diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 5296fa4b..84891143 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @Ferroin @ilyam8 @netdata/cloud-sre +* @netdata/agent-sre @ilyam8 @netdata/cloud-sre diff --git a/.github/workflows/agent-pr.yml b/.github/workflows/agent-pr.yml index 5642d6e0..3e5a8d5c 100644 --- a/.github/workflows/agent-pr.yml +++ b/.github/workflows/agent-pr.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 - name: Prepare Environment run: pip3 install ruamel-yaml semver - name: Configure Git @@ -38,7 +38,7 @@ jobs: commit-message: 'Update agent version to ${{ github.event.inputs.agent_version }}.' ref: refs/heads/agent-${{ github.event.inputs.agent_version }} - name: Create PR - uses: repo-sync/pull-request@v2.6.2 + uses: repo-sync/pull-request@v2.12.1 with: source_branch: agent-${{ github.event.inputs.agent_version }} pr_title: 'Update agent version to ${{ github.event.inputs.agent_version }}' diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index cf993c8b..b81b7f86 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -8,36 +8,59 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@v5 with: - version: v3.4.0 + version: v3.12.0 - - uses: actions/setup-python@v4.4.0 + - uses: actions/setup-python@v6.2.0 with: - python-version: 3.7 + python-version: 3.13 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.8.0 - name: Run chart-testing (list-changed) id: list-changed run: | - changed=$(ct list-changed) + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT + fi + + - name: Install helm-docs + run: | + GOBIN=/usr/local/bin/ go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.14.2 + + - name: Add helm repo for otel + run: | + helm repo add opentelemetry-collector https://open-telemetry.github.io/opentelemetry-helm-charts + + - name: Build chart dependencies + run: | + helm dependency build charts/netdata + + - name: Check documentation is up-to-date + run: | + ./generate-documentation.sh + if ! git diff --exit-code charts/netdata/README.md; then + echo "::error::README.md is out of date. Please run ./generate-documentation.sh and commit the changes." + exit 1 fi - name: Run chart-testing (lint) - run: ct lint --check-version-increment=false --validate-maintainers=false + run: ct lint --check-version-increment=false --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@v1.14.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) - run: ct install + run: ct install --target-branch ${{ github.event.repository.default_branch }} + + - name: Run chart-testing (install with OpenTelemetry) + run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set netdataOpentelemetry.enabled=true --set otel-collector.enabled=true" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 52689ee7..529acca4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ env.GITHUB_TOKEN }} @@ -29,28 +29,46 @@ jobs: git config --global user.name Netdatabot git config --global user.email bot@netdata.cloud + - name: Add helm repo for dependencies + run: | + helm repo add opentelemetry-collector https://open-telemetry.github.io/opentelemetry-helm-charts + + - name: Build chart dependencies + run: | + helm dependency build charts/netdata + - name: Get current version id: get_current_var - run: echo ::set-output name=current_version::$(.github/scripts/update_versions.py get_chart_version) + run: echo "current_version=$(.github/scripts/update_versions.py get_chart_version)" >> $GITHUB_OUTPUT - name: Update Files run: .github/scripts/update_versions.py set_chart_version - name: Get the new version id: new_version_var - run: echo ::set-output name=new_version::$(.github/scripts/update_versions.py get_chart_version) + run: echo "new_version=$(.github/scripts/update_versions.py get_chart_version)" >> $GITHUB_OUTPUT - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 + uses: helm/chart-releaser-action@v1.7.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Commit new version + id: commit_version + continue-on-error: true run: | git commit -am "[skip ci] New Chart version to ${{ steps.new_version_var.outputs.new_version }}" git push + - name: Delete release tag in case of version update commit failure + id: delete-tag + if: steps.commit_version.outcome == 'failure' + run: | + git push origin --delete "netdata-${{ steps.new_version_var.outputs.new_version }}" + git ls-remote --tags + - name: Update Netdata Infra + if: steps.delete-tag.outcome == 'skipped' uses: benc-uk/workflow-dispatch@v1 with: token: ${{ secrets.NETDATABOT_GITHUB_TOKEN }} diff --git a/charts/netdata/Chart.lock b/charts/netdata/Chart.lock new file mode 100644 index 00000000..aa7d63d1 --- /dev/null +++ b/charts/netdata/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: opentelemetry-collector + repository: https://open-telemetry.github.io/opentelemetry-helm-charts + version: 0.144.0 +digest: sha256:4386d6f39c3aacd5eeb07d40dcc23404d33001d1c6a90e8843d5fa9bd1b34f24 +generated: "2026-01-29T13:37:43.621411516+01:00" diff --git a/charts/netdata/Chart.yaml b/charts/netdata/Chart.yaml index 93fd370d..bc1121c5 100644 --- a/charts/netdata/Chart.yaml +++ b/charts/netdata/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: netdata -version: 3.7.37 +version: 3.7.165 description: Real-time performance monitoring, done right! type: application keywords: @@ -15,4 +15,10 @@ maintainers: - name: Netdata Cloud SRE team email: cloud-sre@netdata.cloud icon: https://netdata.github.io/helmchart/logo.png -appVersion: v1.37.1 +appVersion: v2.10.3 +dependencies: + - name: opentelemetry-collector + alias: otel-collector + version: 0.144.0 + repository: https://open-telemetry.github.io/opentelemetry-helm-charts + condition: otel-collector.enabled diff --git a/charts/netdata/README.md b/charts/netdata/README.md index 6ed26df4..1313dbab 100644 --- a/charts/netdata/README.md +++ b/charts/netdata/README.md @@ -1,6 +1,10 @@ # Netdata Helm chart for Kubernetes deployments -[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/netdata)](https://artifacthub.io/packages/search?repo=netdata) ![Version: 3.7.37](https://img.shields.io/badge/Version-3.7.37-informational) ![AppVersion: v1.37.1](https://img.shields.io/badge/AppVersion-v1.37.1-informational) +Artifact HUB + +![Version: 3.7.165](https://img.shields.io/badge/Version-3.7.165-informational?style=flat-square) + +![AppVersion: v2.10.3](https://img.shields.io/badge/AppVersion-v2.10.3-informational?style=flat-square) _Based on the work of varyumin (https://github.com/varyumin/netdata)_. @@ -10,9 +14,14 @@ This chart bootstraps a [Netdata](https://github.com/netdata/netdata) deployment cluster using the [Helm](https://helm.sh) package manager. By default, the chart installs: - - A Netdata child pod on each node of a cluster, using a `Daemonset` - - A Netdata k8s state monitoring pod on one node, using a `Deployment`. This virtual node is called `netdata-k8s-state`. - - A Netdata parent pod on one node, using a `Deployment`. This virtual node is called `netdata-parent`. + +- A Netdata child pod on each node of a cluster, using a `Daemonset` +- A Netdata k8s state monitoring pod on one node, using a `Deployment`. This virtual node is called `netdata-k8s-state`. +- A Netdata parent pod on one node, using a `Deployment`. This virtual node is called `netdata-parent`. + +Disabled by default: + +- A Netdata restarter `CronJob`. Its main purpose is to automatically update Netdata when using nightly releases. The child pods and the state pod function as headless collectors that collect and forward all the metrics to the parent pod. The parent pod uses persistent volumes to store metrics and alarms, handle alarm @@ -26,7 +35,53 @@ Please validate that the settings are suitable for your cluster before using the - The [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) command line tool, within [one minor version difference](https://kubernetes.io/docs/tasks/tools/install-kubectl/#before-you-begin) of your cluster, on an administrative system. -- The [Helm package manager](https://helm.sh/) v3.0.0 or newer on the same administrative system. +- The [Helm package manager](https://helm.sh/) v3.8.0 or newer on the same administrative system. + +## Required Resources and Permissions + +Netdata is a comprehensive monitoring solution that requires specific access to host resources to function effectively. By design, monitoring solutions like Netdata need visibility into various system components to collect metrics and provide insights. The following mounts, privileges, and capabilities are essential for Netdata's operation, and applying restrictive security profiles or limiting these accesses may significantly impact functionality or render the monitoring solution ineffective. + +
+See required mounts, privileges and RBAC resources + +### Required Mounts + +| Mount | Type | Node | Components & Descriptions | +|:-----------------------------------------------------------|:----------------------------:|:-----------------------:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `/` | hostPath | child | • **diskspace.plugin**: Host mount points monitoring. | +| `/proc` | hostPath | child | • **proc.plugin**: Host system monitoring (CPU, memory, network interfaces, disks, etc.). | +| `/sys` | hostPath | child | • **cgroups.plugin**: Docker containers monitoring and name resolution. | +| `/var/log` | hostPath | child | • **systemd-journal.plugin**: Viewing, exploring and analyzing systemd journal logs. | +| `/etc/os-release` | hostPath | child, parent, k8sState | • **netdata**: Host info detection. | +| `/etc/passwd`, `/etc/group` | hostPath | child | • **apps.plugin**: Monitoring of host system resource usage by each user and user group. | +| `{{ .Values.child.persistence.hostPath }}/var/lib/netdata` | hostPath (DirectoryOrCreate) | child | • **netdata**: Persistence of Netdata's /var/lib/netdata directory which contains netdata public unique ID and other files that should persist across container recreations. Without persistence, a new netdata unique ID is generated for each child on every container recreation, causing children to appear as new nodes on the Parent instance. | + +### Required Privileges and Capabilities + +| Privilege/Capability | Node | Components & Descriptions | +|:---------------------|:-----:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Host Network Mode | child | • **proc.plugin**: Host system networking stack monitoring.
• **go.d.plugin**: Monitoring applications running on the host and inside containers.
• **local-listeners**: Discovering local services/applications. Map open (listening) ports to running services/applications.
• **network-viewer.plugin**: Discovering all current network sockets and building a network-map. | +| Host PID Mode | child | • **cgroups.plugin**: Container network interfaces monitoring. Map virtual interfaces in the system namespace to interfaces inside containers. | +| SYS_ADMIN | child | • **cgroups.plugin**: Container network interfaces monitoring. Map virtual interfaces in the system namespace to interfaces inside containers.
• **network-viewer.plugin**: Discovering all current network sockets and building a network-map. | +| SYS_PTRACE | child | • **local-listeners**: Discovering local services/applications. Map open (listening) ports to running services/applications. | + +### Required Kubernetes RBAC Resources + +| Resource | Verbs | Components & Descriptions | +|:-------------------|:-----------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| pods | get, list, watch | • **service discovery**: Used for discovering services.
• **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | +| services | get, list, watch | • **service discovery**: Used for discovering services. | +| configmaps | get, list, watch | • **service discovery**: Used for discovering services. | +| secrets | get, list, watch | • **service discovery**: Used for discovering services. | +| nodes | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| nodes/metrics | get, list, watch | • **go.d/k8s_kubelet**: Used when querying Kubelet HTTPS endpoint. | +| nodes/proxy | get, list, watch | • **netdata**: Used by cgroup-name.sh when querying Kubelet /pods endpoint. | +| deployments (apps) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| cronjobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| jobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| namespaces | get | • **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | + +
## Installing the Helm chart @@ -41,7 +96,7 @@ helm repo add netdata https://netdata.github.io/helmchart/ helm install netdata netdata/netdata ``` -**See our [install Netdata on Kubernetes](https://learn.netdata.cloud/docs/agent/packaging/installer/methods/kubernetes) +**See our [install Netdata on Kubernetes](https://github.com/netdata/netdata/blob/master/packaging/installer/methods/kubernetes.md) documentation for detailed installation and configuration instructions.** The remainder of this document assumes you installed the Helm chart by cloning this repository, and thus uses slightly different `helm install`/`helm upgrade` commands. @@ -65,10 +120,6 @@ section lists the parameters that can be configured during installation. > **Tip**: List all releases using `helm list`. -Once the Netdata deployment is up and running, read our guide, [_Monitor a Kubernetes (k8s) cluster with -Netdata_](https://learn.netdata.cloud/guides/monitor/kubernetes-k8s-netdata), for a breakdown of all the collectors, -metrics, and charts available for health monitoring and performance troubleshooting. - ## Uninstalling the Chart To uninstall/delete the `my-release` deployment: @@ -83,157 +134,2106 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the netdata chart and their default values. -| Parameter | Description | Default | -|--------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------| -| `kubeVersion` | Kubernetes version | Autodetected | -| `replicaCount` | Number of `replicas` for the parent netdata `Deployment` | `1` | -| `imagePullSecrets` | An optional list of references to secrets in the same namespace to use for pulling any of the images | `[]` | -| `image.repository` | Container image repo | `netdata/netdata` | -| `image.tag` | Container image tag | Latest stable netdata release | -| `image.pullPolicy` | Container image pull policy | `Always` | -| `service.type` | Parent service type | `ClusterIP` | -| `service.port` | Parent service port | `19999` | -| `service.loadBalancerIP` | Static LoadBalancer IP, only to be used with service type=LoadBalancer | `""` | -| `service.loadBalancerSourceRanges` | List of allowed IPs for LoadBalancer | `[]` | -| `service.externalTrafficPolicy` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | `Cluster` | -| `service.healthCheckNodePort` | Specifies the health check node port | Allocated a port from your cluster's NodePort range | -| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | Allocated an IP from your cluster's service IP range | -| `service.annotations` | Additional annotations to add to the service | `{}` | -| `ingress.enabled` | Create Ingress to access the netdata web UI | `true` | -| `ingress.apiVersion` | apiVersion for the Ingress | Depends on Kubernetes version | -| `ingress.annotations` | Associate annotations to the Ingress | `kubernetes.io/ingress.class: nginx` and `kubernetes.io/tls-acme: "true"` | -| `ingress.path` | URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/` | `/` | -| `ingress.pathType` | pathType for your ingress contrller. Default value is correct for nginx. If you use yor own ingress controller, check the correct value | `Prefix` | -| `ingress.hosts` | URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) | `netdata.k8s.local` | -| `ingress.spec` | Spec section for ingress object. Everything there will be included into the object on deplyoment | `{}` | -| `ingress.spec.ingressClassName` | Ingress class declaration for Kubernetes version 1.19+. Annotation ingress.class should be removed if this type of declaration is used | `nginx` | -| `rbac.create` | if true, create & use RBAC resources | `true` | -| `rbac.pspEnabled` | Specifies whether a PodSecurityPolicy should be created. | `true` | -| `serviceAccount.create` | if true, create a service account | `true` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `netdata` | -| `clusterrole.name` | Name of the cluster role linked with the service account | `netdata` | -| `APIKEY` | The key shared between the parent and the child netdata for streaming | `11111111-2222-3333-4444-555555555555` | -| `parent.enabled` | Install parent Deployment to receive metrics from children nodes | `true` | -| `parent.port` | Parent's listen port | `19999` | -| `parent.resources` | Resources for the parent deployment | `{}` | -| `parent.livenessProbe.failureThreshold` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | `3` | -| `parent.livenessProbe.periodSeconds` | How often (in seconds) to perform the liveness probe | `30` | -| `parent.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | -| `parent.livenessProbe.timeoutSeconds` | Number of seconds after which the liveness probe times out | `1` | -| `parent.readinessProbe.failureThreshold` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | `3` | -| `parent.readinessProbe.periodSeconds` | How often (in seconds) to perform the readiness probe | `30` | -| `parent.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | -| `parent.readinessProbe.timeoutSeconds` | Number of seconds after which the readiness probe times out | `1` | -| `parent.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `300` | -| `parent.nodeSelector` | Node selector for the parent deployment | `{}` | -| `parent.tolerations` | Tolerations settings for the parent deployment | `[]` | -| `parent.affinity` | Affinity settings for the parent deployment | `{}` | -| `parent.priorityClassName` | Pod priority class name for the parent deployment | `""` | -| `parent.database.persistence` | Whether the parent should use a persistent volume for the DB | `true` | -| `parent.database.storageclass` | The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata` | the default storage class | -| `parent.database.volumesize` | The storage space for the PVC of the parent database | `2Gi` | -| `parent.alarms.persistence` | Whether the parent should use a persistent volume for the alarms log | `true` | -| `parent.alarms.storageclass` | The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata` | the default storage class | -| `parent.alarms.volumesize` | The storage space for the PVC of the parent alarm log | `1Gi` | -| `parent.env` | Set environment parameters for the parent deployment | `{}` | -| `parent.envFrom` | Set environment parameters for the parent deployment from ConfigMap and/or Secrets | `[]` | -| `parent.podLabels` | Additional labels to add to the parent pods | `{}` | -| `parent.podAnnotations` | Additional annotations to add to the parent pods | `{}` | -| `parent.dnsPolicy` | DNS policy for pod | `Default` | -| `parent.configs` | Manage custom parent's configs | See [Configuration files](#configuration-files). | -| `parent.claiming.enabled` | Enable parent claiming for netdata cloud | `false` | -| `parent.claiming.token` | Claim token | `""` | -| `parent.claiming.room` | Comma separated list of claim rooms IDs | `""` | -| `parent.extraVolumeMounts` | Additional volumeMounts to add to the parent pods | `[]` | -| `parent.extraVolumes` | Additional volumes to add to the parent pods | `[]` | -| `k8sState.enabled` | Install this Deployment to gather data fr K8s cluster | `yes` | -| `k8sState.port` | Listen port | `service.port` (Same as parent's listen port) | -| `k8sState.resources` | Compute resources required by this Deployment | `{}` | -| `k8sState.livenessProbe.failureThreshold` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | `3` | -| `k8sState.livenessProbe.periodSeconds` | How often (in seconds) to perform the liveness probe | `30` | -| `k8sState.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | -| `k8sState.livenessProbe.timeoutSeconds` | Number of seconds after which the liveness probe times out | `1` | -| `k8sState.readinessProbe.failureThreshold` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | `3` | -| `k8sState.readinessProbe.periodSeconds` | How often (in seconds) to perform the readiness probe | `30` | -| `k8sState.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | -| `k8sState.readinessProbe.timeoutSeconds` | Number of seconds after which the readiness probe times out | `1` | -| `k8sState.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | -| `k8sState.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `300` | -| `k8sState.nodeSelector` | Node selector | `{}` | -| `k8sState.tolerations` | Tolerations settings | `[]` | -| `k8sState.affinity` | Affinity settings | `{}` | -| `k8sState.priorityClassName` | Pod priority class name | `""` | -| `k8sState.podLabels` | Additional labels | `{}` | -| `k8sState.podAnnotations` | Additional annotations | `{}` | -| `k8sState.podAnnotationAppArmor.enabled` | Whether or not to include the AppArmor security annotation | `true` | -| `k8sState.dnsPolicy` | DNS policy for pod | `ClusterFirstWithHostNet` | -| `k8sState.persistence.enabled` | Whether should use a persistent volume for `/var/lib/netdata` | `true` | -| `k8sState.persistence.storageclass` | The storage class for the persistent volume claim of `/var/lib/netdata` | the default storage class | -| `k8sState.persistence.volumesize` | The storage space for the PVC of `/var/lib/netdata` | `1Gi` | -| `k8sState.env` | Set environment parameters | `{}` | -| `k8sState.envFrom` | Set environment parameters from ConfigMap and/or Secrets | `[]` | -| `k8sState.configs` | Manage custom configs | See [Configuration files](#configuration-files). | -| `k8sState.claiming.enabled` | Enable claiming for netdata cloud | `false` | -| `k8sState.claiming.token` | Claim token | `""` | -| `k8sState.claiming.room` | Comma separated list of claim rooms IDs | `""` | -| `k8sState.extraVolumeMounts` | Additional volumeMounts to add to the k8sState pods | `[]` | -| `k8sState.extraVolumes` | Additional volumes to add to the k8sState pods | `[]` | -| `child.enabled` | Install child DaemonSet to gather data from nodes | `true` | -| `child.port` | Children's listen port | `service.port` (Same as parent's listen port) | -| `child.updateStrategy` | An update strategy to replace existing DaemonSet pods with new pods | `{}` | -| `child.resources` | Resources for the child DaemonSet | `{}` | -| `child.livenessProbe.failureThreshold` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | `3` | -| `child.livenessProbe.periodSeconds` | How often (in seconds) to perform the liveness probe | `30` | -| `child.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | -| `child.livenessProbe.timeoutSeconds` | Number of seconds after which the liveness probe times out | `1` | -| `child.readinessProbe.failureThreshold` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | `3` | -| `child.readinessProbe.periodSeconds` | How often (in seconds) to perform the readiness probe | `30` | -| `child.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | -| `child.readinessProbe.timeoutSeconds` | Number of seconds after which the readiness probe times out | `1` | -| `child.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | -| `child.nodeSelector` | Node selector for the child daemonsets | `{}` | -| `child.tolerations` | Tolerations settings for the child daemonsets | `- operator: Exists` with `effect: NoSchedule` | -| `child.affinity` | Affinity settings for the child daemonsets | `{}` | -| `child.priorityClassName` | Pod priority class name for the child daemonsets | `""` | -| `child.env` | Set environment parameters for the child daemonset | `{}` | -| `child.envFrom` | Set environment parameters for the child daemonset from ConfigMap and/or Secrets | `[]` | -| `child.podLabels` | Additional labels to add to the child pods | `{}` | -| `child.podAnnotations` | Additional annotations to add to the child pods | `{}` | -| `child.hostNetwork` | Usage of host networking and ports | `true` | -| `child.dnsPolicy` | DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true` | `ClusterFirstWithHostNet` | -| `child.podAnnotationAppArmor.enabled` | Whether or not to include the AppArmor security annotation | `true` | -| `child.persistence.hostPath` | Host node directory for storing child instance data | `/var/lib/netdata-k8s-child` | -| `child.persistence.enabled` | Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath`. | `true` | -| `child.configs` | Manage custom child's configs | See [Configuration files](#configuration-files). | -| `child.claiming.enabled` | Enable child claiming for netdata cloud | `false` | -| `child.claiming.token` | Claim token | `""` | -| `child.claiming.room` | Comma separated list of claim rooms IDs | `""` | -| `child.extraVolumeMounts` | Additional volumeMounts to add to the child pods | `[]` | -| `child.extraVolumes` | Additional volumes to add to the child pods | `[]` | -| `notifications.slackurl` | URL for slack notifications | `""` | -| `notifications.slackrecipient` | Slack recipient list | `""` | -| `initContainersImage.repository` | Init containers' image repository | `alpine` | -| `initContainersImage.tag` | Init containers' image tag | `latest` | -| `initContainersImage.pullPolicy` | Init containers' image pull policy | `Always` | -| `sysctlInitContainer.enabled` | Enable an init container to modify Kernel settings | `false` | -| `sysctlInitContainer.command` | sysctl init container command to execute | [] | -| `sysctlInitContainer.resources` | sysctl Init container CPU/Memory resource requests/limits | {} | -| `sd.image.repository` | Service-discovery image repo | `netdata/agent-sd` | -| `sd.image.tag` | Service-discovery image tag | Latest stable release (e.g. `v0.2.2`) | -| `sd.image.pullPolicy` | Service-discovery image pull policy | `Always` | -| `sd.child.enabled` | Add service-discovery sidecar container to the netdata child pod definition | `true` | -| `sd.child.resources` | Child service-discovery container CPU/Memory resource requests/limits | `{resources: {limits: {cpu: 50m, memory: 150Mi}, requests: {cpu: 50m, memory: 100Mi}}}` | -| `sd.child.configmap.name` | Child service-discovery ConfigMap name | `netdata-child-sd-config-map` | -| `sd.child.configmap.key` | Child service-discovery ConfigMap key | `config.yml` | -| `sd.child.configmap.from.file` | File to use for child service-discovery configuration generation | `sdconfig/sd-child.yml` | -| `sd.child.configmap.from.value` | Value to use for child service-discovery configuration generation | `{}` | +

General settings

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
replicaCountint
+1
+
+		Number of `replicas` for the parent netdata `Deployment`
deploymentStrategy.typestring
+"Recreate"
+
+		Deployment strategy for pod deployments. Recreate is the safest value.
imagePullSecretslist
+[]
+
+		An optional list of references to secrets in the same namespace to use for pulling any of the images
image.repositorystring
+"netdata/netdata"
+
+		Container image repository
image.tagstring
+"{{ .Chart.AppVersion }}"
+
+		Container image tag
image.pullPolicystring
+"Always"
+
+		Container image pull policy
initContainersImage.repositorystring
+"alpine"
+
+		Init containers' image repository
initContainersImage.tagstring
+"latest"
+
+		Init containers' image tag
initContainersImage.pullPolicystring
+"Always"
+
+		Init containers' image pull policy
sysctlInitContainer.enabledbool
+false
+
+		Enable an init container to modify Kernel settings
sysctlInitContainer.commandlist
+[]
+
+		sysctl init container command to execute
sysctlInitContainer.resourcesobject
+{}
+
+		sysctl Init container CPU/Memory resource requests/limits
service.typestring
+"ClusterIP"
+
+		Parent service type
service.portint
+19999
+
+		Parent service port
service.annotationsobject
+{}
+
+		Additional annotations to add to the service
service.loadBalancerIPstring
+""
+
+		Static LoadBalancer IP, only to be used with service type=LoadBalancer
service.loadBalancerSourceRangeslist
+[]
+
+		List of allowed IPs for LoadBalancer
service.externalTrafficPolicystring
+""
+
+		Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
service.healthCheckNodePortstring
+null
+
+		Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local)
service.clusterIPstring
+""
+
+		Specific cluster IP when service type is cluster IP. Use `None` for headless service
ingress.enabledbool
+true
+
+		Create Ingress to access the netdata web UI
ingress.annotationsobject
+See values.yaml for defaults
+
+		Associate annotations to the Ingress
ingress.pathstring
+"/"
+
+		URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/`
ingress.pathTypestring
+"Prefix"
+
+		pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value
ingress.hosts[0]string
+"netdata.k8s.local"
+
+		URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller)
httpRoute.enabledbool
+false
+
+		Create HTTPRoute to access the netdata web UI via Gateway API
httpRoute.annotationsobject
+{}
+
+		Additional annotations to add to the HTTPRoute
httpRoute.labelsobject
+{}
+
+		Additional labels to add to the HTTPRoute
httpRoute.parentRefslist
+[]
+
+		Parent references for Gateway API HTTPRoute. Required when `httpRoute.enabled=true`
httpRoute.hostnameslist
+[]
+
+		Hostnames for the HTTPRoute
httpRoute.ruleslist
+[]
+
+		Optional explicit HTTPRoute rules. If empty, a default PathPrefix `/` rule is generated
rbac.createbool
+true
+
+		if true, create & use RBAC resources
rbac.pspEnabledbool
+true
+
+		Specifies whether a PodSecurityPolicy should be created
serviceAccount.createbool
+true
+
+		if true, create a service account
serviceAccount.namestring
+"netdata"
+
+		The name of the service account to use. If not set and create is true, a name is generated using the fullname template
restarter.enabledbool
+false
+
+		Install CronJob to update Netdata Pods
restarter.schedulestring
+"00 06 * * *"
+
+		The schedule in Cron format
restarter.image.repositorystring
+"rancher/kubectl"
+
+		Container image repo
restarter.image.tagstring
+".auto"
+
+		Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version
restarter.image.pullPolicystring
+"Always"
+
+		Container image pull policy
restarter.restartPolicystring
+"Never"
+
+		Container restart policy
restarter.resourcesobject
+{}
+
+		Container resources
restarter.concurrencyPolicystring
+"Forbid"
+
+		Specifies how to treat concurrent executions of a job
restarter.startingDeadlineSecondsint
+60
+
+		Optional deadline in seconds for starting the job if it misses scheduled time for any reason
restarter.successfulJobsHistoryLimitint
+3
+
+		The number of successful finished jobs to retain
restarter.failedJobsHistoryLimitint
+3
+
+		The number of failed finished jobs to retain
notifications.slack.webhook_urlstring
+""
+
+		Slack webhook URL
notifications.slack.recipientstring
+""
+
+		Slack recipient list
+

Service Discovery

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
sd.image.repositorystring
+"netdata/agent-sd"
+
+		Container image repository
sd.image.tagstring
+"v0.2.10"
+
+		Container image tag
sd.image.pullPolicystring
+"Always"
+
+		Container image pull policy
sd.child.enabledbool
+true
+
+		Add service-discovery sidecar container to the netdata child pod definition
sd.child.configmap.namestring
+"netdata-child-sd-config-map"
+
+		Child service-discovery ConfigMap name
sd.child.configmap.keystring
+"config.yml"
+
+		Child service-discovery ConfigMap key
sd.child.configmap.from.filestring
+""
+
+		File to use for child service-discovery configuration generation
sd.child.configmap.from.valueobject
+{}
+
+		Value to use for child service-discovery configuration generation
sd.child.resourcesobject
+See values.yaml for defaults
+
+		Child service-discovery container CPU/Memory resource requests/limits
+

Parent

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
parent.hostnamestring
+"netdata-parent"
+
+		Parent node hostname
parent.enabledbool
+true
+
+		Install parent Deployment to receive metrics from children nodes
parent.portint
+19999
+
+		Parent's listen port
parent.resourcesobject
+{}
+
+		Resources for the parent deployment
parent.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
parent.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
parent.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
parent.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
parent.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
parent.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
parent.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
parent.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
parent.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
parent.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
parent.securityContext.runAsUserint
+201
+
+		The UID to run the container process
parent.securityContext.runAsGroupint
+201
+
+		The GID to run the container process
parent.securityContext.fsGroupint
+201
+
+		The supplementary group for setting permissions on volumes
parent.terminationGracePeriodSecondsint
+300
+
+		Duration in seconds the pod needs to terminate gracefully
parent.nodeSelectorobject
+{}
+
+		Node selector for the parent deployment
parent.tolerationslist
+[]
+
+		Tolerations settings for the parent deployment
parent.affinityobject
+{}
+
+		Affinity settings for the parent deployment
parent.priorityClassNamestring
+""
+
+		Pod priority class name for the parent deployment
parent.envobject
+{}
+
+		Set environment parameters for the parent deployment
parent.envFromlist
+[]
+
+		Set environment parameters for the parent deployment from ConfigMap and/or Secrets
parent.podLabelsobject
+{}
+
+		Additional labels to add to the parent pods
parent.podAnnotationsobject
+{}
+
+		Additional annotations to add to the parent pods
parent.dnsPolicystring
+"Default"
+
+		DNS policy for pod
parent.database.persistencebool
+true
+
+		Whether the parent should use a persistent volume for the DB
parent.database.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata`
parent.database.volumesizestring
+"5Gi"
+
+		The storage space for the PVC of the parent database
parent.alarms.persistencebool
+true
+
+		Whether the parent should use a persistent volume for the alarms log
parent.alarms.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata`
parent.alarms.volumesizestring
+"1Gi"
+
+		The storage space for the PVC of the parent alarm log
parent.configsobject
+See values.yaml for defaults
+
+		Manage custom parent's configs
parent.claiming.enabledbool
+false
+
+		Enable parent claiming for netdata cloud
parent.claiming.tokenstring
+""
+
+		Claim token
parent.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
parent.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the parent pods
parent.extraVolumeslist
+[]
+
+		Additional volumes to add to the parent pods
parent.extraInitContainerslist
+[]
+
+		Additional init containers to add to the parent pods
+

Child

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
child.enabledbool
+true
+
+		Install child DaemonSet to gather data from nodes
child.portstring
+"{{ .Values.parent.port }}"
+
+		Children's listen port
child.updateStrategyobject
+{}
+
+		An update strategy to replace existing DaemonSet pods with new pods
child.resourcesobject
+{}
+
+		Resources for the child DaemonSet
child.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
child.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
child.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
child.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
child.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
child.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
child.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
child.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
child.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
child.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
child.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
child.nodeSelectorobject
+{}
+
+		Node selector for the child daemonsets
child.tolerationslist
+See values.yaml for defaults
+
+		Tolerations settings for the child daemonsets
child.affinityobject
+{}
+
+		Affinity settings for the child daemonsets
child.priorityClassNamestring
+""
+
+		Pod priority class name for the child daemonsets
child.podLabelsobject
+{}
+
+		Additional labels to add to the child pods
child.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
child.podAnnotationsobject
+{}
+
+		Additional annotations to add to the child pods
child.hostNetworkbool
+true
+
+		Usage of host networking and ports
child.dnsPolicystring
+"ClusterFirstWithHostNet"
+
+		DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true`
child.persistence.enabledbool
+true
+
+		Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath`
child.persistence.hostPathstring
+"/var/lib/netdata-k8s-child"
+
+		Host node directory for storing child instance data
child.podsMetadata.useKubeletbool
+false
+
+		Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata
child.podsMetadata.kubeletUrlstring
+"https://localhost:10250"
+
+		Kubelet URL
child.configsobject
+See values.yaml for defaults
+
+		Manage custom child's configs
child.envobject
+{}
+
+		Set environment parameters for the child daemonset
child.envFromlist
+[]
+
+		Set environment parameters for the child daemonset from ConfigMap and/or Secrets
child.claiming.enabledbool
+false
+
+		Enable child claiming for netdata cloud
child.claiming.tokenstring
+""
+
+		Claim token
child.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
child.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the child pods
child.extraVolumeslist
+[]
+
+		Additional volumes to add to the child pods
+

K8s State

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
k8sState.hostnamestring
+"netdata-k8s-state"
+
+		K8s state node hostname
k8sState.enabledbool
+true
+
+		Install this Deployment to gather data from K8s cluster
k8sState.portstring
+"{{ .Values.parent.port }}"
+
+		Listen port
k8sState.resourcesobject
+{}
+
+		Compute resources required by this Deployment
k8sState.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
k8sState.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
k8sState.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
k8sState.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
k8sState.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
k8sState.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
k8sState.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
k8sState.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
k8sState.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
k8sState.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
k8sState.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
k8sState.nodeSelectorobject
+{}
+
+		Node selector
k8sState.tolerationslist
+[]
+
+		Tolerations settings
k8sState.affinityobject
+{}
+
+		Affinity settings
k8sState.priorityClassNamestring
+""
+
+		Pod priority class name
k8sState.podLabelsobject
+{}
+
+		Additional labels
k8sState.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
k8sState.podAnnotationsobject
+{}
+
+		Additional annotations
k8sState.dnsPolicystring
+"ClusterFirstWithHostNet"
+
+		DNS policy for pod
k8sState.persistence.enabledbool
+true
+
+		Whether should use a persistent volume for `/var/lib/netdata`
k8sState.persistence.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of `/var/lib/netdata`
k8sState.persistence.volumesizestring
+"1Gi"
+
+		The storage space for the PVC of `/var/lib/netdata`
k8sState.envobject
+{}
+
+		Set environment parameters
k8sState.envFromlist
+[]
+
+		Set environment parameters from ConfigMap and/or Secrets
k8sState.configsobject
+See values.yaml for defaults
+
+		Manage custom configs
k8sState.claiming.enabledbool
+false
+
+		Enable claiming for netdata cloud
k8sState.claiming.tokenstring
+""
+
+		Claim token
k8sState.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
k8sState.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the k8sState pods
k8sState.extraVolumeslist
+[]
+
+		Additional volumes to add to the k8sState pods
+

Netdata OpenTelemetry

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
netdataOpentelemetry.enabledbool
+false
+
+		Enable the Netdata OpenTelemetry Deployment
netdataOpentelemetry.hostnamestring
+"netdata-otel"
+
+		Hostname for the Netdata OpenTelemetry instance
netdataOpentelemetry.portstring
+"{{ .Values.parent.port }}"
+
+		Listen port
netdataOpentelemetry.service.typestring
+"ClusterIP"
+
+		Service type
netdataOpentelemetry.service.portint
+4317
+
+		Service port
netdataOpentelemetry.service.annotationsobject
+{}
+
+		Service annotations
netdataOpentelemetry.service.clusterIPstring
+""
+
+		Cluster IP address (only used with service.type ClusterIP)
netdataOpentelemetry.service.loadBalancerIPstring
+""
+
+		LoadBalancer IP address (only used with service.type LoadBalancer)
netdataOpentelemetry.service.loadBalancerSourceRangeslist
+[]
+
+		Allowed source ranges for LoadBalancer (only used with service.type LoadBalancer)
netdataOpentelemetry.service.externalTrafficPolicystring
+""
+
+		External traffic policy (only used with service.type LoadBalancer)
netdataOpentelemetry.service.healthCheckNodePortstring
+""
+
+		Health check node port (only used with service.type LoadBalancer and external traffic policy Local)
netdataOpentelemetry.resourcesobject
+{}
+
+		Compute resources required by this Deployment
netdataOpentelemetry.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
netdataOpentelemetry.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
netdataOpentelemetry.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
netdataOpentelemetry.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
netdataOpentelemetry.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
netdataOpentelemetry.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
netdataOpentelemetry.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
netdataOpentelemetry.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
netdataOpentelemetry.securityContext.runAsUserint
+201
+
+		The UID to run the container process
netdataOpentelemetry.securityContext.runAsGroupint
+201
+
+		The GID to run the container process
netdataOpentelemetry.securityContext.fsGroupint
+201
+
+		The supplementary group for setting permissions on volumes
netdataOpentelemetry.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
netdataOpentelemetry.nodeSelectorobject
+{}
+
+		Node selector
netdataOpentelemetry.tolerationslist
+[]
+
+		Tolerations settings
netdataOpentelemetry.affinityobject
+{}
+
+		Affinity settings
netdataOpentelemetry.priorityClassNamestring
+""
+
+		Pod priority class name
netdataOpentelemetry.podLabelsobject
+{}
+
+		Additional labels
netdataOpentelemetry.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
netdataOpentelemetry.podAnnotationsobject
+{}
+
+		Additional annotations
netdataOpentelemetry.dnsPolicystring
+"ClusterFirst"
+
+		DNS policy for pod
netdataOpentelemetry.persistence.enabledbool
+true
+
+		Whether to use persistent volumes
netdataOpentelemetry.persistence.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim (both varlib and varlog volumes)
netdataOpentelemetry.persistence.volumesizestring
+"10Gi"
+
+		The storage space for the logs (varlog volume)
netdataOpentelemetry.configsobject
+See values.yaml for defaults
+
+		Manage custom configs
netdataOpentelemetry.envobject
+{}
+
+		Set environment parameters
netdataOpentelemetry.envFromlist
+[]
+
+		Set environment parameters from ConfigMap and/or Secrets
netdataOpentelemetry.claiming.enabledbool
+false
+
+		Enable claiming for netdata cloud
netdataOpentelemetry.claiming.tokenstring
+""
+
+		Claim token
netdataOpentelemetry.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
netdataOpentelemetry.extraVolumeMountslist
+[]
+
+		Additional volumeMounts
netdataOpentelemetry.extraVolumeslist
+[]
+
+		Additional volumes
+

OpenTelemetry Collector

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
otel-collector.enabledbool
+false
+
+		Set to true to enable the OpenTelemetry Collector
otel-collector.modestring
+"daemonset"
+
+		Deployment mode: daemonset, deployment, or statefulset
otel-collector.image.repositorystring
+"otel/opentelemetry-collector-k8s"
+
+		Image repository
otel-collector.presets.kubernetesAttributes.enabledbool
+true
+
+		Enable Kubernetes attributes collection
otel-collector.presets.logsCollection.enabledbool
+true
+
+		Enable logs collection from Kubernetes pods
otel-collector.presets.logsCollection.includeCollectorLogsbool
+false
+
+		Include collector logs in the collection
otel-collector.configobject
+See values.yaml for defaults
+
+		OpenTelemetry Collector configuration
otel-collector.resourcesobject
+See values.yaml for defaults
+
+		Resources
otel-collector.serviceAccount.createbool
+true
+
+		Create service account
otel-collector.clusterRole.createbool
+true
+
+		Create cluster role
otel-collector.clusterRole.ruleslist
+See values.yaml for defaults
+
+		Cluster role rules
otel-collector.tolerationslist
+See values.yaml for defaults
+
+		Tolerations to run on all nodes
Example to set the parameters from the command line: ```console $ helm install ./netdata --name my-release \ - --set notifications.slackurl=MySlackAPIURL \ - --set notifications.slackrecipiet="@MyUser MyChannel" + --set notifications.slack.webhook_url=MySlackAPIURL \ + --set notifications.slack.recipient="@MyUser MyChannel" ``` Another example, to set a different ingress controller. @@ -253,12 +2253,12 @@ be provided while installing the chart. For example, $ helm install ./netdata --name my-release -f values.yaml ``` -> **Tip**: You can use the default [values.yaml](values.yaml) +> **Tip**: You can use the default values.yaml > **Note:**: To opt out of anonymous statistics, set the `DO_NOT_TRACK` -environment variable to non-zero or non-empty value in -`parent.env` / `child.env` configuration (e.g: `DO_NOT_TRACK: 1`) -or uncomment the line in `values.yml`. +> environment variable to non-zero or non-empty value in +`parent.env` / `child.env` configuration (e.g.,: `DO_NOT_TRACK: 1`) +> or uncomment the line in `values.yml`. ### Configuration files @@ -283,14 +2283,15 @@ To deploy additional netdata user configuration files, you will need to add simi the `parent.configs` or the `child.configs` arrays. Regardless of whether you add config files that reside directly under `/etc/netdata` or in a subdirectory such as `/etc/netdata/go.d`, you can use the already provided configurations as reference. For reference, the `parent.configs` the array includes an `example` alarm that would get triggered if the -python.d `example` module was enabled. +python.d `example` module was enabled. Whenever you pass the sensitive data to your configuration like the database +credential, you can take an option to put it into the Kubernetes Secret by specifying `storedType: secret` in the +selected configuration. By default, all the configurations will be placed in the Kubernetes configmap. -Note that with the default configuration of this chart, the parent does the health checks and triggers alarms, but does -not collect much data. As a result, the only other configuration files that might make sense to add to the parent are +Note that in this chart's default configuration, the parent performs the health checks and triggers alarms but collects little data. As a result, the only other configuration files that might make sense to add to the parent are the alarm and alarm template definitions, under `/etc/netdata/health.d`. > **Tip**: Do pay attention to the indentation of the config file contents, as it matters for the parsing of the `yaml` file. Note that the first line under `var: |` -must be indented with two more spaces relative to the preceding line: +> must be indented with two more spaces relative to the preceding line: ``` data: |- @@ -309,8 +2310,8 @@ data for specific PV is lost in case of pod removal. node in `netdata.cloud` (due to `./registry/` and `./cloud.d/` being removed). In case of `child` instance it is a bit simpler. By default, hostPath: `/var/lib/netdata-k8s-child` is mounted on child -in: `/var/lib/netdata`. You can disable it but this option is pretty much required in a real life scenario, as without -it each pod deletion will result in new replication node for a parent. +in: `/var/lib/netdata`. You can disable it, but this option is pretty much required in a real life scenario, as without +it each pod deletion will result in a new replication node for a parent. ### Service discovery and supported services @@ -322,41 +2323,39 @@ and exports them, so they can be monitored. Service discovery currently supports the following applications via their associated collector: -- [ActiveMQ](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/activemq) -- [Apache](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/apache) -- [Bind](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/bind) -- [CockroachDB](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/cockroachdb) -- [Consul](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/consul) -- [CoreDNS](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/coredns) -- [Elasticsearch](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/elasticsearch) -- [Fluentd](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/fluentd) -- [FreeRADIUS](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/freeradius) -- [HDFS](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/hdfs) -- [Lighttpd](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/lighttpd) -- [Lighttpd2](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/lighttpd2) -- [Logstash](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/logstash) -- [MySQL](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/mysql) -- [NGINX](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/nginx) -- [OpenVPN](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/openvpn) -- [PHP-FPM](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/phpfpm) -- [RabbitMQ](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/rabbitmq) -- [Solr](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/solr) -- [Tengine](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/tengine) -- [Unbound](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/unbound) -- [VerneMQ](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/vernemq) -- [ZooKeeper](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/zookeeper) +- [ActiveMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/activemq/README.md) +- [Apache](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/apache/README.md) +- [Bind](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/bind/README.md) +- [CockroachDB](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/cockroachdb/README.md) +- [Consul](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/consul/README.md) +- [CoreDNS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/coredns/README.md) +- [Elasticsearch](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/elasticsearch/README.md) +- [Fluentd](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/fluentd/README.md) +- [FreeRADIUS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/freeradius/README.md) +- [HDFS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/hdfs/README.md) +- [Lighttpd](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/lighttpd/README.md) +- [Logstash](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/logstash/README.md) +- [MySQL](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/mysql/README.md) +- [NGINX](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/nginx/README.md) +- [OpenVPN](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/openvpn/README.md) +- [PHP-FPM](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/phpfpm/README.md) +- [RabbitMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/rabbitmq/README.md) +- [Tengine](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/tengine/README.md) +- [Unbound](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/unbound/README.md) +- [VerneMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/vernemq/README.md) +- [ZooKeeper](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/zookeeper/README.md) #### Prometheus endpoints Service discovery supports Prometheus endpoints via -the [Prometheus](https://learn.netdata.cloud/docs/agent/collectors/go.d.plugin/modules/prometheus) collector. +the [Prometheus](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/prometheus/README.md) collector. Annotations on pods allow a fine control of the scraping process: - `prometheus.io/scrape`: The default configuration will scrape all pods and, if set to false, this annotation excludes the pod from the scraping process. - `prometheus.io/path`: If the metrics path is not _/metrics_, define it with this annotation. -- `prometheus.io/port`: Scrape the pod on the indicated port instead of the pod’s declared ports. +- `prometheus.io/port`: Scrape the pod on the indicated port instead of the pod's declared ports. #### Configure service discovery @@ -415,9 +2414,9 @@ $ helm install \ ## Contributing -If you want to contribute, we are humbled! +If you want to contribute, we're humbled! -- Take a look at our [Contributing Guidelines](https://learn.netdata.cloud/contribute/handbook). -- This repository is under the [Netdata Code Of Conduct](https://learn.netdata.cloud/contribute/code-of-conduct). +- Take a look at our [Contributing Guidelines](https://github.com/netdata/.github/blob/main/CONTRIBUTING.md). +- This repository is under the [Netdata Code Of Conduct](https://github.com/netdata/.github/blob/main/CODE_OF_CONDUCT.md). - Chat about your contribution and let us help you in our [forum](https://community.netdata.cloud/c/agent-development/9)! diff --git a/charts/netdata/sdconfig/child.yml b/charts/netdata/sdconfig/child.yml index d656a3cf..0a38dc0f 100644 --- a/charts/netdata/sdconfig/child.yml +++ b/charts/netdata/sdconfig/child.yml @@ -39,8 +39,6 @@ tag: expr: '{{ and (eq .Port "50070") (glob .Image "**/hdfs*") }}' - tags: lighttpd expr: '{{ and (eq .Port "80" "8080") (glob .Image "**/lighttpd*") }}' - - tags: lighttpd2 - expr: '{{ and (eq .Port "80" "8080") (glob .Image "**/lighttpd2*") }}' - tags: logstash expr: '{{ and (eq .Port "9600") (glob .Image "logstash*" "**/logstash*") }}' - tags: mysql @@ -63,6 +61,14 @@ tag: expr: '{{ and (eq .Port "8888") (glob .Image "**/vernemq*") }}' - tags: zookeeper expr: '{{ and (eq .Port "2181") (glob .Image "zookeeper*" "**/zookeeper*") }}' + - tags: consul_envoy + expr: | + {{ $imageOK := glob .Image "*/consul-dataplane*" -}} + {{ $scrapeOK := eq (get .Annotations "prometheus.io/scrape") "true" -}} + {{ $promPort := get .Annotations "prometheus.io/port" -}} + {{ $portOK1 := and (eq .Port $promPort) (not (empty .Port)) -}} + {{ $portOK2 := and (empty .Port) (not (empty $promPort)) -}} + {{ and $imageOK $scrapeOK (or $portOK1 $portOK2) }} - name: "Prometheus Generic Applications" selector: unknown tags: -unknown prometheus_generic @@ -146,6 +152,14 @@ build: - module: elasticsearch name: elasticsearch-{{.TUID}} url: http://{{.Address}} + - selector: consul_envoy + template: | + {{ $path := default "/metrics" (get .Annotations "prometheus.io/path") -}} + {{ $promPort := get .Annotations "prometheus.io/port" -}} + {{ $port := ternary .Port $promPort (not (empty .Port)) -}} + - module: envoy + name: {{.TUID}} + url: http://{{ .PodIP }}:{{ $port }}{{ $path }} - selector: fluentd template: | - module: fluentd @@ -167,11 +181,6 @@ build: - module: lighttpd name: lighttpd-{{.TUID}} url: http://{{.Address}}/server-status?auto - - selector: lighttpd2 - template: | - - module: lighttpd2 - name: lighttpd2-{{.TUID}} - url: http://{{.Address}}/server-status?format=plain - selector: logstash template: | - module: logstash diff --git a/charts/netdata/sdconfig/k8s.yml b/charts/netdata/sdconfig/k8s.yml new file mode 100644 index 00000000..b2deabec --- /dev/null +++ b/charts/netdata/sdconfig/k8s.yml @@ -0,0 +1,242 @@ +disabled: no + +name: 'kubernetes' + +discover: + - discoverer: k8s + k8s: + - tags: unknown + role: pod + pod: + local_mode: yes +classify: + - name: "Control-Plane" + selector: unknown + tags: -unknown control_plane + match: + - tags: kube_scheduler + expr: '{{ glob .Image "k8s.gcr.io/kube-scheduler:*" }}' + - tags: kube_controller_manager + expr: '{{ glob .Image "k8s.gcr.io/kube-controller-manager:*" }}' + - name: "Applications" + selector: unknown + tags: -unknown applications + match: + - tags: activemq + expr: '{{ and (eq .Port "8161") (glob .Image "*/activemq*") }}' + - tags: apache + expr: '{{ and (eq .Port "80" "8080") (glob .Image "httpd*" "*/httpd*") }}' + - tags: bind + expr: '{{ and (eq .Port "8653") (glob .Image "*/bind*") }}' + - tags: cockroachdb + expr: '{{ and (eq .Port "8080") (glob .Image "*/cockroach*") }}' + - tags: consul + expr: '{{ and (eq .Port "8500") (glob .Image "consul*" "*/consul*") }}' + - tags: coredns + expr: '{{ and (eq .Port "9153") (glob .Image "*/coredns*") }}' + - tags: elasticsearch + expr: '{{ and (eq .Port "9200") (glob .Image "elasticsearch:*" "*/elasticsearch:*") }}' + - tags: fluentd + expr: '{{ and (eq .Port "24220") (glob .Image "fluentd*" "*/fluentd*") }}' + - tags: freeradius + expr: '{{ and (eq .Port "18121") (glob .Image "*/freeradius*") }}' + - tags: hdfs + expr: '{{ and (eq .Port "50070") (glob .Image "*/hdfs*") }}' + - tags: lighttpd + expr: '{{ and (eq .Port "80" "8080") (glob .Image "*/lighttpd*") }}' + - tags: logstash + expr: '{{ and (eq .Port "9600") (glob .Image "logstash*" "*/logstash*") }}' + - tags: mysql + expr: '{{ and (eq .Port "3306") (glob .Image "mysql*" "*/mysql*" "mariadb*" "*/mariadb*") }}' + - tags: nginx + expr: '{{ and (eq .Port "80" "8080") (glob .Image "nginx*" "*/nginx*") }}' + - tags: openvpn + expr: '{{ and (eq .Port "7505") (glob .Image "*/openvpn") }}' + - tags: phpfpm + expr: '{{ and (eq .Port "80" "8080") (glob .Image "*/phpfpm*" "*/php-fpm*") }}' + - tags: rabbitmq + expr: '{{ and (eq .Port "15672") (glob .Image "rabbitmq*" "*/rabbitmq*") }}' + - tags: solr + expr: '{{ and (eq .Port "8983") (glob .Image "solr*" "*/solr*") }}' + - tags: tengine + expr: '{{ and (eq .Port "80" "8080") (glob .Image "*/tengine*") }}' + - tags: unbound + expr: '{{ and (eq .Port "8953") (glob .Image "*/unbound*") }}' + - tags: vernemq + expr: '{{ and (eq .Port "8888") (glob .Image "*/vernemq*") }}' + - tags: zookeeper + expr: '{{ and (eq .Port "2181") (glob .Image "zookeeper*" "*/zookeeper*") }}' + - tags: consul_envoy + expr: | + {{ $imageOK := glob .Image "*/consul-dataplane*" -}} + {{ $scrapeOK := eq (get .Annotations "prometheus.io/scrape") "true" -}} + {{ $promPort := get .Annotations "prometheus.io/port" -}} + {{ $portOK1 := and (eq .Port $promPort) (not (empty .Port)) -}} + {{ $portOK2 := and (empty .Port) (not (empty $promPort)) -}} + {{ and $imageOK $scrapeOK (or $portOK1 $portOK2) }} + - name: "Prometheus Generic Applications" + selector: unknown + tags: -unknown prometheus_generic + match: + - tags: prometheus_generic + expr: | + {{ $scrapeOK := eq (get .Annotations "prometheus.io/scrape") "true" -}} + {{ $portOK := eq (default .Port (get .Annotations "prometheus.io/port")) .Port -}} + {{ $imageOK := not (glob .Image "netdata/netdata*" "*pulsar*" "*telegraf*") -}} + {{ and $scrapeOK $portOK $imageOK }} +compose: + - name: "Control-Plane" + selector: '!unknown control_plane' + config: + - selector: kube_scheduler + template: | + - module: prometheus + name: prometheus-{{.TUID}} + url: http://{{.PodIP}}:{{default "10251" .Port}}/metrics + app: '{{.ContName}}' + update_every: 10 + max_time_series: 1000 + - selector: kube_controller_manager + template: | + - module: prometheus + name: prometheus-{{.TUID}} + url: http://{{.PodIP}}:{{default "10252" .Port}}/metrics + app: '{{.ContName}}' + update_every: 10 + max_time_series: 2000 + - name: "Prometheus Generic Applications" + selector: '!unknown prometheus_generic' + config: + - selector: prometheus_generic + template: | + {{ $path := default "/metrics" (get .Annotations "prometheus.io/path") -}} + - module: prometheus + name: prometheus-{{.TUID}} + url: http://{{.Address}}{{$path}} + app: '{{.ContName}}' + update_every: 10 + max_time_series: 4000 + - name: "Applications" + selector: '!unknown applications' + tags: file + config: + - selector: activemq + template: | + - module: activemq + name: activemq-{{.TUID}} + url: http://{{.Address}} + - selector: apache + template: | + - module: apache + name: apache-{{.TUID}} + url: http://{{.Address}}/server-status?auto + - selector: bind + template: | + - module: bind + name: bind-{{.TUID}} + url: http://{{.Address}}/json/v1 + - selector: cockroachdb + template: | + - module: cockroachdb + name: cockroachdb-{{.TUID}} + url: http://{{.Address}}/_status/vars + - selector: consul + template: | + - module: consul + name: consul-{{.TUID}} + url: http://{{.Address}} + - selector: coredns + template: | + - module: coredns + name: coredns-{{.TUID}} + url: http://{{.Address}}/metrics + - selector: elasticsearch + template: | + - module: elasticsearch + name: elasticsearch-{{.TUID}} + url: http://{{.Address}} + - selector: consul_envoy + template: | + {{ $path := default "/metrics" (get .Annotations "prometheus.io/path") -}} + {{ $promPort := get .Annotations "prometheus.io/port" -}} + {{ $port := ternary .Port $promPort (not (empty .Port)) -}} + - module: envoy + name: {{.TUID}} + url: http://{{ .PodIP }}:{{ $port }}{{ $path }} + - selector: fluentd + template: | + - module: fluentd + name: fluentd-{{.TUID}} + url: http://{{.Address}} + - selector: freeradius + template: | + - module: freeradius + name: freeradius-{{.TUID}} + address: {{.PodIP}} + port: {{.Port}} + - selector: hdfs + template: | + - module: hdfs + name: hdfs-{{.TUID}} + url: http://{{.Address}}/jmx + - selector: lighttpd + template: | + - module: lighttpd + name: lighttpd-{{.TUID}} + url: http://{{.Address}}/server-status?auto + - selector: logstash + template: | + - module: logstash + name: logstash-{{.TUID}} + url: http://{{.Address}} + - selector: mysql + template: | + - module: mysql + name: mysql-{{.TUID}} + dsn: 'netdata@tcp({{.Address}})/' + - selector: nginx + template: | + - module: nginx + name: nginx-{{.TUID}} + url: http://{{.Address}}/stub_status + - selector: openvpn + template: | + - module: openvpn + name: openvpn-{{.TUID}} + address: {{.Address}} + - selector: phpfpm + template: | + - module: phpfpm + name: phpfpm-{{.TUID}} + url: http://{{.Address}}/status?full&json + - selector: rabbitmq + template: | + - module: rabbitmq + name: rabbitmq-{{.TUID}} + url: http://{{.Address}} + - selector: solr + template: | + - module: solr + name: solr-{{.TUID}} + url: http://{{.Address}} + - selector: tengine + template: | + - module: tengine + name: tengine-{{.TUID}} + url: http://{{.Address}}/us + - selector: unbound + template: | + - module: unbound + name: unbound-{{.TUID}} + address: {{.Address}} + use_tls: false + - selector: vernemq + template: | + - module: vernemq + name: vernemq-{{.TUID}} + url: http://{{.Address}}/metrics + - selector: zookeeper + template: | + - module: zookeeper + name: zookeeper-{{.TUID}} + address: {{.Address}} diff --git a/charts/netdata/templates/_helpers.tpl b/charts/netdata/templates/_helpers.tpl index c3976e21..39d76b61 100644 --- a/charts/netdata/templates/_helpers.tpl +++ b/charts/netdata/templates/_helpers.tpl @@ -38,6 +38,17 @@ Return the target Kubernetes version {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} {{- end -}} +{{/* +The function determines if the Netdata version is less than 3.0-0. +*/}} +{{- define "netdata.verLess22" -}} +{{- if semverCompare "<2.2-0" .Chart.AppVersion -}} +{{- "true" -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for ingress. */}} @@ -52,3 +63,128 @@ Return the appropriate apiVersion for ingress. {{- "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} + +{{/* +Return a value indicating whether the restarter is enabled. +*/}} +{{- define "netdata.restarter.enabled" -}} +{{- if and .Values.restarter.enabled (eq .Values.image.pullPolicy "Always") (or .Values.parent.enabled .Values.child.enabled .Values.k8sState.enabled .Values.netdataOpentelemetry.enabled) }} +{{- "true" -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap data for the parent configuration. Configmap is the default choice for storing configuration. +*/}} +{{- define "netdata.parent.configs.configmap" -}} +{{- range $name, $config := .Values.parent.configs -}} +{{- $found := false -}} +{{- if and $config.enabled (eq $config.storedType "configmap") -}} +{{- $found = true -}} +{{- else if and $config.enabled (ne $config.storedType "secret") -}} +{{- $found = true -}} +{{- else if and $config.enabled (not $config.storedType) -}} +{{- $found = true -}} +{{- end -}} +{{- if $found }} +{{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap data for the child configuration. Configmap is the default choice for storing configuration. +*/}} +{{- define "netdata.child.configs.configmap" -}} +{{- range $name, $config := .Values.child.configs -}} +{{- $found := false -}} +{{- if and $config.enabled (eq $config.storedType "configmap") -}} +{{- $found = true -}} +{{- else if and $config.enabled (ne $config.storedType "secret") -}} +{{- $found = true -}} +{{- end -}} +{{- if $found }} +{{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap data for the k8s state configuration. Configmap is the default choice for storing configuration. +*/}} +{{- define "netdata.k8sState.configs.configmap" -}} +{{- range $name, $config := .Values.k8sState.configs -}} +{{- $found := false -}} +{{- if and $config.enabled (eq $config.storedType "configmap") -}} +{{- $found = true -}} +{{- else if and $config.enabled (ne $config.storedType "secret") -}} +{{- $found = true -}} +{{- end -}} +{{- if $found }} +{{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret data for the parent configuration, when you setup storedType as a secret. +*/}} +{{- define "netdata.parent.configs.secret" -}} +{{- range $name, $config := .Values.parent.configs -}} +{{- if and $config.enabled (eq $config.storedType "secret") }} +{{ $name }}: {{ tpl $config.data $ | b64enc }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret data for the child configuration, when you setup storedType as a secret. +*/}} +{{- define "netdata.child.configs.secret" -}} +{{- range $name, $config := .Values.child.configs -}} +{{- if and $config.enabled (eq $config.storedType "secret") }} +{{ $name }}: {{ tpl $config.data $ | b64enc }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret data for the k8s state configuration, when you setup storedType as a secret. +*/}} +{{- define "netdata.k8sState.configs.secret" -}} +{{- range $name, $config := .Values.k8sState.configs -}} +{{- if and $config.enabled (eq $config.storedType "secret") }} +{{ $name }}: {{ tpl $config.data $ | b64enc }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap data for the netdata OpenTelemetry configuration. Configmap is the default choice for storing configuration. +*/}} +{{- define "netdata.netdataOpentelemetry.configs.configmap" -}} +{{- range $name, $config := .Values.netdataOpentelemetry.configs -}} +{{- $found := false -}} +{{- if and $config.enabled (eq $config.storedType "configmap") -}} +{{- $found = true -}} +{{- else if and $config.enabled (ne $config.storedType "secret") -}} +{{- $found = true -}} +{{- end -}} +{{- if $found }} +{{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret data for the netdata OpenTelemetry configuration, when you setup storedType as a secret. +*/}} +{{- define "netdata.netdataOpentelemetry.configs.secret" -}} +{{- range $name, $config := .Values.netdataOpentelemetry.configs -}} +{{- if and $config.enabled (eq $config.storedType "secret") }} +{{ $name }}: {{ tpl $config.data $ | b64enc }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/netdata/templates/child/configmap.yaml b/charts/netdata/templates/child/configmap.yaml new file mode 100644 index 00000000..63337c2a --- /dev/null +++ b/charts/netdata/templates/child/configmap.yaml @@ -0,0 +1,46 @@ +{{- $configmapChild := include "netdata.child.configs.configmap" . }} +{{- if and .Values.child.enabled $configmapChild}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netdata-conf-child + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{ $configmapChild | indent 2 }} +{{- end }} + +{{- if and .Values.child.enabled .Values.sd.child.enabled .Values.sd.child.configmap.from }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.sd.child.configmap.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{ .Values.sd.child.configmap.key }}: | + {{- with .Values.sd.child.configmap.from }} + {{- if and (.value) (kindIs "string" .value) }} + {{- .value | nindent 4 }} + {{- else if .value }} + {{- toYaml .value | nindent 4 }} + {{- else }} + {{- if .file }} + {{- $.Files.Get .file | nindent 4 }} + {{- else }} + {{- $configFile := ternary "sdconfig/child.yml" "sdconfig/k8s.yml" (eq (include "netdata.verLess22" $) "true") }} + {{- $.Files.Get $configFile | nindent 4 }} + {{- end }} + {{- end}} + {{- end}} +{{- end }} diff --git a/charts/netdata/templates/daemonset.yaml b/charts/netdata/templates/child/daemonset.yaml similarity index 80% rename from charts/netdata/templates/daemonset.yaml rename to charts/netdata/templates/child/daemonset.yaml index 454b9122..eabacb97 100644 --- a/charts/netdata/templates/daemonset.yaml +++ b/charts/netdata/templates/child/daemonset.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "netdata.name" . }}-child + namespace: {{ .Release.Namespace }} labels: app: {{ template "netdata.name" . }} chart: {{ template "netdata.chart" . }} @@ -24,7 +25,7 @@ spec: {{- if .Values.child.podAnnotationAppArmor.enabled }} container.apparmor.security.beta.kubernetes.io/{{ .Chart.Name }}: unconfined {{- end }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ print (include (print $.Template.BasePath "/child/configmap.yaml") .) (include (print $.Template.BasePath "/child/secrets.yaml") .) | sha256sum }} {{- with .Values.child.podAnnotations }} {{ toYaml . | trim | indent 8 }} {{- end }} @@ -92,9 +93,11 @@ spec: - name: NETDATA_CLAIM_TOKEN value: "{{ .Values.child.claiming.token }}" {{- end }} + {{- if .Values.child.claiming.rooms }} - name: NETDATA_CLAIM_ROOMS value: "{{ .Values.child.claiming.rooms }}" {{- end }} + {{- end }} - name: MY_POD_NAME valueFrom: fieldRef: @@ -110,13 +113,21 @@ spec: - name: NETDATA_LISTENER_PORT value: '{{ tpl (.Values.child.port | toString) . }}' {{- if .Values.sd.child.enabled }} + {{- if include "netdata.verLess22" . }} - name: NETDATA_PLUGINS_GOD_WATCH_PATH value: "/etc/netdata/go.d/sd/go.d.yml" {{- end }} + {{- end }} {{- range $key, $value := .Values.child.env }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} + {{- if .Values.child.podsMetadata.useKubelet }} + - name: USE_KUBELET_FOR_PODS_METADATA + value: "1" + - name: KUBELET_URL + value: "{{ .Values.child.podsMetadata.kubeletUrl }}" + {{- end }} {{- with .Values.child.envFrom }} envFrom: {{ toYaml . | indent 12 }} @@ -126,17 +137,21 @@ spec: containerPort: {{ tpl (.Values.child.port | toString) . }} protocol: TCP livenessProbe: - httpGet: - path: /api/v1/info - port: http + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.child.livenessProbe.initialDelaySeconds }} failureThreshold: {{ .Values.child.livenessProbe.failureThreshold }} periodSeconds: {{ .Values.child.livenessProbe.periodSeconds }} successThreshold: {{ .Values.child.livenessProbe.successThreshold }} timeoutSeconds: {{ .Values.child.livenessProbe.timeoutSeconds }} readinessProbe: - httpGet: - path: /api/v1/info - port: http + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.child.readinessProbe.initialDelaySeconds }} failureThreshold: {{ .Values.child.readinessProbe.failureThreshold }} periodSeconds: {{ .Values.child.readinessProbe.periodSeconds }} successThreshold: {{ .Values.child.readinessProbe.successThreshold }} @@ -145,15 +160,15 @@ spec: - name: proc readOnly: true mountPath: /host/proc - - name: run - mountPath: /var/run/docker.sock - name: sys mountPath: /host/sys - name: os-release mountPath: /host/etc/os-release - {{- range $name, $config := .Values.parent.configs }} + - name: varlog + mountPath: /host/var/log + {{- range $name, $config := .Values.child.configs }} {{- if $config.enabled }} - - name: config + - name: {{ ternary "configmap" "configsecret" (ne $config.storedType "secret") }} mountPath: {{ $config.path }} subPath: {{ $name }} {{- end }} @@ -163,8 +178,14 @@ spec: mountPath: /var/lib/netdata {{- end }} {{- if .Values.sd.child.enabled }} + {{- if include "netdata.verLess22" . }} - name: sd-shared mountPath: "/etc/netdata/go.d/sd/" + {{- else }} + - name: sdconfigmap + mountPath: "/etc/netdata/go.d/sd/k8s.conf" + subPath: {{ .Values.sd.child.configmap.key }} + {{- end }} {{- end }} {{- if .Values.child.extraVolumeMounts -}} {{ toYaml .Values.child.extraVolumeMounts | nindent 12 }} @@ -177,6 +198,7 @@ spec: resources: {{ toYaml .Values.child.resources | indent 12 }} {{- if .Values.sd.child.enabled }} + {{- if include "netdata.verLess22" . }} - name: sd image: "{{ .Values.sd.image.repository }}:{{ .Values.sd.image.tag }}" imagePullPolicy: {{ .Values.sd.image.pullPolicy }} @@ -197,6 +219,7 @@ spec: fieldRef: fieldPath: spec.nodeName {{- end }} + {{- end }} {{- with .Values.child.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} @@ -214,18 +237,23 @@ spec: - name: proc hostPath: path: /proc - - name: run - hostPath: - path: /var/run/docker.sock - name: sys hostPath: path: /sys - name: os-release hostPath: path: /etc/os-release - - name: config + - name: varlog + hostPath: + path: /var/log + - name: configmap configMap: name: netdata-conf-child + optional: true + - name: configsecret + secret: + secretName: netdata-conf-child + optional: true {{- with .Values.child.persistence }} {{- if and .enabled .hostPath }} - name: persistencevarlibdir @@ -235,8 +263,15 @@ spec: {{- end }} {{- end }} {{- if .Values.sd.child.enabled }} + {{- if include "netdata.verLess22" . }} - name: sd-shared emptyDir: { } + {{- else }} + - name: sdconfigmap + configMap: + name: {{ .Values.sd.child.configmap.name }} + optional: true + {{- end }} {{- end }} {{- if .Values.child.extraVolumes }} {{ toYaml .Values.child.extraVolumes | indent 8}} diff --git a/charts/netdata/templates/child/secrets.yaml b/charts/netdata/templates/child/secrets.yaml new file mode 100644 index 00000000..9c9667e7 --- /dev/null +++ b/charts/netdata/templates/child/secrets.yaml @@ -0,0 +1,17 @@ +{{- $secretChild := include "netdata.child.configs.secret" . }} +{{- if and .Values.child.enabled $secretChild}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: netdata-conf-child + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + {{ $secretChild | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/clusterrole.yaml b/charts/netdata/templates/clusterrole.yaml index 4b7c221c..a0c03e5b 100644 --- a/charts/netdata/templates/clusterrole.yaml +++ b/charts/netdata/templates/clusterrole.yaml @@ -16,7 +16,23 @@ rules: - "configmaps" # used by sd - "secrets" # used by sd - "nodes" # used by go.d/k8s_state - - "nodes/metrics" # used by go.d/k8s_state when querying Kubelet HTTPS endpoint + - "nodes/metrics" # used by go.d/k8s_kubelet when querying Kubelet HTTPS endpoint + - "nodes/proxy" # used by netdata (cgroup-name.sh) when querying Kubelet /pods endpoint + verbs: + - "get" + - "list" + - "watch" + - apiGroups: ["apps"] + resources: + - "deployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: ["batch"] + resources: + - "cronjobs" + - "jobs" verbs: - "get" - "list" diff --git a/charts/netdata/templates/configmap.yaml b/charts/netdata/templates/configmap.yaml deleted file mode 100644 index 88754e65..00000000 --- a/charts/netdata/templates/configmap.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- if .Values.parent.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: netdata-conf-parent - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - {{- range $name, $config := .Values.parent.configs }} - {{- if $config.enabled }} - {{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} - {{- end }} - {{- end }} -{{- end }} - -{{- if .Values.child.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: netdata-conf-child - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - {{- range $name, $config := .Values.child.configs }} - {{- if $config.enabled }} - {{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} - {{- end }} - {{- end }} -{{- end }} - - -{{- if .Values.k8sState.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: netdata-conf-k8s-state - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - {{- range $name, $config := .Values.k8sState.configs }} - {{- if $config.enabled }} - {{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} - {{- end }} - {{- end }} -{{- end }} - - -{{- if and .Values.child.enabled .Values.sd.child.enabled .Values.sd.child.configmap.from }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.sd.child.configmap.name }} - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - {{ .Values.sd.child.configmap.key }}: | - {{- with .Values.sd.child.configmap.from }} - {{- if and (.value) (kindIs "string" .value) }} - {{- .value | nindent 4 }} - {{- else if .value }} - {{- toYaml .value | nindent 4 }} - {{- else }} - {{- $.Files.Get .file | nindent 4 }} - {{- end}} - {{- end}} -{{- end }} diff --git a/charts/netdata/templates/deployment.yaml b/charts/netdata/templates/deployment.yaml deleted file mode 100644 index 2fe10f47..00000000 --- a/charts/netdata/templates/deployment.yaml +++ /dev/null @@ -1,328 +0,0 @@ -{{- if .Values.parent.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "netdata.name" . }}-parent - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - role: parent -spec: - replicas: {{ .Values.replicaCount }} - strategy: {{- toYaml .Values.deploymentStrategy | nindent 4 }} - selector: - matchLabels: - app: {{ template "netdata.name" . }} - release: {{ .Release.Name }} - role: parent - template: - metadata: - labels: - app: {{ template "netdata.name" . }} - release: {{ .Release.Name }} - role: parent -{{- with .Values.parent.podLabels }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- with .Values.parent.podAnnotations }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - spec: - securityContext: - fsGroup: 201 - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- if .Values.parent.priorityClassName }} - priorityClassName: "{{ .Values.parent.priorityClassName }}" - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - initContainers: - {{- if .Values.sysctlInitContainer.enabled }} - - name: init-sysctl - image: "{{ .Values.initContainersImage.repository }}:{{ .Values.initContainersImage.tag }}" - imagePullPolicy: {{ .Values.initContainersImage.pullPolicy }} - command: -{{ toYaml .Values.sysctlInitContainer.command | indent 12 }} - securityContext: - runAsNonRoot: false - privileged: true - runAsUser: 0 - resources: -{{ toYaml .Values.sysctlInitContainer.resources | indent 12 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- if .Values.parent.claiming.enabled }} - - name: NETDATA_CLAIM_URL - value: "{{ .Values.parent.claiming.url }}" - {{- if .Values.parent.claiming.token }} - - name: NETDATA_CLAIM_TOKEN - value: "{{ .Values.parent.claiming.token }}" - {{- end }} - - name: NETDATA_CLAIM_ROOMS - value: "{{ .Values.parent.claiming.rooms }}" - {{- end }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NETDATA_LISTENER_PORT - value: '{{ .Values.parent.port }}' - {{- range $key, $value := .Values.parent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.parent.envFrom }} - envFrom: -{{ toYaml . | indent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.parent.port }} - protocol: TCP - livenessProbe: - httpGet: - path: /api/v1/info - port: http - failureThreshold: {{ .Values.parent.livenessProbe.failureThreshold }} - periodSeconds: {{ .Values.parent.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.parent.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.parent.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /api/v1/info - port: http - failureThreshold: {{ .Values.parent.readinessProbe.failureThreshold }} - periodSeconds: {{ .Values.parent.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.parent.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.parent.readinessProbe.timeoutSeconds }} - volumeMounts: - - name: os-release - mountPath: /host/etc/os-release - {{- range $name, $config := .Values.parent.configs }} - {{- if $config.enabled }} - - name: config - mountPath: {{ $config.path }} - subPath: {{ $name }} - {{- end }} - {{- end }} - {{- if .Values.parent.database.persistence }} - - name: database - mountPath: /var/cache/netdata - {{- end }} - {{- if .Values.parent.alarms.persistence }} - - name: alarms - mountPath: /var/lib/netdata - {{- end }} - {{- if .Values.parent.extraVolumeMounts -}} -{{ toYaml .Values.parent.extraVolumeMounts | nindent 12 }} - {{- end }} - resources: -{{ toYaml .Values.parent.resources | indent 12 }} - {{- with .Values.parent.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.parent.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.parent.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.parent.terminationGracePeriodSeconds }} - volumes: - - name: os-release - hostPath: - path: /etc/os-release - - name: config - configMap: - name: netdata-conf-parent - {{- if .Values.parent.database.persistence }} - - name: database - persistentVolumeClaim: - claimName: {{ template "netdata.name" . }}-parent-database - {{- end }} - {{- if .Values.parent.alarms.persistence }} - - name: alarms - persistentVolumeClaim: - claimName: {{ template "netdata.name" . }}-parent-alarms - {{- end }} - {{- if .Values.parent.extraVolumes }} -{{ toYaml .Values.parent.extraVolumes | indent 8}} - {{- end }} - dnsPolicy: {{ .Values.parent.dnsPolicy }} -{{- end }} - -{{- if .Values.k8sState.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "netdata.name" . }}-k8s-state - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - role: k8sState -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: {{ template "netdata.name" . }} - release: {{ .Release.Name }} - role: k8sState - template: - metadata: - annotations: - {{- if .Values.k8sState.podAnnotationAppArmor.enabled }} - container.apparmor.security.beta.kubernetes.io/{{ .Chart.Name }}: unconfined - {{- end }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- with .Values.k8sState.podAnnotations }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - labels: - app: {{ template "netdata.name" . }} - release: {{ .Release.Name }} - role: k8sState -{{- with .Values.k8sState.podLabels }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - spec: - securityContext: - fsGroup: 201 - serviceAccountName: {{ .Values.serviceAccount.name }} - restartPolicy: Always - {{- if .Values.k8sState.priorityClassName }} - priorityClassName: "{{ .Values.k8sState.priorityClassName }}" - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - initContainers: - {{- if .Values.sysctlInitContainer.enabled }} - - name: init-sysctl - image: "{{ .Values.initContainersImage.repository }}:{{ .Values.initContainersImage.tag }}" - imagePullPolicy: {{ .Values.initContainersImage.pullPolicy }} - command: -{{ toYaml .Values.sysctlInitContainer.command | indent 12 }} - securityContext: - runAsNonRoot: false - privileged: true - runAsUser: 0 - resources: -{{ toYaml .Values.sysctlInitContainer.resources | indent 12 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- if .Values.k8sState.claiming.enabled }} - - name: NETDATA_CLAIM_URL - value: "{{ .Values.k8sState.claiming.url }}" - {{- if .Values.k8sState.claiming.token }} - - name: NETDATA_CLAIM_TOKEN - value: "{{ .Values.k8sState.claiming.token }}" - {{- end }} - - name: NETDATA_CLAIM_ROOMS - value: "{{ .Values.k8sState.claiming.rooms }}" - {{- end }} - - name: NETDATA_LISTENER_PORT - value: '{{ tpl (.Values.k8sState.port | toString) . }}' - {{- range $key, $value := .Values.k8sState.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.k8sState.envFrom }} - envFrom: -{{ toYaml . | indent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ tpl (.Values.k8sState.port | toString) . }} - protocol: TCP - livenessProbe: - httpGet: - path: /api/v1/info - port: http - failureThreshold: {{ .Values.k8sState.livenessProbe.failureThreshold }} - periodSeconds: {{ .Values.k8sState.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.k8sState.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.k8sState.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /api/v1/info - port: http - failureThreshold: {{ .Values.k8sState.readinessProbe.failureThreshold }} - periodSeconds: {{ .Values.k8sState.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.k8sState.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.k8sState.readinessProbe.timeoutSeconds }} - volumeMounts: - - name: os-release - mountPath: /host/etc/os-release - {{- range $name, $config := .Values.k8sState.configs }} - {{- if $config.enabled }} - - name: config - mountPath: {{ $config.path }} - subPath: {{ $name }} - {{- end }} - {{- end }} - {{- if .Values.k8sState.persistence.enabled }} - - name: varlib - mountPath: /var/lib/netdata - {{- end }} - {{- if .Values.k8sState.extraVolumeMounts -}} -{{ toYaml .Values.k8sState.extraVolumeMounts | nindent 12 }} - {{- end }} - resources: -{{ toYaml .Values.k8sState.resources | indent 12 }} - {{- with .Values.k8sState.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.k8sState.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.k8sState.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.k8sState.terminationGracePeriodSeconds }} - volumes: - - name: os-release - hostPath: - path: /etc/os-release - - name: config - configMap: - name: netdata-conf-k8s-state - {{- if .Values.k8sState.persistence.enabled }} - - name: varlib - persistentVolumeClaim: - claimName: {{ template "netdata.name" . }}-k8s-state-varlib - {{- end }} - {{- if .Values.k8sState.extraVolumes }} -{{ toYaml .Values.k8sState.extraVolumes | indent 8}} - {{- end }} - dnsPolicy: {{ .Values.k8sState.dnsPolicy }} -{{- end }} diff --git a/charts/netdata/templates/k8s-state/configmap.yaml b/charts/netdata/templates/k8s-state/configmap.yaml new file mode 100644 index 00000000..2387ed15 --- /dev/null +++ b/charts/netdata/templates/k8s-state/configmap.yaml @@ -0,0 +1,16 @@ +{{- $configmapk8sState := include "netdata.k8sState.configs.configmap" . }} +{{- if and .Values.k8sState.enabled $configmapk8sState }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netdata-conf-k8s-state + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{ $configmapk8sState | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/k8s-state/deployment.yaml b/charts/netdata/templates/k8s-state/deployment.yaml new file mode 100644 index 00000000..d5b3f5bd --- /dev/null +++ b/charts/netdata/templates/k8s-state/deployment.yaml @@ -0,0 +1,177 @@ +{{- if .Values.k8sState.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "netdata.name" . }}-k8s-state + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: k8sState +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: k8sState + template: + metadata: + annotations: + {{- if .Values.k8sState.podAnnotationAppArmor.enabled }} + container.apparmor.security.beta.kubernetes.io/{{ .Chart.Name }}: unconfined + {{- end }} + checksum/config: {{ print (include (print $.Template.BasePath "/k8s-state/configmap.yaml") .) (include (print $.Template.BasePath "/k8s-state/secrets.yaml") .) | sha256sum }} +{{- with .Values.k8sState.podAnnotations }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + labels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: k8sState +{{- with .Values.k8sState.podLabels }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + spec: + securityContext: + fsGroup: 201 + serviceAccountName: {{ .Values.serviceAccount.name }} + restartPolicy: Always + {{- if .Values.k8sState.priorityClassName }} + priorityClassName: "{{ .Values.k8sState.priorityClassName }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + initContainers: + {{- if .Values.sysctlInitContainer.enabled }} + - name: init-sysctl + image: "{{ .Values.initContainersImage.repository }}:{{ .Values.initContainersImage.tag }}" + imagePullPolicy: {{ .Values.initContainersImage.pullPolicy }} + command: +{{ toYaml .Values.sysctlInitContainer.command | indent 12 }} + securityContext: + runAsNonRoot: false + privileged: true + runAsUser: 0 + resources: +{{ toYaml .Values.sysctlInitContainer.resources | indent 12 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.k8sState.claiming.enabled }} + - name: NETDATA_CLAIM_URL + value: "{{ .Values.k8sState.claiming.url }}" + {{- if .Values.k8sState.claiming.token }} + - name: NETDATA_CLAIM_TOKEN + value: "{{ .Values.k8sState.claiming.token }}" + {{- end }} + {{- if .Values.k8sState.claiming.rooms }} + - name: NETDATA_CLAIM_ROOMS + value: "{{ .Values.k8sState.claiming.rooms }}" + {{- end }} + {{- end }} + - name: NETDATA_LISTENER_PORT + value: '{{ tpl (.Values.k8sState.port | toString) . }}' + {{- range $key, $value := .Values.k8sState.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- with .Values.k8sState.envFrom }} + envFrom: +{{ toYaml . | indent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ tpl (.Values.k8sState.port | toString) . }} + protocol: TCP + livenessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.k8sState.livenessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.k8sState.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.k8sState.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.k8sState.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.k8sState.livenessProbe.timeoutSeconds }} + readinessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.k8sState.readinessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.k8sState.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.k8sState.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.k8sState.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.k8sState.readinessProbe.timeoutSeconds }} + volumeMounts: + - name: os-release + mountPath: /host/etc/os-release + {{- range $name, $config := .Values.k8sState.configs }} + {{- if $config.enabled }} + - name: {{ ternary "configmap" "configsecret" (ne $config.storedType "secret") }} + mountPath: {{ $config.path }} + subPath: {{ $name }} + {{- end }} + {{- end }} + {{- if .Values.k8sState.persistence.enabled }} + - name: varlib + mountPath: /var/lib/netdata + {{- end }} + {{- if .Values.k8sState.extraVolumeMounts -}} +{{ toYaml .Values.k8sState.extraVolumeMounts | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.k8sState.resources | indent 12 }} + {{- with .Values.k8sState.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.k8sState.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.k8sState.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.k8sState.terminationGracePeriodSeconds }} + volumes: + - name: os-release + hostPath: + path: /etc/os-release + - name: configmap + configMap: + name: netdata-conf-k8s-state + optional: true + - name: configsecret + secret: + secretName: netdata-conf-k8s-state + optional: true + {{- if .Values.k8sState.persistence.enabled }} + - name: varlib + persistentVolumeClaim: + claimName: {{ template "netdata.name" . }}-k8s-state-varlib + {{- end }} + {{- if .Values.k8sState.extraVolumes }} +{{ toYaml .Values.k8sState.extraVolumes | indent 8}} + {{- end }} + dnsPolicy: {{ .Values.k8sState.dnsPolicy }} +{{- end }} diff --git a/charts/netdata/templates/k8s-state/persistentvolumeclaim.yaml b/charts/netdata/templates/k8s-state/persistentvolumeclaim.yaml new file mode 100644 index 00000000..60aba5d9 --- /dev/null +++ b/charts/netdata/templates/k8s-state/persistentvolumeclaim.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.k8sState.enabled .Values.k8sState.persistence.enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "netdata.name" . }}-k8s-state-varlib + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: k8sState +spec: + accessModes: [ "ReadWriteOnce" ] + {{- if (ne "-" .Values.k8sState.persistence.storageclass) }} + storageClassName: "{{ .Values.k8sState.persistence.storageclass }}" + {{- end }} + resources: + requests: + storage: {{ .Values.k8sState.persistence.volumesize }} +{{- end }} diff --git a/charts/netdata/templates/k8s-state/secrets.yaml b/charts/netdata/templates/k8s-state/secrets.yaml new file mode 100644 index 00000000..298c7715 --- /dev/null +++ b/charts/netdata/templates/k8s-state/secrets.yaml @@ -0,0 +1,17 @@ +{{- $secretk8sState := include "netdata.k8sState.configs.secret" . }} +{{- if and .Values.k8sState.enabled $secretk8sState }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: netdata-conf-k8s-state + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + {{ $secretk8sState | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/configmap.yaml b/charts/netdata/templates/netdata-otel/configmap.yaml new file mode 100644 index 00000000..5b63f42e --- /dev/null +++ b/charts/netdata/templates/netdata-otel/configmap.yaml @@ -0,0 +1,16 @@ +{{- $configmapOtel := include "netdata.netdataOpentelemetry.configs.configmap" . }} +{{- if and .Values.netdataOpentelemetry.enabled $configmapOtel }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netdata-conf-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{ $configmapOtel | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/deployment.yaml b/charts/netdata/templates/netdata-otel/deployment.yaml new file mode 100644 index 00000000..84709d89 --- /dev/null +++ b/charts/netdata/templates/netdata-otel/deployment.yaml @@ -0,0 +1,188 @@ +{{- if .Values.netdataOpentelemetry.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "netdata.name" . }}-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: otel +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: otel + template: + metadata: + annotations: + {{- if .Values.netdataOpentelemetry.podAnnotationAppArmor.enabled }} + container.apparmor.security.beta.kubernetes.io/{{ .Chart.Name }}: unconfined + {{- end }} + checksum/config: {{ print (include (print $.Template.BasePath "/netdata-otel/configmap.yaml") .) (include (print $.Template.BasePath "/netdata-otel/secrets.yaml") .) | sha256sum }} +{{- with .Values.netdataOpentelemetry.podAnnotations }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + labels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: otel +{{- with .Values.netdataOpentelemetry.podLabels }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + spec: + securityContext: + fsGroup: {{ .Values.netdataOpentelemetry.securityContext.fsGroup }} + serviceAccountName: {{ .Values.serviceAccount.name }} + restartPolicy: Always + {{- if .Values.netdataOpentelemetry.priorityClassName }} + priorityClassName: "{{ .Values.netdataOpentelemetry.priorityClassName }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + initContainers: + {{- if .Values.sysctlInitContainer.enabled }} + - name: init-sysctl + image: "{{ .Values.initContainersImage.repository }}:{{ .Values.initContainersImage.tag }}" + imagePullPolicy: {{ .Values.initContainersImage.pullPolicy }} + command: +{{ toYaml .Values.sysctlInitContainer.command | indent 12 }} + securityContext: + runAsNonRoot: false + privileged: true + runAsUser: 0 + resources: +{{ toYaml .Values.sysctlInitContainer.resources | indent 12 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.netdataOpentelemetry.claiming.enabled }} + - name: NETDATA_CLAIM_URL + value: "{{ .Values.netdataOpentelemetry.claiming.url }}" + {{- if .Values.netdataOpentelemetry.claiming.token }} + - name: NETDATA_CLAIM_TOKEN + value: "{{ .Values.netdataOpentelemetry.claiming.token }}" + {{- end }} + {{- if .Values.netdataOpentelemetry.claiming.rooms }} + - name: NETDATA_CLAIM_ROOMS + value: "{{ .Values.netdataOpentelemetry.claiming.rooms }}" + {{- end }} + {{- end }} + - name: NETDATA_LISTENER_PORT + value: '{{ tpl (.Values.netdataOpentelemetry.port | toString) . }}' + {{- range $key, $value := .Values.netdataOpentelemetry.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- with .Values.netdataOpentelemetry.envFrom }} + envFrom: +{{ toYaml . | indent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ tpl (.Values.netdataOpentelemetry.port | toString) . }} + protocol: TCP + - name: otel + containerPort: {{ tpl (.Values.netdataOpentelemetry.service.port | toString) . }} + protocol: TCP + livenessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.netdataOpentelemetry.livenessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.netdataOpentelemetry.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.netdataOpentelemetry.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.netdataOpentelemetry.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.netdataOpentelemetry.livenessProbe.timeoutSeconds }} + readinessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.netdataOpentelemetry.readinessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.timeoutSeconds }} + securityContext: + runAsUser: {{ .Values.netdataOpentelemetry.securityContext.runAsUser }} + runAsGroup: {{ .Values.netdataOpentelemetry.securityContext.runAsGroup }} + volumeMounts: + - name: os-release + mountPath: /host/etc/os-release + {{- range $name, $config := .Values.netdataOpentelemetry.configs }} + {{- if $config.enabled }} + - name: {{ ternary "configmap" "configsecret" (ne $config.storedType "secret") }} + mountPath: {{ $config.path }} + subPath: {{ $name }} + {{- end }} + {{- end }} + {{- if .Values.netdataOpentelemetry.persistence.enabled }} + - name: varlog + mountPath: /var/log/netdata/otel + - name: varlib + mountPath: /var/lib/netdata + {{- end }} + {{- if .Values.netdataOpentelemetry.extraVolumeMounts -}} +{{ toYaml .Values.netdataOpentelemetry.extraVolumeMounts | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.netdataOpentelemetry.resources | indent 12 }} + {{- with .Values.netdataOpentelemetry.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.netdataOpentelemetry.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.netdataOpentelemetry.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.netdataOpentelemetry.terminationGracePeriodSeconds }} + volumes: + - name: os-release + hostPath: + path: /etc/os-release + - name: configmap + configMap: + name: netdata-conf-otel + optional: true + - name: configsecret + secret: + secretName: netdata-conf-otel + optional: true + {{- if .Values.netdataOpentelemetry.persistence.enabled }} + - name: varlog + persistentVolumeClaim: + claimName: {{ template "netdata.name" . }}-otel-varlog + - name: varlib + persistentVolumeClaim: + claimName: {{ template "netdata.name" . }}-otel-varlib + {{- end }} + {{- if .Values.netdataOpentelemetry.extraVolumes }} +{{ toYaml .Values.netdataOpentelemetry.extraVolumes | indent 8}} + {{- end }} + dnsPolicy: {{ .Values.netdataOpentelemetry.dnsPolicy }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml b/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml new file mode 100644 index 00000000..83ea0367 --- /dev/null +++ b/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml @@ -0,0 +1,43 @@ +{{- if and .Values.netdataOpentelemetry.enabled .Values.netdataOpentelemetry.persistence.enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "netdata.name" . }}-otel-varlog + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: otel +spec: + accessModes: [ "ReadWriteOnce" ] + {{- if (ne "-" .Values.netdataOpentelemetry.persistence.storageclass) }} + storageClassName: "{{ .Values.netdataOpentelemetry.persistence.storageclass }}" + {{- end }} + resources: + requests: + storage: {{ .Values.netdataOpentelemetry.persistence.volumesize }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "netdata.name" . }}-otel-varlib + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: otel +spec: + accessModes: [ "ReadWriteOnce" ] + {{- if (ne "-" .Values.netdataOpentelemetry.persistence.storageclass) }} + storageClassName: "{{ .Values.netdataOpentelemetry.persistence.storageclass }}" + {{- end }} + resources: + requests: + storage: 1Gi + +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/secrets.yaml b/charts/netdata/templates/netdata-otel/secrets.yaml new file mode 100644 index 00000000..006689ed --- /dev/null +++ b/charts/netdata/templates/netdata-otel/secrets.yaml @@ -0,0 +1,17 @@ +{{- $secretOtel := include "netdata.netdataOpentelemetry.configs.secret" . }} +{{- if and .Values.netdataOpentelemetry.enabled $secretOtel }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: netdata-conf-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + {{ $secretOtel | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/service.yaml b/charts/netdata/templates/netdata-otel/service.yaml new file mode 100644 index 00000000..04235225 --- /dev/null +++ b/charts/netdata/templates/netdata-otel/service.yaml @@ -0,0 +1,47 @@ +{{- if .Values.netdataOpentelemetry.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: otel + annotations: +{{- with .Values.netdataOpentelemetry.service.annotations }} +{{ toYaml . | trim | indent 4 }} +{{- end }} +spec: + type: {{ .Values.netdataOpentelemetry.service.type }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "LoadBalancer") .Values.netdataOpentelemetry.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.netdataOpentelemetry.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "LoadBalancer") .Values.netdataOpentelemetry.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{- with .Values.netdataOpentelemetry.service.loadBalancerSourceRanges }} +{{ toYaml . | trim | indent 4 }} +{{- end }} + {{- end }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "LoadBalancer") .Values.netdataOpentelemetry.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.netdataOpentelemetry.service.externalTrafficPolicy }} + {{- if and (eq .Values.netdataOpentelemetry.service.externalTrafficPolicy "Local") .Values.netdataOpentelemetry.service.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.netdataOpentelemetry.service.healthCheckNodePort }} + {{- end }} + {{- end }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "ClusterIP") .Values.netdataOpentelemetry.service.clusterIP }} + clusterIP: {{ .Values.netdataOpentelemetry.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.netdataOpentelemetry.service.port }} + targetPort: {{ .Values.netdataOpentelemetry.service.port }} + protocol: TCP + name: otel + selector: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: otel +{{- end }} diff --git a/charts/netdata/templates/parent/configmap.yaml b/charts/netdata/templates/parent/configmap.yaml new file mode 100644 index 00000000..6a392a4d --- /dev/null +++ b/charts/netdata/templates/parent/configmap.yaml @@ -0,0 +1,16 @@ +{{- $configmapParent := include "netdata.parent.configs.configmap" . }} +{{- if and .Values.parent.enabled $configmapParent }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netdata-conf-parent + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{ $configmapParent | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/parent/deployment.yaml b/charts/netdata/templates/parent/deployment.yaml new file mode 100644 index 00000000..3a217fe2 --- /dev/null +++ b/charts/netdata/templates/parent/deployment.yaml @@ -0,0 +1,186 @@ +{{- if .Values.parent.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "netdata.name" . }}-parent + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: parent +spec: + replicas: {{ .Values.replicaCount }} + strategy: {{- toYaml .Values.deploymentStrategy | nindent 4 }} + selector: + matchLabels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: parent + template: + metadata: + labels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: parent +{{- with .Values.parent.podLabels }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ print (include (print $.Template.BasePath "/parent/configmap.yaml") .) (include (print $.Template.BasePath "/parent/secrets.yaml") .) | sha256sum }} +{{- with .Values.parent.podAnnotations }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + spec: + securityContext: + fsGroup: {{ .Values.parent.securityContext.fsGroup }} + serviceAccountName: {{ .Values.serviceAccount.name }} + {{- if .Values.parent.priorityClassName }} + priorityClassName: "{{ .Values.parent.priorityClassName }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + initContainers: + {{- if .Values.sysctlInitContainer.enabled }} + - name: init-sysctl + image: "{{ .Values.initContainersImage.repository }}:{{ .Values.initContainersImage.tag }}" + imagePullPolicy: {{ .Values.initContainersImage.pullPolicy }} + command: +{{ toYaml .Values.sysctlInitContainer.command | indent 12 }} + securityContext: + runAsNonRoot: false + privileged: true + runAsUser: 0 + resources: +{{ toYaml .Values.sysctlInitContainer.resources | indent 12 }} + {{- end }} +{{ toYaml .Values.parent.extraInitContainers | indent 8 }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.parent.claiming.enabled }} + - name: NETDATA_CLAIM_URL + value: "{{ .Values.parent.claiming.url }}" + {{- if .Values.parent.claiming.token }} + - name: NETDATA_CLAIM_TOKEN + value: "{{ .Values.parent.claiming.token }}" + {{- end }} + {{- if .Values.parent.claiming.rooms }} + - name: NETDATA_CLAIM_ROOMS + value: "{{ .Values.parent.claiming.rooms }}" + {{- end }} + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NETDATA_LISTENER_PORT + value: '{{ .Values.parent.port }}' + {{- range $key, $value := .Values.parent.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- with .Values.parent.envFrom }} + envFrom: +{{ toYaml . | indent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.parent.port }} + protocol: TCP + livenessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.parent.livenessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.parent.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.parent.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.parent.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.parent.livenessProbe.timeoutSeconds }} + readinessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.parent.readinessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.parent.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.parent.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.parent.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.parent.readinessProbe.timeoutSeconds }} + securityContext: + runAsUser: {{ .Values.parent.securityContext.runAsUser }} + runAsGroup: {{ .Values.parent.securityContext.runAsGroup }} + volumeMounts: + - name: os-release + mountPath: /host/etc/os-release + {{- range $name, $config := .Values.parent.configs }} + {{- if $config.enabled }} + - name: {{ ternary "configmap" "configsecret" (ne $config.storedType "secret") }} + mountPath: {{ $config.path }} + subPath: {{ $name }} + {{- end }} + {{- end }} + {{- if .Values.parent.database.persistence }} + - name: database + mountPath: /var/cache/netdata + {{- end }} + {{- if .Values.parent.alarms.persistence }} + - name: alarms + mountPath: /var/lib/netdata + {{- end }} + {{- if .Values.parent.extraVolumeMounts -}} +{{ toYaml .Values.parent.extraVolumeMounts | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.parent.resources | indent 12 }} + {{- with .Values.parent.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.parent.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.parent.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.parent.terminationGracePeriodSeconds }} + volumes: + - name: os-release + hostPath: + path: /etc/os-release + - name: configmap + configMap: + name: netdata-conf-parent + optional: true + - name: configsecret + secret: + secretName: netdata-conf-parent + optional: true + {{- if .Values.parent.database.persistence }} + - name: database + persistentVolumeClaim: + claimName: {{ template "netdata.name" . }}-parent-database + {{- end }} + {{- if .Values.parent.alarms.persistence }} + - name: alarms + persistentVolumeClaim: + claimName: {{ template "netdata.name" . }}-parent-alarms + {{- end }} + {{- if .Values.parent.extraVolumes }} +{{ toYaml .Values.parent.extraVolumes | indent 8}} + {{- end }} + dnsPolicy: {{ .Values.parent.dnsPolicy }} +{{- end }} diff --git a/charts/netdata/templates/parent/httproute.yaml b/charts/netdata/templates/parent/httproute.yaml new file mode 100644 index 00000000..622fa1be --- /dev/null +++ b/charts/netdata/templates/parent/httproute.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.parent.enabled .Values.httpRoute.enabled -}} +{{- $fullName := include "netdata.name" . -}} +{{- $svcPort := .Values.service.port -}} + +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.httpRoute.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.httpRoute.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + parentRefs: +{{ required "A valid .Values.httpRoute.parentRefs entry is required when httpRoute.enabled is true" .Values.httpRoute.parentRefs | toYaml | indent 4 }} +{{- with .Values.httpRoute.hostnames }} + hostnames: +{{ toYaml . | indent 4 }} +{{- end }} + rules: +{{- if .Values.httpRoute.rules }} +{{ toYaml .Values.httpRoute.rules | indent 4 }} +{{- else }} + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ $fullName }} + port: {{ $svcPort }} +{{- end }} +{{- end }} diff --git a/charts/netdata/templates/ingress.yaml b/charts/netdata/templates/parent/ingress.yaml similarity index 97% rename from charts/netdata/templates/ingress.yaml rename to charts/netdata/templates/parent/ingress.yaml index d73fe24a..e8ec7ac1 100644 --- a/charts/netdata/templates/ingress.yaml +++ b/charts/netdata/templates/parent/ingress.yaml @@ -8,6 +8,7 @@ apiVersion: {{ $apiVersion }} kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "netdata.name" . }} chart: {{ template "netdata.chart" . }} diff --git a/charts/netdata/templates/persistentvolumeclaim.yaml b/charts/netdata/templates/parent/persistentvolumeclaim.yaml similarity index 65% rename from charts/netdata/templates/persistentvolumeclaim.yaml rename to charts/netdata/templates/parent/persistentvolumeclaim.yaml index e93483e2..a6077f91 100644 --- a/charts/netdata/templates/persistentvolumeclaim.yaml +++ b/charts/netdata/templates/parent/persistentvolumeclaim.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ template "netdata.name" . }}-parent-database + namespace: {{ .Release.Namespace }} labels: app: {{ template "netdata.name" . }} chart: {{ template "netdata.chart" . }} @@ -26,6 +27,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ template "netdata.name" . }}-parent-alarms + namespace: {{ .Release.Namespace }} labels: app: {{ template "netdata.name" . }} chart: {{ template "netdata.chart" . }} @@ -41,25 +43,3 @@ spec: requests: storage: {{ .Values.parent.alarms.volumesize }} {{- end }} - -{{- if and .Values.k8sState.enabled .Values.k8sState.persistence.enabled }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "netdata.name" . }}-k8s-state-varlib - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - role: k8sState -spec: - accessModes: [ "ReadWriteOnce" ] - {{- if (ne "-" .Values.k8sState.persistence.storageclass) }} - storageClassName: "{{ .Values.k8sState.persistence.storageclass }}" - {{- end }} - resources: - requests: - storage: {{ .Values.k8sState.persistence.volumesize }} -{{- end }} diff --git a/charts/netdata/templates/parent/secrets.yaml b/charts/netdata/templates/parent/secrets.yaml new file mode 100644 index 00000000..8ed28907 --- /dev/null +++ b/charts/netdata/templates/parent/secrets.yaml @@ -0,0 +1,17 @@ +{{- $secretParent := include "netdata.parent.configs.secret" . }} +{{- if and .Values.parent.enabled $secretParent }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: netdata-conf-parent + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + {{ $secretParent | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/service.yaml b/charts/netdata/templates/parent/service.yaml similarity index 97% rename from charts/netdata/templates/service.yaml rename to charts/netdata/templates/parent/service.yaml index 3172a3af..a240a4e6 100644 --- a/charts/netdata/templates/service.yaml +++ b/charts/netdata/templates/parent/service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "netdata.name" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "netdata.name" . }} chart: {{ template "netdata.chart" . }} diff --git a/charts/netdata/templates/restarter/cronjob.yaml b/charts/netdata/templates/restarter/cronjob.yaml new file mode 100644 index 00000000..c59ee887 --- /dev/null +++ b/charts/netdata/templates/restarter/cronjob.yaml @@ -0,0 +1,42 @@ +{{- if include "netdata.restarter.enabled" . }} +--- +{{- $argsList := list }} +{{- $args := printf "deployment/%s-parent" (include "netdata.name" .) }} +{{- $argsList = append $argsList (ternary $args "" .Values.parent.enabled) }} +{{- $args = printf "daemonset/%s-child" (include "netdata.name" .) }} +{{- $argsList = append $argsList (ternary $args "" .Values.child.enabled) }} +{{- $args = printf "deployment/%s-k8s-state" (include "netdata.name" .) }} +{{- $argsList = append $argsList (ternary $args "" .Values.k8sState.enabled) }} +{{- $args = printf "deployment/%s-otel" (include "netdata.name" .) }} +{{- $argsList = append $argsList (ternary $args "" .Values.netdataOpentelemetry.enabled) }} +{{- $argsList = compact $argsList }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ template "netdata.name" . }}-restarter + namespace: {{ .Release.Namespace }} +spec: + schedule: "{{ .Values.restarter.schedule }}" + concurrencyPolicy: {{ .Values.restarter.concurrencyPolicy }} + startingDeadlineSeconds: {{ .Values.restarter.startingDeadlineSeconds }} + successfulJobsHistoryLimit: {{ .Values.restarter.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ .Values.restarter.failedJobsHistoryLimit }} + jobTemplate: + spec: + template: + spec: + serviceAccountName: {{ .Values.serviceAccount.name }}-restarter + restartPolicy: {{ .Values.restarter.restartPolicy }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 12 }} + {{- end }} + containers: + - name: netdata-restarter + image: {{ .Values.restarter.image.repository }}:{{ ternary (printf "v%s.%s.0" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) .Values.restarter.image.tag (eq (.Values.restarter.image.tag | toString) ".auto") }} + imagePullPolicy: {{ .Values.restarter.image.pullPolicy }} + resources: +{{ toYaml .Values.restarter.resources | indent 16 }} + args: +{{ toYaml (concat (list "rollout" "restart") $argsList) | indent 16 }} +{{- end }} diff --git a/charts/netdata/templates/restarter/role.yml b/charts/netdata/templates/restarter/role.yml new file mode 100644 index 00000000..7d1e536f --- /dev/null +++ b/charts/netdata/templates/restarter/role.yml @@ -0,0 +1,27 @@ +{{- if and .Values.serviceAccount.create (include "netdata.restarter.enabled" .) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "netdata.fullname" . }}-restarter + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: + - "apps" + resources: + - "deployments" + - "daemonsets" + resourceNames: + - {{ template "netdata.name" . }}-parent + - {{ template "netdata.name" . }}-child + - {{ template "netdata.name" . }}-k8s-state + - {{ template "netdata.name" . }}-otel + verbs: + - "get" + - "patch" +{{- end -}} diff --git a/charts/netdata/templates/restarter/rolebinding.yaml b/charts/netdata/templates/restarter/rolebinding.yaml new file mode 100644 index 00000000..2400c2ad --- /dev/null +++ b/charts/netdata/templates/restarter/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.serviceAccount.create (include "netdata.restarter.enabled" .) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "netdata.fullname" . }}-restarter + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "netdata.fullname" . }}-restarter +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.name }}-restarter + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/netdata/templates/restarter/serviceaccount.yaml b/charts/netdata/templates/restarter/serviceaccount.yaml new file mode 100644 index 00000000..4dff7986 --- /dev/null +++ b/charts/netdata/templates/restarter/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.serviceAccount.create (include "netdata.restarter.enabled" .) }} +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ .Values.serviceAccount.name }}-restarter + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/netdata/templates/serviceaccount.yaml b/charts/netdata/templates/serviceaccount.yaml index ecc304c6..5543c985 100644 --- a/charts/netdata/templates/serviceaccount.yaml +++ b/charts/netdata/templates/serviceaccount.yaml @@ -1,4 +1,5 @@ {{- if .Values.serviceAccount.create -}} +--- kind: ServiceAccount apiVersion: v1 metadata: @@ -8,4 +9,5 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} name: {{ .Values.serviceAccount.name }} -{{- end -}} \ No newline at end of file + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index 8f3b8fb8..8aedf660 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -1,28 +1,59 @@ +# -- Number of `replicas` for the parent netdata `Deployment` +# @section -- General settings replicaCount: 1 deploymentStrategy: + # -- Deployment strategy for pod deployments. Recreate is the safest value. + # @section -- General settings type: Recreate +# -- An optional list of references to secrets in the same namespace to use for pulling any of the images +# @section -- General settings imagePullSecrets: [] image: + # -- Container image repository + # @section -- General settings repository: netdata/netdata + # -- Container image tag + # @section -- General settings tag: "{{ .Chart.AppVersion }}" + # -- Container image pull policy + # @section -- General settings pullPolicy: Always sd: image: + # -- Container image repository + # @section -- Service Discovery repository: netdata/agent-sd - tag: v0.2.7 + # -- Container image tag + # @section -- Service Discovery + tag: v0.2.10 + # -- Container image pull policy + # @section -- Service Discovery pullPolicy: Always child: + # -- Add service-discovery sidecar container to the netdata child pod definition + # @section -- Service Discovery enabled: true configmap: + # -- Child service-discovery ConfigMap name + # @section -- Service Discovery name: netdata-child-sd-config-map + # -- Child service-discovery ConfigMap key + # @section -- Service Discovery key: config.yml # if 'from' is {} the ConfigMap is not generated from: - file: sdconfig/child.yml + # -- File to use for child service-discovery configuration generation + # @section -- Service Discovery + file: "" + # -- Value to use for child service-discovery configuration generation + # @section -- Service Discovery value: {} + # -- Child service-discovery container CPU/Memory resource requests/limits + # @default -- See values.yaml for defaults + # @section -- Service Discovery resources: limits: cpu: 50m @@ -32,36 +63,72 @@ sd: memory: 100Mi initContainersImage: + # -- Init containers' image repository + # @section -- General settings repository: alpine + # -- Init containers' image tag + # @section -- General settings tag: latest + # -- Init containers' image pull policy + # @section -- General settings pullPolicy: Always sysctlInitContainer: + # -- Enable an init container to modify Kernel settings + # @section -- General settings enabled: false + # -- sysctl init container command to execute + # @section -- General settings command: [] + # -- sysctl Init container CPU/Memory resource requests/limits + # @section -- General settings resources: {} service: + # -- Parent service type + # @section -- General settings type: ClusterIP + # -- Parent service port + # @section -- General settings port: 19999 + # -- Additional annotations to add to the service + # @section -- General settings annotations: {} - ## Only to be used with type LoadBalancer - # loadBalancerIP: 10.0.1.69 - # loadBalancerSourceRanges: [] - # externalTrafficPolicy: Local - ## Only to be used with type LoadBalancer and external traffic policy Local - # healthCheckNodePort: - ## Only to be used with type ClusterIP - # clusterIP: 10.1.2.3 + # -- Static LoadBalancer IP, only to be used with service type=LoadBalancer + # @section -- General settings + loadBalancerIP: "" + # -- List of allowed IPs for LoadBalancer + # @section -- General settings + loadBalancerSourceRanges: [] + # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + # @section -- General settings + externalTrafficPolicy: "" + # -- Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local) + # @section -- General settings + healthCheckNodePort: null + # -- Specific cluster IP when service type is cluster IP. Use `None` for headless service + # @section -- General settings + clusterIP: "" ingress: + # -- Create Ingress to access the netdata web UI + # @section -- General settings enabled: true + # -- Associate annotations to the Ingress + # @default -- See values.yaml for defaults + # @section -- General settings annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" + # -- URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/` + # @section -- General settings path: / + # -- pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value + # @section -- General settings pathType: Prefix hosts: + # -- URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) + # @section -- General settings - netdata.k8s.local ## whole spec is going to be included into ingress spec. ## if you intend to use ingressClassName declaration, remove ingress.class from annotations @@ -72,18 +139,105 @@ ingress: # hosts: # - netdata.k8s.local +httpRoute: + # -- Create HTTPRoute to access the netdata web UI via Gateway API + # @section -- General settings + enabled: false + # -- Additional annotations to add to the HTTPRoute + # @section -- General settings + annotations: {} + # -- Additional labels to add to the HTTPRoute + # @section -- General settings + labels: {} + # -- Parent references for Gateway API HTTPRoute. Required when `httpRoute.enabled=true` + # @section -- General settings + parentRefs: [] + # -- Hostnames for the HTTPRoute + # @section -- General settings + hostnames: [] + # -- Optional explicit HTTPRoute rules. If empty, a default PathPrefix `/` rule is generated + # @section -- General settings + rules: [] + rbac: + # -- if true, create & use RBAC resources + # @section -- General settings create: true + # -- Specifies whether a PodSecurityPolicy should be created + # @section -- General settings pspEnabled: true serviceAccount: + # -- if true, create a service account + # @section -- General settings create: true + # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template + # @section -- General settings name: netdata +restarter: + # -- Install CronJob to update Netdata Pods + # @section -- General settings + enabled: false + # -- The schedule in Cron format + # @section -- General settings + schedule: "00 06 * * *" + image: + # -- Container image repo + # @section -- General settings + repository: rancher/kubectl + # -- Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version + # @section -- General settings + tag: .auto + # -- Container image pull policy + # @section -- General settings + pullPolicy: Always + # -- Container restart policy + # @section -- General settings + restartPolicy: Never + # -- Container resources + # @section -- General settings + resources: {} + # limits: + # cpu: 500m + # memory: 64Mi + # requests: + # cpu: 250m + # memory: 32Mi + # -- Specifies how to treat concurrent executions of a job + # @section -- General settings + concurrencyPolicy: Forbid + # -- Optional deadline in seconds for starting the job if it misses scheduled time for any reason + # @section -- General settings + startingDeadlineSeconds: 60 + # -- The number of successful finished jobs to retain + # @section -- General settings + successfulJobsHistoryLimit: 3 + # -- The number of failed finished jobs to retain + # @section -- General settings + failedJobsHistoryLimit: 3 + +notifications: + slack: + # -- Slack webhook URL + # @section -- General settings + webhook_url: "" + # -- Slack recipient list + # @section -- General settings + recipient: "" parent: + # -- Parent node hostname + # @section -- Parent + hostname: "netdata-parent" + # -- Install parent Deployment to receive metrics from children nodes + # @section -- Parent enabled: true + # -- Parent's listen port + # @section -- Parent port: 19999 + # -- Resources for the parent deployment + # @section -- Parent resources: {} # limits: # cpu: 4 @@ -93,30 +247,76 @@ parent: # memory: 4096Mi livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- Parent + initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container + # @section -- Parent failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- Parent periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- Parent successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- Parent timeoutSeconds: 1 readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- Parent + initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready + # @section -- Parent failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- Parent periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- Parent successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- Parent timeoutSeconds: 1 - + securityContext: + # -- The UID to run the container process + # @section -- Parent + runAsUser: 201 + # -- The GID to run the container process + # @section -- Parent + runAsGroup: 201 + # -- The supplementary group for setting permissions on volumes + # @section -- Parent + fsGroup: 201 + + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- Parent terminationGracePeriodSeconds: 300 + # -- Node selector for the parent deployment + # @section -- Parent nodeSelector: {} + # -- Tolerations settings for the parent deployment + # @section -- Parent tolerations: [] + # -- Affinity settings for the parent deployment + # @section -- Parent affinity: {} + # -- Pod priority class name for the parent deployment + # @section -- Parent priorityClassName: "" + # -- Set environment parameters for the parent deployment + # @section -- Parent env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 + # -- Set environment parameters for the parent deployment from ConfigMap and/or Secrets + # @section -- Parent envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: @@ -124,31 +324,52 @@ parent: ## And create it with: kubectl create secret generic netdata --from-literal="NETDATA_CLAIM_TOKEN=" ## Also ensure that claim.token is empty + # -- Additional labels to add to the parent pods + # @section -- Parent podLabels: {} + # -- Additional annotations to add to the parent pods + # @section -- Parent podAnnotations: {} + # -- DNS policy for pod + # @section -- Parent dnsPolicy: Default database: + # -- Whether the parent should use a persistent volume for the DB + # @section -- Parent persistence: true - ## Set '-' as the storageclass to get a volume from the default storage class. + # -- The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata` + # @section -- Parent storageclass: "-" - volumesize: 2Gi + # -- The storage space for the PVC of the parent database + # @section -- Parent + volumesize: 5Gi alarms: + # -- Whether the parent should use a persistent volume for the alarms log + # @section -- Parent persistence: true - ## Set '-' as the storageclass to get a volume from the default storage class. + # -- The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata` + # @section -- Parent storageclass: "-" + # -- The storage space for the PVC of the parent alarm log + # @section -- Parent volumesize: 1Gi + # -- Manage custom parent's configs + # @default -- See values.yaml for defaults + # @section -- Parent configs: netdata: enabled: true path: /etc/netdata/netdata.conf data: | [global] - memory mode = dbengine + hostname = {{ .Values.parent.hostname }} + [db] + mode = dbengine [plugins] cgroups = no @@ -179,14 +400,8 @@ parent: data: | SEND_EMAIL="NO" SEND_SLACK="YES" - SLACK_WEBHOOK_URL="" - DEFAULT_RECIPIENT_SLACK="" - role_recipients_slack[sysadmin]="${DEFAULT_RECIPIENT_SLACK}" - role_recipients_slack[domainadmin]="${DEFAULT_RECIPIENT_SLACK}" - role_recipients_slack[dba]="${DEFAULT_RECIPIENT_SLACK}" - role_recipients_slack[webmaster]="${DEFAULT_RECIPIENT_SLACK}" - role_recipients_slack[proxyadmin]="${DEFAULT_RECIPIENT_SLACK}" - role_recipients_slack[sitemgr]="${DEFAULT_RECIPIENT_SLACK}" + SLACK_WEBHOOK_URL="{{ .Values.notifications.slack.webhook_url }}" + DEFAULT_RECIPIENT_SLACK="{{ .Values.notifications.slack.recipient }}" exporting: enabled: false path: /etc/netdata/exporting.conf @@ -204,24 +419,45 @@ parent: to: sysadmin claiming: + # -- Enable parent claiming for netdata cloud + # @section -- Parent enabled: false + # -- Claim token + # @section -- Parent token: "" + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only + # @section -- Parent rooms: "" - url: "https://app.netdata.cloud" + url: "https://api.netdata.cloud" + # -- Additional volumeMounts to add to the parent pods + # @section -- Parent extraVolumeMounts: [] + # -- Additional volumes to add to the parent pods + # @section -- Parent extraVolumes: [] + # -- Additional init containers to add to the parent pods + # @section -- Parent + extraInitContainers: [] + child: + # -- Install child DaemonSet to gather data from nodes + # @section -- Child enabled: true + # -- Children's listen port + # @section -- Child port: "{{ .Values.parent.port }}" - + # -- An update strategy to replace existing DaemonSet pods with new pods + # @section -- Child updateStrategy: {} # type: RollingUpdate # rollingUpdate: # maxUnavailable: 1 + # -- Resources for the child DaemonSet + # @section -- Child resources: {} # limits: # cpu: 4 @@ -231,50 +467,110 @@ child: # memory: 4096Mi livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- Child + initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container + # @section -- Child failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- Child periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- Child successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- Child timeoutSeconds: 1 readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- Child + initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready + # @section -- Child failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- Child periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- Child successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- Child timeoutSeconds: 1 + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- Child terminationGracePeriodSeconds: 30 + # -- Node selector for the child daemonsets + # @section -- Child nodeSelector: {} + # -- Tolerations settings for the child daemonsets + # @default -- See values.yaml for defaults + # @section -- Child tolerations: - operator: Exists effect: NoSchedule + # -- Affinity settings for the child daemonsets + # @section -- Child affinity: {} + # -- Pod priority class name for the child daemonsets + # @section -- Child priorityClassName: "" + # -- Additional labels to add to the child pods + # @section -- Child podLabels: {} podAnnotationAppArmor: + # -- Whether or not to include the AppArmor security annotation + # @section -- Child enabled: true + # -- Additional annotations to add to the child pods + # @section -- Child podAnnotations: {} + # -- Usage of host networking and ports + # @section -- Child hostNetwork: true + # -- DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true` + # @section -- Child dnsPolicy: ClusterFirstWithHostNet persistence: + # -- Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath` + # @section -- Child enabled: true + # -- Host node directory for storing child instance data + # @section -- Child hostPath: /var/lib/netdata-k8s-child + podsMetadata: + # -- Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata + # @section -- Child + useKubelet: false + # -- Kubelet URL + # @section -- Child + kubeletUrl: "https://localhost:10250" + + # -- Manage custom child's configs + # @default -- See values.yaml for defaults + # @section -- Child configs: netdata: enabled: true path: /etc/netdata/netdata.conf data: | - [global] - memory mode = ram + [db] + mode = ram + [web] + bind to = localhost:19999 [health] enabled = no [ml] @@ -309,8 +605,10 @@ child: update_every: 1 autodetection_retry: 0 jobs: - - url: http://127.0.0.1:10255/metrics - - url: https://localhost:10250/metrics + - name: local + url: http://127.0.0.1:10255/metrics + - name: local + url: https://localhost:10250/metrics tls_skip_verify: yes kubeproxy: enabled: true @@ -319,12 +617,17 @@ child: update_every: 1 autodetection_retry: 0 jobs: - - url: http://127.0.0.1:10249/metrics + - name: local + url: http://127.0.0.1:10249/metrics + # -- Set environment parameters for the child daemonset + # @section -- Child env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 + # -- Set environment parameters for the child daemonset from ConfigMap and/or Secrets + # @section -- Child envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: @@ -333,29 +636,48 @@ child: ## Also ensure that claim.token is empty claiming: + # -- Enable child claiming for netdata cloud + # @section -- Child enabled: false + # -- Claim token + # @section -- Child token: "" + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only + # @section -- Child rooms: "" - url: "https://app.netdata.cloud" + url: "https://api.netdata.cloud" + # -- Additional volumeMounts to add to the child pods + # @section -- Child extraVolumeMounts: [] ## Additional volume mounts for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin - # - name: root - # mountPath: /host + # - name: hostroot + # mountPath: /host/root # readOnly: true # mountPropagation: HostToContainer + # -- Additional volumes to add to the child pods + # @section -- Child extraVolumes: [] ## Additional volumes for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin - # - name: root + # - name: hostroot # hostPath: # path: / k8sState: + # -- K8s state node hostname + # @section -- K8s State + hostname: "netdata-k8s-state" + # -- Install this Deployment to gather data from K8s cluster + # @section -- K8s State enabled: true + # -- Listen port + # @section -- K8s State port: "{{ .Values.parent.port }}" + # -- Compute resources required by this Deployment + # @section -- K8s State resources: {} # limits: # cpu: 4 @@ -365,50 +687,115 @@ k8sState: # memory: 4096Mi livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- K8s State + initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container + # @section -- K8s State failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- K8s State periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- K8s State successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- K8s State timeoutSeconds: 1 readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- K8s State + initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready + # @section -- K8s State failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- K8s State periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- K8s State successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- K8s State timeoutSeconds: 1 + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- K8s State terminationGracePeriodSeconds: 30 + # -- Node selector + # @section -- K8s State nodeSelector: {} - tolerations: - - operator: Exists - effect: NoSchedule + # -- Tolerations settings + # @section -- K8s State + tolerations: [] + # -- Affinity settings + # @section -- K8s State affinity: {} + # -- Pod priority class name + # @section -- K8s State priorityClassName: "" + # -- Additional labels + # @section -- K8s State podLabels: {} podAnnotationAppArmor: + # -- Whether or not to include the AppArmor security annotation + # @section -- K8s State enabled: true + # -- Additional annotations + # @section -- K8s State podAnnotations: {} + # -- DNS policy for pod + # @section -- K8s State dnsPolicy: ClusterFirstWithHostNet persistence: + # -- Whether should use a persistent volume for `/var/lib/netdata` + # @section -- K8s State enabled: true - ## Set '-' as the storageclass to get a volume from the default storage class. + # -- The storage class for the persistent volume claim of `/var/lib/netdata` + # @section -- K8s State storageclass: "-" + # -- The storage space for the PVC of `/var/lib/netdata` + # @section -- K8s State volumesize: 1Gi + # -- Set environment parameters + # @section -- K8s State + env: {} + ## To disable anonymous statistics: + # DO_NOT_TRACK: 1 + + # -- Set environment parameters from ConfigMap and/or Secrets + # @section -- K8s State + envFrom: [] + ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: + # - secretRef: + # name: netdata + ## And create it with: kubectl create secret generic netdata --from-literal="NETDATA_CLAIM_TOKEN=" + ## Also ensure that claim.token is empty + + # -- Manage custom configs + # @default -- See values.yaml for defaults + # @section -- K8s State configs: netdata: enabled: true path: /etc/netdata/netdata.conf data: | [global] - memory mode = ram + hostname = {{ .Values.k8sState.hostname }} + [db] + mode = ram + [web] + bind to = localhost:19999 [health] enabled = no [ml] @@ -462,10 +849,250 @@ k8sState: - name: k8s_state update_every: 1 + claiming: + # -- Enable claiming for netdata cloud + # @section -- K8s State + enabled: false + # -- Claim token + # @section -- K8s State + token: "" + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only + # @section -- K8s State + rooms: "" + url: "https://api.netdata.cloud" + + # -- Additional volumeMounts to add to the k8sState pods + # @section -- K8s State + extraVolumeMounts: [] + + # -- Additional volumes to add to the k8sState pods + # @section -- K8s State + extraVolumes: [] + +netdataOpentelemetry: + # -- Enable the Netdata OpenTelemetry Deployment + # @section -- Netdata OpenTelemetry + enabled: false + # -- Hostname for the Netdata OpenTelemetry instance + # @section -- Netdata OpenTelemetry + hostname: "netdata-otel" + # -- Listen port + # @section -- Netdata OpenTelemetry + port: "{{ .Values.parent.port }}" + + ## Service responsible for receiving OTEL metrics and logs + service: + # -- Service type + # @section -- Netdata OpenTelemetry + type: ClusterIP + # -- Service port + # @section -- Netdata OpenTelemetry + port: 4317 + # -- Service annotations + # @section -- Netdata OpenTelemetry + annotations: {} + # -- Cluster IP address (only used with service.type ClusterIP) + # @section -- Netdata OpenTelemetry + clusterIP: "" + # -- LoadBalancer IP address (only used with service.type LoadBalancer) + # @section -- Netdata OpenTelemetry + loadBalancerIP: "" + # -- Allowed source ranges for LoadBalancer (only used with service.type LoadBalancer) + # @section -- Netdata OpenTelemetry + loadBalancerSourceRanges: [] + # -- External traffic policy (only used with service.type LoadBalancer) + # @section -- Netdata OpenTelemetry + externalTrafficPolicy: "" + # -- Health check node port (only used with service.type LoadBalancer and external traffic policy Local) + # @section -- Netdata OpenTelemetry + healthCheckNodePort: "" + + # -- Compute resources required by this Deployment + # @section -- Netdata OpenTelemetry + resources: {} + # limits: + # cpu: 4 + # memory: 4096Mi + # requests: + # cpu: 4 + # memory: 4096Mi + + livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- Netdata OpenTelemetry + initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up + # @section -- Netdata OpenTelemetry + failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- Netdata OpenTelemetry + periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- Netdata OpenTelemetry + successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- Netdata OpenTelemetry + timeoutSeconds: 1 + readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- Netdata OpenTelemetry + initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up + # @section -- Netdata OpenTelemetry + failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- Netdata OpenTelemetry + periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- Netdata OpenTelemetry + successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- Netdata OpenTelemetry + timeoutSeconds: 1 + + securityContext: + # -- The UID to run the container process + # @section -- Netdata OpenTelemetry + runAsUser: 201 + # -- The GID to run the container process + # @section -- Netdata OpenTelemetry + runAsGroup: 201 + # -- The supplementary group for setting permissions on volumes + # @section -- Netdata OpenTelemetry + fsGroup: 201 + + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- Netdata OpenTelemetry + terminationGracePeriodSeconds: 30 + + # -- Node selector + # @section -- Netdata OpenTelemetry + nodeSelector: {} + + # -- Tolerations settings + # @section -- Netdata OpenTelemetry + tolerations: [] + + # -- Affinity settings + # @section -- Netdata OpenTelemetry + affinity: {} + + # -- Pod priority class name + # @section -- Netdata OpenTelemetry + priorityClassName: "" + + # -- Additional labels + # @section -- Netdata OpenTelemetry + podLabels: {} + + podAnnotationAppArmor: + # -- Whether or not to include the AppArmor security annotation + # @section -- Netdata OpenTelemetry + enabled: true + + # -- Additional annotations + # @section -- Netdata OpenTelemetry + podAnnotations: {} + + # -- DNS policy for pod + # @section -- Netdata OpenTelemetry + dnsPolicy: ClusterFirst + + # Volumes to create are called varlib and varlog + # varlib stores the alerts information and claimID of the agent. Static size of 1Gi + # varlog volume stores the logs. Size can be adjusted with persistence.volumesize + persistence: + # -- Whether to use persistent volumes + # @section -- Netdata OpenTelemetry + enabled: true + # -- The storage class for the persistent volume claim (both varlib and varlog volumes) + # @section -- Netdata OpenTelemetry + storageclass: "-" + # -- The storage space for the logs (varlog volume) + # @section -- Netdata OpenTelemetry + volumesize: 10Gi + + # -- Manage custom configs + # @default -- See values.yaml for defaults + # @section -- Netdata OpenTelemetry + configs: + netdata: + enabled: true + path: /etc/netdata/netdata.conf + data: | + [global] + hostname = {{ .Values.netdataOpentelemetry.hostname }} + [db] + mode = ram + [web] + bind to = localhost:19999 + [health] + enabled = no + [ml] + enabled = no + [plugins] + timex = no + checks = no + idlejitter = no + tc = no + diskspace = no + proc = no + cgroups = no + enable running new plugins = no + otel = yes + journal-viewer = yes + slabinfo = no + perf = no + go.d = yes + ioping = no + ebpf = no + charts.d = no + apps = no + python.d = no + fping = no + stream: + enabled: true + path: /etc/netdata/stream.conf + data: | + [stream] + enabled = {{ ternary "yes" "no" .Values.parent.enabled }} + destination = netdata:{{ .Values.service.port }} + api key = 11111111-2222-3333-4444-555555555555 + timeout seconds = 60 + buffer size bytes = 1048576 + reconnect delay seconds = 5 + initial clock resync iterations = 60 + otel: + enabled: true + path: /etc/netdata/otel.yaml + data: | + endpoint: + path: {{ printf "\"0.0.0.0:%v\"" .Values.netdataOpentelemetry.service.port }} + tls_cert_path: null + tls_key_path: null + tls_ca_cert_path: null + metrics: + print_flattened: false + buffer_samples: 10 + throttle_charts: 100 + chart_configs_dir: otel.d/v1/metrics + logs: + journal_dir: otel/v1 + size_of_journal_file: "100MB" + number_of_journal_files: 10 + size_of_journal_files: "1GB" + duration_of_journal_files: "7 days" + duration_of_journal_file: "2 hours" + store_otlp_json: false + + # -- Set environment parameters + # @section -- Netdata OpenTelemetry env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 + # -- Set environment parameters from ConfigMap and/or Secrets + # @section -- Netdata OpenTelemetry envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: @@ -474,11 +1101,223 @@ k8sState: ## Also ensure that claim.token is empty claiming: + # -- Enable claiming for netdata cloud + # @section -- Netdata OpenTelemetry enabled: false + # -- Claim token + # @section -- Netdata OpenTelemetry token: "" + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only + # @section -- Netdata OpenTelemetry rooms: "" - url: "https://app.netdata.cloud" + url: "https://api.netdata.cloud" + # -- Additional volumeMounts + # @section -- Netdata OpenTelemetry extraVolumeMounts: [] + # -- Additional volumes + # @section -- Netdata OpenTelemetry extraVolumes: [] + +# OpenTelemetry Collector subchart configuration +# This is an optional component that allows to gather logs from k8s cluster (in this configuration). +# If you already have an exporter of any kind, just point it to the netdata-otel service +# Documentation: https://opentelemetry.io/docs/platforms/kubernetes/helm/collector/ +otel-collector: + # -- Set to true to enable the OpenTelemetry Collector + # @section -- OpenTelemetry Collector + enabled: false + + # -- Deployment mode: daemonset, deployment, or statefulset + # @section -- OpenTelemetry Collector + mode: daemonset + + # Image configuration + image: + # -- Image repository + # @section -- OpenTelemetry Collector + repository: otel/opentelemetry-collector-k8s + + # Presets enable quick configuration for common use cases + presets: + # Collect Kubernetes attributes and add them to logs + kubernetesAttributes: + # -- Enable Kubernetes attributes collection + # @section -- OpenTelemetry Collector + enabled: true + # Collect logs from Kubernetes pods + logsCollection: + # -- Enable logs collection from Kubernetes pods + # @section -- OpenTelemetry Collector + enabled: true + # -- Include collector logs in the collection + # @section -- OpenTelemetry Collector + includeCollectorLogs: false + + # -- OpenTelemetry Collector configuration + # @default -- See values.yaml for defaults + # @section -- OpenTelemetry Collector + config: + receivers: + # Filelog receiver - collects logs from container log files + filelog: + include: + - /var/log/pods/*/*/*.log + exclude: + # Exclude OTel collector's own logs to avoid loop + - /var/log/pods/*/otc-container/*.log + start_at: end + include_file_path: true + include_file_name: false + operators: + # Parse CRI-O/containerd format logs + - type: container + id: container-parser + max_log_size: 102400 + + processors: + # Batch processor - recommended for better performance + batch: + send_batch_size: 1000 + timeout: 10s + send_batch_max_size: 1500 + + # Memory limiter to prevent OOM + memory_limiter: + check_interval: 5s + limit_percentage: 80 + spike_limit_percentage: 25 + + # Resource detection processor + resourcedetection: + detectors: [env, system] + timeout: 5s + + # Kubernetes attributes processor - adds K8s metadata to logs + k8sattributes: + auth_type: "serviceAccount" + passthrough: false + extract: + metadata: + - k8s.namespace.name + - k8s.deployment.name + - k8s.statefulset.name + - k8s.daemonset.name + - k8s.cronjob.name + - k8s.job.name + - k8s.node.name + - k8s.pod.name + - k8s.pod.uid + - k8s.pod.start_time + - k8s.container.name + labels: + - tag_name: app + key: app + from: pod + - tag_name: component + key: component + from: pod + annotations: + - tag_name: annotation.app + key: app + from: pod + pod_association: + - sources: + - from: resource_attribute + name: k8s.pod.ip + - sources: + - from: resource_attribute + name: k8s.pod.uid + - sources: + - from: connection + + exporters: + # OTLP gRPC exporter to your endpoint + otlp: + endpoint: "{{ .Release.Name }}-otel:4317" + tls: + insecure: true + + # Retry configuration + retry_on_failure: + enabled: true + initial_interval: 5s + max_interval: 30s + max_elapsed_time: 300s + + # Queue to handle temporary failures + sending_queue: + enabled: true + num_consumers: 10 + queue_size: 1000 + + service: + pipelines: + # Logs pipeline + logs: + receivers: [filelog] + processors: [memory_limiter, k8sattributes, resourcedetection, batch] + exporters: [otlp] + + # -- Resources + # @default -- See values.yaml for defaults + # @section -- OpenTelemetry Collector + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi + + # Service account with necessary RBAC permissions + serviceAccount: + # -- Create service account + # @section -- OpenTelemetry Collector + create: true + + # RBAC for accessing Kubernetes API + clusterRole: + # -- Create cluster role + # @section -- OpenTelemetry Collector + create: true + # -- Cluster role rules + # @default -- See values.yaml for defaults + # @section -- OpenTelemetry Collector + rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + + # -- Tolerations to run on all nodes + # @default -- See values.yaml for defaults + # @section -- OpenTelemetry Collector + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + + # Ports configuration + # @default -- See values.yaml for defaults + # @section -- OpenTelemetry Collector + ports: + otlp: + enabled: true + containerPort: 4317 + servicePort: 4317 + protocol: TCP + otlp-http: + enabled: true + containerPort: 4318 + servicePort: 4318 + protocol: TCP + metrics: + enabled: true + containerPort: 8888 + servicePort: 8888 + protocol: TCP diff --git a/generate-documentation.sh b/generate-documentation.sh new file mode 100755 index 00000000..aecc69dc --- /dev/null +++ b/generate-documentation.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -euo pipefail + +helm-docs -t "./templates/netdata-README.md.gotmpl" -g "charts/netdata" --ignore-non-descriptions --sort-values-order file diff --git a/templates/netdata-README.md.gotmpl b/templates/netdata-README.md.gotmpl new file mode 100644 index 00000000..7a0b29eb --- /dev/null +++ b/templates/netdata-README.md.gotmpl @@ -0,0 +1,330 @@ +# Netdata Helm chart for Kubernetes deployments + +Artifact HUB + +{{ template "chart.versionBadge" . }} + +{{ template "chart.appVersionBadge" . }} + +_Based on the work of varyumin (https://github.com/varyumin/netdata)_. + +## Introduction + +This chart bootstraps a [Netdata](https://github.com/netdata/netdata) deployment on a [Kubernetes](http://kubernetes.io) +cluster using the [Helm](https://helm.sh) package manager. + +By default, the chart installs: + +- A Netdata child pod on each node of a cluster, using a `Daemonset` +- A Netdata k8s state monitoring pod on one node, using a `Deployment`. This virtual node is called `netdata-k8s-state`. +- A Netdata parent pod on one node, using a `Deployment`. This virtual node is called `netdata-parent`. + +Disabled by default: + +- A Netdata restarter `CronJob`. Its main purpose is to automatically update Netdata when using nightly releases. + +The child pods and the state pod function as headless collectors that collect and forward +all the metrics to the parent pod. The parent pod uses persistent volumes to store metrics and alarms, handle alarm +notifications, and provide the Netdata UI to view metrics using an ingress controller. + +Please validate that the settings are suitable for your cluster before using them in production. + +## Prerequisites + +- A working cluster running Kubernetes v1.9 or newer. +- The [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) command line tool, + within [one minor version difference](https://kubernetes.io/docs/tasks/tools/install-kubectl/#before-you-begin) of + your cluster, on an administrative system. +- The [Helm package manager](https://helm.sh/) v3.8.0 or newer on the same administrative system. + +## Required Resources and Permissions + +Netdata is a comprehensive monitoring solution that requires specific access to host resources to function effectively. By design, monitoring solutions like Netdata need visibility into various system components to collect metrics and provide insights. The following mounts, privileges, and capabilities are essential for Netdata's operation, and applying restrictive security profiles or limiting these accesses may significantly impact functionality or render the monitoring solution ineffective. + +
+See required mounts, privileges and RBAC resources + +### Required Mounts + +| Mount | Type | Node | Components & Descriptions | +|:-----------------------------------------------------------|:----------------------------:|:-----------------------:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `/` | hostPath | child | • **diskspace.plugin**: Host mount points monitoring. | +| `/proc` | hostPath | child | • **proc.plugin**: Host system monitoring (CPU, memory, network interfaces, disks, etc.). | +| `/sys` | hostPath | child | • **cgroups.plugin**: Docker containers monitoring and name resolution. | +| `/var/log` | hostPath | child | • **systemd-journal.plugin**: Viewing, exploring and analyzing systemd journal logs. | +| `/etc/os-release` | hostPath | child, parent, k8sState | • **netdata**: Host info detection. | +| `/etc/passwd`, `/etc/group` | hostPath | child | • **apps.plugin**: Monitoring of host system resource usage by each user and user group. | +| `{{ "{{" }} .Values.child.persistence.hostPath {{ "}}" }}/var/lib/netdata` | hostPath (DirectoryOrCreate) | child | • **netdata**: Persistence of Netdata's /var/lib/netdata directory which contains netdata public unique ID and other files that should persist across container recreations. Without persistence, a new netdata unique ID is generated for each child on every container recreation, causing children to appear as new nodes on the Parent instance. | + +### Required Privileges and Capabilities + +| Privilege/Capability | Node | Components & Descriptions | +|:---------------------|:-----:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Host Network Mode | child | • **proc.plugin**: Host system networking stack monitoring.
• **go.d.plugin**: Monitoring applications running on the host and inside containers.
• **local-listeners**: Discovering local services/applications. Map open (listening) ports to running services/applications.
• **network-viewer.plugin**: Discovering all current network sockets and building a network-map. | +| Host PID Mode | child | • **cgroups.plugin**: Container network interfaces monitoring. Map virtual interfaces in the system namespace to interfaces inside containers. | +| SYS_ADMIN | child | • **cgroups.plugin**: Container network interfaces monitoring. Map virtual interfaces in the system namespace to interfaces inside containers.
• **network-viewer.plugin**: Discovering all current network sockets and building a network-map. | +| SYS_PTRACE | child | • **local-listeners**: Discovering local services/applications. Map open (listening) ports to running services/applications. | + +### Required Kubernetes RBAC Resources + +| Resource | Verbs | Components & Descriptions | +|:-------------------|:-----------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| pods | get, list, watch | • **service discovery**: Used for discovering services.
• **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | +| services | get, list, watch | • **service discovery**: Used for discovering services. | +| configmaps | get, list, watch | • **service discovery**: Used for discovering services. | +| secrets | get, list, watch | • **service discovery**: Used for discovering services. | +| nodes | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| nodes/metrics | get, list, watch | • **go.d/k8s_kubelet**: Used when querying Kubelet HTTPS endpoint. | +| nodes/proxy | get, list, watch | • **netdata**: Used by cgroup-name.sh when querying Kubelet /pods endpoint. | +| deployments (apps) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| cronjobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| jobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| namespaces | get | • **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | + +
+ +## Installing the Helm chart + +You can install the Helm chart via our Helm repository, or by cloning this repository. + +### Installing via our Helm repository (recommended) + +To use Netdata's Helm repository, run the following commands: + +```bash +helm repo add netdata https://netdata.github.io/helmchart/ +helm install netdata netdata/netdata +``` + +**See our [install Netdata on Kubernetes](https://github.com/netdata/netdata/blob/master/packaging/installer/methods/kubernetes.md) +documentation for detailed installation and configuration instructions.** The remainder of this document assumes you +installed the Helm chart by cloning this repository, and thus uses slightly different `helm install`/`helm upgrade` +commands. + +### Install by cloning the repository + +Clone the repository locally. + +```console +git clone https://github.com/netdata/helmchart.git netdata-helmchart +``` + +To install the chart with the release name `netdata`: + +```console +helm install netdata ./netdata-helmchart/charts/netdata +``` + +The command deploys ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) +section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list`. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console + helm delete netdata +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the netdata chart and their default values. + +{{ template "chart.valuesTableHtml" . }} + +Example to set the parameters from the command line: + +```console +$ helm install ./netdata --name my-release \ + --set notifications.slack.webhook_url=MySlackAPIURL \ + --set notifications.slack.recipient="@MyUser MyChannel" +``` + +Another example, to set a different ingress controller. + +By default `kubernetes.io/ingress.class` set to use `nginx` as an ingress controller, but you can set `Traefik` as your +ingress controller by setting `ingress.annotations`. + +``` +$ helm install ./netdata --name my-release \ + --set ingress.annotations=kubernetes.io/ingress.class: traefik +``` + +Alternatively to passing each variable in the command line, a YAML file that specifies the values for the parameters can +be provided while installing the chart. For example, + +```console +$ helm install ./netdata --name my-release -f values.yaml +``` + +> **Tip**: You can use the default values.yaml + +> **Note:**: To opt out of anonymous statistics, set the `DO_NOT_TRACK` +> environment variable to non-zero or non-empty value in +`parent.env` / `child.env` configuration (e.g.,: `DO_NOT_TRACK: 1`) +> or uncomment the line in `values.yml`. + +### Configuration files + +| Parameter | Description | Default | +|-----------------------------------|---------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------| +| `parent.configs.netdata` | Contents of the parent's `netdata.conf` | `memory mode = dbengine` | +| `parent.configs.stream` | Contents of the parent's `stream.conf` | Store child data, accept all connections, and issue alarms for child data. | +| `parent.configs.health` | Contents of `health_alarm_notify.conf` | Email disabled, a sample of the required settings for Slack notifications | +| `parent.configs.exporting` | Contents of `exporting.conf` | Disabled | +| `k8sState.configs.netdata` | Contents of `netdata.conf` | No persistent storage, no alarms | +| `k8sState.configs.stream` | Contents of `stream.conf` | Send metrics to the parent at netdata:{{ "{{" }} service.port {{ "}}" }} | +| `k8sState.configs.exporting` | Contents of `exporting.conf` | Disabled | +| `k8sState.configs.go.d` | Contents of `go.d.conf` | Only k8s_state enabled | +| `k8sState.configs.go.d-k8s_state` | Contents of `go.d/k8s_state.conf` | k8s_state configuration | +| `child.configs.netdata` | Contents of the child's `netdata.conf` | No persistent storage, no alarms, no UI | +| `child.configs.stream` | Contents of the child's `stream.conf` | Send metrics to the parent at netdata:{{ "{{" }} service.port {{ "}}" }} | +| `child.configs.exporting` | Contents of the child's `exporting.conf` | Disabled | +| `child.configs.kubelet` | Contents of the child's `go.d/k8s_kubelet.conf` that drives the kubelet collector | Update metrics every sec, do not retry to detect the endpoint, look for the kubelet metrics at http://127.0.0.1:10255/metrics | +| `child.configs.kubeproxy` | Contents of the child's `go.d/k8s_kubeproxy.conf` that drives the kubeproxy collector | Update metrics every sec, do not retry to detect the endpoint, look for the coredns metrics at http://127.0.0.1:10249/metrics | + +To deploy additional netdata user configuration files, you will need to add similar entries to either +the `parent.configs` or the `child.configs` arrays. Regardless of whether you add config files that reside directly +under `/etc/netdata` or in a subdirectory such as `/etc/netdata/go.d`, you can use the already provided configurations +as reference. For reference, the `parent.configs` the array includes an `example` alarm that would get triggered if the +python.d `example` module was enabled. Whenever you pass the sensitive data to your configuration like the database +credential, you can take an option to put it into the Kubernetes Secret by specifying `storedType: secret` in the +selected configuration. By default, all the configurations will be placed in the Kubernetes configmap. + +Note that in this chart's default configuration, the parent performs the health checks and triggers alarms but collects little data. As a result, the only other configuration files that might make sense to add to the parent are +the alarm and alarm template definitions, under `/etc/netdata/health.d`. + +> **Tip**: Do pay attention to the indentation of the config file contents, as it matters for the parsing of the `yaml` file. Note that the first line under `var: |` +> must be indented with two more spaces relative to the preceding line: + +``` + data: |- + config line 1 #Need those two spaces + config line 2 #No problem indenting more here +``` + +### Persistent volumes + +There are two different persistent volumes on `parent` node by design (not counting any Configmap/Secret mounts). Both +can be used, but they don't have to be. Keep in mind that whenever persistent volumes for `parent` are not used, all the +data for specific PV is lost in case of pod removal. + +1. database (`/var/cache/netdata`) - all metrics data is stored here. Performance of this volume affects query timings. +2. alarms (`/var/lib/netdata`) - alarm log, if not persistent pod recreation will result in parent appearing as a new + node in `netdata.cloud` (due to `./registry/` and `./cloud.d/` being removed). + +In case of `child` instance it is a bit simpler. By default, hostPath: `/var/lib/netdata-k8s-child` is mounted on child +in: `/var/lib/netdata`. You can disable it, but this option is pretty much required in a real life scenario, as without +it each pod deletion will result in a new replication node for a parent. + +### Service discovery and supported services + +Netdata's [service discovery](https://github.com/netdata/agent-service-discovery/), which is installed as part of the +Helm chart installation, finds what services are running on a cluster's pods, converts that into configuration files, +and exports them, so they can be monitored. + +#### Applications + +Service discovery currently supports the following applications via their associated collector: + +- [ActiveMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/activemq/README.md) +- [Apache](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/apache/README.md) +- [Bind](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/bind/README.md) +- [CockroachDB](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/cockroachdb/README.md) +- [Consul](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/consul/README.md) +- [CoreDNS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/coredns/README.md) +- [Elasticsearch](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/elasticsearch/README.md) +- [Fluentd](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/fluentd/README.md) +- [FreeRADIUS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/freeradius/README.md) +- [HDFS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/hdfs/README.md) +- [Lighttpd](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/lighttpd/README.md) +- [Logstash](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/logstash/README.md) +- [MySQL](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/mysql/README.md) +- [NGINX](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/nginx/README.md) +- [OpenVPN](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/openvpn/README.md) +- [PHP-FPM](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/phpfpm/README.md) +- [RabbitMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/rabbitmq/README.md) +- [Tengine](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/tengine/README.md) +- [Unbound](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/unbound/README.md) +- [VerneMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/vernemq/README.md) +- [ZooKeeper](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/zookeeper/README.md) + +#### Prometheus endpoints + +Service discovery supports Prometheus endpoints via +the [Prometheus](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/prometheus/README.md) collector. + +Annotations on pods allow a fine control of the scraping process: + +- `prometheus.io/scrape`: The default configuration will scrape all pods and, if set to false, this annotation excludes + the pod from the scraping process. +- `prometheus.io/path`: If the metrics path is not _/metrics_, define it with this annotation. +- `prometheus.io/port`: Scrape the pod on the indicated port instead of the pod's declared ports. + +#### Configure service discovery + +If your cluster runs services on non-default ports or uses non-default names, you may need to configure service +discovery to start collecting metrics from your services. You have to edit +the [default ConfigMap](https://github.com/netdata/helmchart/blob/master/sdconfig/child.yml) that is shipped with the +Helmchart and deploy that to your cluster. + +First, copy `netdata-helmchart/sdconfig/child.yml` to a new location outside the `netdata-helmchart` directory. The +destination can be anywhere you like, but the following examples assume it resides next to the `netdata-helmchart` +directory. + +```bash +cp netdata-helmchart/sdconfig/child.yml . +``` + +Edit the new `child.yml` file according to your needs. See +the [Helm chart configuration](https://github.com/netdata/helmchart#configuration) and the file itself for details. You +can then run +`helm install`/`helm upgrade` with the `--set-file` argument to use your configured `child.yml` file instead of the +default, changing the path if you copied it elsewhere. + +```bash +helm install --set-file sd.child.configmap.from.value=./child.yml netdata ./netdata-helmchart/charts/netdata +helm upgrade --set-file sd.child.configmap.from.value=./child.yml netdata ./netdata-helmchart/charts/netdata +``` + +Now that you pushed an edited ConfigMap to your cluster, service discovery should find and set up metrics collection +from your non-default service. + +### Custom pod labels and annotations + +Occasionally, you will want to add +specific [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +and [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the parent and/or +child pods. You might want to do this to tell other applications on the cluster how to treat your pods, or simply to +categorize applications on your cluster. You can label and annotate the parent and child pods by using the `podLabels` +and `podAnnotations` dictionaries under the `parent` and `child` objects, respectively. + +For example, suppose you're installing Netdata on all your database nodes, and you'd like the child pods to be labeled +with `workload: database` so that you're able to recognize this. + +At the same time, say you've configured [chaoskube](https://github.com/helm/charts/tree/master/stable/chaoskube) to kill +all pods annotated with `chaoskube.io/enabled: true`, and you'd like chaoskube to be enabled for the parent pod but not +the childs. + +You would do this by installing as: + +```console +$ helm install \ + --set child.podLabels.workload=database \ + --set 'child.podAnnotations.chaoskube\.io/enabled=false' \ + --set 'parent.podAnnotations.chaoskube\.io/enabled=true' \ + netdata ./netdata-helmchart/charts/netdata +``` + +## Contributing + +If you want to contribute, we're humbled! + +- Take a look at our [Contributing Guidelines](https://github.com/netdata/.github/blob/main/CONTRIBUTING.md). +- This repository is under the [Netdata Code Of Conduct](https://github.com/netdata/.github/blob/main/CODE_OF_CONDUCT.md). +- Chat about your contribution and let us help you in + our [forum](https://community.netdata.cloud/c/agent-development/9)!