diff --git a/cost-analyzer/Chart.yaml b/cost-analyzer/Chart.yaml index 6dbf988..6a76f19 100644 --- a/cost-analyzer/Chart.yaml +++ b/cost-analyzer/Chart.yaml @@ -1,23 +1,23 @@ -apiVersion: v2 -appVersion: "1.98.0" -description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor - cloud costs. -name: cost-analyzer -version: "1.98.0" annotations: - "artifacthub.io/links": | + artifacthub.io/links: | - name: Homepage url: https://www.kubecost.com +apiVersion: v2 +appVersion: 1.99.0 dependencies: - - condition: global.grafana.enabled - name: grafana - repository: file://./charts/grafana - version: "~1.17.2" - - condition: global.prometheus.enabled - name: prometheus - repository: file://./charts/prometheus - version: "~11.0.2" - - condition: global.thanos.enabled - name: thanos - repository: file://./charts/thanos - version: "~0.24.0" +- condition: global.grafana.enabled + name: grafana + repository: file://./charts/grafana + version: ~1.17.2 +- condition: global.prometheus.enabled + name: prometheus + repository: file://./charts/prometheus + version: ~11.0.2 +- condition: global.thanos.enabled + name: thanos + repository: file://./charts/thanos + version: ~0.29.0 +description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. +name: cost-analyzer +version: 1.99.0 diff --git a/cost-analyzer/charts/grafana/Chart.yaml b/cost-analyzer/charts/grafana/Chart.yaml index 67459dc..eb46b59 100644 --- a/cost-analyzer/charts/grafana/Chart.yaml +++ b/cost-analyzer/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ +apiVersion: v1 appVersion: 6.0.0 description: The leading tool for querying and visualizing time series and metrics. -engine: gotpl home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png kubeVersion: ^1.8.0-0 diff --git a/cost-analyzer/charts/grafana/templates/deployment.yaml b/cost-analyzer/charts/grafana/templates/deployment.yaml index 7f5594e..2c6f93e 100644 --- a/cost-analyzer/charts/grafana/templates/deployment.yaml +++ b/cost-analyzer/charts/grafana/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: type: {{ .Values.deploymentStrategy }} {{- if ne .Values.deploymentStrategy "RollingUpdate" }} rollingUpdate: null - {{- end }} + {{- end }} template: metadata: labels: diff --git a/cost-analyzer/charts/grafana/templates/ingress.yaml b/cost-analyzer/charts/grafana/templates/ingress.yaml index 556f0fa..7ca4349 100644 --- a/cost-analyzer/charts/grafana/templates/ingress.yaml +++ b/cost-analyzer/charts/grafana/templates/ingress.yaml @@ -3,7 +3,15 @@ {{- $fullName := include "grafana.fullname" . -}} {{- $servicePort := .Values.service.port -}} {{- $ingressPath := .Values.ingress.path -}} +{{- $apiV1 := false -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $apiV1 = true -}} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} apiVersion: extensions/v1beta1 +{{ end -}} kind: Ingress metadata: name: {{ $fullName }} @@ -35,10 +43,20 @@ spec: - host: {{ . }} http: paths: + {{- if $apiV1 }} + - path: {{ $ingressPath }} + pathType: {{ $.Values.ingress.pathType }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} - path: {{ $ingressPath }} backend: serviceName: {{ $fullName }} servicePort: {{ $servicePort }} + {{- end }} {{- end }} {{- end }} {{ end }} diff --git a/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml b/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml index d446e81..9a392c6 100644 --- a/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml +++ b/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml @@ -1,4 +1,5 @@ {{ if .Values.global.grafana.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if .Values.rbac.pspEnabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -42,4 +43,5 @@ spec: rule: 'RunAsAny' readOnlyRootFilesystem: false {{- end }} +{{- end }} {{ end }} diff --git a/cost-analyzer/charts/grafana/templates/role.yaml b/cost-analyzer/charts/grafana/templates/role.yaml index 83e170c..1b33077 100644 --- a/cost-analyzer/charts/grafana/templates/role.yaml +++ b/cost-analyzer/charts/grafana/templates/role.yaml @@ -9,10 +9,12 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} +{{- if .Values.rbac.pspEnabled }} rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: [{{ template "grafana.fullname" . }}] {{- end }} +{{- end }} {{ end }} diff --git a/cost-analyzer/charts/grafana/values.yaml b/cost-analyzer/charts/grafana/values.yaml index 73c0b8e..93a6be7 100644 --- a/cost-analyzer/charts/grafana/values.yaml +++ b/cost-analyzer/charts/grafana/values.yaml @@ -37,6 +37,9 @@ image: securityContext: {} +grafana: + containerSecurityContext: {} + downloadDashboardsImage: repository: curlimages/curl tag: latest @@ -65,6 +68,7 @@ ingress: # kubernetes.io/tls-acme: "true" labels: {} path: / + pathType: Prefix hosts: - chart-example.local tls: [] @@ -253,7 +257,7 @@ smtp: ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: - image: kiwigrid/k8s-sidecar:1.19.2 + image: kiwigrid/k8s-sidecar:1.21.0 imagePullPolicy: IfNotPresent resources: # limits: diff --git a/cost-analyzer/charts/prometheus/Chart.yaml b/cost-analyzer/charts/prometheus/Chart.yaml index 26fbd25..dd81a9c 100644 --- a/cost-analyzer/charts/prometheus/Chart.yaml +++ b/cost-analyzer/charts/prometheus/Chart.yaml @@ -1,7 +1,6 @@ apiVersion: v1 appVersion: 2.17.2 description: Prometheus is a monitoring system and time series database. -engine: gotpl home: https://prometheus.io/ icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png maintainers: @@ -16,9 +15,4 @@ sources: - https://github.com/prometheus/pushgateway - https://github.com/prometheus/node_exporter - https://github.com/kubernetes/kube-state-metrics -tillerVersion: '>=2.8.0' version: 11.0.2 -dependencies: - - condition: kube-state-metrics.disabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics diff --git a/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml index 1267c38..d1d01c6 100644 --- a/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ b/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml @@ -1,4 +1,5 @@ {{ if not .Values.disabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if .Values.podSecurityPolicy.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -38,4 +39,5 @@ spec: max: 65535 readOnlyRootFilesystem: false {{- end }} +{{- end }} {{ end }} diff --git a/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml b/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml index da2fbbd..174c925 100644 --- a/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml +++ b/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml @@ -1,4 +1,5 @@ {{ if .Values.global.prometheus.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if .Values.rbac.create }} {{- if .Values.podSecurityPolicy.enabled }} apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} @@ -47,4 +48,5 @@ spec: readOnlyRootFilesystem: true {{- end }} {{- end }} +{{- end }} {{ end }} diff --git a/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml b/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml index 243667d..a246b58 100644 --- a/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml +++ b/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml @@ -1,4 +1,5 @@ {{ if .Values.global.prometheus.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if and .Values.nodeExporter.enabled .Values.rbac.create }} {{- if .Values.podSecurityPolicy.enabled }} apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} @@ -54,4 +55,5 @@ spec: max: 65535 {{- end }} {{- end }} +{{- end }} {{ end }} diff --git a/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml b/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml index 80617cb..5078abb 100644 --- a/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml +++ b/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml @@ -1,4 +1,5 @@ {{ if .Values.global.prometheus.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if .Values.rbac.create }} {{- if .Values.podSecurityPolicy.enabled }} apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} @@ -43,4 +44,5 @@ spec: readOnlyRootFilesystem: true {{- end }} {{- end }} +{{- end }} {{ end }} diff --git a/cost-analyzer/charts/prometheus/templates/server-configmap.yaml b/cost-analyzer/charts/prometheus/templates/server-configmap.yaml index b1917cd..ed02121 100644 --- a/cost-analyzer/charts/prometheus/templates/server-configmap.yaml +++ b/cost-analyzer/charts/prometheus/templates/server-configmap.yaml @@ -14,13 +14,14 @@ data: {{- if eq $key "prometheus.yml" }} global: {{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }} - remote_write: {{- if $root.Values.global.amp.enabled }} + remote_write: - url: {{ $root.Values.global.amp.remoteWriteService }} sigv4: {{ $root.Values.global.amp.sigv4 | toYaml | indent 8 }} {{- end }} {{- if $root.Values.server.remoteWrite }} + remote_write: {{ $root.Values.server.remoteWrite | toYaml | indent 4 }} {{- end }} {{- if $root.Values.server.remoteRead }} diff --git a/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml b/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml index 73bf065..f9fc538 100644 --- a/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml +++ b/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml @@ -1,4 +1,5 @@ {{ if .Values.global.prometheus.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if .Values.rbac.create }} {{- if .Values.podSecurityPolicy.enabled }} apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} @@ -52,4 +53,5 @@ spec: readOnlyRootFilesystem: false {{- end }} {{- end }} +{{- end }} {{ end }} diff --git a/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml b/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml index 2f7b500..6cf017c 100644 --- a/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml +++ b/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml @@ -7,10 +7,6 @@ metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.serviceAccountName.server" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.serviceAccount.annotations | indent 4 }} -{{- end }} {{- end }} {{- end }} {{ end }} diff --git a/cost-analyzer/charts/prometheus/values.yaml b/cost-analyzer/charts/prometheus/values.yaml index 5dba31f..d9675b8 100644 --- a/cost-analyzer/charts/prometheus/values.yaml +++ b/cost-analyzer/charts/prometheus/values.yaml @@ -855,7 +855,10 @@ server: ## Security context to be added to server pods ## securityContext: + # runAsUser: 1001 runAsNonRoot: true + # runAsGroup: 1001 + # fsGroup: 1001 service: annotations: {} @@ -1252,7 +1255,7 @@ serverFiles: metric_relabel_configs: - source_labels: [ __name__ ] - regex: (kubelet_volume_stats_used_bytes) # this metric is in alpha + regex: (kubelet_volume_stats_used_bytes) # this metric is in alpha action: keep # Scrape config for service endpoints. diff --git a/cost-analyzer/charts/thanos/Chart.yaml b/cost-analyzer/charts/thanos/Chart.yaml index a6cb563..5c5c39c 100644 --- a/cost-analyzer/charts/thanos/Chart.yaml +++ b/cost-analyzer/charts/thanos/Chart.yaml @@ -1,16 +1,18 @@ apiVersion: v1 -appVersion: 0.24.0 -description: Thanos is a set of components that can be composed into a highly available metric system with unlimited storage capacity, which can be added seamlessly on top of existing Prometheus deployments. -name: thanos -keywords: - - thanos - - prometheus - - metrics -sources: - - https://github.com/thanos-io/thanos - - https://github.com/banzaicloud/banzai-charts/tree/master/thanos -version: 0.24.0 +appVersion: 0.29.0 +description: Thanos is a set of components that can be composed into a highly available + metric system with unlimited storage capacity, which can be added seamlessly on + top of existing Prometheus deployments. icon: https://raw.githubusercontent.com/thanos-io/thanos/master/website/static/Thanos-logo_full.svg +keywords: +- thanos +- prometheus +- metrics maintainers: -- name: Banzai Cloud - email: info@banzaicloud.com +- email: info@banzaicloud.com + name: Banzai Cloud +name: thanos +sources: +- https://github.com/thanos-io/thanos +- https://github.com/banzaicloud/banzai-charts/tree/master/thanos +version: 0.29.0 diff --git a/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml b/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml index 28b037b..9b2c39c 100644 --- a/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml +++ b/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml @@ -1,6 +1,14 @@ {{ if .Values.global.thanos.enabled }} {{ if and .Values.bucket.enabled .Values.bucket.http.ingress.enabled }} +{{- $apiV1 := false -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $apiV1 = true -}} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} apiVersion: extensions/v1beta1 +{{ end -}} kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "bucket") }} @@ -18,6 +26,9 @@ metadata: {{ toYaml .Values.bucket.http.ingress.labels | indent 4 }} {{- end }} spec: +{{- if .Values.bucket.http.ingress.className }} + ingressClassName: {{ .Values.ingress.bucket.http.className }} +{{- end }} {{- if .Values.bucket.http.ingress.tls }} tls: {{- range .Values.bucket.http.ingress.tls }} @@ -33,10 +44,20 @@ spec: - host: {{ . }} http: paths: + {{- if $apiV1 }} + - path: {{ $.Values.bucket.http.ingress.path }} + pathType: {{ $.Values.bucket.http.ingress.pathType }} + backend: + service: + name: {{ include "thanos.componentname" (list $ "bucket") }} + port: + number: {{ $.Values.bucket.http.port }} + {{- else }} - path: {{ $.Values.bucket.http.ingress.path }} backend: serviceName: {{ include "thanos.componentname" (list $ "bucket") }} servicePort: {{ $.Values.bucket.http.port }} + {{- end }} {{- end }} {{ end }} {{ end }} diff --git a/cost-analyzer/charts/thanos/templates/compact-deployment.yaml b/cost-analyzer/charts/thanos/templates/compact-deployment.yaml index a824449..251f823 100644 --- a/cost-analyzer/charts/thanos/templates/compact-deployment.yaml +++ b/cost-analyzer/charts/thanos/templates/compact-deployment.yaml @@ -63,7 +63,6 @@ spec: - "--retention.resolution-raw={{ .Values.compact.retentionResolutionRaw }}" - "--retention.resolution-5m={{ .Values.compact.retentionResolution5m }}" - "--retention.resolution-1h={{ .Values.compact.retentionResolution1h }}" - - "--block-sync-concurrency={{ .Values.compact.blockSyncConcurrency }}" - "--compact.concurrency={{ .Values.compact.compactConcurrency }}" {{- if .Values.compact.disableDownsampling }} - "--downsampling.disable" diff --git a/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml b/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml index 5423cec..5d53b27 100644 --- a/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml +++ b/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml @@ -1,7 +1,15 @@ --- {{ if .Values.global.thanos.enabled }} {{- if and .Values.queryFrontend.enabled .Values.queryFrontend.http.ingress.enabled }} +{{- $apiV1 := false -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $apiV1 = true -}} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} apiVersion: extensions/v1beta1 +{{ end -}} kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http @@ -19,6 +27,9 @@ metadata: annotations: {{ toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Values.queryFrontend.http.ingress.className }} + ingressClassName: {{ .Values.ingress.queryFrontend.http.className }} +{{- end }} {{- if .Values.queryFrontend.http.ingress.tls }} tls: {{- range .Values.queryFrontend.http.ingress.tls }} @@ -36,10 +47,20 @@ spec: - host: {{ . }} http: paths: + {{- if $apiV1 }} + - path: {{ $.Values.queryFrontend.http.ingress.path }} + pathType: {{ $.Values.queryFrontend.http.ingress.pathType }} + backend: + service: + name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http + port: + number: {{ $.Values.queryFrontend.http.port }} + {{- else }} - path: {{ $.Values.queryFrontend.http.ingress.path }} backend: serviceName: {{ include "thanos.componentname" (list $ "query-frontend") }}-http servicePort: {{ $.Values.queryFrontend.http.port }} + {{- end }} {{- end }} {{- end }} {{ end }} diff --git a/cost-analyzer/charts/thanos/templates/query-ingress.yml b/cost-analyzer/charts/thanos/templates/query-ingress.yml index cfda4a0..e545f9b 100644 --- a/cost-analyzer/charts/thanos/templates/query-ingress.yml +++ b/cost-analyzer/charts/thanos/templates/query-ingress.yml @@ -1,7 +1,15 @@ --- {{ if .Values.global.thanos.enabled }} {{- if and .Values.query.enabled .Values.query.http.ingress.enabled }} +{{- $apiV1 := false -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $apiV1 = true -}} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} apiVersion: extensions/v1beta1 +{{ end -}} kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "query") }}-http @@ -19,6 +27,9 @@ metadata: annotations: {{ toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Values.query.http.ingress.className }} + ingressClassName: {{ .Values.ingress.query.http.className }} +{{- end }} {{- if .Values.query.http.ingress.tls }} tls: {{- range .Values.query.http.ingress.tls }} @@ -36,16 +47,34 @@ spec: - host: {{ . }} http: paths: + {{- if $apiV1 }} + - path: {{ $.Values.query.http.ingress.path }} + pathType: {{ $.Values.query.http.ingress.pathType }} + backend: + service: + name: {{ include "thanos.componentname" (list $ "query") }}-http + port: + number: {{ $.Values.query.http.port }} + {{- else }} - path: {{ $.Values.query.http.ingress.path }} backend: serviceName: {{ include "thanos.componentname" (list $ "query") }}-http servicePort: {{ $.Values.query.http.port }} + {{- end }} {{- end }} {{- end }} {{- if and .Values.query.enabled .Values.query.grpc.ingress.enabled }} --- +{{- $apiV1 := false -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $apiV1 = true -}} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} apiVersion: extensions/v1beta1 +{{ end -}} kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "query") }}-grpc @@ -63,6 +92,9 @@ metadata: annotations: {{ toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Values.query.grpc.ingress.className }} + ingressClassName: {{ .Values.ingress.query.grpc.className }} +{{- end }} {{- if .Values.query.grpc.ingress.tls }} tls: {{- range .Values.query.grpc.ingress.tls }} @@ -80,10 +112,20 @@ spec: - host: {{ . }} http: paths: + {{- if $apiV1 }} + - path: {{ $.Values.query.grpc.ingress.path }} + pathType: {{ $.Values.query.grpc.ingress.pathType }} + backend: + service: + name: {{ include "thanos.componentname" (list $ "query") }}-grpc + port: + number: {{ $.Values.query.grpc.port }} + {{- else }} - path: {{ $.Values.query.grpc.ingress.path }} backend: serviceName: {{ include "thanos.componentname" (list $ "query") }}-grpc - servicePort: {{ $.Values.query.http.port }} + servicePort: {{ $.Values.query.grpc.port }} + {{- end }} {{- end }} {{- end }} {{ end }} diff --git a/cost-analyzer/charts/thanos/templates/store-deployment.yaml b/cost-analyzer/charts/thanos/templates/store-deployment.yaml index 866594e..4944f8f 100644 --- a/cost-analyzer/charts/thanos/templates/store-deployment.yaml +++ b/cost-analyzer/charts/thanos/templates/store-deployment.yaml @@ -121,7 +121,7 @@ spec: {{- end }} {{- else }} emptyDir: {} - {{- end }} + {{- end }} - name: config-volume secret: secretName: {{ include "thanos.secretname" . }} diff --git a/cost-analyzer/charts/thanos/templates/store-ingress.yaml b/cost-analyzer/charts/thanos/templates/store-ingress.yaml index 4d18c01..a334277 100644 --- a/cost-analyzer/charts/thanos/templates/store-ingress.yaml +++ b/cost-analyzer/charts/thanos/templates/store-ingress.yaml @@ -1,6 +1,14 @@ {{ if .Values.global.thanos.enabled }} {{- if and .Values.store.enabled .Values.store.http.ingress.enabled }} +{{- $apiV1 := false -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $apiV1 = true -}} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} apiVersion: extensions/v1beta1 +{{ end -}} kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "store") }}-http @@ -18,6 +26,9 @@ metadata: annotations: {{ toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Values.store.http.ingress.className }} + ingressClassName: {{ .Values.ingress.store.http.className }} +{{- end }} {{- if .Values.store.http.ingress.tls }} tls: {{- range .Values.store.http.ingress.tls }} @@ -33,17 +44,35 @@ spec: - host: {{ . }} http: paths: + {{- if $apiV1 }} + - path: {{ $.Values.store.http.ingress.path }} + pathType: {{ .Values.store.http.ingress.pathType }} + backend: + service: + name: {{ include "thanos.componentname" (list $ "store") }}-http + port: + number: {{ $.Values.store.http.port }} + {{- else }} - path: {{ $.Values.store.http.ingress.path }} backend: serviceName: {{ include "thanos.componentname" (list $ "store") }}-http servicePort: {{ $.Values.store.http.port }} + {{- end }} {{- end }} {{- end }} --- {{- if and .Values.store.enabled .Values.store.grpc.ingress.enabled }} +{{- $apiV1 := false -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $apiV1 = true -}} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} apiVersion: extensions/v1beta1 +{{ end -}} kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "store") }}-grpc @@ -61,6 +90,9 @@ metadata: annotations: {{ toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Values.store.grpc.ingress.className }} + ingressClassName: {{ .Values.ingress.store.grpc.className }} +{{- end }} {{- if .Values.store.grpc.ingress.tls }} tls: {{- range .Values.store.grpc.ingress.tls }} @@ -76,10 +108,20 @@ spec: - host: {{ . }} http: paths: + {{- if $apiV1 }} + - path: {{ $.Values.store.grpc.ingress.path }} + pathType: {{ $.Values.store.grpc.ingress.pathType }} + backend: + service: + name: {{ include "thanos.componentname" (list $ "store") }}-grpc + port: + number: {{ $.Values.store.grpc.port }} + {{- else }} - path: {{ $.Values.store.grpc.ingress.path }} backend: serviceName: {{ include "thanos.componentname" (list $ "store") }}-grpc - servicePort: {{ $.Values.store.http.port }} + servicePort: {{ $.Values.store.grpc.port }} + {{- end }} {{- end }} {{- end }} {{ end }} diff --git a/cost-analyzer/charts/thanos/values.yaml b/cost-analyzer/charts/thanos/values.yaml index 4027eb1..251f05a 100644 --- a/cost-analyzer/charts/thanos/values.yaml +++ b/cost-analyzer/charts/thanos/values.yaml @@ -1,6 +1,6 @@ image: repository: thanosio/thanos - tag: v0.24.0 + tag: v0.29.0 pullPolicy: IfNotPresent store: @@ -180,7 +180,7 @@ queryFrontend: validity: 10m downstreamTripper: - enabled: false + enabled: false idleConnectionTimeout: 90s responseHeaderTimeout: 2m tlsHandshakeTimeout: 10s @@ -191,7 +191,7 @@ queryFrontend: # Downstream Tripper Configuration Content # downstreamTripperConfig: - + # Response cache configuration content # responseCacheConfig: @@ -226,7 +226,7 @@ queryFrontend: # minAvailable and maxUnavailable can't be used simultaneous. Choose one. minAvailable: 1 # maxUnavailable: 50% - + serviceAccount: "" # The http endpoint to communicate with other components @@ -317,7 +317,7 @@ queryFrontend: # Pod affinity # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity affinity: {} - + query: enabled: true # Label to treat as a replica indicator along which data is deduplicated. @@ -345,9 +345,9 @@ query: maxConcurrent: 16 # Maximum number of select requests made concurrently per a query. maxConcurrentSelect: 4 - # Enable automatic adjustment (step / 5) to what source of data should be used in store gateways + # Enable automatic adjustment (step / 5) to what source of data should be used in store gateways # if no max_source_resolution param is specified. - autoDownsampling: false + autoDownsampling: false # https://github.com/improbable-eng/thanos/issues/1015 storeDNSResolver: miekgdns # Enable DNS discovery for stores @@ -412,6 +412,7 @@ query: # kubernetes.io/tls-acme: "true" labels: {} path: "/" + pathType: ImplementationSpecific hosts: - "/" tls: [] @@ -500,6 +501,7 @@ query: # kubernetes.io/tls-acme: "true" labels: {} path: "/" + pathType: ImplementationSpecific hosts: - "/" tls: [] @@ -521,8 +523,6 @@ compact: retentionResolution1h: 1825d # Number of goroutines to use when compacting groups. compactConcurrency: 1 - # Number of goroutines to use when syncing block metadata from object storage. - blockSyncConcurrency: 20 # Disables Downsampling data disableDownsampling: false # Log filtering level. @@ -640,6 +640,7 @@ bucket: # kubernetes.io/tls-acme: "true" labels: {} path: "/" + pathType: ImplementationSpecific hosts: - "/" tls: [] @@ -741,6 +742,7 @@ sidecar: # kubernetes.io/tls-acme: "true" labels: {} path: "/" + pathType: ImplementationSpecific hosts: - "/" tls: [] @@ -768,6 +770,7 @@ sidecar: # kubernetes.io/tls-acme: "true" labels: {} path: "/" + pathType: ImplementationSpecific hosts: - "/" tls: [] diff --git a/cost-analyzer/templates/alibaba-service-key-secret.yaml b/cost-analyzer/templates/alibaba-service-key-secret.yaml new file mode 100644 index 0000000..2bbe498 --- /dev/null +++ b/cost-analyzer/templates/alibaba-service-key-secret.yaml @@ -0,0 +1,19 @@ +{{- if .Values.kubecostProductConfigs }} +{{- if .Values.kubecostProductConfigs.createServiceKeySecret }} +{{- if .Values.kubecostProductConfigs.alibabaServiceKeyName }} +apiVersion: v1 +kind: Secret +metadata: + name: cloud-service-key + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +type: Opaque +stringData: + service-key.json: |- + { + "alibaba_access_key_id": "{{ .Values.kubecostProductConfigs.alibabaServiceKeyName }}", + "alibaba_secret_access_key": "{{ .Values.kubecostProductConfigs.alibabaServiceKeyPassword }}" + } +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/cost-analyzer/templates/cost-analyzer-advanced-reports-configmap.yaml b/cost-analyzer/templates/cost-analyzer-advanced-reports-configmap.yaml new file mode 100644 index 0000000..7af0e82 --- /dev/null +++ b/cost-analyzer/templates/cost-analyzer-advanced-reports-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.global.advancedReports }} +{{- if .Values.global.advancedReports.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{default "advanced-report-configs" .Values.advancedReportConfigmapName }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + advanced-reports.json: '{{ toJson .Values.global.advancedReports.reports }}' +{{- end -}} +{{- end -}} diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index 9ece7ad..0d53b8a 100644 --- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -697,6 +697,18 @@ spec: value: {{ (quote .Values.kubecostModel.etlAssetReconciliationEnabled) | default (quote true) }} - name: ETL_USE_UNBLENDED_COST value: {{ (quote .Values.kubecostModel.etlUseUnblendedClost) | default (quote false) }} + {{- with .Values.kubecostModel.cloudCost }} + - name: CLOUD_COST_ENABLED + value: {{ (quote .enabled) | default (quote false) }} + {{- with .labelList }} + - name: CLOUD_COST_IS_INCLUDE_LIST + value: {{ (quote .IsIncludeList) | default (quote false) }} + - name: CLOUD_COST_LABEL_LIST + value: {{ (quote .labels) }} + {{- end }} + - name: CLOUD_COST_TOP_N + value: {{ (quote .topNItems) | default (quote 1000) }} + {{- end }} - name: CONTAINER_STATS_ENABLED value: {{ (quote .Values.kubecostModel.containerStatsEnabled) | default (quote false) }} - name: RECONCILE_NETWORK @@ -965,4 +977,4 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index 98c8f6e..99db99f 100644 --- a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -114,9 +114,6 @@ data: {{- if or .Values.saml.enabled .Values.oidc.enabled }} add_header Cache-Control "max-age=0"; - location /unauthorized.html { - - } location / { auth_request /auth; proxy_redirect off; @@ -187,6 +184,7 @@ data: location ~ ^/(turndown|cluster)/ { add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; {{- if .Values.clusterController }} {{- if .Values.clusterController.enabled }} {{- if or .Values.saml .Values.oidc }} diff --git a/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml b/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml index b5d5423..ff1b2a9 100644 --- a/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml @@ -53,8 +53,7 @@ spec: imagePullPolicy: Always {{- end }} {{- if .Values.networkCosts.resources }} - resources: -{{ toYaml .Values.networkCosts.resources | indent 10 }} + resources: {{- toYaml .Values.networkCosts.resources | nindent 10 }} {{- end }} env: {{- if .Values.networkCosts.hostProc }} @@ -69,8 +68,22 @@ spec: value: {{ (quote .Values.networkCosts.port) | default (quote 3001) }} - name: TRAFFIC_LOGGING_ENABLED value: {{ (quote .Values.networkCosts.trafficLogging) | default (quote true) }} - - name: GODEBUG - value: "madvdontneed=1" + {{- if .Values.networkCosts.softMemoryLimit }} + - name: GOMEMLIMIT + value: {{ .Values.networkCosts.softMemoryLimit }} + {{- end }} + {{- if .Values.networkCosts.heapMonitor }} + {{- if .Values.networkCosts.heapMonitor.enabled }} + - name: HEAP_MONITOR_ENABLED + value: "true" + - name: HEAP_MONITOR_THRESHOLD + value: {{ .Values.networkCosts.heapMonitor.threshold }} + {{- if .Values.networkCosts.heapMonitor.outFile }} + - name: HEAP_MONITOR_OUTPUT + value: {{ .Values.networkCosts.heapMonitor.outFile }} + {{- end }} + {{- end }} + {{- end }} volumeMounts: {{- if .Values.networkCosts.hostProc }} - mountPath: {{ .Values.networkCosts.hostProc.mountPath }} diff --git a/cost-analyzer/templates/cost-analyzer-psp.template.yaml b/cost-analyzer/templates/cost-analyzer-psp.template.yaml index 6d2178d..d33b9c2 100644 --- a/cost-analyzer/templates/cost-analyzer-psp.template.yaml +++ b/cost-analyzer/templates/cost-analyzer-psp.template.yaml @@ -1,3 +1,4 @@ +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if .Values.podSecurityPolicy }} {{- if .Values.podSecurityPolicy.enabled }} apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} @@ -20,3 +21,4 @@ spec: - '*' {{- end }} {{- end }} +{{- end }} diff --git a/cost-analyzer/templates/kubecost-cluster-controller-template.yaml b/cost-analyzer/templates/kubecost-cluster-controller-template.yaml index e85e7de..f8e7997 100644 --- a/cost-analyzer/templates/kubecost-cluster-controller-template.yaml +++ b/cost-analyzer/templates/kubecost-cluster-controller-template.yaml @@ -1,5 +1,6 @@ {{- if .Values.clusterController }} {{- if .Values.clusterController.enabled }} +{{- $serviceName := include "cost-analyzer.serviceName" . -}} apiVersion: v1 kind: ServiceAccount metadata: @@ -209,10 +210,20 @@ spec: value: {{ .Release.Namespace }} - name: TURNDOWN_DEPLOYMENT value: {{ template "kubecost.clusterControllerName" . }} + {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/keys/service-key.json {{- end }} + {{- end }} + - name: CC_LOG_LEVEL + value: {{ .Values.clusterController.logLevel | default "info" }} + - name: CC_KUBESCALER_COST_MODEL_PATH + value: http://{{ $serviceName }}.{{ .Release.Namespace }}:{{ .Values.service.targetPort | default 9090 }}/model + {{- if .Values.clusterController.kubescaler }} + - name: CC_KUBESCALER_DEFAULT_RESIZE_ALL + value: {{ .Values.clusterController.kubescaler.defaultResizeAll | default "false" | quote }} + {{- end }} ports: - name: http-server containerPort: 9731 diff --git a/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml b/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml index 680ded3..9330460 100644 --- a/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml +++ b/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml @@ -187,10 +187,12 @@ spec: key: prometheus-server-endpoint - name: CLOUD_PROVIDER_API_KEY value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API requires a key. + {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/configs/key.json {{- end }} + {{- end }} - name: CONFIG_PATH value: /var/configs/ - name: KUBECOST_METRICS_PORT diff --git a/cost-analyzer/templates/network-costs-psp.template.yaml b/cost-analyzer/templates/network-costs-psp.template.yaml index 6b285dd..1dac8de 100644 --- a/cost-analyzer/templates/network-costs-psp.template.yaml +++ b/cost-analyzer/templates/network-costs-psp.template.yaml @@ -1,5 +1,6 @@ {{- if .Values.networkCosts }} {{- if .Values.networkCosts.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} {{- if .Values.networkCosts.podSecurityPolicy }} {{- if .Values.networkCosts.podSecurityPolicy.enabled }} apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} @@ -36,3 +37,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/cost-analyzer/values-agent.yaml b/cost-analyzer/values-agent.yaml index 102e875..4c64926 100644 --- a/cost-analyzer/values-agent.yaml +++ b/cost-analyzer/values-agent.yaml @@ -40,6 +40,8 @@ prometheus: storage.tsdb.max-block-duration: 2h storage.tsdb.retention: 10h securityContext: {} + # runAsNonRoot: true + # runAsUser: 1001 extraSecretMounts: - name: object-store-volume mountPath: /etc/thanos/config @@ -50,6 +52,8 @@ prometheus: - name: thanos-sidecar image: thanosio/thanos:v0.22.0 securityContext: {} + # runAsNonRoot: true + # runAsUser: 1001 args: - sidecar - --log.level=debug diff --git a/cost-analyzer/values-thanos.yaml b/cost-analyzer/values-thanos.yaml index 2d25c80..54f11b3 100644 --- a/cost-analyzer/values-thanos.yaml +++ b/cost-analyzer/values-thanos.yaml @@ -7,7 +7,7 @@ global: # will greatly assist in reduction memory bloat in query. kubecostModel: maxQueryConcurrency: 5 - # This configuration is applied to thanos only. Expresses the resolution to + # This configuration is applied to thanos only. Expresses the resolution to # use for longer query ranges. Options: raw, 5m, 1h - Default: raw maxSourceResolution: 5m @@ -18,6 +18,8 @@ prometheus: storage.tsdb.max-block-duration: 2h storage.tsdb.retention: 2w securityContext: {} + # runAsNonRoot: true + # runAsUser: 1001 extraVolumes: - name: object-store-volume secret: @@ -26,7 +28,10 @@ prometheus: enableAdminApi: true sidecarContainers: - name: thanos-sidecar - image: thanosio/thanos:v0.24.0 + image: thanosio/thanos:v0.29.0 + securityContext: {} + # runAsNonRoot: true + # runAsUser: 1001 args: - sidecar - --log.level=debug @@ -57,7 +62,7 @@ prometheus: subPath: "" - name: object-store-volume mountPath: /etc/config - + thanos: store: enabled: true @@ -68,10 +73,10 @@ thanos: value: "100" - name: GODEBUG value: "madvdontneed=1" - resources: + resources: requests: memory: "2.5Gi" - query: + query: enabled: true timeout: 3m # Maximum number of queries processed concurrently by query node. @@ -94,7 +99,7 @@ thanos: compressResponses: true # Downstream Tripper Configuration downstreamTripper: - enabled: true + enabled: true idleConnectionTimeout: 90s responseHeaderTimeout: 2m tlsHandshakeTimeout: 10s @@ -103,10 +108,10 @@ thanos: maxIdleConnectionsPerHost: 100 maxConnectionsPerHost: 0 # Response Cache Configuration - # Configure either a max size constraint or max items. + # Configure either a max size constraint or max items. responseCache: enabled: true - # Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be applied. + # Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be applied. maxSize: 1.25GB # Maximum number of entries in the cache. maxSizeItems: 0 @@ -123,7 +128,7 @@ thanos: # Thanos Sidecar Service Discovery # Disabling removes the prometheus sidecar from querier store discovery. This ensures - # that all clusters read from the same data in remote store. + # that all clusters read from the same data in remote store. sidecar: enabled: true bucket: @@ -136,4 +141,4 @@ thanos: storage: 100Gi # This secret name should match the sidecar configured secret name volume # in the prometheus.server.extraVolumes entry - storeSecretName: kubecost-thanos \ No newline at end of file + storeSecretName: kubecost-thanos diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index f2cfd43..efe1867 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -90,14 +90,14 @@ global: # threshold: 5 # Send Alert if health scores changes by 5 or more # Kubecost Health Diagnostic - # - type: diagnostic # Alerts when kubecost is is unable to compute costs - ie: Prometheus unreachable + # - type: diagnostic # Alerts when kubecost is unable to compute costs - ie: Prometheus unreachable # window: 10m alertmanager: # Supply an alertmanager FQDN to receive notifications from the app. enabled: false # If true, allow kubecost to write to your alertmanager fqdn: http://cost-analyzer-prometheus-server.default.svc #example fqdn. Ignored if prometheus.enabled: true - # Set saved report(s) accessible from reports.html + # Set saved Cost Allocation report(s) accessible from /reports # Ref: http://docs.kubecost.com/saved-reports savedReports: enabled: false # If true, overwrites report parameters set through UI @@ -129,7 +129,7 @@ global: accumulate: true # entire window resolution filters: [] # if no filters, specify empty array - # Set saved report(s) accessible from reports.html + # Set saved Asset report(s) accessible from /reports # Ref: http://docs.kubecost.com/saved-reports assetReports: enabled: false # If true, overwrites report parameters set through UI @@ -142,6 +142,20 @@ global: - property: "cluster" value: "cluster-one" + # Set saved Advanced report(s) accessible from /reports + # Ref: http://docs.kubecost.com/saved-reports + advancedReports: + enabled: false # If true, overwrites report parameters set through UI + reports: + - title: "Example Advanced Report 0" + window: "7d" + aggregateBy: "namespace" + filters: + - property: "cluster" + value: "cluster-one" + cloudBreakdown: "service" + cloudJoin: "label:kubernetes_namespace" + podAnnotations: {} # iam.amazonaws.com/role: role-arn additionalLabels: {} @@ -218,6 +232,8 @@ kubecostFrontend: # extraEnv: # - name: NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE # value: "1" + # securityContext: + # readOnlyRootFilesystem: true resources: requests: cpu: "10m" @@ -304,6 +320,8 @@ kubecostModel: # extraEnv: # - name: SOME_VARIABLE # value: "some_value" + # securityContext: + # readOnlyRootFilesystem: true # Enables the emission of the kubecost_cloud_credit_total and # kubecost_cloud_expense_total metrics outOfClusterPromMetricsEnabled: false @@ -472,8 +490,6 @@ prometheus: - source_labels: [__meta_kubernetes_pod_label_app] action: keep regex: {{ template "cost-analyzer.networkCostsName" . }} - serviceAccount: - annotations: {} server: # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID # to use as unique cluster ID in kubecost cost-analyzer deployment. @@ -490,7 +506,7 @@ prometheus: # memory: 512Mi global: scrape_interval: 1m - scrape_timeout: 10s + scrape_timeout: 60s evaluation_interval: 1m external_labels: cluster_id: cluster-one # Each cluster should have a unique ID @@ -572,7 +588,7 @@ networkCosts: enabled: false podSecurityPolicy: enabled: false - image: gcr.io/kubecost1/kubecost-network-costs:v16.2 + image: gcr.io/kubecost1/kubecost-network-costs:v16.3 imagePullPolicy: Always updateStrategy: type: RollingUpdate @@ -584,13 +600,18 @@ networkCosts: # Traffic Logging will enable logging the top 5 destinations for each source # every 30 minutes. trafficLogging: true + # Port will set both the containerPort and hostPort to this value. # These must be identical due to network-costs being run on hostNetwork port: 3001 - resources: {} - #requests: - # cpu: "50m" - # memory: "20Mi" + # this daemonset can use significant resources on large clusters: https://guide.kubecost.com/hc/en-us/articles/4407595973527-Network-Traffic-Cost-Allocation + resources: + limits: # remove the limits by setting limits: {} + cpu: 500m # can be less, will depend on cluster size + # memory: it is not recommended to set a memory limit + requests: + cpu: 50m + memory: 20Mi extraArgs: [] config: # Configuration for traffic destinations, including specific classification @@ -689,8 +710,12 @@ kubecostDeployment: # Kubecost Cluster Controller for Right Sizing and Cluster Turndown clusterController: enabled: false - image: gcr.io/kubecost1/cluster-controller:v0.1.0 + image: gcr.io/kubecost1/cluster-controller:v0.5.0 imagePullPolicy: Always + kubescaler: + # If true, will cause all (supported) workloads to be have their requests + # automatically right-sized on a regular basis. + defaultResizeAll: false # fqdn: kubecost-cluster-controller.kubecost.svc.cluster.local:9731 reporting: @@ -735,7 +760,7 @@ grafana: rbac: # Manage the Grafana Pod Security Policy pspEnabled: true - securityContext: {} + securityContext: {} datasources: datasources.yaml: apiVersion: 1 @@ -878,7 +903,6 @@ federatedETL: # azureTenantID: 72faf3ff-7a3f-4597-b0d9-7b0b201bb23a # azureClientPassword: fake key # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName # azureOfferDurableID: "MS-AZR-0003p" -# azureStorageSecretName: "azure-storage-config" # Name of Kubernetes Secret where Azure Storage Configuration is stored # discount: "" # percentage discount applied to compute # negotiatedDiscount: "" # custom negotiated cloud provider discount # defaultIdle: false diff --git a/index.yaml b/index.yaml index 220e1cc..f7cc181 100644 --- a/index.yaml +++ b/index.yaml @@ -6,8 +6,8 @@ entries: - name: Homepage url: https://www.kubecost.com apiVersion: v2 - appVersion: 1.98.0 - created: "2022-11-10T12:51:09.407686095Z" + appVersion: 1.99.0 + created: "2023-01-04T12:51:09.407686095Z" dependencies: - condition: global.grafana.enabled name: grafana @@ -20,12 +20,12 @@ entries: - condition: global.thanos.enabled name: thanos repository: file://./charts/thanos - version: ~0.24.0 + version: ~0.29.0 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. digest: b4fc6cdeb1d06325c1a183bfbbfa54020f87167fec8a584c30328ebcf3d35fa8 name: cost-analyzer urls: - - kubecost-1.98.0-rc4.2.tgz - version: 1.98.0 -generated: "2022-11-10T12:51:09.397504141Z" + - kubecost-1.99.0.tgz + version: 1.99.0 +generated: "2023-01-04T12:51:09.397504141Z" diff --git a/kubecost-1.98.0-rc4.2.tgz b/kubecost-1.98.0-rc4.2.tgz deleted file mode 100644 index b30dfba..0000000 Binary files a/kubecost-1.98.0-rc4.2.tgz and /dev/null differ diff --git a/kubecost-1.99.0.tgz b/kubecost-1.99.0.tgz new file mode 100644 index 0000000..acefe09 Binary files /dev/null and b/kubecost-1.99.0.tgz differ