-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8c6eacd
commit e889b04
Showing
17 changed files
with
335 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
ARO_HCP_IMAGE_ACR ?= {{ .svcAcrName }} | ||
CLC_STATE_METRICS_IMAGE_DIGEST ?= {{ .mce.clcStateMetrics.imageDigest }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Original source https://github.com/stolostron/mce-install-kube/tree/main/clc-state-metrics | ||
# TODO: Remove this chart and enable via MCE once MCE 2.8.0 is released (Feb 2025) | ||
apiVersion: v2 | ||
name: clusterlifecycle-state-metrics | ||
description: A Helm chart for clusterlifecycle-state-metrics | ||
version: 2.7.0 | ||
appVersion: 2.7.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{{- define "installNamespace" }} | ||
{{- if .Values.global.namespace }} | ||
{{- printf "%s" .Values.global.namespace }} | ||
{{- else }} | ||
{{- printf "multicluster-engine" }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
{{- define "commonCN" }} | ||
{{- printf "clusterlifecycle-state-metrics-v2.%s.svc" .Values.global.namespace }} | ||
{{- end }} | ||
|
17 changes: 17 additions & 0 deletions
17
acm/deploy/helm/clc-state-metrics/templates/cert-secret.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: clusterlifecycle-state-metrics-certs | ||
namespace: {{ .Values.global.namespace }} | ||
annotations: | ||
"helm.sh/hook": pre-install | ||
"helm.sh/hook-weight": "0" | ||
type: kubernetes.io/tls | ||
{{- if .Release.IsUpgrade }} | ||
data: {{ (lookup "v1" "Secret" (include "installNamespace" .) "clusterlifecycle-state-metrics-certs").data }} | ||
{{ else }} | ||
{{ $ca := genCA (include "commonCN" .) 365 -}} | ||
data: | ||
tls.crt: {{ $ca.Cert | b64enc }} | ||
tls.key: {{ $ca.Key | b64enc }} | ||
{{- end }} |
19 changes: 19 additions & 0 deletions
19
acm/deploy/helm/clc-state-metrics/templates/clc-servicemonitor.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: azmonitoring.coreos.com/v1 | ||
kind: ServiceMonitor | ||
metadata: | ||
name: clusterlifecycle-state-metrics-v2 | ||
namespace: {{ .Values.global.namespace }} | ||
labels: | ||
clc-app: clusterlifecycle-state-metrics-v2 | ||
spec: | ||
selector: | ||
matchLabels: | ||
clc-app: clusterlifecycle-state-metrics-v2 | ||
namespaceSelector: | ||
matchNames: | ||
- {{ .Values.global.namespace }} | ||
endpoints: | ||
- port: https | ||
scheme: https | ||
tlsConfig: | ||
insecureSkipVerify: true |
55 changes: 55 additions & 0 deletions
55
acm/deploy/helm/clc-state-metrics/templates/metrics-clusterrole.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# Copyright Contributors to the Open Cluster Management project | ||
|
||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2 | ||
rules: | ||
# Allow hub to manage configmap for leader selection | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- create | ||
- update | ||
- get | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- namespaces | ||
verbs: | ||
- get | ||
# Allow hub to monitor and update status of csr | ||
- apiGroups: ["hive.openshift.io"] | ||
resources: ["clusterdeployments"] | ||
verbs: ["get"] | ||
- apiGroups: ["internal.open-cluster-management.io"] | ||
resources: ["managedclusterinfos"] | ||
verbs: ["get","list","watch"] | ||
- apiGroups: ["cluster.open-cluster-management.io"] | ||
resources: ["managedclusters"] | ||
verbs: ["get","list","watch"] | ||
# Allow to query the CVO on the Hub Cluster to get the ClusterId | ||
- apiGroups: ["config.openshift.io"] | ||
resources: ["clusterversions"] | ||
verbs: ["get"] | ||
- apiGroups: ["authentication.k8s.io"] | ||
resources: ["tokenreviews"] | ||
verbs: ["create"] | ||
- apiGroups: [""] | ||
resources: ["pods","services","endpoints"] | ||
verbs: ["get","list","watch"] | ||
- apiGroups: ["authorization.k8s.io"] | ||
resources: ["subjectaccessreviews"] | ||
verbs: ["create"] | ||
# Allow hub to monitor add-ons & manifestworks | ||
- apiGroups: ["addon.open-cluster-management.io"] | ||
resources: ["managedclusteraddons"] | ||
verbs: ["get","list","watch"] | ||
- apiGroups: ["work.open-cluster-management.io"] | ||
resources: ["manifestworks"] | ||
verbs: ["get","list","watch"] | ||
- nonResourceURLs: ["/metrics"] | ||
verbs: ["get"] |
14 changes: 14 additions & 0 deletions
14
acm/deploy/helm/clc-state-metrics/templates/metrics-clusterrole_binding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Copyright Contributors to the Open Cluster Management project | ||
|
||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2 | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2 | ||
subjects: | ||
- kind: ServiceAccount | ||
name: clusterlifecycle-state-metrics-v2 | ||
namespace: {{ .Values.global.namespace }} |
128 changes: 128 additions & 0 deletions
128
acm/deploy/helm/clc-state-metrics/templates/metrics-deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
# Copyright Contributors to the Open Cluster Management project | ||
|
||
kind: Deployment | ||
apiVersion: apps/v1 | ||
metadata: | ||
name: clusterlifecycle-state-metrics-v2 | ||
namespace: {{ .Values.global.namespace }} | ||
spec: | ||
replicas: 2 | ||
selector: | ||
matchLabels: | ||
app: clusterlifecycle-state-metrics-v2 | ||
template: | ||
metadata: | ||
labels: | ||
app: clusterlifecycle-state-metrics-v2 | ||
ocm-antiaffinity-selector: "clusterlifecycle-state-metrics-v2" | ||
spec: | ||
{{- if .Values.global.pullSecret }} | ||
imagePullSecrets: | ||
- name: {{ .Values.global.pullSecret }} | ||
{{- end }} | ||
affinity: | ||
podAntiAffinity: | ||
preferredDuringSchedulingIgnoredDuringExecution: | ||
- podAffinityTerm: | ||
labelSelector: | ||
matchExpressions: | ||
- key: ocm-antiaffinity-selector | ||
operator: In | ||
values: | ||
- clusterlifecycle-state-metrics-v2 | ||
topologyKey: topology.kubernetes.io/zone | ||
weight: 70 | ||
- podAffinityTerm: | ||
labelSelector: | ||
matchExpressions: | ||
- key: ocm-antiaffinity-selector | ||
operator: In | ||
values: | ||
- clusterlifecycle-state-metrics-v2 | ||
topologyKey: kubernetes.io/hostname | ||
weight: 35 | ||
serviceAccountName: clusterlifecycle-state-metrics-v2 | ||
containers: | ||
- name: clusterlifecycle-state-metrics | ||
image: "{{ .Values.global.imageOverrides.clusterlifecycle_state_metrics }}" | ||
imagePullPolicy: {{ .Values.global.pullPolicy }} | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
privileged: false | ||
readOnlyRootFilesystem: true | ||
resources: | ||
requests: | ||
memory: "32Mi" | ||
cpu: "25m" | ||
limits: | ||
memory: "2Gi" | ||
cpu: "500m" | ||
args: | ||
- "--http-port=8080" | ||
- "--http-telemetry-port=8081" | ||
- "--https-port=8443" | ||
- "--https-telemetry-port=8444" | ||
- "--tls-crt-file=/var/run/clusterlifecycle-state-metrics/tls.crt" | ||
- "--tls-key-file=/var/run/clusterlifecycle-state-metrics/tls.key" | ||
{{- if .Values.hubconfig.hubType }} | ||
- "--hub-type={{ .Values.hubconfig.hubType }}" | ||
{{- end }} | ||
env: | ||
- name: POD_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.name | ||
- name: GOMEMLIMIT | ||
value: "1892MiB" | ||
{{- if .Values.hubconfig.proxyConfigs }} | ||
- name: HTTP_PROXY | ||
value: {{ .Values.hubconfig.proxyConfigs.HTTP_PROXY }} | ||
- name: HTTPS_PROXY | ||
value: {{ .Values.hubconfig.proxyConfigs.HTTPS_PROXY }} | ||
- name: NO_PROXY | ||
value: {{ .Values.hubconfig.proxyConfigs.NO_PROXY }} | ||
{{- end }} | ||
readinessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 8081 | ||
initialDelaySeconds: 15 | ||
periodSeconds: 5 | ||
livenessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 8081 | ||
initialDelaySeconds: 15 | ||
periodSeconds: 5 | ||
volumeMounts: | ||
- mountPath: "/var/run/clusterlifecycle-state-metrics" | ||
name: certs | ||
readOnly: true | ||
securityContext: | ||
{{- if .Values.global.deployOnOCP }} | ||
{{- if semverCompare ">=4.11.0" .Values.hubconfig.ocpVersion }} | ||
seccompProfile: | ||
type: RuntimeDefault | ||
{{- end }} | ||
{{- end }} | ||
volumes: | ||
- name: certs | ||
secret: | ||
secretName: clusterlifecycle-state-metrics-certs | ||
{{- with .Values.hubconfig.nodeSelector }} | ||
nodeSelector: | ||
{{ toYaml . | indent 8 }} | ||
{{- end }} | ||
{{- with .Values.hubconfig.tolerations }} | ||
tolerations: | ||
{{- range . }} | ||
- {{ if .Key }} key: {{ .Key }} {{- end }} | ||
{{ if .Operator }} operator: {{ .Operator }} {{- end }} | ||
{{ if .Value }} value: {{ .Value }} {{- end }} | ||
{{ if .Effect }} effect: {{ .Effect }} {{- end }} | ||
{{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} | ||
{{- end }} | ||
{{- end }} |
20 changes: 20 additions & 0 deletions
20
acm/deploy/helm/clc-state-metrics/templates/metrics-service.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Copyright Contributors to the Open Cluster Management project | ||
|
||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: clusterlifecycle-state-metrics-v2 | ||
namespace: {{ .Values.global.namespace }} | ||
labels: | ||
clc-app: clusterlifecycle-state-metrics-v2 | ||
annotations: | ||
service.beta.openshift.io/serving-cert-secret-name: clusterlifecycle-state-metrics-certs | ||
spec: | ||
type: ClusterIP | ||
ports: | ||
- name: https | ||
port: 8443 | ||
targetPort: 8443 | ||
protocol: TCP | ||
selector: | ||
app: clusterlifecycle-state-metrics-v2 |
7 changes: 7 additions & 0 deletions
7
acm/deploy/helm/clc-state-metrics/templates/metrics-service_account.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Copyright Contributors to the Open Cluster Management project | ||
|
||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: clusterlifecycle-state-metrics-v2 | ||
namespace: {{ .Values.global.namespace }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
global: | ||
imageOverrides: | ||
clusterlifecycle_state_metrics: "" | ||
templateOverrides: {} | ||
pullSecret: "" | ||
namespace: multicluster-engine | ||
hubSize: Small | ||
deployOnOCP: "false" | ||
hubconfig: | ||
nodeSelector: {} | ||
proxyConfigs: {} | ||
replicaCount: 1 | ||
tolerations: [] | ||
ocpVersion: "4.17.0" | ||
org: open-cluster-management |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters