diff --git a/templates/_deployment.tpl b/templates/_deployment.tpl index 4b011a9..1f517c9 100644 --- a/templates/_deployment.tpl +++ b/templates/_deployment.tpl @@ -17,6 +17,20 @@ {{- if .Values.persistentVolumeClaim.enabled }} {{- $env = concat $env (list (dict "name" "REPOSILITE_DATA" "value" .Values.persistentVolumeClaim.path )) }} {{- end }} + +{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }} +{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.podMonitor.path )) }} +{{- end }} + +{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }} +{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.serviceMonitor.path )) }} +{{- end }} + +{{- if or (eq (include "reposilite.podMonitor.enabled" $ ) "true") (eq (include "reposilite.serviceMonitor.enabled" $ ) "true") -}} +{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "username")))) }} +{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "password")))) }} +{{- end }} + {{ toYaml (dict "env" $env) }} {{- end -}} diff --git a/templates/_pod.tpl b/templates/_pod.tpl index 266df6d..c2b17eb 100644 --- a/templates/_pod.tpl +++ b/templates/_pod.tpl @@ -4,6 +4,9 @@ {{- define "reposilite.pod.annotations" -}} {{ include "reposilite.annotations" . }} +{{- if .Values.prometheus.metrics.enabled -}} +{{- printf "checksum/secret-%s: %s" (include "reposilite.secrets.prometheusBasicAuth.name" $) (include (print $.Template.BasePath "/secretPrometheusBasicAuth.yaml") . | sha256sum) }} +{{- end -}} {{- end }} {{/* labels */}} diff --git a/templates/_podMonitors.tpl b/templates/_podMonitors.tpl new file mode 100644 index 0000000..aae9d46 --- /dev/null +++ b/templates/_podMonitors.tpl @@ -0,0 +1,27 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} +{{- define "reposilite.podMonitor.annotations" -}} +{{ include "reposilite.annotations" . }} +{{- if .Values.prometheus.metrics.podMonitor.annotations }} +{{ toYaml .Values.prometheus.metrics.podMonitor.annotations }} +{{- end }} +{{- end }} + +{{/* enabled */}} +{{- define "reposilite.podMonitor.enabled" -}} +{{- if and .Values.prometheus.metrics.enabled .Values.prometheus.metrics.podMonitor.enabled (not .Values.prometheus.metrics.serviceMonitor.enabled) -}} +true +{{- else -}} +false +{{- end -}} +{{- end }} + +{{/* labels */}} + +{{- define "reposilite.podMonitor.labels" -}} +{{ include "reposilite.labels" . }} +{{- if .Values.prometheus.metrics.podMonitor.labels }} +{{ toYaml .Values.prometheus.metrics.podMonitor.labels }} +{{- end }} +{{- end }} diff --git a/templates/_secrets.tpl b/templates/_secrets.tpl new file mode 100644 index 0000000..9c345d6 --- /dev/null +++ b/templates/_secrets.tpl @@ -0,0 +1,19 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "reposilite.secrets.prometheusBasicAuth.annotations" -}} +{{ include "reposilite.annotations" . }} +{{- end }} + +{{/* labels */}} + +{{- define "reposilite.secrets.prometheusBasicAuth.labels" -}} +{{ include "reposilite.labels" . }} +{{- end }} + +{{/* names */}} + +{{- define "reposilite.secrets.prometheusBasicAuth.name" -}} +{{ include "reposilite.fullname" . }}-basic-auth-credentials +{{- end -}} diff --git a/templates/_serviceMonitors.tpl b/templates/_serviceMonitors.tpl new file mode 100644 index 0000000..ce5206f --- /dev/null +++ b/templates/_serviceMonitors.tpl @@ -0,0 +1,35 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* annotations */}} + +{{- define "reposilite.serviceMonitor.annotations" -}} +{{ include "reposilite.annotations" . }} +{{- if .Values.prometheus.metrics.serviceMonitor.annotations }} +{{ toYaml .Values.prometheus.metrics.serviceMonitor.annotations }} +{{- end }} +{{- end }} + +{{/* enabled */}} + +{{- define "reposilite.serviceMonitor.enabled" -}} +{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.podMonitor.enabled) .Values.prometheus.metrics.serviceMonitor.enabled .Values.service.enabled -}} +true +{{- else -}} +false +{{- end -}} +{{- end }} + +{{/* labels */}} + +{{- define "reposilite.serviceMonitor.labels" -}} +{{ include "reposilite.labels" . }} +{{- if .Values.prometheus.metrics.serviceMonitor.labels }} +{{ toYaml .Values.prometheus.metrics.serviceMonitor.labels }} +{{- end }} +{{- end }} + +{{- define "reposilite.serviceMonitor.selectorLabels" -}} +{{ include "reposilite.selectorLabels" . }} +{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} +app.kubernetes.io/service-name: http +{{- end }} \ No newline at end of file diff --git a/templates/_services.tpl b/templates/_services.tpl index dfb4d1f..1f9d720 100644 --- a/templates/_services.tpl +++ b/templates/_services.tpl @@ -7,6 +7,8 @@ {{- if .Values.service.annotations }} {{ toYaml .Values.service.annotations }} {{- end }} +{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} +app.kubernetes.io/service-name: http {{- end }} {{/* labels */}} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index fe6b2f8..67e9a32 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -68,7 +68,10 @@ spec: name: reposilite ports: - name: http - containerPort: {{ .Values.service.port }} + containerPort: 8080 + protocol: TCP + - name: https + containerPort: 8443 protocol: TCP readinessProbe: tcpSocket: diff --git a/templates/podMonitor.yaml b/templates/podMonitor.yaml new file mode 100644 index 0000000..ca7c6ba --- /dev/null +++ b/templates/podMonitor.yaml @@ -0,0 +1,43 @@ +{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + {{- with (include "reposilite.podMonitor.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "reposilite.podMonitor.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "reposilite.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + podMetricsEndpoints: + - basicAuth: + password: + key: password + name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} + username: + key: username + name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} + enableHttp2: {{ required "The enableHttp2 option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.enableHttp2 }} + followRedirects: {{ required "The followRedirects option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.followRedirects }} + honorLabels: {{ required "The honorLabels option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.honorLabels }} + interval: {{ required "The scrape interval of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.interval }} + path: {{ required "The metric path of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.path }} + port: "8080" + {{- with .Values.prometheus.metrics.podMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + scrapeTimeout: {{ required "The scrape timeout of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scrapeTimeout }} + scheme: http + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "reposilite.pod.selectorLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/templates/secretPrometheusBasicAuth.yaml b/templates/secretPrometheusBasicAuth.yaml new file mode 100644 index 0000000..9c4b2e1 --- /dev/null +++ b/templates/secretPrometheusBasicAuth.yaml @@ -0,0 +1,19 @@ +{{- if .Values.prometheus.metrics.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + {{- with (include "reposilite.secrets.prometheusBasicAuth.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "reposilite.secrets.prometheusBasicAuth.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} + namespace: {{ .Release.Namespace }} +stringData: + password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthPassword }} + username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthUsername }} +{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml index 1672d39..1e23edd 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -43,7 +43,7 @@ spec: {{- end }} {{- end }} ports: - - name: http + - name: {{ required "No service name defined. Either 'http' or 'https' is allowed!" .Values.service.scheme }} protocol: TCP port: {{ required "No service port defined!" .Values.service.port }} selector: diff --git a/templates/serviceMonitor.yaml b/templates/serviceMonitor.yaml new file mode 100644 index 0000000..f93588e --- /dev/null +++ b/templates/serviceMonitor.yaml @@ -0,0 +1,43 @@ +{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + {{- with (include "reposilite.serviceMonitor.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "reposilite.serviceMonitor.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "reposilite.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - basicAuth: + password: + key: password + name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} + username: + key: username + name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }} + enableHttp2: {{ required "The enableHttp2 option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.enableHttp2 }} + followRedirects: {{ required "The followRedirects option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.followRedirects }} + honorLabels: {{ required "The honorLabels option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.honorLabels }} + interval: {{ required "The scrape interval of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.interval }} + path: {{ required "The metric path of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.path }} + {{- with .Values.prometheus.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + scrapeTimeout: {{ required "The scrape timeout of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scrapeTimeout }} + scheme: http + targetPort: 8080 + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "reposilite.serviceMonitor.selectorLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/unittests/deployment/deployment.yaml b/unittests/deployment/deployment.yaml index 5b45354..414ee4f 100644 --- a/unittests/deployment/deployment.yaml +++ b/unittests/deployment/deployment.yaml @@ -7,19 +7,23 @@ release: namespace: testing templates: - templates/deployment.yaml +- templates/secretPrometheusBasicAuth.yaml tests: - it: Rendering default set: {} asserts: - hasDocuments: count: 1 + template: templates/deployment.yaml - containsDocument: apiVersion: apps/v1 kind: Deployment name: reposilite-unittest namespace: testing + template: templates/deployment.yaml - notExists: path: metadata.annotations + template: templates/deployment.yaml - equal: path: metadata.labels value: @@ -28,14 +32,17 @@ tests: app.kubernetes.io/name: reposilite app.kubernetes.io/version: 0.1.0 helm.sh/chart: reposilite-0.1.0 + template: templates/deployment.yaml - equal: path: spec.replicas value: 1 + template: templates/deployment.yaml - isSubset: path: spec.selector.matchLabels content: app.kubernetes.io/instance: reposilite-unittest app.kubernetes.io/name: reposilite + template: templates/deployment.yaml - equal: path: spec.strategy value: @@ -43,9 +50,10 @@ tests: rollingUpdate: maxSurge: 1 maxUnavailable: 1 + template: templates/deployment.yaml - notExists: path: spec.template.metadata.annotations - value: sadsdf + template: templates/deployment.yaml - equal: path: spec.template.metadata.labels value: @@ -54,25 +62,33 @@ tests: app.kubernetes.io/name: reposilite app.kubernetes.io/version: 0.1.0 helm.sh/chart: reposilite-0.1.0 + template: templates/deployment.yaml - notExists: path: spec.template.spec.affinity + template: templates/deployment.yaml - notExists: path: spec.template.spec.containers[0].args + template: templates/deployment.yaml - notExists: path: spec.template.spec.containers[0].command + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].env content: name: JAVA_OPTS value: "-Xmx64M" + template: templates/deployment.yaml - notExists: path: spec.template.spec.containers[0].envFrom + template: templates/deployment.yaml - equal: path: spec.template.spec.containers[0].image value: docker.io/dzikoysk/reposilite:0.1.0 + template: templates/deployment.yaml - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresent + template: templates/deployment.yaml - isSubset: path: spec.template.spec.containers[0].livenessProbe content: @@ -83,15 +99,18 @@ tests: periodSeconds: 60 successThreshold: 1 timeoutSeconds: 3 + template: templates/deployment.yaml - equal: path: spec.template.spec.containers[0].name value: reposilite + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].ports content: name: http containerPort: 8080 protocol: TCP + template: templates/deployment.yaml - isSubset: path: spec.template.spec.containers[0].readinessProbe content: @@ -102,42 +121,60 @@ tests: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 3 + template: templates/deployment.yaml - notExists: path: spec.template.spec.containers[0].resources + template: templates/deployment.yaml - notExists: path: spec.template.spec.containers[0].securityContext + template: templates/deployment.yaml - notExists: path: spec.template.spec.containers[0].volumeMounts + template: templates/deployment.yaml - notExists: path: spec.template.spec.dnsConfig + template: templates/deployment.yaml - notExists: path: spec.template.spec.dnsPolicy + template: templates/deployment.yaml - notExists: path: spec.template.spec.hostname + template: templates/deployment.yaml - equal: path: spec.template.spec.hostNetwork value: false + template: templates/deployment.yaml - notExists: path: spec.template.spec.imagePullSecrets + template: templates/deployment.yaml - notExists: path: spec.template.spec.initContainers + template: templates/deployment.yaml - notExists: path: spec.template.spec.nodeSelector + template: templates/deployment.yaml - notExists: path: spec.template.spec.priorityClassName + template: templates/deployment.yaml - notExists: path: spec.template.spec.restartPolicy + template: templates/deployment.yaml - notExists: path: spec.template.spec.subdomain + template: templates/deployment.yaml - equal: path: spec.template.spec.terminationGracePeriodSeconds value: 60 + template: templates/deployment.yaml - notExists: path: spec.template.spec.tolerations + template: templates/deployment.yaml - notExists: path: spec.template.spec.topologySpreadConstraints + template: templates/deployment.yaml - notExists: path: spec.template.spec.volumes + template: templates/deployment.yaml - it: Test custom replicas set: @@ -146,6 +183,7 @@ tests: - equal: path: spec.replicas value: 3 + template: templates/deployment.yaml - it: Test custom strategy set: @@ -162,6 +200,7 @@ tests: rollingUpdate: maxSurge: 10 maxUnavailable: 5 + template: templates/deployment.yaml - it: Test custom affinity set: @@ -188,6 +227,7 @@ tests: values: - antarctica-east1 - antarctica-west1 + template: templates/deployment.yaml - it: Test additional arguments set: @@ -200,6 +240,7 @@ tests: value: - --foo=bar - --bar=foo + template: templates/deployment.yaml - it: Test additional commands set: @@ -210,6 +251,7 @@ tests: path: spec.template.spec.containers[0].command value: - /bin/bash + template: templates/deployment.yaml - it: Test custom imageRegistry and imageRepository set: @@ -220,6 +262,7 @@ tests: - equal: path: spec.template.spec.containers[0].image value: registry.example.local/path/special/reposilite:2.0.0 + template: templates/deployment.yaml - it: Test custom imagePullPolicy set: @@ -228,17 +271,7 @@ tests: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always - -- it: Test custom port - set: - service.port: 8443 - asserts: - - contains: - path: spec.template.spec.containers[0].ports - content: - name: http - containerPort: 8443 - protocol: TCP + template: templates/deployment.yaml - it: Test custom resources set: @@ -259,6 +292,7 @@ tests: requests: cpu: 25m memory: 100MB + template: templates/deployment.yaml - it: Test custom securityContext set: @@ -285,6 +319,7 @@ tests: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + template: templates/deployment.yaml - it: Test custom volumeMounts set: @@ -297,6 +332,7 @@ tests: content: name: data mountPath: /usr/lib/data + template: templates/deployment.yaml - it: Test dnsConfig set: @@ -311,6 +347,7 @@ tests: nameservers: - "8.8.8.8" - "8.8.4.4" + template: templates/deployment.yaml - it: Test dnsPolicy set: @@ -319,6 +356,7 @@ tests: - equal: path: spec.template.spec.dnsPolicy value: ClusterFirst + template: templates/deployment.yaml - it: Test hostNetwork, hostname, subdomain set: @@ -329,12 +367,15 @@ tests: - equal: path: spec.template.spec.hostNetwork value: true + template: templates/deployment.yaml - equal: path: spec.template.spec.hostname value: pg-exporter + template: templates/deployment.yaml - equal: path: spec.template.spec.subdomain value: exporters.internal + template: templates/deployment.yaml - it: Test imagePullSecrets set: @@ -347,6 +388,7 @@ tests: value: - name: my-pull-secret - name: my-special-secret + template: templates/deployment.yaml - it: Test nodeSelector set: @@ -357,6 +399,7 @@ tests: path: spec.template.spec.nodeSelector value: foo: bar + template: templates/deployment.yaml - it: Test priorityClassName set: @@ -365,6 +408,7 @@ tests: - equal: path: spec.template.spec.priorityClassName value: my-priority + template: templates/deployment.yaml - it: Test restartPolicy set: @@ -373,6 +417,7 @@ tests: - equal: path: spec.template.spec.restartPolicy value: Always + template: templates/deployment.yaml - it: Test custom securityContext set: @@ -389,6 +434,7 @@ tests: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 + template: templates/deployment.yaml - it: Test terminationGracePeriodSeconds set: @@ -397,6 +443,7 @@ tests: - equal: path: spec.template.spec.terminationGracePeriodSeconds value: 120 + template: templates/deployment.yaml - it: Test tolerations set: @@ -413,6 +460,7 @@ tests: operator: Equal value: ssd effect: NoSchedule + template: templates/deployment.yaml - it: Test topologySpreadConstraints set: @@ -431,6 +479,7 @@ tests: labelSelector: matchLabels: app.kubernetes.io/instance: reposilite + template: templates/deployment.yaml - it: Test additional volumes set: @@ -445,3 +494,4 @@ tests: - name: data hostPath: path: /usr/lib/data + template: templates/deployment.yaml \ No newline at end of file diff --git a/unittests/deployment/mountPersistentVolumeClaim.yaml b/unittests/deployment/mountPersistentVolumeClaim.yaml index bf1bbc2..361f58d 100644 --- a/unittests/deployment/mountPersistentVolumeClaim.yaml +++ b/unittests/deployment/mountPersistentVolumeClaim.yaml @@ -7,6 +7,7 @@ release: namespace: testing templates: - templates/deployment.yaml +- templates/secretPrometheusBasicAuth.yaml tests: - it: Rendering default volumes and volumeMounts with persistent volume claim set: @@ -17,17 +18,20 @@ tests: content: name: REPOSILITE_DATA value: /app/data + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: data mountPath: /app/data + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: name: data persistentVolumeClaim: claimName: reposilite-unittest + template: templates/deployment.yaml - it: Rendering custom volumes and volumeMounts with persistent volume claim set: @@ -39,17 +43,20 @@ tests: content: name: REPOSILITE_DATA value: /usr/lib/reposilite/data + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: data mountPath: /usr/lib/reposilite/data + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: name: data persistentVolumeClaim: claimName: reposilite-unittest + template: templates/deployment.yaml - it: Rendering custom volumes and volumeMounts with persistent volume claim set: @@ -62,14 +69,17 @@ tests: content: name: REPOSILITE_DATA value: /app/data + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: data mountPath: /app/data + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: name: data persistentVolumeClaim: - claimName: my-custom-pvc \ No newline at end of file + claimName: my-custom-pvc + template: templates/deployment.yaml \ No newline at end of file diff --git a/unittests/deployment/prometheusPodMonitor.yaml b/unittests/deployment/prometheusPodMonitor.yaml new file mode 100644 index 0000000..6a1ca00 --- /dev/null +++ b/unittests/deployment/prometheusPodMonitor.yaml @@ -0,0 +1,37 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: Add prometheus basic auth variables +release: + name: reposilite-unittest + namespace: testing +templates: +- templates/deployment.yaml +- templates/secretPrometheusBasicAuth.yaml +tests: +- it: Rendering default environment variables with enabled prometheus metrics podMonitor + set: + prometheus.metrics.enabled: true + prometheus.metrics.podMonitor.enabled: true + asserts: + - exists: + path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials + template: templates/deployment.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPOSILITE_PROMETHEUS_PASSWORD + valueFrom: + secretKeyRef: + name: reposilite-unittest-basic-auth-credentials + key: password + template: templates/deployment.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPOSILITE_PROMETHEUS_USER + valueFrom: + secretKeyRef: + name: reposilite-unittest-basic-auth-credentials + key: username + template: templates/deployment.yaml diff --git a/unittests/podMonitors/podMonitor.yaml b/unittests/podMonitors/podMonitor.yaml new file mode 100644 index 0000000..f9a9c87 --- /dev/null +++ b/unittests/podMonitors/podMonitor.yaml @@ -0,0 +1,177 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: PodMonitor template +release: + name: reposilite-unittest + namespace: testing +templates: +- templates/podMonitor.yaml +tests: +- it: Skip podMonitor when metrics are disabled. + set: + prometheus.metrics.enabled: false + prometheus.metrics.podMonitor.enabled: true + prometheus.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Skip podMonitor when podMonitor is disabled. + set: + prometheus.metrics.enabled: true + prometheus.metrics.podMonitor.enabled: false + asserts: + - hasDocuments: + count: 0 + +- it: Skip podMonitor when both monitor types are enabled. + set: + prometheus.metrics.enabled: true + prometheus.metrics.podMonitor.enabled: true + prometheus.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering podMonitor with default values - enabled manually. + set: + prometheus.metrics.enabled: true + prometheus.metrics.podMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + name: reposilite-unittest + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: reposilite-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: reposilite + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: reposilite-0.1.0 + - isSubset: + path: spec.podMetricsEndpoints[0].basicAuth + content: + password: + key: password + name: reposilite-unittest-basic-auth-credentials + username: + key: username + name: reposilite-unittest-basic-auth-credentials + - equal: + path: spec.podMetricsEndpoints[0].enableHttp2 + value: true + - equal: + path: spec.podMetricsEndpoints[0].followRedirects + value: false + - equal: + path: spec.podMetricsEndpoints[0].honorLabels + value: false + - equal: + path: spec.podMetricsEndpoints[0].interval + value: 60s + - equal: + path: spec.podMetricsEndpoints[0].path + value: /metrics + - equal: + path: spec.podMetricsEndpoints[0].port + value: "8080" + - notExists: + path: spec.podMetricsEndpoints[0].relabelings + - equal: + path: spec.podMetricsEndpoints[0].scrapeTimeout + value: 30s + - equal: + path: spec.podMetricsEndpoints[0].scheme + value: http + - contains: + path: spec.namespaceSelector.matchNames + content: + testing + - equal: + path: spec.selector.matchLabels + value: + app.kubernetes.io/instance: reposilite-unittest + app.kubernetes.io/name: reposilite + +- it: Render podMonitor with custom annotations and labels. + set: + prometheus.metrics.enabled: true + prometheus.metrics.podMonitor.enabled: true + prometheus.metrics.podMonitor.annotations: + foo: bar + prometheus.metrics.podMonitor.labels: + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: reposilite-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: reposilite + app.kubernetes.io/version: 0.1.0 + bar: foo + helm.sh/chart: reposilite-0.1.0 + +- it: Change defaults + set: + prometheus.metrics.enabled: true + prometheus.metrics.podMonitor.enabled: true + prometheus.metrics.podMonitor.enableHttp2: false + prometheus.metrics.podMonitor.followRedirects: true + prometheus.metrics.podMonitor.honorLabels: true + prometheus.metrics.podMonitor.interval: "180s" + prometheus.metrics.podMonitor.path: "/my-metrics" + prometheus.metrics.podMonitor.relabelings: + - sourceLabels: [ container ] + separator: ";" + regex: "app" + replacement: "$1" + action: "drop" + prometheus.metrics.podMonitor.scrapeTimeout: "5s" + asserts: + - hasDocuments: + count: 1 + - equal: + path: spec.podMetricsEndpoints[0].enableHttp2 + value: false + - equal: + path: spec.podMetricsEndpoints[0].followRedirects + value: true + - equal: + path: spec.podMetricsEndpoints[0].honorLabels + value: true + - equal: + path: spec.podMetricsEndpoints[0].interval + value: 180s + - equal: + path: spec.podMetricsEndpoints[0].path + value: /my-metrics + - equal: + path: spec.podMetricsEndpoints[0].port + value: "8080" + - contains: + path: spec.podMetricsEndpoints[0].relabelings + content: + sourceLabels: [ container ] + separator: ";" + regex: "app" + replacement: "$1" + action: "drop" + - equal: + path: spec.podMetricsEndpoints[0].scrapeTimeout + value: 5s + - equal: + path: spec.podMetricsEndpoints[0].scheme + value: http \ No newline at end of file diff --git a/unittests/serviceMonitors/serviceMonitor.yaml b/unittests/serviceMonitors/serviceMonitor.yaml new file mode 100644 index 0000000..f750336 --- /dev/null +++ b/unittests/serviceMonitors/serviceMonitor.yaml @@ -0,0 +1,177 @@ +chart: + appVersion: 0.1.0 + version: 0.1.0 +suite: ServiceMonitor template +release: + name: reposilite-unittest + namespace: testing +templates: +- templates/serviceMonitor.yaml +tests: +- it: Skip serviceMonitor when service is disabled. + set: + prometheus.metrics.enabled: true + prometheus.metrics.serviceMonitor.enabled: true + service.enabled: false + asserts: + - hasDocuments: + count: 0 + +- it: Skip serviceMonitor when metrics are disabled. + set: + prometheus.metrics.enabled: false + prometheus.metrics.serviceMonitor.enabled: true + services.http.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Skip serviceMonitor when serviceMonitor is disabled. + set: + prometheus.metrics.enabled: true + prometheus.metrics.serviceMonitor.enabled: false + services.http.enabled: true + asserts: + - hasDocuments: + count: 0 + +- it: Rendering serviceMonitor with default values - enabled manually. + set: + prometheus.metrics.enabled: true + prometheus.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + name: reposilite-unittest + namespace: testing + - notExists: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: reposilite-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: reposilite + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: reposilite-0.1.0 + - isSubset: + path: spec.endpoints[0].basicAuth + content: + password: + key: password + name: reposilite-unittest-basic-auth-credentials + username: + key: username + name: reposilite-unittest-basic-auth-credentials + - equal: + path: spec.endpoints[0].enableHttp2 + value: true + - equal: + path: spec.endpoints[0].followRedirects + value: false + - equal: + path: spec.endpoints[0].honorLabels + value: false + - equal: + path: spec.endpoints[0].interval + value: 60s + - equal: + path: spec.endpoints[0].path + value: /metrics + - notExists: + path: spec.endpoints[0].relabelings + - equal: + path: spec.endpoints[0].scrapeTimeout + value: 30s + - equal: + path: spec.endpoints[0].scheme + value: http + - equal: + path: spec.endpoints[0].targetPort + value: 8080 + - contains: + path: spec.namespaceSelector.matchNames + content: + testing + - equal: + path: spec.selector.matchLabels + value: + app.kubernetes.io/instance: reposilite-unittest + app.kubernetes.io/name: reposilite + app.kubernetes.io/service-name: http + +- it: Render serviceMonitor with custom annotations and labels. + set: + prometheus.metrics.enabled: true + prometheus.metrics.serviceMonitor.enabled: true + prometheus.metrics.serviceMonitor.annotations: + foo: bar + prometheus.metrics.serviceMonitor.labels: + bar: foo + asserts: + - equal: + path: metadata.annotations + value: + foo: bar + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: reposilite-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: reposilite + app.kubernetes.io/version: 0.1.0 + bar: foo + helm.sh/chart: reposilite-0.1.0 + +- it: Change defaults + set: + prometheus.metrics.enabled: true + prometheus.metrics.serviceMonitor.enabled: true + prometheus.metrics.serviceMonitor.enableHttp2: false + prometheus.metrics.serviceMonitor.followRedirects: true + prometheus.metrics.serviceMonitor.honorLabels: true + prometheus.metrics.serviceMonitor.interval: "180s" + prometheus.metrics.serviceMonitor.path: "/my-metrics" + prometheus.metrics.serviceMonitor.relabelings: + - sourceLabels: [ container ] + separator: ";" + regex: "app" + replacement: "$1" + action: "drop" + prometheus.metrics.serviceMonitor.scrapeTimeout: "5s" + prometheus.metrics.serviceMonitor.scheme: "http" + asserts: + - hasDocuments: + count: 1 + - equal: + path: spec.endpoints[0].enableHttp2 + value: false + - equal: + path: spec.endpoints[0].followRedirects + value: true + - equal: + path: spec.endpoints[0].honorLabels + value: true + - equal: + path: spec.endpoints[0].interval + value: 180s + - equal: + path: spec.endpoints[0].path + value: /my-metrics + - contains: + path: spec.endpoints[0].relabelings + content: + sourceLabels: [ container ] + separator: ";" + regex: "app" + replacement: "$1" + action: "drop" + - equal: + path: spec.endpoints[0].scrapeTimeout + value: 5s + - equal: + path: spec.endpoints[0].scheme + value: http \ No newline at end of file diff --git a/unittests/services/service.yaml b/unittests/services/service.yaml index 6bfd465..aa7f43c 100644 --- a/unittests/services/service.yaml +++ b/unittests/services/service.yaml @@ -24,8 +24,10 @@ tests: kind: Service name: reposilite-unittest namespace: testing - - notExists: + - equal: path: metadata.annotations + value: + app.kubernetes.io/service-name: http - equal: path: metadata.labels value: @@ -110,6 +112,7 @@ tests: - equal: path: metadata.annotations value: + app.kubernetes.io/service-name: http foo: bar - equal: path: metadata.labels diff --git a/values.yaml b/values.yaml index f45ca6b..a857ac2 100644 --- a/values.yaml +++ b/values.yaml @@ -356,6 +356,64 @@ persistentVolumeClaim: storageClass: "" +## @section Prometheus +prometheus: + ## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus. + ## @param prometheus.metrics.basicAuthUsername Username for basic auth. The username and password is required by reposilite to expose metrics. Default: random alpha numeric string. + ## @param prometheus.metrics.enabled Enable of Password for basic auth. The username and password is required by reposilite to expose metrics. Default random alpha numeric string. + metrics: + enabled: false + basicAuthUsername: "my-username" + basicAuthPassword: "my-password" + + ## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. + ## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations. + ## @param prometheus.metrics.podMonitor.enableHttp2 Enable HTTP2. + ## @param prometheus.metrics.podMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. + ## @param prometheus.metrics.podMonitor.honorLabels Honor labels. + ## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels. + ## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. + ## @param prometheus.metrics.podMonitor.path HTTP path for scraping Prometheus metrics. + ## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + ## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. + podMonitor: + enabled: false + annotations: {} + enableHttp2: true + followRedirects: false + honorLabels: false + labels: {} + interval: "60s" + path: "/metrics" + relabelings: [] + scrapeTimeout: "30s" + + ## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. + ## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations. + ## @param prometheus.metrics.serviceMonitor.labels Additional serviceMonitor labels. + ## @param prometheus.metrics.serviceMonitor.enableHttp2 Enable HTTP2. + ## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. + ## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels. + ## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. + ## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics. + ## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + ## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. + ## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. + ## @param prometheus.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus. + ## @skip prometheus.metrics.serviceMonitor.tlsConfig Skip individual TLS configuration. + serviceMonitor: + enabled: false + annotations: {} + labels: {} + enableHttp2: true + followRedirects: false + honorLabels: false + interval: "60s" + path: "/metrics" + relabelings: [] + scrapeTimeout: "30s" + + ## @section Service ## @param service.enabled Enable the service. ## @param service.annotations Additional service annotations. @@ -383,6 +441,7 @@ service: loadBalancerIP: "" loadBalancerSourceRanges: [] port: 8080 + scheme: http sessionAffinity: "None" sessionAffinityConfig: {} type: "ClusterIP"