment. - # @default -- Deployed in the same node as KSM - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics - weight: 100 - # -- Config for the Infrastructure agent that will forward the metrics to the backend. It will be merged with the configuration in `.common.agentConfig` - # See: https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - agentConfig: {} - extraEnv: [] - extraEnvFrom: [] - extraVolumes: [] - extraVolumeMounts: [] - initContainers: [] - # -- Resources for the KSM scraper pod. - # Keep in mind that sharding is not supported at the moment, so memory usage for this component ramps up quickly on - # large clusters. - # @default -- 100m/150M -/850M - resources: - limits: - memory: 850M # Bump me up if KSM pod shows restarts. - requests: - cpu: 100m - memory: 150M - config: - # -- Timeout for the ksm API contacted by the integration - timeout: 10s - # -- Number of retries after timeout expired - retries: 3 - # -- if specified autodiscovery is not performed and the specified URL is used - # staticUrl: "http://test.io:8080/metrics" - # -- Label selector that will be used to automatically discover an instance of kube-state-metrics running in the cluster. - selector: "app.kubernetes.io/name=kube-state-metrics" - # -- Scheme to use to connect to kube-state-metrics. Supported values are `http` and `https`. - scheme: "http" - # -- Restrict autodiscovery of the kube-state-metrics endpoint to those using a specific port. If empty or `0`, all endpoints are considered regardless of their port (recommended). - # port: 8080 - # -- Restrict autodiscovery of the kube-state-metrics service to a particular namespace. - # @default -- All namespaces are searched (recommended). - # namespace: "ksm-namespace" - -# controlPlane -- Configuration for the control plane scraper. -# @default -- See `values.yaml` -controlPlane: - # -- Deploy control plane monitoring component. - enabled: true - annotations: {} - # -- Tolerations for the control plane DaemonSet. - # @default -- Schedules in all tainted nodes - tolerations: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" - nodeSelector: {} - # -- Affinity for the control plane DaemonSet. - # @default -- Deployed only in master nodes. - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/controlplane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/etcd - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - # -- How to deploy the control plane scraper. If autodiscovery is in use, it should be `DaemonSet`. - # Advanced users using static endpoints set this to `Deployment` to avoid reporting metrics twice. - kind: DaemonSet - # -- Run Control Plane scraper with `hostNetwork`. - # `hostNetwork` is required for most control plane configurations, as they only accept connections from localhost. - hostNetwork: true - # -- Config for the Infrastructure agent that will forward the metrics to the backend. It will be merged with the configuration in `.common.agentConfig` - # See: https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/ - agentConfig: {} - extraEnv: [] - extraEnvFrom: [] - extraVolumes: [] - extraVolumeMounts: [] - initContainers: [] - resources: - limits: - memory: 300M - requests: - cpu: 100m - memory: 150M - config: - # -- Timeout for the Kubernetes APIs contacted by the integration - timeout: 10s - # -- Number of retries after timeout expired - retries: 3 - # -- etcd monitoring configuration - # @default -- Common settings for most K8s distributions. - etcd: - # -- Enable etcd monitoring. Might require manual configuration in some environments. - enabled: true - # Discover etcd pods using the following namespaces and selectors. - # If a pod matches the selectors, the scraper will attempt to reach it through the `endpoints` defined below. - autodiscover: - - selector: "tier=control-plane,component=etcd" - namespace: kube-system - # Set to true to consider only pods sharing the node with the scraper pod. - # This should be set to `true` if Kind is Daemonset, `false` otherwise. - matchNode: true - # Try to reach etcd using the following endpoints. - endpoints: - - url: https://localhost:4001 - insecureSkipVerify: true - auth: - type: bearer - - url: http://localhost:2381 - - selector: "k8s-app=etcd-manager-main" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:4001 - insecureSkipVerify: true - auth: - type: bearer - - selector: "k8s-app=etcd" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:4001 - insecureSkipVerify: true - auth: - type: bearer - # Openshift users might want to remove previous autodiscover entries and add this one instead. - # Manual steps are required to create a secret containing the required TLS certificates to connect to etcd. - # - selector: "app=etcd,etcd=true,k8s-app=etcd" - # namespace: openshift-etcd - # matchNode: true - # endpoints: - # - url: https://localhost:9979 - # insecureSkipVerify: true - # auth: - # type: mTLS - # mtls: - # secretName: secret-name - # secretNamespace: secret-namespace - - # -- staticEndpoint configuration. - # It is possible to specify static endpoint to scrape. If specified 'autodiscover' section is ignored. - # If set the static endpoint should be reachable, otherwise an error will be returned and the integration stops. - # Notice that if deployed as a daemonSet and not as a Deployment setting static URLs could lead to duplicate data - # staticEndpoint: - # url: https://url:port - # insecureSkipVerify: true - # auth: {} - - # -- Scheduler monitoring configuration - # @default -- Common settings for most K8s distributions. - scheduler: - # -- Enable scheduler monitoring. - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-scheduler" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10259 - insecureSkipVerify: true - auth: - type: bearer - - selector: "k8s-app=kube-scheduler" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10259 - insecureSkipVerify: true - auth: - type: bearer - - selector: "app=openshift-kube-scheduler,scheduler=true" - namespace: openshift-kube-scheduler - matchNode: true - endpoints: - - url: https://localhost:10259 - insecureSkipVerify: true - auth: - type: bearer - - selector: "app=openshift-kube-scheduler,scheduler=true" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10259 - insecureSkipVerify: true - auth: - type: bearer - # -- staticEndpoint configuration. - # It is possible to specify static endpoint to scrape. If specified 'autodiscover' section is ignored. - # If set the static endpoint should be reachable, otherwise an error will be returned and the integration stops. - # Notice that if deployed as a daemonSet and not as a Deployment setting static URLs could lead to duplicate data - # staticEndpoint: - # url: https://url:port - # insecureSkipVerify: true - # auth: {} - - # -- Controller manager monitoring configuration - # @default -- Common settings for most K8s distributions. - controllerManager: - # -- Enable controller manager monitoring. - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-controller-manager" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: bearer - - selector: "k8s-app=kube-controller-manager" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: bearer - - selector: "app=kube-controller-manager,kube-controller-manager=true" - namespace: openshift-kube-controller-manager - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: bearer - - selector: "app=kube-controller-manager,kube-controller-manager=true" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: bearer - - selector: "app=controller-manager,controller-manager=true" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:10257 - insecureSkipVerify: true - auth: - type: bearer - # mtls: - # secretName: secret-name - # secretNamespace: secret-namespace - # -- staticEndpoint configuration. - # It is possible to specify static endpoint to scrape. If specified 'autodiscover' section is ignored. - # If set the static endpoint should be reachable, otherwise an error will be returned and the integration stops. - # Notice that if deployed as a daemonSet and not as a Deployment setting static URLs could lead to duplicate data - # staticEndpoint: - # url: https://url:port - # insecureSkipVerify: true - # auth: {} - - # -- API Server monitoring configuration - # @default -- Common settings for most K8s distributions. - apiServer: - # -- Enable API Server monitoring - enabled: true - autodiscover: - - selector: "tier=control-plane,component=kube-apiserver" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:8443 - insecureSkipVerify: true - auth: - type: bearer - # Endpoint distributions target: Kind(v1.22.1) - - url: https://localhost:6443 - insecureSkipVerify: true - auth: - type: bearer - - url: http://localhost:8080 - - selector: "k8s-app=kube-apiserver" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:8443 - insecureSkipVerify: true - auth: - type: bearer - - url: http://localhost:8080 - - selector: "app=openshift-kube-apiserver,apiserver=true" - namespace: openshift-kube-apiserver - matchNode: true - endpoints: - - url: https://localhost:8443 - insecureSkipVerify: true - auth: - type: bearer - - url: https://localhost:6443 - insecureSkipVerify: true - auth: - type: bearer - - selector: "app=openshift-kube-apiserver,apiserver=true" - namespace: kube-system - matchNode: true - endpoints: - - url: https://localhost:8443 - insecureSkipVerify: true - auth: - type: bearer - # -- staticEndpoint configuration. - # It is possible to specify static endpoint to scrape. If specified 'autodiscover' section is ignored. - # If set the static endpoint should be reachable, otherwise an error will be returned and the integration stops. - # Notice that if deployed as a daemonSet and not as a Deployment setting static URLs could lead to duplicate data - # staticEndpoint: - # url: https://url:port - # insecureSkipVerify: true - # auth: {} - -# -- Update strategy for the deployed DaemonSets. -# @default -- See `values.yaml` -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - -# -- Update strategy for the deployed Deployments. -# @default -- `type: Recreate` -strategy: - type: Recreate - -# -- Adds extra attributes to the cluster and all the metrics emitted to the backend. Can be configured also with `global.customAttributes` -customAttributes: {} - -# -- Settings controlling ServiceAccount creation. -# @default -- See `values.yaml` -serviceAccount: - # -- (bool) Whether the chart should automatically create the ServiceAccount objects required to run. - # @default -- `true` - create: - annotations: {} - # If not set and create is true, a name is generated using the fullname template - name: "" - -# -- Additional labels for chart objects. Can be configured also with `global.labels` -labels: {} -# -- Annotations to be added to all pods created by the integration. -podAnnotations: {} -# -- Additional labels for chart pods. Can be configured also with `global.podLabels` -podLabels: {} - -# -- Run the integration with full access to the host filesystem and network. -# Running in this mode allows reporting fine-grained cpu, memory, process and network metrics for your nodes. -privileged: true -# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` -priorityClassName: "" -# -- (bool) Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` -# @default -- `false` -hostNetwork: -# -- Sets security context (at pod level). Can be configured also with `global.podSecurityContext` -podSecurityContext: {} -# -- Sets security context (at container level). Can be configured also with `global.containerSecurityContext` -containerSecurityContext: {} - -# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` -dnsConfig: {} - -# Settings controlling RBAC objects creation. -rbac: - # rbac.create -- Whether the chart should automatically create the RBAC objects required to run. - create: true - # rbac.pspEnabled -- Whether the chart should create Pod Security Policy objects. - pspEnabled: false - -# -- Sets pod/node affinities set almost globally. (See [Affinities and tolerations](README.md#affinities-and-tolerations)) -affinity: {} -# -- Sets pod's node selector almost globally. (See [Affinities and tolerations](README.md#affinities-and-tolerations)) -nodeSelector: {} -# -- Sets pod's tolerations to node taints almost globally. (See [Affinities and tolerations](README.md#affinities-and-tolerations)) -tolerations: [] - -# -- Config files for other New Relic integrations that should run in this cluster. -integrations: {} -# If you wish to monitor services running on Kubernetes you can provide integrations -# configuration under `integrations`. You just need to create a new entry where -# the key is the filename of the configuration file and the value is the content of -# the integration configuration. -# The data is the actual integration configuration as described in the spec here: -# https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180 -# For example, if you wanted to monitor a Redis instance that has a label "app=sampleapp" -# you could do so by adding following entry: -# nri-redis-sampleapp: -# discovery: -# command: -# # Run NRI Discovery for Kubernetes -# # https://github.com/newrelic/nri-discovery-kubernetes -# exec: /var/db/newrelic-infra/nri-discovery-kubernetes -# match: -# label.app: sampleapp -# integrations: -# - name: nri-redis -# env: -# # using the discovered IP as the hostname address -# HOSTNAME: ${discovery.ip} -# PORT: 6379 -# labels: -# env: test - -# -- (bool) Collect detailed metrics from processes running in the host. -# This defaults to true for accounts created before July 20, 2020. -# ref: https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes/new-relic-infrastructure-agent-1120 -# @default -- `false` -enableProcessMetrics: - -# Prefix nodes display name with cluster to reduce chances of collisions -# prefixDisplayNameWithCluster: false - -# 'true' will use the node name as the name for the "host", -# note that it may cause data collision if the node name is the same in different clusters -# and prefixDisplayNameWithCluster is not set to true. -# 'false' will use the host name as the name for the "host". -# useNodeNameAsDisplayName: true - -selfMonitoring: - pixie: - # selfMonitoring.pixie.enabled -- Enables the Pixie Health Check nri-flex config. - # This Flex config performs periodic checks of the Pixie /healthz and /statusz endpoints exposed by the Pixie - # Cloud Connector. A status for each endpoint is sent to New Relic in a pixieHealthCheck event. - enabled: false - - -# -- Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` -proxy: "" - -# -- (bool) Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` -# @default -- `false` -nrStaging: -fedramp: - # -- (bool) Enables FedRAMP. Can be configured also with `global.fedramp.enabled` - # @default -- `false` - enabled: - -# -- (bool) Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` -# @default -- `false` -verboseLog: diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/.helmignore b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/.helmignore deleted file mode 100644 index 1ed4e226e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ - -templates/apiservice/job-patch/README.md diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.lock b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.lock deleted file mode 100644 index a2f8a4d29..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common-library - repository: https://helm-charts.newrelic.com - version: 1.1.1 -digest: sha256:3c9053021f3c22aa3cdfc6781d3498bcbedb0b973af9121b1722469744fb5162 -generated: "2023-03-22T00:07:39.997727169Z" diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.yaml deleted file mode 100644 index 9e8fe4248..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/Chart.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v2 -description: A Helm chart to deploy the New Relic Kubernetes Metrics Adapter. -name: newrelic-k8s-metrics-adapter -version: 1.2.0 -appVersion: 0.4.2 -home: https://hub.docker.com/r/newrelic/newrelic-k8s-metrics-adapter -sources: - - https://github.com/newrelic/newrelic-k8s-metrics-adapter - - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter -engine: gotpl -icon: https://newrelic.com/assets/newrelic/source/NewRelic-logo-square.svg - -dependencies: - - name: common-library - version: 1.1.1 - repository: "https://helm-charts.newrelic.com" - -maintainers: - - name: nserrino - url: https://github.com/nserrino - - name: philkuz - url: https://github.com/philkuz - - name: htroisi - url: https://github.com/htroisi - - name: juanjjaramillo - url: https://github.com/juanjjaramillo - - name: svetlanabrennan - url: https://github.com/svetlanabrennan - - name: nrepai - url: https://github.com/nrepai - - name: csongnr - url: https://github.com/csongnr - - name: vuqtran88 - url: https://github.com/vuqtran88 - - name: xqi-nr - url: https://github.com/xqi-nr - -keywords: - - infrastructure - - newrelic - - monitoring diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md deleted file mode 100644 index afda8a867..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md +++ /dev/null @@ -1,144 +0,0 @@ -[![New Relic Experimental header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Experimental.png)](https://opensource.newrelic.com/oss-category/#new-relic-experimental) - -# newrelic-k8s-metrics-adapter - -A Helm chart to deploy the New Relic Kubernetes Metrics Adapter. - -**Homepage:** - -## Source Code - -* -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm-charts.newrelic.com | common-library | 1.1.1 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | Node affinity to use for scheduling. | -| apiServicePatchJob.image | object | See `values.yaml`. | Registry, repository, tag, and pull policy for the job container image. | -| apiServicePatchJob.volumeMounts | list | `[]` | Additional Volume mounts for Cert Job, you might want to mount tmp if Pod Security Policies. | -| apiServicePatchJob.volumes | list | `[]` | Additional Volumes for Cert Job. | -| certManager.enabled | bool | `false` | Use cert manager for APIService certs, rather than the built-in patch job. | -| config.accountID | string | `nil` | New Relic [Account ID](https://docs.newrelic.com/docs/accounts/accounts-billing/account-structure/account-id/) where the configured metrics are sourced from. (**Required**) | -| config.cacheTTLSeconds | int | `30` | Period of time in seconds in which a cached value of a metric is consider valid. | -| config.externalMetrics | string | See `values.yaml` | Contains all the external metrics definition of the adapter. Each key of the externalMetric entry represents the metric name and contains the parameters that defines it. | -| config.region | string | Automatically detected from `licenseKey`. | New Relic account region. If not set, it will be automatically derived from the License Key. | -| containerSecurityContext | string | `nil` | Configure containerSecurityContext | -| extraEnv | list | `[]` | Array to add extra environment variables | -| extraEnvFrom | list | `[]` | Array to add extra envFrom | -| extraVolumeMounts | list | `[]` | Add extra volume mounts | -| extraVolumes | list | `[]` | Array to add extra volumes | -| fullnameOverride | string | `""` | To fully override common.naming.fullname | -| image | object | See `values.yaml`. | Registry, repository, tag, and pull policy for the container image. | -| image.pullSecrets | list | `[]` | The image pull secrets. | -| nodeSelector | object | `{}` | Node label to use for scheduling. | -| personalAPIKey | string | `nil` | New Relic [Personal API Key](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key) (stored in a secret). Used to connect to NerdGraph in order to fetch the configured metrics. (**Required**) | -| podAnnotations | string | `nil` | Additional annotations to apply to the pod(s). | -| podSecurityContext | string | `nil` | Configure podSecurityContext | -| proxy | string | `nil` | Configure proxy for the metrics-adapter. | -| rbac.pspEnabled | bool | `false` | Whether the chart should create Pod Security Policy objects. | -| replicas | int | `1` | Number of replicas in the deployment. | -| resources | object | See `values.yaml` | Resources you wish to assign to the pod. | -| serviceAccount.create | string | `true` | Specifies whether a ServiceAccount should be created for the job and the deployment. false avoids creation, true or empty will create the ServiceAccount | -| serviceAccount.name | string | Automatically generated. | If `serviceAccount.create` this will be the name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template. If create is false, a serviceAccount with the given name must exist | -| tolerations | list | `[]` | List of node taints to tolerate (requires Kubernetes >= 1.6) | -| verboseLog | bool | `false` | Enable metrics adapter verbose logs. | - -## Example - -Make sure you have [added the New Relic chart repository.](../../README.md#install) - -Because of metrics configuration, we recommend to use an external values file to deploy the chart. An example with the required parameters looks like: - -```yaml -cluster: ClusterName -personalAPIKey: -config: - accountID: - externalMetrics: - nginx_average_requests: - query: "FROM Metric SELECT average(nginx.server.net.requestsPerSecond) SINCE 2 MINUTES AGO" -``` - -Then, to install this chart, run the following command: - -```sh -helm upgrade --install [release-name] newrelic/newrelic-k8s-metrics-adapter --values [values file path] -``` - -Once deployed the metric `nginx_average_requests` will be available to use by any HPA. This is and example of an HPA yaml using this metric: - -```yaml -kind: HorizontalPodAutoscaler -apiVersion: autoscaling/v2beta2 -metadata: - name: nginx-scaler -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: nginx - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: External - external: - metric: - name: nginx_average_requests - selector: - matchLabels: - k8s.namespaceName: nginx - target: - type: Value - value: 10000 -``` - -The NRQL query that will be run to get the `nginx_average_requests` value will be: - -```sql -FROM Metric SELECT average(nginx.server.net.requestsPerSecond) WHERE clusterName='ClusterName' AND `k8s.namespaceName`='nginx' SINCE 2 MINUTES AGO -``` - -## External Metrics - -An example of multiple external metrics defined: - -```yaml -externalMetrics: - nginx_average_requests: - query: "FROM Metric SELECT average(nginx.server.net.requestsPerSecond) SINCE 2 MINUTES AGO" - container_average_cores_utilization: - query: "FROM Metric SELECT average(`k8s.container.cpuCoresUtilization`) SINCE 2 MINUTES AGO" -``` - -## Resources - -The default set of resources assigned to the newrelic-k8s-metrics-adapter pods is shown below: - -```yaml -resources: - limits: - memory: 80M - requests: - cpu: 100m - memory: 30M -``` - -## Maintainers - -* [nserrino](https://github.com/nserrino) -* [philkuz](https://github.com/philkuz) -* [htroisi](https://github.com/htroisi) -* [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) -* [nrepai](https://github.com/nrepai) -* [csongnr](https://github.com/csongnr) -* [vuqtran88](https://github.com/vuqtran88) -* [xqi-nr](https://github.com/xqi-nr) diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl deleted file mode 100644 index b841c4f60..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl +++ /dev/null @@ -1,107 +0,0 @@ -[![New Relic Experimental header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Experimental.png)](https://opensource.newrelic.com/oss-category/#new-relic-experimental) - -{{ template "chart.header" . }} -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - -## Example - -Make sure you have [added the New Relic chart repository.](../../README.md#install) - -Because of metrics configuration, we recommend to use an external values file to deploy the chart. An example with the required parameters looks like: - -```yaml -cluster: ClusterName -personalAPIKey: -config: - accountID: - externalMetrics: - nginx_average_requests: - query: "FROM Metric SELECT average(nginx.server.net.requestsPerSecond) SINCE 2 MINUTES AGO" -``` - -Then, to install this chart, run the following command: - -```sh -helm upgrade --install [release-name] newrelic/newrelic-k8s-metrics-adapter --values [values file path] -``` - -Once deployed the metric `nginx_average_requests` will be available to use by any HPA. This is and example of an HPA yaml using this metric: - -```yaml -kind: HorizontalPodAutoscaler -apiVersion: autoscaling/v2beta2 -metadata: - name: nginx-scaler -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: nginx - minReplicas: 1 - maxReplicas: 10 - metrics: - - type: External - external: - metric: - name: nginx_average_requests - selector: - matchLabels: - k8s.namespaceName: nginx - target: - type: Value - value: 10000 -``` - -The NRQL query that will be run to get the `nginx_average_requests` value will be: - -```sql -FROM Metric SELECT average(nginx.server.net.requestsPerSecond) WHERE clusterName='ClusterName' AND `k8s.namespaceName`='nginx' SINCE 2 MINUTES AGO -``` - -## External Metrics - -An example of multiple external metrics defined: - -```yaml -externalMetrics: - nginx_average_requests: - query: "FROM Metric SELECT average(nginx.server.net.requestsPerSecond) SINCE 2 MINUTES AGO" - container_average_cores_utilization: - query: "FROM Metric SELECT average(`k8s.container.cpuCoresUtilization`) SINCE 2 MINUTES AGO" -``` - -## Resources - -The default set of resources assigned to the newrelic-k8s-metrics-adapter pods is shown below: - -```yaml -resources: - limits: - memory: 80M - requests: - cpu: 100m - memory: 30M -``` - -{{ if .Maintainers }} -## Maintainers -{{ range .Maintainers }} -{{- if .Name }} -{{- if .Url }} -* [{{ .Name }}]({{ .Url }}) -{{- else }} -* {{ .Name }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/ci/test-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/ci/test-values.yaml deleted file mode 100644 index 60f9f3f09..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/ci/test-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -global: - cluster: test-cluster - -personalAPIKey: "a21321" -verboseLog: false - -config: - accountID: 111 - region: EU - -image: - repository: e2e/newrelic-metrics-adapter - tag: "test" # Defaults to AppVersion diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/_helpers.tpl b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/_helpers.tpl deleted file mode 100644 index 6a5f76503..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/_helpers.tpl +++ /dev/null @@ -1,57 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- /* Allow to change pod defaults dynamically based if we are running in privileged mode or not */ -}} -{{- define "newrelic-k8s-metrics-adapter.securityContext.pod" -}} -{{- if include "newrelic.common.securityContext.pod" . -}} -{{- include "newrelic.common.securityContext.pod" . -}} -{{- else -}} -fsGroup: 1001 -runAsUser: 1001 -runAsGroup: 1001 -{{- end -}} -{{- end -}} - - - -{{/* -Select a value for the region -When this value is empty the New Relic client region will be the default 'US' -*/}} -{{- define "newrelic-k8s-metrics-adapter.region" -}} -{{- if .Values.config.region -}} - {{- .Values.config.region | upper -}} -{{- else if (include "newrelic.common.nrStaging" .) -}} -Staging -{{- else if hasPrefix "eu" (include "newrelic.common.license._licenseKey" .) -}} -EU -{{- end -}} -{{- end -}} - - - -{{- /* -Naming helpers -*/ -}} -{{- define "newrelic-k8s-metrics-adapter.name.apiservice" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "apiservice") }} -{{- end -}} - -{{- define "newrelic-k8s-metrics-adapter.name.apiservice.serviceAccount" -}} -{{- if include "newrelic.common.serviceAccount.create" . -}} - {{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "apiservice") -}} -{{- else -}} - {{- include "newrelic.common.serviceAccount.name" . -}} -{{- end -}} -{{- end -}} - -{{- define "newrelic-k8s-metrics-adapter.name.apiservice-create" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "apiservice-create") }} -{{- end -}} - -{{- define "newrelic-k8s-metrics-adapter.name.apiservice-patch" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "apiservice-patch") }} -{{- end -}} - -{{- define "newrelic-k8s-metrics-adapter.name.hpa-controller" -}} -{{ include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "hpa-controller") }} -{{- end -}} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-clusterrolebinding.yaml deleted file mode 100644 index 40bcba8b6..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "newrelic.common.naming.fullname" . }}:system:auth-delegator - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ include "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-rolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-rolebinding.yaml deleted file mode 100644 index afb5d2d55..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/adapter-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "newrelic.common.naming.fullname" . }} - namespace: kube-system - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ include "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/apiservice.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/apiservice.yaml deleted file mode 100644 index 8f01b6407..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/apiservice.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1beta1.external.metrics.k8s.io - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -{{- if .Values.certManager.enabled }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "newrelic.common.naming.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "newrelic.common.naming.fullname" .) | quote }} -{{- end }} -spec: - service: - name: {{ include "newrelic.common.naming.fullname" . }} - namespace: {{ .Release.Namespace }} - group: external.metrics.k8s.io - version: v1beta1 - groupPriorityMinimum: 100 - versionPriority: 100 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrole.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrole.yaml deleted file mode 100644 index 5c364eb37..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -rules: - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - update -{{- if .Values.rbac.pspEnabled }} - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} -{{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrolebinding.yaml deleted file mode 100644 index 8aa95792e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} -subjects: - - kind: ServiceAccount - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice.serviceAccount" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-createSecret.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-createSecret.yaml deleted file mode 100644 index 51b30809d..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-createSecret.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice-create" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - template: - metadata: - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice-create" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 8 }} - spec: - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.image.pullSecrets) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - containers: - - name: create - image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.apiServicePatchJob.image "context" .) }} - imagePullPolicy: {{ .Values.apiServicePatchJob.image.pullPolicy }} - args: - - create - - --host={{ include "newrelic.common.naming.fullname" . }},{{ include "newrelic.common.naming.fullname" . }}.{{ .Release.Namespace }}.svc - - --namespace={{ .Release.Namespace }} - - --secret-name={{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - - --cert-name=tls.crt - - --key-name=tls.key - {{- with .Values.apiServicePatchJob.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.apiServicePatchJob.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - restartPolicy: OnFailure - serviceAccountName: {{ include "newrelic-k8s-metrics-adapter.name.apiservice.serviceAccount" . }} - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - {{- with include "newrelic.common.nodeSelector" . }} - nodeSelector: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-patchAPIService.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-patchAPIService.yaml deleted file mode 100644 index ed44a70ae..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/job-patchAPIService.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice-patch" . }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - template: - metadata: - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice-patch" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 8 }} - spec: - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.image.pullSecrets) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - containers: - - name: patch - image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.apiServicePatchJob.image "context" .) }} - imagePullPolicy: {{ .Values.apiServicePatchJob.image.pullPolicy }} - args: - - patch - - --namespace={{ .Release.Namespace }} - - --secret-name={{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - - --apiservice-name=v1beta1.external.metrics.k8s.io - {{- with .Values.apiServicePatchJob.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.apiServicePatchJob.volumes }} - volumes: - {{- toYaml . | nindent 6 }} - {{- end }} - restartPolicy: OnFailure - serviceAccountName: {{ include "newrelic-k8s-metrics-adapter.name.apiservice.serviceAccount" . }} - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - {{- with include "newrelic.common.nodeSelector" . }} - nodeSelector: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/psp.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/psp.yaml deleted file mode 100644 index 1dd6bc1a6..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled) (.Values.rbac.pspEnabled)) }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - privileged: false - # Required to prevent escalations to root. - # allowPrivilegeEscalation: false - # This is redundant with non-root + disallow privilege escalation, - # but we can provide it for defense in depth. - # requiredDropCapabilities: - # - ALL - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/role.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/role.yaml deleted file mode 100644 index 1e870e082..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/rolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/rolebinding.yaml deleted file mode 100644 index cbe8bdb72..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if (and (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} -subjects: - - kind: ServiceAccount - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice.serviceAccount" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/serviceaccount.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/serviceaccount.yaml deleted file mode 100644 index 68a3cfd73..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/apiservice/job-patch/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $createServiceAccount := include "newrelic.common.serviceAccount.create" . -}} -{{- if (and $createServiceAccount (not .Values.customTLSCertificate) (not .Values.certManager.enabled)) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic-k8s-metrics-adapter.name.apiservice.serviceAccount" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - # When hooks are sorted by weight and name, kind order gets overwritten, - # then this serviceAccount doesn't get created before dependent objects causing a failure. - # This weight is set, forcing it always to get created before the other objects. - # We submitted this PR to fix the issue: https://github.com/helm/helm/pull/10787 - "helm.sh/hook-weight": "-1" - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/configmap.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/configmap.yaml deleted file mode 100644 index adf4f2747..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -data: - config.yaml: | - accountID: {{ .Values.config.accountID | required "config.accountID is required" }} - {{- with (include "newrelic-k8s-metrics-adapter.region" .) }} - region: {{ . }} - {{- end }} - cacheTTLSeconds: {{ .Values.config.cacheTTLSeconds | default "0" }} - {{- with .Values.config.externalMetrics }} - externalMetrics: - {{- toYaml . | nindent 6 }} - {{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/deployment.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/deployment.yaml deleted file mode 100644 index cbe625dbf..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/deployment.yaml +++ /dev/null @@ -1,114 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - labels: - {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} - spec: - serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }} - {{- with include "newrelic-k8s-metrics-adapter.securityContext.pod" . }} - securityContext: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.image.pullSecrets) "context" .) }} - imagePullSecrets: - {{- . | nindent 8 }} - {{- end }} - containers: - - name: {{ include "newrelic.common.naming.name" . }} - image: {{ include "newrelic.common.images.image" ( dict "imageRoot" .Values.image "context" .) }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- with include "newrelic.common.securityContext.container" . }} - securityContext: - {{- . | nindent 10 }} - {{- end }} - args: - - --tls-cert-file=/tmp/k8s-metrics-adapter/serving-certs/tls.crt - - --tls-private-key-file=/tmp/k8s-metrics-adapter/serving-certs/tls.key - {{- if .Values.verboseLog }} - - --v=10 - {{- else }} - - --v=1 - {{- end }} - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 6443 - initialDelaySeconds: 1 - {{- if .Values.resources }} - resources: - {{- toYaml .Values.resources | nindent 10 }} - {{- end }} - env: - - name: CLUSTER_NAME - value: {{ include "newrelic.common.cluster" . }} - - name: NEWRELIC_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "newrelic.common.naming.fullname" . }} - key: personalAPIKey - {{- with (include "newrelic.common.proxy" .) }} - - name: HTTPS_PROXY - value: {{ . }} - {{- end }} - {{- with .Values.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.extraEnvFrom }} - envFrom: {{ toYaml . | nindent 8 }} - {{- end }} - volumeMounts: - - name: tls-key-cert-pair - mountPath: /tmp/k8s-metrics-adapter/serving-certs/ - - name: config - mountPath: /etc/newrelic/adapter/ - {{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: tls-key-cert-pair - secret: - secretName: {{ include "newrelic-k8s-metrics-adapter.name.apiservice" . }} - - name: config - configMap: - name: {{ include "newrelic.common.naming.fullname" . }} - {{- with .Values.extraVolumes }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with include "newrelic.common.priorityClassName" . }} - priorityClassName: {{ . }} - {{- end }} - {{- with include "newrelic.common.nodeSelector" . }} - nodeSelector: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 }} - {{- end }} - {{- with include "newrelic.common.affinity" . }} - affinity: - {{- . | nindent 8 }} - {{- end }} - hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }} - {{- with include "newrelic.common.dnsConfig" . }} - dnsConfig: - {{- . | nindent 8 }} - {{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrole.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrole.yaml deleted file mode 100644 index 402fece01..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrole.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "newrelic.common.naming.fullname" . }}:external-metrics - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -rules: -- apiGroups: - - external.metrics.k8s.io - resources: - - "*" - verbs: - - list - - get - - watch diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrolebinding.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrolebinding.yaml deleted file mode 100644 index 390fab452..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/hpa-clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "newrelic-k8s-metrics-adapter.name.hpa-controller" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "newrelic.common.naming.fullname" . }}:external-metrics -subjects: -- kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/secret.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/secret.yaml deleted file mode 100644 index 09a70ab65..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -type: Opaque -stringData: - personalAPIKey: {{ .Values.personalAPIKey | required "personalAPIKey must be set" | quote }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/service.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/service.yaml deleted file mode 100644 index 82015830c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "newrelic.common.naming.fullname" . }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} -spec: - ports: - - port: 443 - targetPort: 6443 - selector: - {{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/serviceaccount.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/serviceaccount.yaml deleted file mode 100644 index b1e74523e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if include "newrelic.common.serviceAccount.create" . -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- if include "newrelic.common.serviceAccount.annotations" . }} - annotations: - {{- include "newrelic.common.serviceAccount.annotations" . | nindent 4 }} - {{- end }} - labels: - {{- include "newrelic.common.labels" . | nindent 4 }} - name: {{ include "newrelic.common.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/apiservice_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/apiservice_test.yaml deleted file mode 100644 index 086160edc..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/apiservice_test.yaml +++ /dev/null @@ -1,22 +0,0 @@ -suite: test naming helper for APIService's certmanager annotations and service name -templates: - - templates/apiservice/apiservice.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: Annotations are correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 11111111 - certManager: - enabled: true - asserts: - - matchRegex: - path: metadata.annotations["certmanager.k8s.io/inject-ca-from"] - pattern: ^my-namespace\/.*-root-cert - - matchRegex: - path: metadata.annotations["cert-manager.io/inject-ca-from"] - pattern: ^my-namespace\/.*-root-cert diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/common_extra_naming_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/common_extra_naming_test.yaml deleted file mode 100644 index 82098ba1c..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/common_extra_naming_test.yaml +++ /dev/null @@ -1,27 +0,0 @@ -suite: test naming helpers -templates: - - templates/adapter-clusterrolebinding.yaml - - templates/hpa-clusterrole.yaml - - templates/hpa-clusterrolebinding.yaml - - templates/apiservice/job-patch/clusterrole.yaml - - templates/apiservice/job-patch/clusterrolebinding.yaml - - templates/apiservice/job-patch/job-createSecret.yaml - - templates/apiservice/job-patch/job-patchAPIService.yaml - - templates/apiservice/job-patch/psp.yaml - - templates/apiservice/job-patch/rolebinding.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: default values has its name correctly defined - set: - cluster: test-cluster - personalAPIKey: 21321 - config: - accountID: 11111111 - rbac: - pspEnabled: true - asserts: - - matchRegex: - path: metadata.name - pattern: ^.*(-apiservice|-hpa-controller|:external-metrics|:system:auth-delegator) diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/configmap_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/configmap_test.yaml deleted file mode 100644 index 71b0532fe..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/configmap_test.yaml +++ /dev/null @@ -1,98 +0,0 @@ -suite: test configmap region helper and externalMetrics -templates: - - templates/configmap.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: has the correct region when defined in local values - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - equal: - path: data["config.yaml"] - value: | - accountID: 111 - region: A-REGION - cacheTTLSeconds: 30 - - it: has the correct region when global staging - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - global: - nrStaging: true - asserts: - - equal: - path: data["config.yaml"] - value: | - accountID: 111 - region: Staging - cacheTTLSeconds: 30 - - it: has the correct region when global values and licenseKey is from eu - set: - personalAPIKey: 21321 - licenseKey: eu-whatever - cluster: test-cluster - config: - accountID: 111 - global: - aRandomGlobalValue: true - asserts: - - equal: - path: data["config.yaml"] - value: | - accountID: 111 - region: EU - cacheTTLSeconds: 30 - - it: has the correct region when no global values exist and licenseKey is from eu - set: - personalAPIKey: 21321 - cluster: test-cluster - licenseKey: eu-whatever - config: - accountID: 111 - asserts: - - equal: - path: data["config.yaml"] - value: | - accountID: 111 - region: EU - cacheTTLSeconds: 30 - - it: has no region when not defined and licenseKey is not from eu - set: - personalAPIKey: 21321 - cluster: test-cluster - licenseKey: us-whatever - config: - accountID: 111 - asserts: - - equal: - path: data["config.yaml"] - value: | - accountID: 111 - cacheTTLSeconds: 30 - - it: has externalMetrics when defined - set: - personalAPIKey: 21321 - cluster: test-cluster - licenseKey: us-whatever - config: - accountID: 111 - externalMetrics: - nginx_average_requests: - query: "FROM Metric SELECT average(nginx.server.net.requestsPerSecond)" - asserts: - - equal: - path: data["config.yaml"] - value: | - accountID: 111 - cacheTTLSeconds: 30 - externalMetrics: - nginx_average_requests: - query: FROM Metric SELECT average(nginx.server.net.requestsPerSecond) diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/deployment_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/deployment_test.yaml deleted file mode 100644 index e983a7519..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/deployment_test.yaml +++ /dev/null @@ -1,68 +0,0 @@ -suite: test deployent images -release: - name: my-release - namespace: my-namespace -tests: - - it: has the correct image - set: - global: - cluster: test-cluster - personalAPIKey: 21321 - image: - repository: newrelic/newrelic-k8s-metrics-adapter - tag: "latest" - pullSecrets: - - name: regsecret - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: spec.template.spec.containers[0].image - pattern: ^.*newrelic/newrelic-k8s-metrics-adapter:latest - template: templates/deployment.yaml - - equal: - path: spec.template.spec.imagePullSecrets - value: - - name: regsecret - template: templates/deployment.yaml - - it: correctly uses the cluster helper - set: - personalAPIKey: 21321 - config: - accountID: 111 - region: A-REGION - cluster: a-cluster - asserts: - - equal: - path: spec.template.spec.containers[0].env[0].value - value: a-cluster - template: templates/deployment.yaml - - it: correctly uses common.securityContext.podDefaults - set: - personalAPIKey: 21321 - config: - accountID: 111 - region: A-REGION - cluster: a-cluster - asserts: - - equal: - path: spec.template.spec.securityContext - value: - fsGroup: 1001 - runAsGroup: 1001 - runAsUser: 1001 - template: templates/deployment.yaml - - it: correctly uses common.proxy - set: - personalAPIKey: 21321 - config: - accountID: 111 - region: A-REGION - cluster: a-cluster - proxy: localhost:1234 - asserts: - - equal: - path: spec.template.spec.containers[0].env[2].value - value: localhost:1234 - template: templates/deployment.yaml diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/hpa_clusterrolebinding_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/hpa_clusterrolebinding_test.yaml deleted file mode 100644 index 4fba87fbe..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/hpa_clusterrolebinding_test.yaml +++ /dev/null @@ -1,18 +0,0 @@ -suite: test naming helper for clusterRolebBinding roleRef -templates: - - templates/hpa-clusterrolebinding.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: roleRef.name has its name correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: roleRef.name - pattern: ^.*:external-metrics diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_cluster_rolebinding_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_cluster_rolebinding_test.yaml deleted file mode 100644 index dd582313e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_cluster_rolebinding_test.yaml +++ /dev/null @@ -1,22 +0,0 @@ -suite: test job-patch RoleBinding and ClusterRoleBinding rendering and roleRef/Subjects names -templates: - - templates/apiservice/job-patch/rolebinding.yaml - - templates/apiservice/job-patch/clusterrolebinding.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: roleRef apiGroup and Subjets are correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: roleRef.name - pattern: ^.*-apiservice - - matchRegex: - path: subjects[0].name - pattern: ^.*-apiservice diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_clusterrole_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_clusterrole_test.yaml deleted file mode 100644 index 33a1eaa73..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_clusterrole_test.yaml +++ /dev/null @@ -1,20 +0,0 @@ -suite: test job-patch clusterRole rule resourceName and rendering -templates: - - templates/apiservice/job-patch/clusterrole.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: PodSecurityPolicy rule resourceName is correctly defined - set: - rbac: - pspEnabled: true - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: rules[1].resourceNames[0] - pattern: ^.*-apiservice diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_common_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_common_test.yaml deleted file mode 100644 index 91cd791d1..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_common_test.yaml +++ /dev/null @@ -1,27 +0,0 @@ -suite: test labels and rendering for job-batch objects -templates: - - templates/apiservice/job-patch/clusterrole.yaml - - templates/apiservice/job-patch/clusterrolebinding.yaml - - templates/apiservice/job-patch/job-createSecret.yaml - - templates/apiservice/job-patch/job-patchAPIService.yaml - - templates/apiservice/job-patch/psp.yaml - - templates/apiservice/job-patch/role.yaml - - templates/apiservice/job-patch/rolebinding.yaml - - templates/apiservice/job-patch/serviceaccount.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: If customTLSCertificate and Certmanager enabled do not render - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - customTLSCertificate: a-tls-cert - certManager: - enabled: true - asserts: - - hasDocuments: - count: 0 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_createsecret_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_createsecret_test.yaml deleted file mode 100644 index 6db79234f..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_createsecret_test.yaml +++ /dev/null @@ -1,47 +0,0 @@ -suite: test naming helper for job-createSecret -templates: - - templates/apiservice/job-patch/job-createSecret.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: spec metadata name is is correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - equal: - path: spec.template.metadata.name - value: my-release-newrelic-k8s-metrics-adapter-apiservice-create - - it: container args are correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: spec.template.spec.containers[0].args[1] - pattern: --host=.*,.*\.my-namespace.svc - - matchRegex: - path: spec.template.spec.containers[0].args[3] - pattern: --secret-name=.*-apiservice - - it: has the correct image - set: - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - personalAPIKey: 21321 - apiServicePatchJob: - image: - repository: registry.k8s.io/ingress-nginx/kube-webhook-certgen - tag: "latest" - asserts: - - matchRegex: - path: spec.template.spec.containers[0].image - pattern: ^.*registry.k8s.io/ingress-nginx/kube-webhook-certgen:latest diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_patchapiservice_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_patchapiservice_test.yaml deleted file mode 100644 index 0be083313..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_patch_job_patchapiservice_test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -suite: test naming helper for job-patchAPIService -templates: - - templates/apiservice/job-patch/job-patchAPIService.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: spec metadata name is is correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: spec.template.metadata.name - pattern: .*-apiservice-patch$ - - it: container args are correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: spec.template.spec.containers[0].args[2] - pattern: ^--secret-name=.*-apiservice - - - it: serviceAccountName is correctly defined - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - asserts: - - matchRegex: - path: spec.template.spec.serviceAccountName - pattern: .*-apiservice$ - - it: has the correct image - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - apiServicePatchJob: - image: - repository: registry.k8s.io/ingress-nginx/kube-webhook-certgen - tag: "latest" - asserts: - - matchRegex: - path: spec.template.spec.containers[0].image - pattern: .*registry.k8s.io/ingress-nginx/kube-webhook-certgen:latest$ diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_serviceaccount_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_serviceaccount_test.yaml deleted file mode 100644 index 6c72439a5..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/job_serviceaccount_test.yaml +++ /dev/null @@ -1,50 +0,0 @@ -suite: test job' serviceAccount -templates: - - templates/apiservice/job-patch/job-createSecret.yaml - - templates/apiservice/job-patch/job-patchAPIService.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: RBAC points to the service account that is created by default - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - rbac.create: true - serviceAccount.create: true - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: my-release-newrelic-k8s-metrics-adapter-apiservice - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - rbac.create: true - serviceAccount.create: false - serviceAccount.name: sa-test - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: sa-test - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - rbac.create: true - serviceAccount.create: false - asserts: - - equal: - path: spec.template.spec.serviceAccountName - value: default diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/rbac_test.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/rbac_test.yaml deleted file mode 100644 index 78884c022..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/tests/rbac_test.yaml +++ /dev/null @@ -1,50 +0,0 @@ -suite: test RBAC creation -templates: - - templates/apiservice/job-patch/rolebinding.yaml - - templates/apiservice/job-patch/clusterrolebinding.yaml -release: - name: my-release - namespace: my-namespace -tests: - - it: RBAC points to the service account that is created by default - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - rbac.create: true - serviceAccount.create: true - asserts: - - equal: - path: subjects[0].name - value: my-release-newrelic-k8s-metrics-adapter-apiservice - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - rbac.create: true - serviceAccount.create: false - serviceAccount.name: sa-test - asserts: - - equal: - path: subjects[0].name - value: sa-test - - - it: RBAC points to the service account the user supplies when serviceAccount is disabled - set: - personalAPIKey: 21321 - cluster: test-cluster - config: - accountID: 111 - region: A-REGION - rbac.create: true - serviceAccount.create: false - asserts: - - equal: - path: subjects[0].name - value: default diff --git a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/values.yaml deleted file mode 100644 index 32ac5b1a2..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-k8s-metrics-adapter/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# IMPORTANT: The Kubernetes cluster name -# https://docs.newrelic.com/docs/kubernetes-monitoring-integration -# -# licenseKey: -# cluster: -# IMPORTANT: the previous values can also be set as global so that they -# can be shared by other newrelic product's charts. -# -# global: -# licenseKey: -# cluster: -# nrStaging: - -# -- New Relic [Personal API Key](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key) (stored in a secret). Used to connect to NerdGraph in order to fetch the configured metrics. (**Required**) -personalAPIKey: - -# -- Enable metrics adapter verbose logs. -verboseLog: false - -config: - # -- New Relic [Account ID](https://docs.newrelic.com/docs/accounts/accounts-billing/account-structure/account-id/) where the configured metrics are sourced from. (**Required**) - accountID: - - # config.region -- New Relic account region. If not set, it will be automatically derived from the License Key. - # @default -- Automatically detected from `licenseKey`. - region: - # For US-based accounts, the region is: `US`. - # For EU-based accounts, the region is: `EU`. - # For Staging accounts, the region is: 'Staging' this is also automatically derived form `global.nrStaging` - - - # config.cacheTTLSeconds -- Period of time in seconds in which a cached value of a metric is consider valid. - cacheTTLSeconds: 30 - # Not setting it or setting it to '0' disables the cache. - - # config.externalMetrics -- Contains all the external metrics definition of the adapter. Each key of the externalMetric entry represents the metric name and contains the parameters that defines it. - # @default -- See `values.yaml` - externalMetrics: - # Names cannot contain uppercase characters and - # "/" or "%" characters. - # my_external_metric_name_example: - # - # NRQL query that will executed to obtain the metric value. - # The query must return just one value so is recommended to use aggregator functions like average or latest. - # Default time span for aggregator func is 1h so is recommended to use the SINCE clause to reduce the time span. - # query: "FROM Metric SELECT average(`k8s.container.cpuCoresUtilization`) SINCE 2 MINUTES AGO" - # - # By default a cluster filter is added to the query to ensure no cross cluster metrics are taking into account. - # The added filter is equivalent to WHERE `clusterName`=. - # If metrics are not from the cluster use removeClusterFilter. Default value for this parameter is false. - # removeClusterFilter: false - -# image -- Registry, repository, tag, and pull policy for the container image. -# @default -- See `values.yaml`. -image: - registry: - repository: newrelic/newrelic-k8s-metrics-adapter - tag: "" - pullPolicy: IfNotPresent - # It is possible to specify docker registry credentials. - # See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # image.pullSecrets -- The image pull secrets. - pullSecrets: [] - # - name: regsecret - -# -- Number of replicas in the deployment. -replicas: 1 - -# -- Resources you wish to assign to the pod. -# @default -- See `values.yaml` -resources: - limits: - memory: 80M - requests: - cpu: 100m - memory: 30M - -serviceAccount: - # -- Specifies whether a ServiceAccount should be created for the job and the deployment. - # false avoids creation, true or empty will create the ServiceAccount - # @default -- `true` - create: - # -- If `serviceAccount.create` this will be the name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template. - # If create is false, a serviceAccount with the given name must exist - # @default -- Automatically generated. - name: - -# -- Configure podSecurityContext -podSecurityContext: - -# -- Configure containerSecurityContext -containerSecurityContext: - -# -- Array to add extra environment variables -extraEnv: [] -# -- Array to add extra envFrom -extraEnvFrom: [] -# -- Array to add extra volumes -extraVolumes: [] -# -- Add extra volume mounts -extraVolumeMounts: [] - -# -- Additional annotations to apply to the pod(s). -podAnnotations: - -# Due to security restrictions, some users might require to use a https proxy to route traffic over the internet. -# In this specific case, when the metrics adapter sends a request to the New Relic backend. If this is the case -# for you, set this value to your http proxy endpoint. -# -- Configure proxy for the metrics-adapter. -proxy: - -# Pod scheduling priority -# Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -# priorityClassName: high-priority - -# fullnameOverride -- To fully override common.naming.fullname -fullnameOverride: "" -# -- Node affinity to use for scheduling. -affinity: {} -# -- Node label to use for scheduling. -nodeSelector: {} -# -- List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -apiServicePatchJob: - # apiServicePatchJob.image -- Registry, repository, tag, and pull policy for the job container image. - # @default -- See `values.yaml`. - image: - registry: # defaults to registry.k8s.io - repository: ingress-nginx/kube-webhook-certgen - tag: v1.3.0 - pullPolicy: IfNotPresent - - # -- Additional Volumes for Cert Job. - volumes: [] - # - name: tmp - # emptyDir: {} - - # -- Additional Volume mounts for Cert Job, you might want to mount tmp if Pod Security Policies. - volumeMounts: [] - # - name: tmp - # mountPath: /tmp - # Enforce a read-only root. - -certManager: - # -- Use cert manager for APIService certs, rather than the built-in patch job. - enabled: false - -rbac: - # rbac.pspEnabled -- Whether the chart should create Pod Security Policy objects. - pspEnabled: false diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.lock b/addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.lock deleted file mode 100644 index 339365e43..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common-library - repository: https://helm-charts.newrelic.com - version: 1.1.1 -digest: sha256:3c9053021f3c22aa3cdfc6781d3498bcbedb0b973af9121b1722469744fb5162 -generated: "2023-03-21T22:34:27.606266389Z" diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.yaml b/addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.yaml deleted file mode 100644 index c3ac0a501..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -description: A Helm chart to deploy New Relic Kubernetes Logging as a DaemonSet, supporting both Linux and Windows nodes and containers -name: newrelic-logging -version: 1.14.1 -appVersion: 1.16.0 -home: https://github.com/newrelic/kubernetes-logging -icon: https://newrelic.com/assets/newrelic/source/NewRelic-logo-square.svg -maintainers: - - name: jsubirat - email: logging-team@newrelic.com - - name: danybmx - - name: sdaubin -keywords: - - logging - - newrelic -dependencies: - - name: common-library - version: 1.1.1 - repository: "https://helm-charts.newrelic.com" diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/README.md b/addons/nri-bundle-deprecated/charts/newrelic-logging/README.md deleted file mode 100644 index 2ede2e689..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/README.md +++ /dev/null @@ -1,227 +0,0 @@ -# newrelic-logging - -## Chart Details - -New Relic offers a [Fluent Bit](https://fluentbit.io/) output [plugin](https://github.com/newrelic/newrelic-fluent-bit-output) to easily forward your logs to [New Relic Logs](https://docs.newrelic.com/docs/logs/new-relic-logs/get-started/introduction-new-relic-logs). This plugin is also provided in a standalone Docker image that can be installed in a [Kubernetes](https://kubernetes.io/) cluster in the form of a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/), which we refer as the Kubernetes plugin. - -This document explains how to install it in your cluster, either using a [Helm](https://helm.sh/) chart (recommended), or manually by applying Kubernetes manifests. - -## Installation - -### Install using the Helm chart (recommended) - - 1. Install Helm following the [official instructions](https://helm.sh/docs/intro/install/). - - 2. Add the New Relic official Helm chart repository following [these instructions](../../README.md#installing-charts) - - 3. Run the following command to install the New Relic Logging Kubernetes plugin via Helm, replacing the placeholder value `YOUR_LICENSE_KEY` with your [New Relic license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key): - * Helm 3 - ```sh - helm install newrelic-logging newrelic/newrelic-logging --set licenseKey=YOUR_LICENSE_KEY - ``` - * Helm 2 - ```sh - helm install newrelic/newrelic-logging --name newrelic-logging --set licenseKey=YOUR_LICENSE_KEY - ``` - -> For EU users, add `--set endpoint=https://log-api.eu.newrelic.com/log/v1 to any of the helm install commands above. - -> By default, tailing is set to `/var/log/containers/*.log`. To change this setting, provide your preferred path by adding `--set fluentBit.path=DESIRED_PATH` to any of the helm install commands above. - -### Install the Kubernetes manifests manually - - 1. Download the following 3 manifest files into your current working directory: - ```sh - curl https://raw.githubusercontent.com/newrelic/helm-charts/master/charts/newrelic-logging/k8s/fluent-conf.yml > fluent-conf.yml - curl https://raw.githubusercontent.com/newrelic/helm-charts/master/charts/newrelic-logging/k8s/new-relic-fluent-plugin.yml > new-relic-fluent-plugin.yml - curl https://raw.githubusercontent.com/newrelic/helm-charts/master/charts/newrelic-logging/k8s/rbac.yml > rbac.yml - ``` - - 2. In the downloaded `new-relic-fluent-plugin.yml` file, replace the placeholder value `LICENSE_KEY` with your [New Relic license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key). - > For EU users, replace the ENDPOINT environment variable to https://log-api.eu.newrelic.com/log/v1. - - 3. Once the License key has been added, run the following command in your terminal or command-line interface: - ```sh - kubectl apply -f . - ``` - - 4. [OPTIONAL] You can configure how the plugin parses the data by editing the [parsers.conf section in the fluent-conf.yml file](./k8s/fluent-conf.yml#L55-L70). For more information, see Fluent Bit's documentation on [Parsers configuration](https://docs.fluentbit.io/manual/pipeline/parsers). - > By default, tailing is set to `/var/log/containers/*.log`. To change this setting, replace the default path with your preferred path in the [new-relic-fluent-plugin.yml file](./k8s/new-relic-fluent-plugin.yml#L40). - -#### Proxy support - -Since Fluent Bit Kubernetes plugin is using [newrelic-fluent-bit-output](https://github.com/newrelic/newrelic-fluent-bit-output) we can configure the [proxy support](https://github.com/newrelic/newrelic-fluent-bit-output#proxy-support) in order to set up the proxy configuration. - -##### As environment variables - - 1. Complete the step 1 in [Install the Kubernetes manifests manually](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging#install-the-kubernetes-manifests-manually) - 2. Modify the `new-relic-fluent-plugin.yml` file. Add `HTTP_PROXY` or `HTTPS_PROXY` as environment variables: - ```yaml - ... - containers: - - name: newrelic-logging - env: - - name: ENDPOINT - value : "https://log-api.newrelic.com/log/v1" - - name: HTTP_PROXY - value : "http://http-proxy-hostname:PORT" # We must always specify the protocol (either http:// or https://) - ... - ``` - 3. Continue to the next steps - - ##### Custom proxy - - If you want to set up a custom proxy (eg. using self-signed certificate): - - 1. Complete the step 1 in [Install the Kubernetes manifests manually](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging#install-the-kubernetes-manifests-manually) - 2. Modify the `fluent-conf.yml` and define in the ConfigMap a `caBundle.pem` file with the self-signed certificate: - ```yaml - ... - [OUTPUT] - Name newrelic - Match * - licenseKey ${LICENSE_KEY} - endpoint ${ENDPOINT} - proxy https://https-proxy-hostname:PORT - caBundleFile ${CA_BUNDLE_FILE} - - caBundle.pem: | - -----BEGIN CERTIFICATE----- - MIIB+zCCAWSgAwIBAgIQTiHC/d/NhpHFptZCIoCbNzANBgkrhtiG9w0BAQsFADAS - MBAwDgYDVQQKEwdBY23lIENvMCAXDTcwMDEwMTYwMDBwMFoYDzIwODQwMTI5MTYw - ... - ekFR5glcUVWoFru+EMj4WKmbRATUe3cYQRCThzO2hQ== - -----END CERTIFICATE----- - ... - ``` - 3. Modify `new-relic-fluent-plugin.yml` and define the `CA_BUNDLE_FILE` environment variable pointing to the created ConfigMap file: - ```yaml - ... - containers: - - name: newrelic-logging - env: - - name: ENDPOINT - value : "https://log-api.newrelic.com/log/v1" - - name: CA_BUNDLE_FILE - value: /fluent-bit/etc/caBundle.pem - ... - ``` - 4. Continue to the next steps - -## Configuration - -See [values.yaml](values.yaml) for the default values - -| Parameter | Description | Default | -|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------| -| `global.cluster` - `cluster` | The cluster name for the Kubernetes cluster. | | -| `global.licenseKey` - `licenseKey` | The [license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key) for your New Relic Account. This will be the preferred configuration option if both `licenseKey` and `customSecret*` values are specified. | | -| `global.customSecretName` - `customSecretName` | Name of the Secret object where the license key is stored | | -| `global.customSecretLicenseKey` - `customSecretLicenseKey` | Key in the Secret object where the license key is stored. | | -| `global.fargate` | Must be set to `true` when deploying in an EKS Fargate environment. Prevents DaemonSet pods from being scheduled in Fargate nodes. | | -| `global.lowDataMode` - `lowDataMode` | If `true`, send minimal attributes on Kubernetes logs. Labels and annotations are not sent when lowDataMode is enabled. | `false` | -| `rbac.create` | Enable Role-based authentication | `true` | -| `rbac.pspEnabled` | Enable pod security policy support | `false` | -| `image.repository` | The container to pull. | `newrelic/newrelic-fluentbit-output` | -| `image.pullPolicy` | The pull policy. | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets. | `nil` | -| `image.tag` | The version of the container to pull. | See value in [values.yaml]` | -| `exposedPorts` | Any ports you wish to expose from the pod. Ex. 2020 for metrics | `[]` | -| `resources` | Any resources you wish to assign to the pod. | See Resources below | -| `priorityClassName` | Scheduling priority of the pod | `nil` | -| `nodeSelector` | Node label to use for scheduling on Linux nodes | `{ kubernetes.io/os: linux }` | -| `windowsNodeSelector` | Node label to use for scheduling on Windows nodes | `{ kubernetes.io/os: windows, node.kubernetes.io/windows-build: BUILD_NUMBER }` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | See Tolerations below | -| `updateStrategy` | Strategy for DaemonSet updates (requires Kubernetes >= 1.6) | `RollingUpdate` | -| `extraVolumeMounts` | Additional DaemonSet volume mounts | `[]` | -| `extraVolumes` | Additional DaemonSet volumes | `[]` | -| `initContainers` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) that will be executed before the actual container in charge of shipping logs to New Relic is initialized. Use this if you are using a custom Fluent Bit configuration that requires downloading certain files inside the volumes being accessed by the log-shipping pod. | `[]` | -| `windows.initContainers` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) that will be executed before the actual container in charge of shipping logs to New Relic is initialized. Use this if you are using a custom Fluent Bit configuration that requires downloading certain files inside the volumes being accessed by the log-shipping pod. | `[]` | -| `serviceAccount.create` | If true, a service account would be created and assigned to the deployment | `true` | -| `serviceAccount.name` | The service account to assign to the deployment. If `serviceAccount.create` is true then this name will be used when creating the service account | | -| `serviceAccount.annotations` | The annotations to add to the service account if `serviceAccount.create` is set to true. | | -| `global.nrStaging` - `nrStaging` | Send data to staging (requires a staging license key) | `false` | -| `fluentBit.criEnabled` | We assume that `kubelet`directly communicates with the Docker container engine. Set this to `true` if your K8s installation uses [CRI](https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/) instead, in order to get the logs properly parsed. | `false` | -| `fluentBit.k8sBufferSize` | Set the buffer size for HTTP client when reading responses from Kubernetes API server. A value of 0 results in no limit and the buffer will expand as needed. | `32k` | -| `fluentBit.k8sLoggingExclude` | Set to "On" to allow excluding pods by adding the annotation `fluentbit.io/exclude: "true"` to pods you wish to exclude. | `Off` | -| `fluentBit.additionalEnvVariables` | Additional environmental variables for fluentbit pods | `[]]` | -| `daemonSet.annotations` | The annotations to add to the `DaemonSet`. | | -| `podAnnotations` | The annotations to add to the `DaemonSet` created `Pod`s. | | -| `enableLinux` | Enable log collection from Linux containers. This is the default behavior. In case you are only interested of collecting logs from Windows containers, set this to `false`. | `true` | -| `enableWindows` | Enable log collection from Windows containers. Please refer to the [Windows support](#windows-support) section for more details. | `false` | -| `fluentBit.config.service` | Contains fluent-bit.conf Service config | | -| `fluentBit.config.inputs` | Contains fluent-bit.conf Inputs config | | -| `fluentBit.config.extraInputs` | Contains extra fluent-bit.conf Inputs config | | -| `fluentBit.config.filters` | Contains fluent-bit.conf Filters config | | -| `fluentBit.config.extraFilters` | Contains extra fluent-bit.conf Filters config | | -| `fluentBit.config.lowDataModeFilters` | Contains fluent-bit.conf Filters config for lowDataMode | | -| `fluentBit.config.outputs` | Contains fluent-bit.conf Outputs config | | -| `fluentBit.config.extraOutputs` | Contains extra fluent-bit.conf Outputs config | | -| `fluentBit.config.parsers` | Contains parsers.conf Parsers config | | -| `fluentBit.retryLimit` | Amount of times to retry sending a given batch of logs to New Relic. This prevents data loss if there is a temporary network disruption, if a request to the Logs API is lost or when receiving a recoverable HTTP response. Set it to "False" for unlimited retries. | 5 | - - -## Uninstall the Kubernetes plugin - -### Uninstall via Helm (recommended) -Run the following command: -```sh -helm uninstall newrelic-logging -``` - -### Uninstall the Kubernetes manifests manually -Run the following command in the directory where you downloaded the Kubernetes manifests during the installation procedure: -```sh -kubectl delete -f . -``` - -## Resources - -The default set of resources assigned to the pods is shown below: - -```yaml -resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 250m - memory: 64Mi -``` - -## Tolerations - -The default set of tolerations assigned to our daemonset is shown below: - -```yaml -tolerations: - - operator: "Exists" - effect: "NoSchedule" - - operator: "Exists" - effect: "NoExecute" -``` - - -## Windows support - -Since version `1.7.0`, this Helm chart supports shipping logs from Windows containers. To this end, you need to set the `enableWindows` configuration parameter to `true`. - -Windows containers have some constraints regarding Linux containers. The main one being that they can only be executed on _hosts_ using the exact same Windows version and build number. On the other hand, Kubernetes nodes only supports the Windows versions listed [here](https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/#windows-os-version-support). - -This Helm chart deploys one `DaemonSet` for each of the Windows versions it supports, while ensuring that only containers matching the host operating system will be deployed in each host. - -This Helm chart currently supports the following Windows versions: -- Windows Server LTSC 2019, build 10.0.17763 -- Windows Server LTSC 2022, build 10.0.20348 - -## Troubleshooting - -### I am receiving "Invalid pattern for given tag" -If you are receiving the following error: -```sh -[ warn] [filter_kube] invalid pattern for given tag -``` -In the [new-relic-fluent-plugin.yml file](./k8s/new-relic-fluent-plugin.yml#L40), replace the default code `/var/log/containers/*.log` with the following: -```sh -/var/log/containers/*.{log} -``` diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-enable-windows-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-enable-windows-values.yaml deleted file mode 100644 index 870bc082a..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-enable-windows-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -enableLinux: false -enableWindows: true diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-lowdatamode-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-lowdatamode-values.yaml deleted file mode 100644 index 7740338b0..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-lowdatamode-values.yaml +++ /dev/null @@ -1 +0,0 @@ -lowDataMode: true diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-override-global-lowdatamode.yaml b/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-override-global-lowdatamode.yaml deleted file mode 100644 index 22dd7e05e..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-override-global-lowdatamode.yaml +++ /dev/null @@ -1,3 +0,0 @@ -global: - lowDataMode: true -lowDataMode: false diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-staging-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-staging-values.yaml deleted file mode 100644 index efbdccaf8..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-staging-values.yaml +++ /dev/null @@ -1 +0,0 @@ -nrStaging: true diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-with-empty-global.yaml b/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-with-empty-global.yaml deleted file mode 100644 index 490a0b7ed..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-with-empty-global.yaml +++ /dev/null @@ -1 +0,0 @@ -global: {} diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-with-empty-values.yaml b/addons/nri-bundle-deprecated/charts/newrelic-logging/ci/test-with-empty-values.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/addons/nri-bundle-deprecated/charts/newrelic-logging/k8s/README.md b/addons/nri-bundle-deprecated/charts/newrelic-logging/k8s/README.md deleted file mode 100644 index 2da7b34a8..000000000 --- a/addons/nri-bundle-deprecated/charts/newrelic-logging/k8s/README.md +++ /dev/null @@ -1,63 +0,0 @@ -# New Relic Logs: Kubernetes manifests -This directory provides plain Kubernetes manifests that can be applied to your cluster to install the Kubernetes Logging plugin. It is provided as an alternative for those users who prefer not using Helm. - -## Installation instructions -* Create a `newrelic` namespace. Run `kubectl create namespace newrelic`. -* Copy all the manifest files in this folder (*.yml files) in your local working directory. -* Configure the plugin. In new-relic-fluent-plugin.yml: - * Specify your New Relic license key in the value for LICENSE_KEY - * Specify your Kubernetes cluster name in the value for CLUSTER_NAME - * If you are in the EU: - * Override the ENDPOINT environment variable to https://log-api.eu.newrelic.com/log/v1 - * Make sure that the license key you are using is an EU key -* From your working directory, run `kubectl apply -f .` on your cluster -* Check [New Relic for your logs](https://docs.newrelic.com/docs/logs/new-relic-logs/get-started/introduction-new-relic-logs#find-data) - -## Find and use your data - -For how to find and query your data in New Relic, see [Find log data](https://docs.newrelic.com/docs/logs/new-relic-logs/get-started/introduction-new-relic-logs#find-data). - -For general querying information, see: -- [Query New Relic data](https://docs.newrelic.com/docs/using-new-relic/data/understand-data/query-new-relic-data) -- [Intro to NRQL](https://docs.newrelic.com/docs/query-data/nrql-new-relic-query-language/getting-started/introduction-nrql) - -## Configuration notes - -We default to tailing `/var/log/containers/*.log`. If you want to change what's tailed, just update the `PATH` -value in `new-relic-fluent-plugin.yml`. - -By default, and to ensure backwards compatibility, we assume that `kubelet` communicates with the `Docker` container engine. With the introduction of the [CRI](https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/), logs placed under `/var/log/containers/*.log` follow a different format, even if they are originally produced in JSON format by the container. If you are using CRI, to be able to parse these logs correctly, you must set `LOG_PARSER` to `"cri"` in `new-relic-fluent-plugin.yml`. - -## Parsing - -We currently support parsing Docker (JSON) and [CRI](https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/) logs. If you want more parsing, feel free to add more parsers in `fluent-conf.yml`. - -Here are some parsers for your parsing pleasure. - -``` -[PARSER] - Name apache - Format regex - Regex ^(?[^ ]*) [^ ]* (?[^ ]*) \[(?