From 93ffdce73346b5f0cd2a5f43d96683b6cd230a1c Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Tue, 17 Oct 2023 08:08:30 -0400 Subject: [PATCH 01/28] Minor script improvement (#2647) * print encoded CA if no values Signed-off-by: Chip Zoller * Update cost-analyzer/scripts/create-admission-controller-tls.sh Co-authored-by: Thomas Nguyen --------- Signed-off-by: Chip Zoller Co-authored-by: Thomas Nguyen --- cost-analyzer/scripts/create-admission-controller-tls.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cost-analyzer/scripts/create-admission-controller-tls.sh b/cost-analyzer/scripts/create-admission-controller-tls.sh index 7a8fa5bdc..2290cadd1 100755 --- a/cost-analyzer/scripts/create-admission-controller-tls.sh +++ b/cost-analyzer/scripts/create-admission-controller-tls.sh @@ -19,6 +19,11 @@ kubectl create secret tls webhook-server-tls \ --cert "certs/tls.crt" \ --key "certs/tls.key" -n "${namespace}" -echo -e "\nUpdating values.yaml ..." ENCODED_CA=$(base64 < certs/tls.crt | tr -d '\n') -sed -i '' 's@${CA_BUNDLE}@'"${ENCODED_CA}"'@g' ../values.yaml \ No newline at end of file + +if [ -f "../values.yaml" ]; then + echo -e "\nUpdating values.yaml ..." + sed -i '' 's@${CA_BUNDLE}@'"${ENCODED_CA}"'@g' ../values.yaml +else + echo -e "\nThe CA bundle to use in your values file is: \n${ENCODED_CA}" +fi \ No newline at end of file From c14d75222db8a01f8278283f6638a14166e25951 Mon Sep 17 00:00:00 2001 From: Alex Meijer Date: Tue, 17 Oct 2023 10:27:03 -0400 Subject: [PATCH 02/28] provide embedded jaeger all in one for tracing Signed-off-by: Alex Meijer --- cost-analyzer/templates/aggregator-statefulset.yaml | 11 ++++++++++- cost-analyzer/values.yaml | 5 +++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/cost-analyzer/templates/aggregator-statefulset.yaml b/cost-analyzer/templates/aggregator-statefulset.yaml index c172fed99..29d0fb6dc 100644 --- a/cost-analyzer/templates/aggregator-statefulset.yaml +++ b/cost-analyzer/templates/aggregator-statefulset.yaml @@ -69,6 +69,12 @@ spec: {{- end }} containers: + {{- if .Values.kubecostAggregator.jaeger.enabled }} + - name: embedded-jaeger + securityContext: + {{- toYaml .Values.kubecostAggregator.jaeger.containerSecurityContext | nindent 12 }} + image: {{ .Values.kubecostAggregator.jaeger.image }}:{{ .Values.kubecostAggregator.jaeger.imageVersion }} + {{- end }} - name: aggregator {{- if .Values.kubecostAggregator.containerSecurityContext }} securityContext: @@ -127,7 +133,10 @@ spec: name: {{ .Values.prometheus.server.clusterIDConfigmap }} key: CLUSTER_ID {{- end }} - + {{- if .Values.kubecostAggregator.jaeger.enabled }} + - name: TRACING_URL + value: "http://localhost:14268/api/traces" + {{- end }} - name: CONFIG_PATH value: /var/configs/ - name: ETL_ENABLED diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 76bce396a..1cf6ff688 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -946,6 +946,11 @@ kubecostDeployment: # At present, this should only be enabled when recommended # by Kubecost staff. kubecostAggregator: + jaeger: + enabled: false + image: jaegertracing/all-in-one + imageVersion: latest + # containerSecurityContext: # fullImageName: cloudCost: enabled: false From 70febcf914a5b6791c50f486d6c164ed626d5f5d Mon Sep 17 00:00:00 2001 From: Jesse Goodier <31039225+jessegoodier@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:26:23 -0400 Subject: [PATCH 03/28] option to hide diagnostics (#2651) * option to hide diagnostics --- .../cost-analyzer-frontend-config-map-template.yaml | 11 ++++++++++- cost-analyzer/values.yaml | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index 7b827c3b0..b2646b6cc 100755 --- a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -344,7 +344,7 @@ data: } # to get memory profile from query service need to prefix all request by queryservice/ - # for example if you want heap dump from query service end point should be + # for example if you want heap dump from query service end point should be # /model/queryservice/debug/pprof/heap to get queryservice heap dumps location ~ /model/queryservice/(.*)$ { proxy_connect_timeout 600; @@ -580,6 +580,15 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } {{- end }} + location = /model/hideDiagnostics { + default_type text/html; + {{- if .Values.kubecostFrontend.hideDiagnostics }} + return 200 'true'; + {{- else }} + return 200 'false'; + {{- end }} + } + {{- if .Values.kubecostAggregator.cloudCost.enabled }} location = /model/cloudCost/status { proxy_read_timeout 300; diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 76bce396a..782774470 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -358,6 +358,7 @@ kubecostFrontend: # proxy_buffers 4 512k; # proxy_buffer_size 256k; # large_client_header_buffers 4 64k; + # hideDiagnostics: false # used if the primary is not monitored. Supported in limited environments. # api: # fqdn: kubecost-api.kubecost.svc.cluster.local:9001 From 4c6f3cf900077b48036111c8f4031369701b4992 Mon Sep 17 00:00:00 2001 From: Niko Kovacevic Date: Tue, 17 Oct 2023 12:48:06 -0600 Subject: [PATCH 04/28] Enable Aggregator's /clusters/status endpoint --- .../cost-analyzer-frontend-config-map-template.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index b2646b6cc..f9ede583f 100755 --- a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -489,6 +489,14 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } + location = /model/clusters/status { + proxy_read_timeout 300; + proxy_pass http://aggregator/clusters/status; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } location = /model/savings { proxy_read_timeout 300; proxy_pass http://aggregator/savings; From 2ba9dc2adaed093843c213279e3533aabde608fe Mon Sep 17 00:00:00 2001 From: Niko Kovacevic Date: Tue, 17 Oct 2023 16:57:11 -0600 Subject: [PATCH 05/28] Aggregator: support /model/unclaimedVolumes --- .../cost-analyzer-frontend-config-map-template.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index f9ede583f..0d522ccdf 100755 --- a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -521,6 +521,14 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } + location = /model/savings/unclaimedVolumes { + proxy_read_timeout 300; + proxy_pass http://aggregator/savings/unclaimedVolumes; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } location = /model/reports/allocation { proxy_read_timeout 300; proxy_pass http://aggregator/reports/allocation; From 5237edc91d9d51bf374ce1bfac373deb77f800c4 Mon Sep 17 00:00:00 2001 From: Alex Meijer Date: Wed, 18 Oct 2023 10:50:17 -0400 Subject: [PATCH 06/28] the aggregator should just use the cost analyzer's SA unless a specific override is provided Signed-off-by: Alex Meijer --- cost-analyzer/templates/_helpers.tpl | 6 +- .../templates/aggregator-clusterrole.yaml | 81 ------------------- .../aggregator-clusterrolebinding.yaml | 18 ----- .../templates/aggregator-service-account.yaml | 18 ----- cost-analyzer/values.yaml | 4 + 5 files changed, 7 insertions(+), 120 deletions(-) delete mode 100644 cost-analyzer/templates/aggregator-clusterrole.yaml delete mode 100644 cost-analyzer/templates/aggregator-clusterrolebinding.yaml delete mode 100644 cost-analyzer/templates/aggregator-service-account.yaml diff --git a/cost-analyzer/templates/_helpers.tpl b/cost-analyzer/templates/_helpers.tpl index 0b0f8337c..e2227c856 100755 --- a/cost-analyzer/templates/_helpers.tpl +++ b/cost-analyzer/templates/_helpers.tpl @@ -127,10 +127,10 @@ Create the name of the service account {{- end -}} {{- end -}} {{- define "aggregator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "aggregator.fullname" .) .Values.serviceAccount.name }} +{{- if .Values.kubecostAggregator.serviceAccountName -}} + {{ .Values.kubecostAggregator.serviceAccountName }} {{- else -}} - {{ default "default" .Values.serviceAccount.name }} + {{ template "cost-analyzer.serviceAccountName" . }} {{- end -}} {{- end -}} {{- define "cloudCost.serviceAccountName" -}} diff --git a/cost-analyzer/templates/aggregator-clusterrole.yaml b/cost-analyzer/templates/aggregator-clusterrole.yaml deleted file mode 100644 index 4355b73b3..000000000 --- a/cost-analyzer/templates/aggregator-clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostAggregator) }} -{{- if .Values.kubecostAggregator.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "aggregator.serviceAccountName" . }} - labels: - {{ include "aggregator.commonLabels" . | nindent 4 }} -rules: - - apiGroups: - - '' - resources: - - configmaps - - nodes - - pods - - events - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - daemonsets - - replicasets - verbs: - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - list - - watch -{{- end }} -{{- end }} diff --git a/cost-analyzer/templates/aggregator-clusterrolebinding.yaml b/cost-analyzer/templates/aggregator-clusterrolebinding.yaml deleted file mode 100644 index 7feeb81fa..000000000 --- a/cost-analyzer/templates/aggregator-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostAggregator) }} -{{- if .Values.kubecostAggregator.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "aggregator.serviceAccountName" . }} - labels: - {{ include "aggregator.commonLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "aggregator.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "aggregator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/cost-analyzer/templates/aggregator-service-account.yaml b/cost-analyzer/templates/aggregator-service-account.yaml deleted file mode 100644 index a7f12c8ee..000000000 --- a/cost-analyzer/templates/aggregator-service-account.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostAggregator) }} -{{- if .Values.kubecostAggregator.enabled }} - -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "aggregator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{ include "aggregator.commonLabels" . | nindent 4 }} -{{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 6c729f502..dd0cce62d 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -947,6 +947,10 @@ kubecostDeployment: # At present, this should only be enabled when recommended # by Kubecost staff. kubecostAggregator: + # by default, the aggregator uses the same service account as the cost analyzer + # if a custom service account is desired for the aggregator only, provide the name + # of a pre-existing service account for the Kubecost Aggregator to use here + #serviceAccountName: jaeger: enabled: false image: jaegertracing/all-in-one From 5769e848faaba78ef64f2df999ec8e56adc3a0cb Mon Sep 17 00:00:00 2001 From: Jesse Goodier <31039225+jessegoodier@users.noreply.github.com> Date: Wed, 18 Oct 2023 11:23:44 -0400 Subject: [PATCH 07/28] 1.106.3 update (#2661) --- cost-analyzer/Chart.yaml | 4 +- kubecost.yaml | 738 +++++++++++---------------------------- 2 files changed, 215 insertions(+), 527 deletions(-) diff --git a/cost-analyzer/Chart.yaml b/cost-analyzer/Chart.yaml index 8a0d38561..7bf488a2d 100755 --- a/cost-analyzer/Chart.yaml +++ b/cost-analyzer/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: "1.106.0" +appVersion: "1.106.3" description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. name: cost-analyzer -version: "1.106.0" +version: "1.106.3" annotations: "artifacthub.io/links": | - name: Homepage diff --git a/kubecost.yaml b/kubecost.yaml index d64075cb2..3447802b3 100644 --- a/kubecost.yaml +++ b/kubecost.yaml @@ -19,20 +19,6 @@ metadata: name: kubecost-grafana namespace: kubecost --- -# Source: cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: kube-state-metrics - helm.sh/chart: kube-state-metrics-2.7.2 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/instance: kubecost - name: kubecost-kube-state-metrics - namespace: kubecost -imagePullSecrets: - [] ---- # Source: cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -66,9 +52,9 @@ metadata: name: kubecost-cost-analyzer namespace: kubecost labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -296,84 +282,6 @@ data: source_labels: - __meta_kubernetes_pod_node_name target_label: kubernetes_node - - job_name: kubernetes-service-endpoints-slow - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - action: keep - regex: true - source_labels: - - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow - - action: replace - regex: (https?) - source_labels: - - __meta_kubernetes_service_annotation_prometheus_io_scheme - target_label: __scheme__ - - action: replace - regex: (.+) - source_labels: - - __meta_kubernetes_service_annotation_prometheus_io_path - target_label: __metrics_path__ - - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - source_labels: - - __address__ - - __meta_kubernetes_service_annotation_prometheus_io_port - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: kubernetes_namespace - - action: replace - source_labels: - - __meta_kubernetes_service_name - target_label: kubernetes_name - - action: replace - source_labels: - - __meta_kubernetes_pod_node_name - target_label: kubernetes_node - scrape_interval: 5m - scrape_timeout: 30s - - honor_labels: true - job_name: prometheus-pushgateway - kubernetes_sd_configs: - - role: service - relabel_configs: - - action: keep - regex: pushgateway - source_labels: - - __meta_kubernetes_service_annotation_prometheus_io_probe - - job_name: kubernetes-services - kubernetes_sd_configs: - - role: service - metrics_path: /probe - params: - module: - - http_2xx - relabel_configs: - - action: keep - regex: true - source_labels: - - __meta_kubernetes_service_annotation_prometheus_io_probe - - source_labels: - - __address__ - target_label: __param_target - - replacement: blackbox - target_label: __address__ - - source_labels: - - __param_target - target_label: instance - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: - - __meta_kubernetes_namespace - target_label: kubernetes_namespace - - source_labels: - - __meta_kubernetes_service_name - target_label: kubernetes_name - job_name: kubecost honor_labels: true scrape_interval: 1m @@ -393,7 +301,7 @@ data: - source_labels: [__meta_kubernetes_pod_label_app] action: keep regex: kubecost-network-costs - + recording_rules.yml: | {} rules: | @@ -442,9 +350,9 @@ metadata: name: kubecost-cost-analyzer namespace: kubecost labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -460,9 +368,9 @@ metadata: name: nginx-conf namespace: kubecost labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -514,7 +422,6 @@ data: upstream grafana { server kubecost-grafana.kubecost; } - server { server_name _; root /var/www; @@ -531,7 +438,7 @@ data: location / { try_files $uri $uri/ /index.html; } - add_header ETag "1.106.0"; + add_header ETag "1.106.3"; listen 9090; listen [::]:9090; location /api/ { @@ -615,7 +522,13 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } - + + + # Query Service Replicas (QSR) proxy + location = /model/hideDiagnostics { + default_type text/html; + return 200 'false'; + } } --- # Source: cost-analyzer/templates/grafana-attached-disk-metrics-template.yaml @@ -624,9 +537,9 @@ kind: ConfigMap metadata: name: attached-disk-metrics-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -749,7 +662,7 @@ data: "uid": "${datasource}" }, "editorMode": "code", - "expr": "sum(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", + "expr": "max(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", "format": "time_series", "interval": "", "intervalFactor": 1, @@ -846,7 +759,7 @@ data: "uid": "${datasource}" }, "editorMode": "code", - "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance) / sum(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id,instance)", + "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance) / max(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id,instance)", "format": "time_series", "interval": "", "intervalFactor": 1, @@ -1176,9 +1089,9 @@ kind: ConfigMap metadata: name: cluster-metrics-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -2876,9 +2789,9 @@ kind: ConfigMap metadata: name: cluster-utilization-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -3502,7 +3415,7 @@ data: "pluginVersion": "8.3.2", "targets": [ { - "expr": "SUM(container_memory_usage_bytes{namespace!=\"\"}) / SUM(kube_node_status_allocatable{resource=\"memory\", unit=\"byte\"}) * 100", + "expr": "SUM(container_memory_working_set_bytes{name!=\"POD\", container!=\"\", namespace!=\"\"}) / SUM(kube_node_status_allocatable{resource=\"memory\", unit=\"byte\"}) * 100", "format": "time_series", "interval": "", "intervalFactor": 1, @@ -6090,9 +6003,9 @@ kind: ConfigMap metadata: name: deployment-utilization-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -7494,9 +7407,9 @@ kind: ConfigMap metadata: name: grafana-dashboard-kubernetes-resource-efficiency labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -7920,9 +7833,9 @@ kind: ConfigMap metadata: name: label-cost-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -9083,9 +8996,9 @@ kind: ConfigMap metadata: name: namespace-utilization-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -9115,7 +9028,7 @@ data: "id":9, "iteration":1553150922105, "links":[ - + ], "panels":[ { @@ -9136,7 +9049,7 @@ data: "hideTimeOverride":true, "id":73, "links":[ - + ], "pageSize":8, "repeat":null, @@ -9181,7 +9094,7 @@ data: "decimals":2, "pattern":"Value #B", "thresholds":[ - + ], "type":"number", "unit":"decbytes" @@ -9199,7 +9112,7 @@ data: "mappingType":1, "pattern":"Value #A", "thresholds":[ - + ], "type":"number", "unit":"percent" @@ -9217,7 +9130,7 @@ data: "mappingType":1, "pattern":"Time", "thresholds":[ - + ], "type":"hidden", "unit":"short" @@ -9235,7 +9148,7 @@ data: "mappingType":1, "pattern":"Value #C", "thresholds":[ - + ], "type":"number", "unit":"currencyUSD" @@ -9253,7 +9166,7 @@ data: "mappingType":1, "pattern":"Value #D", "thresholds":[ - + ], "type":"number", "unit":"currencyUSD" @@ -9343,7 +9256,7 @@ data: "hideTimeOverride":true, "id":90, "links":[ - + ], "pageSize":8, "repeatDirection":"v", @@ -9367,7 +9280,7 @@ data: "mappingType":1, "pattern":"namespace", "thresholds":[ - + ], "type":"hidden", "unit":"short" @@ -9385,7 +9298,7 @@ data: "mappingType":1, "pattern":"persistentvolumeclaim", "thresholds":[ - + ], "type":"number", "unit":"short" @@ -9403,7 +9316,7 @@ data: "mappingType":1, "pattern":"storageclass", "thresholds":[ - + ], "type":"number", "unit":"short" @@ -9421,7 +9334,7 @@ data: "mappingType":1, "pattern":"Value", "thresholds":[ - + ], "type":"number", "unit":"gbytes" @@ -9439,7 +9352,7 @@ data: "mappingType":1, "pattern":"Time", "thresholds":[ - + ], "type":"hidden", "unit":"short" @@ -9466,7 +9379,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -9493,7 +9406,7 @@ data: "lines":true, "linewidth":1, "links":[ - + ], "nullPointMode":"null", "percentage":false, @@ -9501,7 +9414,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -9515,7 +9428,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":null, "timeShift":null, @@ -9532,7 +9445,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -9560,7 +9473,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -9572,7 +9485,7 @@ data: "error":false, "fill":0, "grid":{ - + }, "gridPos":{ "h":6, @@ -9602,7 +9515,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -9610,7 +9523,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -9630,7 +9543,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -9648,7 +9561,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -9677,7 +9590,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -9689,7 +9602,7 @@ data: "error":false, "fill":0, "grid":{ - + }, "gridPos":{ "h":6, @@ -9716,7 +9629,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -9724,7 +9637,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -9740,7 +9653,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -9758,7 +9671,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -9787,7 +9700,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -9799,7 +9712,7 @@ data: "error":false, "fill":1, "grid":{ - + }, "gridPos":{ "h":6, @@ -9829,7 +9742,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -9837,7 +9750,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -9867,7 +9780,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -9885,7 +9798,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -9913,7 +9826,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -9925,7 +9838,7 @@ data: "error":false, "fill":1, "grid":{ - + }, "gridPos":{ "h":6, @@ -9955,7 +9868,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -9963,7 +9876,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -9993,7 +9906,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -10011,7 +9924,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -10187,7 +10100,7 @@ data: "multi":false, "name":"namespace", "options":[ - + ], "query":"query_result(sum(kube_namespace_created{namespace!=\"\"}) by (namespace))", "refresh":1, @@ -10196,7 +10109,7 @@ data: "sort":0, "tagValuesQuery":"", "tags":[ - + ], "tagsQuery":"", "type":"query", @@ -10205,7 +10118,7 @@ data: { "datasource":"${datasource}", "filters":[ - + ], "hide":0, "label":"", @@ -10276,9 +10189,9 @@ kind: ConfigMap metadata: name: node-utilization-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -10307,7 +10220,7 @@ data: "id":6, "iteration":1557245882378, "links":[ - + ], "panels":[ { @@ -10337,7 +10250,7 @@ data: "id":2, "interval":null, "links":[ - + ], "mappingType":1, "mappingTypes":[ @@ -10419,7 +10332,7 @@ data: "id":3, "interval":null, "links":[ - + ], "mappingType":1, "mappingTypes":[ @@ -10501,7 +10414,7 @@ data: "id":4, "interval":null, "links":[ - + ], "mappingType":1, "mappingTypes":[ @@ -10574,7 +10487,7 @@ data: "hideTimeOverride":true, "id":21, "links":[ - + ], "pageSize":8, "repeat":null, @@ -10620,7 +10533,7 @@ data: "mappingType":1, "pattern":"Time", "thresholds":[ - + ], "type":"hidden", "unit":"short" @@ -10638,7 +10551,7 @@ data: "mappingType":1, "pattern":"Value #C", "thresholds":[ - + ], "type":"number", "unit":"short" @@ -10656,7 +10569,7 @@ data: "mappingType":1, "pattern":"Value #A", "thresholds":[ - + ], "type":"number", "unit":"short" @@ -10674,7 +10587,7 @@ data: "mappingType":1, "pattern":"Value #B", "thresholds":[ - + ], "type":"number", "unit":"short" @@ -10692,7 +10605,7 @@ data: "mappingType":1, "pattern":"Value #D", "thresholds":[ - + ], "type":"number", "unit":"bytes" @@ -10710,7 +10623,7 @@ data: "mappingType":1, "pattern":"Value #E", "thresholds":[ - + ], "type":"number", "unit":"bytes" @@ -10728,7 +10641,7 @@ data: "mappingType":1, "pattern":"Value #F", "thresholds":[ - + ], "type":"number", "unit":"bytes" @@ -10799,7 +10712,7 @@ data: "id":8, "interval":null, "links":[ - + ], "mappingType":1, "mappingTypes":[ @@ -10882,7 +10795,7 @@ data: "id":18, "interval":null, "links":[ - + ], "mappingType":1, "mappingTypes":[ @@ -10964,7 +10877,7 @@ data: "id":9, "interval":null, "links":[ - + ], "mappingType":1, "mappingTypes":[ @@ -11046,7 +10959,7 @@ data: "id":19, "interval":null, "links":[ - + ], "mappingType":1, "mappingTypes":[ @@ -11103,7 +11016,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -11115,7 +11028,7 @@ data: "error":false, "fill":0, "grid":{ - + }, "gridPos":{ "h":6, @@ -11145,7 +11058,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -11153,7 +11066,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -11173,7 +11086,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -11191,7 +11104,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -11220,7 +11133,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -11232,7 +11145,7 @@ data: "error":false, "fill":0, "grid":{ - + }, "gridPos":{ "h":6, @@ -11259,7 +11172,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -11267,7 +11180,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -11286,7 +11199,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -11304,7 +11217,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -11333,7 +11246,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -11345,7 +11258,7 @@ data: "error":false, "fill":1, "grid":{ - + }, "gridPos":{ "h":6, @@ -11375,7 +11288,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -11383,7 +11296,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -11413,7 +11326,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -11431,7 +11344,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -11459,7 +11372,7 @@ data: }, { "aliasColors":{ - + }, "bars":false, "dashLength":10, @@ -11471,7 +11384,7 @@ data: "error":false, "fill":1, "grid":{ - + }, "gridPos":{ "h":6, @@ -11501,7 +11414,7 @@ data: "lines":true, "linewidth":2, "links":[ - + ], "nullPointMode":"connected", "percentage":false, @@ -11509,7 +11422,7 @@ data: "points":false, "renderer":"flot", "seriesOverrides":[ - + ], "spaceLength":10, "stack":false, @@ -11539,7 +11452,7 @@ data: } ], "thresholds":[ - + ], "timeFrom":"", "timeShift":null, @@ -11557,7 +11470,7 @@ data: "name":null, "show":true, "values":[ - + ] }, "yaxes":[ @@ -11606,7 +11519,7 @@ data: "multi":false, "name":"node", "options":[ - + ], "query":"query_result(kube_node_labels)", "refresh":1, @@ -11615,7 +11528,7 @@ data: "sort":0, "tagValuesQuery":"", "tags":[ - + ], "tagsQuery":"", "type":"query", @@ -11683,9 +11596,9 @@ kind: ConfigMap metadata: name: pod-utilization-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -12458,9 +12371,9 @@ kind: ConfigMap metadata: name: prom-benchmark-dashboard labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -18165,9 +18078,9 @@ kind: ConfigMap metadata: name: grafana-dashboard-networkcosts-metrics labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -18822,9 +18735,9 @@ kind: ConfigMap metadata: name: grafana-dashboard-pod-utilization-multi-cluster labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -19637,9 +19550,9 @@ metadata: name: kubecost-cost-analyzer namespace: kubecost labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -19665,118 +19578,6 @@ rules: resources: ["configmaps"] verbs: ["get", "watch", "list"] --- -# Source: cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kube-state-metrics - helm.sh/chart: kube-state-metrics-2.7.2 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/instance: kubecost - name: kubecost-kube-state-metrics -rules: - -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] - -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] - -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] - -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] - -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] - -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] - -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] - -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] - -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] - -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] - -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] ---- # Source: cost-analyzer/charts/prometheus/templates/server-clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -19824,9 +19625,9 @@ kind: ClusterRole metadata: name: kubecost-cost-analyzer labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -19896,9 +19697,9 @@ rules: - get - list - watch - - apiGroups: + - apiGroups: - storage.k8s.io - resources: + resources: - storageclasses verbs: - get @@ -19932,25 +19733,6 @@ roleRef: name: kubecost-grafana-clusterrole apiGroup: rbac.authorization.k8s.io --- -# Source: cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: kube-state-metrics - helm.sh/chart: kube-state-metrics-2.7.2 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/instance: kubecost - name: kubecost-kube-state-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubecost-kube-state-metrics -subjects: -- kind: ServiceAccount - name: kubecost-kube-state-metrics - namespace: kubecost ---- # Source: cost-analyzer/charts/prometheus/templates/server-clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -19977,9 +19759,9 @@ kind: ClusterRoleBinding metadata: name: kubecost-cost-analyzer labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -20011,14 +19793,14 @@ metadata: namespace: kubecost name: kubecost-cost-analyzer labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer rules: -- apiGroups: +- apiGroups: - '' resources: - "pods/log" @@ -20053,9 +19835,9 @@ metadata: name: kubecost-cost-analyzer namespace: kubecost labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -20091,30 +19873,6 @@ spec: app: grafana release: kubecost --- -# Source: cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kubecost-kube-state-metrics - namespace: kubecost - labels: - app.kubernetes.io/name: kube-state-metrics - helm.sh/chart: "kube-state-metrics-2.7.2" - app.kubernetes.io/instance: "kubecost" - app.kubernetes.io/managed-by: "Helm" - annotations: - prometheus.io/scrape: 'true' -spec: - type: "ClusterIP" - ports: - - name: "http" - protocol: TCP - port: 8080 - targetPort: 8080 - selector: - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/instance: kubecost ---- # Source: cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml apiVersion: v1 kind: Service @@ -20174,15 +19932,15 @@ metadata: name: kubecost-cost-analyzer namespace: kubecost labels: - + app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer spec: selector: - + app.kubernetes.io/name: cost-analyzer app.kubernetes.io/instance: kubecost app: cost-analyzer @@ -20284,12 +20042,23 @@ spec: spec: serviceAccountName: kubecost-grafana securityContext: - fsGroup: 472 - runAsUser: 472 + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault containers: - name: grafana-sc-dashboard - image: "kiwigrid/k8s-sidecar:1.25.0" + image: "kiwigrid/k8s-sidecar:1.25.1" imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true env: - name: LABEL value: "grafana_dashboard" @@ -20305,6 +20074,13 @@ spec: - name: grafana image: "grafana/grafana:9.4.7" imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true volumeMounts: - name: config mountPath: "/etc/grafana/grafana.ini" @@ -20322,7 +20098,7 @@ spec: subPath: provider.yaml - name: storage mountPath: "/var/lib/grafana" - subPath: + subPath: ports: - name: service containerPort: 80 @@ -20372,123 +20148,6 @@ spec: configMap: name: kubecost-grafana-config-dashboards --- -# Source: cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubecost-kube-state-metrics - namespace: kubecost - labels: - app.kubernetes.io/name: kube-state-metrics - helm.sh/chart: "kube-state-metrics-2.7.2" - app.kubernetes.io/instance: "kubecost" - app.kubernetes.io/managed-by: "Helm" -spec: - selector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics - replicas: 1 - template: - metadata: - labels: - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/instance: "kubecost" - spec: - hostNetwork: false - serviceAccountName: kubecost-kube-state-metrics - securityContext: - fsGroup: 65534 - runAsUser: 65534 - containers: - - name: kube-state-metrics - args: - - - - --collectors=configmaps - - - - --collectors=cronjobs - - - - --collectors=daemonsets - - - - --collectors=deployments - - - - --collectors=endpoints - - - - --collectors=horizontalpodautoscalers - - - - - --collectors=jobs - - - - --collectors=limitranges - - - - - --collectors=namespaces - - - - - --collectors=nodes - - - - --collectors=persistentvolumeclaims - - - - --collectors=persistentvolumes - - - - --collectors=poddisruptionbudgets - - - - --collectors=pods - - - - --collectors=replicasets - - - - --collectors=replicationcontrollers - - - - --collectors=resourcequotas - - - - - --collectors=services - - - - --collectors=statefulsets - - - - --collectors=storageclasses - - - - - - - imagePullPolicy: IfNotPresent - image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v1.9.8" - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 ---- # Source: cost-analyzer/charts/prometheus/templates/server-deployment.yaml apiVersion: apps/v1 kind: Deployment @@ -20522,13 +20181,20 @@ spec: serviceAccountName: kubecost-prometheus-server containers: - name: prometheus-server-configmap-reload - image: "jimmidyson/configmap-reload:v0.7.1" + image: "jimmidyson/configmap-reload:v0.9.0" imagePullPolicy: "IfNotPresent" args: - --volume-dir=/etc/config - --webhook-url=http://127.0.0.1:9090/-/reload resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true volumeMounts: - name: config-volume mountPath: /etc/config @@ -20566,6 +20232,13 @@ spec: successThreshold: 1 resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true volumeMounts: - name: config-volume mountPath: /etc/config @@ -20573,10 +20246,12 @@ spec: mountPath: /data subPath: "" securityContext: - fsGroup: 1001 - runAsGroup: 1001 + fsGroup: 65534 + runAsGroup: 65534 runAsNonRoot: true - runAsUser: 1001 + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault terminationGracePeriodSeconds: 300 volumes: - name: config-volume @@ -20594,7 +20269,7 @@ metadata: namespace: kubecost labels: app.kubernetes.io/name: cost-analyzer - helm.sh/chart: cost-analyzer-1.106.0 + helm.sh/chart: cost-analyzer-1.106.3 app.kubernetes.io/instance: kubecost app.kubernetes.io/managed-by: Helm app: cost-analyzer @@ -20618,9 +20293,12 @@ spec: app: cost-analyzer spec: securityContext: - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault restartPolicy: Always serviceAccountName: kubecost-cost-analyzer volumes: @@ -20637,9 +20315,16 @@ spec: claimName: kubecost-cost-analyzer initContainers: containers: - - image: gcr.io/kubecost1/cost-model:prod-1.106.0 - + - image: gcr.io/kubecost1/cost-model:prod-1.106.3 + name: cost-model + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true imagePullPolicy: Always ports: - name: tcp-model @@ -20672,8 +20357,6 @@ spec: env: - name: GRAFANA_ENABLED value: "true" - - name: HELM_VALUES - value: eyJhZmZpbml0eSI6e30sImF3c3N0b3JlIjp7ImNyZWF0ZVNlcnZpY2VBY2NvdW50IjpmYWxzZSwicHJpb3JpdHlDbGFzc05hbWUiOiIiLCJ1c2VBd3NTdG9yZSI6ZmFsc2V9LCJleHRyYU9iamVjdHMiOltdLCJleHRyYVZvbHVtZU1vdW50cyI6W10sImV4dHJhVm9sdW1lcyI6W10sImZlZGVyYXRlZEVUTCI6eyJmZWRlcmF0ZWRDbHVzdGVyIjpmYWxzZSwicHJpbWFyeUNsdXN0ZXIiOmZhbHNlLCJyZWRpcmVjdFMzQmFja3VwIjpmYWxzZSwidXNlRXhpc3RpbmdTM0NvbmZpZyI6ZmFsc2UsInVzZU11bHRpQ2x1c3RlckRCIjpmYWxzZX0sImdsb2JhbCI6eyJhZGRpdGlvbmFsTGFiZWxzIjp7fSwiY29udGFpbmVyU2VjdXJpdHljb250ZXh0Ijp7fSwiZ3JhZmFuYSI6eyJkb21haW5OYW1lIjoiY29zdC1hbmFseXplci1ncmFmYW5hLmRlZmF1bHQuc3ZjIiwiZW5hYmxlZCI6dHJ1ZSwicHJveHkiOnRydWUsInNjaGVtZSI6Imh0dHAifSwibm90aWZpY2F0aW9ucyI6e30sInBvZEFubm90YXRpb25zIjp7fSwicHJvbWV0aGV1cyI6eyJlbmFibGVkIjp0cnVlLCJmcWRuIjoiaHR0cDovL2Nvc3QtYW5hbHl6ZXItcHJvbWV0aGV1cy1zZXJ2ZXIuZGVmYXVsdC5zdmMifX0sImdyYWZhbmEiOnsiYWRtaW5QYXNzd29yZCI6InN0cm9uZ3Bhc3N3b3JkIiwiYWRtaW5Vc2VyIjoiYWRtaW4iLCJhZmZpbml0eSI6e30sImRhc2hib2FyZFByb3ZpZGVycyI6e30sImRhc2hib2FyZHMiOnt9LCJkYXNoYm9hcmRzQ29uZmlnTWFwcyI6e30sImRhdGFzb3VyY2VzIjp7fSwiZGVwbG95bWVudFN0cmF0ZWd5IjoiUm9sbGluZ1VwZGF0ZSIsImRvd25sb2FkRGFzaGJvYXJkc0ltYWdlIjp7InB1bGxQb2xpY3kiOiJJZk5vdFByZXNlbnQiLCJyZXBvc2l0b3J5IjoiY3VybGltYWdlcy9jdXJsIiwidGFnIjoibGF0ZXN0In0sImVudiI6e30sImVudkZyb21TZWNyZXQiOiIiLCJleHRyYVNlY3JldE1vdW50cyI6W10sImdsb2JhbCI6eyJhZGRpdGlvbmFsTGFiZWxzIjp7fSwiY29udGFpbmVyU2VjdXJpdHljb250ZXh0Ijp7fSwiZ3JhZmFuYSI6eyJkb21haW5OYW1lIjoiY29zdC1hbmFseXplci1ncmFmYW5hLmRlZmF1bHQuc3ZjIiwiZW5hYmxlZCI6dHJ1ZSwicHJveHkiOnRydWUsInNjaGVtZSI6Imh0dHAifSwibm90aWZpY2F0aW9ucyI6e30sInBvZEFubm90YXRpb25zIjp7fSwicHJvbWV0aGV1cyI6eyJlbmFibGVkIjp0cnVlLCJmcWRuIjoiaHR0cDovL2Nvc3QtYW5hbHl6ZXItcHJvbWV0aGV1cy1zZXJ2ZXIuZGVmYXVsdC5zdmMifX0sImdyYWZhbmEuaW5pIjp7ImFuYWx5dGljcyI6eyJjaGVja19mb3JfdXBkYXRlcyI6dHJ1ZX0sImF1dGguYW5vbnltb3VzIjp7ImVuYWJsZWQiOnRydWUsIm9yZ19uYW1lIjoiTWFpbiBPcmcuIiwib3JnX3JvbGUiOiJFZGl0b3IifSwiZ3JhZmFuYV9uZXQiOnsidXJsIjoiaHR0cHM6Ly9ncmFmYW5hLm5ldCJ9LCJsb2ciOnsibW9kZSI6ImNvbnNvbGUifSwicGF0aHMiOnsiZGF0YSI6Ii92YXIvbGliL2dyYWZhbmEvZGF0YSIsImxvZ3MiOiIvdmFyL2xvZy9ncmFmYW5hIiwicGx1Z2lucyI6Ii92YXIvbGliL2dyYWZhbmEvcGx1Z2lucyIsInByb3Zpc2lvbmluZyI6Ii9ldGMvZ3JhZmFuYS9wcm92aXNpb25pbmcifSwic2VydmVyIjp7InJvb3RfdXJsIjoiJShwcm90b2NvbClzOi8vJShkb21haW4pczolKGh0dHBfcG9ydClzL2dyYWZhbmEiLCJzZXJ2ZV9mcm9tX3N1Yl9wYXRoIjp0cnVlfX0sImltYWdlIjp7InB1bGxQb2xpY3kiOiJJZk5vdFByZXNlbnQiLCJyZXBvc2l0b3J5IjoiZ3JhZmFuYS9ncmFmYW5hIiwidGFnIjoiOS40LjcifSwibGRhcCI6eyJjb25maWciOiIiLCJleGlzdGluZ1NlY3JldCI6IiJ9LCJsaXZlbmVzc1Byb2JlIjp7ImZhaWx1cmVUaHJlc2hvbGQiOjEwLCJodHRwR2V0Ijp7InBhdGgiOiIvYXBpL2hlYWx0aCIsInBvcnQiOjMwMDB9LCJpbml0aWFsRGVsYXlTZWNvbmRzIjo2MCwidGltZW91dFNlY29uZHMiOjMwfSwibm9kZVNlbGVjdG9yIjp7fSwicGx1Z2lucyI6W10sInByaW9yaXR5Q2xhc3NOYW1lIjoiIiwicmJhYyI6eyJjcmVhdGUiOnRydWUsInBzcEVuYWJsZWQiOmZhbHNlLCJwc3BVc2VBcHBBcm1vciI6dHJ1ZX0sInJlYWRpbmVzc1Byb2JlIjp7Imh0dHBHZXQiOnsicGF0aCI6Ii9hcGkvaGVhbHRoIiwicG9ydCI6MzAwMH19LCJyZXBsaWNhcyI6MSwicmVzb3VyY2VzIjp7fSwic2VjdXJpdHlDb250ZXh0Ijp7ImZzR3JvdXAiOjQ3MiwicnVuQXNVc2VyIjo0NzJ9LCJzZXJ2aWNlIjp7ImFubm90YXRpb25zIjp7fSwibGFiZWxzIjp7fSwicG9ydCI6ODAsInR5cGUiOiJDbHVzdGVySVAifSwic2VydmljZUFjY291bnQiOnsiY3JlYXRlIjp0cnVlfSwic2lkZWNhciI6eyJkYXNoYm9hcmRzIjp7ImFubm90YXRpb25zIjp7fSwiZW5hYmxlZCI6dHJ1ZSwiZXJyb3JfdGhyb3R0bGVfc2xlZXAiOjAsImZvbGRlciI6Ii90bXAvZGFzaGJvYXJkcyIsImxhYmVsIjoiZ3JhZmFuYV9kYXNoYm9hcmQifSwiaW1hZ2UiOnsicHVsbFBvbGljeSI6IklmTm90UHJlc2VudCIsInJlcG9zaXRvcnkiOiJraXdpZ3JpZC9rOHMtc2lkZWNhciIsInRhZyI6IjEuMjUuMCJ9LCJyZXNvdXJjZXMiOm51bGx9LCJzbXRwIjp7ImV4aXN0aW5nU2VjcmV0IjoiIn0sInRvbGVyYXRpb25zIjpbXX0sImluaXRDaG93bkRhdGEiOnsicmVzb3VyY2VzIjp7fX0sImluaXRDaG93bkRhdGFJbWFnZSI6ImJ1c3lib3giLCJrdWJlY29zdERlcGxveW1lbnQiOnsiYW5ub3RhdGlvbnMiOnt9LCJsYWJlbHMiOnt9LCJxdWVyeVNlcnZpY2UiOnsiY29uZmlnVm9sdW1lU2l6ZSI6IjFHaSIsImRhdGFiYXNlVm9sdW1lU2l6ZSI6IjEwMEdpIiwicmVzb3VyY2VzIjp7InJlcXVlc3RzIjp7ImNwdSI6IjEwMDBtIiwibWVtb3J5IjoiNTAwTWkifX0sInN0b3JhZ2VDbGFzcyI6IiJ9LCJxdWVyeVNlcnZpY2VSZXBsaWNhcyI6MCwicmVwbGljYXMiOjF9LCJrdWJlY29zdEZyb250ZW5kIjp7ImltYWdlIjoiZ2NyLmlvL2t1YmVjb3N0MS9mcm9udGVuZCIsImltYWdlUHVsbFBvbGljeSI6IkFsd2F5cyIsImlwdjYiOnsiZW5hYmxlZCI6dHJ1ZX0sImxpdmVuZXNzUHJvYmUiOnsiZW5hYmxlZCI6dHJ1ZSwiZmFpbHVyZVRocmVzaG9sZCI6MjAwLCJpbml0aWFsRGVsYXlTZWNvbmRzIjozMCwicGVyaW9kU2Vjb25kcyI6MTB9LCJyZXNvdXJjZXMiOnsicmVxdWVzdHMiOnsiY3B1IjoiMTBtIiwibWVtb3J5IjoiNTVNaSJ9fX0sImt1YmVjb3N0TWV0cmljcyI6e30sImt1YmVjb3N0TW9kZWwiOnsiYWxsb2NhdGlvbiI6bnVsbCwiY2xvdWRDb3N0Ijp7ImVuYWJsZWQiOnRydWUsImxhYmVsTGlzdCI6eyJJc0luY2x1ZGVMaXN0IjpmYWxzZSwibGFiZWxzIjoiIn0sInRvcE5JdGVtcyI6MTAwMH0sImV0bCI6dHJ1ZSwiZXRsRGFpbHlTdG9yZUR1cmF0aW9uRGF5cyI6OTEsImV0bEZpbGVTdG9yZUVuYWJsZWQiOnRydWUsImV0bEhvdXJseVN0b3JlRHVyYXRpb25Ib3VycyI6NDksImV0bFJlYWRPbmx5TW9kZSI6ZmFsc2UsImV0bFdlZWtseVN0b3JlRHVyYXRpb25XZWVrcyI6NTMsImV4dHJhQXJncyI6W10sImltYWdlIjoiZ2NyLmlvL2t1YmVjb3N0MS9jb3N0LW1vZGVsIiwiaW1hZ2VQdWxsUG9saWN5IjoiQWx3YXlzIiwibWF4UXVlcnlDb25jdXJyZW5jeSI6NSwib3V0T2ZDbHVzdGVyUHJvbU1ldHJpY3NFbmFibGVkIjpmYWxzZSwicmVzb3VyY2VzIjp7InJlcXVlc3RzIjp7ImNwdSI6IjIwMG0iLCJtZW1vcnkiOiI1NU1pIn19LCJ3YXJtQ2FjaGUiOmZhbHNlLCJ3YXJtU2F2aW5nc0NhY2hlIjp0cnVlfSwia3ViZWNvc3RUb2tlbiI6bnVsbCwibm9kZVNlbGVjdG9yIjp7fSwicGVyc2lzdGVudFZvbHVtZSI6eyJhbm5vdGF0aW9ucyI6e30sImRiU2l6ZSI6IjMyLjBHaSIsImVuYWJsZWQiOnRydWUsImxhYmVscyI6e30sInNpemUiOiIzMkdpIn0sInByb21ldGhldXMiOnsiYWxlcnRSZWxhYmVsQ29uZmlncyI6bnVsbCwiYWxlcnRtYW5hZ2VyRmlsZXMiOnsiYWxlcnRtYW5hZ2VyLnltbCI6eyJnbG9iYWwiOnt9LCJyZWNlaXZlcnMiOlt7Im5hbWUiOiJkZWZhdWx0LXJlY2VpdmVyIn1dLCJyb3V0ZSI6eyJncm91cF9pbnRlcnZhbCI6IjVtIiwiZ3JvdXBfd2FpdCI6IjEwcyIsInJlY2VpdmVyIjoiZGVmYXVsdC1yZWNlaXZlciIsInJlcGVhdF9pbnRlcnZhbCI6IjNoIn19fSwiY29uZmlnbWFwUmVsb2FkIjp7ImFsZXJ0bWFuYWdlciI6eyJlbmFibGVkIjp0cnVlLCJleHRyYUFyZ3MiOnt9LCJleHRyYUNvbmZpZ21hcE1vdW50cyI6W10sImV4dHJhVm9sdW1lRGlycyI6W10sImltYWdlIjp7InB1bGxQb2xpY3kiOiJJZk5vdFByZXNlbnQiLCJyZXBvc2l0b3J5IjoiamltbWlkeXNvbi9jb25maWdtYXAtcmVsb2FkIiwidGFnIjoidjAuNy4xIn0sIm5hbWUiOiJjb25maWdtYXAtcmVsb2FkIiwicmVzb3VyY2VzIjp7fX0sInByb21ldGhldXMiOnsiY29udGFpbmVyU2VjdXJpdHlDb250ZXh0Ijp7fSwiZW5hYmxlZCI6dHJ1ZSwiZXh0cmFBcmdzIjp7fSwiZXh0cmFDb25maWdtYXBNb3VudHMiOltdLCJleHRyYVZvbHVtZURpcnMiOltdLCJpbWFnZSI6eyJwdWxsUG9saWN5IjoiSWZOb3RQcmVzZW50IiwicmVwb3NpdG9yeSI6ImppbW1pZHlzb24vY29uZmlnbWFwLXJlbG9hZCIsInRhZyI6InYwLjcuMSJ9LCJuYW1lIjoiY29uZmlnbWFwLXJlbG9hZCIsInJlc291cmNlcyI6e319fSwiZXh0cmFTY3JhcGVDb25maWdzIjoiLSBqb2JfbmFtZToga3ViZWNvc3RcbiAgaG9ub3JfbGFiZWxzOiB0cnVlXG4gIHNjcmFwZV9pbnRlcnZhbDogMW1cbiAgc2NyYXBlX3RpbWVvdXQ6IDYwc1xuICBtZXRyaWNzX3BhdGg6IC9tZXRyaWNzXG4gIHNjaGVtZTogaHR0cFxuICBkbnNfc2RfY29uZmlnczpcbiAgLSBuYW1lczpcbiAgICAtIHt7IHRlbXBsYXRlIFwiY29zdC1hbmFseXplci5zZXJ2aWNlTmFtZVwiIC4gfX1cbiAgICB0eXBlOiAnQSdcbiAgICBwb3J0OiA5MDAzXG4tIGpvYl9uYW1lOiBrdWJlY29zdC1uZXR3b3JraW5nXG4gIGt1YmVybmV0ZXNfc2RfY29uZmlnczpcbiAgICAtIHJvbGU6IHBvZFxuICByZWxhYmVsX2NvbmZpZ3M6XG4gICMgU2NyYXBlIG9ubHkgdGhlIHRoZSB0YXJnZXRzIG1hdGNoaW5nIHRoZSBmb2xsb3dpbmcgbWV0YWRhdGFcbiAgICAtIHNvdXJjZV9sYWJlbHM6IFtfX21ldGFfa3ViZXJuZXRlc19wb2RfbGFiZWxfYXBwXVxuICAgICAgYWN0aW9uOiBrZWVwXG4gICAgICByZWdleDogIHt7IHRlbXBsYXRlIFwiY29zdC1hbmFseXplci5uZXR3b3JrQ29zdHNOYW1lXCIgLiB9fVxuIiwiZ2xvYmFsIjp7ImFkZGl0aW9uYWxMYWJlbHMiOnt9LCJjb250YWluZXJTZWN1cml0eWNvbnRleHQiOnt9LCJncmFmYW5hIjp7ImRvbWFpbk5hbWUiOiJjb3N0LWFuYWx5emVyLWdyYWZhbmEuZGVmYXVsdC5zdmMiLCJlbmFibGVkIjp0cnVlLCJwcm94eSI6dHJ1ZSwic2NoZW1lIjoiaHR0cCJ9LCJub3RpZmljYXRpb25zIjp7fSwicG9kQW5ub3RhdGlvbnMiOnt9LCJwcm9tZXRoZXVzIjp7ImVuYWJsZWQiOnRydWUsImZxZG4iOiJodHRwOi8vY29zdC1hbmFseXplci1wcm9tZXRoZXVzLXNlcnZlci5kZWZhdWx0LnN2YyJ9fSwiaW1hZ2VQdWxsU2VjcmV0cyI6bnVsbCwia3ViZS1zdGF0ZS1tZXRyaWNzIjp7ImFmZmluaXR5Ijp7fSwiY29sbGVjdG9ycyI6eyJjZXJ0aWZpY2F0ZXNpZ25pbmdyZXF1ZXN0cyI6ZmFsc2UsImNvbmZpZ21hcHMiOnRydWUsImNyb25qb2JzIjp0cnVlLCJkYWVtb25zZXRzIjp0cnVlLCJkZXBsb3ltZW50cyI6dHJ1ZSwiZW5kcG9pbnRzIjp0cnVlLCJob3Jpem9udGFscG9kYXV0b3NjYWxlcnMiOnRydWUsImluZ3Jlc3NlcyI6ZmFsc2UsImpvYnMiOnRydWUsImxpbWl0cmFuZ2VzIjp0cnVlLCJtdXRhdGluZ3dlYmhvb2tjb25maWd1cmF0aW9ucyI6ZmFsc2UsIm5hbWVzcGFjZXMiOnRydWUsIm5ldHdvcmtwb2xpY2llcyI6ZmFsc2UsIm5vZGVzIjp0cnVlLCJwZXJzaXN0ZW50dm9sdW1lY2xhaW1zIjp0cnVlLCJwZXJzaXN0ZW50dm9sdW1lcyI6dHJ1ZSwicG9kZGlzcnVwdGlvbmJ1ZGdldHMiOnRydWUsInBvZHMiOnRydWUsInJlcGxpY2FzZXRzIjp0cnVlLCJyZXBsaWNhdGlvbmNvbnRyb2xsZXJzIjp0cnVlLCJyZXNvdXJjZXF1b3RhcyI6dHJ1ZSwic2VjcmV0cyI6ZmFsc2UsInNlcnZpY2VzIjp0cnVlLCJzdGF0ZWZ1bHNldHMiOnRydWUsInN0b3JhZ2VjbGFzc2VzIjp0cnVlLCJ2YWxpZGF0aW5nd2ViaG9va2NvbmZpZ3VyYXRpb25zIjpmYWxzZSwidmVydGljYWxwb2RhdXRvc2NhbGVycyI6ZmFsc2UsInZvbHVtZWF0dGFjaG1lbnRzIjpmYWxzZX0sImN1c3RvbUxhYmVscyI6e30sImRpc2FibGVkIjpmYWxzZSwiZW5hYmxlZCI6dHJ1ZSwiZ2xvYmFsIjp7ImFkZGl0aW9uYWxMYWJlbHMiOnt9LCJjb250YWluZXJTZWN1cml0eWNvbnRleHQiOnt9LCJncmFmYW5hIjp7ImRvbWFpbk5hbWUiOiJjb3N0LWFuYWx5emVyLWdyYWZhbmEuZGVmYXVsdC5zdmMiLCJlbmFibGVkIjp0cnVlLCJwcm94eSI6dHJ1ZSwic2NoZW1lIjoiaHR0cCJ9LCJub3RpZmljYXRpb25zIjp7fSwicG9kQW5ub3RhdGlvbnMiOnt9LCJwcm9tZXRoZXVzIjp7ImVuYWJsZWQiOnRydWUsImZxZG4iOiJodHRwOi8vY29zdC1hbmFseXplci1wcm9tZXRoZXVzLXNlcnZlci5kZWZhdWx0LnN2YyJ9fSwiaG9zdE5ldHdvcmsiOmZhbHNlLCJpbWFnZSI6eyJwdWxsUG9saWN5IjoiSWZOb3RQcmVzZW50IiwicmVwb3NpdG9yeSI6InJlZ2lzdHJ5Lms4cy5pby9rdWJlLXN0YXRlLW1ldHJpY3Mva3ViZS1zdGF0ZS1tZXRyaWNzIiwidGFnIjoidjEuOS44In0sIm5hbWVzcGFjZU92ZXJyaWRlIjoiIiwibm9kZVNlbGVjdG9yIjp7fSwicG9kQW5ub3RhdGlvbnMiOnt9LCJwcm9tZXRoZXVzIjp7fSwicHJvbWV0aGV1c1NjcmFwZSI6dHJ1ZSwicmJhYyI6eyJjcmVhdGUiOnRydWV9LCJyZXBsaWNhcyI6MSwic2VjdXJpdHlDb250ZXh0Ijp7ImVuYWJsZWQiOnRydWUsImZzR3JvdXAiOjY1NTM0LCJydW5Bc1VzZXIiOjY1NTM0fSwic2VydmljZSI6eyJhbm5vdGF0aW9ucyI6e30sImxvYWRCYWxhbmNlcklQIjoiIiwibm9kZVBvcnQiOjAsInBvcnQiOjgwODAsInR5cGUiOiJDbHVzdGVySVAifSwic2VydmljZUFjY291bnQiOnsiY3JlYXRlIjp0cnVlLCJpbWFnZVB1bGxTZWNyZXRzIjpbXX0sInRvbGVyYXRpb25zIjpbXX0sImt1YmVTdGF0ZU1ldHJpY3MiOnsiZW5hYmxlZCI6dHJ1ZX0sIm5vZGVFeHBvcnRlciI6eyJkbnNQb2xpY3kiOiJDbHVzdGVyRmlyc3RXaXRoSG9zdE5ldCIsImVuYWJsZWQiOnRydWUsImV4dHJhQXJncyI6e30sImV4dHJhQ29uZmlnbWFwTW91bnRzIjpbXSwiZXh0cmFIb3N0UGF0aE1vdW50cyI6W10sImhvc3ROZXR3b3JrIjp0cnVlLCJob3N0UElEIjp0cnVlLCJpbWFnZSI6eyJwdWxsUG9saWN5IjoiSWZOb3RQcmVzZW50IiwicmVwb3NpdG9yeSI6InByb20vbm9kZS1leHBvcnRlciIsInRhZyI6InYxLjUuMCJ9LCJuYW1lIjoibm9kZS1leHBvcnRlciIsIm5vZGVTZWxlY3RvciI6e30sInBvZCI6eyJsYWJlbHMiOnt9fSwicG9kQW5ub3RhdGlvbnMiOnt9LCJwb2RTZWN1cml0eVBvbGljeSI6eyJhbm5vdGF0aW9ucyI6e319LCJwcmlvcml0eUNsYXNzTmFtZSI6IiIsInJlc291cmNlcyI6e30sInNlY3VyaXR5Q29udGV4dCI6e30sInNlcnZpY2UiOnsiYW5ub3RhdGlvbnMiOnsicHJvbWV0aGV1cy5pby9zY3JhcGUiOiJ0cnVlIn0sImNsdXN0ZXJJUCI6Ik5vbmUiLCJleHRlcm5hbElQcyI6W10sImhvc3RQb3J0Ijo5MTAwLCJsYWJlbHMiOnt9LCJsb2FkQmFsYW5jZXJJUCI6IiIsImxvYWRCYWxhbmNlclNvdXJjZVJhbmdlcyI6W10sInNlcnZpY2VQb3J0Ijo5MTAwLCJ0eXBlIjoiQ2x1c3RlcklQIn0sInRvbGVyYXRpb25zIjpbXSwidXBkYXRlU3RyYXRlZ3kiOnsidHlwZSI6IlJvbGxpbmdVcGRhdGUifX0sInJiYWMiOnsiY3JlYXRlIjp0cnVlfSwic2VydmVyIjp7ImFmZmluaXR5Ijp7fSwiYWxlcnRtYW5hZ2VycyI6W10sImJhc2VVUkwiOiIiLCJjb25maWdNYXBPdmVycmlkZU5hbWUiOiIiLCJjb25maWdQYXRoIjoiL2V0Yy9jb25maWcvcHJvbWV0aGV1cy55bWwiLCJjb250YWluZXJTZWN1cml0eUNvbnRleHQiOnt9LCJlbXB0eURpciI6eyJzaXplTGltaXQiOiIifSwiZW5hYmxlZCI6dHJ1ZSwiZW52IjpbXSwiZXh0cmFBcmdzIjp7InF1ZXJ5Lm1heC1jb25jdXJyZW5jeSI6MSwicXVlcnkubWF4LXNhbXBsZXMiOjEwMDAwMDAwMH0sImV4dHJhQ29uZmlnbWFwTW91bnRzIjpbXSwiZXh0cmFGbGFncyI6WyJ3ZWIuZW5hYmxlLWxpZmVjeWNsZSJdLCJleHRyYUhvc3RQYXRoTW91bnRzIjpbXSwiZXh0cmFJbml0Q29udGFpbmVycyI6W10sImV4dHJhU2VjcmV0TW91bnRzIjpbXSwiZXh0cmFWb2x1bWVNb3VudHMiOltdLCJleHRyYVZvbHVtZXMiOltdLCJnbG9iYWwiOnsiZXZhbHVhdGlvbl9pbnRlcnZhbCI6IjFtIiwiZXh0ZXJuYWxfbGFiZWxzIjp7ImNsdXN0ZXJfaWQiOiJjbHVzdGVyLW9uZSJ9LCJzY3JhcGVfaW50ZXJ2YWwiOiIxbSIsInNjcmFwZV90aW1lb3V0IjoiNjBzIn0sImltYWdlIjp7InB1bGxQb2xpY3kiOiJJZk5vdFByZXNlbnQiLCJyZXBvc2l0b3J5IjoicXVheS5pby9wcm9tZXRoZXVzL3Byb21ldGhldXMiLCJ0YWciOiJ2Mi4zNS4wIn0sImxpdmVuZXNzUHJvYmVGYWlsdXJlVGhyZXNob2xkIjozLCJsaXZlbmVzc1Byb2JlSW5pdGlhbERlbGF5IjozMCwibGl2ZW5lc3NQcm9iZVN1Y2Nlc3NUaHJlc2hvbGQiOjEsImxpdmVuZXNzUHJvYmVUaW1lb3V0IjozMCwibmFtZSI6InNlcnZlciIsIm5vZGVTZWxlY3RvciI6e30sInBlcnNpc3RlbnRWb2x1bWUiOnsiYWNjZXNzTW9kZXMiOlsiUmVhZFdyaXRlT25jZSJdLCJhbm5vdGF0aW9ucyI6e30sImVuYWJsZWQiOnRydWUsImV4aXN0aW5nQ2xhaW0iOiIiLCJtb3VudFBhdGgiOiIvZGF0YSIsInNpemUiOiIzMkdpIiwic3ViUGF0aCI6IiJ9LCJwb2RBbm5vdGF0aW9ucyI6e30sInBvZExhYmVscyI6e30sInBvZFNlY3VyaXR5UG9saWN5Ijp7ImFubm90YXRpb25zIjp7fX0sInByZWZpeFVSTCI6IiIsInByaW9yaXR5Q2xhc3NOYW1lIjoiIiwicmVhZGluZXNzUHJvYmVGYWlsdXJlVGhyZXNob2xkIjozLCJyZWFkaW5lc3NQcm9iZUluaXRpYWxEZWxheSI6MzAsInJlYWRpbmVzc1Byb2JlU3VjY2Vzc1RocmVzaG9sZCI6MSwicmVhZGluZXNzUHJvYmVUaW1lb3V0IjozMCwicmVtb3RlUmVhZCI6e30sInJlbW90ZVdyaXRlIjp7fSwicmVwbGljYUNvdW50IjoxLCJyZXNvdXJjZXMiOnt9LCJyZXRlbnRpb24iOiIxNWQiLCJzZWN1cml0eUNvbnRleHQiOnsiZnNHcm91cCI6MTAwMSwicnVuQXNHcm91cCI6MTAwMSwicnVuQXNOb25Sb290Ijp0cnVlLCJydW5Bc1VzZXIiOjEwMDF9LCJzZXJ2aWNlIjp7ImFubm90YXRpb25zIjp7fSwiY2x1c3RlcklQIjoiIiwiZXh0ZXJuYWxJUHMiOltdLCJsYWJlbHMiOnt9LCJsb2FkQmFsYW5jZXJJUCI6IiIsImxvYWRCYWxhbmNlclNvdXJjZVJhbmdlcyI6W10sInNlcnZpY2VQb3J0Ijo4MCwic2Vzc2lvbkFmZmluaXR5IjoiTm9uZSIsInR5cGUiOiJDbHVzdGVySVAifSwic2lkZWNhckNvbnRhaW5lcnMiOm51bGwsInN0cmF0ZWd5Ijp7InR5cGUiOiJSZWNyZWF0ZSJ9LCJ0ZXJtaW5hdGlvbkdyYWNlUGVyaW9kU2Vjb25kcyI6MzAwLCJ0b2xlcmF0aW9ucyI6W119LCJzZXJ2ZXJGaWxlcyI6eyJhbGVydGluZ19ydWxlcy55bWwiOnt9LCJhbGVydHMiOnt9LCJwcm9tZXRoZXVzLnltbCI6eyJydWxlX2ZpbGVzIjpbIi9ldGMvY29uZmlnL3JlY29yZGluZ19ydWxlcy55bWwiLCIvZXRjL2NvbmZpZy9hbGVydGluZ19ydWxlcy55bWwiLCIvZXRjL2NvbmZpZy9ydWxlcyIsIi9ldGMvY29uZmlnL2FsZXJ0cyJdLCJzY3JhcGVfY29uZmlncyI6W3siam9iX25hbWUiOiJwcm9tZXRoZXVzIiwic3RhdGljX2NvbmZpZ3MiOlt7InRhcmdldHMiOlsibG9jYWxob3N0OjkwOTAiXX1dfSx7ImJlYXJlcl90b2tlbl9maWxlIjoiL3Zhci9ydW4vc2VjcmV0cy9rdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3Rva2VuIiwiam9iX25hbWUiOiJrdWJlcm5ldGVzLW5vZGVzLWNhZHZpc29yIiwia3ViZXJuZXRlc19zZF9jb25maWdzIjpbeyJyb2xlIjoibm9kZSJ9XSwibWV0cmljX3JlbGFiZWxfY29uZmlncyI6W3siYWN0aW9uIjoia2VlcCIsInJlZ2V4IjoiKGNvbnRhaW5lcl9jcHVfdXNhZ2Vfc2Vjb25kc190b3RhbHxjb250YWluZXJfbWVtb3J5X3dvcmtpbmdfc2V0X2J5dGVzfGNvbnRhaW5lcl9uZXR3b3JrX3JlY2VpdmVfZXJyb3JzX3RvdGFsfGNvbnRhaW5lcl9uZXR3b3JrX3RyYW5zbWl0X2Vycm9yc190b3RhbHxjb250YWluZXJfbmV0d29ya19yZWNlaXZlX3BhY2tldHNfZHJvcHBlZF90b3RhbHxjb250YWluZXJfbmV0d29ya190cmFuc21pdF9wYWNrZXRzX2Ryb3BwZWRfdG90YWx8Y29udGFpbmVyX21lbW9yeV91c2FnZV9ieXRlc3xjb250YWluZXJfY3B1X2Nmc190aHJvdHRsZWRfcGVyaW9kc190b3RhbHxjb250YWluZXJfY3B1X2Nmc19wZXJpb2RzX3RvdGFsfGNvbnRhaW5lcl9mc191c2FnZV9ieXRlc3xjb250YWluZXJfZnNfbGltaXRfYnl0ZXN8Y29udGFpbmVyX2NwdV9jZnNfcGVyaW9kc190b3RhbHxjb250YWluZXJfZnNfaW5vZGVzX2ZyZWV8Y29udGFpbmVyX2ZzX2lub2Rlc190b3RhbHxjb250YWluZXJfZnNfdXNhZ2VfYnl0ZXN8Y29udGFpbmVyX2ZzX2xpbWl0X2J5dGVzfGNvbnRhaW5lcl9jcHVfY2ZzX3Rocm90dGxlZF9wZXJpb2RzX3RvdGFsfGNvbnRhaW5lcl9jcHVfY2ZzX3BlcmlvZHNfdG90YWx8Y29udGFpbmVyX25ldHdvcmtfcmVjZWl2ZV9ieXRlc190b3RhbHxjb250YWluZXJfbmV0d29ya190cmFuc21pdF9ieXRlc190b3RhbHxjb250YWluZXJfZnNfaW5vZGVzX2ZyZWV8Y29udGFpbmVyX2ZzX2lub2Rlc190b3RhbHxjb250YWluZXJfZnNfdXNhZ2VfYnl0ZXN8Y29udGFpbmVyX2ZzX2xpbWl0X2J5dGVzfGNvbnRhaW5lcl9zcGVjX2NwdV9zaGFyZXN8Y29udGFpbmVyX3NwZWNfbWVtb3J5X2xpbWl0X2J5dGVzfGNvbnRhaW5lcl9uZXR3b3JrX3JlY2VpdmVfYnl0ZXNfdG90YWx8Y29udGFpbmVyX25ldHdvcmtfdHJhbnNtaXRfYnl0ZXNfdG90YWx8Y29udGFpbmVyX2ZzX3JlYWRzX2J5dGVzX3RvdGFsfGNvbnRhaW5lcl9uZXR3b3JrX3JlY2VpdmVfYnl0ZXNfdG90YWx8Y29udGFpbmVyX2ZzX3dyaXRlc19ieXRlc190b3RhbHxjb250YWluZXJfZnNfcmVhZHNfYnl0ZXNfdG90YWx8Y2Fkdmlzb3JfdmVyc2lvbl9pbmZvfGt1YmVjb3N0X3B2X2luZm8pIiwic291cmNlX2xhYmVscyI6WyJfX25hbWVfXyJdfSx7ImFjdGlvbiI6InJlcGxhY2UiLCJyZWdleCI6IiguKykiLCJzb3VyY2VfbGFiZWxzIjpbImNvbnRhaW5lciJdLCJ0YXJnZXRfbGFiZWwiOiJjb250YWluZXJfbmFtZSJ9LHsiYWN0aW9uIjoicmVwbGFjZSIsInJlZ2V4IjoiKC4rKSIsInNvdXJjZV9sYWJlbHMiOlsicG9kIl0sInRhcmdldF9sYWJlbCI6InBvZF9uYW1lIn1dLCJyZWxhYmVsX2NvbmZpZ3MiOlt7ImFjdGlvbiI6ImxhYmVsbWFwIiwicmVnZXgiOiJfX21ldGFfa3ViZXJuZXRlc19ub2RlX2xhYmVsXyguKykifSx7InJlcGxhY2VtZW50Ijoia3ViZXJuZXRlcy5kZWZhdWx0LnN2Yzo0NDMiLCJ0YXJnZXRfbGFiZWwiOiJfX2FkZHJlc3NfXyJ9LHsicmVnZXgiOiIoLispIiwicmVwbGFjZW1lbnQiOiIvYXBpL3YxL25vZGVzLyQxL3Byb3h5L21ldHJpY3MvY2Fkdmlzb3IiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX25vZGVfbmFtZSJdLCJ0YXJnZXRfbGFiZWwiOiJfX21ldHJpY3NfcGF0aF9fIn1dLCJzY2hlbWUiOiJodHRwcyIsInRsc19jb25maWciOnsiY2FfZmlsZSI6Ii92YXIvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9jYS5jcnQiLCJpbnNlY3VyZV9za2lwX3ZlcmlmeSI6dHJ1ZX19LHsiYmVhcmVyX3Rva2VuX2ZpbGUiOiIvdmFyL3J1bi9zZWNyZXRzL2t1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvdG9rZW4iLCJqb2JfbmFtZSI6Imt1YmVybmV0ZXMtbm9kZXMiLCJrdWJlcm5ldGVzX3NkX2NvbmZpZ3MiOlt7InJvbGUiOiJub2RlIn1dLCJtZXRyaWNfcmVsYWJlbF9jb25maWdzIjpbeyJhY3Rpb24iOiJrZWVwIiwicmVnZXgiOiIoa3ViZWxldF92b2x1bWVfc3RhdHNfdXNlZF9ieXRlcykiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbmFtZV9fIl19XSwicmVsYWJlbF9jb25maWdzIjpbeyJhY3Rpb24iOiJsYWJlbG1hcCIsInJlZ2V4IjoiX19tZXRhX2t1YmVybmV0ZXNfbm9kZV9sYWJlbF8oLispIn0seyJyZXBsYWNlbWVudCI6Imt1YmVybmV0ZXMuZGVmYXVsdC5zdmM6NDQzIiwidGFyZ2V0X2xhYmVsIjoiX19hZGRyZXNzX18ifSx7InJlZ2V4IjoiKC4rKSIsInJlcGxhY2VtZW50IjoiL2FwaS92MS9ub2Rlcy8kMS9wcm94eS9tZXRyaWNzIiwic291cmNlX2xhYmVscyI6WyJfX21ldGFfa3ViZXJuZXRlc19ub2RlX25hbWUiXSwidGFyZ2V0X2xhYmVsIjoiX19tZXRyaWNzX3BhdGhfXyJ9XSwic2NoZW1lIjoiaHR0cHMiLCJ0bHNfY29uZmlnIjp7ImNhX2ZpbGUiOiIvdmFyL3J1bi9zZWNyZXRzL2t1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvY2EuY3J0IiwiaW5zZWN1cmVfc2tpcF92ZXJpZnkiOnRydWV9fSx7ImpvYl9uYW1lIjoia3ViZXJuZXRlcy1zZXJ2aWNlLWVuZHBvaW50cyIsImt1YmVybmV0ZXNfc2RfY29uZmlncyI6W3sicm9sZSI6ImVuZHBvaW50cyJ9XSwibWV0cmljX3JlbGFiZWxfY29uZmlncyI6W3siYWN0aW9uIjoia2VlcCIsInJlZ2V4IjoiKGNvbnRhaW5lcl9jcHVfYWxsb2NhdGlvbnxjb250YWluZXJfY3B1X3VzYWdlX3NlY29uZHNfdG90YWx8Y29udGFpbmVyX2ZzX2xpbWl0X2J5dGVzfGNvbnRhaW5lcl9mc193cml0ZXNfYnl0ZXNfdG90YWx8Y29udGFpbmVyX2dwdV9hbGxvY2F0aW9ufGNvbnRhaW5lcl9tZW1vcnlfYWxsb2NhdGlvbl9ieXRlc3xjb250YWluZXJfbWVtb3J5X3VzYWdlX2J5dGVzfGNvbnRhaW5lcl9tZW1vcnlfd29ya2luZ19zZXRfYnl0ZXN8Y29udGFpbmVyX25ldHdvcmtfcmVjZWl2ZV9ieXRlc190b3RhbHxjb250YWluZXJfbmV0d29ya190cmFuc21pdF9ieXRlc190b3RhbHxEQ0dNX0ZJX0RFVl9HUFVfVVRJTHxkZXBsb3ltZW50X21hdGNoX2xhYmVsc3xrdWJlX2RhZW1vbnNldF9zdGF0dXNfZGVzaXJlZF9udW1iZXJfc2NoZWR1bGVkfGt1YmVfZGFlbW9uc2V0X3N0YXR1c19udW1iZXJfcmVhZHl8a3ViZV9kZXBsb3ltZW50X3NwZWNfcmVwbGljYXN8a3ViZV9kZXBsb3ltZW50X3N0YXR1c19yZXBsaWNhc3xrdWJlX2RlcGxveW1lbnRfc3RhdHVzX3JlcGxpY2FzX2F2YWlsYWJsZXxrdWJlX2pvYl9zdGF0dXNfZmFpbGVkfGt1YmVfbmFtZXNwYWNlX2Fubm90YXRpb25zfGt1YmVfbmFtZXNwYWNlX2xhYmVsc3xrdWJlX25vZGVfaW5mb3xrdWJlX25vZGVfbGFiZWxzfGt1YmVfbm9kZV9zdGF0dXNfYWxsb2NhdGFibGV8a3ViZV9ub2RlX3N0YXR1c19hbGxvY2F0YWJsZV9jcHVfY29yZXN8a3ViZV9ub2RlX3N0YXR1c19hbGxvY2F0YWJsZV9tZW1vcnlfYnl0ZXN8a3ViZV9ub2RlX3N0YXR1c19jYXBhY2l0eXxrdWJlX25vZGVfc3RhdHVzX2NhcGFjaXR5X2NwdV9jb3Jlc3xrdWJlX25vZGVfc3RhdHVzX2NhcGFjaXR5X21lbW9yeV9ieXRlc3xrdWJlX25vZGVfc3RhdHVzX2NvbmRpdGlvbnxrdWJlX3BlcnNpc3RlbnR2b2x1bWVfY2FwYWNpdHlfYnl0ZXN8a3ViZV9wZXJzaXN0ZW50dm9sdW1lX3N0YXR1c19waGFzZXxrdWJlX3BlcnNpc3RlbnR2b2x1bWVjbGFpbV9pbmZvfGt1YmVfcGVyc2lzdGVudHZvbHVtZWNsYWltX3Jlc291cmNlX3JlcXVlc3RzX3N0b3JhZ2VfYnl0ZXN8a3ViZV9wb2RfY29udGFpbmVyX2luZm98a3ViZV9wb2RfY29udGFpbmVyX3Jlc291cmNlX2xpbWl0c3xrdWJlX3BvZF9jb250YWluZXJfcmVzb3VyY2VfbGltaXRzX2NwdV9jb3Jlc3xrdWJlX3BvZF9jb250YWluZXJfcmVzb3VyY2VfbGltaXRzX21lbW9yeV9ieXRlc3xrdWJlX3BvZF9jb250YWluZXJfcmVzb3VyY2VfcmVxdWVzdHN8a3ViZV9wb2RfY29udGFpbmVyX3Jlc291cmNlX3JlcXVlc3RzX2NwdV9jb3Jlc3xrdWJlX3BvZF9jb250YWluZXJfcmVzb3VyY2VfcmVxdWVzdHNfbWVtb3J5X2J5dGVzfGt1YmVfcG9kX2NvbnRhaW5lcl9zdGF0dXNfcmVzdGFydHNfdG90YWx8a3ViZV9wb2RfY29udGFpbmVyX3N0YXR1c19ydW5uaW5nfGt1YmVfcG9kX2NvbnRhaW5lcl9zdGF0dXNfdGVybWluYXRlZF9yZWFzb258a3ViZV9wb2RfbGFiZWxzfGt1YmVfcG9kX293bmVyfGt1YmVfcG9kX3N0YXR1c19waGFzZXxrdWJlX3JlcGxpY2FzZXRfb3duZXJ8a3ViZV9zdGF0ZWZ1bHNldF9yZXBsaWNhc3xrdWJlX3N0YXRlZnVsc2V0X3N0YXR1c19yZXBsaWNhc3xrdWJlY29zdF9jbHVzdGVyX2luZm98a3ViZWNvc3RfY2x1c3Rlcl9tYW5hZ2VtZW50X2Nvc3R8a3ViZWNvc3RfY2x1c3Rlcl9tZW1vcnlfd29ya2luZ19zZXRfYnl0ZXN8a3ViZWNvc3RfbG9hZF9iYWxhbmNlcl9jb3N0fGt1YmVjb3N0X25ldHdvcmtfaW50ZXJuZXRfZWdyZXNzX2Nvc3R8a3ViZWNvc3RfbmV0d29ya19yZWdpb25fZWdyZXNzX2Nvc3R8a3ViZWNvc3RfbmV0d29ya196b25lX2VncmVzc19jb3N0fGt1YmVjb3N0X25vZGVfaXNfc3BvdHxrdWJlY29zdF9wb2RfbmV0d29ya19lZ3Jlc3NfYnl0ZXNfdG90YWx8bm9kZV9jcHVfaG91cmx5X2Nvc3R8bm9kZV9jcHVfc2Vjb25kc190b3RhbHxub2RlX2Rpc2tfcmVhZHNfY29tcGxldGVkfG5vZGVfZGlza19yZWFkc19jb21wbGV0ZWRfdG90YWx8bm9kZV9kaXNrX3dyaXRlc19jb21wbGV0ZWR8bm9kZV9kaXNrX3dyaXRlc19jb21wbGV0ZWRfdG90YWx8bm9kZV9maWxlc3lzdGVtX2RldmljZV9lcnJvcnxub2RlX2dwdV9jb3VudHxub2RlX2dwdV9ob3VybHlfY29zdHxub2RlX21lbW9yeV9CdWZmZXJzX2J5dGVzfG5vZGVfbWVtb3J5X0NhY2hlZF9ieXRlc3xub2RlX21lbW9yeV9NZW1BdmFpbGFibGVfYnl0ZXN8bm9kZV9tZW1vcnlfTWVtRnJlZV9ieXRlc3xub2RlX21lbW9yeV9NZW1Ub3RhbF9ieXRlc3xub2RlX25ldHdvcmtfdHJhbnNtaXRfYnl0ZXNfdG90YWx8bm9kZV9yYW1faG91cmx5X2Nvc3R8bm9kZV90b3RhbF9ob3VybHlfY29zdHxwb2RfcHZjX2FsbG9jYXRpb258cHZfaG91cmx5X2Nvc3R8c2VydmljZV9zZWxlY3Rvcl9sYWJlbHN8c3RhdGVmdWxTZXRfbWF0Y2hfbGFiZWxzfGt1YmVjb3N0X3B2X2luZm98dXApIiwic291cmNlX2xhYmVscyI6WyJfX25hbWVfXyJdfV0sInJlbGFiZWxfY29uZmlncyI6W3siYWN0aW9uIjoia2VlcCIsInJlZ2V4Ijp0cnVlLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX3NlcnZpY2VfYW5ub3RhdGlvbl9wcm9tZXRoZXVzX2lvX3NjcmFwZSJdfSx7ImFjdGlvbiI6ImtlZXAiLCJyZWdleCI6IiguKmt1YmUtc3RhdGUtbWV0cmljc3wuKm5vZGUtZXhwb3J0ZXJ8a3ViZWNvc3QtbmV0d29yay1jb3N0cykiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX2VuZHBvaW50c19uYW1lIl19LHsiYWN0aW9uIjoicmVwbGFjZSIsInJlZ2V4IjoiKGh0dHBzPykiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX3NlcnZpY2VfYW5ub3RhdGlvbl9wcm9tZXRoZXVzX2lvX3NjaGVtZSJdLCJ0YXJnZXRfbGFiZWwiOiJfX3NjaGVtZV9fIn0seyJhY3Rpb24iOiJyZXBsYWNlIiwicmVnZXgiOiIoLispIiwic291cmNlX2xhYmVscyI6WyJfX21ldGFfa3ViZXJuZXRlc19zZXJ2aWNlX2Fubm90YXRpb25fcHJvbWV0aGV1c19pb19wYXRoIl0sInRhcmdldF9sYWJlbCI6Il9fbWV0cmljc19wYXRoX18ifSx7ImFjdGlvbiI6InJlcGxhY2UiLCJyZWdleCI6IihbXjpdKykoPzo6XFxkKyk/OyhcXGQrKSIsInJlcGxhY2VtZW50IjoiJDE6JDIiLCJzb3VyY2VfbGFiZWxzIjpbIl9fYWRkcmVzc19fIiwiX19tZXRhX2t1YmVybmV0ZXNfc2VydmljZV9hbm5vdGF0aW9uX3Byb21ldGhldXNfaW9fcG9ydCJdLCJ0YXJnZXRfbGFiZWwiOiJfX2FkZHJlc3NfXyJ9LHsiYWN0aW9uIjoibGFiZWxtYXAiLCJyZWdleCI6Il9fbWV0YV9rdWJlcm5ldGVzX3NlcnZpY2VfbGFiZWxfKC4rKSJ9LHsiYWN0aW9uIjoicmVwbGFjZSIsInNvdXJjZV9sYWJlbHMiOlsiX19tZXRhX2t1YmVybmV0ZXNfbmFtZXNwYWNlIl0sInRhcmdldF9sYWJlbCI6Imt1YmVybmV0ZXNfbmFtZXNwYWNlIn0seyJhY3Rpb24iOiJyZXBsYWNlIiwic291cmNlX2xhYmVscyI6WyJfX21ldGFfa3ViZXJuZXRlc19zZXJ2aWNlX25hbWUiXSwidGFyZ2V0X2xhYmVsIjoia3ViZXJuZXRlc19uYW1lIn0seyJhY3Rpb24iOiJyZXBsYWNlIiwic291cmNlX2xhYmVscyI6WyJfX21ldGFfa3ViZXJuZXRlc19wb2Rfbm9kZV9uYW1lIl0sInRhcmdldF9sYWJlbCI6Imt1YmVybmV0ZXNfbm9kZSJ9XX0seyJqb2JfbmFtZSI6Imt1YmVybmV0ZXMtc2VydmljZS1lbmRwb2ludHMtc2xvdyIsImt1YmVybmV0ZXNfc2RfY29uZmlncyI6W3sicm9sZSI6ImVuZHBvaW50cyJ9XSwicmVsYWJlbF9jb25maWdzIjpbeyJhY3Rpb24iOiJrZWVwIiwicmVnZXgiOnRydWUsInNvdXJjZV9sYWJlbHMiOlsiX19tZXRhX2t1YmVybmV0ZXNfc2VydmljZV9hbm5vdGF0aW9uX3Byb21ldGhldXNfaW9fc2NyYXBlX3Nsb3ciXX0seyJhY3Rpb24iOiJyZXBsYWNlIiwicmVnZXgiOiIoaHR0cHM/KSIsInNvdXJjZV9sYWJlbHMiOlsiX19tZXRhX2t1YmVybmV0ZXNfc2VydmljZV9hbm5vdGF0aW9uX3Byb21ldGhldXNfaW9fc2NoZW1lIl0sInRhcmdldF9sYWJlbCI6Il9fc2NoZW1lX18ifSx7ImFjdGlvbiI6InJlcGxhY2UiLCJyZWdleCI6IiguKykiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX3NlcnZpY2VfYW5ub3RhdGlvbl9wcm9tZXRoZXVzX2lvX3BhdGgiXSwidGFyZ2V0X2xhYmVsIjoiX19tZXRyaWNzX3BhdGhfXyJ9LHsiYWN0aW9uIjoicmVwbGFjZSIsInJlZ2V4IjoiKFteOl0rKSg/OjpcXGQrKT87KFxcZCspIiwicmVwbGFjZW1lbnQiOiIkMTokMiIsInNvdXJjZV9sYWJlbHMiOlsiX19hZGRyZXNzX18iLCJfX21ldGFfa3ViZXJuZXRlc19zZXJ2aWNlX2Fubm90YXRpb25fcHJvbWV0aGV1c19pb19wb3J0Il0sInRhcmdldF9sYWJlbCI6Il9fYWRkcmVzc19fIn0seyJhY3Rpb24iOiJsYWJlbG1hcCIsInJlZ2V4IjoiX19tZXRhX2t1YmVybmV0ZXNfc2VydmljZV9sYWJlbF8oLispIn0seyJhY3Rpb24iOiJyZXBsYWNlIiwic291cmNlX2xhYmVscyI6WyJfX21ldGFfa3ViZXJuZXRlc19uYW1lc3BhY2UiXSwidGFyZ2V0X2xhYmVsIjoia3ViZXJuZXRlc19uYW1lc3BhY2UifSx7ImFjdGlvbiI6InJlcGxhY2UiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX3NlcnZpY2VfbmFtZSJdLCJ0YXJnZXRfbGFiZWwiOiJrdWJlcm5ldGVzX25hbWUifSx7ImFjdGlvbiI6InJlcGxhY2UiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX3BvZF9ub2RlX25hbWUiXSwidGFyZ2V0X2xhYmVsIjoia3ViZXJuZXRlc19ub2RlIn1dLCJzY3JhcGVfaW50ZXJ2YWwiOiI1bSIsInNjcmFwZV90aW1lb3V0IjoiMzBzIn0seyJob25vcl9sYWJlbHMiOnRydWUsImpvYl9uYW1lIjoicHJvbWV0aGV1cy1wdXNoZ2F0ZXdheSIsImt1YmVybmV0ZXNfc2RfY29uZmlncyI6W3sicm9sZSI6InNlcnZpY2UifV0sInJlbGFiZWxfY29uZmlncyI6W3siYWN0aW9uIjoia2VlcCIsInJlZ2V4IjoicHVzaGdhdGV3YXkiLCJzb3VyY2VfbGFiZWxzIjpbIl9fbWV0YV9rdWJlcm5ldGVzX3NlcnZpY2VfYW5ub3RhdGlvbl9wcm9tZXRoZXVzX2lvX3Byb2JlIl19XX0seyJqb2JfbmFtZSI6Imt1YmVybmV0ZXMtc2VydmljZXMiLCJrdWJlcm5ldGVzX3NkX2NvbmZpZ3MiOlt7InJvbGUiOiJzZXJ2aWNlIn1dLCJtZXRyaWNzX3BhdGgiOiIvcHJvYmUiLCJwYXJhbXMiOnsibW9kdWxlIjpbImh0dHBfMnh4Il19LCJyZWxhYmVsX2NvbmZpZ3MiOlt7ImFjdGlvbiI6ImtlZXAiLCJyZWdleCI6dHJ1ZSwic291cmNlX2xhYmVscyI6WyJfX21ldGFfa3ViZXJuZXRlc19zZXJ2aWNlX2Fubm90YXRpb25fcHJvbWV0aGV1c19pb19wcm9iZSJdfSx7InNvdXJjZV9sYWJlbHMiOlsiX19hZGRyZXNzX18iXSwidGFyZ2V0X2xhYmVsIjoiX19wYXJhbV90YXJnZXQifSx7InJlcGxhY2VtZW50IjoiYmxhY2tib3giLCJ0YXJnZXRfbGFiZWwiOiJfX2FkZHJlc3NfXyJ9LHsic291cmNlX2xhYmVscyI6WyJfX3BhcmFtX3RhcmdldCJdLCJ0YXJnZXRfbGFiZWwiOiJpbnN0YW5jZSJ9LHsiYWN0aW9uIjoibGFiZWxtYXAiLCJyZWdleCI6Il9fbWV0YV9rdWJlcm5ldGVzX3NlcnZpY2VfbGFiZWxfKC4rKSJ9LHsic291cmNlX2xhYmVscyI6WyJfX21ldGFfa3ViZXJuZXRlc19uYW1lc3BhY2UiXSwidGFyZ2V0X2xhYmVsIjoia3ViZXJuZXRlc19uYW1lc3BhY2UifSx7InNvdXJjZV9sYWJlbHMiOlsiX19tZXRhX2t1YmVybmV0ZXNfc2VydmljZV9uYW1lIl0sInRhcmdldF9sYWJlbCI6Imt1YmVybmV0ZXNfbmFtZSJ9XX1dfSwicmVjb3JkaW5nX3J1bGVzLnltbCI6e30sInJ1bGVzIjp7Imdyb3VwcyI6W3sibmFtZSI6IkNQVSIsInJ1bGVzIjpbeyJleHByIjoic3VtKHJhdGUoY29udGFpbmVyX2NwdV91c2FnZV9zZWNvbmRzX3RvdGFse2NvbnRhaW5lciE9XCJcIn1bNW1dKSkiLCJyZWNvcmQiOiJjbHVzdGVyOmNwdV91c2FnZTpyYXRlNW0ifSx7ImV4cHIiOiJyYXRlKGNvbnRhaW5lcl9jcHVfdXNhZ2Vfc2Vjb25kc190b3RhbHtjb250YWluZXIhPVwiXCJ9WzVtXSkiLCJyZWNvcmQiOiJjbHVzdGVyOmNwdV91c2FnZV9ub3N1bTpyYXRlNW0ifSx7ImV4cHIiOiJhdmcoaXJhdGUoY29udGFpbmVyX2NwdV91c2FnZV9zZWNvbmRzX3RvdGFse2NvbnRhaW5lciE9XCJQT0RcIiwgY29udGFpbmVyIT1cIlwifVs1bV0pKSBieSAoY29udGFpbmVyLHBvZCxuYW1lc3BhY2UpIiwicmVjb3JkIjoia3ViZWNvc3RfY29udGFpbmVyX2NwdV91c2FnZV9pcmF0ZSJ9LHsiZXhwciI6InN1bShjb250YWluZXJfbWVtb3J5X3dvcmtpbmdfc2V0X2J5dGVze2NvbnRhaW5lciE9XCJQT0RcIixjb250YWluZXIhPVwiXCJ9KSBieSAoY29udGFpbmVyLHBvZCxuYW1lc3BhY2UpIiwicmVjb3JkIjoia3ViZWNvc3RfY29udGFpbmVyX21lbW9yeV93b3JraW5nX3NldF9ieXRlcyJ9LHsiZXhwciI6InN1bShjb250YWluZXJfbWVtb3J5X3dvcmtpbmdfc2V0X2J5dGVze2NvbnRhaW5lciE9XCJQT0RcIixjb250YWluZXIhPVwiXCJ9KSIsInJlY29yZCI6Imt1YmVjb3N0X2NsdXN0ZXJfbWVtb3J5X3dvcmtpbmdfc2V0X2J5dGVzIn1dfSx7Im5hbWUiOiJTYXZpbmdzIiwicnVsZXMiOlt7ImV4cHIiOiJzdW0oYXZnKGt1YmVfcG9kX293bmVye293bmVyX2tpbmQhPVwiRGFlbW9uU2V0XCJ9KSBieSAocG9kKSAqIHN1bShjb250YWluZXJfY3B1X2FsbG9jYXRpb24pIGJ5IChwb2QpKSIsImxhYmVscyI6eyJkYWVtb25zZXQiOiJmYWxzZSJ9LCJyZWNvcmQiOiJrdWJlY29zdF9zYXZpbmdzX2NwdV9hbGxvY2F0aW9uIn0seyJleHByIjoic3VtKGF2ZyhrdWJlX3BvZF9vd25lcntvd25lcl9raW5kPVwiRGFlbW9uU2V0XCJ9KSBieSAocG9kKSAqIHN1bShjb250YWluZXJfY3B1X2FsbG9jYXRpb24pIGJ5IChwb2QpKSAvIHN1bShrdWJlX25vZGVfaW5mbykiLCJsYWJlbHMiOnsiZGFlbW9uc2V0IjoidHJ1ZSJ9LCJyZWNvcmQiOiJrdWJlY29zdF9zYXZpbmdzX2NwdV9hbGxvY2F0aW9uIn0seyJleHByIjoic3VtKGF2ZyhrdWJlX3BvZF9vd25lcntvd25lcl9raW5kIT1cIkRhZW1vblNldFwifSkgYnkgKHBvZCkgKiBzdW0oY29udGFpbmVyX21lbW9yeV9hbGxvY2F0aW9uX2J5dGVzKSBieSAocG9kKSkiLCJsYWJlbHMiOnsiZGFlbW9uc2V0IjoiZmFsc2UifSwicmVjb3JkIjoia3ViZWNvc3Rfc2F2aW5nc19tZW1vcnlfYWxsb2NhdGlvbl9ieXRlcyJ9LHsiZXhwciI6InN1bShhdmcoa3ViZV9wb2Rfb3duZXJ7b3duZXJfa2luZD1cIkRhZW1vblNldFwifSkgYnkgKHBvZCkgKiBzdW0oY29udGFpbmVyX21lbW9yeV9hbGxvY2F0aW9uX2J5dGVzKSBieSAocG9kKSkgLyBzdW0oa3ViZV9ub2RlX2luZm8pIiwibGFiZWxzIjp7ImRhZW1vbnNldCI6InRydWUifSwicmVjb3JkIjoia3ViZWNvc3Rfc2F2aW5nc19tZW1vcnlfYWxsb2NhdGlvbl9ieXRlcyJ9XX1dfX0sInNlcnZpY2VBY2NvdW50cyI6eyJhbGVydG1hbmFnZXIiOnsiY3JlYXRlIjp0cnVlfSwibm9kZUV4cG9ydGVyIjp7ImNyZWF0ZSI6dHJ1ZX0sInB1c2hnYXRld2F5Ijp7ImNyZWF0ZSI6dHJ1ZX0sInNlcnZlciI6eyJhbm5vdGF0aW9ucyI6e30sImNyZWF0ZSI6dHJ1ZX19fSwicmVtb3RlV3JpdGUiOnt9LCJyZXBvcnRpbmciOnsiZXJyb3JSZXBvcnRpbmciOnRydWUsImxvZ0NvbGxlY3Rpb24iOnRydWUsInByb2R1Y3RBbmFseXRpY3MiOnRydWUsInZhbHVlc1JlcG9ydGluZyI6dHJ1ZX0sInNlcnZpY2UiOnsiYW5ub3RhdGlvbnMiOnt9LCJsYWJlbHMiOnt9LCJwb3J0Ijo5MDkwLCJ0YXJnZXRQb3J0Ijo5MDkwLCJ0eXBlIjoiQ2x1c3RlcklQIn0sInNlcnZpY2VBY2NvdW50Ijp7ImFubm90YXRpb25zIjp7fSwiY3JlYXRlIjp0cnVlfSwic2lnVjRQcm94eSI6eyJleHRyYUVudiI6bnVsbCwiaG9zdCI6ImFwcy13b3Jrc3BhY2VzLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tIiwiaW1hZ2UiOiJwdWJsaWMuZWNyLmF3cy9hd3Mtb2JzZXJ2YWJpbGl0eS9hd3Mtc2lndjQtcHJveHk6bGF0ZXN0IiwiaW1hZ2VQdWxsUG9saWN5IjoiQWx3YXlzIiwibmFtZSI6ImFwcyIsInBvcnQiOjgwMDUsInJlZ2lvbiI6InVzLXdlc3QtMiJ9LCJzdXBwb3J0TkZTIjpmYWxzZSwidG9sZXJhdGlvbnMiOltdfQ== - name: READ_ONLY value: "false" - name: PROMETHEUS_SERVER_ENDPOINT @@ -20689,8 +20372,6 @@ spec: value: /var/db/ - name: CLUSTER_PROFILE value: production - - name: REMOTE_WRITE_PASSWORD - value: admin - name: EMIT_POD_ANNOTATIONS_METRIC value: "false" - name: EMIT_NAMESPACE_ANNOTATIONS_METRIC @@ -20766,7 +20447,7 @@ spec: - name: MAX_QUERY_CONCURRENCY value: "5" - name: UTC_OFFSET - value: + value: "0" - name: CLUSTER_ID value: cluster-one - name: SQL_ADDRESS @@ -20787,12 +20468,19 @@ spec: configMapKeyRef: name: kubecost-cost-analyzer key: kubecost-token - - image: gcr.io/kubecost1/frontend:prod-1.106.0 - + - image: gcr.io/kubecost1/frontend:prod-1.106.3 + env: - name: GET_HOSTS_FROM value: dns name: cost-analyzer-frontend + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true volumeMounts: - name: tmp mountPath: /tmp From 9554511d99149c3c6a1a2efa3fd8e42d6866dc8e Mon Sep 17 00:00:00 2001 From: Neal Ormsbee Date: Wed, 18 Oct 2023 11:09:49 -0600 Subject: [PATCH 08/28] Automatically use the Aggregator-compatible image for a release when it is enabled. Otherwise users would have to set the full image name manually --- cost-analyzer/templates/cost-analyzer-deployment-template.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index f8104c6d3..bcc85261a 100644 --- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -1068,6 +1068,8 @@ spec: - image: {{ .Values.kubecostFrontend.fullImageName }} {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }} + {{- else if .Values.kubecostAggregator.enabled }} + - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }}-aggregator {{- else }} - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} {{ end }} From 775953ff56c480f789744dc236c8f74847bc443d Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Wed, 18 Oct 2023 13:57:20 -0400 Subject: [PATCH 09/28] update perms (#2662) Signed-off-by: chipzoller --- .../cost-analyzer-cluster-role-template.yaml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml b/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml index e8c2a7a40..60c1b5bd2 100644 --- a/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml @@ -29,13 +29,13 @@ rules: - '' resources: - configmaps - - deployments - nodes - pods - events - services - resourcequotas - replicationcontrollers + - replicasets - limitranges - persistentvolumeclaims - persistentvolumes @@ -45,16 +45,6 @@ rules: - get - list - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch {{- $isLeaderFollowerEnabled := include "cost-analyzer.leaderFollowerEnabled" . }} {{- if $isLeaderFollowerEnabled }} - apiGroups: @@ -72,6 +62,7 @@ rules: - daemonsets - replicasets verbs: + - get - list - watch - apiGroups: From 40c1fcb82d4e28d128ccd4108fc86221d620c6f4 Mon Sep 17 00:00:00 2001 From: Nik Willwerth Date: Mon, 16 Oct 2023 19:50:57 -0500 Subject: [PATCH 10/28] Added /savings/localLowDisks proxy for Aggregator. --- .../cost-analyzer-frontend-config-map-template.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index 0d522ccdf..4c6727ea2 100755 --- a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -528,6 +528,13 @@ data: proxy_set_header Connection ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + location = /model/savings/localLowDisks { + proxy_read_timeout 300; + proxy_pass http://aggregator/savings/localLowDisks; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location = /model/reports/allocation { proxy_read_timeout 300; From d566731c3a2f1deb6ffbccd8b2628bff8c1c993c Mon Sep 17 00:00:00 2001 From: Alex Meijer Date: Wed, 18 Oct 2023 14:53:20 -0400 Subject: [PATCH 11/28] add ability to override cc sa name Signed-off-by: Alex Meijer --- cost-analyzer/templates/_helpers.tpl | 7 +++++-- cost-analyzer/values.yaml | 4 ++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cost-analyzer/templates/_helpers.tpl b/cost-analyzer/templates/_helpers.tpl index e2227c856..9d7ccefc3 100755 --- a/cost-analyzer/templates/_helpers.tpl +++ b/cost-analyzer/templates/_helpers.tpl @@ -134,9 +134,12 @@ Create the name of the service account {{- end -}} {{- end -}} {{- define "cloudCost.serviceAccountName" -}} - {{ (include "cloudCost.fullname" .) }} +{{- if .Values.kubecostAggregator.cloudCost.serviceAccountName -}} + {{ .Values.kubecostAggregator.cloudCost.serviceAccountName }} +{{- else -}} + {{ template "cost-analyzer.serviceAccountName" . }} +{{- end -}} {{- end -}} - {{/* Network Costs name used to tie autodiscovery of metrics to daemon set pods */}} diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index dd0cce62d..26369415a 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -959,6 +959,10 @@ kubecostAggregator: # fullImageName: cloudCost: enabled: false + # by default, the aggregator cloud cost pod uses the same service account as the cost analyzer + # if a custom service account is desired for the aggregator cloud cost pod only, provide the name + # of a pre-existing service account for the Kubecost Aggregator cloud cost pod to use here + # serviceAccountName: replicas: 1 enabled: false resources: {} From f850bab8148422179bcbc2bba53467b5195212ee Mon Sep 17 00:00:00 2001 From: Alex Meijer Date: Wed, 18 Oct 2023 16:07:42 -0400 Subject: [PATCH 12/28] add missing bracket Signed-off-by: Alex Meijer --- .../templates/cost-analyzer-frontend-config-map-template.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index 4c6727ea2..f96f0d7be 100755 --- a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -528,6 +528,7 @@ data: proxy_set_header Connection ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } location = /model/savings/localLowDisks { proxy_read_timeout 300; proxy_pass http://aggregator/savings/localLowDisks; From 39ed317aa34aca5a86df439d409dcb98a83f7894 Mon Sep 17 00:00:00 2001 From: nickcurie Date: Wed, 18 Oct 2023 16:44:20 -0700 Subject: [PATCH 13/28] pv sizing proxy for wf --- .../cost-analyzer-frontend-config-map-template.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index f96f0d7be..3894f70ac 100755 --- a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -537,6 +537,14 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } + location = /model/savings/persistentVolumeSizing { + proxy_read_timeout 300; + proxy_pass http://aggregator/savings/persistentVolumeSizing; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } location = /model/reports/allocation { proxy_read_timeout 300; proxy_pass http://aggregator/reports/allocation; From 88e8361f44d4c7aabf7926ee5257d7e255a03609 Mon Sep 17 00:00:00 2001 From: Jesse Goodier <31039225+jessegoodier@users.noreply.github.com> Date: Thu, 19 Oct 2023 08:50:03 -0400 Subject: [PATCH 14/28] setting to 50h to match etl retention time (#2667) --- cost-analyzer/values-agent.yaml | 3 ++- cost-analyzer/values.yaml | 14 ++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/cost-analyzer/values-agent.yaml b/cost-analyzer/values-agent.yaml index da097271f..4f790b455 100644 --- a/cost-analyzer/values-agent.yaml +++ b/cost-analyzer/values-agent.yaml @@ -72,10 +72,11 @@ prometheus: action: keep regex: {{ template "cost-analyzer.networkCostsName" . }} server: + retention: 50h + # retentionSize: 1Gi extraArgs: storage.tsdb.min-block-duration: 2h storage.tsdb.max-block-duration: 2h - storage.tsdb.retention: 10h securityContext: runAsNonRoot: true runAsUser: 1001 diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 26369415a..b97e3299e 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -695,6 +695,8 @@ prometheus: # operator: "Equal|Exists" # value: "value" # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # retention: 50h This must be greater than or equal to etlHourlyStoreDurationHours + # retentionSize: should be significantly greater than the storage used in the number of hours set in etlHourlyStoreDurationHours alertmanager: enabled: false persistentVolume: @@ -942,21 +944,21 @@ kubecostDeployment: configVolumeSize: 1Gi initImage: {} -# The Kubecost Aggregator is a high scale implementation of kubecost +# The Kubecost Aggregator is a high scale implementation of kubecost # intended for large datasets and/or high query load. -# At present, this should only be enabled when recommended +# At present, this should only be enabled when recommended # by Kubecost staff. kubecostAggregator: # by default, the aggregator uses the same service account as the cost analyzer # if a custom service account is desired for the aggregator only, provide the name # of a pre-existing service account for the Kubecost Aggregator to use here - #serviceAccountName: + #serviceAccountName: jaeger: enabled: false image: jaegertracing/all-in-one imageVersion: latest - # containerSecurityContext: - # fullImageName: + # containerSecurityContext: + # fullImageName: cloudCost: enabled: false # by default, the aggregator cloud cost pod uses the same service account as the cost analyzer @@ -1155,7 +1157,7 @@ federatedETL: ## To use this feature, ensure you have run the `create-admission-controller.sh` ## script. This generates a k8s secret with TLS keys/certificats and a ## corresponding CA bundle. -## +## kubecostAdmissionController: enabled: false secretName: webhook-server-tls From 20daa70ee7568b2cf65ba9d7128564eccf9d477e Mon Sep 17 00:00:00 2001 From: Jesse Goodier <31039225+jessegoodier@users.noreply.github.com> Date: Thu, 19 Oct 2023 17:01:17 -0400 Subject: [PATCH 15/28] label consistency (#2673) --- cost-analyzer/templates/_helpers.tpl | 14 +++++++------- .../templates/aggregator-statefulset.yaml | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cost-analyzer/templates/_helpers.tpl b/cost-analyzer/templates/_helpers.tpl index 9d7ccefc3..402677a48 100755 --- a/cost-analyzer/templates/_helpers.tpl +++ b/cost-analyzer/templates/_helpers.tpl @@ -221,7 +221,7 @@ app: federator {{- end -}} {{- define "aggregator.commonLabels" -}} {{ include "cost-analyzer.chartLabels" . }} -app: kubecost-aggregator +app: aggregator {{- end -}} {{- define "cloudCost.commonLabels" -}} {{ include "cost-analyzer.chartLabels" . }} @@ -249,7 +249,7 @@ app: federator {{- define "aggregator.selectorLabels" -}} app.kubernetes.io/name: {{ include "aggregator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -app: kubecost-aggregator +app: aggregator {{- end -}} {{- define "cloudCost.selectorLabels" -}} app.kubernetes.io/name: {{ include "cloudCost.name" . }} @@ -303,9 +303,9 @@ Return the appropriate apiVersion for podsecuritypolicy. {{/* Recursive filter which accepts a map containing an input map (.v) and an output map (.r). The template -will traverse all values inside .v recursively writing non-map values to the output .r. If a nested map -is discovered, we look for an 'enabled' key. If it doesn't exist, we continue traversing the -map. If it does exist, we omit the inner map traversal iff enabled is false. This filter writes the +will traverse all values inside .v recursively writing non-map values to the output .r. If a nested map +is discovered, we look for an 'enabled' key. If it doesn't exist, we continue traversing the +map. If it does exist, we omit the inner map traversal iff enabled is false. This filter writes the enabled only version to the output .r */}} {{- define "cost-analyzer.filter" -}} @@ -343,8 +343,8 @@ The implied use case is {{ template "cost-analyzer.filterEnabled" .Values }} {{/* This template runs the full check for leader/follower requirements in order to determine -whether it should be configured. This template will return true if it's enabled and all -requirements are met. +whether it should be configured. This template will return true if it's enabled and all +requirements are met. */}} {{- define "cost-analyzer.leaderFollowerEnabled" }} {{- if .Values.kubecostDeployment }} diff --git a/cost-analyzer/templates/aggregator-statefulset.yaml b/cost-analyzer/templates/aggregator-statefulset.yaml index 29d0fb6dc..7c35052e2 100644 --- a/cost-analyzer/templates/aggregator-statefulset.yaml +++ b/cost-analyzer/templates/aggregator-statefulset.yaml @@ -15,7 +15,7 @@ spec: matchLabels: app.kubernetes.io/name: aggregator app.kubernetes.io/instance: {{ .Release.Name }} - app: kubecost-aggregator + app: aggregator volumeClaimTemplates: - metadata: name: persistent-configs @@ -48,7 +48,7 @@ spec: labels: app.kubernetes.io/name: aggregator app.kubernetes.io/instance: {{ .Release.Name }} - app: kubecost-aggregator + app: aggregator spec: restartPolicy: Always {{- if .Values.kubecostAggregator.securityContext }} From 3c4ecd6bf55c3fb29440ad6224d80d213c049dd5 Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Thu, 19 Oct 2023 18:34:28 -0400 Subject: [PATCH 16/28] Add version matrix and more tests (#2664) * add matrix Signed-off-by: chipzoller * add 1.20-1.22 Signed-off-by: chipzoller --------- Signed-off-by: chipzoller --- .github/workflows/chart.yaml | 6 ++++++ README.md | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml index a0fe95619..dae0f7d27 100644 --- a/.github/workflows/chart.yaml +++ b/.github/workflows/chart.yaml @@ -36,6 +36,12 @@ jobs: fail-fast: false matrix: k8s-version: + - name: v1.20 + version: v1.20.15 + - name: v1.21 + version: v1.21.14 + - name: v1.22 + version: v1.22.17 - name: v1.23 version: v1.23.17 - name: v1.24 diff --git a/README.md b/README.md index 8b4cb518a..b1bc4c69e 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,16 @@ This is the official Helm chart for [Kubecost](https://www.kubecost.com/), an enterprise-grade application to monitor and manage Kubernetes spend. Please see the [website](https://www.kubecost.com/) for more details on what Kubecost can do for you and the official documentation [here](https://docs.kubecost.com/), or contact [team@kubecost.com](mailto:team@kubecost.com) for assistance. +## Version Support + +Kubecost strives to support as many versions of Kubernetes as possible. Below is the version support matrix which has been tested. Versions outside of the stated range may still work but are untested. + +| Chart Version | Kubernetes Min | Kubernetes Max | +|--------------------------------|----------------|----------------| +| 1.106 | 1.20 | 1.28 | + +## Installation + To install via Helm, run the following command. ```sh From fe5564e9f87226196e018a88fefec6096134e840 Mon Sep 17 00:00:00 2001 From: Jesse Goodier <31039225+jessegoodier@users.noreply.github.com> Date: Fri, 20 Oct 2023 14:25:36 -0400 Subject: [PATCH 17/28] consistent image name for aggregator (#2676) --- cost-analyzer/templates/cost-analyzer-deployment-template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index bcc85261a..03ed9caff 100644 --- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -1069,7 +1069,7 @@ spec: {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }} {{- else if .Values.kubecostAggregator.enabled }} - - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }}-aggregator + - image: {{ .Values.kubecostFrontend.image }}:prod-aggregator-{{ $.Chart.AppVersion }} {{- else }} - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} {{ end }} From 9c3e5911e86193acb800e217f4040a072d73c740 Mon Sep 17 00:00:00 2001 From: Jesse Goodier <31039225+jessegoodier@users.noreply.github.com> Date: Fri, 20 Oct 2023 14:54:34 -0400 Subject: [PATCH 18/28] update securityContexts (#2669) --- cost-analyzer/values.yaml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index b97e3299e..8c2a06072 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -223,9 +223,11 @@ global: runAsNonRoot: true seccompProfile: type: RuntimeDefault - fsGroup: 65534 - runAsGroup: 65534 - runAsUser: 65534 + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 + + fsGroupChangePolicy: OnRootMismatch containerSecurityContext: allowPrivilegeEscalation: false privileged: false @@ -919,9 +921,10 @@ kubecostDeployment: queryServiceReplicas: 0 queryService: securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsUser: 65534 + runAsGroup: 1001 + runAsUser: 1001 + fsGroup: 1001 + fsGroupChangePolicy: OnRootMismatch runAsNonRoot: false seccompProfile: type: RuntimeDefault From 3f670cd2c4a09c97fbee479af7483a50a9feb453 Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Fri, 20 Oct 2023 14:56:52 -0400 Subject: [PATCH 19/28] Begin Helm testing (#2674) * add basic health test Signed-off-by: chipzoller * start testing Signed-off-by: chipzoller * increase wait Signed-off-by: chipzoller * install prometheus and grafana Signed-off-by: chipzoller * clean Signed-off-by: chipzoller --------- Signed-off-by: chipzoller --- .github/workflows/chart.yaml | 9 ++- cost-analyzer/templates/tests/_helpers.tpl | 5 ++ .../templates/tests/basic-health.yaml | 59 +++++++++++++++++++ 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 cost-analyzer/templates/tests/_helpers.tpl create mode 100644 cost-analyzer/templates/tests/basic-health.yaml diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml index dae0f7d27..963996511 100644 --- a/.github/workflows/chart.yaml +++ b/.github/workflows/chart.yaml @@ -69,5 +69,10 @@ jobs: - name: Install Kubecost chart working-directory: ./cost-analyzer - run: | - helm install --wait --wait-for-jobs kubecost . --namespace kubecost --create-namespace --set global.prometheus.enabled=false --set global.grafana.enabled=false + run: helm install --wait --wait-for-jobs kubecost . -n kubecost --create-namespace + + - name: Wait for ready + run: kubectl wait --namespace kubecost --for=condition=ready pod --selector app.kubernetes.io/name=cost-analyzer --timeout=120s + + - name: Run Helm tests + run: helm test -n kubecost kubecost \ No newline at end of file diff --git a/cost-analyzer/templates/tests/_helpers.tpl b/cost-analyzer/templates/tests/_helpers.tpl new file mode 100644 index 000000000..8c1e53a56 --- /dev/null +++ b/cost-analyzer/templates/tests/_helpers.tpl @@ -0,0 +1,5 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "kubecost.test.annotations" -}} +helm.sh/hook: test +{{- end -}} diff --git a/cost-analyzer/templates/tests/basic-health.yaml b/cost-analyzer/templates/tests/basic-health.yaml new file mode 100644 index 000000000..4bf072c18 --- /dev/null +++ b/cost-analyzer/templates/tests/basic-health.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Pod +metadata: + name: basic-health + namespace: {{ .Release.Namespace }} + annotations: + {{- include "kubecost.test.annotations" . | nindent 4 }} +spec: + serviceAccountName: tester + restartPolicy: Never + containers: + - name: test-kubecost + image: alpine/k8s:1.26.9 + command: + - /bin/sh + args: + - -c + - >- + svc=$(kubectl -n {{ .Release.Namespace }} get svc -l app.kubernetes.io/name=cost-analyzer -o json | jq -r .items[0].metadata.name); + echo Getting current Kubecost state.; + response=$(curl -sL http://${svc}:9090/model/getConfigs); + code=$(echo ${response} | jq .code); + if [ "$code" -eq 200 ]; then + echo "Got Kubecost working configuration. Successful." + exit 0 + else + echo "Failed to fetch Kubecost configuration. Response was $response" + exit 1 + fi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: test-role + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: test-rolebinding + namespace: {{ .Release.Namespace }} +subjects: +- kind: ServiceAccount + name: tester + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: test-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tester + namespace: {{ .Release.Namespace }} \ No newline at end of file From ae9f321678ece3458c176266abd8fb507d773363 Mon Sep 17 00:00:00 2001 From: Jesse Goodier <31039225+jessegoodier@users.noreply.github.com> Date: Sun, 22 Oct 2023 15:17:57 -0400 Subject: [PATCH 20/28] networkCosts service discovery (#2677) --- cost-analyzer/values.yaml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 8c2a06072..10ce5088a 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -663,9 +663,12 @@ prometheus: - role: pod relabel_configs: # Scrape only the the targets matching the following metadata - - source_labels: [__meta_kubernetes_pod_label_app] + - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance] action: keep - regex: {{ template "cost-analyzer.networkCostsName" . }} + regex: kubecost + - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name] + action: keep + regex: network-costs server: # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID # to use as unique cluster ID in kubecost cost-analyzer deployment. @@ -881,7 +884,10 @@ networkCosts: podMonitor: enabled: false additionalLabels: {} - additionalLabels: {} + # match the default extraScrapeConfig + additionalLabels: + app.kubernetes.io/instance: kubecost + app.kubernetes.io/name: network-costs nodeSelector: {} annotations: {} healthCheckProbes: {} From 66280ebe7f3368132104abf570b46a916d9ff30b Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Mon, 23 Oct 2023 08:07:46 -0400 Subject: [PATCH 21/28] remove replicasets from core (#2678) Signed-off-by: chipzoller --- cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml b/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml index 60c1b5bd2..94d25aaa0 100644 --- a/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml @@ -35,7 +35,6 @@ rules: - services - resourcequotas - replicationcontrollers - - replicasets - limitranges - persistentvolumeclaims - persistentvolumes From 5e9248f351fd46bb99c5a8549279c32dd09183a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 15:30:15 -0400 Subject: [PATCH 22/28] Bump actions/checkout from 4.1.0 to 4.1.1 (#2683) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml index 963996511..21382f80d 100644 --- a/.github/workflows/chart.yaml +++ b/.github/workflows/chart.yaml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Helm lint working-directory: ./cost-analyzer @@ -58,7 +58,7 @@ jobs: name: ${{ matrix.k8s-version.name }} test steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Create KinD cluster uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 From 494a2d609e56cca5bda886c038e22e671edab063 Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Mon, 23 Oct 2023 20:02:11 -0400 Subject: [PATCH 23/28] [Feature] Development guide and devcontainers (#2680) * devcontainers Signed-off-by: chipzoller * add development guide Signed-off-by: chipzoller --------- Signed-off-by: chipzoller --- .devcontainer/cluster/Dockerfile | 18 ++++++++++++++++++ .devcontainer/cluster/devcontainer.json | 13 +++++++++++++ .devcontainer/devcontainer.json | 4 ++++ .devcontainer/tools.sh | 4 ++++ DEVELOPMENT.md | 24 ++++++++++++++++++++++++ docs/images/custom-devcontainer.png | Bin 0 -> 18526 bytes 6 files changed, 63 insertions(+) create mode 100644 .devcontainer/cluster/Dockerfile create mode 100644 .devcontainer/cluster/devcontainer.json create mode 100644 .devcontainer/devcontainer.json create mode 100644 .devcontainer/tools.sh create mode 100644 DEVELOPMENT.md create mode 100644 docs/images/custom-devcontainer.png diff --git a/.devcontainer/cluster/Dockerfile b/.devcontainer/cluster/Dockerfile new file mode 100644 index 000000000..0cdf5232f --- /dev/null +++ b/.devcontainer/cluster/Dockerfile @@ -0,0 +1,18 @@ +FROM ubuntu:22.04@sha256:2b7412e6465c3c7fc5bb21d3e6f1917c167358449fecac8176c6e496e5c1f05f + +RUN apt-get update && apt-get install -y sudo git curl wget apt-transport-https ca-certificates gnupg-agent software-properties-common +ARG USERNAME=root +RUN echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + && chmod 0440 /etc/sudoers.d/$USERNAME + +# Install Docker +RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +RUN echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null +RUN apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io + +# Expose ports for Minikube and Docker +EXPOSE 22 80 2375 8443 + +CMD ["/bin/bash"] \ No newline at end of file diff --git a/.devcontainer/cluster/devcontainer.json b/.devcontainer/cluster/devcontainer.json new file mode 100644 index 000000000..958fc39e2 --- /dev/null +++ b/.devcontainer/cluster/devcontainer.json @@ -0,0 +1,13 @@ +{ + "name": "Cluster", + "build": { + "dockerfile": "Dockerfile" + }, + "remoteUser": "root", + "mounts": ["source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"], + "runArgs": ["--privileged", "--network=host", "-p", "22:22", "-p", "80:80", "-p", "2375:2375", "-p", "8443:8443"], + "features": { + "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {} + }, + "postCreateCommand": "./.devcontainer/tools.sh" +} \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 000000000..10c5d4821 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,4 @@ +{ + "name": "Default", + "postCreateCommand": "./.devcontainer/tools.sh" +} \ No newline at end of file diff --git a/.devcontainer/tools.sh b/.devcontainer/tools.sh new file mode 100644 index 000000000..ddff79c3c --- /dev/null +++ b/.devcontainer/tools.sh @@ -0,0 +1,4 @@ +#! /bin/bash + +## Install yq +sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq \ No newline at end of file diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md new file mode 100644 index 000000000..2d4e278a0 --- /dev/null +++ b/DEVELOPMENT.md @@ -0,0 +1,24 @@ +# Kubecost Helm Chart Development Guide + +This guide contains tips on setting up a development environment for the Kubecost Helm chart. + +> [!IMPORTANT] +> Following some of these steps may involve billing charges by GitHub for either an individual account or organization. + +## Developing with Codespaces and Devcontainers + +GitHub includes a feature called [Codespaces](https://github.com/features/codespaces) which allows you to set up an instant, fully-provisioned development environment in the cloud in seconds. This is a containerized environment powered by [Development Containers](https://containers.dev/) ("devcontainers") which have all the necessary project-specific tools to get started. + +This repository contains two such devcontainers to aid in easy development, testing, and contribution. The first, which is the default, contains basic tools such as `helm` and `kubectl` along with some other commonly-used tools for Chart development. This default devcontainer will be the one used if no other selection is chosen. Follow the process [here](https://docs.github.com/en/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository#creating-a-codespace-for-a-repository) to create a Codespaces environment using the default devcontainer. + +The second devcontainer provides a Docker-in-Docker experience allowing you to test/develop your Helm chart changes as well as deploy them to a running cluster all inside the Codespaces environment. In order to create this more advanced Codespaces environment, follow the guide [here](https://docs.github.com/en/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository#creating-a-codespace-for-a-repository) at step four and then select the "Cluster" configuration as shown below. You may also wish to use a larger machine type such as the 4-core option if you intend on actually deploying Kubecost. + +![Custom devcontainer profile](/docs/images/custom-devcontainer.png) + +This Cluster profile includes Docker and Minikube allowing you to not only develop against the Helm chart but also fully deploy, as opposed to just rendering, the Chart to inspect changes. When running Minikube in this devcontainer, pass the `--force` flag to permit Minikube to run as root. + +```sh +minikube start --force +``` + +For more information on GitHub Codespaces, see the reference documentation [here](https://docs.github.com/en/codespaces/overview). diff --git a/docs/images/custom-devcontainer.png b/docs/images/custom-devcontainer.png new file mode 100644 index 0000000000000000000000000000000000000000..182bfba9bb1d72bbb97c6c735fb9f87bc6a5fbf1 GIT binary patch literal 18526 zcmch<1yq#pyDmJ6f}(&ymq<#NfHX?CbT^2^fOLb15>hgBOLv!aDM(9qNQX2tzzj2U z-of90@9*rr*8cW6XRYm$_3%FL(|KR_b-jeWR*}WSCC3GUKzQ!p=xC^|wi+Q8r_{P=4%-ITL^bUAw ziPkZ5cCc}<26a$uh5&ImfAhOJTUddh=%BrSC6jangRLA~L9oGub|4NLlT6db)!qtJ zcreBU0?~lvrCw@!ru|v8bJf&pJ4cwz28Xjx7r(`cyJIBHurJn2Ea=J=*7+1R(;xLd zRk7#STNxig*(%YC`z^UcuuoLNWjw*Pi`!(hVx!x<*)t03AjC7uyHAxvYa3}K#w%(u{6={3s}@XI4L81tw-`jHpc@mcy5hq9ZURjNJsuu# z#lrj&L3s<9DiBDC?mZ?jCBJbC6OP}Z!30S%pc_EY@%-i;%wzsT2~5DXe}&56^6Dov zdSUjVCyFZZGYk_gmor|Vx-;+CHhOH)t3>6uq*(zoL^KASOmt4Ok(inc5DR_kGUktJ7%QCf# zChst2J*lp)er_{nshsjcPqzI+sX#ST#Vg%L$&6(@80OwcivmydpYeTlG~iFL%5}$# zfjLmbqz}v|{c1DU+sB7@k@8H#(Xj&EER1Lsf1ng}RuTBN6f*9RINtWE!ZmLDI9;oW zXFn3tyGh&A5s@?B#GQQ8FW%m5v1~maDduE`Qhu-ZGZp&Ni)NGUfF;u*XgBt~Z&z?K zcIS<0=vmtCXl_`nhOsI(RwxfUTa1wH^q$*VjddjeP{?o;URom*VGB6zy@Z;LNQ6{Qo8|-O`8R$#_QL*DP8QFv94!<6E zCar$WC@d#9@J6=E$Tv3GyO*vJ*v=!UARMuNQMrOzO*vA#g??O`#(u5b^D*m&z@UM+ ztBmHH(hAETS_v1ha6staaPN;Qhtv&RU6YJ+x?U z7jcg(V_po~km1p2mlwY-C$Gy98&#u%pINM3>>;?Z)Y{udQtrgZSM^{v5$VUX_OPa0 z{c@P?nq&@j&GN%Wj;Dh-lN7bh+4>EwqviAT`wsSTmi(bF3Yp3cp6>ffMmIF<9ZUE@ z@8)1u{r!%(BJFs?=GP>~o>}_n;~4y_k%UmB&JgP_Rck@l{PPI%<>f4k#ijdogh5ux zTpQ*l)j|HdNoA@FPYQBGffD3muQH9wfqze#?fTj)ekE~RKqnK^n_OkeVf=?vO#2S< zW2*c3L!2!#nN&N!eu(#tCi7a?UXC0)JWb^)F&rsP$Y^a>2?@!CjuLNoD&L-KxH>1d zxqCJ{J8O&Vl?`H{o1F>Jtq26_>iGHY_ov5a8;R*~M93342*VZu$n|>i(#W6mB{l>*2IfGYi;D2!2Czd?uPxU$cqc^H1Y$)2DlN zM{tv#g@(0Ok2;s$sOJrZ=n#qf?yb@kDRScAS3SGq-n?Tw-T?wO?^p*OnAbl! zWQEE%8vtqOpD`!g_I@|+*TnK#M^bVXxtF-JW2D~K?P%LK8gkZA67oTIxCI(roZO%q ze?GnQF6|Val4p?Nr;sPu(>sj4b|tY0^tna)^n;a~?Lc??lwAlsf$+|Q?4Zz?MWu--df#N2vPo&$Hw2o# z44&hV%)p0oYj-BDxZ`tcgw05lQx<2bc>MRREod2 zPxLmks@)!`7B6-ww;+rDvrr`|yyPQr;YEL&;1Mt8mLN4}?eFJ%^CwAcKHAL(IvW#( zBH}N3?cxHnbD3d#wU&>~t_Swjt$dYd``YRqnqz-HATz;GRI#EJ9$de06}QR$h1`S8 zs_5m&fr7K~#bBTs`tpUT_yVM`c_LYKsJXKD~435d7PFazC+Ksjbf_0*o=6L z;HwqKK_M{_eAh$uhy>;N0UZ!>!d=#^?<(O^w?5Ue`cbcGW3w>^;X=HJGC;5y9|>y~ z3?a5`m%48^*#;=;rl>(qKlHX{v8TJZjdb7pkosl`{$3#(CCE0(ESoow11ovyc);Tm zLwE1*eAJd~5^Wc_htTiz1Q-;9(dYBrBpT<-9HPjhJnzlE0?l?^h)|uCUyzU^{(QTk z_d5;KcKZG4Q!~y$yQ@9_#TwhDdXW~^>IM3(OR6!ubF}<8|6&1L`TSDAjlb{&byN-8 zyKE=^2(xR?Fv%!RT(B~pTawz>H7t^jYMXEML7RAOnq*njaTfk~TsN*=dh*$~(PDp( z&P1S;Im$>y0ne=U;WUM@LyM5Q+mNK*f$2d1#JSKQbgvx`1Tv@S7f@UFMo_{3$c3O# zzj1(VDfPtP^EG;TS&S4?9n$a{I<@QC5+(%ZeQ*#=UKTsyA(2!;vDquwH=f&6r@Uip zzL{<}o%)cDk0#7kpq&WR!F9Udu)Mt*?sC>{_#1t-_+?Pc^o2Pd#-_n8J4U7pjr-{H zzF9A>gVOmuf-%}gaCBSaeXP^nAd;?DI63fBa~m@H+_INa_Q7Pa=tB{z+sMGSc5$-Z zc|9R5iUVwfs3*)&-&iVj!z;^z!`zEZ{WA#Fg6SFFN)CEUQiiiyIo_ju;wCT)48^PH zUGnFZ&1=WI^`Gh$!E;S8Fchik1)3&oSg>4HYje=8ks6i==wgS$e@noK~^K)4|_jGBNBZsM` zMEy0QM|x3ZK+hGmR&ejrmQ{NhPc&g$tPsYlYnj^NQR|r6jWyLdDn0}s6W~&nlhl=u ztgw0^7QtZsxWtP6a_zokCW8h`mp3Ip#u-X@O-@?a`}n`Lg@4=hU3?wG=>d-16@jEF zY8fZ7dq~aWI4d9bYkjD`>Bb&YKk?Sc)RdxzGS#8*8N^yKa@P=2cjOSSxQpmQT!pS( zVQn{Sttb=v*4ZNT<(-0REvdam|tJS@Me(_IPCjaY;29|7lz852{-%Z*aXuc zh;$A-w)defL)CqZC22(QEO#h(9byTm{O3XC%*KuU1|O>FdzC#D%1Mw|hVs=vID4mB zW#=Q-T85OJhd2)mz78>_&P_aeRxxre3X&g)IGw*!!6~1K9T0R}Zen!TKb6^D0JM_k zx;bHEWo1>=&>%3b-1*>VfB#srMuCR$2r#QkT*Q(3_YS9a`KB(Im0r$P>#zN(CMs#s zoNKD@Nz&6z`G75ZT-#Tc=R6~lVh)}Z(@E9T%`K`I5u7LnOY$Uzw{3dbCCv}y~c^|-I8yz?1!d&IBTEV_$NZJlkdn!2#)#qumdtAfnPxfvLZAJxEY zXeBO`+t1zuLrRpF)^C4*xRoMG?G=~Xiq)9!xxvUbzJVm>fGry+4^p5{z3oawaK zIZVRzQ~Oz8?Q3O9cLRO6*kEKGSUk!uZEw;jN%zq_SJzl@u6OJk-yKsBR78ds8a=#3 zjqVpt?5YQd*G{yV8u}#ar_6t_`nkxcGvl>?z@Sg)^3W}tXNYIM;26%mPCDps=|14ldV zmADh-x^9g+6RC(4{%fXv zG}q&@z}&|!6?YKpv8u#+z7V#}VW#&$Hi`aQA8<@Gi#EJTN<O=xIF;7>225f^8x%xCJmAdBAcagfFr+*98{X;QNyoP2Ad`sIE$E?BkyDN;G*IlV} z@r(Gg7cTIKwo6!U6xE)JXQ?!5W9$UFKZyE7a6SJ&zepTCFl@7n>4_pM$-J^`vW!tl zKN$58UAC%^>0Y?h+p-(WWlnkS^ttWoq);VOkjhJfCTNgW&sXLFx15b37PoBlfqi0$ z=CQ55Q;iyUE}3<_P{LOsnqTIfD;~}cPBhwxmi>E!vB|e zJ3`xfBqM%9F}YQJGO1d7T@c7x2(cwygh;yWl?X zpY`lBi{|oDIi8h`W8YUpy*iC@Sh}~XO1=T)h7|?WGpx3`pQ8YY-la}&!Hl?C_O*gX=4)nVlYi_#Z zc71cPtCe4!*iZW)_4ThA--gSXcorj`I_DvI-LCdK=5qIgdcRRm)SnCIF4(zQ9340%^MA|} zY&GDM%_1y})F%@W@Jdm5HpvKI_$fqtXiS0N*OtyTy8T98+reJPPr5wUa1ka`i2B)d zb3bZw`1?lhVbGC_06C(&f*EVNt%?nH&Q+jr7#!bjW-)U=u!_@FIgsq51cil(MGGnt z>GvHDzJJwp10=C~tLqcsfhY#9nH(@#AK)6`d$TYjHXkBHNr8Ripq!#LVL9xt+c1sqX6)-r#GV+Oi)Rc+Kg%CrV^WYg?5>|owy<-S|Yju}gaRMY)3y9n0Atb*hTaLFJ-^)Wggi@EVoy+ zN0Wldzq?_9-cMMpnjMXehIG@u4}I<4TCNsitmk-NX>WPlL4MlM#6)qaW! zEdXEBO_92*#2-8ZTog|x9^*uUp-@z(``0KONvxsi>FHv+QhRyzHS9G*iv)TR&z&{E z7l6;V4m~F)!u`A&s^gz6w(WB8?i=jc=)O*CM#(;xmvd669i;@i$5w--0&rujP;#+R zuaReH1Z+emGJpB(Y>-K}SC>CMIz~ z`@3JBzelV;wW8Q4<{(qL3%R);K8?d@xjGj+$xVno+P?G60XVE&I=PYplOEr{^~xi) zTix*{IzlsfdfD!*BJo+X8bjl6kH(?X0wrmIZn46^^>{5|pfK(XrFB(d^0W&-F4CfJ zFjrE0bkxKi;07Ue;GvX=vyntlG_g0RMUw@s5flr&ZE$v*FRpY=uP%O_(G=6;YT)+C zS$Ju>-qS_|x`)`TOpL!o(*COiI%Hh}UW&IWLD>h8qSo|nCG}rHol1#a1 zDRO>EM^*|k;OZzn^IG)X7J7~%D7>Ez*2@=)Qtk$34wQBeaPX|dmk}!g{mOODb~;k* zx5}rDSZycO)TzAnRiH|rs-1T0y1!j69HZ)QMf*X;X<_kEk3^~2w&1U+U@ZIib^~h+ zk=~_G4xit_KZz_rJ-c%8X(qPi;(gEur%9eL_Bq)tfesYQFwda&pf=yhL%kQZCP`ri zp-aotIP!1-IAR;2S^nHm0OQi?;4$m}A)k2%q0wvaw~Bf(YbIfcDtN_hiUU|^tEYWT znZ9C~>!&;47g#?uGXgikA1iAVN#+LnkF%Sb8=m|muOl+YmU!!yxCg&TE)Gh)&^jZn z07-z>ub?7_*aoNn`D0&)TFdzviM*nQL?T0g^FKn&YOa!-4cYI>5=XvF=Lwwq%sMAW zsl|G}nj@Sh`PWeYN_9?rTitpm!FqXuw_%w4196mn_bRgz=_iHa4ciKQKZjCsi1Z4O z_wEqOG^89ZjbYb`0MrouhD3Gvl z+Q|LGZNM<_=dH*nNE`NpD^?Tc-HtBwpL7M^&E=K$&G_rTkipip?yi{=KlDd${ZK9P zHx6PstQh}&ozgI;1L^I5c{uqt&c(Fdb#ftx#Q=o}wZ*#e%Jl)a`Ujk_Yu9Ng*Xb0F zW-+!F2avI&M@KvnaE!Q|i{|1Oi_!xv=Pk+IO61hYxw6qX7ip1*42aLAR2GJR>CcFu z`XPn$kdE2&%eBAe{hbhTaTa!C0RN98YjC-vlD(iJ8_#6V?Y%Y5Z}Gbu7bl~{YsLEr zupp+NunpWvmtR6= z6DSE%H3RP9j_s;FJn+t-+D>frv$MI`+f5Ac9eLTPVhzC*{%&;DI*AKW*>Rthw|{#a zub)h&AEs#=Y*W>@dxG^gnyg-CcFQolp#dg`>oX+)x;e+Udj7nmY2EICTS2-qx?BrY zQqMW3L`#-5kt{nMC?q6b@w0!(cYo1#-$eQyPK1yaxuF!&N6Yv`c9L{U5t!U}=@SA| zq;8%ult8KKbU~aDVV%fgl0HFVo#GZQVdoqG<8ThE>O6)s1JJzD;C8)IgTwJub!r854D*#NiW2uAd{HT6Y&7OP!_{rasjwN)hJ1pgV_)II9vYcQ5i7Wfi zWnb5F>fV&{?%?EkkpoyGm?EZvVv2B2cmJO4F}>jPoc*C`ygV;waM7rHVt^ui?$M-d z_o@%D!$afRq$e^M>%N_8K1llXj<~2}KF*ixZf?3xZ%eWRkf7rzZc2LMU{jRk8?)-v zn?AK9CY>5?gej}Gmvl^Nk5g82`>01*w>ScwVBjp&RO<#deM3iMa2v3?Z)@cAM;Pd= ziybbBehvlG4%_kWhHHh4_OO>Z$6@z-1K1wrE7rTJ!0voY$g*aNuNIcm3ic}>ullAA ztAByC0_w<;b;IKcI5+8o`_b$VPUG1n{A88~K;ApYDF7QM^0ka$AuY4p?jVunktgSW z@qg(&@u-UII|I$kV6@EUmh2Vv5K4P;%j0X3A7O=q%d{juGjOze@A%=y7Ra+NDGag3 z+0W&G13OivV?+#WHAyJX7Rzo{BzKl;@sEV-Pd^ZSeM0aIgSa`&AH)}y|MZ*cYS!W? zV(>I>Td3nJK9zIk(DE{?U&x>(@)WRJR4h}28fd+KHd$5{GmY`V>U0(Kv-Z_R%Ity7{g_n{ zZrPxqKrZ3A;r`>>fbBr6g>9;S_F)HOu_FI$6V}Vfb+7}(&fjUqOIwhYMe9M+gT9TJ z>8kGmiQ?HD75YmyCnhFm&=-leZZ^i--*WdO)hfE8PQBOb<}Bl%^Klv+Y-$VQM(R-) ztos)zN&@v*7}g}a_i(UHsFw3LDui3r$sZgYifa4)#y&CfiD*iV{7P@U=(nqIL?O?z z+d#hO@kNfM90&B?Y;&+^yuZI+-O5>R-Jbwp9Apo#l;+0R7Joljf_Fnx^_UZz2?@Z)CKLSm8$9jO$nW{kmCxE`r%URYWQtLnVV?9EJW0I#ySEVY09 zGe=}Ly~o<13YQXW>md)3?QJScc|`hN_;fwONI^3h?CcT3KEtn(*h@DuK|90?)4LZg z=|;8%Wgb}p`@eMaX|0~Ui70b^5!oIoyuQyNubo=DNbQExkZR}H;*D%tcbAV!{cPn@ z*H^;PXf#_*GDokIicMU=aCjbS$3HpTxijAzn2*2GOkF6|9)r5lUPIzTCPgQvu>eop z8q}LU^SS@k?PQ1kP+lN}jBIxkQeZn~{{x*_>Y6kmEw)8|o!?>?^Aa}s%Q(v7YBV9u z%9}lkMz&ryHTk8D8YNqZhKoZ(rs5K<`G)n|dnX5rbUIu(qVJ3gMH&U{j0}u*$rS)( zkC%JTYvUT)Pnj+{$UE<=DgI7pG0~uRYv`K<*SD%c`K8Knj+*rIE-yO?$tp^;>Mt)J z+A+YHUbf5TF5N0`9FP(=m^?7fmL3f+j1AK>(KJ9HjR-Wem*vF$OPm65!r;${Fg-hR zISU_o?l+g$pTeakTHu`&DM!o7stC+YqA#jV5obwCbRB-&h81C7Zyv8RGXeQL!43k+ z1o^k!5KNo29S4XpjFG)<#C73|a-#zXKUI-auJ4Z7)Y!ZaI)1J{V}sQBL^s7g0r+%y z-ySrVfeHt>nQtT!U$)&1P|z9&O(z4#e1y`i2a@Gl^V2;();DD8IqF(8ElyeqfHyfB zo0(l0m#67>n)g8PFIJa_Wryx1_cO`G_P>x%d5s6P2sXfY|le5hgvhKvBpK^bO|qd*z=({{)2p$VS1$u8CuHx(9+E zQK74`mUk%@XzNy?H4Li(kf)edNZ^un2K~4&$&@BmypZ7cem!9S{Z|+j*DdP+woZaw z)%M2{Kq?yPo1Hs3K?I=~>LZLfe?f#O{xHb;HydtIxJ^C~xrEB^0<4+pJbrYm7 zF7e;?j+o!V>--k@fL4PxQRGZKE8@Byn=bv((GGx&KK>ytZw2f^V7Ni~SfLedaGv;m z%p=!*!xv8GUC6DxA}Y+Y%#Ht@BLC0ch-ZN35a{2v768cb-(%YUb20zztov6=fDsD< zZQ++p=F2~3vK#zXRjtdjm=ZIz6+4_JRQ8xDdH`5mWyXJf2MaS*7JR^}hDZY}ZcglS z#-MAg%%{>)HszG(da;ZuQ=^<><2&Pk57L@kBWZJcG=1N>P8K<@%U`>3SUMIjsYwge z7Tj}YlURKI=UnJ=NFEAz#0`TNOc0;_4r0(bOW-XU4{ED&WPCwx~vo)2* zIgi~@K~yz7pG!J{NQmElxu-aEq8Lvp7*k>qfQKRVaoDY`t>nB8_WgT(_8_%-g@z4< zW`SF8@cL`BTJ@)&YhP-l6_dvs90zk3a*hWJu*6Z!STEDWuQReNm}u+vPgq1YHtk0q z(Y#Xcs~Zct_Eso_xGFYA8fIQlTVqA2u*+t(p?3H_4n9M?( zWT?EYTC1{9qWcN1Lr^Qf^CIJsN%!v+Oz*COvf}bF$W*eCrIDNM!`p?gO!x|8FTps3^4~lK$6pHDl1q%U&oGW9D@WMmZZ$W+a@+)$@jbdvi{@Ko5AhCpbvJsYAKnS&6 zoHJ|2RE|sTzazx>K`Skk9|q)oZ{t}sh@qh@3>Yz)8qboRWYy7nrV}}*>&K;~gE^QY zY{~p_HQpL^fgSB96ejn|JDQ(<*rR__jQpA#Gzrh+w)nm5(JH1~i~S1PG+>;!XlBPj z&1o}X0TVv+ZsNfB21%{h9_JhWQFQ;MN>u|5L#(;h7MN%|&_BbxJ2(k&Z)|F6!q)3& zTRi!rkpi3I5p89)o&F%Ji4G@@7bTmik|1zsQq{Q)^S}^YLR3*|wg73no6#6Ek6#+C z)_W%=J-uuy!1s9}4}i=@o@nmaXyxNkRME`D^*DvdbzVjX% zAHKV`Stnhw3DHl--HC*dfU@ZbTI(ga>?GSTHw@tU1_CPRI>9bl?K^ErMXv)vPlZBB znLC4?XJ2o5nq(ty_-{q%U@U;%ssc=xlhz~BFi6g6MPoY+q8L@|+{o=yweoPXf@9j` z0Dx!!dALyGErCDNVtr4(im(BX zsVtKnnRCy_Zic*%XvYDt8i`}=E+?p#*sLbg2gt! z!82&4_pdsvT``M0#z4JboG2_?NuYd}23-3hTg~G8-R=Y-%a}b! zG}eIKHJ(fCk%5a_gUrP6jQreR0e?D3=1XmP;5&gswN7QPYJSD2E|JERW!PaQKv`wW zX|KJQP9O(+$opvs!Sk1YvI|lfVYt#pI@vwJD;;k!Fu*TJzM<)42$^ z`J`E`lVS;FUSRdBB7>+O@%n^G!A_3&ipxCXOZ8&YJGzF}!IySS zppY}aNRGaeYH$3u+&k}_%I@gz|Hrk?59P=)qW*g|8!*D6j%K|*1nPRaUUY?(o|V9n&}4rDT!(`zZ=`4_{Kqqd<$(Y~tN^^9c(i248{ zMVlDPA#Uv7NTCA2hE({BYe);{Uu{|U+sK4|MzyV`GimgGzgjZ%o2Nqf8hltbTs^dS zx50n_G?mLtAkZoHoKHUj#FCf#3D?GdxGi@8IH8#;=-608FOOR-)|8bcMopj&d^o>exLJ+t-Ha8O$lkvvx7hR@a>X+bbDF`vc(mDjqXM6|`gw zw#yB##mIV93rCLBn-jg5n>c{bM@P9C@G)?KJU08tn&S$2=GPDK4JyI;9MQ5FMbatO ze`<({Lw0$F_cSs(=dV8O!o00&Zo>>V-jN4T)ZF`T;=W);6^fPfFDm))e$G_{kBf1O z#j2lU{)p;Ps-l(GU34lI$aLGQmAa29@=3r;043W3Vck9Jx9x9YepdA1uDaG3gEE5bl`6!>8yR~i^}28tlPzBm8RG`#;W$ilY<$JqB+ zRsAnXOZR>Uv|3Wprt}vm-NzzPNlSVsel5fMA8XTp-JRi)Yqc{MT(68DBbv47iH!dN z*_n#K7t6#bEz)0j85&nGfuWBifbpcU0#w2!JL4SjZ0aLL)ah3+%ly>m#g&mJNJ^~o*Y;7J|SH94uA^#Fp|J}HafB@A0*yIdrT zFr)*F#l~*ix=U+n@3sNpOlr-@IHV6B-C|BafwFTXsrt3#U2myflU+hWW22!#-m5~* zY13MJL9UvB7xx`Lrq$jmP(UHH6_KGK3OqUk$fo1|cZ97yV9IOTSiPI46!q2#o49Br z&xyj%=OaTem8Ha*qI)WN82YFcQa`^C5chAQTVyZ3RG3${1XOG8xVHzt7=R?(viEay)Zxi%9*}EH&JAV>+XfH6%ET z?2GB*=(J7Sb^AURu;-Zw!9{rOXz(30EJ6Udg;G0;7ceeah&r#^H_gO?O1b$Rjqe@u zDfCZT)i4YdjZrbE%kBqx)4l^Vzs3aOtxiEzhhOVkm!IzN%syUhiS}rTF^2Yg=deQ$ zZ5m$ftFpi^s`uO?$?K|w{(J~>Qv{U3fPWmX9%ul_^p4dwcRA_?98Bb~Gb%V{Mbx-k z2wjeB=Z62Pj&#=Q)io0J$#-VhcQ}0PcE6EzA0QDSuJi8|3a4G_Ja$q(@71Y8$Dj=A z7Ftr3<4zZAzd|tFVVp2MhEfAbGFco3UVQZqa@Wx;S>I`nE0F;lp0Cx{&pLqhrDYOR zvZ&?0s8w;%DW&ha9Zxj<>5VXaCkT94lC!EmyA`)n{m8~c%kMjCA-RTu?9)gUtH&J- zR|pDLc%z;~FAtp?eYUZ=sStT6olh;j{i~p7=rVpfdex3Yk3@uBb+07#IA{R1h3>wjSwuK2U7ljU=-EAiZaIJ}qfG4_8lN6A866jzK$ zD0ByaA>yK`aUB?P;av=MG43H&%T&BNEcr5_R>Jd!40wxexmiX~c((0N^|Q}aaTt8- zfz1(|3U({}`<`23`d6S*nyh~TErV$|w)L_8%ebuw63993 zk1uG2$3GUa4y0ai%`E3p5v=r2&RF8J)Dg(O7O|KnrREuEb54=$B^IgOdp`0Y&JbP2*d|6%jbyZB+&Qs2+f*Mi_0A@f|EO=tq z>i)K{!tLTOHmcM@OM+unoY%shuMLpp9E2{$1D``F^FtAkehy znIc}XFW&?9KVxmkbDO@&nzOkql=Oqd;h$Q4b@wa|gexng%gTZbKz*s=lj>pT z|C{gOyts`=bm+=U+V{YicT`%5xG`HhWOgF7Qc;D9)TlaR;aZGja>wf6^uaM8^9D*Hc-gnpX<-PM0bEKLp)3Y29t8x9-N1nC*i!Ks0GbJgyP?Z! zFq&Qca)^=RTg5HI#nYn?mHU`U&Rk0*$tmr`y@gj+_9U`!<)!(xq$g*LL$npp<&J9< z6DS$G!l${PFQJ)~=Up>*1r|x>s0E~1RP;Ivc=6H#7`sG6AMw!9IcC>mK!bJ3uCXn| zT&(u3UKpbVAaAW^oL6%TGN!U zp1zmo05MEjq<+F^OCJ{{pk{4~O>1(xX^?ktHoXwg^L2JUf7_|d!YL0|gwxhYaw32b z;{snFFfzyyQeBzJOJO1FRM)LE14xk{>Vk%jy`iGrQ7#;lyJLB_1meTmr8n(T4OswO z!^c8;)NdDAx44bC@d?cDm10WP*n=%)1O}9LWUK9MS=-@nFPqGitD>O7 zcYrO^VVdU$2zo1Z=bEi82So}2HQ(f0BT0h^nD1i?Q1-BPr?T{keHi6T6UFNN z&lnXVdkMQduOZl3n#$U3Q?XohZVN&={HIOY$HE@4sdo-2?kA74c&tc8%XSW&J}+X> z{VLo0A<*nI9OGgji(ewUV^HN#%U4uBo9}F09kiA^D3$m9Ey*GiWccQ-XMqQZmg0g<%AC4wo)!~Dw6(e6}1N>{!%D7HJ zV54ttf#_izm7N0wfR%6Y4PEL1ggtqp5}W@5j!lU)zePKb_)}@qKfzJwLyxCtB8A51 zSIm>y)sW7^y;-D>yfAvkwxRI5$k@!v^ZX#j+TZ_e0-aVn18_S(WQ@EaRgde?pNL2& zp(kPzhv|6q|Mphfqdhp;+6(?n>s3Ed$U&;KPh2Zv881da;sf10Ay)q1VQjJ`KB4=`cNZn!QY4CXEXn?1OW&o1Ek6Pn=XJ%V zF=9z}D!+_+P?!Gph-1a69ImQHn47i0yK^D$_iq5aTG>4JFFF#HMqaT{US4TY=8TO~ z2w4C_Xt5qOJ2A}(iC;Oi-aW`SwT;5?nJ4zBzzBgF1>6UzZkJWN!-)4eZ*EO?1(ErP!@&`KR4e zSRz5~#RMq#q^wp-&=4L;-=dZrCAk(Zvv8h$CpdziHh&pKjkUa{xM}5jILfcHqMy2+ zVnV6yUwz$8_y4b8Sda-YR{vorm2Z3uI4;-nu!UaznmRF&cjM&4aQ2^fl@n}N+Z7L8 zFEq5V(;=$>o9L?thRhGH8e;^!(kYK9w|j*0<>z5bWfVakEf(i_gk+Yt2By^k6?8W_ zIc4uublbbuvNEsu9*`)&!0WTLYCKLb&&%4o7mYqQV{b7inbyTY=Q09^kYZk$o!xrE zsJn)o!A;QDc9k@da`{-s#}c`H7fx$#tKW~~repJ^C(7p9fJJl@ZF~Nc!Z*$Oeg=PI z^Qq=*()g0YYqk?>kIDWA%e&el(W&=iFX~mv)E4ki{7_cEzDdT!9NpXeeeLx$s^#_C z@?~=kIxK~{EV2;VtNoE!i(;K#Na?e4et|yTfTDIWK!~&Gqe-%qX=kFT=%L$w%MAdd zinsHmAtmfPUC@tyzXu7L^L=NjWSXx%SwE6qlFhXp@wb0%YBip<=WZK8U2&B1>tPjX z0lMn^;CSvjxzh-q(oa9KWCv5O*l&Q|%NbY5p2!0tnbgX|VMvQ{Eto*EeFht!`?*OoUHK;a(u7a^R2tH22Uj=Yf)+*ULQ-0OcxM z9lZt4;yTd_qu?#1k8)ddmKFj=Tym9fo_@U9x982xLb?r^-_Y_h_Fry3#YmguT7rhA z&*wBN^VP#|{%|N#3zw}Hs$r1L(5}#XBs8Hb$xZL~FvbA`rkm;AiWXa?!n=soQc*_V zV1;={D)AM}kf!-{Trs|44E<{3W|Nnehtea};aX&k$DANC4LK&h`2beZn)(<95J%ni z-yaMBVs&6v88X`|#-Gvwy5nF`%spgp`xJZ^_>9M_Ztl6wD)1eXfHtvWz5%Zgh6ZH> zXwWBP$suMJw1TD=E`-E=bFJ2vEr$<)GpYl_fwp270UW5@XaD7o;zlgPS#QfV6(#+e_fS#D*wSez_)O z|Ko?W|21m8CNKY;iv9m17=fz(ja2*x@S3U&w-0}T7KcCQ-@2(c++f)x_>*h-TrBzNsS9K%_O*@cM3UXl z9qs5QDUTtQmu@uy1q37<3NJfI6CzE#b4U8|gokd+wCC37gT0c%5r|$2MJDQ*(mnLY-+L1Si$Yl3tn_riR@rw5Lp3M;7PPiL55(tw5AI5$l(vsaXP}}Hn zl(h8Lxqy=FA`?^Hz(*~=>KJ!JzE6*4wvqlFBAMpC#J4>H0h7%pOv3M)94<+AfS!?K zoeV&K4H3MR*+Unx!u;sbD+nu5*9CD2WByB*MbwGoRqrs+9=0Z(!!~Fds{YX3$mz-h z{!YeaCPH?#nwBi+AQtF)!_^krcd50ycL7yx+@>e<;Gt1St^IF&WXO`j682)r^5&CC zN0T-qM}@IJ()z^qBO=J&{V_)qA&fq6g62L^z zyd4Snv^bRM7w#}>04K2E;s8$~WD80zss|Y49S`ma!`9yHC%+5(bBwE^uAOPY^k>|$ zd#ns-r(mm>TG(fVeSkv64heii8WMrz#M%3@bcHYwGH=2g=iAHffZ9WG9zm{ZaNFMd9#U!b9v3P%}!KvsHr-fJV-E1&6WB3ckIzd4>j;jv9D zT|h`RnH8EG811^9t0{8nEdPYzAjDBj2VsgZPr6oFknXoRXpRd6{MtX|m`*kG*isHV zPnw=>9}hW2+K8frPf>L@u~6m zTIFK*_Qfx)fz5H6h5X&-Z=6>*qNty{#p3?9_2$cu+`JF#%gv^wc7Dc0V^0x`h5Gw) zTzmX-mSnwcM-0?aPvBzuZm`2zu_X&bafhjly8?R+r>nVB9~X_#mn}q{w>z;|SbM6X z(W};-$~vf3YIcv-V$lE_4YS|q{JrvK8SD9x-Oqw(<%W!fbrazg+bQayad79Ue|`u@ zCJD>*WU1(5v}pDM&DP}_enopY$0E(zdAFq~KO(PBBQ?%#!NO0-+qfPF{+=Mt|R^8Ea( zw_>L*;8KzcZ%b~^U@k}TRe}FPsp#pGJ3hD?AF5ZU5Tz*U7qInAw`SDSWdiYSS#fxb z|5?tHqI0E+T@K-|^UHJOB8N+0-r9|x4zJ9;$<_ev-i<8h!?O5{k~^$Ah_m^*<+tNi zBd$Aa0o!hiQ-gvo7| zILHZZgUoNTKV9;GJt7m+h}H>f5d~a}bacMlGDWgau9TKI66yO=_9xB?IFooPW1PM-qIV6wT!9GkL+`;k>R_(cOrC0 zt`4J18X9y6+D{B-eXMswYQ(pHM&yuhQF4Zv(h^;tzg*_*CfY3Wa40f<4mFGZ((9t6 zW9*auhVr;w4gQnC`tQx+vtk#C7`;#uu+Z%%k0rW7WQW_6+4miB9muY2 zh#t9}VEt7ko09HbjnKifYIN2{HfUDu|LA=rfF0gPwXUIO39k_Cj#rZXsm~W8(4(Hn zU$Z5{Xc5Rs({=ZQ8(}2qtkbp=n^#k}tkOLWEWe&#=|qcg`j%BZLFh9zq;Ef#TVFS% zyz&A57)ED%h0*Jzdj2>1Q(jwkK#uhDc-4JQ6dk);hHyJ@>b-xsJE60@)1GmGo^Q@f zeAe|MYAv(MeKF77nuHEI#;`l{lrueI`^ziM0(>eKAx+~Ca?fHNQaqt!(lK&-uU#MQ za{j!}x=->}n=n+|W|D7FFWpZl)bznYA;RMO`QFvwV4~nq$RY1?fk`|cj;3~7sVkK!5XW+e5eIfUm_lvJ+!-`LLb?~=nUurnY-W&7Mm3|K_ zy&1+HV-(AFh(QrSSEAkp%L4Bgfp%xBd{ zWf4vj^9ThGic|sLeT6Oatu!pPXSaX}23@4ssqb$47Rnl_)^Hl2_*@r*q3t@mz&m_Iz*dc^1X5h~qqP0sw5hL~=Qr`ME#&(SY4KZKBBs5g-P z{htWS_*+`$x9RmD+&l@*CnG^-Cu7={2w1`OH);F5`mESGZKBCe Date: Tue, 24 Oct 2023 23:25:38 +0200 Subject: [PATCH 24/28] feat(cost-analyzer): add StatefulSet as option (#2188) so that you can use a real stateful deployment --- cost-analyzer/README.md | 54 +++++++++++++++++++ .../cost-analyzer-db-pvc-template.yaml | 2 + .../cost-analyzer-deployment-template.yaml | 46 +++++++++++++++- .../templates/cost-analyzer-pvc-template.yaml | 2 + cost-analyzer/values.yaml | 3 ++ 5 files changed, 106 insertions(+), 1 deletion(-) diff --git a/cost-analyzer/README.md b/cost-analyzer/README.md index 3121c8eab..feedbbf3e 100644 --- a/cost-analyzer/README.md +++ b/cost-analyzer/README.md @@ -99,3 +99,57 @@ Adjusting the log format changes the format in which the logs are output making |--------|----------------------------------------------------------------------------------------------------------------------------| | `JSON` | `{"level":"info","time":"2006-01-02T15:04:05.999999999Z07:00","message":"Starting cost-model (git commit \"1.91.0-rc.0\")"}` | | `pretty` | `2006-01-02T15:04:05.999999999Z07:00 INF Starting cost-model (git commit "1.91.0-rc.0")` | + +## Testing +To perform local testing do next: +- install locally [kind](https://github.com/kubernetes-sigs/kind) according to documentation. +- install locally [ct](https://github.com/helm/chart-testing) according to documentation. +- create local cluster using `kind` \ +use image version from https://github.com/kubernetes-sigs/kind/releases e.g. `kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8` +```shell +kind create cluster --image kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 +``` +- perform ct execution +```shell +ct install --chart-dirs="." --charts="." +``` + +- perform ct StatefulSet execution + +```shell +# create multiple nodes kind config +cat > kind-config.yaml < etlBucketConfigSecret.yaml < Date: Thu, 26 Oct 2023 15:12:47 -0400 Subject: [PATCH 25/28] add systemProxy env vars (#2687) --- .../cost-analyzer-deployment-template.yaml | 47 ++++++++++++++++++- .../federator-deployment-template.yaml | 14 ++++++ cost-analyzer/values.yaml | 7 ++- 3 files changed, 65 insertions(+), 3 deletions(-) diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index f55500ddc..f3f60418f 100644 --- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -344,6 +344,21 @@ spec: args: - "--web.listen-address=:{{ .Values.global.gmp.gmpProxy.port }}" - "--query.project-id={{ .Values.global.gmp.gmpProxy.projectId }}" + {{- if .Values.systemProxy.enabled }} + env: + - name: HTTP_PROXY + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: http_proxy + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: HTTPS_PROXY + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: https_proxy + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: NO_PROXY + value: {{ .Values.systemProxy.noProxy }} + - name: no_proxy + value: {{ .Values.systemProxy.noProxy }} + {{- end }} ports: - name: web containerPort: {{ .Values.global.gmp.gmpProxy.port | int }} @@ -384,8 +399,24 @@ spec: ports: - name: aws-sigv4-proxy containerPort: {{ .Values.sigV4Proxy.port | int }} - {{- if .Values.sigV4Proxy.extraEnv }} env: + - name: AGENT_LOCAL_PORT + value: "{{ .Values.sigV4Proxy.port | int }}" + {{- if .Values.systemProxy.enabled }} + - name: HTTP_PROXY + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: http_proxy + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: HTTPS_PROXY + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: https_proxy + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: NO_PROXY + value: {{ .Values.systemProxy.noProxy }} + - name: no_proxy + value: {{ .Values.systemProxy.noProxy }} + {{- end }} + {{- if .Values.sigV4Proxy.extraEnv }} {{- toYaml .Values.sigV4Proxy.extraEnv | nindent 10 }} {{- end }} {{- end }} @@ -393,6 +424,20 @@ spec: - name: ubbagent image: gcr.io/kubecost1/gcp-mp/ent/cost-model/ubbagent:1.0 env: + {{- if .Values.systemProxy.enabled }} + - name: HTTP_PROXY + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: http_proxy + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: HTTPS_PROXY + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: https_proxy + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: NO_PROXY + value: {{ .Values.systemProxy.noProxy }} + - name: no_proxy + value: {{ .Values.systemProxy.noProxy }} + {{- end }} - name: AGENT_CONFIG_FILE value: "/etc/ubbagent/config.yaml" - name: AGENT_LOCAL_PORT diff --git a/cost-analyzer/templates/federator-deployment-template.yaml b/cost-analyzer/templates/federator-deployment-template.yaml index b32275b8d..864426e18 100644 --- a/cost-analyzer/templates/federator-deployment-template.yaml +++ b/cost-analyzer/templates/federator-deployment-template.yaml @@ -81,6 +81,20 @@ spec: {{- if .Values.federatedETL.federator.extraEnv }} {{- toYaml .Values.federatedETL.federator.extraEnv | nindent 12 }} {{- end }} + {{- if .Values.systemProxy.enabled }} + - name: HTTP_PROXY + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: http_proxy + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: HTTPS_PROXY + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: https_proxy + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: NO_PROXY + value: {{ .Values.systemProxy.noProxy }} + - name: no_proxy + value: {{ .Values.systemProxy.noProxy }} + {{- end }} restartPolicy: Always serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} volumes: diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index a3c0f2f28..5b5d1e491 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -320,8 +320,11 @@ oidc: # claimValues: # - "editor" -# Adds an httpProxy as an environment variable. systemProxy.enabled must be `true`to have any effect. -# Ref: https://www.oreilly.com/library/view/security-with-go/9781788627917/5ea6a02b-3d96-44b1-ad3c-6ab60fcbbe4f.xhtml +## Adds the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables to all +## containers. Typically used in environments that have firewall rules which +## prevent kubecost from accessing cloud provider resources. +## Ref: https://www.oreilly.com/library/view/security-with-go/9781788627917/5ea6a02b-3d96-44b1-ad3c-6ab60fcbbe4f.xhtml +## systemProxy: enabled: false httpProxyUrl: "" From 6f2f6c2569b9d71b2e057c5f9c4f1e206f5cd9d2 Mon Sep 17 00:00:00 2001 From: saweber Date: Thu, 26 Oct 2023 16:29:29 -0500 Subject: [PATCH 26/28] update savedReports and advancedReports in values.yml to reflect current filter schema --- cost-analyzer/values.yaml | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 5b5d1e491..045a4d60b 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -149,11 +149,10 @@ global: idle: "separate" rate: "cumulative" accumulate: false # daily resolution - filters: - - property: "cluster" - value: "cluster-one,cluster*" # supports wildcard filtering and multiple comma separated values - - property: "namespace" - value: "kubecost" + filters: # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api + - key: "cluster" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#allocation-apis-request-sizing-v2-api + operator: ":" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#filter-operators + value: "dev" - title: "Example Saved Report 1" window: "month" aggregateBy: "controllerKind" @@ -161,10 +160,9 @@ global: idle: "share" rate: "monthly" accumulate: false - filters: - - property: "label" - value: "app:cost*,environment:kube*" - - property: "namespace" + filters: # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api + - key: "namespace" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#allocation-apis-request-sizing-v2-api + operator: "!:" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#filter-operators value: "kubecost" - title: "Example Saved Report 2" window: "2020-11-11T00:00:00Z,2020-12-09T23:59:59Z" @@ -196,9 +194,10 @@ global: - title: "Example Advanced Report 0" window: "7d" aggregateBy: "namespace" - filters: - - property: "cluster" - value: "cluster-one" + filters: # same as allocation api filters Ref: https://docs.kubecost.com/apis/apis-overview/filters-api + - key: "cluster" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#allocation-apis-request-sizing-v2-api + operator: ":" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#filter-operators + value: "dev" cloudBreakdown: "service" cloudJoin: "label:kubernetes_namespace" From 6b7c44a0a44989234241fa39e2f65f175378a99c Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Fri, 27 Oct 2023 14:27:52 -0400 Subject: [PATCH 27/28] swap jimmidyson/configmap-reload for prometheus-operator/prometheus-config-reloader (#2698) Signed-off-by: chipzoller --- cost-analyzer/charts/prometheus/README.md | 8 ++++---- .../charts/prometheus/templates/server-deployment.yaml | 4 ++-- .../prometheus/templates/server-statefulset.yaml | 4 ++-- cost-analyzer/charts/prometheus/values.yaml | 10 ++++------ kubecost.yaml | 6 +++--- 5 files changed, 15 insertions(+), 17 deletions(-) diff --git a/cost-analyzer/charts/prometheus/README.md b/cost-analyzer/charts/prometheus/README.md index 0f636b204..bb8fded41 100755 --- a/cost-analyzer/charts/prometheus/README.md +++ b/cost-analyzer/charts/prometheus/README.md @@ -183,8 +183,8 @@ Parameter | Description | Default `configmapReload.prometheus.enabled` | If false, the configmap-reload container for Prometheus will not be deployed | `true` `configmapReload.prometheus.containerSecurityContext` | securityContext for container | `{}` `configmapReload.prometheus.name` | configmap-reload container name | `configmap-reload` -`configmapReload.prometheus.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` -`configmapReload.prometheus.image.tag` | configmap-reload container image tag | `v0.5.0` +`configmapReload.prometheus.image.repository` | configmap-reload container image repository | `quay.io/prometheus-operator/prometheus-config-reloader` +`configmapReload.prometheus.image.tag` | configmap-reload container image tag | `v0.68.0` `configmapReload.prometheus.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` `configmapReload.prometheus.extraArgs` | Additional configmap-reload container arguments | `{}` `configmapReload.prometheus.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` @@ -192,8 +192,8 @@ Parameter | Description | Default `configmapReload.prometheus.resources` | configmap-reload pod resource requests & limits | `{}` `configmapReload.alertmanager.enabled` | If false, the configmap-reload container for AlertManager will not be deployed | `true` `configmapReload.alertmanager.name` | configmap-reload container name | `configmap-reload` -`configmapReload.alertmanager.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` -`configmapReload.alertmanager.image.tag` | configmap-reload container image tag | `v0.5.0` +`configmapReload.alertmanager.image.repository` | configmap-reload container image repository | `quay.io/prometheus-operator/prometheus-config-reloader` +`configmapReload.alertmanager.image.tag` | configmap-reload container image tag | `v0.68.0` `configmapReload.alertmanager.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` `configmapReload.alertmanager.extraArgs` | Additional configmap-reload container arguments | `{}` `configmapReload.alertmanager.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` diff --git a/cost-analyzer/charts/prometheus/templates/server-deployment.yaml b/cost-analyzer/charts/prometheus/templates/server-deployment.yaml index f0e07fbca..4924f9136 100755 --- a/cost-analyzer/charts/prometheus/templates/server-deployment.yaml +++ b/cost-analyzer/charts/prometheus/templates/server-deployment.yaml @@ -50,8 +50,8 @@ spec: image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - --{{ $key }}={{ $value }} {{- end }} diff --git a/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml b/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml index 2f25a94ad..d121c2696 100755 --- a/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml +++ b/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml @@ -51,8 +51,8 @@ spec: image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - --{{ $key }}={{ $value }} {{- end }} diff --git a/cost-analyzer/charts/prometheus/values.yaml b/cost-analyzer/charts/prometheus/values.yaml index 5d4084d0c..0df64f922 100644 --- a/cost-analyzer/charts/prometheus/values.yaml +++ b/cost-analyzer/charts/prometheus/values.yaml @@ -307,8 +307,6 @@ alertmanager: type: ClusterIP ## Monitors ConfigMap changes and POSTs to a URL -## Ref: https://github.com/jimmidyson/configmap-reload -## configmapReload: prometheus: ## If false, the configmap-reload container will not be deployed @@ -322,8 +320,8 @@ configmapReload: ## configmap-reload container image ## image: - repository: jimmidyson/configmap-reload - tag: v0.9.0 + repository: quay.io/prometheus-operator/prometheus-config-reloader + tag: v0.68.0 pullPolicy: IfNotPresent ## Additional configmap-reload container arguments @@ -362,8 +360,8 @@ configmapReload: ## configmap-reload container image ## image: - repository: jimmidyson/configmap-reload - tag: v0.9.0 + repository: quay.io/prometheus-operator/prometheus-config-reloader + tag: v0.68.0 pullPolicy: IfNotPresent ## Additional configmap-reload container arguments diff --git a/kubecost.yaml b/kubecost.yaml index 3447802b3..7d6728070 100644 --- a/kubecost.yaml +++ b/kubecost.yaml @@ -20181,11 +20181,11 @@ spec: serviceAccountName: kubecost-prometheus-server containers: - name: prometheus-server-configmap-reload - image: "jimmidyson/configmap-reload:v0.9.0" + image: "quay.io/prometheus-operator/prometheus-config-reloader:v0.68.0" imagePullPolicy: "IfNotPresent" args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9090/-/reload + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090/-/reload resources: {} securityContext: From b675a8cacaa5b6c64cf00d3583df026cfc2ec507 Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Sat, 28 Oct 2023 16:18:07 -0400 Subject: [PATCH 28/28] exec (#2701) Signed-off-by: GitHub --- .devcontainer/tools.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 .devcontainer/tools.sh diff --git a/.devcontainer/tools.sh b/.devcontainer/tools.sh old mode 100644 new mode 100755