From 147cae87cea90ccdb074ece68c014849b1ec676e Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Mon, 2 May 2022 16:27:24 -0700 Subject: [PATCH] Update docs, add GH workflows, fix drone stuff, etc. --- .drone.yml | 73 +--------- .github/ISSUE_TEMPLATE/bug_report.md | 35 +++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 +++ .github/stale.yaml | 48 +++++++ .github/workflows/label-all-new-issues.yaml | 22 +++ .github/workflows/pull-request.yaml | 13 ++ .gitignore | 3 +- CODEOWNERS | 1 + CODE_OF_CONDUCT.md | 35 +++++ CONTRIBUTING.md | 65 +++++++++ Dockerfile.dapper | 2 +- README.md | 36 ++--- SECURITY.md | 66 +++++++++ charts/prometheus-federator/0.0.1/Chart.yaml | 2 +- docs/design.md | 112 ++++++++++++++++ docs/developing.md | 126 ++++++++++++++++++ docs/gettingstarted.md | 47 +++++++ examples/example.yaml | 2 +- generate.go | 4 - go.mod | 6 +- go.sum | 8 +- index.yaml | 2 +- main.go | 10 +- .../helm-project-operator-crd/package.yaml | 4 +- .../prometheus-federator/charts/Chart.yaml | 2 +- .../helmProjectOperator/dependency.yaml | 4 +- scripts/build | 4 +- scripts/ci | 1 + scripts/validate-charts | 9 ++ 29 files changed, 650 insertions(+), 112 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/stale.yaml create mode 100644 .github/workflows/label-all-new-issues.yaml create mode 100644 .github/workflows/pull-request.yaml create mode 100644 CODEOWNERS create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md create mode 100644 docs/design.md create mode 100644 docs/developing.md create mode 100644 docs/gettingstarted.md delete mode 100644 generate.go create mode 100755 scripts/validate-charts diff --git a/.drone.yml b/.drone.yml index 8d1d7051..be7da0d9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -42,7 +42,7 @@ steps: dockerfile: package/Dockerfile password: from_secret: docker_password - repo: "aiyengar2/prometheus-federator" + repo: "rancher/prometheus-federator" tag: "${DRONE_TAG}-amd64" username: from_secret: docker_username @@ -104,7 +104,7 @@ steps: dockerfile: package/Dockerfile password: from_secret: docker_password - repo: "aiyengar2/prometheus-federator" + repo: "rancher/prometheus-federator" tag: "${DRONE_TAG}-arm64" username: from_secret: docker_username @@ -122,68 +122,6 @@ volumes: host: path: /var/run/docker.sock ---- -kind: pipeline -name: arm - -platform: - os: linux - arch: arm - -steps: -- name: build - image: rancher/dapper:v0.4.1 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - -- name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -- name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "aiyengar2/prometheus-federator" - tag: "${DRONE_TAG}-arm" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - --- kind: pipeline name: manifest @@ -203,9 +141,8 @@ steps: platforms: - linux/amd64 - linux/arm64 - - linux/arm - target: "aiyengar2/prometheus-federator:${DRONE_TAG}" - template: "aiyengar2/prometheus-federator:${DRONE_TAG}-ARCH" + target: "rancher/prometheus-federator:${DRONE_TAG}" + template: "rancher/prometheus-federator:${DRONE_TAG}-ARCH" when: instance: - drone-publish.rancher.io @@ -218,4 +155,4 @@ steps: depends_on: - amd64 - arm64 -- arm + diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..d96366c3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,35 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Cluster Setup** +- Kubernetes version: +- Type of Cluster (RKE1, RKE2, k3s, EKS, GKE, AKS, OKE, etc): +- CRD Installation option (Helm Chart / Custom Installation): + - If Helm Chart, did you supply any non-default values? If so, what values did you supply: + - If Custom Installation, how did you install it (kustomize, k8s manifest, etc.): +- Installation option (Helm Chart / Custom Installation): + - If Helm Chart, did you supply any non-default values? If so, what values did you supply: + - If Custom Installation, how did you install it (kustomize, k8s manifest, etc.): + +**Describe the bug** + + +**To Reproduce** + + +**Result** + +**Expected Result** + + +**Screenshots** + + +**Additional context** + \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..24473dee --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. \ No newline at end of file diff --git a/.github/stale.yaml b/.github/stale.yaml new file mode 100644 index 00000000..55594828 --- /dev/null +++ b/.github/stale.yaml @@ -0,0 +1,48 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 60 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 14 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - internal + - kind/bug + - kind/bug-qa + - kind/task + - kind/feature + - kind/design + - kind/ci-improvements + - kind/performance + - kind/flaky-test + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: true + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: true + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: true + +# Label to use when marking as stale +staleLabel: status/stale + +# Comment to post when marking as stale. Set to `false` to disable +markComment: > + This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) + for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the + issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the + latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions. + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +# Limit to only `issues` +only: issues \ No newline at end of file diff --git a/.github/workflows/label-all-new-issues.yaml b/.github/workflows/label-all-new-issues.yaml new file mode 100644 index 00000000..3028a1a6 --- /dev/null +++ b/.github/workflows/label-all-new-issues.yaml @@ -0,0 +1,22 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Label issues +on: + issues: + types: + - opened + - reopened +jobs: + label_issues: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Label issues + uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90 + with: + add-labels: "team/area3" + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml new file mode 100644 index 00000000..a9a07c81 --- /dev/null +++ b/.github/workflows/pull-request.yaml @@ -0,0 +1,13 @@ +name: CI-pullrequest + +on: [pull_request] + +jobs: + build: + runs-on: ubuntu-latest + container: + image: rancher/dapper:v0.5.4 + steps: + - uses: actions/checkout@v1 + - name: Run CI + run: dapper ci diff --git a/.gitignore b/.gitignore index 7a8f6e3a..e347ff70 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ *.swp .idea /prometheus-federator -/.charts-build-scripts \ No newline at end of file +/.charts-build-scripts +*.DS_Store \ No newline at end of file diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..fb2df0a1 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @aiyengar2 \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..08fcb88c --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,35 @@ +# Contributor Code of Conduct + +As contributors and maintainers of this project, and in the interest of fostering +an open and welcoming community, we pledge to respect all people who contribute +through reporting issues, posting feature requests, updating documentation, +submitting pull requests or patches, and other activities. + +We are committed to making participation in this project a harassment-free experience for +everyone, regardless of level of experience, gender, gender identity and expression, +sexual orientation, disability, personal appearance, body size, race, ethnicity, age, +religion, or nationality. + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery +* Personal attacks +* Trolling or insulting/derogatory comments +* Public or private harassment +* Publishing other's private information, such as physical or electronic addresses, + without explicit permission + * Other unethical or unprofessional conduct. + + Project maintainers have the right and responsibility to remove, edit, or reject + comments, commits, code, wiki edits, issues, and other contributions that are not + aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers + commit themselves to fairly and consistently applying these principles to every aspect + of managing this project. + + This code of conduct applies both within project spaces and in public spaces + when an individual is representing the project or its community. + + Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by + contacting a Rancher administrator on [Slack](https://slack.rancher.io), or . + + This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org). \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..a0836786 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,65 @@ +# Contributing to rancher/helm-project-operator + +Thank you for investing your time in contributing to our project! + +In this guide you will get an overview of the contribution workflow from opening an issue, creating a PR, reviewing, and merging the PR. + +## New contributor guide + +To get an overview of the project, read the [README](README.md). Here are some resources to help you get started with open source contributions: + +- [Finding ways to contribute to open source on GitHub](https://docs.github.com/en/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github) +- [Set up Git](https://docs.github.com/en/get-started/quickstart/set-up-git) +- [GitHub flow](https://docs.github.com/en/get-started/quickstart/github-flow) +- [Collaborating with pull requests](https://docs.github.com/en/github/collaborating-with-pull-requests) + + +## Getting started + +### Issues + +#### Create a new issue + +If you spot a problem with the docs, [search if an issue already exists](https://docs.github.com/en/github/searching-for-information-on-github/searching-on-github/searching-issues-and-pull-requests#search-by-the-title-body-or-comments). If a related issue doesn't exist, you can open a new [issue](https://github.com/rancher/helm-project-operator/issues/new). + +#### Solve an issue + +Scan through our [existing issues](https://github.com/rancher/helm-project-operator/issues) to find one that interests you. If you find an issue to work on, you are welcome to open a PR with a fix. + +### Make Changes + +#### Make changes locally + +1. Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) or [GitHub Desktop](https://desktop.github.com/) + +2. Fork the repository. +- Using GitHub Desktop: + - [Getting started with GitHub Desktop](https://docs.github.com/en/desktop/installing-and-configuring-github-desktop/getting-started-with-github-desktop) will guide you through setting up Desktop. + - Once Desktop is set up, you can use it to [fork the repo](https://docs.github.com/en/desktop/contributing-and-collaborating-using-github-desktop/cloning-and-forking-repositories-from-github-desktop)! + +- Using the command line: + - [Fork the repo](https://docs.github.com/en/github/getting-started-with-github/fork-a-repo#fork-an-example-repository) so that you can make your changes without affecting the original project until you're ready to merge them. + +3. Install or update to **Go 1.17**. For more information, see [the development guide](docs/developing.md). + +4. Create a working branch and start with your changes! + +### Commit your update + +Commit the changes once you are happy with them. See [Atom's contributing guide](https://github.com/atom/atom/blob/master/CONTRIBUTING.md#git-commit-messages) to know how to use emoji for commit messages. + +### Pull Request + +When you're finished with the changes, create a pull request, also known as a PR. +- Don't forget to [link PR to issue](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) if you are solving one. +- Enable the checkbox to [allow maintainer edits](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork) so the branch can be updated for a merge. +Once you submit your PR, a Rancher team member will review your proposal. We may ask questions or request for additional information. +- We may ask for changes to be made before a PR can be merged, either using [suggested changes](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/incorporating-feedback-in-your-pull-request) or pull request comments. You can apply suggested changes directly through the UI. You can make any other changes in your fork, then commit them to your branch. +- As you update your PR and apply changes, mark each conversation as [resolved](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/commenting-on-a-pull-request#resolving-conversations). +- If you run into any merge issues, checkout this [git tutorial](https://lab.github.com/githubtraining/managing-merge-conflicts) to help you resolve merge conflicts and other issues. + +### Your PR is merged! + +Congratulations :tada::tada: The Rancher team thanks you :sparkles:. + +Once your PR is merged, your contributions will be publicly visible on the [`rancher/helm-project-operator`](https://github.com/rancher/helm-project-operator). diff --git a/Dockerfile.dapper b/Dockerfile.dapper index cacd7a77..1325a480 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -17,7 +17,7 @@ RUN if [ "${ARCH}" == "amd64" ]; then \ COPY --from=helm ./helm/bin/helm /usr/local/bin/ ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS -ENV DAPPER_SOURCE /go/src/github.com/aiyengar2/prometheus-federator/ +ENV DAPPER_SOURCE /go/src/github.com/rancher/prometheus-federator/ ENV DAPPER_OUTPUT ./bin ./dist ENV DAPPER_DOCKER_SOCKET true ENV GOPATH /go diff --git a/README.md b/README.md index 333a7e29..2a17d9e7 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,38 @@ prometheus-federator ======== -The Prometheus Federator is intended to be deployed in a Kubernetes cluster running an instance of [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) and a cluster-wide instance of a [Prometheus](https://prometheus.io) CR deployed through [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack). +Prometheus Federator is an operator (powered by [`rancher/helm-project-operator`](https://github.com/rancher/helm-project-operator) and [`rancher/charts-build-scripts](https://github.com/rancher/charts-build-scripts)) that manages deploying one or more Project Monitoring Stacks composed of the following set of resources that are scoped to project namespaces: +- [Prometheus](https://prometheus.io/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana) (deployed via an embedded Helm chart) +- Default PrometheusRules and Grafana dashboards based on the collection of community-curated resources from [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) +- Default ServiceMonitors that watch the deployed Prometheus, Grafana, and Alertmanager -The primary purpose of this operator is to allow users to create `Projects`, groups of namespaces (selected via label selectors) that should be tracked and monitored by independent instances of Prometheus, Alertmanager, and Grafana. +A user can specify that they would like to deploy a Project Monitoring Stack by creating a `ProjectHelmChart` CR in a Project Registration Namespace (`cattle-project-`) with `spec.helmApiVersion: monitoring.cattle.io/v1alpha1`, which will deploy the Project Monitoring Stack in a Project Release Namespace (`cattle-project--monitoring`). -Instead of having each Prometheus independently scrape a set of exporters, each Project Prometheus utilizes [federation](https://prometheus.io/docs/prometheus/latest/federation/) to scrape a pre-configured and pre-existing Cluster Prometheus that will be responsible for collecting metrics from the following exporters: -- [node_exporter](https://github.com/prometheus/node_exporter) -- [windows_exporter](https://github.com/prometheus-community/windows_exporter) -- [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) +> Note: Since this Project Monitoring Stack deploys Prometheus Operator CRs, an existing Prometheus Operator instance must already be deployed in the cluster for Prometheus Federator to successfully be able to deploy Project Monitoring Stacks. It is recommended to use [`rancher-monitoring`](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/) for this. For more information on how the chart works or advanced configurations, please read the [`README.md` on the chart](packages/prometheus-federator/README.md). -On starting Prometheus Federator, users will need to provide the name and namespace containing the Cluster Prometheus CR that will serve as the cluster-level aggregator of metrics. +For more information on ProjectHelmCharts and how to configure the underlying operator, please read the [`README.md` on the chart](packages/prometheus-federator/README.md) or check out the general docs on Helm Project Operators in [`rancher/helm-project-operator`](https://github.com/rancher/helm-project-operator). -In addition, Prometheus Federator is expected to be deployed alongside a Federator PrometheusRule CR, which will create a set of default recording rules on the cluster Prometheus to group together metrics by namespaces in the cluster. This will be packaged in the Helm chart used to deploy the Prometheus Federator. +For more information on how to configure the underlying Project Monitoring Stack, please read the [`README.md` of the underlying chart](packages/rancher-project-monitoring/README.md) (`rancher-project-monitoring`). -On initialization, Prometheus Federator will watch the designated Cluster Prometheus CR that will serve as the cluster-level aggregator of metrics; it will identify any namespaces that are selected by the Cluster Prometheus CR and automatically prevent `Projects` from selecting any namespaces that are already targeted by the Cluster Prometheus (note: if a `Project` cannot target any namespaces as a result, a status will be updated on the resource to indicate this. `Projects` will also be limited from selecting other `Project` namespaces by default). -Once it is up and running, users can define `Projects` in the project registration namespace, which by default will be the namespace that Prometheus Federator is deployed within. +## Getting Started -When a Project is created, Prometheus Federator will automatically create and manage the following resources per CR: -- A Project Namespace, created to host resources for a given project -- A Project Prometheus CR, which will be configured to [federate](https://prometheus.io/docs/prometheus/latest/federation) namespace-scoped metrics generated from the Federator PrometheusRule on the Cluster Prometheus via a PodMonitor. A PrometheusRule CR will also be created in the Project namespace that will aggregate these namespace-scoped metrics into project-scoped metrics via recording rules and set up alerting rules to send out alerts. -- A Project Alertmanager CR (optional, defined in the Project CR) that the Prometheus CR will be configured to send alerts to -- A Deployment of Project Grafana, which will pull data from Prometheus to generate Grafana dashboards visualizing project-scoped and namespace-scoped metrics +For more information, see the [Getting Started guide](docs/gettingstarted.md). + +## Developing + +### Which branch do I make changes on? + +Prometheus Federator is built and released off the contents of the `main` branch. To make a contribution, open up a PR to the `main` branch. + +For more information, see the [Developing guide](docs/developing.md). ## Building `make` - ## Running `./bin/prometheus-federator` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..aea2d70e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,66 @@ +# Security Policy + +## Supported Versions + +Please review our [support maintenance and terms](https://rancher.com/support-maintenance-terms/) to view the current support lifecycle. + +## Reporting a Vulnerability + +SUSE Rancher supports responsible disclosure and endeavors to resolve security issues in a reasonable timeframe. To report a security vulnerability, email security-rancher@suse.com . You may (but are not required to) use the GPG key `rsa4096/C9DF50BDAC351DA9` for encrypted communication. + +### GPG Key - `security-rancher@suse.com` + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGHvxFcBEADibmTaKMTFbiMRAxtM5OjMOAjko7CovpnYSUOuRYi4IblFKIjL +P41oMBT+NgYEQh2//ktNAnAD/v83fkhjPZEM/Fo3yE6JdedCsHajZ2ryeuqEzs5F +c94UtTg8NQxrUgEe4Lk0tFdniGCt8BOb8spZIo9N87L2Zu3Z4P2vIjxdVGvXEQM8 +dr/+s4e973C6PXzXlIDeS3NE51aA0BSHHX72SwZWpvrNusW5fm0mFdLh1y6hNK16 +eNhXLwsA8RnvoOGS04DJCKxAlHQwUDRUDhPI6ULvN/RKm4mlf/qhNHvAntcJ9kiP +upFuPkHZxWAnLUyaWE+o8FhEVjHkaC9Abdyh33E6L252LKZvWszSiQSIJGXEa2TD +njume+jIMdoJN+g7m5NH7HszeKMF5YF0wek8ZvKBfJCxSn9EbUymNkDW5BwSnavQ +sukUawP89VLyXUd+hyd/e5IPMkYDvuHwqHlk60VWPKk7JC2M1LPCgqUsvyHaApQL +TFKHX6F6e0PnIkkU5VGhoSEBTT9B7vFYOMIvQSCavZadKTEZ0dNqd+bJWiLf3VYL +0srd9mPA6blO67EnuP6iuindzrZjQRGnjKkn7JCIoh0FG18kOnjw8dIu6UhCxu2m +V10xCbAMiEMAESuZr6iHG2y//UAYf7drPAGXcEqC+y51DxKcX6TPxNzkXwARAQAB +tDFTVVNFIFJhbmNoZXIgU2VjdXJpdHkgPHNlY3VyaXR5LXJhbmNoZXJAc3VzZS5j +b20+iQJSBBMBCAA8FiEEes5vtg3E4mxMbzRNyd9Qvaw1HakFAmHvxFcCGwMFCwkI +BwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEMnfUL2sNR2pDaYQAJuTbJVAVDWT +zGY2qbg5WSeniKWfS9EYkBD+7HIJWS8M3qOE6rC3plAWYOxs9imKLMJ/mg6dLb0Y +1EqofnqmNewd+QRouSwOG8smyjBubRXFQfSM7WLhid8DItnqK6a97ZoJ+TWB1tLQ +Nx6dkyrFRJS6uQtJxcA1ry6MazXduF7YKTmg7tjaV7Lc+RDReDLWMyk9YTlHFDSn +toKKxB0PxTHOVlhxkItDsxVhdhmfy5BSU9m703so7qnfKU5FEMBj9GwykJKdCtZV +pgk6BNONZkLNH9Mh2kVT2jUf8W/QxjKszHXJixhah6kfSKDaEwiwubP3Q5eVEWei +qzZSfHELXG/fi6yp2P25isttjRS1ovEScjMcgoGFFJjaXA2Rjm7/bMK1Ip1hJdDN ++In2PUuntqPlAFlsnD5bnq2l/uP4QDr/T8aLZxrpuNgKStZTpNrsk6XOOeEagQIO ++AVTIyE/DyHWO8LuX1lgj6aQHJSncbjMMMTdLwGFavliErsBuAhaHRqiuZXG8hLn +ggKkVw/t+pp3RPCuRkOEN/BjubbbIOb39SoWd5w/7X66pHQMxlS1vfy3GllGps9W +Oj0pSuuK1AOnExIdVdj1+9oR9NXABNNZkx1+GgZgIcoTrDWrm74DG9tkIp2OMuFM +ElnSEsmoDgz33ODc/PPx5CElN4zdp9r9uQINBGHvxFcBEADV5xofPXD5LoZN80nq +7DaRPxDm4sOXpI/29Yom+fYLtAetI4usMkBV/0+DoHyryPJoJFgIohGHmb3s5U3y +kEJb3ie+KignEQCI0TA0tUpc3d8R38JAFwzRi+yWakPp00a9lmSVUwD6bm6xG5U4 +arV4xcR12UdPzTSwDGjrt3oDEfpBO927mI5zaboLB7tmhSjwofgtcVsWJAZ28P7I +yD6E+EigxHgTEwT9nhAf42aIzp+NIl2gpdv7BOA3Akef5YhN0eFe8I3n0eyw4d3v +mp0fwjUgi26LYsCBdJR7VbIahjuLEJ7La2H5mNZUNGRCch3m5uSkAvYyMmrMQa0T +STUzzWwgftyqIYTijBMMWmoTRUsrKf6J975J8y92HzPxe3Rd/xJkiG6Dpv6bX2zp +monCoqOwTDihANFDp5xKcO8MvF5jNEIVy3OUqEeBVjL+7d03mFeej1YnBejOxwDs +vG+joSWEdwgBzkOnU5Uv2cBzs8XimgbR8dew//3DcHCqrrKQ8bVDN9ggKPDQsytv +toWaxi0hCPbM/XNh9eFKb/jEEmtYLTKN4UQVxQWZ2h2yrGPnIYzwWPc6n212pqdM +Pzy76xFLl6q8bYYBZ0whKZRr6SDgKOA+SA8XeSuShwnTlu49OFLmWeTNDnAIXbAk +ZsFnI/Sc9iLeLlq/C0NXDPwgxwARAQABiQI2BBgBCAAgFiEEes5vtg3E4mxMbzRN +yd9Qvaw1HakFAmHvxFcCGwwACgkQyd9Qvaw1HambBw/+Je2au+Tuqzk7Cmb3M9ri +re4/7H40GwWCerg0+7khBNM4qcRfJ/0cMnIwkT/U/8ezDY7Vvysmx8FalVDdERAT +ke6hVBIDBMq2EbhakEliHx8H0PZVvVXIe/ficZ48X167N6g44TG3LHagzbdniggy +V5P61Ktv1acXlKWgEJekOVn5AnA3PXupRHBbwXKWGlCnCqQiNJrQIgbz5lP+8DsF ++hb3YXVvQ48C2PBx1gOWRwaZ7eB7DLp7iGNYSvdBpyBW5mjaMoUHajvpM0cG+5Zg +D/brCWasbmaD7QulDCvi/JkTjA3BMgBAfuDTCC/buk+8QoAeREruRWPfF5IYqjD0 +x8xnkTFywz7HwX548kAbPftjZ3Fnwre5JWqkPWu7r15TPt+kHOPvt3mZIr4HNUye +QZG+RrN8rTYpHAYJm7Sc6Qt+Iilk6vp1hO/EBly2g/Er+IH/rykotmcbCvwqlITU +M9IVbqRcO0AEAD6QDBiswL1c2FxshAcjfab8zsbGP1UMhTo3RpddujvSiwenaeSK +WcUE3jFEJK6NjKRNzUjnudhesOUVysKex0ePmhL02wwVFTgxd0+Fa93AyEwVVlK7 +7deeeRAxLgvAMBI8N4+KkznAtyXwtVcWz4wIflznYr0ZW9kJZFepC/mQgUJs/A46 +ArCzVjxOM8JhL941OADyL1A= +=l4yT +-----END PGP PUBLIC KEY BLOCK----- +``` \ No newline at end of file diff --git a/charts/prometheus-federator/0.0.1/Chart.yaml b/charts/prometheus-federator/0.0.1/Chart.yaml index 9576598e..131345fa 100644 --- a/charts/prometheus-federator/0.0.1/Chart.yaml +++ b/charts/prometheus-federator/0.0.1/Chart.yaml @@ -16,6 +16,6 @@ dependencies: name: helmProjectOperator repository: file://./charts/helmProjectOperator description: Prometheus Federator -icon: https://raw.githubusercontent.com/aiyengar2/prometheus-federator.github.io/main/assets/logos/prometheus-federator.svg +icon: https://raw.githubusercontent.com/rancher/prometheus-federator.github.io/main/assets/logos/prometheus-federator.svg name: prometheus-federator version: 0.0.1 diff --git a/docs/design.md b/docs/design.md new file mode 100644 index 00000000..d6a421bf --- /dev/null +++ b/docs/design.md @@ -0,0 +1,112 @@ +# Prometheus Federator + +Prometheus Federator is a [Helm Project Operator](https://github.com/rancher/helm-project-operator) that that manages deploying Helm charts each containing a Project Monitoring Stack, where each stack contains: +- [Prometheus](https://prometheus.io/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana) (deployed via an embedded Helm chart) +- Default PrometheusRules and Grafana dashboards based on the collection of community-curated resources from [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) +- Default ServiceMonitors that watch the deployed resources + +> **Important Note: Prometheus Federator is designed to be deployed alongside an existing Prometheus Operator deployment in a cluster that has already installed the Prometheus Operator CRDs.** + +By default, the chart is configured and intended to be deployed alongside [rancher-monitoring](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. + +## Pre-Installation: Using Prometheus Federator with Rancher and rancher-monitoring + +If you are running your cluster on [Rancher](https://rancher.com/) and already have [rancher-monitoring](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/) deployed onto your cluster, Prometheus Federator's default configuration should already be configured to work with your existing Cluster Monitoring Stack; however, here are some notes on how we recommend you configure rancher-monitoring to optimize the security and usability of Prometheus Federator in your cluster: + +### Ensure the cattle-monitoring-system namespace is placed into the System Project (or a similarly locked down Project that has access to other Projects in the cluster) + +Prometheus Operator's security model expects that the namespace it is deployed into (`cattle-monitoring-system`) has limited access for anyone except Cluster Admins to avoid privilege escalation via execing into Pods (such as the Jobs executing Helm operations). In addition, deploying Prometheus Federator and all Project Prometheus stacks into the System Project ensures that the each Project Prometheus is able to reach out to scrape workloads across all Projects (even if Network Policies are defined via Project Network Isolation) but has limited access for Project Owners, Project Members, and other users to be able to access data they shouldn't have access to (i.e. being allowed to exec into pods, set up the ability to scrape namespaces outside of a given Project, etc.). + +### Configure rancher-monitoring to only watch for resources created by the Helm chart itself + +Since each Project Monitoring Stack will watch the other namespaces and collect additional custom workload metrics or dashboards already, it's recommended to configure the following settings on all selectors to ensure that the Cluster Prometheus Stack only monitors resources created by the Helm Chart itself: + +``` +matchLabels: + release: "rancher-monitoring" +``` + +The following selector fields are recommended to have this value: +- `.Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector` +- `.Values.prometheus.prometheusSpec.serviceMonitorSelector` +- `.Values.prometheus.prometheusSpec.podMonitorSelector` +- `.Values.prometheus.prometheusSpec.ruleSelector` +- `.Values.prometheus.prometheusSpec.probeSelector` + +Once this setting is turned on, you can always create ServiceMonitors or PodMonitors that are picked up by the Cluster Prometheus by adding the label `release: "rancher-monitoring"` to them (in which case they will be ignored by Project Monitoring Stacks automatically by default, even if the namespace in which those ServiceMonitors or PodMonitors reside in are not system namespaces). + +> Note: If you don't want to allow users to be able to create ServiceMonitors and PodMonitors that aggregate into the Cluster Prometheus in Project namespaces, you can additionally set the namespaceSelectors on the chart to only target system namespaces (which must contain `cattle-monitoring-system` and `cattle-dashboards`, where resources are deployed into by default by rancher-monitoring; you will also need to monitor the `default` namespace to get apiserver metrics or create a custom ServiceMonitor to scrape apiserver metrics from the Service residing in the default namespace) to limit your Cluster Prometheus from picking up other Prometheus Operator CRs; in that case, it would be recommended to turn `.Values.prometheus.prometheusSpec.ignoreNamespaceSelectors=true` to allow you to define ServiceMonitors that can monitor non-system namespaces from within a system namespace. + +### Increase the CPU / memory limits of the Cluster Prometheus + +Depending on a cluster's setup, it's generally recommended to give a large amount of dedicated memory to the Cluster Prometheus to avoid restarts due to out-of-memory errors (OOMKilled), usually caused by churn created in the cluster that causes a large number of high cardinality metrics to be generated and ingested by Prometheus within one block of time; this is one of the reasons why the default Rancher Monitoring stack expects around 4GB of RAM to be able to operate in a normal-sized cluster. However, when introducing Project Monitoring Stacks that are all sending `/federate` requests to the same Cluster Prometheus and are reliant on the Cluster Prometheus being "up" to federate that system data on their namespaces, it's even more important that the Cluster Prometheus has an ample amount of CPU / memory assigned to it to prevent an outage that can cause data gaps across all Project Prometheis in the cluster. + +> Note: There are no specific recommendations on how much memory the Cluster Prometheus should be configured with since it depends entirely on the user's setup (namely the likelihood of encountering a high churn rate and the scale of metrics that could be generated at that time); it generally varies per setup. + +## How does the operator work? + +1. On deploying this chart, users can create ProjectHelmCharts CRs with `spec.helmApiVersion` set to `monitoring.cattle.io/v1alpha1` (also known as "Project Monitors" in the Rancher UI) in a **Project Registration Namespace (`cattle-project-`)**. +2. On seeing each ProjectHelmChartCR, the operator will automatically deploy a Project Prometheus stack on the Project Owner's behalf in the **Project Release Namespace (`cattle-project--monitoring`)** based on a HelmChart CR and a HelmRelease CR automatically created by the ProjectHelmChart controller in the **Operator / System Namespace**. +3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) (see below for more information about configuring RBAC). + +### What is a Project? + +In Prometheus Federator, a Project is a group of namespaces that can be identified by a `metav1.LabelSelector`; by default, the label used to identify projects is `field.cattle.io/projectId`, the label used to identify namespaces that are contained within a given [Rancher](https://rancher.com/) Project. + +### Configuring the Helm release created by a ProjectHelmChart + +The `spec.values` of this ProjectHelmChart resources will correspond to the `values.yaml` override to be supplied to the underlying Helm chart deployed by the operator on the user's behalf; to see the underlying chart's `values.yaml` spec, either: +- View to the chart's definition located at [`rancher/prometheus-federator` under `charts/rancher-project-monitoring`](https://github.com/rancher/prometheus-federator/blob/main/charts/rancher-project-monitoring) (where the chart version will be tied to the version of this operator) +- Look for the ConfigMap named `monitoring.cattle.io.v1alpha1` that is automatically created in each Project Registration Namespace, which will contain both the `values.yaml` and `questions.yaml` that was used to configure the chart (which was embedded directly into the `prometheus-federator` binary). + +### Namespaces + +As a Project Operator based on [rancher/helm-project-operator](https://github.com/rancher/helm-project-operator), Prometheus Federator has three different classifications of namespaces that the operator looks out for: +1. **Operator / System Namespace**: this is the namespace that the operator is deployed into (e.g. `cattle-monitoring-system`). This namespace will contain all HelmCharts and HelmReleases for all ProjectHelmCharts watched by this operator. **Only Cluster Admins should have access to this namespace.** +2. **Project Registration Namespace (`cattle-project-`)**: this is the set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace (see more details below). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace**. +> Note: Project Registration Namespaces will be auto-generated by the operator and imported into the Project it is tied to if `.Values.global.cattle.projectLabel` is provided (which is set to `field.cattle.io/projectId` by default); this indicates that a Project Registration Namespace should be created by the operator if at least one namespace is observed with that label. The operator will not let these namespaces be deleted unless either all namespaces with that label are gone (e.g. this is the last namespace in that project, in which case the namespace will be marked with the label `"helm.cattle.io/helm-project-operator-orphaned": "true"`, which signals that it can be deleted) or it is no longer watching that project (because the project ID was provided under `.Values.helmProjectOperator.otherSystemProjectLabelValues`, which serves as a denylist for Projects). These namespaces will also never be auto-deleted to avoid destroying user data; it is recommended that users clean up these namespaces manually if desired on creating or deleting a project +> Note: if `.Values.global.cattle.projectLabel` is not provided, the Operator / System Namespace will also be the Project Registration Namespace +3. **Project Release Namespace (`cattle-project--monitoring`)**: this is the set of namespaces that the operator deploys Project Monitoring Stacks within on behalf of a ProjectHelmChart; the operator will also automatically assign RBAC to Roles created in this namespace by the Project Monitoring Stack based on bindings found in the Project Registration Namespace. **Only Cluster Admins should have access to this namespace; Project Owners (admin), Project Members (edit), and Read-Only Members (view) will be assigned limited access to this namespace by the deployed Helm Chart and Prometheus Federator.** +> Note: Project Release Namespaces are automatically deployed and imported into the project whose ID is specified under `.Values.helmProjectOperator.projectReleaseNamespaces.labelValue` (which defaults to the value of `.Values.global.cattle.systemProjectId` if not specified) whenever a ProjectHelmChart is specified in a Project Registration Namespace +> Note: Project Release Namespaces follow the same orphaning conventions as Project Registration Namespaces (see note above) +> Note: if `.Values.projectReleaseNamespaces.enabled` is false, the Project Release Namespace will be the same as the Project Registration Namespace + +### Helm Resources (HelmChart, HelmRelease) + +On deploying a ProjectHelmChart, the Prometheus Federator will automatically create and manage two child custom resources that manage the underlying Helm resources in turn: +- A HelmChart CR (managed via an embedded [k3s-io/helm-contoller](https://github.com/k3s-io/helm-controller) in the operator): this custom resource automatically creates a Job in the same namespace that triggers a `helm install`, `helm upgrade`, or `helm uninstall` depending on the change applied to the HelmChart CR; this CR is automatically updated on changes to the ProjectHelmChart (e.g. modifying the values.yaml) or changes to the underlying Project definition (e.g. adding or removing namespaces from a project). +> **Important Note: If a ProjectHelmChart is not deploying or updating the underlying Project Monitoring Stack for some reason, the Job created by this resource in the Operator / System namespace should be the first place you check to see if there's something wrong with the Helm operation; however, this is generally only accessible by a Cluster Admin.** +- A HelmRelease CR (managed via an embedded [rancher/helm-locker](https://github.com/rancher/helm-locker) in the operator): this custom resource automatically locks a deployed Helm release in place and automatically overwrites updates to underlying resources unless the change happens via a Helm operation (`helm install`, `helm upgrade`, or `helm uninstall` performed by the HelmChart CR). +> Note: HelmRelease CRs emit Kubernetes Events that detect when an underlying Helm release is being modified and locks it back to place; to view these events, you can use `kubectl describe helmrelease -n `; you can also view the logs on this operator to see when changes are detected and which resources were attempted to be modified + +Both of these resources are created for all Helm charts in the Operator / System namespaces to avoid escalation of privileges to underprivileged users. + +### RBAC + +As described in the section on namespaces above, Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: +- ClusterRoleBindings +- RoleBindings in the Project Release Namespace + +On observing a change to one of those types of bindings, the Helm Project Operator will check whether the `roleRef` that the the binding points to matches a ClusterRole with the name provided under `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.admin`, `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.edit`, or `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.view`; by default, these roleRefs correspond will correspond to `admin`, `edit`, and `view` respectively, which are the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). + +> Note: for Rancher RBAC users, these [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) directly correlate to the `Project Owner`, `Project Member`, and `Read-Only` default Project Role Templates. + +If the `roleRef` matches, the Helm Project Operator will filter the `subjects` of the binding for all Users and Groups and use that to automatically construct a RoleBinding for each Role in the Project Release Namespace with the same name as the role and the following labels: +- `helm.cattle.io/project-helm-chart-role: {{ .Release.Name }}` +- `helm.cattle.io/project-helm-chart-role-aggregate-from: ` + +By default, the `rancher-project-monitoring` (the underlying chart deployed by Prometheus Federator) creates three default Roles per Project Release Namespace that provide `admin`, `edit`, and `view` users to permissions to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack to provide least privilege; however, if a Cluster Admin would like to assign additional permissions to certain users, they can either directly assign RoleBindings in the Project Release Namespace to certain users or created Roles with the above two labels on them to allow Project Owners to control assigning those RBAC roles to users in their Project Registration namespaces. + +### Advanced Helm Project Operator Configuration + +|Value|Configuration| +|---|---------------------------| +|`helmProjectOperator.valuesOverride`| Allows an Operator to override values that are set on each ProjectHelmChart deployment on an operator-level; user-provided options (specified on the `spec.values` of the ProjectHelmChart) are automatically overridden if operator-level values are provided. For an exmaple, see how the default value overrides `federate.targets` (note: when overriding list values like `federate.targets`, user-provided list values will **not** be concatenated) | +|`helmProjectOperator.projectReleaseNamespaces.labelValues`| The value of the Project that all Project Release Namespaces should be auto-imported into (via label and annotation). Not recommended to be overridden on a Rancher setup. | +|`helmProjectOperator.otherSystemProjectLabelValues`| Other namespaces that the operator should treat as a system namespace that should not be monitored. By default, all namespaces that match `global.cattle.systemProjectId` will not be matched. `cattle-monitoring-system`, `cattle-dashboards`, and `kube-system` are explicitly marked as system namespaces as well, regardless of label or annotation. | +|`helmProjectOperator.releaseRoleBindings.aggregate`| Whether to automatically create RBAC resources in Project Release namespaces +|`helmProjectOperator.releaseRoleBindings.clusterRoleRefs.`| ClusterRoles to reference to discover subjects to create RoleBindings for in the Project Release Namespace for all corresponding Project Release Roles. See RBAC above for more information | +|`helmProjectOperator.hardenedNamespaces.enabled`| Whether to automatically patch the default ServiceAccount with `automountServiceAccountToken: false` and create a default NetworkPolicy in all managed namespaces in the cluster; the default values ensure that the creation of the namespace does not break a CIS 1.16 hardened scan | +|`helmProjectOperator.hardenedNamespaces.configuration`| The configuration to be supplied to the default ServiceAccount or auto-generated NetworkPolicy on managing a namespace | \ No newline at end of file diff --git a/docs/developing.md b/docs/developing.md new file mode 100644 index 00000000..493bed0d --- /dev/null +++ b/docs/developing.md @@ -0,0 +1,126 @@ +# Developing Prometheus Federator + +The Prometheus Federator repository is primarily comprised of just two things: +- A simple `main.go` that implements [Helm Project Operator](https://github.com/rancher/helm-project-operator) for the [`rancher-project-monitoring` chart](charts/rancher-project-monitoring) +- A `packages/` directory that corresponds to a [`rancher/charts-build-scripts`](https://github.com/rancher/charts-build-scripts) repository + +In **most** circumstances, you will only ever have to make changes to the `packages/` directory; if you need to make changes to the underlying code of the operator that is deployed, it is likely that you intend to make this change in [rancher/helm-project-operator](https://github.com/rancher/helm-project-operator) instead. + +## Repository Structure + +```bash +## This directory is a [`rancher/charts-build-scripts`](https://github.com/rancher/charts-build-scripts) packages directory. See below for more details. +packages/ + +## This directory contains **auto-generated** Helm chart archives that can be used to deploy Prometheus Federator in a Kubernetes cluster in +## the cattle-monitoring-system namespace, which deploys rancher-project-monitoring (located under charts/rancher-project-monitoring) +## on seeing a ProjectHelmChart with spec.helmApiVersion: monitoring.cattle.io/v1alpha1. +## +## IMPORTANT: You should never modify the contents of this directory directly; you should always modify `packages` since that will +## overwrite the changes that are observed in this directory on running a `make charts`. +## +## By default, you should always install the Helm Project Operator CRD chart before installing the main Prometheus Federator chart. +assets/ + +## This file is an **auto-generated** Helm index.yaml identifying this repository as a valid Helm repository that contains Helm charts. +## +## IMPORTANT: You should never modify the contents of this file directly; you should always modify `packages` since that will +## overwrite the changes that are observed in this directory on running a `make charts` or `make index`. +## +index.yaml + +## This directory contains **auto-generated** Helm charts that can be used to deploy Prometheus Federator in a Kubernetes cluster in +## the cattle-monitoring-system namespace, which deploys rancher-project-monitoring (located under charts/rancher-project-monitoring) +## on seeing a ProjectHelmChart with spec.helmApiVersion: monitoring.cattle.io/v1alpha1. +## +## IMPORTANT: You should never modify the contents of this directory directly; you should always modify `packages` since that will +## overwrite the changes that are observed in this directory on running a `make charts`. +## +## By default, you should always install the Helm Project Operator CRD chart before installing the main Prometheus Federator chart. +charts/ + + ## The CRD chart that installs the HelmRelease CRD, HelmChart CRD, and ProjectHelmChart CRD. This must be installed before installing all other charts. + ## By default, this chart will only ever install the HelmChart CRD / the HelmRelease CRD; it will never upgrade or delete those CRDs to avoid + ## unintentionally impacting other applications installed onto your cluster that use those CRDs (e.g. RKE2 clusters use the HelmChart CRD to manage + ## internal k8s components, so deleting that CRD would destroy an RKE2 cluster). + helm-project-operator-crd/* + + ## The main chart that deploys Prometheus Federator in the cluster. + ## + ## Depends on 'helm-project-operator-crd' being deployed onto the cluster first. + prometheus-federator/* + + ## A chart based on https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack that deploys a Project + ## Monitoring Stack onto the cluster on seeing a valid ProjectHelmChart (which means that it is contained within a Project Registration Namespace + ## with spec.helmApiVersion set to monitoring.cattle.io/v1alpha1) + ## + ## This chart is not expected to ever be deployed standalone; it is embedded into the Prometheus Federator binary itself. + rancher-project-monitoring/* + +## This directory will contain additional docs to assist users in getting started with using Helm Project Operator. +docs/ + +## This directory contains an example ProjectHelmChart that can be deployed to create an example Project Monitoring Stack +## Note: the namespace needs to be modified to be a valid Project Registration Namespace, depending on how you deployed the operator. +examples/ + +## This directory contains the image that is used to build rancher/helm-project-operator, which is hosted on hub.docker.com. +package/ + Dockerfile + +## The main entrypoint into Prometheus Federator that implements Helm Project Operator. +main.go + +## The Dockerfile used to run CI and other scripts executed by make in a Docker container (powered by https://github.com/rancher/dapper) +Dockerfile.dapper +``` + +## Making changes to the Helm Charts (`packages/`) + +In most situations, the changes made to this repository will primarily be fixes to the Helm charts that either deploy the operator (`helm-project-operator-crd`, `prometheus-federator`) or those that are deployed on behalf of the operator (`rancher-project-monitoring`, which embeds `rancher-project-grafana` within it as a subchart). + +If you need to bump the version of Helm Project Operator embedded into the charts or binaries, generally you will need to bump the version of the Helm Project Operator in the `go.mod` and update the commit hash in `packages/helm-project-operator-crd/package.yaml` and `packages/prometheus-federator/generated-changes/dependencies/helmProjectOperator/dependency.yaml`; once done, run `go mod tidy` and make one commit with your changes entitled `Bump Helm Project Operator` followed by one commit with the output of running `unset PACKAGE; make charts` with the commit message `make charts`. + +If you need to make changes to the Prometheus Federator chart itself, make the changes directly in the `packages/prometheus-federator/charts`; once done, make one or more commits that only contain your changes to the `packages/prometheus-federator/charts` directory with proper commit messages describing what you changed and make one commit at the end with the output of running `unset PACKAGE; make charts` with the commit message `make charts`. + +If you need to make changes to the rancher-project-monitoring chart, follow the same steps above but start by running `PACKAGE=rancher-project-monitoring make prepare` to pull in the latest version of your `rancher-project-grafana` chart. Before you commit any changes, always make sure you run `PACKAGE=rancher-project-monitoring make clean` to avoid committing `packages/rancher-project-monitoring/charts/charts` (but be careful since `make clean` will wipe out any changes you made to that directory! It does the equivalent of `rm -rf packages/rancher-project-monitoring/charts/charts`). + +If you need to make changes to the rancher-project-grafana chart, follow the same steps above but start by running `make prepare`, which will pull in the source Grafana chart referenced by the `packages/rancher-project-grafana/package.yaml`, apply the patches from `packages/rancher-project-grafana/generated-changes/*`, and render a `packages/rancher-project-grafana/charts` directory. From here, on every commit you make with changes to `packages/rancher-project-grafana/charts`, you will need to: +- Run `PACKAGE=rancher-project-grafana make patch` to generate changes that will be placed into `packages/rancher-project-grafana/generated-changes/*`. **Ensure that these changes show up in `packages/rancher-project-grafana/generated-changes/*` before you continue any further to avoid losing changes.** +- Run `PACKAGE=rancher-project-grafana make clean` to clean up your repository to get it ready for a commit. This will wipe out the `packages/rancher-project-grafana/charts` directory, so again make sure that these changes show up in `packages/rancher-project-grafana/generated-changes/*` before you run `make clean`. +- After committing, if you run `PACKAGE=rancher-project-grafana make prepare` again, you should see that your changes are persisted. +- Once you are ready with all of your changes, run `PACKAGE=rancher-project-monitoring make charts` to make the final commit with the commit message `make charts`, as done above. + +> Note: since the `rancher-project-grafana` chart is only expected to be used as a subchart of the `rancher-project-monitoring` chart, a value on the `package.yaml` indicates `doNotRelease: true`; this is intentional and will prevent `PACKAGE=rancher-project-grafana make charts` from producing anything in the `charts/`, `assets/`, or `index.yaml`. + +> Note: In general, it is recommended to use the experimental caching feature for rancher/charts-build-scripts to avoid multiple network calls to pull in the source repositories by storing them in a local cache under `.charts-build-scripts/.cache/*`. You can turn this on by default by setting `export USE_CACHE=1`. + +For more information on how to make changes on repositories powered by `rancher/charts-build-scripts`, please read the [docs](https://github.com/rancher/charts-build-scripts/tree/master/templates/template/docs). + +## Once you have made a change + +If you modified `packages/`, make sure you run `unset PACKAGE; make charts` to generate the latest `charts/`, `assets/` and `index.yaml`. + +Also, make sure you run `go mod tidy` if you make any changes to the code. + +## Creating a Docker image based off of your changes + +To test your changes and create a Docker image to a specific Docker repository with a given tag, you should run `REPO= TAG= make` (e.g. `REPO=arvindiyengar TAG=dev make`), which will run the `./scripts/ci` script that builds, tests, validates, and packages your changes into a local Docker image (if you run `docker images`, it should show up as an image in the format `${REPO}/prometheus-federator:${TAG}`). + +If you don't want to run all the steps in CI every time you make a change, you could also run the following one-liner to build and package the image: + +```bash +REPO= +TAG= + +./scripts/build-chart && GOOS=linux CGO_ENABLED=0 go build -ldflags "-extldflags -static -s" -o bin/prometheus-federator && REPO=${REPO} TAG=${TAG} make package +``` + +Once the image is successfully packaged, simply run `docker push ${REPO}/prometheus-federator:${TAG}` to push your image to your Docker repository. + +## Testing a custom Docker image build + +1. Deploy the Helm Project Operator CRD chart as a Helm 3 chart onto your cluster: ensure that your `KUBECONFIG` environment variable is pointing to your cluster (e.g. `export KUBECONFIG=; kubectl get nodes` should show the nodes of your cluster), pull in this repository locally, and from the root of this repository run `helm upgrade --install helm-project-operator-crd -n cattle-helm-system charts/helm-project-operator-crd` +2. Deploy the Prometheus Federator chart as a Helm 3 chart onto your cluster after overriding the image and tag values with your Docker repository and tag: run `helm upgrade --install --set image.repository="${REPO}/prometheus-federator" --set image.tag="${TAG}" --set image.pullPolicy=Always prometheus-federator -n cattle-monitoring-system charts/prometheus-federator` +> Note: Why do we set the Image Pull Policy to `Always`? If you update the Docker image on your fork, setting the Image Pull Policy to `Always` ensures that running `kubectl rollout restart -n cattle-monitoring-system deployment/prometheus-federator` is all you need to do to update your running deployment to the new image, since this would ensure redeploying a deployment triggers a image pull that uses your most up-to-date Docker image. Also, since the underlying Helm chart deployed by the operator (e.g. `example-chart`) is directly embedded into the Helm Project Operator image, you also do not need to update the Deployment object itself to see all the HelmCharts in your cluster automatically be updated to the latest embedded version of the chart. +3. Profit! \ No newline at end of file diff --git a/docs/gettingstarted.md b/docs/gettingstarted.md new file mode 100644 index 00000000..a0fa005b --- /dev/null +++ b/docs/gettingstarted.md @@ -0,0 +1,47 @@ +# Getting Started + +## Simple Installation + +### Prerequisites + +In order to install Prometheus Federator, you first need to have Prometheus Operator deployed; it is also suggested that you configure at least one Cluster Prometheus that is collecting metrics using common exporters (kube-state-metrics, node-exporter, etc.) for the dashboards to work out-of-the-box. + +It is recommended that you install either: +- [`rancher-monitoring`](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/), which should work out-of-the-box with Prometheus Federator (see the [`README.md` on the Helm Chart](packages/prometheus-federator/charts/README.md) for more information on how to optimally configure rancher-monitoring to work with Prometheus Federator) +- [`kube-prometheus-stack`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), which should work with minor modifications to Prometheus Federator. +> Note: this is currently untested but we welcome contributions to update our docs to help users get supported for using Prometheus Federator with vanilla kube-prometheus-stack! In theory, the only changes that should be necessary would be to configure the Prometheus Federator chart to use a different `helmProjectOperator.valuesOverrides.federate.targets` and to override all the selectors on the Prometheus Operator resources (or Grafana Sidecars) in the underlying chart; it could also be possible that this would work out-of-the-box with `kube-prometheus-stack` as long as you supply `.Values.nameOverride=rancher-monitoring` and `.Values.namespaceOverride=cattle-monitoring-system`. + +Once installed, you can proceed with the next steps. + +### In Rancher (via Apps & Marketplace) + +1. Navigate to `Apps & Marketplace -> Repositories` in your target downstream cluster and create a Repository that points to a `Git repository containing Helm chart or cluster template definitions` where the `Git Repo URL` is `https://github.com/rancher/prometheus-federator` and the `Git Branch` is `main` +2. Navigate to `Apps & Marketplace -> Charts`; you should see a chart under the new Repository you created: `Prometheus Federator`. +3. Install `Prometheus Federator` (which will automatically install `helm-project-operator-crd` first) + +### In a normal Kubernetes cluster (via running Helm 3 locally) + +1. Install `helm-project-operator-crd` onto your cluster via Helm to install the ProjectHelmChart, HelmChart and HelmRelease CRDs. + +``` +helm install -n cattle-helm-system helm-project-operator-crd charts/helm-project-operator-crd +``` + +2. Install `prometheus-federator` onto your cluster via Helm to install Prometheus Federator + +``` +helm install -n cattle-monitoring-system prometheus-federator charts/prometheus-federator +``` + +### Checking if ProjectHelmCharts work + +1. Ensure that the logs of `prometheus-federator` in the `cattle-monitoring-system` namespace show that the controller was able to acquire a lock and has started in that namespace +2. Deploy a ProjectHelmChart into a Project Registration Namespace (see [docs/design.md](docs/design.md) for more information on how to identify this) +3. Check to see if a HelmChart CR was created on behalf of that ProjectHelmChart in the Operator / System (`cattle-monitoring-system`) namespace +4. Find the Job in the Operator / System (`cattle-monitoring-system`) namespace tied to the HelmChart object to view the Helm operation logs that were performed on behalf of the HelmChart resource created; these logs should show as successful. +5. Check to see if a HelmRelease CR was created on behalf of that ProjectHelmChart in the Operator / System (`cattle-monitoring-system`) namespace +6. Ensure that the status of the HelmRelease CR shows that it has successfully found the Helm release secret for the Helm chart deployed by the HelmChart CR. +7. Locate the Project Release Namespace (see [docs/design.md](docs/design.md) for more information on how to identify this) and ensure that a Project Monitoring Stack was deployed onto that namespace +8. Try to modify or delete the resources that comprise the Project Monitoring stack; you should see that they are instantly recreated or fixed back into place. +9. Try supplying overrides to the deployed Helm chart (e.g. set `alertmanager.enabled` to false); on supplying new YAML to the ProjectHelmChart, you should see the Helm Operator Job (deployed on behalf of the HelmChart resource) be modified and you should observe that the HelmRelease CR emits an event (observable by running `kubectl describe -n cattle-monitoring-system ` on the HelmRelease object) that indicates that it is Transitioning and then Locked; the release number will also be updated. +10. Ensure that the change you expected was propogated to the Project Monitoring Stack (e.g. Alertmanager is no longer deployed). diff --git a/examples/example.yaml b/examples/example.yaml index 7a5de248..58e2b4c2 100644 --- a/examples/example.yaml +++ b/examples/example.yaml @@ -2,7 +2,7 @@ apiVersion: helm.cattle.io/v1alpha1 kind: ProjectHelmChart metadata: name: project-monitoring - namespace: cattle-project-monitoring-system + namespace: cattle-monitoring-system spec: helmApiVersion: monitoring.cattle.io/v1alpha1 values: {} \ No newline at end of file diff --git a/generate.go b/generate.go deleted file mode 100644 index 56df3acb..00000000 --- a/generate.go +++ /dev/null @@ -1,4 +0,0 @@ -//go:generate go run pkg/codegen/cleanup/main.go -//go:generate go run pkg/codegen/main.go - -package main diff --git a/go.mod b/go.mod index e7c4d318..18d3f62a 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/aiyengar2/prometheus-federator +module github.com/rancher/prometheus-federator go 1.17 @@ -13,7 +13,7 @@ replace ( ) require ( - github.com/aiyengar2/helm-project-operator v0.0.0-20220428194020-d1ea3f1e508a + github.com/rancher/helm-project-operator v0.0.0-20220502231222-6cb8f0f3020e github.com/rancher/wrangler v0.8.11-0.20220217210408-3ecd23dfea3b github.com/rancher/wrangler-cli v0.0.0-20211112052728-f172e9bf59af github.com/spf13/cobra v1.4.0 @@ -22,7 +22,6 @@ require ( require ( github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/Masterminds/squirrel v1.5.2 // indirect - github.com/aiyengar2/helm-locker v0.0.0-20220428185851-b6b31459da49 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect @@ -57,6 +56,7 @@ require ( github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect github.com/prometheus/procfs v0.7.3 // indirect + github.com/rancher/helm-locker v0.0.0-20220502205359-41afb37c0c59 // indirect github.com/rancher/lasso v0.0.0-20220303220127-8cf5555ec03c // indirect github.com/rubenv/sql-migrate v0.0.0-20210614095031-55d5740dbbcc // indirect github.com/sirupsen/logrus v1.8.1 // indirect diff --git a/go.sum b/go.sum index c4b4cf7d..58c4ca75 100644 --- a/go.sum +++ b/go.sum @@ -117,10 +117,6 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:H github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/aiyengar2/helm-controller v0.0.0-20220426061707-235e97b6ea23 h1:xSgyR8cA+4ccP6geloTYY6MYNcrB/Q6cMyw3f1yYDqY= github.com/aiyengar2/helm-controller v0.0.0-20220426061707-235e97b6ea23/go.mod h1:ZmIZBP7FigARnQfS7da0X6hPQEqYdmbOl5V/e397ZLc= -github.com/aiyengar2/helm-locker v0.0.0-20220428185851-b6b31459da49 h1:Tw8rE1lbC8kQAYjTQeF57fzNDQiKIVdwSJsaPv03KmY= -github.com/aiyengar2/helm-locker v0.0.0-20220428185851-b6b31459da49/go.mod h1:NvPSCK70yosgQHoj9Sdj4d+SUd+WakSN/lmUyTlP9vw= -github.com/aiyengar2/helm-project-operator v0.0.0-20220428194020-d1ea3f1e508a h1:2DiRb47MSOE4a8rFGBVY5qwa2hMotXW+JcPOLT2xGoE= -github.com/aiyengar2/helm-project-operator v0.0.0-20220428194020-d1ea3f1e508a/go.mod h1:Oh+DB0Rw5YZcYSGJoMpxVPTJRrt07gwuLZ3t2T6FiMA= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -951,6 +947,10 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA= github.com/rancher/client-go v1.22.3-rancher.1 h1:aNVLaIY5YGah1i9wRVXLOGRbLyekohjQAKHXeQm6Cxo= github.com/rancher/client-go v1.22.3-rancher.1/go.mod h1:ElDjYf8gvZsKDYexmsmnMQ0DYO8W9RwBjfQ1PI53yow= +github.com/rancher/helm-locker v0.0.0-20220502205359-41afb37c0c59 h1:iNMcJFW8GUKrK0Tyq5qIEcyv2hkG5XYvFpLK0D6tCg8= +github.com/rancher/helm-locker v0.0.0-20220502205359-41afb37c0c59/go.mod h1:PRThM9wL4o7MXJwUDeAk/+9s1vpmbRbacnGm+HoGqbY= +github.com/rancher/helm-project-operator v0.0.0-20220502231222-6cb8f0f3020e h1:BPJ1XpSsbGJKUrFgUU+vrhQIFEWgL0lWBZawgsOaTfE= +github.com/rancher/helm-project-operator v0.0.0-20220502231222-6cb8f0f3020e/go.mod h1:aO4ZzrDvXSvRPURP6wP+5Pw1r+Q9cFWHLmUcgfTOC+8= github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08/go.mod h1:9qZd/S8DqWzfKtjKGgSoHqGEByYmUE3qRaBaaAHwfEM= github.com/rancher/lasso v0.0.0-20220303220127-8cf5555ec03c h1:TyDYClPPCN2rWM97gd1jkvzlEy6ByYEN9IMK6nUY3dY= github.com/rancher/lasso v0.0.0-20220303220127-8cf5555ec03c/go.mod h1:T6WoUopOHBWTGjnphruTJAgoZ+dpm6llvn6GDYaa7Kw= diff --git a/index.yaml b/index.yaml index 95545c45..f1ef0582 100755 --- a/index.yaml +++ b/index.yaml @@ -38,7 +38,7 @@ entries: repository: file://./charts/helmProjectOperator description: Prometheus Federator digest: b12d7875d03de55055d9533faa064740d2a0895a6bf4470e797f18bcc988ecc2 - icon: https://raw.githubusercontent.com/aiyengar2/prometheus-federator.github.io/main/assets/logos/prometheus-federator.svg + icon: https://raw.githubusercontent.com/rancher/prometheus-federator.github.io/main/assets/logos/prometheus-federator.svg name: prometheus-federator urls: - assets/prometheus-federator/prometheus-federator-0.0.1.tgz diff --git a/main.go b/main.go index 081b4f7a..b6c9fbe8 100644 --- a/main.go +++ b/main.go @@ -6,9 +6,9 @@ import ( "net/http" _ "net/http/pprof" - "github.com/aiyengar2/helm-project-operator/pkg/controllers/common" - "github.com/aiyengar2/helm-project-operator/pkg/operator" - "github.com/aiyengar2/prometheus-federator/pkg/version" + "github.com/rancher/helm-project-operator/pkg/controllers/common" + "github.com/rancher/helm-project-operator/pkg/operator" + "github.com/rancher/prometheus-federator/pkg/version" command "github.com/rancher/wrangler-cli" _ "github.com/rancher/wrangler/pkg/generated/controllers/apiextensions.k8s.io" _ "github.com/rancher/wrangler/pkg/generated/controllers/networking.k8s.io" @@ -17,7 +17,7 @@ import ( ) const ( - HelmApiVersion = "monitoring.cattle.io/v1alpha1" + HelmAPIVersion = "monitoring.cattle.io/v1alpha1" ReleaseName = "monitoring" ) @@ -53,7 +53,7 @@ func (f *PrometheusFederator) Run(cmd *cobra.Command, args []string) error { if err := operator.Init(ctx, f.Namespace, cfg, common.Options{ OperatorOptions: common.OperatorOptions{ - HelmApiVersion: HelmApiVersion, + HelmAPIVersion: HelmAPIVersion, ReleaseName: ReleaseName, SystemNamespaces: SystemNamespaces, ChartContent: base64TgzChart, diff --git a/packages/helm-project-operator-crd/package.yaml b/packages/helm-project-operator-crd/package.yaml index 99d434b2..6932a746 100644 --- a/packages/helm-project-operator-crd/package.yaml +++ b/packages/helm-project-operator-crd/package.yaml @@ -1,3 +1,3 @@ -url: https://github.com/aiyengar2/helm-project-operator.git +url: https://github.com/rancher/helm-project-operator.git subdirectory: charts/helm-project-operator-crd -commit: d1ea3f1e508a967ea42f4836cbd419efab49fa84 \ No newline at end of file +commit: 6cb8f0f3020ee72b4238c558118970071cbf0ff7 \ No newline at end of file diff --git a/packages/prometheus-federator/charts/Chart.yaml b/packages/prometheus-federator/charts/Chart.yaml index 9576598e..131345fa 100755 --- a/packages/prometheus-federator/charts/Chart.yaml +++ b/packages/prometheus-federator/charts/Chart.yaml @@ -16,6 +16,6 @@ dependencies: name: helmProjectOperator repository: file://./charts/helmProjectOperator description: Prometheus Federator -icon: https://raw.githubusercontent.com/aiyengar2/prometheus-federator.github.io/main/assets/logos/prometheus-federator.svg +icon: https://raw.githubusercontent.com/rancher/prometheus-federator.github.io/main/assets/logos/prometheus-federator.svg name: prometheus-federator version: 0.0.1 diff --git a/packages/prometheus-federator/generated-changes/dependencies/helmProjectOperator/dependency.yaml b/packages/prometheus-federator/generated-changes/dependencies/helmProjectOperator/dependency.yaml index a16c6a06..66f84a2d 100644 --- a/packages/prometheus-federator/generated-changes/dependencies/helmProjectOperator/dependency.yaml +++ b/packages/prometheus-federator/generated-changes/dependencies/helmProjectOperator/dependency.yaml @@ -1,3 +1,3 @@ -url: https://github.com/aiyengar2/helm-project-operator.git +url: https://github.com/rancher/helm-project-operator.git subdirectory: charts/helm-project-operator -commit: d1ea3f1e508a967ea42f4836cbd419efab49fa84 \ No newline at end of file +commit: 6cb8f0f3020ee72b4238c558118970071cbf0ff7 \ No newline at end of file diff --git a/scripts/build b/scripts/build index 5cc69651..73d7d55a 100755 --- a/scripts/build +++ b/scripts/build @@ -11,8 +11,8 @@ mkdir -p bin if [ "$(uname)" = "Linux" ]; then OTHER_LINKFLAGS="-extldflags -static -s" fi -LINKFLAGS="-X github.com/aiyengar2/prometheus-federator/pkg/version.Version=$VERSION" -LINKFLAGS="-X github.com/aiyengar2/prometheus-federator/pkg/version.GitCommit=$COMMIT $LINKFLAGS" +LINKFLAGS="-X github.com/rancher/prometheus-federator/pkg/version.Version=$VERSION" +LINKFLAGS="-X github.com/rancher/prometheus-federator/pkg/version.GitCommit=$COMMIT $LINKFLAGS" CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/prometheus-federator if [ "$CROSS" = "true" ] && [ "$ARCH" = "amd64" ]; then GOOS=darwin go build -ldflags "$LINKFLAGS" -o bin/prometheus-federator-darwin diff --git a/scripts/ci b/scripts/ci index 52334105..254b0e73 100755 --- a/scripts/ci +++ b/scripts/ci @@ -7,4 +7,5 @@ cd $(dirname $0) ./test ./validate ./validate-ci +./validate-charts ./package diff --git a/scripts/validate-charts b/scripts/validate-charts new file mode 100755 index 00000000..cbabd40f --- /dev/null +++ b/scripts/validate-charts @@ -0,0 +1,9 @@ +#!/bin/bash +set -e + +cd $(dirname $0)/.. + +echo Running chart validation + +./scripts/charts-build-scripts/pull-scripts +./bin/charts-build-scripts validate --local \ No newline at end of file