Merge pull request #25 from prasebha/v3.0.0

sync agent changes for v3.0.0

Author: niravg75

charts/mgmt-agent/templates/metric_server.yaml

@@ -142,28 +142,13 @@ spec:
         - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
         - --kubelet-use-node-status-port
         - --metric-resolution=15s
-        image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1
+        image: registry.k8s.io/metrics-server/metrics-server:v0.6.3
         imagePullPolicy: IfNotPresent
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /livez
-            port: https
-            scheme: HTTPS
-          periodSeconds: 10
         name: metrics-server
         ports:
         - containerPort: 4443
           name: https
           protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /readyz
-            port: https
-            scheme: HTTPS
-          initialDelaySeconds: 20
-          periodSeconds: 10
         resources:
           requests:
             cpu: 100m

charts/mgmt-agent/templates/mgmt-agent-statefulset.yaml

@@ -19,13 +19,24 @@ spec:
       labels:
         app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent
     spec:
+      securityContext:
+        runAsUser: {{ default 0 .Values.deployment.security.runAsUser }}
+        runAsGroup: {{ default 0 .Values.deployment.security.runAsGroup }}
+        fsGroup: {{ default 0 .Values.deployment.security.fsGroup }}
       serviceAccountName: {{ include "mgmt-agent.serviceAccount" . }}
       imagePullSecrets:
         - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-container-registry-key
       restartPolicy: Always
       containers:
         - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent
           image: {{ .Values.mgmtagent.image.url }}
+          resources:
+            requests:
+              cpu: {{ .Values.deployment.resource.request.cpuCore }}
+              memory: {{ .Values.deployment.resource.request.memory }}
+            limits:
+              cpu: {{ .Values.deployment.resource.limit.cpuCore }}
+              memory: {{ .Values.deployment.resource.limit.memory }}
           volumeMounts:
             - name: mgmtagent-secret
               mountPath: /opt/oracle/mgmtagent_secret
@@ -34,19 +45,28 @@ spec:
               mountPath: /opt/oracle
             - name: mgmtagent-config
               mountPath: /opt/oracle/mgmtagent_config
+            - mountPath: /tmp
+              name: tmp
+          securityContext:
+           allowPrivilegeEscalation: false
+           readOnlyRootFilesystem: true
       volumes:
         - name: mgmtagent-secret
           secret:
             secretName: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-rsp
         - name: mgmtagent-config
           configMap:
             name: {{ include "mgmt-agent.resourceNamePrefix" . }}-metrics
+        - emptyDir: {}
+          name: tmp
   volumeClaimTemplates:
     - metadata:
         name: mgmtagent-pvc
       spec:
         accessModes: [ "ReadWriteOnce" ]
-        storageClassName: "oci-bv"
+        {{- if .Values.deployment.storageClass }}
+        storageClassName: {{ .Values.deployment.storageClass }}
+        {{- end }}
         resources:
           requests:
-            storage: 2Gi
+            storage: {{ .Values.deployment.resource.request.storage }}

charts/mgmt-agent/values.schema.json

@@ -0,0 +1,217 @@
+{
+    "$schema": "https://json-schema.org/draft-07/schema#",
+    "properties":
+    {
+        "global":
+        {
+            "properties":
+            {
+                "namespace":
+                {
+                    "type": "string"
+                },
+                "resourceNamePrefix":
+                {
+                    "type": "string"
+                }
+            },
+            "required":
+            [
+                "namespace",
+                "resourceNamePrefix"
+            ]
+        },
+        "mgmtagent":
+        {
+            "properties":
+            {
+                "installKeyFileContent":
+                {
+                    "type":
+                    [
+                        "string",
+                        "null"
+                    ]
+                },
+                "installKey":
+                {
+                    "type":
+                    [
+                        "string",
+                        "null"
+                    ]
+                },
+                "image":
+                {
+                    "properties":
+                    {
+                        "url":
+                        {
+                            "type": "string"
+                        },
+                        "secret":
+                        {
+                            "type":
+                            [
+                                "string",
+                                "null"
+                            ]
+                        }
+                    },
+                    "required":
+                    [
+                        "url"
+                    ]
+                }
+            },
+            "anyOf":
+            [
+                {
+                    "properties":
+                    {
+                        "installKeyFileContent":
+                        {
+                            "minLength": 0
+                        }
+                    },
+                    "required":
+                    [
+                        "installKey"
+                    ]
+                },
+                {
+                    "properties":
+                    {
+                        "installKey":
+                        {
+                            "minLength": 0
+                        }
+                    },
+                    "required":
+                    [
+                        "installKeyFileContent"
+                    ]
+                }
+            ],
+            "type": "object"
+        },
+        "namespace":
+        {
+            "type": "string"
+        },
+        "deployMetricServer":
+        {
+            "type": "boolean"
+        },
+        "kubernetesCluster":
+        {
+            "properties":
+            {
+                "name":
+                {
+                    "type": "string"
+                },
+                "namespace":
+                {
+                    "type": "string"
+                }
+            },
+            "required":
+            [
+                "name",
+                "namespace"
+            ]
+        },
+        "deployment":
+        {
+            "properties":
+            {
+                "security":
+                {
+                    "properties":
+                    {
+                        "runAsUser":
+                        {
+                            "type":
+                            [
+                                "integer",
+                                "null"
+                            ]
+                        },
+                        "runAsGroup":
+                        {
+                            "type":
+                            [
+                                "integer",
+                                "null"
+                            ]
+                        },
+                        "fsGroup":
+                        {
+                            "type":
+                            [
+                                "integer",
+                                "null"
+                            ]
+                        }
+                    }
+                },
+                "resource":
+                {
+                    "properties":
+                    {
+                        "request":
+                        {
+                            "properties":
+                            {
+                                "cpuCore":
+                                {
+                                    "type": "string"
+                                },
+                                "memory":
+                                {
+                                    "type": "string"
+                                },
+                                "storage":
+                                {
+                                    "type": "string"
+                                }
+                            },
+                            "required":
+                            [
+                                "cpuCore",
+                                "memory",
+                                "storage"
+                            ]
+                        },
+                        "limit":
+                        {
+                            "properties":
+                            {
+                                "cpuCore":
+                                {
+                                    "type": "string"
+                                },
+                                "memory":
+                                {
+                                    "type": "string"
+                                }
+                            },
+                            "required":
+                            [
+                                "cpuCore",
+                                "memory"
+                            ]
+                        }
+                    }
+                }
+            }
+        }
+    },
+    "required":
+    [
+        "namespace"
+    ],
+    "title": "Values",
+    "type": "object"
+}

charts/mgmt-agent/values.yaml

@@ -50,3 +50,32 @@ kubernetesCluster:
    name:
    # -- Kubernetes cluster namespace(s) to monitor. This can be a comma-separated list of namespaces or '*' to monitor all the namespaces
    namespace: '*'
+
+deployment:
+   security:
+      # Processes in the Container will run as user ID 1000, replace it with a different value if desired
+      runAsUser: 1000
+      # Processes in the Container will use group ID 2000, replace it with a different value if desired
+      runAsGroup: 2000
+      # Files created in the Container will use group ID 2000, replace it with a different value if desired
+      fsGroup: 2000
+
+   # Provide the agent resources as per Kubernetes resource quantity
+   resource:
+      # Provide the minimum required resources
+      request:
+         # specify the cpu cores
+         cpuCore: 200m
+         # specify the memory
+         memory: 500Mi
+         # specify the storage capacity for StatefulSet's PVC
+         storage: 2Gi
+      # Provide the maximum limit for resources
+      limit:
+         # specify the cpu cores
+         cpuCore: 500m
+         # specify the memory
+         memory: 1Gi
+   
+   # Provide the storage class for StatefulSet's PVC. If not provided then the Cluster's default storage class will be used.
+   storageClass:

charts/oci-onm/values.yaml

@@ -45,14 +45,11 @@ oci-onm-mgmt-agent:
   kubernetesCluster:
     name: "{{ .Values.global.kubernetesClusterName }}"
   mgmtagent:
-    # Provide either installKeyFileContent or installKey as an install key. If both provided then installKeyFileContent will take higher precedence.
     # Provide the base64 encoded content of the Management Agent Install Key file
     installKeyFileContent:
-    # Copy the downloaded Management Agent Install Key file under root helm directory as resources/input.rsp
-    installKey: resources/input.rsp
     # Follow steps documented at https://github.com/oracle/docker-images/tree/main/OracleManagementAgent to build docker image.
     image:
       # Replace this value with actual docker image URL for Management Agent
-      url:
+      url: container-registry.oracle.com/oci_observability_management/oci-management-agent:1.0.0
       # Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file)
-      secret:
+      secret: