diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml new file mode 100644 index 0000000..560b1d8 --- /dev/null +++ b/.github/workflows/lint-helm.yml @@ -0,0 +1,21 @@ +name: "Lint: helm chart" +on: + push: + branches: + - '**' + paths: + - '.github/workflows/lint-helm.yml' + workflow_dispatch: + +jobs: + helm3-lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Set up Helm + uses: azure/setup-helm@v1 + + - name: Helm lint + run: helm lint charts/azure-resourcemanager-exporter diff --git a/.github/workflows/publish-helm.yml b/.github/workflows/publish-helm.yml new file mode 100644 index 0000000..b8a7ab9 --- /dev/null +++ b/.github/workflows/publish-helm.yml @@ -0,0 +1,30 @@ +name: "Publish: helm chart" +on: + push: + tags: + - '*' + paths: + - '.github/workflows/publish-helm.yml' + workflow_dispatch: + +jobs: + publish-release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Set up Helm + uses: azure/setup-helm@v1 + + - name: Publish Helm charts + uses: helm/chart-releaser-action@v1.2.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml.disabled similarity index 100% rename from .github/workflows/release-docker.yml rename to .github/workflows/release-docker.yml.disabled diff --git a/README.md b/README.md index 3c9ae72..78946e1 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,34 @@ Azure ResourceManager Exporter Prometheus exporter for Azure Resources and information. -Configuration +Installation ------------- +[Helm 3](https://helm.sh/) must be installed to use the chart. Once Helm is set up properly, add the repo as follows: + +```shell +$ helm repo add azure-resourcemanager-exporter https://carrefour-group.github.io/azure-resourcemanager-exporter +$ helm repo update +``` + +Install Chart +------------- +The chart can be installed as follows: +```shell +$ helm install [RELEASE_NAME] azure-resourcemanager-exporter/azure-resourcemanager-exporter +``` + +Uninstall Chart +------------- +To uninstall the chart + +```shell +$ helm uninstall [RELEASE_NAME] +``` + +Exporter Configuration +--------------------- + Normally no configuration is needed but can be customized using environment variables. | Environment variable | DefaultValue | Description | @@ -85,3 +110,14 @@ Metrics | `azurerm_iam_principal_info` | IAM | Azure IAM Principal information | | `azurerm_graph_app_info` | Graph | AzureAD graph application information | | `azurerm_graph_app_credential` | Graph | AzureAD graph application credentials (create,expiry) information | + + +Contributing +------------ +We welcome any contributions from the community with open arms. If you're planning a new feature, please file an issue to discuss first. + +How to Release +-------------- +To release a new version of the helm chart, you need to bump: + * `appVersion` and `version` fields in `Chart.yaml` file. + * `image.tag` in `values.yaml` file. diff --git a/charts/azure-resourcemanager-exporter/Chart.yaml b/charts/azure-resourcemanager-exporter/Chart.yaml new file mode 100644 index 0000000..b1cbb6a --- /dev/null +++ b/charts/azure-resourcemanager-exporter/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +description: Prometheus Azure Resource Manager Exporter +name: azure-resourcemanager-exporter +version: 20.11.1 +appVersion: 20.11.1 diff --git a/charts/azure-resourcemanager-exporter/templates/NOTES.txt b/charts/azure-resourcemanager-exporter/templates/NOTES.txt new file mode 100644 index 0000000..4cb5d7e --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/NOTES.txt @@ -0,0 +1,10 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} + +You can find more documentation here: https://github.com/webdevops/azure-resourcemanager-exporter diff --git a/charts/azure-resourcemanager-exporter/templates/_helpers.tpl b/charts/azure-resourcemanager-exporter/templates/_helpers.tpl new file mode 100644 index 0000000..7076dea --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "azure-resourcemanager-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "azure-resourcemanager-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "azure-resourcemanager-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "azure-resourcemanager-exporter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "azure-resourcemanager-exporter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "ingress.apiVersion" -}} +{{- if semverCompare ">=1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/azure-resourcemanager-exporter/templates/deployment.yaml b/charts/azure-resourcemanager-exporter/templates/deployment.yaml new file mode 100644 index 0000000..a194c64 --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/deployment.yaml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "azure-resourcemanager-exporter.fullname" . }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "azure-resourcemanager-exporter.chart" . }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + strategy: +{{ toYaml .Values.strategy | indent 4 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "azure-resourcemanager-exporter.chart" . }} + {{- if .Values.pod.labels }} +{{ toYaml .Values.pod.labels | indent 8 }} + {{- end }} + annotations: + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "azure-resourcemanager-exporter.serviceAccountName" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - name: azure-resourcemanager-exporter + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: +{{- if .Values.credentials.useSecret }} + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + name: {{ .Values.credentials.name }} + key: AZURE_SUBSCRIPTION_ID + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.credentials.name }} + key: AZURE_TENANT_ID + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.credentials.name }} + key: AZURE_CLIENT_ID + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.credentials.name }} + key: AZURE_CLIENT_SECRET +{{ end }} + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + args: + {{- if .Values.extraArgs }} +{{ toYaml .Values.extraArgs | indent 12 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + ports: + - containerPort: {{ .Values.containerPort }} + name: http + livenessProbe: + {{- toYaml .Values.livenessProbe | trim | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | trim | nindent 12 }} diff --git a/charts/azure-resourcemanager-exporter/templates/ingress.yaml b/charts/azure-resourcemanager-exporter/templates/ingress.yaml new file mode 100644 index 0000000..2676624 --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/ingress.yaml @@ -0,0 +1,28 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: {{ template "ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "azure-resourcemanager-exporter.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "azure-resourcemanager-exporter.chart" . }} + annotations: +{{ toYaml .Values.ingress.annotations | indent 4 }} +spec: + rules: + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $.Values.ingress.path }} + backend: + serviceName: {{ template "azure-resourcemanager-exporter.fullname" $ }} + servicePort: {{ $.Values.service.port }} + {{- end -}} + {{- if $.Values.ingress.tls }} + tls: +{{ toYaml $.Values.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/azure-resourcemanager-exporter/templates/prometheusrule.yaml b/charts/azure-resourcemanager-exporter/templates/prometheusrule.yaml new file mode 100644 index 0000000..357c93f --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if .Values.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "azure-resourcemanager-exporter.fullname" . }} + {{- with .Values.prometheusRule.namespace }} + namespace: {{ . }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "azure-resourcemanager-exporter.chart" . }} + {{- with .Values.prometheusRule.additionalLabels -}} +{{- toYaml . | nindent 4 -}} + {{- end }} +spec: + {{- with .Values.prometheusRule.rules }} + groups: + - name: {{ template "azure-resourcemanager-exporter.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/azure-resourcemanager-exporter/templates/service.yaml b/charts/azure-resourcemanager-exporter/templates/service.yaml new file mode 100644 index 0000000..99deea1 --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/service.yaml @@ -0,0 +1,30 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ template "azure-resourcemanager-exporter.fullname" . }} + {{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "azure-resourcemanager-exporter.chart" . }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + port: {{ .Values.service.port }} + targetPort: http + protocol: TCP +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + selector: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/azure-resourcemanager-exporter/templates/serviceaccount.yaml b/charts/azure-resourcemanager-exporter/templates/serviceaccount.yaml new file mode 100644 index 0000000..ea9f187 --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "azure-resourcemanager-exporter.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "azure-resourcemanager-exporter.chart" . }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end -}} diff --git a/charts/azure-resourcemanager-exporter/templates/servicemonitor.yaml b/charts/azure-resourcemanager-exporter/templates/servicemonitor.yaml new file mode 100644 index 0000000..be3bdbb --- /dev/null +++ b/charts/azure-resourcemanager-exporter/templates/servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "azure-resourcemanager-exporter.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "azure-resourcemanager-exporter.chart" . }} + {{- if or .Values.serviceMonitor.labels .labels }} + {{- toYaml (.labels | default .Values.serviceMonitor.labels) | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: http + interval: {{ .Values.serviceMonitor.interval }} + scheme: {{ .Values.serviceMonitor.scheme }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + app.kubernetes.io/name: {{ include "azure-resourcemanager-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/azure-resourcemanager-exporter/values.yaml b/charts/azure-resourcemanager-exporter/values.yaml new file mode 100644 index 0000000..8e08c8a --- /dev/null +++ b/charts/azure-resourcemanager-exporter/values.yaml @@ -0,0 +1,141 @@ +#Default values for azure-resourcemanager-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: quay.io/webdevops/azure-resourcemanager-exporter + tag: 20.11.1 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +extraEnv: {} + ## You can add environments vars to configure the exporter, like the AZURE_LOCATION or the SCRAPE_TIME + ## A list of all the environment vars is available in this doc: https://github.com/webdevops/azure-resourcemanager-exporter#configuration + ## + # AZURE_LOCATION: "" + +## Annotations and labels to add to the deployment +annotations: {} +labels: {} + +## Container securityContext +securityContext: + enabled: true + # Container must run as + runAsUser: 1000 + readOnlyRootFilesystem: true + runAsNonRoot: true + +nodeSelector: {} +tolerations: [] +affinity: {} + +strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + +# Container resource requests and limits +resources: {} + # limits: + # cpu: 300m + # memory: 128Mi + # requests: + # cpu: 200m + # memory: 128Mi + +service: + annotations: {} + labels: {} + type: ClusterIP + port: 8080 + +containerPort: 8080 + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + +## An Ingress resource can provide name-based virtual hosting and TLS +## termination among other things for CouchDB deployments which are accessed +## from outside the Kubernetes cluster. +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + enabled: false + hosts: [] + # - chart-example.local + path: '/' + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + tls: [] + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + +# The secret to be used by the azure-resourcemanager-exporter deployment, which +# should contain credentials for the cloud provider +## secrets will need the following vars: +## AZURE_CLIENT_ID: "" +## AZURE_CLIENT_SECRET: "" +## AZURE_SUBSCRIPTION_ID: "" +## AZURE_TENANT_ID: "" +credentials: + useSecret: true + name: azure-resourcemanager-exporter-secret + +podAnnotations: {} + +pod: + labels: {} + +extraArgs: [] + +replicas: 1 + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + labels: {} + interval: 30s + scrapeTimeout: 30s + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: http + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + +## Custom PrometheusRules to be defined +## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions +prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + rules: [] + + +# Probes configuration +livenessProbe: + httpGet: + path: /metrics + port: http + +readinessProbe: + httpGet: + path: /metrics + port: http