From 6ab1309689b293dc366559af2c6b902318e6a7c6 Mon Sep 17 00:00:00 2001 From: Maxime Leroy <19607336+maxime1907@users.noreply.github.com> Date: Tue, 10 May 2022 16:26:51 +0200 Subject: [PATCH 1/8] feat(chart): enhance features, add daemonset, update chart --- .../Chart.yaml | 24 +++- .../ci/all-enabled-values.yaml | 116 ++++++++++++++++++ .../templates/configmap.yaml | 6 +- .../templates/daemonset.yaml | 98 +++++++++++++++ .../templates/deployment.yaml | 54 ++++---- .../templates/secret.yaml | 2 +- .../templates/service.yaml | 11 +- .../templates/serviceaccount.yaml | 2 + .../templates/servicemonitor.yaml | 45 +++++-- .../values.yaml | 82 +++++++++---- 10 files changed, 367 insertions(+), 73 deletions(-) create mode 100644 charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml create mode 100644 charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml diff --git a/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml b/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml index 779743a..3069ed0 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml @@ -1,8 +1,13 @@ apiVersion: v2 name: docker-hub-rate-limit-exporter description: Export your current docker hub rate limit status to prometheus. -icon: https://github.com/viadee/docker-hub-rate-limit-exporter/raw/main/chart/icon.png - +icon: https://raw.githubusercontent.com/viadee/docker-hub-rate-limit-exporter/main/charts/docker-hub-rate-limit-exporter-chart/icon.png +keywords: + - docker + - hub + - rate + - limit + - exporter # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -16,9 +21,20 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.10 +version: 0.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.16.0 +appVersion: version-1.5 + +home: https://github.com/viadee/docker-hub-rate-limit-exporter/ +sources: + - https://github.com/viadee/docker-hub-rate-limit-exporter/ +maintainers: + - email: sebastian.sirch@viadee.de + name: sebastiansirch + - email: frank.koehne@viadee.de + name: fkoehne + - email: marius.stein@viadee.de + name: mstein11 diff --git a/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml new file mode 100644 index 0000000..43137a5 --- /dev/null +++ b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml @@ -0,0 +1,116 @@ +# Default values for docker-hub-rate-limit-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +config: + verbosity: 1 ## the loglevel + dockerhub: + username: "" ## put your dockerhub username here + password: "" ## put your dockerhub password here + +deployment: + enabled: false + replicaCount: 1 + +daemonset: + enabled: true + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + +image: + repository: viadee/docker-hub-rate-limit-exporter + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceMonitor: + enabled: true + additionalLabels: {} + namespace: "" + + jobLabel: "" + + scheme: http + bearerTokenFile: + tlsConfig: {} + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Override serviceMonitor selector + ## + selectorOverride: {} + + relabelings: + - action: replace + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: instance + - action: replace + sourceLabels: + - __meta_kubernetes_pod_host_ip + targetLabel: host_ip + metricRelabelings: [] + interval: "" + scrapeTimeout: 25s + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: + sidecar.istio.io/inject: "false" + +securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + +containerSecurityContext: + capabilities: + add: + - SYS_TIME + +service: + type: ClusterIP + port: 9100 + targetPort: 9100 + nodePort: + portName: metrics + timeoutSeconds: 5 + annotations: + prometheus.io/scrape: "true" + +resources: + limits: + cpu: 200m + memory: 96Mi + requests: + cpu: 50m + memory: 64Mi + +nodeSelector: {} + +tolerations: [] + +priorityClassName: "" + +affinity: {} + +# Expose the service to the host network +hostNetwork: false + +# Share the host process ID namespace +hostPID: true diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml index 39e4d10..6fb507c 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml @@ -5,6 +5,6 @@ metadata: labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} data: - exporter-port: {{ default "80" .Values.config.exporterPort | quote }} - exporter-verbosity: {{ default "1" .Values.config.exporterVerbosity | quote }} - dockerhub-username: {{ default "" .Values.config.dockerhubUsername | quote }} \ No newline at end of file + exporter-port: {{ .Values.service.targetPort | quote }} + exporter-verbosity: {{ .Values.config.verbosity | quote }} + dockerhub-username: {{ .Values.config.dockerhub.username | quote }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml new file mode 100644 index 0000000..5e4fa38 --- /dev/null +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml @@ -0,0 +1,98 @@ +{{- if .Values.daemonset.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }} + labels: + {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 6 }} + {{- if .Values.daemonset.updateStrategy }} + updateStrategy: +{{ toYaml .Values.daemonset.updateStrategy | indent 4 }} + {{- end }} + template: + metadata: + labels: + {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 8 }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + serviceAccountName: {{ include "docker-hub-rate-limit-exporter.serviceAccountName" . }} + {{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + timeoutSeconds: {{ .Values.service.timeoutSeconds }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + timeoutSeconds: {{ .Values.service.timeoutSeconds }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: DOCKERHUB_USERNAME + valueFrom: + configMapKeyRef: + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap + key: dockerhub-username + - name: DOCKERHUB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-secret + key: dockerhub-password + - name: DOCKERHUB_EXPORTER_VERBOSE + valueFrom: + configMapKeyRef: + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap + key: exporter-verbosity + - name: DOCKERHUB_EXPORTER_PORT + valueFrom: + configMapKeyRef: + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap + key: exporter-port + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + hostNetwork: {{ .Values.hostNetwork }} + hostPID: {{ .Values.hostPID }} + +{{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml index a4851dc..26158a1 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deployment.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -5,51 +6,54 @@ metadata: labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} + replicas: {{ .Values.deployment.replicaCount }} selector: matchLabels: {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 6 }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 6 }} - {{- end }} template: metadata: + labels: + {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 8 }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} {{- end }} - labels: - {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: - {{- toYaml . | nindent 8 }} +{{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} serviceAccountName: {{ include "docker-hub-rate-limit-exporter.serviceAccountName" . }} + {{- if .Values.securityContext }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} +{{ toYaml .Values.securityContext | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} containers: - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: http - containerPort: {{ default 80 .Values.config.exporterPort }} + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: httpGet: path: / - port: http - timeoutSeconds: 5 + port: {{ .Values.service.port }} + timeoutSeconds: {{ .Values.service.timeoutSeconds }} readinessProbe: httpGet: path: / - port: http - timeoutSeconds: 5 + port: {{ .Values.service.port }} + timeoutSeconds: {{ .Values.service.timeoutSeconds }} resources: {{- toYaml .Values.resources | nindent 12 }} env: @@ -73,15 +77,17 @@ spec: configMapKeyRef: name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap key: exporter-port - {{- with .Values.nodeSelector }} + {{- if .Values.nodeSelector }} nodeSelector: - {{- toYaml . | nindent 8 }} +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- if .Values.affinity }} affinity: - {{- toYaml . | nindent 8 }} +{{ toYaml .Values.affinity | indent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: - {{- toYaml . | nindent 8 }} +{{ toYaml . | indent 8 }} {{- end }} + +{{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml index 2613707..d2d53ed 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml @@ -5,4 +5,4 @@ metadata: labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} data: - dockerhub-password: {{ default "" .Values.config.dockerhubPassword | b64enc | quote }} \ No newline at end of file + dockerhub-password: {{ .Values.config.dockerhub.password | b64enc | quote }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/service.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/service.yaml index 611ab6f..00256d3 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/service.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/service.yaml @@ -2,14 +2,21 @@ apiVersion: v1 kind: Service metadata: name: {{ include "docker-hub-rate-limit-exporter.fullname" . }} + {{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} + {{- end }} labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: http + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: {{ .Values.service.targetPort }} protocol: TCP - name: http + name: {{ .Values.service.portName }} selector: {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 4 }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/serviceaccount.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/serviceaccount.yaml index e8bf1e9..45eda81 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/serviceaccount.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/serviceaccount.yaml @@ -9,4 +9,6 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} {{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml index c3c8672..25e257f 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml @@ -11,21 +11,40 @@ metadata: {{- if .Values.serviceMonitor.additionalLabels }} {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} - spec: - endpoints: - - port: http - path: / - {{- if .Values.serviceMonitor.interval }} - interval: {{ .Values.serviceMonitor.interval }} - {{- end }} - {{- if .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} + jobLabel: {{ default "app.kubernetes.io/name" .Values.serviceMonitor.jobLabel }} selector: matchLabels: + {{- if .Values.serviceMonitor.selectorOverride }} + {{ toYaml .Values.serviceMonitor.selectorOverride | indent 6 }} + {{ else }} {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 6 }} + {{- end }} + endpoints: + - port: {{ .Values.service.portName }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- with .Values.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.serviceMonitor.proxyUrl }} + proxyUrl: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/values.yaml b/charts/docker-hub-rate-limit-exporter-chart/values.yaml index d7b434a..f112f89 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/values.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/values.yaml @@ -3,16 +3,26 @@ # Declare variables to be passed into your templates. config: - exporterPort: 80 ## if you want to change the port exposed by the docker-hub-rate-limit-exporter - exporterVerbosity: 1 ## the loglevel - dockerhubUsername: ## put your dockerhub username here - dockerhubPassword: ## put your dockerhub password here + verbosity: 1 ## the loglevel + dockerhub: + username: "" ## put your dockerhub username here + password: "" ## put your dockerhub password here -replicaCount: 1 +deployment: + enabled: true + replicaCount: 1 + +daemonset: + enabled: false + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 image: repository: viadee/docker-hub-rate-limit-exporter - tag: version-1.5 + tag: "" + pullPolicy: IfNotPresent imagePullSecrets: [] nameOverride: "" @@ -21,9 +31,26 @@ fullnameOverride: "" serviceMonitor: enabled: false additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s + namespace: "" + + jobLabel: "" + + scheme: http + bearerTokenFile: + tlsConfig: {} + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Override serviceMonitor selector + ## + selectorOverride: {} + + relabelings: [] + metricRelabelings: [] + interval: "" + scrapeTimeout: 10s serviceAccount: # Specifies whether a service account should be created @@ -33,29 +60,30 @@ serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" - -# Labels to add to each pod. -podLabels: {} - # myPodLabel: labelName + imagePullSecrets: [] podAnnotations: {} -podSecurityContext: - {} - # fsGroup: 2000 - securityContext: - {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + +containerSecurityContext: {} + # capabilities: + # add: + # - SYS_TIME service: - type: ClusterIP - port: 80 + type: ClusterIP + port: 9100 + targetPort: 9100 + nodePort: + portName: metrics + timeoutSeconds: 5 + annotations: + prometheus.io/scrape: "true" resources: limits: @@ -69,4 +97,6 @@ nodeSelector: {} tolerations: [] +priorityClassName: "" + affinity: {} From eec0126b9fba4eeb94ba6a72e21454d8cb0b36b5 Mon Sep 17 00:00:00 2001 From: Maxime Leroy <19607336+maxime1907@users.noreply.github.com> Date: Tue, 10 May 2022 17:17:12 +0200 Subject: [PATCH 2/8] feat(ci): add linting tests --- .github/workflows/lint_test.yaml | 57 ++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 6 ++-- config_repos | 1 + ct.yaml | 6 ++++ 4 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/lint_test.yaml create mode 100644 config_repos create mode 100644 ct.yaml diff --git a/.github/workflows/lint_test.yaml b/.github/workflows/lint_test.yaml new file mode 100644 index 0000000..422813c --- /dev/null +++ b/.github/workflows/lint_test.yaml @@ -0,0 +1,57 @@ +name: Lint and Test Charts + +# Controls when the action will run. Triggers the workflow on pull request +# events but only for the main branch +on: + pull_request: + branches: [main] + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Validate schema + uses: wiremind/helm-kubeval-action@v1.2.1 + with: + path: charts + config: config_repos + + - name: Cleanup subcharts after kubeval + run: rm -rf charts/*/charts + + - uses: actions/setup-python@v2 + with: + python-version: 3.7 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.2.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct --config ct.yaml list-changed) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + + - name: Run chart-testing (lint) + run: ct lint --config ct.yaml + + - name: Create kind cluster + uses: helm/kind-action@v1.2.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Deploy Prometheus Operator crds + run: | + kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml + kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml + kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml + kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml + + - name: Run chart-testing (install) + run: ct install --config ct.yaml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a977d01..157b68e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,11 +22,9 @@ jobs: - name: Install Helm uses: azure/setup-helm@v1 with: - version: v3.4.0 + version: v3.5.0 - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.1.0 - with: - charts_dir: charts + uses: helm/chart-releaser-action@v1.2.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/config_repos b/config_repos new file mode 100644 index 0000000..3f7fee8 --- /dev/null +++ b/config_repos @@ -0,0 +1 @@ +# Repository_name=Repository_URL diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 0000000..1e0de33 --- /dev/null +++ b/ct.yaml @@ -0,0 +1,6 @@ +# See https://github.com/helm/chart-testing#configuration +remote: origin +target-branch: main +chart-dirs: + - charts +helm-extra-args: "--timeout 600s" From 364b834e75e994d82f1ff6e037e1ce56cbfab88c Mon Sep 17 00:00:00 2001 From: Maxime Leroy <19607336+maxime1907@users.noreply.github.com> Date: Wed, 11 May 2022 15:56:34 +0200 Subject: [PATCH 3/8] fix: review compliance add: list of deployments --- .../Chart.yaml | 4 +- .../ci/all-enabled-values.yaml | 97 ++++++++++++------- .../templates/configmap.yaml | 31 +++++- .../templates/daemonset.yaml | 33 ++++--- .../templates/deployment.yaml | 87 +++++++++-------- .../templates/secret.yaml | 31 +++++- .../templates/servicemonitor.yaml | 3 + .../values.yaml | 50 ++++------ config_repos | 1 + ct.yaml | 2 + 10 files changed, 212 insertions(+), 127 deletions(-) diff --git a/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml b/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml index 3069ed0..e5956be 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/Chart.yaml @@ -16,7 +16,7 @@ keywords: # Library charts provide useful utilities or functions for the chart developer. They're included as # a dependency of application charts to inject those utilities and functions into the rendering # pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application +type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. @@ -26,7 +26,7 @@ version: 0.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: version-1.5 +appVersion: version-1.6 home: https://github.com/viadee/docker-hub-rate-limit-exporter/ sources: diff --git a/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml index 43137a5..545089e 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml @@ -2,22 +2,45 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -config: - verbosity: 1 ## the loglevel - dockerhub: - username: "" ## put your dockerhub username here - password: "" ## put your dockerhub password here - -deployment: - enabled: false - replicaCount: 1 - +# Commonly used for authenticated users +deployments: + default: + enabled: true + replicaCount: 1 + podAnnotations: {} + config: + # Log level of the exporter + verbosity: 1 + dockerhub: + username: "" + password: "" + # nodeSelector: + # node-role.kubernetes.io/docker-hub-authenticated: "true" + +# Commonly used for anonymous users daemonset: enabled: true updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 + podAnnotations: {} + config: + # Log level of the exporter + verbosity: 1 + dockerhub: + username: "" + password: "" + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: node-role.kubernetes.io/docker-hub-authenticated + # operator: NotIn + # values: + # - "true" + image: repository: viadee/docker-hub-rate-limit-exporter @@ -48,14 +71,14 @@ serviceMonitor: selectorOverride: {} relabelings: - - action: replace - sourceLabels: - - __meta_kubernetes_pod_node_name - targetLabel: instance - - action: replace - sourceLabels: - - __meta_kubernetes_pod_host_ip - targetLabel: host_ip + - action: replace + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: instance + - action: replace + sourceLabels: + - __meta_kubernetes_pod_host_ip + targetLabel: host_ip metricRelabelings: [] interval: "" scrapeTimeout: 25s @@ -70,28 +93,30 @@ serviceAccount: name: "" podAnnotations: - sidecar.istio.io/inject: "false" + sidecar.istio.io/inject: "false" -securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 +podSecurityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 -containerSecurityContext: - capabilities: - add: - - SYS_TIME +securityContext: + capabilities: + add: + - SYS_TIME service: - type: ClusterIP - port: 9100 - targetPort: 9100 - nodePort: - portName: metrics - timeoutSeconds: 5 - annotations: - prometheus.io/scrape: "true" + type: ClusterIP + port: 80 + targetPort: 80 + nodePort: + portName: metrics + annotations: {} + +livenessProbeTimeoutSeconds: 5 + +readinessProbeTimeoutSeconds: 5 resources: limits: diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml index 6fb507c..7be49a4 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml @@ -1,3 +1,24 @@ +{{- range $deploymentKey, $deployment := .Values.deployments }} +{{- if $deployment.enabled }} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-configmap-{{ $deploymentKey }} + labels: + {{- include "docker-hub-rate-limit-exporter.labels" $ | nindent 4 }} +data: + exporter-port: {{ $.Values.service.targetPort | quote }} + {{- if $deployment.config }} + exporter-verbosity: {{ hasKey $deployment.config "verbosity" | ternary $deployment.config.verbosity 1 | quote }} + {{- end }} + +--- +{{- end }} +{{- end }} + +{{- if .Values.daemonset.enabled }} + apiVersion: v1 kind: ConfigMap metadata: @@ -5,6 +26,10 @@ metadata: labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} data: - exporter-port: {{ .Values.service.targetPort | quote }} - exporter-verbosity: {{ .Values.config.verbosity | quote }} - dockerhub-username: {{ .Values.config.dockerhub.username | quote }} + exporter-port: {{ $.Values.service.targetPort | quote }} + {{- if .Values.daemonset.config }} + exporter-verbosity: {{ hasKey .Values.daemonset.config "verbosity" | ternary .Values.daemonset.config.verbosity 1 | quote }} + {{- end }} + +--- +{{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml index 5e4fa38..f4783b4 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/daemonset.yaml @@ -20,8 +20,8 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- if .Values.daemonset.podAnnotations }} + {{- toYaml .Values.daemonset.podAnnotations | nindent 8 }} {{- end }} spec: {{- if .Values.imagePullSecrets }} @@ -29,17 +29,18 @@ spec: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} serviceAccountName: {{ include "docker-hub-rate-limit-exporter.serviceAccountName" . }} - {{- if .Values.securityContext }} + {{- if .Values.podSecurityContext }} securityContext: -{{ toYaml .Values.securityContext | indent 8 }} +{{ toYaml .Values.podSecurityContext | indent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} containers: - name: {{ .Chart.Name }} - {{- with .Values.containerSecurityContext }} - securityContext: {{ toYaml . | nindent 12 }} + {{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | nindent 12 }} {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -51,19 +52,19 @@ spec: httpGet: path: / port: {{ .Values.service.port }} - timeoutSeconds: {{ .Values.service.timeoutSeconds }} + timeoutSeconds: {{ .Values.livenessProbeTimeoutSeconds }} readinessProbe: httpGet: path: / port: {{ .Values.service.port }} - timeoutSeconds: {{ .Values.service.timeoutSeconds }} + timeoutSeconds: {{ .Values.readinessProbeTimeoutSeconds }} resources: {{- toYaml .Values.resources | nindent 12 }} env: - name: DOCKERHUB_USERNAME valueFrom: - configMapKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap + secretKeyRef: + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-secret key: dockerhub-username - name: DOCKERHUB_PASSWORD valueFrom: @@ -80,17 +81,17 @@ spec: configMapKeyRef: name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap key: exporter-port - {{- if .Values.nodeSelector }} + {{- if .Values.daemonset.nodeSelector }} nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} +{{ toYaml .Values.daemonset.nodeSelector | indent 8 }} {{- end }} - {{- if .Values.affinity }} + {{- if .Values.daemonset.affinity }} affinity: -{{ toYaml .Values.affinity | indent 8 }} +{{ toYaml .Values.daemonset.affinity | indent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- if .Values.daemonset.tolerations }} tolerations: -{{ toYaml . | indent 8 }} +{{ toYaml .Values.daemonset.tolerations | indent 8 }} {{- end }} hostNetwork: {{ .Values.hostNetwork }} hostPID: {{ .Values.hostPID }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml index 26158a1..182e922 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml @@ -1,93 +1,100 @@ -{{- if .Values.deployment.enabled }} +{{- range $deploymentKey, $deployment := .Values.deployments }} + +{{- if $deployment.enabled }} + apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "docker-hub-rate-limit-exporter.fullname" . }} + name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-{{ $deploymentKey }} labels: - {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} + {{- include "docker-hub-rate-limit-exporter.labels" $ | nindent 4 }} spec: - replicas: {{ .Values.deployment.replicaCount }} + replicas: {{ hasKey $deployment "replicaCount" | ternary $deployment.replicaCount 1 }} selector: matchLabels: - {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 6 }} + {{- include "docker-hub-rate-limit-exporter.selectorLabels" $ | nindent 6 }} template: metadata: labels: - {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 8 }} + {{- include "docker-hub-rate-limit-exporter.selectorLabels" $ | nindent 8 }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") $ | sha256sum }} + {{- if $deployment.podAnnotations }} + {{- toYaml $deployment.podAnnotations | nindent 8 }} {{- end }} spec: - {{- if .Values.imagePullSecrets }} + {{- if $.Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{ toYaml $.Values.imagePullSecrets | indent 8 }} {{- end }} - serviceAccountName: {{ include "docker-hub-rate-limit-exporter.serviceAccountName" . }} - {{- if .Values.securityContext }} + serviceAccountName: {{ include "docker-hub-rate-limit-exporter.serviceAccountName" $ }} + {{- if $.Values.podSecurityContext }} securityContext: -{{ toYaml .Values.securityContext | indent 8 }} +{{ toYaml $.Values.podSecurityContext | indent 8 }} {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if $.Values.priorityClassName }} + priorityClassName: {{ $.Values.priorityClassName }} {{- end }} containers: - - name: {{ .Chart.Name }} - {{- with .Values.containerSecurityContext }} - securityContext: {{ toYaml . | nindent 12 }} + - name: {{ $.Chart.Name }}-{{ $deploymentKey }} + {{- if $.Values.securityContext }} + securityContext: +{{ toYaml $.Values.securityContext | nindent 12 }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} ports: - - name: {{ .Values.service.portName }} - containerPort: {{ .Values.service.port }} + - name: {{ $.Values.service.portName }} + containerPort: {{ $.Values.service.port }} protocol: TCP livenessProbe: httpGet: path: / - port: {{ .Values.service.port }} - timeoutSeconds: {{ .Values.service.timeoutSeconds }} + port: {{ $.Values.service.port }} + timeoutSeconds: {{ $.Values.livenessProbeTimeoutSeconds }} readinessProbe: httpGet: path: / - port: {{ .Values.service.port }} - timeoutSeconds: {{ .Values.service.timeoutSeconds }} + port: {{ $.Values.service.port }} + timeoutSeconds: {{ $.Values.readinessProbeTimeoutSeconds }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml $.Values.resources | nindent 12 }} env: - name: DOCKERHUB_USERNAME valueFrom: - configMapKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap + secretKeyRef: + name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-secret-{{ $deploymentKey }} key: dockerhub-username - name: DOCKERHUB_PASSWORD valueFrom: secretKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-secret + name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-secret-{{ $deploymentKey }} key: dockerhub-password - name: DOCKERHUB_EXPORTER_VERBOSE valueFrom: configMapKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap + name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-configmap-{{ $deploymentKey }} key: exporter-verbosity - name: DOCKERHUB_EXPORTER_PORT valueFrom: configMapKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap + name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-configmap-{{ $deploymentKey }} key: exporter-port - {{- if .Values.nodeSelector }} + {{- if $deployment.nodeSelector }} nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} +{{ toYaml $deployment.nodeSelector | indent 8 }} {{- end }} - {{- if .Values.affinity }} + {{- if $deployment.affinity }} affinity: -{{ toYaml .Values.affinity | indent 8 }} +{{ toYaml $deployment.affinity | indent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- if $deployment.tolerations }} tolerations: -{{ toYaml . | indent 8 }} +{{ toYaml $deployment.tolerations | indent 8 }} {{- end }} +--- +{{- end }} + {{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml index d2d53ed..f18808f 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml @@ -1,3 +1,26 @@ +{{- range $deploymentKey, $deployment := .Values.deployments }} +{{- if $deployment.enabled }} +{{- $config := default dict $deployment.config }} +{{- $configDockerHub := default dict $config.dockerhub }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-secret-{{ $deploymentKey }} + labels: + {{- include "docker-hub-rate-limit-exporter.labels" $ | nindent 4 }} +data: + dockerhub-username: {{ default "" $configDockerHub.username | b64enc | quote }} + dockerhub-password: {{ default "" $configDockerHub.password | b64enc | quote }} + +--- +{{- end }} +{{- end }} + +{{- if .Values.daemonset.enabled }} +{{- if .Values.daemonset.config }} +{{- if .Values.daemonset.config.dockerhub }} + apiVersion: v1 kind: Secret metadata: @@ -5,4 +28,10 @@ metadata: labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} data: - dockerhub-password: {{ .Values.config.dockerhub.password | b64enc | quote }} + dockerhub-username: {{ .Values.daemonset.config.dockerhub.username | b64enc | quote }} + dockerhub-password: {{ .Values.daemonset.config.dockerhub.password | b64enc | quote }} + +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml index 25e257f..8ab7b75 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/servicemonitor.yaml @@ -20,6 +20,9 @@ spec: {{ else }} {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 6 }} {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} endpoints: - port: {{ .Values.service.portName }} scheme: {{ .Values.serviceMonitor.scheme }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/values.yaml b/charts/docker-hub-rate-limit-exporter-chart/values.yaml index f112f89..988cd70 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/values.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/values.yaml @@ -2,22 +2,14 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -config: - verbosity: 1 ## the loglevel - dockerhub: - username: "" ## put your dockerhub username here - password: "" ## put your dockerhub password here - -deployment: - enabled: true - replicaCount: 1 +# Commonly used for authenticated users +deployments: + default: + enabled: true +# Commonly used for anonymous users daemonset: enabled: false - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 image: repository: viadee/docker-hub-rate-limit-exporter @@ -62,28 +54,28 @@ serviceAccount: name: "" imagePullSecrets: [] -podAnnotations: {} - -securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 +podSecurityContext: {} + # fsGroup: 65534 + # runAsGroup: 65534 + # runAsNonRoot: true + # runAsUser: 65534 -containerSecurityContext: {} +securityContext: {} # capabilities: # add: # - SYS_TIME service: - type: ClusterIP - port: 9100 - targetPort: 9100 - nodePort: - portName: metrics - timeoutSeconds: 5 - annotations: - prometheus.io/scrape: "true" + type: ClusterIP + port: 80 + targetPort: 80 + nodePort: + portName: metrics + annotations: {} + +livenessProbeTimeoutSeconds: 5 + +readinessProbeTimeoutSeconds: 5 resources: limits: diff --git a/config_repos b/config_repos index 3f7fee8..ed74146 100644 --- a/config_repos +++ b/config_repos @@ -1 +1,2 @@ # Repository_name=Repository_URL +viadee=https://viadee.github.io/docker-hub-rate-limit-exporter diff --git a/ct.yaml b/ct.yaml index 1e0de33..06394de 100644 --- a/ct.yaml +++ b/ct.yaml @@ -3,4 +3,6 @@ remote: origin target-branch: main chart-dirs: - charts +chart-repos: + - viadee=https://viadee.github.io/docker-hub-rate-limit-exporter helm-extra-args: "--timeout 600s" From 2015f64719aed708039563cd5dfc35ba625ea15c Mon Sep 17 00:00:00 2001 From: mstein11 Date: Thu, 12 May 2022 09:57:06 +0200 Subject: [PATCH 4/8] fix: use port 9100 to let unprivileged user bind his socket --- .../ci/all-enabled-values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml index 545089e..b33f11b 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml @@ -108,8 +108,8 @@ securityContext: service: type: ClusterIP - port: 80 - targetPort: 80 + port: 9100 + targetPort: 9100 nodePort: portName: metrics annotations: {} From 5d7a67c92be6e873641e9b1888aef0f9aacc866f Mon Sep 17 00:00:00 2001 From: Maxime Leroy <19607336+maxime1907@users.noreply.github.com> Date: Thu, 12 May 2022 11:50:10 +0200 Subject: [PATCH 5/8] fix: remove list of deployments --- .../ci/all-enabled-values.yaml | 43 +++------- .../templates/configmap.yaml | 30 +------ .../templates/deployment.yaml | 83 +++++++++---------- .../templates/secret.yaml | 31 +------ .../values.yaml | 18 ++-- 5 files changed, 68 insertions(+), 137 deletions(-) diff --git a/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml index b33f11b..94369c3 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/ci/all-enabled-values.yaml @@ -2,22 +2,18 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Commonly used for authenticated users -deployments: - default: - enabled: true - replicaCount: 1 - podAnnotations: {} - config: - # Log level of the exporter - verbosity: 1 - dockerhub: - username: "" - password: "" - # nodeSelector: - # node-role.kubernetes.io/docker-hub-authenticated: "true" - -# Commonly used for anonymous users +config: + # Log level of the exporter + verbosity: 1 + dockerhub: + username: "" + password: "" + +deployment: + enabled: true + replicaCount: 1 + podAnnotations: {} + daemonset: enabled: true updateStrategy: @@ -25,21 +21,6 @@ daemonset: rollingUpdate: maxUnavailable: 1 podAnnotations: {} - config: - # Log level of the exporter - verbosity: 1 - dockerhub: - username: "" - password: "" - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: node-role.kubernetes.io/docker-hub-authenticated - # operator: NotIn - # values: - # - "true" image: diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml index 7be49a4..6140f81 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/configmap.yaml @@ -1,23 +1,4 @@ -{{- range $deploymentKey, $deployment := .Values.deployments }} -{{- if $deployment.enabled }} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-configmap-{{ $deploymentKey }} - labels: - {{- include "docker-hub-rate-limit-exporter.labels" $ | nindent 4 }} -data: - exporter-port: {{ $.Values.service.targetPort | quote }} - {{- if $deployment.config }} - exporter-verbosity: {{ hasKey $deployment.config "verbosity" | ternary $deployment.config.verbosity 1 | quote }} - {{- end }} - ---- -{{- end }} -{{- end }} - -{{- if .Values.daemonset.enabled }} +{{- $config := default dict .Values.config }} apiVersion: v1 kind: ConfigMap @@ -26,10 +7,5 @@ metadata: labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} data: - exporter-port: {{ $.Values.service.targetPort | quote }} - {{- if .Values.daemonset.config }} - exporter-verbosity: {{ hasKey .Values.daemonset.config "verbosity" | ternary .Values.daemonset.config.verbosity 1 | quote }} - {{- end }} - ---- -{{- end }} + exporter-port: {{ .Values.service.targetPort | quote }} + exporter-verbosity: {{ hasKey $config "verbosity" | ternary $config.verbosity 1 | quote }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml index 182e922..f1f6cdc 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/deployment.yaml @@ -1,100 +1,95 @@ -{{- range $deploymentKey, $deployment := .Values.deployments }} - -{{- if $deployment.enabled }} +{{- if .Values.deployment.enabled }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-{{ $deploymentKey }} + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }} labels: - {{- include "docker-hub-rate-limit-exporter.labels" $ | nindent 4 }} + {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} spec: - replicas: {{ hasKey $deployment "replicaCount" | ternary $deployment.replicaCount 1 }} + replicas: {{ hasKey .Values.deployment "replicaCount" | ternary .Values.deployment.replicaCount 1 }} selector: matchLabels: - {{- include "docker-hub-rate-limit-exporter.selectorLabels" $ | nindent 6 }} + {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 6 }} template: metadata: labels: - {{- include "docker-hub-rate-limit-exporter.selectorLabels" $ | nindent 8 }} + {{- include "docker-hub-rate-limit-exporter.selectorLabels" . | nindent 8 }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") $ | sha256sum }} - {{- if $deployment.podAnnotations }} - {{- toYaml $deployment.podAnnotations | nindent 8 }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if .Values.deployment.podAnnotations }} + {{- toYaml .Values.deployment.podAnnotations | nindent 8 }} {{- end }} spec: - {{- if $.Values.imagePullSecrets }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml $.Values.imagePullSecrets | indent 8 }} +{{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} - serviceAccountName: {{ include "docker-hub-rate-limit-exporter.serviceAccountName" $ }} - {{- if $.Values.podSecurityContext }} + serviceAccountName: {{ include "docker-hub-rate-limit-exporter.serviceAccountName" . }} + {{- if .Values.podSecurityContext }} securityContext: -{{ toYaml $.Values.podSecurityContext | indent 8 }} +{{ toYaml .Values.podSecurityContext | indent 8 }} {{- end }} - {{- if $.Values.priorityClassName }} - priorityClassName: {{ $.Values.priorityClassName }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} {{- end }} containers: - - name: {{ $.Chart.Name }}-{{ $deploymentKey }} - {{- if $.Values.securityContext }} + - name: {{ .Chart.Name }} + {{- if .Values.securityContext }} securityContext: -{{ toYaml $.Values.securityContext | nindent 12 }} +{{ toYaml .Values.securityContext | nindent 12 }} {{- end }} - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ $.Values.image.pullPolicy }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: {{ $.Values.service.portName }} - containerPort: {{ $.Values.service.port }} + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: httpGet: path: / - port: {{ $.Values.service.port }} - timeoutSeconds: {{ $.Values.livenessProbeTimeoutSeconds }} + port: {{ .Values.service.port }} + timeoutSeconds: {{ .Values.livenessProbeTimeoutSeconds }} readinessProbe: httpGet: path: / - port: {{ $.Values.service.port }} - timeoutSeconds: {{ $.Values.readinessProbeTimeoutSeconds }} + port: {{ .Values.service.port }} + timeoutSeconds: {{ .Values.readinessProbeTimeoutSeconds }} resources: - {{- toYaml $.Values.resources | nindent 12 }} + {{- toYaml .Values.resources | nindent 12 }} env: - name: DOCKERHUB_USERNAME valueFrom: secretKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-secret-{{ $deploymentKey }} + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-secret key: dockerhub-username - name: DOCKERHUB_PASSWORD valueFrom: secretKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-secret-{{ $deploymentKey }} + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-secret key: dockerhub-password - name: DOCKERHUB_EXPORTER_VERBOSE valueFrom: configMapKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-configmap-{{ $deploymentKey }} + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap key: exporter-verbosity - name: DOCKERHUB_EXPORTER_PORT valueFrom: configMapKeyRef: - name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-configmap-{{ $deploymentKey }} + name: {{ include "docker-hub-rate-limit-exporter.fullname" . }}-configmap key: exporter-port - {{- if $deployment.nodeSelector }} + {{- if .Values.deployment.nodeSelector }} nodeSelector: -{{ toYaml $deployment.nodeSelector | indent 8 }} +{{ toYaml .Values.deployment.nodeSelector | indent 8 }} {{- end }} - {{- if $deployment.affinity }} + {{- if .Values.deployment.affinity }} affinity: -{{ toYaml $deployment.affinity | indent 8 }} +{{ toYaml .Values.deployment.affinity | indent 8 }} {{- end }} - {{- if $deployment.tolerations }} + {{- if .Values.deployment.tolerations }} tolerations: -{{ toYaml $deployment.tolerations | indent 8 }} +{{ toYaml .Values.deployment.tolerations | indent 8 }} {{- end }} ---- -{{- end }} - {{- end }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml b/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml index f18808f..8837085 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/templates/secret.yaml @@ -1,26 +1,6 @@ -{{- range $deploymentKey, $deployment := .Values.deployments }} -{{- if $deployment.enabled }} -{{- $config := default dict $deployment.config }} +{{- $config := default dict .Values.config }} {{- $configDockerHub := default dict $config.dockerhub }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "docker-hub-rate-limit-exporter.fullname" $ }}-secret-{{ $deploymentKey }} - labels: - {{- include "docker-hub-rate-limit-exporter.labels" $ | nindent 4 }} -data: - dockerhub-username: {{ default "" $configDockerHub.username | b64enc | quote }} - dockerhub-password: {{ default "" $configDockerHub.password | b64enc | quote }} - ---- -{{- end }} -{{- end }} - -{{- if .Values.daemonset.enabled }} -{{- if .Values.daemonset.config }} -{{- if .Values.daemonset.config.dockerhub }} - apiVersion: v1 kind: Secret metadata: @@ -28,10 +8,5 @@ metadata: labels: {{- include "docker-hub-rate-limit-exporter.labels" . | nindent 4 }} data: - dockerhub-username: {{ .Values.daemonset.config.dockerhub.username | b64enc | quote }} - dockerhub-password: {{ .Values.daemonset.config.dockerhub.password | b64enc | quote }} - ---- -{{- end }} -{{- end }} -{{- end }} + dockerhub-username: {{ default "" $configDockerHub.username | b64enc | quote }} + dockerhub-password: {{ default "" $configDockerHub.password | b64enc | quote }} diff --git a/charts/docker-hub-rate-limit-exporter-chart/values.yaml b/charts/docker-hub-rate-limit-exporter-chart/values.yaml index 988cd70..075f0f6 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/values.yaml +++ b/charts/docker-hub-rate-limit-exporter-chart/values.yaml @@ -2,12 +2,16 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Commonly used for authenticated users -deployments: - default: - enabled: true +config: + # Log level of the exporter + verbosity: 1 + dockerhub: + username: "" + password: "" + +deployment: + enabled: true -# Commonly used for anonymous users daemonset: enabled: false @@ -67,8 +71,8 @@ securityContext: {} service: type: ClusterIP - port: 80 - targetPort: 80 + port: 9100 + targetPort: 9100 nodePort: portName: metrics annotations: {} From c142622ac821ba3e17046bd997edeb9aa3f2f804 Mon Sep 17 00:00:00 2001 From: Marius Stein Date: Thu, 12 May 2022 14:24:40 +0200 Subject: [PATCH 6/8] improve chart readme --- .../README.md | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/charts/docker-hub-rate-limit-exporter-chart/README.md b/charts/docker-hub-rate-limit-exporter-chart/README.md index 212f71f..94e13f4 100644 --- a/charts/docker-hub-rate-limit-exporter-chart/README.md +++ b/charts/docker-hub-rate-limit-exporter-chart/README.md @@ -19,17 +19,18 @@ The command removes all the Kubernetes components associated with the chart and ## Configuration -| Parameter | Description | Default | -| --------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------- | -| `config.exporterPort` | Port the deployment exposes | `80` | -| `config.exporterVerbosity` | Loglevel of the deployment | `1` | -| `config.dockerhubUsername` | To authenticate with dockerhub | `nil` | -| `config.dockerhubPassword` | To authenticate with dockerhub (use access token) | `nil` | -| `serviceMonitor.enabled` | If true, creates a ServiceMonitor instance | `false` | -| `serviceMonitor.additionalLabels` | Configure additional labels for the servicemonitor | `{}` | -| `serviceMonitor.namespace` | The namespace into which the servicemonitor is deployed. If not set, will the same as the namespace of this chart | `nil` | -| `serviceMonitor.interval` | The interval with which prometheus will scrape | `30s` | -| `serviceMonitor.scrapeTimeout` | The timeout for the scrape request | `10s` | +| Parameter | Description | Default | +| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------- | +| `deployment.enabled` | If true, docker-hub-rate-limit-exporter will be deployed as a kubernetes Deployment | `1` | +| `daemonset.enabled` | If true, docker-hub-rate-limit-exporter will be deployed as a kubernetes Deamonset. Useful if kubernetes nodes have an own public IP | `1` | +| `config.verbosity` | Loglevel of the deployment | `1` | +| `config.dockerhub.username` | To authenticate with dockerhub | `nil` | +| `config.dockerhub.password` | To authenticate with dockerhub (use access token) | `nil` | +| `serviceMonitor.enabled` | If true, creates a ServiceMonitor instance | `false` | +| `serviceMonitor.additionalLabels` | Configure additional labels for the servicemonitor | `{}` | +| `serviceMonitor.namespace` | The namespace into which the servicemonitor is deployed. If not set, will the same as the namespace of this chart | `nil` | +| `serviceMonitor.interval` | The interval with which prometheus will scrape | `30s` | +| `serviceMonitor.scrapeTimeout` | The timeout for the scrape request | `10s` | ## Attribution From ae154c14ec486476e20c21d64c69f288c205f262 Mon Sep 17 00:00:00 2001 From: Marius Stein Date: Thu, 12 May 2022 14:28:07 +0200 Subject: [PATCH 7/8] improve instructions for installing with docker-credentials --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6165738..c1dbfe9 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ The helm chart can be installed through a helm chart repository hosted on a gith If your kubernetes cluster does not authenticate with dockerhub you don't need to do anything here. However, if it does, you need to configure the crendetials with helm values. This is because the docker-hub-rate-limit-exporter does not use the dockerhub account assosiated with the docker context of your kubernetes-cluster. You can configure it to do so by following the steps below: 1. Create a helm value file as per the example in this repository (see: chart/values.yaml) -2. Fill in the variables `dockerhubUsername` and `dockerhubPassword`. It is recommended to use a dockerhub access token for the password. +2. Fill in the variables `config.dockerhub.username` and `config.dockerhub.password`. It is recommended to use a dockerhub access token for the password. 3. Run `helm upgrade viadee/docker-hub-rate-limit-exporter --install --namespace= -f ` ## How to tell prometheus to scrap the metrics From 72125cce2e70d91df01ce2f02298f145e4453387 Mon Sep 17 00:00:00 2001 From: Marius Stein Date: Thu, 12 May 2022 14:41:09 +0200 Subject: [PATCH 8/8] add upgrade instructions to readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index c1dbfe9..43fa5a1 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,10 @@ You can find more background information in this blog post: https://blog.viadee. Note: The content of this repository is based on the work done by gitlab as described in their [blogpost](https://about.gitlab.com/blog/2020/11/18/docker-hub-rate-limit-monitoring/). The original source of the Python script can be found [here](https://gitlab.com/gitlab-com/marketing/corporate_marketing/developer-evangelism/code/docker-hub-limit-exporter). +## Upgrade from 0.2.x to 0.3.0 + +In 0.3.0 the config path for supplying the dockerhub credentials has been changed. If you monitor authenticated requests and you want to update to 0.3.0, then you have to change `config.dockerhubUsername` and `config.dockerhubPassword` to `config.dockerhub.username` and `config.dockerhub.password`. + ## How to install the chart The helm chart can be installed through a helm chart repository hosted on a github page in this repository. To install follow the next steps: