From 00504693d2b6ea230155721106d15bbcb48148f6 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 28 Nov 2024 18:19:54 +0100 Subject: [PATCH 01/42] helmfile --- installation/Helmfile_eks.yaml | 156 ++++++++++++++++++ installation/Makefile | 5 - installation/config/eks/enabled.yaml | 29 ++++ installation/config/eks/grafana-values.yaml | 16 ++ installation/config/eks/kyverno-values.yaml | 13 ++ installation/config/eks/opencost-values.yaml | 13 ++ .../prometheus-opencost-exporter-values.yaml | 29 ++++ installation/config/gke/enabled.yaml | 33 ++++ .../config/gke/prometheus-values.yaml | 17 ++ 9 files changed, 306 insertions(+), 5 deletions(-) create mode 100644 installation/Helmfile_eks.yaml create mode 100644 installation/config/eks/enabled.yaml create mode 100644 installation/config/eks/grafana-values.yaml create mode 100644 installation/config/eks/kyverno-values.yaml create mode 100644 installation/config/eks/opencost-values.yaml create mode 100644 installation/config/eks/prometheus-opencost-exporter-values.yaml create mode 100644 installation/config/gke/enabled.yaml create mode 100644 installation/config/gke/prometheus-values.yaml diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml new file mode 100644 index 0000000..ca5b6fe --- /dev/null +++ b/installation/Helmfile_eks.yaml @@ -0,0 +1,156 @@ +repositories: +- name: kyverno + url: https://kyverno.github.io/kyverno/ +- name: prometheus-opencost-exporter + url: https://prometheus-community.github.io/helm-charts +- name: prometheus + url: https://prometheus-community.github.io/helm-charts +- name: grafana + url: https://grafana.github.io/helm-charts +- name: vpa + url: https://charts.fairwinds.com/stable +- name: cert-manager + url: https://charts.jetstack.io +- name: fairwinds-stable + url: https://charts.fairwinds.com/stable + +--- +helmDefaults: + wait: true + timeout: 1200 +--- +environments: + default: + values: + - "./config/{{ requiredEnv "HOST_ENV" }}/enabled.yaml" +--- +releases: +- name: kyverno + version: "3.2.6" + chart: kyverno/kyverno + condition: kyverno.enabled + namespace: finops-stack + values: + - "./config/common/kyverno-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/kyverno-values.yaml" + +- name: finops-policies + version: "0.1.0" + chart: "../charts/finops-policies" + condition: finops-policies.enabled + namespace: finops-stack + disableValidationOnInstall: true + needs: + - kyverno + +- name: cert-manager + version: v1.15.3 + chart: cert-manager/cert-manager + condition: cert-manager.enabled + namespace: cert-manager + values: + - "./config/common/cert-manager-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/cert-manager-values.yaml" + - global: + leaderElection: + namespace: cert-manager + commonLabels: + cost-center-label: "xyz" + - serviceAccount: + annotations: + {{ requiredEnv "CERT_MANAGER_SA_ANNOTATION" }} + +- name: cert-manager-config + version: "0.1.0" + chart: "../charts/cert-manager-config" + condition: cert-manager.enabled + namespace: finops-stack + disableValidationOnInstall: true + needs: + - cert-manager/cert-manager + values: + - email: {{ requiredEnv "CERT_MANAGER_EMAIL" }} + - gcpProjectID: {{ requiredEnv "GCP_PROJECT" }} + - grafanaTLSCert: + hostname: {{ requiredEnv "GRAFANA_FQDN" }} + +- name: grafana + version: "8.4.7" + chart: grafana/grafana + condition: grafana.enabled + namespace: finops-stack + values: + - "./config/common/grafana-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/grafana-values.yaml" + - adminUser: {{ requiredEnv "GRAFANA_ADMIN_USER" }} + - adminPassword: {{ requiredEnv "GRAFANA_ADMIN_PW" }} + - serviceAccount: + annotations: + {{ requiredEnv "GRAFANA_SA_ANNOTATION" }} + + # If you don't require ingress via an FQDN remove this ingress section + - ingress: + enabled: {{ requiredEnv "GRAFANA_INGRESS" }} + annotations: + kubernetes.io/ingress.global-static-ip-name: {{ requiredEnv "GRAFANA_PUBLIC_IP_NAME" }} + hosts: + - {{ requiredEnv "GRAFANA_FQDN" }} + # If you don't require https access to the Grafana dashboard remove this tls section + tls: + - secretName: {{ requiredEnv "GRAFANA_FQDN" }}-tls + hosts: + - {{ requiredEnv "GRAFANA_FQDN" }} + needs: + - cert-manager/cert-manager + +- name: vpa + version: "4.5.0" + chart: "vpa/vpa" + condition: vpa.enabled + namespace: finops-stack + values: + - "./config/common/vpa-values.yaml" + +- name: gmp-proxy + version: "0.1.0" + chart: "../charts/gmp-proxy" + condition: gmp-proxy.enabled + namespace: finops-stack + needs: + - grafana + values: + - "./config/common/gmp-proxy-values.yaml" + - gmpProjectId: {{ requiredEnv "GCP_PROJECT" }} + +- name: prometheus-opencost-exporter + version: "0.1.1" + chart: "prometheus-opencost-exporter/prometheus-opencost-exporter" + condition: opencost-exporter.enabled + namespace: finops-stack + needs: + - gmp-proxy + values: + - "./config/common/prometheus-opencost-exporter-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" + - opencost: + exporter: + cloudProviderApiKey: {{ requiredEnv "CSP_API_KEY" }} + +- name: finops-stack-opencost-templates + version: "0.1.0" + chart: "../charts/opencost-config" + condition: opencost-templates.enabled + namespace: finops-stack + disableValidationOnInstall: true + values: + - "./config/{{ requiredEnv "HOST_ENV" }}/opencost-templates-values.yaml" + +- name: goldilocks + version: "9.0.0" + chart: fairwinds-stable/goldilocks + condition: goldilocks.enabled + namespace: finops-stack + values: + - "./config/common/goldilocks-values.yaml" + + diff --git a/installation/Makefile b/installation/Makefile index d1ac14a..f20be81 100644 --- a/installation/Makefile +++ b/installation/Makefile @@ -1,10 +1,5 @@ .DEFAULT_GOAL := help -CLUSTER_NAME := ambient -PROJECT_ID := "$(shell gcloud config get-value project)" -M_TYPE := n1-standard-2 -ZONE := europe-west2-a - cluster: ## Setup cluster kind create cluster diff --git a/installation/config/eks/enabled.yaml b/installation/config/eks/enabled.yaml new file mode 100644 index 0000000..5a707b4 --- /dev/null +++ b/installation/config/eks/enabled.yaml @@ -0,0 +1,29 @@ +# -- Enable / Disable the installation of Kyverno +kyverno: + enabled: true + +# -- Enable / Disable the installation of Kyverno FinOps Policies +finops-policies: + enabled: true +# -- Enable / Disable the installation of the VPA Controller +vpa: + enabled: true +# -- Enable / Disable the installation of the Grafana +grafana: + enabled: true +# -- Enable / Disable the installation of cert-manager +cert-manager: + enabled: false +# -- Enable / Disable the installation of OpenCost +opencost: + enabled: false +# -- Enable / Disable the installation of OpenCost Exporter +opencost-exporter: + enabled: true + +opencost-templates: + enabled: true + +# -- Enable / Disable the installation of Fairwinds' Goldilocks +goldilocks: + enabled: true diff --git a/installation/config/eks/grafana-values.yaml b/installation/config/eks/grafana-values.yaml new file mode 100644 index 0000000..d0747c9 --- /dev/null +++ b/installation/config/eks/grafana-values.yaml @@ -0,0 +1,16 @@ +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + uid: "PFB5ABA51A8A585D7" + url: http://prometheus-server + isDefault: true + editable: true +ingress: + enabled: false + annotations: + kubernetes.io/ingress.global-static-ip-name: "ip-name" + hosts: + - grafana.example.com \ No newline at end of file diff --git a/installation/config/eks/kyverno-values.yaml b/installation/config/eks/kyverno-values.yaml new file mode 100644 index 0000000..2d4980c --- /dev/null +++ b/installation/config/eks/kyverno-values.yaml @@ -0,0 +1,13 @@ +features: + backgroundScan: + skipResourceFilters: false # Important so that background Scan's Exclude Namespaces, etc +config: + resourceFiltersIncludeNamespaces: + - kube-system + webhooks: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system diff --git a/installation/config/eks/opencost-values.yaml b/installation/config/eks/opencost-values.yaml new file mode 100644 index 0000000..a3f9aa3 --- /dev/null +++ b/installation/config/eks/opencost-values.yaml @@ -0,0 +1,13 @@ +cloudCost: + enabled: false +opencost: + cloudCost: + enabled: false + prometheus: + external: + enabled: true + url: http://gmp-proxy + internal: + enabled: false + exporter: + cloudProviderApiKey: "dummy_key" \ No newline at end of file diff --git a/installation/config/eks/prometheus-opencost-exporter-values.yaml b/installation/config/eks/prometheus-opencost-exporter-values.yaml new file mode 100644 index 0000000..496c07b --- /dev/null +++ b/installation/config/eks/prometheus-opencost-exporter-values.yaml @@ -0,0 +1,29 @@ +service: + enabled: true +opencost: + prometheus: + external: + enabled: false + # url: http://prometheus-server + internal: + # -- Use in-cluster Prometheus + enabled: true + # -- Service name of in-cluster Prometheus + serviceName: prometheus-server + # -- Namespace of in-cluster Prometheus + namespaceName: prometheus-system + # -- Service port of in-cluster Prometheus + port: 80 + exporter: + cloudProviderApiKey: "dummy_key" + # Persistent volume claim for storing the data. eg: csv file + persistence: + enabled: false + # -- Annotations for persistent volume + annotations: {} + # -- Access mode for persistent volume + accessMode: "" + # -- Storage class for persistent volume + storageClass: "standard-rwo" + # -- Size for persistent volume + size: "10g" \ No newline at end of file diff --git a/installation/config/gke/enabled.yaml b/installation/config/gke/enabled.yaml new file mode 100644 index 0000000..81f356a --- /dev/null +++ b/installation/config/gke/enabled.yaml @@ -0,0 +1,33 @@ +# -- Enable / Disable the installation of Kyverno +kyverno: + enabled: true + +# -- Enable / Disable the installation of Kyverno FinOps Policies +finops-policies: + enabled: true +# -- Enable / Disable the installation of the VPA Controller +vpa: + enabled: true +# -- Enable / Disable the installation of the Grafana +grafana: + enabled: true +# -- Enable / Disable the installation of cert-manager +cert-manager: + enabled: false +# -- Enable / Disable the installation of OpenCost +opencost: + enabled: false +# -- Enable / Disable the installation of OpenCost Exporter +opencost-exporter: + enabled: true + +opencost-templates: + enabled: true + +# -- Enable / Disable the installation of GMP Proxy (required when using Google Managed Prometheus) +gmp-proxy: + enabled: true + +# -- Enable / Disable the installation of Fairwinds' Goldilocks +goldilocks: + enabled: true diff --git a/installation/config/gke/prometheus-values.yaml b/installation/config/gke/prometheus-values.yaml new file mode 100644 index 0000000..87c2dce --- /dev/null +++ b/installation/config/gke/prometheus-values.yaml @@ -0,0 +1,17 @@ +extraScrapeConfigs: | + - job_name: opencost + honor_labels: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + dns_sd_configs: + - names: + - opencost.opencost + type: 'A' + port: 9003 + +alertmanager: + enabled: false +prometheus-pushgateway: + enabled: false \ No newline at end of file From 1fe9f81f79ea98a1e245533cec9881c25be585d6 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Fri, 29 Nov 2024 16:12:01 +0100 Subject: [PATCH 02/42] prometheus exporter --- installation/config/eks/opencost-values.yaml | 19 +++- .../prometheus-opencost-exporter-values.yaml | 11 ++- .../{gke => eks}/prometheus-values.yaml | 0 installation/eks.md | 89 +++++++++++++++++++ 4 files changed, 111 insertions(+), 8 deletions(-) rename installation/config/{gke => eks}/prometheus-values.yaml (100%) create mode 100644 installation/eks.md diff --git a/installation/config/eks/opencost-values.yaml b/installation/config/eks/opencost-values.yaml index a3f9aa3..5389443 100644 --- a/installation/config/eks/opencost-values.yaml +++ b/installation/config/eks/opencost-values.yaml @@ -5,9 +5,20 @@ opencost: enabled: false prometheus: external: - enabled: true - url: http://gmp-proxy - internal: enabled: false + # url: http://prometheus-server + internal: + # -- Use in-cluster Prometheus + enabled: true + # -- Service name of in-cluster Prometheus + serviceName: prometheus-server + # -- Namespace of in-cluster Prometheus + namespaceName: finops-stack + # -- Service port of in-cluster Prometheus + port: 80 exporter: - cloudProviderApiKey: "dummy_key" \ No newline at end of file + aws: + # -- AWS secret access key + secret_access_key: "" + # -- AWS secret key id + access_key_id: "" diff --git a/installation/config/eks/prometheus-opencost-exporter-values.yaml b/installation/config/eks/prometheus-opencost-exporter-values.yaml index 496c07b..f77e0dd 100644 --- a/installation/config/eks/prometheus-opencost-exporter-values.yaml +++ b/installation/config/eks/prometheus-opencost-exporter-values.yaml @@ -11,12 +11,15 @@ opencost: # -- Service name of in-cluster Prometheus serviceName: prometheus-server # -- Namespace of in-cluster Prometheus - namespaceName: prometheus-system + namespaceName: finops-stack # -- Service port of in-cluster Prometheus port: 80 exporter: - cloudProviderApiKey: "dummy_key" - # Persistent volume claim for storing the data. eg: csv file + aws: + # -- AWS secret access key + secret_access_key: "" + # -- AWS secret key id + access_key_id: "" persistence: enabled: false # -- Annotations for persistent volume @@ -26,4 +29,4 @@ opencost: # -- Storage class for persistent volume storageClass: "standard-rwo" # -- Size for persistent volume - size: "10g" \ No newline at end of file + size: "10g" diff --git a/installation/config/gke/prometheus-values.yaml b/installation/config/eks/prometheus-values.yaml similarity index 100% rename from installation/config/gke/prometheus-values.yaml rename to installation/config/eks/prometheus-values.yaml diff --git a/installation/eks.md b/installation/eks.md new file mode 100644 index 0000000..710cf35 --- /dev/null +++ b/installation/eks.md @@ -0,0 +1,89 @@ +# Installation using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. + +This documentation focuses on installing the FinOps Stack in GKE standard/autopilot clusters. + +## Pre-requisites + +- A GKE standard or autopilot cluster with: + - kubectl access + - cluster-admin permissions + - workload identity enabled +- [Helmfile](https://helmfile.readthedocs.io/en/latest/#installation) installed on your local machine +- A Google Service Account with the following: + - roles/monitor.viewer and roles/iam.serviceAccountTokenCreator permissions + - workload identity configured for grafana kubernetes service account: `[finops-stack/grafana]`. Have a look at this [blog post](https://venafi.com/blog/gke-workload-identity-federation-for-kubernetes-principals/) to configure workload identity. +- Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name + +## Distribution support + +### GKE Autopilot + +- Enable cost allocation + +## Installation + +### Configuration changes for your cluster environment + +1. To control which Finops Stack components to install, edit the [enabled.yaml](./installation/config/common/enabled.yaml) file +1. Copy `./env.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. + +### Install everything using Helmfile + +For the first run: + +```bash +set -a; source .env; set +a; helmfile apply --interactive +``` + +NOTE: it will take several minutes for all workloads to install and start running. Helmfile does display its progress in the terminal. All workloads get installed into the `finops-stack` namespace so you can also view progress using `kubectl`. + +To speed up subsequent runs: + +```bash +set -a; source .env; set +a; helmfile apply --interactive --skip-deps +``` + +## Optional: Configure ingress for Grafana + +### Pre-requisites + +Already have an FQDN setup and registered with a public IP, e.g. grafana.example.com + +### Grafana Helm values + +These are specified in `config/common/grafana-values.yaml`, `config/gke/grafana-values.yaml` and under the Grafana release in `helmfile.yaml`. Probably all the changes you will want to make can be done by changing the values in `helmfile.yaml`, e.g. the admin user and what type of ingress you require. + +General guidance when configuring ingress: +- Update the `.env` file with the FQDN and public IP for you domain. +- If you wish to enable tls, then ensure that cert-manager.enabled is set to true and update the values in `.env` accordingly. + +## Enable Goldilocks for namespaces + +For Goldilocks to analyse namespaces and add then to its dashboard you need to add this label to the namespace resource: `goldilocks.fairwinds.com/enabled=true`, e.g. +`kubectl label ns finops-stack goldilocks.fairwinds.com/enabled=true` + +## Useful commands + +To port forward to Grafana: + +```bash +kubectl --namespace finops-stack port-forward service/grafana 3000:80 +``` + +Access via http://localhost:3000 + +To port forward to the metrics endpoint of the Opencost Prometheus exporter (to examine what metrics are being scraped): + +```bash +kubectl --namespace finops-stack port-forward service/prometheus-opencost-exporter 9003:9003 +``` + +To access the Goldilocks dashboard (assuming you've enabled it): + +```bash +kubectl -n finops-stack port-forward svc/goldilocks-dashboard 8080:80 +``` + +Then goto http://localhost:8080 \ No newline at end of file From f1df5d2a5e60d891f5d6226f7ea5bbeb5ce56f60 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Fri, 29 Nov 2024 16:46:30 +0100 Subject: [PATCH 03/42] Update docs --- installation/eks.md | 18 ++++-------------- installation/gke.md | 2 +- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/installation/eks.md b/installation/eks.md index 710cf35..a0a4149 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -2,32 +2,22 @@ Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. -This documentation focuses on installing the FinOps Stack in GKE standard/autopilot clusters. +This documentation focuses on installing the FinOps Stack in EKS clusters. ## Pre-requisites -- A GKE standard or autopilot cluster with: +- A EKS cluster with: - kubectl access - - cluster-admin permissions - - workload identity enabled + - (Optional) If your cluster has Spot Instances, EKS Pod Identities need to be configured. See [documentation](https://www.opencost.io/docs/configuration/aws#eks-pod-identities). - [Helmfile](https://helmfile.readthedocs.io/en/latest/#installation) installed on your local machine -- A Google Service Account with the following: - - roles/monitor.viewer and roles/iam.serviceAccountTokenCreator permissions - - workload identity configured for grafana kubernetes service account: `[finops-stack/grafana]`. Have a look at this [blog post](https://venafi.com/blog/gke-workload-identity-federation-for-kubernetes-principals/) to configure workload identity. - Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name -## Distribution support - -### GKE Autopilot - -- Enable cost allocation - ## Installation ### Configuration changes for your cluster environment 1. To control which Finops Stack components to install, edit the [enabled.yaml](./installation/config/common/enabled.yaml) file -1. Copy `./env.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. +1. Copy `./env_eks.tmpl` to `./.env` and replace the env var values accordingly. ### Install everything using Helmfile diff --git a/installation/gke.md b/installation/gke.md index 710cf35..90cd377 100644 --- a/installation/gke.md +++ b/installation/gke.md @@ -27,7 +27,7 @@ This documentation focuses on installing the FinOps Stack in GKE standard/autopi ### Configuration changes for your cluster environment 1. To control which Finops Stack components to install, edit the [enabled.yaml](./installation/config/common/enabled.yaml) file -1. Copy `./env.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. +1. Copy `./env_gke.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. ### Install everything using Helmfile From bb00b5f38273eecd5c519f7882c907f019e8f0b1 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Fri, 29 Nov 2024 17:01:31 +0100 Subject: [PATCH 04/42] new line --- installation/config/eks/prometheus-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/config/eks/prometheus-values.yaml b/installation/config/eks/prometheus-values.yaml index 87c2dce..8c0a0b1 100644 --- a/installation/config/eks/prometheus-values.yaml +++ b/installation/config/eks/prometheus-values.yaml @@ -14,4 +14,4 @@ extraScrapeConfigs: | alertmanager: enabled: false prometheus-pushgateway: - enabled: false \ No newline at end of file + enabled: false From 732740e956d331752b62d1ae4d9c70e4d4f3ec70 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Mon, 2 Dec 2024 12:13:27 +0100 Subject: [PATCH 05/42] update --- installation/Helmfile_eks.yaml | 38 +++++++++++----------------------- 1 file changed, 12 insertions(+), 26 deletions(-) diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml index ca5b6fe..2dc8c62 100644 --- a/installation/Helmfile_eks.yaml +++ b/installation/Helmfile_eks.yaml @@ -58,7 +58,7 @@ releases: cost-center-label: "xyz" - serviceAccount: annotations: - {{ requiredEnv "CERT_MANAGER_SA_ANNOTATION" }} + {{ env "CERT_MANAGER_SA_ANNOTATION" }} - name: cert-manager-config version: "0.1.0" @@ -69,10 +69,9 @@ releases: needs: - cert-manager/cert-manager values: - - email: {{ requiredEnv "CERT_MANAGER_EMAIL" }} - - gcpProjectID: {{ requiredEnv "GCP_PROJECT" }} + - email: {{ env "CERT_MANAGER_EMAIL" }} - grafanaTLSCert: - hostname: {{ requiredEnv "GRAFANA_FQDN" }} + hostname: {{ env "GRAFANA_FQDN" }} - name: grafana version: "8.4.7" @@ -82,24 +81,24 @@ releases: values: - "./config/common/grafana-values.yaml" - "./config/{{ requiredEnv "HOST_ENV" }}/grafana-values.yaml" - - adminUser: {{ requiredEnv "GRAFANA_ADMIN_USER" }} - - adminPassword: {{ requiredEnv "GRAFANA_ADMIN_PW" }} + - adminUser: {{ env "GRAFANA_ADMIN_USER" }} + - adminPassword: {{ env "GRAFANA_ADMIN_PW" }} - serviceAccount: annotations: - {{ requiredEnv "GRAFANA_SA_ANNOTATION" }} + {{ env "GRAFANA_SA_ANNOTATION" }} # If you don't require ingress via an FQDN remove this ingress section - ingress: - enabled: {{ requiredEnv "GRAFANA_INGRESS" }} + enabled: {{ env "GRAFANA_INGRESS" }} annotations: - kubernetes.io/ingress.global-static-ip-name: {{ requiredEnv "GRAFANA_PUBLIC_IP_NAME" }} + kubernetes.io/ingress.global-static-ip-name: {{ env "GRAFANA_PUBLIC_IP_NAME" }} hosts: - - {{ requiredEnv "GRAFANA_FQDN" }} + - {{ env "GRAFANA_FQDN" }} # If you don't require https access to the Grafana dashboard remove this tls section tls: - - secretName: {{ requiredEnv "GRAFANA_FQDN" }}-tls + - secretName: {{ env "GRAFANA_FQDN" }}-tls hosts: - - {{ requiredEnv "GRAFANA_FQDN" }} + - {{ env "GRAFANA_FQDN" }} needs: - cert-manager/cert-manager @@ -111,30 +110,17 @@ releases: values: - "./config/common/vpa-values.yaml" -- name: gmp-proxy - version: "0.1.0" - chart: "../charts/gmp-proxy" - condition: gmp-proxy.enabled - namespace: finops-stack - needs: - - grafana - values: - - "./config/common/gmp-proxy-values.yaml" - - gmpProjectId: {{ requiredEnv "GCP_PROJECT" }} - - name: prometheus-opencost-exporter version: "0.1.1" chart: "prometheus-opencost-exporter/prometheus-opencost-exporter" condition: opencost-exporter.enabled namespace: finops-stack - needs: - - gmp-proxy values: - "./config/common/prometheus-opencost-exporter-values.yaml" - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" - opencost: exporter: - cloudProviderApiKey: {{ requiredEnv "CSP_API_KEY" }} + secret_access_key: {{ env "AWS_ACCESS_KEY" }} - name: finops-stack-opencost-templates version: "0.1.0" From 59b9a54ae5df26e548266a5b76784cc05b30b9f0 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Mon, 2 Dec 2024 12:18:32 +0100 Subject: [PATCH 06/42] env eks file --- installation/Helmfile_eks.yaml | 3 ++- installation/env_eks.tmpl | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 installation/env_eks.tmpl diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml index 2dc8c62..bb04f70 100644 --- a/installation/Helmfile_eks.yaml +++ b/installation/Helmfile_eks.yaml @@ -120,7 +120,8 @@ releases: - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" - opencost: exporter: - secret_access_key: {{ env "AWS_ACCESS_KEY" }} + secret_access_key: {{ env "AWS_SECRET_ACCESS_KEY" }} + access_key_id: {{ env "AWS_ACCESS_KEY_ID" }} - name: finops-stack-opencost-templates version: "0.1.0" diff --git a/installation/env_eks.tmpl b/installation/env_eks.tmpl new file mode 100644 index 0000000..c845436 --- /dev/null +++ b/installation/env_eks.tmpl @@ -0,0 +1,22 @@ +# Sub-dir under ./config that holds your hosting env specific Helm values.files, e.g. gke +HOST_ENV=gke + +# -- AWS secret access key and access key id +AWS_SECRET_ACCESS_KEY="" +AWS_ACCESS_KEY_ID="" + +# Grafana admin user credentials +GRAFANA_ADMIN_USER=finops +GRAFANA_ADMIN_PW=s7@ck + +# GCP SA for workload identity +GRAFANA_SA_ANNOTATION="iam.gke.io/gcp-service-account: sa-name@my-gcp-project.iam.gserviceaccount.com" + +# Grafana ingress settings +GRAFANA_INGRESS="false" +# GRAFANA_PUBLIC_IP_NAME="name-of-public-ip" +# GRAFANA_FQDN="grafana.host.name" + +## GCP SA for workload identity for cert-manager (need to be defined but only used if cert-manager is being installed) +CERT_MANAGER_SA_ANNOTATION="iam.gke.io/gcp-service-account: cert-manager-sa@my-gcp-project.iam.gserviceaccount.com" +CERT_MANAGER_EMAIL="issuer@example.com" From 2424a117dea38cc63a4272f9a77585dfe6bc751d Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 11:45:44 +0100 Subject: [PATCH 07/42] fix helmfile apply command --- installation/eks.md | 2 +- installation/gke.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/installation/eks.md b/installation/eks.md index a0a4149..3dd6856 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -32,7 +32,7 @@ NOTE: it will take several minutes for all workloads to install and start runnin To speed up subsequent runs: ```bash -set -a; source .env; set +a; helmfile apply --interactive --skip-deps +set -a; source .env; set +a; helmfile apply --file Helmfile_eks.yaml --interactive --skip-deps ``` ## Optional: Configure ingress for Grafana diff --git a/installation/gke.md b/installation/gke.md index 90cd377..97f22f4 100644 --- a/installation/gke.md +++ b/installation/gke.md @@ -34,7 +34,7 @@ This documentation focuses on installing the FinOps Stack in GKE standard/autopi For the first run: ```bash -set -a; source .env; set +a; helmfile apply --interactive +set -a; source .env; set +a; helmfile apply --file Helmfile_gke.yaml --interactive ``` NOTE: it will take several minutes for all workloads to install and start running. Helmfile does display its progress in the terminal. All workloads get installed into the `finops-stack` namespace so you can also view progress using `kubectl`. From ee0ee0e1f1ba195cc7a46c575dac177bf5b0cabb Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 13:14:23 +0100 Subject: [PATCH 08/42] fix opencost templates chart --- charts/opencost-config/templates/opencost/dashboards.yaml | 2 ++ installation/config/eks/grafana-values.yaml | 2 +- installation/config/gke/opencost-templates-values.yaml | 1 + installation/eks.md | 2 +- installation/env_eks.tmpl | 2 +- 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/opencost-config/templates/opencost/dashboards.yaml b/charts/opencost-config/templates/opencost/dashboards.yaml index c91e911..653e4df 100644 --- a/charts/opencost-config/templates/opencost/dashboards.yaml +++ b/charts/opencost-config/templates/opencost/dashboards.yaml @@ -1,3 +1,4 @@ +{{ if and .Values.dashboards }} {{- range $path, $_ := .Files.Glob "dashboards/**.json" }} --- apiVersion: v1 @@ -11,3 +12,4 @@ data: {{ base $path }}: |- {{ ($.Files.Get $path) | nindent 6 }} {{ end }} +{{ end }} diff --git a/installation/config/eks/grafana-values.yaml b/installation/config/eks/grafana-values.yaml index d0747c9..781dc41 100644 --- a/installation/config/eks/grafana-values.yaml +++ b/installation/config/eks/grafana-values.yaml @@ -13,4 +13,4 @@ ingress: annotations: kubernetes.io/ingress.global-static-ip-name: "ip-name" hosts: - - grafana.example.com \ No newline at end of file + - grafana.example.com diff --git a/installation/config/gke/opencost-templates-values.yaml b/installation/config/gke/opencost-templates-values.yaml index 92397d3..87bd822 100644 --- a/installation/config/gke/opencost-templates-values.yaml +++ b/installation/config/gke/opencost-templates-values.yaml @@ -1,2 +1,3 @@ +dashboards: true gke: podmonitoring: true \ No newline at end of file diff --git a/installation/eks.md b/installation/eks.md index 3dd6856..f443ab6 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -24,7 +24,7 @@ This documentation focuses on installing the FinOps Stack in EKS clusters. For the first run: ```bash -set -a; source .env; set +a; helmfile apply --interactive +set -a; source .env; set +a; helmfile apply --file Helmfile_eks.yaml --interactive ``` NOTE: it will take several minutes for all workloads to install and start running. Helmfile does display its progress in the terminal. All workloads get installed into the `finops-stack` namespace so you can also view progress using `kubectl`. diff --git a/installation/env_eks.tmpl b/installation/env_eks.tmpl index c845436..5937a17 100644 --- a/installation/env_eks.tmpl +++ b/installation/env_eks.tmpl @@ -1,5 +1,5 @@ # Sub-dir under ./config that holds your hosting env specific Helm values.files, e.g. gke -HOST_ENV=gke +HOST_ENV=eks # -- AWS secret access key and access key id AWS_SECRET_ACCESS_KEY="" From f02aa45e47ce54eaae8b5a71d909fc74da4511c8 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 13:17:49 +0100 Subject: [PATCH 09/42] fix opencost --- installation/config/eks/opencost-templates-values.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 installation/config/eks/opencost-templates-values.yaml diff --git a/installation/config/eks/opencost-templates-values.yaml b/installation/config/eks/opencost-templates-values.yaml new file mode 100644 index 0000000..3b96bea --- /dev/null +++ b/installation/config/eks/opencost-templates-values.yaml @@ -0,0 +1 @@ +dashboards: true \ No newline at end of file From d623fd1a60314d507b55ebcc338483877ad7ef15 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 13:19:10 +0100 Subject: [PATCH 10/42] update env file --- installation/env_eks.tmpl | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/installation/env_eks.tmpl b/installation/env_eks.tmpl index 5937a17..5a8b849 100644 --- a/installation/env_eks.tmpl +++ b/installation/env_eks.tmpl @@ -9,14 +9,11 @@ AWS_ACCESS_KEY_ID="" GRAFANA_ADMIN_USER=finops GRAFANA_ADMIN_PW=s7@ck -# GCP SA for workload identity -GRAFANA_SA_ANNOTATION="iam.gke.io/gcp-service-account: sa-name@my-gcp-project.iam.gserviceaccount.com" - # Grafana ingress settings GRAFANA_INGRESS="false" # GRAFANA_PUBLIC_IP_NAME="name-of-public-ip" # GRAFANA_FQDN="grafana.host.name" ## GCP SA for workload identity for cert-manager (need to be defined but only used if cert-manager is being installed) -CERT_MANAGER_SA_ANNOTATION="iam.gke.io/gcp-service-account: cert-manager-sa@my-gcp-project.iam.gserviceaccount.com" +CERT_MANAGER_SA_ANNOTATION="" CERT_MANAGER_EMAIL="issuer@example.com" From 148003dbf2587953f180a9f83deb239683eff047 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 16:36:11 +0100 Subject: [PATCH 11/42] fix opencost template chart --- installation/config/eks/opencost-templates-values.yaml | 6 +++++- installation/config/gke/opencost-templates-values.yaml | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/installation/config/eks/opencost-templates-values.yaml b/installation/config/eks/opencost-templates-values.yaml index 3b96bea..5db2123 100644 --- a/installation/config/eks/opencost-templates-values.yaml +++ b/installation/config/eks/opencost-templates-values.yaml @@ -1 +1,5 @@ -dashboards: true \ No newline at end of file +dashboards: true +opencost: + customPricing: + # -- This is only to enable custom pricing on on-premises or kind + enabled: false \ No newline at end of file diff --git a/installation/config/gke/opencost-templates-values.yaml b/installation/config/gke/opencost-templates-values.yaml index 87bd822..bc7a2c7 100644 --- a/installation/config/gke/opencost-templates-values.yaml +++ b/installation/config/gke/opencost-templates-values.yaml @@ -1,3 +1,7 @@ dashboards: true +opencost: + customPricing: + # -- This is only to enable custom pricing on on-premises or kind + enabled: false gke: podmonitoring: true \ No newline at end of file From f4f98a5deb5eb8385be99a87dd41df1a9be27aa5 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 11:41:37 +0100 Subject: [PATCH 12/42] remove opencost from prometheus --- installation/Helmfile_eks.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml index bb04f70..eae5dd1 100644 --- a/installation/Helmfile_eks.yaml +++ b/installation/Helmfile_eks.yaml @@ -118,10 +118,6 @@ releases: values: - "./config/common/prometheus-opencost-exporter-values.yaml" - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" - - opencost: - exporter: - secret_access_key: {{ env "AWS_SECRET_ACCESS_KEY" }} - access_key_id: {{ env "AWS_ACCESS_KEY_ID" }} - name: finops-stack-opencost-templates version: "0.1.0" From c0d43c059fc34bdbb30f493ea9de35603f7d5f70 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 11:56:04 +0100 Subject: [PATCH 13/42] no aws access key needed --- installation/config/eks/opencost-templates-values.yaml | 2 +- installation/config/eks/opencost-values.yaml | 6 ------ .../config/eks/prometheus-opencost-exporter-values.yaml | 5 ----- 3 files changed, 1 insertion(+), 12 deletions(-) diff --git a/installation/config/eks/opencost-templates-values.yaml b/installation/config/eks/opencost-templates-values.yaml index 5db2123..3a6f68b 100644 --- a/installation/config/eks/opencost-templates-values.yaml +++ b/installation/config/eks/opencost-templates-values.yaml @@ -2,4 +2,4 @@ dashboards: true opencost: customPricing: # -- This is only to enable custom pricing on on-premises or kind - enabled: false \ No newline at end of file + enabled: false diff --git a/installation/config/eks/opencost-values.yaml b/installation/config/eks/opencost-values.yaml index 5389443..bc6dbdf 100644 --- a/installation/config/eks/opencost-values.yaml +++ b/installation/config/eks/opencost-values.yaml @@ -16,9 +16,3 @@ opencost: namespaceName: finops-stack # -- Service port of in-cluster Prometheus port: 80 - exporter: - aws: - # -- AWS secret access key - secret_access_key: "" - # -- AWS secret key id - access_key_id: "" diff --git a/installation/config/eks/prometheus-opencost-exporter-values.yaml b/installation/config/eks/prometheus-opencost-exporter-values.yaml index f77e0dd..de70cd1 100644 --- a/installation/config/eks/prometheus-opencost-exporter-values.yaml +++ b/installation/config/eks/prometheus-opencost-exporter-values.yaml @@ -15,11 +15,6 @@ opencost: # -- Service port of in-cluster Prometheus port: 80 exporter: - aws: - # -- AWS secret access key - secret_access_key: "" - # -- AWS secret key id - access_key_id: "" persistence: enabled: false # -- Annotations for persistent volume From ccbbd77b2671620c86542bdaf7160f1635a93a01 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 12:01:46 +0100 Subject: [PATCH 14/42] add dashboard to kind --- installation/config/kind/opencost-templates-values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/installation/config/kind/opencost-templates-values.yaml b/installation/config/kind/opencost-templates-values.yaml index 93d7d52..c9efd85 100644 --- a/installation/config/kind/opencost-templates-values.yaml +++ b/installation/config/kind/opencost-templates-values.yaml @@ -1,3 +1,4 @@ +dashboards: true opencost: configFileName: default provider: kind From 4222213db916395380299e6a20d776defabc6ddb Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 12:03:51 +0100 Subject: [PATCH 15/42] update doc --- installation/eks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/eks.md b/installation/eks.md index f443ab6..d8f3e23 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -10,7 +10,7 @@ This documentation focuses on installing the FinOps Stack in EKS clusters. - kubectl access - (Optional) If your cluster has Spot Instances, EKS Pod Identities need to be configured. See [documentation](https://www.opencost.io/docs/configuration/aws#eks-pod-identities). - [Helmfile](https://helmfile.readthedocs.io/en/latest/#installation) installed on your local machine -- Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name +- Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name or external public IP. ## Installation From 2ef6809ac94756e5a706d4362d0d0dad563e50b1 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 12:07:38 +0100 Subject: [PATCH 16/42] new line --- installation/config/gke/opencost-templates-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/config/gke/opencost-templates-values.yaml b/installation/config/gke/opencost-templates-values.yaml index bc7a2c7..417b1e2 100644 --- a/installation/config/gke/opencost-templates-values.yaml +++ b/installation/config/gke/opencost-templates-values.yaml @@ -4,4 +4,4 @@ opencost: # -- This is only to enable custom pricing on on-premises or kind enabled: false gke: - podmonitoring: true \ No newline at end of file + podmonitoring: true From 04807899a2ee6aa96413be31aaeeef388dbef26f Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Wed, 12 Feb 2025 12:42:49 +0100 Subject: [PATCH 17/42] Re-word --- installation/eks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/eks.md b/installation/eks.md index d8f3e23..d83bccc 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -35,7 +35,7 @@ To speed up subsequent runs: set -a; source .env; set +a; helmfile apply --file Helmfile_eks.yaml --interactive --skip-deps ``` -## Optional: Configure ingress for Grafana +## Optional: Making Grafana accessible via DNS ### Pre-requisites From 08953b187c645d9e7ad2dc3d3517ed3cc5c616d6 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Wed, 12 Feb 2025 12:44:59 +0100 Subject: [PATCH 18/42] Re-word --- charts/opencost-config/templates/opencost/dashboards.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/opencost-config/templates/opencost/dashboards.yaml b/charts/opencost-config/templates/opencost/dashboards.yaml index 653e4df..b775af1 100644 --- a/charts/opencost-config/templates/opencost/dashboards.yaml +++ b/charts/opencost-config/templates/opencost/dashboards.yaml @@ -1,4 +1,4 @@ -{{ if and .Values.dashboards }} +{{ if .Values.dashboards }} {{- range $path, $_ := .Files.Glob "dashboards/**.json" }} --- apiVersion: v1 From f686f3df6a0d322ebf75c37ce3c95a6dac50314b Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 13 Feb 2025 15:42:06 +0100 Subject: [PATCH 19/42] Update docs --- README.md | 2 +- installation/README.md | 10 +++++--- installation/config/common/enabled.yaml | 8 +++--- installation/config/eks/enabled.yaml | 29 ---------------------- installation/config/gke/enabled.yaml | 33 ------------------------- installation/config/kind/enabled.yaml | 26 ------------------- installation/eks.md | 8 +++--- installation/gke.md | 8 +++--- 8 files changed, 22 insertions(+), 102 deletions(-) delete mode 100644 installation/config/eks/enabled.yaml delete mode 100644 installation/config/gke/enabled.yaml delete mode 100644 installation/config/kind/enabled.yaml diff --git a/README.md b/README.md index eb45a7f..e957f62 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ The FinOps Stack is the blueprint for a solution to automate FinOps best practic Our goal is to empower organisations with the tools they need to manage, visualise, and optimise their cloud resources in complex, ever-changing environments. -The FinOps Stack is designed to work out-of-the-box seamlessly with GKE standard/autopilot clusters using Google Managed Prometheus, and can be customised for an organisation’s business requirements and/or Kubernetes distribution. +The FinOps Stack is designed to work out-of-the-box seamlessly with Kind, GKE standard/autopilot clusters using Google Managed Prometheus, and EKS and can be customised for an organisation’s business requirements and/or Kubernetes distribution. This repository contains the core components of FinOps Stack, including: diff --git a/installation/README.md b/installation/README.md index 6c8e898..3593680 100644 --- a/installation/README.md +++ b/installation/README.md @@ -1,8 +1,12 @@ -# Installation using Helmfile +# FinOps Stack deployment -Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. +This documentation provides instructions for installing the FinOps Stack in Kind cluster for a quick setup. -This documentation provides instructions for installing the FinOps Stack in Kind cluster for a quick setup. For deployment on a GKE cluster, refer to the [gke docs](./gke.md). +For deployment on a GKE cluster, refer to the [GKE docs](./gke.md) and deployment on a EKS cluster refer to the [EKS docs](./eks.md). + +## Using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. ## Pre-requisites diff --git a/installation/config/common/enabled.yaml b/installation/config/common/enabled.yaml index 81f356a..e3a2105 100644 --- a/installation/config/common/enabled.yaml +++ b/installation/config/common/enabled.yaml @@ -14,19 +14,19 @@ grafana: # -- Enable / Disable the installation of cert-manager cert-manager: enabled: false -# -- Enable / Disable the installation of OpenCost -opencost: - enabled: false # -- Enable / Disable the installation of OpenCost Exporter opencost-exporter: enabled: true +# -- Enable / Disable the installation of Prometheus (required when using EKS or Kind) +prometheus: + enabled: false opencost-templates: enabled: true # -- Enable / Disable the installation of GMP Proxy (required when using Google Managed Prometheus) gmp-proxy: - enabled: true + enabled: false # -- Enable / Disable the installation of Fairwinds' Goldilocks goldilocks: diff --git a/installation/config/eks/enabled.yaml b/installation/config/eks/enabled.yaml deleted file mode 100644 index 5a707b4..0000000 --- a/installation/config/eks/enabled.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# -- Enable / Disable the installation of Kyverno -kyverno: - enabled: true - -# -- Enable / Disable the installation of Kyverno FinOps Policies -finops-policies: - enabled: true -# -- Enable / Disable the installation of the VPA Controller -vpa: - enabled: true -# -- Enable / Disable the installation of the Grafana -grafana: - enabled: true -# -- Enable / Disable the installation of cert-manager -cert-manager: - enabled: false -# -- Enable / Disable the installation of OpenCost -opencost: - enabled: false -# -- Enable / Disable the installation of OpenCost Exporter -opencost-exporter: - enabled: true - -opencost-templates: - enabled: true - -# -- Enable / Disable the installation of Fairwinds' Goldilocks -goldilocks: - enabled: true diff --git a/installation/config/gke/enabled.yaml b/installation/config/gke/enabled.yaml deleted file mode 100644 index 81f356a..0000000 --- a/installation/config/gke/enabled.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -- Enable / Disable the installation of Kyverno -kyverno: - enabled: true - -# -- Enable / Disable the installation of Kyverno FinOps Policies -finops-policies: - enabled: true -# -- Enable / Disable the installation of the VPA Controller -vpa: - enabled: true -# -- Enable / Disable the installation of the Grafana -grafana: - enabled: true -# -- Enable / Disable the installation of cert-manager -cert-manager: - enabled: false -# -- Enable / Disable the installation of OpenCost -opencost: - enabled: false -# -- Enable / Disable the installation of OpenCost Exporter -opencost-exporter: - enabled: true - -opencost-templates: - enabled: true - -# -- Enable / Disable the installation of GMP Proxy (required when using Google Managed Prometheus) -gmp-proxy: - enabled: true - -# -- Enable / Disable the installation of Fairwinds' Goldilocks -goldilocks: - enabled: true diff --git a/installation/config/kind/enabled.yaml b/installation/config/kind/enabled.yaml deleted file mode 100644 index 2c24881..0000000 --- a/installation/config/kind/enabled.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# -- Enable / Disable the installation of Kyverno -kyverno: - enabled: true - -# -- Enable / Disable the installation of Kyverno FinOps Policies -finops-policies: - enabled: true -# -- Enable / Disable the installation of the VPA Controller -vpa: - enabled: true -# -- Enable / Disable the installation of the Grafana -grafana: - enabled: true -# -- Enable / Disable the installation of Prometheus -prometheus: - enabled: true -# -- Enable / Disable the installation of OpenCost Exporter -opencost-exporter: - enabled: true - -opencost-templates: - enabled: true - -# -- Enable / Disable the installation of Fairwinds' Goldilocks -goldilocks: - enabled: true diff --git a/installation/eks.md b/installation/eks.md index d83bccc..879a30c 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -1,9 +1,11 @@ -# Installation using Helmfile - -Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. +# FinOps Stack on a EKS cluster This documentation focuses on installing the FinOps Stack in EKS clusters. +## Using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. + ## Pre-requisites - A EKS cluster with: diff --git a/installation/gke.md b/installation/gke.md index 97f22f4..378f4c3 100644 --- a/installation/gke.md +++ b/installation/gke.md @@ -1,9 +1,11 @@ -# Installation using Helmfile - -Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. +# FinOps Stack on a GKE cluster This documentation focuses on installing the FinOps Stack in GKE standard/autopilot clusters. +## Using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. + ## Pre-requisites - A GKE standard or autopilot cluster with: From d59267ef610d8c671063b91fec9b613068ad6e12 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 13 Feb 2025 15:44:09 +0100 Subject: [PATCH 20/42] Update docs --- content/install.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/install.md b/content/install.md index 38fb5ba..fada58e 100644 --- a/content/install.md +++ b/content/install.md @@ -8,7 +8,9 @@ To simplify installation, the FinOps Stack is installed using a single Helmfile The following instructions are designed to work with a Kind cluster for quick setup. For full instructions, prerequisites and customisations, please see the [installation README](https://github.com/jetstack/finops-stack/blob/main/installation/README.md). -To work with GKE standard and GKE autopilot see the [ GKE installation guide]((https://github.com/jetstack/finops-stack/blob/main/installation/README.md)) +To work with GKE standard and GKE autopilot see the [ GKE installation guide]((https://github.com/jetstack/finops-stack/blob/main/installation/gke.md)) + +To work with EKS cluster see the [ EKS installation guide]((https://github.com/jetstack/finops-stack/blob/main/installation/eks.md)) ### Helmfile From f3f129f5e2d2a353edfb81531490ce96307b2d7f Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 28 Nov 2024 18:19:54 +0100 Subject: [PATCH 21/42] helmfile --- installation/Helmfile_eks.yaml | 156 ++++++++++++++++++ installation/Makefile | 5 - installation/config/eks/enabled.yaml | 29 ++++ installation/config/eks/grafana-values.yaml | 16 ++ installation/config/eks/kyverno-values.yaml | 13 ++ installation/config/eks/opencost-values.yaml | 13 ++ .../prometheus-opencost-exporter-values.yaml | 29 ++++ installation/config/gke/enabled.yaml | 33 ++++ .../config/gke/prometheus-values.yaml | 17 ++ 9 files changed, 306 insertions(+), 5 deletions(-) create mode 100644 installation/Helmfile_eks.yaml create mode 100644 installation/config/eks/enabled.yaml create mode 100644 installation/config/eks/grafana-values.yaml create mode 100644 installation/config/eks/kyverno-values.yaml create mode 100644 installation/config/eks/opencost-values.yaml create mode 100644 installation/config/eks/prometheus-opencost-exporter-values.yaml create mode 100644 installation/config/gke/enabled.yaml create mode 100644 installation/config/gke/prometheus-values.yaml diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml new file mode 100644 index 0000000..ca5b6fe --- /dev/null +++ b/installation/Helmfile_eks.yaml @@ -0,0 +1,156 @@ +repositories: +- name: kyverno + url: https://kyverno.github.io/kyverno/ +- name: prometheus-opencost-exporter + url: https://prometheus-community.github.io/helm-charts +- name: prometheus + url: https://prometheus-community.github.io/helm-charts +- name: grafana + url: https://grafana.github.io/helm-charts +- name: vpa + url: https://charts.fairwinds.com/stable +- name: cert-manager + url: https://charts.jetstack.io +- name: fairwinds-stable + url: https://charts.fairwinds.com/stable + +--- +helmDefaults: + wait: true + timeout: 1200 +--- +environments: + default: + values: + - "./config/{{ requiredEnv "HOST_ENV" }}/enabled.yaml" +--- +releases: +- name: kyverno + version: "3.2.6" + chart: kyverno/kyverno + condition: kyverno.enabled + namespace: finops-stack + values: + - "./config/common/kyverno-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/kyverno-values.yaml" + +- name: finops-policies + version: "0.1.0" + chart: "../charts/finops-policies" + condition: finops-policies.enabled + namespace: finops-stack + disableValidationOnInstall: true + needs: + - kyverno + +- name: cert-manager + version: v1.15.3 + chart: cert-manager/cert-manager + condition: cert-manager.enabled + namespace: cert-manager + values: + - "./config/common/cert-manager-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/cert-manager-values.yaml" + - global: + leaderElection: + namespace: cert-manager + commonLabels: + cost-center-label: "xyz" + - serviceAccount: + annotations: + {{ requiredEnv "CERT_MANAGER_SA_ANNOTATION" }} + +- name: cert-manager-config + version: "0.1.0" + chart: "../charts/cert-manager-config" + condition: cert-manager.enabled + namespace: finops-stack + disableValidationOnInstall: true + needs: + - cert-manager/cert-manager + values: + - email: {{ requiredEnv "CERT_MANAGER_EMAIL" }} + - gcpProjectID: {{ requiredEnv "GCP_PROJECT" }} + - grafanaTLSCert: + hostname: {{ requiredEnv "GRAFANA_FQDN" }} + +- name: grafana + version: "8.4.7" + chart: grafana/grafana + condition: grafana.enabled + namespace: finops-stack + values: + - "./config/common/grafana-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/grafana-values.yaml" + - adminUser: {{ requiredEnv "GRAFANA_ADMIN_USER" }} + - adminPassword: {{ requiredEnv "GRAFANA_ADMIN_PW" }} + - serviceAccount: + annotations: + {{ requiredEnv "GRAFANA_SA_ANNOTATION" }} + + # If you don't require ingress via an FQDN remove this ingress section + - ingress: + enabled: {{ requiredEnv "GRAFANA_INGRESS" }} + annotations: + kubernetes.io/ingress.global-static-ip-name: {{ requiredEnv "GRAFANA_PUBLIC_IP_NAME" }} + hosts: + - {{ requiredEnv "GRAFANA_FQDN" }} + # If you don't require https access to the Grafana dashboard remove this tls section + tls: + - secretName: {{ requiredEnv "GRAFANA_FQDN" }}-tls + hosts: + - {{ requiredEnv "GRAFANA_FQDN" }} + needs: + - cert-manager/cert-manager + +- name: vpa + version: "4.5.0" + chart: "vpa/vpa" + condition: vpa.enabled + namespace: finops-stack + values: + - "./config/common/vpa-values.yaml" + +- name: gmp-proxy + version: "0.1.0" + chart: "../charts/gmp-proxy" + condition: gmp-proxy.enabled + namespace: finops-stack + needs: + - grafana + values: + - "./config/common/gmp-proxy-values.yaml" + - gmpProjectId: {{ requiredEnv "GCP_PROJECT" }} + +- name: prometheus-opencost-exporter + version: "0.1.1" + chart: "prometheus-opencost-exporter/prometheus-opencost-exporter" + condition: opencost-exporter.enabled + namespace: finops-stack + needs: + - gmp-proxy + values: + - "./config/common/prometheus-opencost-exporter-values.yaml" + - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" + - opencost: + exporter: + cloudProviderApiKey: {{ requiredEnv "CSP_API_KEY" }} + +- name: finops-stack-opencost-templates + version: "0.1.0" + chart: "../charts/opencost-config" + condition: opencost-templates.enabled + namespace: finops-stack + disableValidationOnInstall: true + values: + - "./config/{{ requiredEnv "HOST_ENV" }}/opencost-templates-values.yaml" + +- name: goldilocks + version: "9.0.0" + chart: fairwinds-stable/goldilocks + condition: goldilocks.enabled + namespace: finops-stack + values: + - "./config/common/goldilocks-values.yaml" + + diff --git a/installation/Makefile b/installation/Makefile index d1ac14a..f20be81 100644 --- a/installation/Makefile +++ b/installation/Makefile @@ -1,10 +1,5 @@ .DEFAULT_GOAL := help -CLUSTER_NAME := ambient -PROJECT_ID := "$(shell gcloud config get-value project)" -M_TYPE := n1-standard-2 -ZONE := europe-west2-a - cluster: ## Setup cluster kind create cluster diff --git a/installation/config/eks/enabled.yaml b/installation/config/eks/enabled.yaml new file mode 100644 index 0000000..5a707b4 --- /dev/null +++ b/installation/config/eks/enabled.yaml @@ -0,0 +1,29 @@ +# -- Enable / Disable the installation of Kyverno +kyverno: + enabled: true + +# -- Enable / Disable the installation of Kyverno FinOps Policies +finops-policies: + enabled: true +# -- Enable / Disable the installation of the VPA Controller +vpa: + enabled: true +# -- Enable / Disable the installation of the Grafana +grafana: + enabled: true +# -- Enable / Disable the installation of cert-manager +cert-manager: + enabled: false +# -- Enable / Disable the installation of OpenCost +opencost: + enabled: false +# -- Enable / Disable the installation of OpenCost Exporter +opencost-exporter: + enabled: true + +opencost-templates: + enabled: true + +# -- Enable / Disable the installation of Fairwinds' Goldilocks +goldilocks: + enabled: true diff --git a/installation/config/eks/grafana-values.yaml b/installation/config/eks/grafana-values.yaml new file mode 100644 index 0000000..d0747c9 --- /dev/null +++ b/installation/config/eks/grafana-values.yaml @@ -0,0 +1,16 @@ +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + uid: "PFB5ABA51A8A585D7" + url: http://prometheus-server + isDefault: true + editable: true +ingress: + enabled: false + annotations: + kubernetes.io/ingress.global-static-ip-name: "ip-name" + hosts: + - grafana.example.com \ No newline at end of file diff --git a/installation/config/eks/kyverno-values.yaml b/installation/config/eks/kyverno-values.yaml new file mode 100644 index 0000000..2d4980c --- /dev/null +++ b/installation/config/eks/kyverno-values.yaml @@ -0,0 +1,13 @@ +features: + backgroundScan: + skipResourceFilters: false # Important so that background Scan's Exclude Namespaces, etc +config: + resourceFiltersIncludeNamespaces: + - kube-system + webhooks: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system diff --git a/installation/config/eks/opencost-values.yaml b/installation/config/eks/opencost-values.yaml new file mode 100644 index 0000000..a3f9aa3 --- /dev/null +++ b/installation/config/eks/opencost-values.yaml @@ -0,0 +1,13 @@ +cloudCost: + enabled: false +opencost: + cloudCost: + enabled: false + prometheus: + external: + enabled: true + url: http://gmp-proxy + internal: + enabled: false + exporter: + cloudProviderApiKey: "dummy_key" \ No newline at end of file diff --git a/installation/config/eks/prometheus-opencost-exporter-values.yaml b/installation/config/eks/prometheus-opencost-exporter-values.yaml new file mode 100644 index 0000000..496c07b --- /dev/null +++ b/installation/config/eks/prometheus-opencost-exporter-values.yaml @@ -0,0 +1,29 @@ +service: + enabled: true +opencost: + prometheus: + external: + enabled: false + # url: http://prometheus-server + internal: + # -- Use in-cluster Prometheus + enabled: true + # -- Service name of in-cluster Prometheus + serviceName: prometheus-server + # -- Namespace of in-cluster Prometheus + namespaceName: prometheus-system + # -- Service port of in-cluster Prometheus + port: 80 + exporter: + cloudProviderApiKey: "dummy_key" + # Persistent volume claim for storing the data. eg: csv file + persistence: + enabled: false + # -- Annotations for persistent volume + annotations: {} + # -- Access mode for persistent volume + accessMode: "" + # -- Storage class for persistent volume + storageClass: "standard-rwo" + # -- Size for persistent volume + size: "10g" \ No newline at end of file diff --git a/installation/config/gke/enabled.yaml b/installation/config/gke/enabled.yaml new file mode 100644 index 0000000..81f356a --- /dev/null +++ b/installation/config/gke/enabled.yaml @@ -0,0 +1,33 @@ +# -- Enable / Disable the installation of Kyverno +kyverno: + enabled: true + +# -- Enable / Disable the installation of Kyverno FinOps Policies +finops-policies: + enabled: true +# -- Enable / Disable the installation of the VPA Controller +vpa: + enabled: true +# -- Enable / Disable the installation of the Grafana +grafana: + enabled: true +# -- Enable / Disable the installation of cert-manager +cert-manager: + enabled: false +# -- Enable / Disable the installation of OpenCost +opencost: + enabled: false +# -- Enable / Disable the installation of OpenCost Exporter +opencost-exporter: + enabled: true + +opencost-templates: + enabled: true + +# -- Enable / Disable the installation of GMP Proxy (required when using Google Managed Prometheus) +gmp-proxy: + enabled: true + +# -- Enable / Disable the installation of Fairwinds' Goldilocks +goldilocks: + enabled: true diff --git a/installation/config/gke/prometheus-values.yaml b/installation/config/gke/prometheus-values.yaml new file mode 100644 index 0000000..87c2dce --- /dev/null +++ b/installation/config/gke/prometheus-values.yaml @@ -0,0 +1,17 @@ +extraScrapeConfigs: | + - job_name: opencost + honor_labels: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + dns_sd_configs: + - names: + - opencost.opencost + type: 'A' + port: 9003 + +alertmanager: + enabled: false +prometheus-pushgateway: + enabled: false \ No newline at end of file From 360eee1d457381e179b357954d4e79897f54459e Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Fri, 29 Nov 2024 16:12:01 +0100 Subject: [PATCH 22/42] prometheus exporter --- installation/config/eks/opencost-values.yaml | 19 +++- .../prometheus-opencost-exporter-values.yaml | 11 ++- .../{gke => eks}/prometheus-values.yaml | 0 installation/eks.md | 89 +++++++++++++++++++ 4 files changed, 111 insertions(+), 8 deletions(-) rename installation/config/{gke => eks}/prometheus-values.yaml (100%) create mode 100644 installation/eks.md diff --git a/installation/config/eks/opencost-values.yaml b/installation/config/eks/opencost-values.yaml index a3f9aa3..5389443 100644 --- a/installation/config/eks/opencost-values.yaml +++ b/installation/config/eks/opencost-values.yaml @@ -5,9 +5,20 @@ opencost: enabled: false prometheus: external: - enabled: true - url: http://gmp-proxy - internal: enabled: false + # url: http://prometheus-server + internal: + # -- Use in-cluster Prometheus + enabled: true + # -- Service name of in-cluster Prometheus + serviceName: prometheus-server + # -- Namespace of in-cluster Prometheus + namespaceName: finops-stack + # -- Service port of in-cluster Prometheus + port: 80 exporter: - cloudProviderApiKey: "dummy_key" \ No newline at end of file + aws: + # -- AWS secret access key + secret_access_key: "" + # -- AWS secret key id + access_key_id: "" diff --git a/installation/config/eks/prometheus-opencost-exporter-values.yaml b/installation/config/eks/prometheus-opencost-exporter-values.yaml index 496c07b..f77e0dd 100644 --- a/installation/config/eks/prometheus-opencost-exporter-values.yaml +++ b/installation/config/eks/prometheus-opencost-exporter-values.yaml @@ -11,12 +11,15 @@ opencost: # -- Service name of in-cluster Prometheus serviceName: prometheus-server # -- Namespace of in-cluster Prometheus - namespaceName: prometheus-system + namespaceName: finops-stack # -- Service port of in-cluster Prometheus port: 80 exporter: - cloudProviderApiKey: "dummy_key" - # Persistent volume claim for storing the data. eg: csv file + aws: + # -- AWS secret access key + secret_access_key: "" + # -- AWS secret key id + access_key_id: "" persistence: enabled: false # -- Annotations for persistent volume @@ -26,4 +29,4 @@ opencost: # -- Storage class for persistent volume storageClass: "standard-rwo" # -- Size for persistent volume - size: "10g" \ No newline at end of file + size: "10g" diff --git a/installation/config/gke/prometheus-values.yaml b/installation/config/eks/prometheus-values.yaml similarity index 100% rename from installation/config/gke/prometheus-values.yaml rename to installation/config/eks/prometheus-values.yaml diff --git a/installation/eks.md b/installation/eks.md new file mode 100644 index 0000000..710cf35 --- /dev/null +++ b/installation/eks.md @@ -0,0 +1,89 @@ +# Installation using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. + +This documentation focuses on installing the FinOps Stack in GKE standard/autopilot clusters. + +## Pre-requisites + +- A GKE standard or autopilot cluster with: + - kubectl access + - cluster-admin permissions + - workload identity enabled +- [Helmfile](https://helmfile.readthedocs.io/en/latest/#installation) installed on your local machine +- A Google Service Account with the following: + - roles/monitor.viewer and roles/iam.serviceAccountTokenCreator permissions + - workload identity configured for grafana kubernetes service account: `[finops-stack/grafana]`. Have a look at this [blog post](https://venafi.com/blog/gke-workload-identity-federation-for-kubernetes-principals/) to configure workload identity. +- Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name + +## Distribution support + +### GKE Autopilot + +- Enable cost allocation + +## Installation + +### Configuration changes for your cluster environment + +1. To control which Finops Stack components to install, edit the [enabled.yaml](./installation/config/common/enabled.yaml) file +1. Copy `./env.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. + +### Install everything using Helmfile + +For the first run: + +```bash +set -a; source .env; set +a; helmfile apply --interactive +``` + +NOTE: it will take several minutes for all workloads to install and start running. Helmfile does display its progress in the terminal. All workloads get installed into the `finops-stack` namespace so you can also view progress using `kubectl`. + +To speed up subsequent runs: + +```bash +set -a; source .env; set +a; helmfile apply --interactive --skip-deps +``` + +## Optional: Configure ingress for Grafana + +### Pre-requisites + +Already have an FQDN setup and registered with a public IP, e.g. grafana.example.com + +### Grafana Helm values + +These are specified in `config/common/grafana-values.yaml`, `config/gke/grafana-values.yaml` and under the Grafana release in `helmfile.yaml`. Probably all the changes you will want to make can be done by changing the values in `helmfile.yaml`, e.g. the admin user and what type of ingress you require. + +General guidance when configuring ingress: +- Update the `.env` file with the FQDN and public IP for you domain. +- If you wish to enable tls, then ensure that cert-manager.enabled is set to true and update the values in `.env` accordingly. + +## Enable Goldilocks for namespaces + +For Goldilocks to analyse namespaces and add then to its dashboard you need to add this label to the namespace resource: `goldilocks.fairwinds.com/enabled=true`, e.g. +`kubectl label ns finops-stack goldilocks.fairwinds.com/enabled=true` + +## Useful commands + +To port forward to Grafana: + +```bash +kubectl --namespace finops-stack port-forward service/grafana 3000:80 +``` + +Access via http://localhost:3000 + +To port forward to the metrics endpoint of the Opencost Prometheus exporter (to examine what metrics are being scraped): + +```bash +kubectl --namespace finops-stack port-forward service/prometheus-opencost-exporter 9003:9003 +``` + +To access the Goldilocks dashboard (assuming you've enabled it): + +```bash +kubectl -n finops-stack port-forward svc/goldilocks-dashboard 8080:80 +``` + +Then goto http://localhost:8080 \ No newline at end of file From 7ac297aa7d8d778e0242576becbb0169d827cb32 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Fri, 29 Nov 2024 16:46:30 +0100 Subject: [PATCH 23/42] Update docs --- installation/eks.md | 18 ++++-------------- installation/gke.md | 2 +- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/installation/eks.md b/installation/eks.md index 710cf35..a0a4149 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -2,32 +2,22 @@ Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. -This documentation focuses on installing the FinOps Stack in GKE standard/autopilot clusters. +This documentation focuses on installing the FinOps Stack in EKS clusters. ## Pre-requisites -- A GKE standard or autopilot cluster with: +- A EKS cluster with: - kubectl access - - cluster-admin permissions - - workload identity enabled + - (Optional) If your cluster has Spot Instances, EKS Pod Identities need to be configured. See [documentation](https://www.opencost.io/docs/configuration/aws#eks-pod-identities). - [Helmfile](https://helmfile.readthedocs.io/en/latest/#installation) installed on your local machine -- A Google Service Account with the following: - - roles/monitor.viewer and roles/iam.serviceAccountTokenCreator permissions - - workload identity configured for grafana kubernetes service account: `[finops-stack/grafana]`. Have a look at this [blog post](https://venafi.com/blog/gke-workload-identity-federation-for-kubernetes-principals/) to configure workload identity. - Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name -## Distribution support - -### GKE Autopilot - -- Enable cost allocation - ## Installation ### Configuration changes for your cluster environment 1. To control which Finops Stack components to install, edit the [enabled.yaml](./installation/config/common/enabled.yaml) file -1. Copy `./env.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. +1. Copy `./env_eks.tmpl` to `./.env` and replace the env var values accordingly. ### Install everything using Helmfile diff --git a/installation/gke.md b/installation/gke.md index 710cf35..90cd377 100644 --- a/installation/gke.md +++ b/installation/gke.md @@ -27,7 +27,7 @@ This documentation focuses on installing the FinOps Stack in GKE standard/autopi ### Configuration changes for your cluster environment 1. To control which Finops Stack components to install, edit the [enabled.yaml](./installation/config/common/enabled.yaml) file -1. Copy `./env.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. +1. Copy `./env_gke.tmpl` to `./.env` and replace the env var values accordingly. As a minimum, you will need to change the `GCP_PROJECT`, `CSP_API_KEY`, `GRAFANA_SA_ANNOTATION` values. ### Install everything using Helmfile From 75c5cf11098858bee43941c3520a52de5eb17f06 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Fri, 29 Nov 2024 17:01:31 +0100 Subject: [PATCH 24/42] new line --- installation/config/eks/prometheus-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/config/eks/prometheus-values.yaml b/installation/config/eks/prometheus-values.yaml index 87c2dce..8c0a0b1 100644 --- a/installation/config/eks/prometheus-values.yaml +++ b/installation/config/eks/prometheus-values.yaml @@ -14,4 +14,4 @@ extraScrapeConfigs: | alertmanager: enabled: false prometheus-pushgateway: - enabled: false \ No newline at end of file + enabled: false From c5ad787c2627df262234029f7523f5696a718297 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Mon, 2 Dec 2024 12:13:27 +0100 Subject: [PATCH 25/42] update --- installation/Helmfile_eks.yaml | 38 +++++++++++----------------------- 1 file changed, 12 insertions(+), 26 deletions(-) diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml index ca5b6fe..2dc8c62 100644 --- a/installation/Helmfile_eks.yaml +++ b/installation/Helmfile_eks.yaml @@ -58,7 +58,7 @@ releases: cost-center-label: "xyz" - serviceAccount: annotations: - {{ requiredEnv "CERT_MANAGER_SA_ANNOTATION" }} + {{ env "CERT_MANAGER_SA_ANNOTATION" }} - name: cert-manager-config version: "0.1.0" @@ -69,10 +69,9 @@ releases: needs: - cert-manager/cert-manager values: - - email: {{ requiredEnv "CERT_MANAGER_EMAIL" }} - - gcpProjectID: {{ requiredEnv "GCP_PROJECT" }} + - email: {{ env "CERT_MANAGER_EMAIL" }} - grafanaTLSCert: - hostname: {{ requiredEnv "GRAFANA_FQDN" }} + hostname: {{ env "GRAFANA_FQDN" }} - name: grafana version: "8.4.7" @@ -82,24 +81,24 @@ releases: values: - "./config/common/grafana-values.yaml" - "./config/{{ requiredEnv "HOST_ENV" }}/grafana-values.yaml" - - adminUser: {{ requiredEnv "GRAFANA_ADMIN_USER" }} - - adminPassword: {{ requiredEnv "GRAFANA_ADMIN_PW" }} + - adminUser: {{ env "GRAFANA_ADMIN_USER" }} + - adminPassword: {{ env "GRAFANA_ADMIN_PW" }} - serviceAccount: annotations: - {{ requiredEnv "GRAFANA_SA_ANNOTATION" }} + {{ env "GRAFANA_SA_ANNOTATION" }} # If you don't require ingress via an FQDN remove this ingress section - ingress: - enabled: {{ requiredEnv "GRAFANA_INGRESS" }} + enabled: {{ env "GRAFANA_INGRESS" }} annotations: - kubernetes.io/ingress.global-static-ip-name: {{ requiredEnv "GRAFANA_PUBLIC_IP_NAME" }} + kubernetes.io/ingress.global-static-ip-name: {{ env "GRAFANA_PUBLIC_IP_NAME" }} hosts: - - {{ requiredEnv "GRAFANA_FQDN" }} + - {{ env "GRAFANA_FQDN" }} # If you don't require https access to the Grafana dashboard remove this tls section tls: - - secretName: {{ requiredEnv "GRAFANA_FQDN" }}-tls + - secretName: {{ env "GRAFANA_FQDN" }}-tls hosts: - - {{ requiredEnv "GRAFANA_FQDN" }} + - {{ env "GRAFANA_FQDN" }} needs: - cert-manager/cert-manager @@ -111,30 +110,17 @@ releases: values: - "./config/common/vpa-values.yaml" -- name: gmp-proxy - version: "0.1.0" - chart: "../charts/gmp-proxy" - condition: gmp-proxy.enabled - namespace: finops-stack - needs: - - grafana - values: - - "./config/common/gmp-proxy-values.yaml" - - gmpProjectId: {{ requiredEnv "GCP_PROJECT" }} - - name: prometheus-opencost-exporter version: "0.1.1" chart: "prometheus-opencost-exporter/prometheus-opencost-exporter" condition: opencost-exporter.enabled namespace: finops-stack - needs: - - gmp-proxy values: - "./config/common/prometheus-opencost-exporter-values.yaml" - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" - opencost: exporter: - cloudProviderApiKey: {{ requiredEnv "CSP_API_KEY" }} + secret_access_key: {{ env "AWS_ACCESS_KEY" }} - name: finops-stack-opencost-templates version: "0.1.0" From 4de7211ed9819b4bf4efa66b6c54fdf589ce2696 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Mon, 2 Dec 2024 12:18:32 +0100 Subject: [PATCH 26/42] env eks file --- installation/Helmfile_eks.yaml | 3 ++- installation/env_eks.tmpl | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 installation/env_eks.tmpl diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml index 2dc8c62..bb04f70 100644 --- a/installation/Helmfile_eks.yaml +++ b/installation/Helmfile_eks.yaml @@ -120,7 +120,8 @@ releases: - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" - opencost: exporter: - secret_access_key: {{ env "AWS_ACCESS_KEY" }} + secret_access_key: {{ env "AWS_SECRET_ACCESS_KEY" }} + access_key_id: {{ env "AWS_ACCESS_KEY_ID" }} - name: finops-stack-opencost-templates version: "0.1.0" diff --git a/installation/env_eks.tmpl b/installation/env_eks.tmpl new file mode 100644 index 0000000..c845436 --- /dev/null +++ b/installation/env_eks.tmpl @@ -0,0 +1,22 @@ +# Sub-dir under ./config that holds your hosting env specific Helm values.files, e.g. gke +HOST_ENV=gke + +# -- AWS secret access key and access key id +AWS_SECRET_ACCESS_KEY="" +AWS_ACCESS_KEY_ID="" + +# Grafana admin user credentials +GRAFANA_ADMIN_USER=finops +GRAFANA_ADMIN_PW=s7@ck + +# GCP SA for workload identity +GRAFANA_SA_ANNOTATION="iam.gke.io/gcp-service-account: sa-name@my-gcp-project.iam.gserviceaccount.com" + +# Grafana ingress settings +GRAFANA_INGRESS="false" +# GRAFANA_PUBLIC_IP_NAME="name-of-public-ip" +# GRAFANA_FQDN="grafana.host.name" + +## GCP SA for workload identity for cert-manager (need to be defined but only used if cert-manager is being installed) +CERT_MANAGER_SA_ANNOTATION="iam.gke.io/gcp-service-account: cert-manager-sa@my-gcp-project.iam.gserviceaccount.com" +CERT_MANAGER_EMAIL="issuer@example.com" From e512688994b3a67c5df4e1f3a5035c534b675534 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 11:45:44 +0100 Subject: [PATCH 27/42] fix helmfile apply command --- installation/eks.md | 2 +- installation/gke.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/installation/eks.md b/installation/eks.md index a0a4149..3dd6856 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -32,7 +32,7 @@ NOTE: it will take several minutes for all workloads to install and start runnin To speed up subsequent runs: ```bash -set -a; source .env; set +a; helmfile apply --interactive --skip-deps +set -a; source .env; set +a; helmfile apply --file Helmfile_eks.yaml --interactive --skip-deps ``` ## Optional: Configure ingress for Grafana diff --git a/installation/gke.md b/installation/gke.md index 90cd377..97f22f4 100644 --- a/installation/gke.md +++ b/installation/gke.md @@ -34,7 +34,7 @@ This documentation focuses on installing the FinOps Stack in GKE standard/autopi For the first run: ```bash -set -a; source .env; set +a; helmfile apply --interactive +set -a; source .env; set +a; helmfile apply --file Helmfile_gke.yaml --interactive ``` NOTE: it will take several minutes for all workloads to install and start running. Helmfile does display its progress in the terminal. All workloads get installed into the `finops-stack` namespace so you can also view progress using `kubectl`. From c86eddeda5f2f4879f479c8bde0d82fc80a97329 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 13:14:23 +0100 Subject: [PATCH 28/42] fix opencost templates chart --- charts/opencost-config/templates/opencost/dashboards.yaml | 2 ++ installation/config/eks/grafana-values.yaml | 2 +- installation/config/gke/opencost-templates-values.yaml | 1 + installation/eks.md | 2 +- installation/env_eks.tmpl | 2 +- 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/opencost-config/templates/opencost/dashboards.yaml b/charts/opencost-config/templates/opencost/dashboards.yaml index c91e911..653e4df 100644 --- a/charts/opencost-config/templates/opencost/dashboards.yaml +++ b/charts/opencost-config/templates/opencost/dashboards.yaml @@ -1,3 +1,4 @@ +{{ if and .Values.dashboards }} {{- range $path, $_ := .Files.Glob "dashboards/**.json" }} --- apiVersion: v1 @@ -11,3 +12,4 @@ data: {{ base $path }}: |- {{ ($.Files.Get $path) | nindent 6 }} {{ end }} +{{ end }} diff --git a/installation/config/eks/grafana-values.yaml b/installation/config/eks/grafana-values.yaml index d0747c9..781dc41 100644 --- a/installation/config/eks/grafana-values.yaml +++ b/installation/config/eks/grafana-values.yaml @@ -13,4 +13,4 @@ ingress: annotations: kubernetes.io/ingress.global-static-ip-name: "ip-name" hosts: - - grafana.example.com \ No newline at end of file + - grafana.example.com diff --git a/installation/config/gke/opencost-templates-values.yaml b/installation/config/gke/opencost-templates-values.yaml index 92397d3..87bd822 100644 --- a/installation/config/gke/opencost-templates-values.yaml +++ b/installation/config/gke/opencost-templates-values.yaml @@ -1,2 +1,3 @@ +dashboards: true gke: podmonitoring: true \ No newline at end of file diff --git a/installation/eks.md b/installation/eks.md index 3dd6856..f443ab6 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -24,7 +24,7 @@ This documentation focuses on installing the FinOps Stack in EKS clusters. For the first run: ```bash -set -a; source .env; set +a; helmfile apply --interactive +set -a; source .env; set +a; helmfile apply --file Helmfile_eks.yaml --interactive ``` NOTE: it will take several minutes for all workloads to install and start running. Helmfile does display its progress in the terminal. All workloads get installed into the `finops-stack` namespace so you can also view progress using `kubectl`. diff --git a/installation/env_eks.tmpl b/installation/env_eks.tmpl index c845436..5937a17 100644 --- a/installation/env_eks.tmpl +++ b/installation/env_eks.tmpl @@ -1,5 +1,5 @@ # Sub-dir under ./config that holds your hosting env specific Helm values.files, e.g. gke -HOST_ENV=gke +HOST_ENV=eks # -- AWS secret access key and access key id AWS_SECRET_ACCESS_KEY="" From 5f3193b59cd976477219263d0907fd5fe7812709 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 13:17:49 +0100 Subject: [PATCH 29/42] fix opencost --- installation/config/eks/opencost-templates-values.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 installation/config/eks/opencost-templates-values.yaml diff --git a/installation/config/eks/opencost-templates-values.yaml b/installation/config/eks/opencost-templates-values.yaml new file mode 100644 index 0000000..3b96bea --- /dev/null +++ b/installation/config/eks/opencost-templates-values.yaml @@ -0,0 +1 @@ +dashboards: true \ No newline at end of file From 461662e23de66004523da73b3535716ab62f13c2 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 13:19:10 +0100 Subject: [PATCH 30/42] update env file --- installation/env_eks.tmpl | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/installation/env_eks.tmpl b/installation/env_eks.tmpl index 5937a17..5a8b849 100644 --- a/installation/env_eks.tmpl +++ b/installation/env_eks.tmpl @@ -9,14 +9,11 @@ AWS_ACCESS_KEY_ID="" GRAFANA_ADMIN_USER=finops GRAFANA_ADMIN_PW=s7@ck -# GCP SA for workload identity -GRAFANA_SA_ANNOTATION="iam.gke.io/gcp-service-account: sa-name@my-gcp-project.iam.gserviceaccount.com" - # Grafana ingress settings GRAFANA_INGRESS="false" # GRAFANA_PUBLIC_IP_NAME="name-of-public-ip" # GRAFANA_FQDN="grafana.host.name" ## GCP SA for workload identity for cert-manager (need to be defined but only used if cert-manager is being installed) -CERT_MANAGER_SA_ANNOTATION="iam.gke.io/gcp-service-account: cert-manager-sa@my-gcp-project.iam.gserviceaccount.com" +CERT_MANAGER_SA_ANNOTATION="" CERT_MANAGER_EMAIL="issuer@example.com" From 05c2e2d67c1f2ca3961d466cd2e17f5f677590de Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 3 Dec 2024 16:36:11 +0100 Subject: [PATCH 31/42] fix opencost template chart --- installation/config/eks/opencost-templates-values.yaml | 6 +++++- installation/config/gke/opencost-templates-values.yaml | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/installation/config/eks/opencost-templates-values.yaml b/installation/config/eks/opencost-templates-values.yaml index 3b96bea..5db2123 100644 --- a/installation/config/eks/opencost-templates-values.yaml +++ b/installation/config/eks/opencost-templates-values.yaml @@ -1 +1,5 @@ -dashboards: true \ No newline at end of file +dashboards: true +opencost: + customPricing: + # -- This is only to enable custom pricing on on-premises or kind + enabled: false \ No newline at end of file diff --git a/installation/config/gke/opencost-templates-values.yaml b/installation/config/gke/opencost-templates-values.yaml index 87bd822..bc7a2c7 100644 --- a/installation/config/gke/opencost-templates-values.yaml +++ b/installation/config/gke/opencost-templates-values.yaml @@ -1,3 +1,7 @@ dashboards: true +opencost: + customPricing: + # -- This is only to enable custom pricing on on-premises or kind + enabled: false gke: podmonitoring: true \ No newline at end of file From ac75e15793995b48b63e82bd1a71577ef7809fa9 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 11:41:37 +0100 Subject: [PATCH 32/42] remove opencost from prometheus --- installation/Helmfile_eks.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/installation/Helmfile_eks.yaml b/installation/Helmfile_eks.yaml index bb04f70..eae5dd1 100644 --- a/installation/Helmfile_eks.yaml +++ b/installation/Helmfile_eks.yaml @@ -118,10 +118,6 @@ releases: values: - "./config/common/prometheus-opencost-exporter-values.yaml" - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml" - - opencost: - exporter: - secret_access_key: {{ env "AWS_SECRET_ACCESS_KEY" }} - access_key_id: {{ env "AWS_ACCESS_KEY_ID" }} - name: finops-stack-opencost-templates version: "0.1.0" From 37a216c8f6eec3a41ce5e8db40316cccba545085 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 11:56:04 +0100 Subject: [PATCH 33/42] no aws access key needed --- installation/config/eks/opencost-templates-values.yaml | 2 +- installation/config/eks/opencost-values.yaml | 6 ------ .../config/eks/prometheus-opencost-exporter-values.yaml | 5 ----- 3 files changed, 1 insertion(+), 12 deletions(-) diff --git a/installation/config/eks/opencost-templates-values.yaml b/installation/config/eks/opencost-templates-values.yaml index 5db2123..3a6f68b 100644 --- a/installation/config/eks/opencost-templates-values.yaml +++ b/installation/config/eks/opencost-templates-values.yaml @@ -2,4 +2,4 @@ dashboards: true opencost: customPricing: # -- This is only to enable custom pricing on on-premises or kind - enabled: false \ No newline at end of file + enabled: false diff --git a/installation/config/eks/opencost-values.yaml b/installation/config/eks/opencost-values.yaml index 5389443..bc6dbdf 100644 --- a/installation/config/eks/opencost-values.yaml +++ b/installation/config/eks/opencost-values.yaml @@ -16,9 +16,3 @@ opencost: namespaceName: finops-stack # -- Service port of in-cluster Prometheus port: 80 - exporter: - aws: - # -- AWS secret access key - secret_access_key: "" - # -- AWS secret key id - access_key_id: "" diff --git a/installation/config/eks/prometheus-opencost-exporter-values.yaml b/installation/config/eks/prometheus-opencost-exporter-values.yaml index f77e0dd..de70cd1 100644 --- a/installation/config/eks/prometheus-opencost-exporter-values.yaml +++ b/installation/config/eks/prometheus-opencost-exporter-values.yaml @@ -15,11 +15,6 @@ opencost: # -- Service port of in-cluster Prometheus port: 80 exporter: - aws: - # -- AWS secret access key - secret_access_key: "" - # -- AWS secret key id - access_key_id: "" persistence: enabled: false # -- Annotations for persistent volume From 0b0fefcbf892b454b1a63d7e93bc5f1ba5f2937a Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 12:01:46 +0100 Subject: [PATCH 34/42] add dashboard to kind --- installation/config/kind/opencost-templates-values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/installation/config/kind/opencost-templates-values.yaml b/installation/config/kind/opencost-templates-values.yaml index 93d7d52..c9efd85 100644 --- a/installation/config/kind/opencost-templates-values.yaml +++ b/installation/config/kind/opencost-templates-values.yaml @@ -1,3 +1,4 @@ +dashboards: true opencost: configFileName: default provider: kind From 0a8a84b40a0a4bea1173dd86d781d7b22c5f6857 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 12:03:51 +0100 Subject: [PATCH 35/42] update doc --- installation/eks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/eks.md b/installation/eks.md index f443ab6..d8f3e23 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -10,7 +10,7 @@ This documentation focuses on installing the FinOps Stack in EKS clusters. - kubectl access - (Optional) If your cluster has Spot Instances, EKS Pod Identities need to be configured. See [documentation](https://www.opencost.io/docs/configuration/aws#eks-pod-identities). - [Helmfile](https://helmfile.readthedocs.io/en/latest/#installation) installed on your local machine -- Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name +- Unless you want to access the Grafana dashboard via `kubectl port-forward` you'll need a domain name or external public IP. ## Installation From c066b71880408e4c706defccc25152d6577f82ed Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 2 Jan 2025 12:07:38 +0100 Subject: [PATCH 36/42] new line --- installation/config/gke/opencost-templates-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/config/gke/opencost-templates-values.yaml b/installation/config/gke/opencost-templates-values.yaml index bc7a2c7..417b1e2 100644 --- a/installation/config/gke/opencost-templates-values.yaml +++ b/installation/config/gke/opencost-templates-values.yaml @@ -4,4 +4,4 @@ opencost: # -- This is only to enable custom pricing on on-premises or kind enabled: false gke: - podmonitoring: true \ No newline at end of file + podmonitoring: true From 4a64949e6f86f0dddfd9971538cfb7e1c893c118 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Wed, 12 Feb 2025 12:42:49 +0100 Subject: [PATCH 37/42] Re-word --- installation/eks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installation/eks.md b/installation/eks.md index d8f3e23..d83bccc 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -35,7 +35,7 @@ To speed up subsequent runs: set -a; source .env; set +a; helmfile apply --file Helmfile_eks.yaml --interactive --skip-deps ``` -## Optional: Configure ingress for Grafana +## Optional: Making Grafana accessible via DNS ### Pre-requisites From f7aec593a25b0f2845fc9e2665e01f64c5253928 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Tue, 31 Dec 2024 14:16:59 +0100 Subject: [PATCH 38/42] Add scan pipeline --- .github/workflows/scan.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/scan.yaml diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml new file mode 100644 index 0000000..2a48aaa --- /dev/null +++ b/.github/workflows/scan.yaml @@ -0,0 +1,20 @@ +name: Kubescape scanning for misconfigurations +on: [push, pull_request] +jobs: + kubescape: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: kubescape/github-action@main + continue-on-error: true + with: + format: sarif + outputFile: results.sarif + # Optional: Specify the Kubescape cloud account ID + # account: ${{secrets.KUBESCAPE_ACCOUNT}} + # # Optional: Scan a specific path. Default will scan the whole repository + # files: "examples/*.yaml" + - name: Upload Kubescape scan results to Github Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif \ No newline at end of file From da27454bddd1f55739e812ae7415044d2adec4fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 10:05:08 +0000 Subject: [PATCH 39/42] Bump golang.org/x/crypto in /scripts/chart-dep-updater (#37) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.26.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.26.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- scripts/chart-dep-updater/go.mod | 10 +++++----- scripts/chart-dep-updater/go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/scripts/chart-dep-updater/go.mod b/scripts/chart-dep-updater/go.mod index 9e35ca8..36b10e3 100644 --- a/scripts/chart-dep-updater/go.mod +++ b/scripts/chart-dep-updater/go.mod @@ -89,13 +89,13 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect go.starlark.net v0.0.0-20240725214946-42030a7cedce // indirect - golang.org/x/crypto v0.26.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.22.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.6.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a // indirect google.golang.org/grpc v1.65.0 // indirect diff --git a/scripts/chart-dep-updater/go.sum b/scripts/chart-dep-updater/go.sum index 9bc6605..36ff1d5 100644 --- a/scripts/chart-dep-updater/go.sum +++ b/scripts/chart-dep-updater/go.sum @@ -333,8 +333,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -359,8 +359,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -374,19 +374,19 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From 6126f26894e2fd4a8c3231367fb36364cdd0bf4a Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Wed, 12 Feb 2025 12:44:59 +0100 Subject: [PATCH 40/42] Re-word --- charts/opencost-config/templates/opencost/dashboards.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/opencost-config/templates/opencost/dashboards.yaml b/charts/opencost-config/templates/opencost/dashboards.yaml index 653e4df..b775af1 100644 --- a/charts/opencost-config/templates/opencost/dashboards.yaml +++ b/charts/opencost-config/templates/opencost/dashboards.yaml @@ -1,4 +1,4 @@ -{{ if and .Values.dashboards }} +{{ if .Values.dashboards }} {{- range $path, $_ := .Files.Glob "dashboards/**.json" }} --- apiVersion: v1 From 9a46312f1accca6bd9e36d601b6517e3f1e0a993 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 13 Feb 2025 15:42:06 +0100 Subject: [PATCH 41/42] Update docs --- README.md | 2 +- installation/README.md | 10 +++++--- installation/config/common/enabled.yaml | 8 +++--- installation/config/eks/enabled.yaml | 29 ---------------------- installation/config/gke/enabled.yaml | 33 ------------------------- installation/config/kind/enabled.yaml | 26 ------------------- installation/eks.md | 8 +++--- installation/gke.md | 8 +++--- 8 files changed, 22 insertions(+), 102 deletions(-) delete mode 100644 installation/config/eks/enabled.yaml delete mode 100644 installation/config/gke/enabled.yaml delete mode 100644 installation/config/kind/enabled.yaml diff --git a/README.md b/README.md index eb45a7f..e957f62 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ The FinOps Stack is the blueprint for a solution to automate FinOps best practic Our goal is to empower organisations with the tools they need to manage, visualise, and optimise their cloud resources in complex, ever-changing environments. -The FinOps Stack is designed to work out-of-the-box seamlessly with GKE standard/autopilot clusters using Google Managed Prometheus, and can be customised for an organisation’s business requirements and/or Kubernetes distribution. +The FinOps Stack is designed to work out-of-the-box seamlessly with Kind, GKE standard/autopilot clusters using Google Managed Prometheus, and EKS and can be customised for an organisation’s business requirements and/or Kubernetes distribution. This repository contains the core components of FinOps Stack, including: diff --git a/installation/README.md b/installation/README.md index 6c8e898..3593680 100644 --- a/installation/README.md +++ b/installation/README.md @@ -1,8 +1,12 @@ -# Installation using Helmfile +# FinOps Stack deployment -Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. +This documentation provides instructions for installing the FinOps Stack in Kind cluster for a quick setup. -This documentation provides instructions for installing the FinOps Stack in Kind cluster for a quick setup. For deployment on a GKE cluster, refer to the [gke docs](./gke.md). +For deployment on a GKE cluster, refer to the [GKE docs](./gke.md) and deployment on a EKS cluster refer to the [EKS docs](./eks.md). + +## Using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. ## Pre-requisites diff --git a/installation/config/common/enabled.yaml b/installation/config/common/enabled.yaml index 81f356a..e3a2105 100644 --- a/installation/config/common/enabled.yaml +++ b/installation/config/common/enabled.yaml @@ -14,19 +14,19 @@ grafana: # -- Enable / Disable the installation of cert-manager cert-manager: enabled: false -# -- Enable / Disable the installation of OpenCost -opencost: - enabled: false # -- Enable / Disable the installation of OpenCost Exporter opencost-exporter: enabled: true +# -- Enable / Disable the installation of Prometheus (required when using EKS or Kind) +prometheus: + enabled: false opencost-templates: enabled: true # -- Enable / Disable the installation of GMP Proxy (required when using Google Managed Prometheus) gmp-proxy: - enabled: true + enabled: false # -- Enable / Disable the installation of Fairwinds' Goldilocks goldilocks: diff --git a/installation/config/eks/enabled.yaml b/installation/config/eks/enabled.yaml deleted file mode 100644 index 5a707b4..0000000 --- a/installation/config/eks/enabled.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# -- Enable / Disable the installation of Kyverno -kyverno: - enabled: true - -# -- Enable / Disable the installation of Kyverno FinOps Policies -finops-policies: - enabled: true -# -- Enable / Disable the installation of the VPA Controller -vpa: - enabled: true -# -- Enable / Disable the installation of the Grafana -grafana: - enabled: true -# -- Enable / Disable the installation of cert-manager -cert-manager: - enabled: false -# -- Enable / Disable the installation of OpenCost -opencost: - enabled: false -# -- Enable / Disable the installation of OpenCost Exporter -opencost-exporter: - enabled: true - -opencost-templates: - enabled: true - -# -- Enable / Disable the installation of Fairwinds' Goldilocks -goldilocks: - enabled: true diff --git a/installation/config/gke/enabled.yaml b/installation/config/gke/enabled.yaml deleted file mode 100644 index 81f356a..0000000 --- a/installation/config/gke/enabled.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -- Enable / Disable the installation of Kyverno -kyverno: - enabled: true - -# -- Enable / Disable the installation of Kyverno FinOps Policies -finops-policies: - enabled: true -# -- Enable / Disable the installation of the VPA Controller -vpa: - enabled: true -# -- Enable / Disable the installation of the Grafana -grafana: - enabled: true -# -- Enable / Disable the installation of cert-manager -cert-manager: - enabled: false -# -- Enable / Disable the installation of OpenCost -opencost: - enabled: false -# -- Enable / Disable the installation of OpenCost Exporter -opencost-exporter: - enabled: true - -opencost-templates: - enabled: true - -# -- Enable / Disable the installation of GMP Proxy (required when using Google Managed Prometheus) -gmp-proxy: - enabled: true - -# -- Enable / Disable the installation of Fairwinds' Goldilocks -goldilocks: - enabled: true diff --git a/installation/config/kind/enabled.yaml b/installation/config/kind/enabled.yaml deleted file mode 100644 index 2c24881..0000000 --- a/installation/config/kind/enabled.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# -- Enable / Disable the installation of Kyverno -kyverno: - enabled: true - -# -- Enable / Disable the installation of Kyverno FinOps Policies -finops-policies: - enabled: true -# -- Enable / Disable the installation of the VPA Controller -vpa: - enabled: true -# -- Enable / Disable the installation of the Grafana -grafana: - enabled: true -# -- Enable / Disable the installation of Prometheus -prometheus: - enabled: true -# -- Enable / Disable the installation of OpenCost Exporter -opencost-exporter: - enabled: true - -opencost-templates: - enabled: true - -# -- Enable / Disable the installation of Fairwinds' Goldilocks -goldilocks: - enabled: true diff --git a/installation/eks.md b/installation/eks.md index d83bccc..879a30c 100644 --- a/installation/eks.md +++ b/installation/eks.md @@ -1,9 +1,11 @@ -# Installation using Helmfile - -Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. +# FinOps Stack on a EKS cluster This documentation focuses on installing the FinOps Stack in EKS clusters. +## Using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. + ## Pre-requisites - A EKS cluster with: diff --git a/installation/gke.md b/installation/gke.md index 97f22f4..378f4c3 100644 --- a/installation/gke.md +++ b/installation/gke.md @@ -1,9 +1,11 @@ -# Installation using Helmfile - -Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. +# FinOps Stack on a GKE cluster This documentation focuses on installing the FinOps Stack in GKE standard/autopilot clusters. +## Using Helmfile + +Installing Helm charts with lots of dependencies and CRDs is challenging; these instructions use Helmfile to mitigate issues with Helm. + ## Pre-requisites - A GKE standard or autopilot cluster with: From 57bf639942b1fa2b6f34b96a2270e8bfdc361c26 Mon Sep 17 00:00:00 2001 From: maria-reynoso Date: Thu, 13 Feb 2025 15:44:09 +0100 Subject: [PATCH 42/42] Update docs --- content/install.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/install.md b/content/install.md index 38fb5ba..fada58e 100644 --- a/content/install.md +++ b/content/install.md @@ -8,7 +8,9 @@ To simplify installation, the FinOps Stack is installed using a single Helmfile The following instructions are designed to work with a Kind cluster for quick setup. For full instructions, prerequisites and customisations, please see the [installation README](https://github.com/jetstack/finops-stack/blob/main/installation/README.md). -To work with GKE standard and GKE autopilot see the [ GKE installation guide]((https://github.com/jetstack/finops-stack/blob/main/installation/README.md)) +To work with GKE standard and GKE autopilot see the [ GKE installation guide]((https://github.com/jetstack/finops-stack/blob/main/installation/gke.md)) + +To work with EKS cluster see the [ EKS installation guide]((https://github.com/jetstack/finops-stack/blob/main/installation/eks.md)) ### Helmfile