feat(vCluster): Upgrade to 0.30.0, Add Prometheus operator plugin, monitoring CM, refactor config templating (#129)

Author: ilia-medvedev-codefresh

.github/workflows/lint-test.yaml

@@ -88,7 +88,7 @@ jobs:
           fi
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.5.0
+        uses: helm/kind-action@v1.13.0
 
       - name: Run chart-testing (install)
         run: |
@@ -97,6 +97,12 @@ jobs:
             # Do not run `ct install` for cf-common (library chart) or builder/runner
             exit 0
           fi
+
+          if [[ "$changed" =~ "charts/cf-vcluster" ]]; then
+            # install prometheus CRDs for cf-vcluster to pass installation with plugin enabled
+            helm install prom-crds --repo https://prometheus-community.github.io/helm-charts prometheus-operator-crds --wait
+          fi
+
           ct install --config "ct.yaml"
 
   unittest-charts:

charts/cf-vcluster/Chart.yaml

@@ -2,11 +2,12 @@ apiVersion: v2
 name: cf-vcluster
 description: Umbrella chart over vCluster adjusted for Codefresh use cases - mainly in Crossplane compositions
 type: application
-version: 0.28.0-4
-appVersion: "0.28.0"
+version: 0.31.0-alpha.0-1
+appVersion: "0.31.0"
 dependencies:
   - name: vcluster
-    version: 0.28.0
+    repository: https://charts.loft.sh
+    version: v0.31.0-alpha.0
 maintainers:
   - name: codefresh
     url: https://codefresh-io.github.io/

charts/cf-vcluster/README.md

@@ -1,6 +1,6 @@
 # cf-vcluster
 
-![Version: 0.28.0-4](https://img.shields.io/badge/Version-0.28.0--4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.28.0](https://img.shields.io/badge/AppVersion-0.28.0-informational?style=flat-square)
+![Version: 0.31.0-alpha.0-1](https://img.shields.io/badge/Version-0.31.0--alpha.0--1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.31.0](https://img.shields.io/badge/AppVersion-0.31.0-informational?style=flat-square)
 
 Umbrella chart over vCluster adjusted for Codefresh use cases - mainly in Crossplane compositions
 
@@ -14,7 +14,7 @@ Umbrella chart over vCluster adjusted for Codefresh use cases - mainly in Crossp
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | vcluster | 0.28.0 |
+| https://charts.loft.sh | vcluster | v0.31.0-alpha.0 |
 
 ## Values
 
@@ -41,19 +41,48 @@ Umbrella chart over vCluster adjusted for Codefresh use cases - mainly in Crossp
 | global.ingress.public.host.domain | string | `"example.com"` |  |
 | global.ingress.public.host.name | string | `"{{ .Release.Namespace }}-vcluster"` |  |
 | global.ingress.public.ingressClassName | string | `"nginx-public"` |  |
+| global.monitoring.additionalResourceAttributes | object | `{}` |  |
+| global.monitoring.monitoredNamespaces | list | `[]` |  |
 | vcluster.controlPlane.distro.k8s.apiServer.extraArgs[0] | string | `"--oidc-issuer-url=https://dexidp.shared-services.cf-infra.com"` |  |
 | vcluster.controlPlane.distro.k8s.apiServer.extraArgs[1] | string | `"--oidc-client-id=vcluster-login"` |  |
 | vcluster.controlPlane.distro.k8s.apiServer.extraArgs[2] | string | `"--oidc-username-claim=email"` |  |
 | vcluster.controlPlane.distro.k8s.apiServer.extraArgs[3] | string | `"--oidc-groups-claim=groups"` |  |
 | vcluster.controlPlane.distro.k8s.enabled | bool | `true` |  |
-| vcluster.controlPlane.proxy.extraSANs[0] | string | `"{{ tpl (printf \"%s.%s.%s\" .Release.Name .Release.Namespace \".cluster.svc.local\") . }}"` |  |
+| vcluster.controlPlane.proxy.extraSANs[0] | string | `"{{ tpl (printf \"%s.%s.%s\" .Release.Name .Release.Namespace \"cluster.svc.local\") . }}"` |  |
 | vcluster.controlPlane.proxy.extraSANs[1] | string | `"{{ tpl (printf \"%s.%s\" .Values.global.ingress.internal.host.name .Values.global.ingress.internal.host.domain) . }}"` |  |
 | vcluster.controlPlane.proxy.extraSANs[2] | string | `"{{ tpl (printf \"%s.%s\" .Values.global.ingress.public.host.name .Values.global.ingress.public.host.domain) . }}"` |  |
+| vcluster.controlPlane.statefulSet.args[0] | string | `"--config"` |  |
+| vcluster.controlPlane.statefulSet.args[1] | string | `"/etc/cf-vcluster/config.yaml"` |  |
+| vcluster.controlPlane.statefulSet.persistence.addVolumeMounts[0].mountPath | string | `"/etc/cf-vcluster"` |  |
+| vcluster.controlPlane.statefulSet.persistence.addVolumeMounts[0].name | string | `"templated-vcluster-config"` |  |
+| vcluster.controlPlane.statefulSet.persistence.addVolumes[0].name | string | `"templated-vcluster-config"` |  |
+| vcluster.controlPlane.statefulSet.persistence.addVolumes[0].secret.defaultMode | int | `420` |  |
+| vcluster.controlPlane.statefulSet.persistence.addVolumes[0].secret.secretName | string | `"vc-templated-config"` |  |
 | vcluster.experimental.deploy.vcluster.manifests | string | `"---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: oidc-cluster-admin\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: Group\n  name: [email protected]\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: oidc-cluster-admin-octopus\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: Group\n  name: 787d1a9a-e488-4a77-bb6c-f4b2fdfd8cea # Codefresh R&D Team\n- kind: Group\n  name: 607a9f67-422c-4ca2-b8c4-d0be213b9650 # Codefresh SA Team\n- kind: Group\n  name: f8de82e2-cdb6-480a-8f37-9f958ea5fef5 # Codefresh Support Team\n- kind: Group\n  name: 16b3fb37-58f2-4786-8ca8-6f58d0410687 # Codefresh OSS Team\n- kind: Group\n  name: dc35779f-57d5-4dff-90c0-34c6e93fe7e7 # Codefresh OSS Team\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: codefresh-pipelines-integration-cluster-admin\n  namespace: kube-system\n---\napiVersion: v1\nkind: Secret\nmetadata:\n  name: codefresh-pipelines-integration-cluster-admin-token\n  namespace: kube-system\n  annotations:\n    kubernetes.io/service-account.name: codefresh-pipelines-integration-cluster-admin\ntype: kubernetes.io/service-account-token\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: codefresh-pipelines-integration-cluster-admin\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: codefresh-pipelines-integration-cluster-admin\n  namespace: kube-system"` |  |
 | vcluster.exportKubeConfig.insecure | bool | `true` |  |
 | vcluster.exportKubeConfig.server | string | `"{{- include \"cf-vcluster.kubeconfighost\" . -}}"` | Automatically calculate and set the kubeconfig host value based on ingress settings |
 | vcluster.exportKubeConfig.serviceAccount.clusterRole | string | `"cluster-admin"` |  |
 | vcluster.exportKubeConfig.serviceAccount.name | string | `"cluster-admin"` |  |
+| vcluster.integrations.metricsServer.enabled | bool | `true` |  |
+| vcluster.integrations.metricsServer.nodes | bool | `true` |  |
+| vcluster.integrations.metricsServer.pods | bool | `true` |  |
+| vcluster.plugins.prometheus-operator-resources.image | string | `"ghcr.io/codefresh-contrib/vcluster-prometheus-operator-plugin:v0.3.0"` |  |
+| vcluster.plugins.prometheus-operator-resources.imagePullPolicy | string | `"IfNotPresent"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.clusterRole.extraRules[0].apiGroups[0] | string | `"apiextensions.k8s.io"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.clusterRole.extraRules[0].resources[0] | string | `"customresourcedefinitions"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.clusterRole.extraRules[0].verbs[0] | string | `"get"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.clusterRole.extraRules[0].verbs[1] | string | `"list"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.clusterRole.extraRules[0].verbs[2] | string | `"watch"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].apiGroups[0] | string | `"monitoring.coreos.com"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].resources[0] | string | `"servicemonitors"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].resources[1] | string | `"podmonitors"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].verbs[0] | string | `"create"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].verbs[1] | string | `"delete"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].verbs[2] | string | `"patch"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].verbs[3] | string | `"update"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].verbs[4] | string | `"get"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].verbs[5] | string | `"list"` |  |
+| vcluster.plugins.prometheus-operator-resources.rbac.role.extraRules[0].verbs[6] | string | `"watch"` |  |
 | vcluster.rbac.clusterRole.enabled | bool | `true` |  |
 | vcluster.sync.fromHost.ingressClasses.enabled | bool | `true` |  |
 | vcluster.sync.fromHost.nodes.enabled | bool | `true` |  |