Update to v1.103.2

Signed-off-by: Linh Lam <[email protected]>

cost-analyzer/Chart.yaml

@@ -3,7 +3,7 @@ annotations:
     - name: Homepage
       url: https://www.kubecost.com
 apiVersion: v2
-appVersion: 1.102.2
+appVersion: 1.103.2
 dependencies:
 - condition: global.grafana.enabled
   name: grafana
@@ -20,4 +20,4 @@ dependencies:
 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor
   cloud costs.
 name: cost-analyzer
-version: 1.102.2
+version: 1.103.2

cost-analyzer/charts/grafana/values.yaml

@@ -25,7 +25,7 @@ livenessProbe:
 
 image:
   repository: grafana/grafana
-  tag: 9.4.3
+  tag: 9.4.7
   pullPolicy: IfNotPresent
 
   ## Optionally specify an array of imagePullSecrets.
@@ -257,7 +257,7 @@ smtp:
 ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders
 ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
 sidecar:
-  image: kiwigrid/k8s-sidecar:1.21.0
+  image: kiwigrid/k8s-sidecar:1.23.1
   imagePullPolicy: IfNotPresent
   resources:
 #   limits:

cost-analyzer/charts/prometheus/README.md

@@ -206,6 +206,7 @@ Parameter | Description | Default
 `initChownData.resources` | init-chown-data pod resource requests & limits | `{}`
 `kube-state-metrics.disabled` | If false, create kube-state-metrics sub-chart, see the [kube-state-metrics chart for configuration options](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) | `false`
 `nodeExporter.enabled` | If true, create node-exporter | `true`
+`nodeExporter.dnsPolicy` | node-exporter dns policy | `ClusterFirstWithHostNet`
 `nodeExporter.name` | node-exporter container name | `node-exporter`
 `nodeExporter.image.repository` | node-exporter container image repository| `prom/node-exporter`
 `nodeExporter.image.tag` | node-exporter container image tag | `v0.18.1`

cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml

@@ -36,6 +36,9 @@ spec:
 {{ toYaml .Values.nodeExporter.affinity | indent 8 }}
 {{- end }}
       serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
+{{- if .Values.nodeExporter.dnsPolicy }}
+      dnsPolicy: "{{ .Values.nodeExporter.dnsPolicy }}"
+{{- end }}
 {{- if .Values.nodeExporter.priorityClassName }}
       priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}"
 {{- end }}

cost-analyzer/charts/prometheus/values.yaml

@@ -43,7 +43,7 @@ alertmanager:
   ##
   image:
     repository: quay.io/prometheus/alertmanager
-    tag: v0.23.0
+    tag: v0.25.0
     pullPolicy: IfNotPresent
 
   ## alertmanager priorityClassName
@@ -402,6 +402,10 @@ nodeExporter:
   ##
   hostPID: true
 
+  ## node-exporter dns policy
+  ##
+  dnsPolicy: ClusterFirstWithHostNet
+
   ## node-exporter container name
   ##
   name: node-exporter
@@ -410,7 +414,7 @@ nodeExporter:
   ##
   image:
     repository: prom/node-exporter
-    tag: v1.3.0
+    tag: v1.5.0
     pullPolicy: IfNotPresent
 
   ## Specify if a Pod Security Policy for node-exporter must be created
@@ -918,7 +922,7 @@ pushgateway:
   ##
   image:
     repository: prom/pushgateway
-    tag: v1.4.2
+    tag: v1.5.1
     pullPolicy: IfNotPresent
 
   ## pushgateway priorityClassName

cost-analyzer/templates/_helpers.tpl

@@ -5,6 +5,9 @@ Expand the name of the chart.
 {{- define "cost-analyzer.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+{{- define "query-service.name" -}}
+{{- default "query-service" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
 
 {{/*
 Create a default fully qualified app name.
@@ -24,6 +27,10 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
+{{- define "query-service.fullname" -}}
+{{- printf "%s-%s" .Release.Name "query-service" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 Create the fully qualified name for Prometheus server service.
 */}}
@@ -96,6 +103,12 @@ helm.sh/chart: {{ include "cost-analyzer.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
+{{- define "kubecost.queryService.chartLabels" -}}
+app.kubernetes.io/name: {{ include "query-service.name" . }}
+helm.sh/chart: {{ include "cost-analyzer.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
 
 
 {{/*
@@ -115,6 +128,13 @@ Create the name of the service account
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
+{{- define "query-service.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "query-service.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
 
 {{/*
 Create the common labels.
@@ -126,6 +146,10 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app: cost-analyzer
 {{- end -}}
+{{- define "query-service.commonLabels" -}}
+{{ include "kubecost.queryService.chartLabels" . }}
+app: query-service
+{{- end -}}
 
 {{/*
 Create the selector labels.
@@ -135,6 +159,11 @@ app.kubernetes.io/name: {{ include "cost-analyzer.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app: cost-analyzer
 {{- end -}}
+{{- define "query-service.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "query-service.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app: query-service
+{{- end -}}
 
 {{/*
 Return the appropriate apiVersion for daemonset.

cost-analyzer/templates/cost-analyzer-cloud-cost-reports-configmap.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.global.cloudCostReports }}
+{{- if .Values.global.cloudCostReports.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{default "cloud-cost-report-configs" .Values.cloudCostReportConfigmapName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
+data:
+  cloud-cost-reports.json: '{{ toJson .Values.global.cloudCostReports.reports }}'
+{{- end -}}
+{{- end -}}

cost-analyzer/templates/cost-analyzer-config-map-template.yaml

@@ -15,7 +15,9 @@ data:
   {{ else }}
     prometheus-alertmanager-endpoint: {{ .Values.global.notifications.alertmanager.fqdn }}
   {{- end -}}
-  {{if .Values.global.amp.enabled }}
+  {{ if .Values.global.gmp.enabled }}
+    prometheus-server-endpoint: {{ .Values.global.gmp.prometheusServerEndpoint }}
+  {{- else if .Values.global.amp.enabled }}
     prometheus-server-endpoint: {{ .Values.global.amp.prometheusServerEndpoint }}
   {{- else if .Values.global.prometheus.enabled }}
   {{- if .Values.global.zone }}

cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml

@@ -10,6 +10,13 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
+    {{- with .Values.persistentVolume.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.persistentVolume.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   accessModes:
     - ReadWriteOnce

cost-analyzer/templates/cost-analyzer-deployment-template.yaml

@@ -58,6 +58,11 @@ spec:
       restartPolicy: Always
       serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }}
       volumes:
+      {{- if .Values.global.gcpstore.enabled }}
+        - name: ubbagent-config
+          configMap:
+            name: ubbagent-config
+      {{- end }}
       {{- if .Values.hosted }}
         - name: config-store
           secret:
@@ -198,6 +203,16 @@ spec:
           secret:
             secretName: {{ .Values.saml.secretName }}
         {{- end }}
+        {{- if .Values.saml.encryptionCertSecret }}
+        - name: saml-encryption-cert
+          secret:
+            secretName: {{ .Values.saml.encryptionCertSecret }}
+        {{- end }}
+        {{- if .Values.saml.decryptionKeySecret }}
+        - name: saml-decryption-key
+          secret:
+            secretName: {{ .Values.saml.decryptionKeySecret }}
+        {{- end }}
         {{- if .Values.saml.metadataSecretName }}
         - name: metadata-secret-volume
           secret:
@@ -293,6 +308,29 @@ spec:
             runAsUser: 0
 {{ end }}
       containers:
+        {{- if .Values.global.gmp.enabled }}
+        - name: {{ .Values.global.gmp.gmpProxy.name }}
+          image: {{ .Values.global.gmp.gmpProxy.image }}
+          {{- if .Values.global.gmp.gmpProxy.imagePullPolicy }}
+          imagePullPolicy: {{ .Values.global.gmp.gmpProxy.imagePullPolicy }}
+          {{- else }}
+          imagePullPolicy: Always
+          {{- end }}
+          args:
+          - "--web.listen-address=:{{ .Values.global.gmp.gmpProxy.port }}"
+          - "--query.project-id={{ .Values.global.gmp.gmpProxy.projectId }}"
+          ports:
+          - name: web
+            containerPort: {{ .Values.global.gmp.gmpProxy.port | int }}
+          readinessProbe:
+            httpGet:
+              path: /-/ready
+              port: web
+          livenessProbe:
+            httpGet:
+              path: /-/healthy
+              port: web
+        {{- end }}
         {{- if .Values.global.amp.enabled }}
         - name: sigv4proxy
           image: {{ .Values.sigV4Proxy.image }}
@@ -322,6 +360,28 @@ spec:
           {{- toYaml .Values.sigV4Proxy.extraEnv | nindent 10 }}
           {{- end }}
         {{- end }}
+        {{- if .Values.global.gcpstore.enabled }}
+        - name: ubbagent
+          image: gcr.io/kubecost1/gcp-mp/ent/cost-model/ubbagent:1.0
+          env:
+          - name: AGENT_CONFIG_FILE
+            value: "/etc/ubbagent/config.yaml"
+          - name: AGENT_LOCAL_PORT
+            value: "6080"
+          - name: AGENT_ENCODED_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ default "kubecost-reporting-secret" .Values.reportingSecret }}
+                key: reporting-key
+          - name: AGENT_CONSUMER_ID
+            valueFrom:
+              secretKeyRef:
+                name: {{ default "kubecost-reporting-secret" .Values.reportingSecret }}
+                key: consumer-id
+          volumeMounts:
+          - name: ubbagent-config
+            mountPath: /etc/ubbagent
+        {{- end }}
         {{- if .Values.kubecostModel }}
         {{- if .Values.kubecostModel.openSourceOnly }}
         - image: quay.io/kubecost1/kubecost-cost-model:{{ .Values.imageVersion }}
@@ -459,6 +519,14 @@ spec:
             - name: secret-volume
               mountPath: /var/configs/secret-volume
             {{- end }}
+            {{- if .Values.saml.encryptionCertSecret }}
+            - name: saml-encryption-cert
+              mountPath: /var/configs/saml-encryption-cert
+            {{- end }}
+            {{- if .Values.saml.decryptionKeySecret }}
+            - name: saml-decryption-key
+              mountPath: /var/configs/saml-decryption-key
+            {{- end }}
             {{- if .Values.saml.metadataSecretName }}
             - name: metadata-secret-volume
               mountPath: /var/configs/metadata-secret-volume
@@ -513,6 +581,10 @@ spec:
             - name: ASSET_REPORT_CONFIGMAP_NAME
               value: {{ .Values.assetReportConfigmapName }}
             {{- end }}
+            {{- if .Values.cloudCostReportConfigmapName }}
+              - name: CLOUD_COST_REPORT_CONFIGMAP_NAME
+                value: {{ .Values.cloudCostReportConfigmapName }}
+            {{- end }}
             {{- if .Values.savedReportConfigmapName }}
             - name: SAVED_REPORT_CONFIGMAP_NAME
               value: {{ .Values.savedReportConfigmapName }}
@@ -884,6 +956,10 @@ spec:
             - name: SAML_RBAC_ENABLED
               value: "true"
             {{- end }}
+            {{- if and .Values.saml.encryptionCertSecret .Values.saml.decryptionKeySecret }}
+            - name: SAML_RESPONSE_ENCRYPTED
+              value: "true"
+            {{- end}}
             {{- end }}
             {{- end }}
             {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }}

cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml

@@ -101,6 +101,12 @@ data:
     }
 {{- end }}
 
+  {{- if and (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) (gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0) }}
+    upstream queryservice {
+        server {{ .Release.Name }}-query-service-load-balancer.{{ .Release.Namespace }}:9003;
+    }
+  {{- end }}
+
     server {
         server_name _;
         root /var/www;
@@ -285,5 +291,31 @@ data:
             proxy_pass http://model/isAdminAuthenticated;
         }
     {{- end }}
+
+    {{- if and (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) (gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0) }}
+        location /model/allocation {
+            proxy_connect_timeout       180;
+            proxy_send_timeout          180;
+            proxy_read_timeout          180;
+            proxy_pass http://queryservice/allocation;
+            proxy_redirect off;
+            proxy_http_version 1.1;
+            proxy_set_header Connection "";
+            proxy_set_header  X-Real-IP  $remote_addr;
+            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /model/assets {
+            proxy_connect_timeout       180;
+            proxy_send_timeout          180;
+            proxy_read_timeout          180;
+            proxy_pass http://queryservice/assets;
+            proxy_redirect off;
+            proxy_http_version 1.1;
+            proxy_set_header Connection "";
+            proxy_set_header  X-Real-IP  $remote_addr;
+            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    {{- end }}
     }
 {{- end }}

cost-analyzer/templates/cost-analyzer-ingress-template.yaml

@@ -18,7 +18,10 @@ metadata:
   name: {{ $fullName }}
   namespace: {{ .Release.Namespace }}
   labels:
-    {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
+    {{- include "cost-analyzer.commonLabels" . | nindent 4 }}
+    {{- with .Values.ingress.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- with .Values.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}

cost-analyzer/templates/cost-analyzer-pvc-template.yaml

@@ -8,6 +8,13 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
+    {{- with .Values.persistentVolume.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.persistentVolume.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   accessModes:
     - ReadWriteOnce