Skip to content

Commit

Permalink
feat(discovery): implement All Namespaces discovery
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewazores
andrewazores committed Nov 26, 2024
1 parent b91e9bd commit 03dadd2
Show file tree
Hide file tree
Showing 6 changed files with 86 additions and 9 deletions.
7 changes: 4 additions & 3 deletions charts/cryostat/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,12 @@ helm install cryostat ./charts/cryostat
| `core.discovery` | Configuration options to the Cryostat application's target discovery mechanisms | |
| `core.discovery.kubernetes.enabled` | Enables Kubernetes API discovery mechanism | `true` |
| `core.discovery.kubernetes.installNamespaceDisabled` | When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`) | `false` |
| `core.discovery.kubernetes.namespaces` | List of namespaces whose workloads the Cryostat application should be permitted to access and profile | `[]` |
| `core.discovery.kubernetes.allNamespaces` | When true, this overrides the `namespaces` list and configures Cryostat to monitor all namespaces in the cluster. This requires elevated permissions to create a ClusterRole and ClusterRoleBinding, which will be done automatically if the rbac.create value is true. | `false` |
| `core.discovery.kubernetes.namespaces` | List of namespaces whose workloads the Cryostat application should be permitted to access and profile. | `[]` |
| `core.discovery.kubernetes.builtInPortNamesDisabled` | When false and `portNames` is empty, the Cryostat application will use the default port name `jfr-jmx` to look for JMX connectable targets. | `false` |
| `core.discovery.kubernetes.portNames` | List of port names that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` |
| `core.discovery.kubernetes.portNames` | List of port names that the Cryostat application should look for in order to consider a target as JMX connectable. | `[]` |
| `core.discovery.kubernetes.builtInPortNumbersDisabled` | When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. | `false` |
| `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` |
| `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable. | `[]` |

### Report Generator Deployment

Expand Down
7 changes: 7 additions & 0 deletions charts/cryostat/templates/cryostat_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,16 @@ spec:
{{- if .Values.core.discovery.kubernetes.enabled }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_ENABLED
value: "true"
{{- if .Values.core.discovery.kubernetes.allNamespaces }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_NAMESPACES
value: '*'
{{- else }}
{{- with .Values.core.discovery.kubernetes }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_NAMESPACES
value: {{ include "cryostat.commaSepList" (list .namespaces $.Release.Namespace .installNamespaceDisabled) }}
{{- end }}
{{- end }}
{{- with .Values.core.discovery.kubernetes }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_PORT_NAMES
value: {{ include "cryostat.commaSepList" (list .portNames "jfr-jmx" .builtInPortNamesDisabled) }}
- name: CRYOSTAT_DISCOVERY_KUBERNETES_PORT_NUMBERS
Expand Down
46 changes: 46 additions & 0 deletions charts/cryostat/templates/discovery_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled .Values.core.discovery.kubernetes.allNamespaces -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "cryostat.fullname" . }}-discovery
labels:
{{- include "cryostat.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
- replicationcontrollers
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
- daemonsets
- statefulsets
verbs:
- get
- apiGroups:
- apps.openshift.io
resources:
- deploymentconfigs
verbs:
- get
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
{{- end -}}
16 changes: 16 additions & 0 deletions charts/cryostat/templates/discovery_clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled .Values.core.discovery.kubernetes.allNamespaces -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "cryostat.fullname" . }}-discovery
labels:
{{- include "cryostat.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "cryostat.fullname" . }}-discovery
subjects:
- kind: ServiceAccount
name: {{ include "cryostat.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
11 changes: 8 additions & 3 deletions charts/cryostat/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,9 +227,14 @@
"description": "When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`)",
"default": false
},
"allNamespaces": {
"type": "boolean",
"description": "When true, this overrides the `namespaces` list and configures Cryostat to monitor all namespaces in the cluster. This requires elevated permissions to create a ClusterRole and ClusterRoleBinding, which will be done automatically if the rbac.create value is true.",
"default": false
},
"namespaces": {
"type": "array",
"description": "List of namespaces whose workloads the Cryostat application should be permitted to access and profile",
"description": "List of namespaces whose workloads the Cryostat application should be permitted to access and profile.",
"default": [],
"items": {}
},
Expand All @@ -240,7 +245,7 @@
},
"portNames": {
"type": "array",
"description": "List of port names that the Cryostat application should look for in order to consider a target as JMX connectable",
"description": "List of port names that the Cryostat application should look for in order to consider a target as JMX connectable.",
"default": [],
"items": {}
},
Expand All @@ -251,7 +256,7 @@
},
"portNumbers": {
"type": "array",
"description": "List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable",
"description": "List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable.",
"default": [],
"items": {}
}
Expand Down
8 changes: 5 additions & 3 deletions charts/cryostat/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,15 +75,17 @@ core:
enabled: true
## @param core.discovery.kubernetes.installNamespaceDisabled When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`)
installNamespaceDisabled: false
## @param core.discovery.kubernetes.namespaces [array] List of namespaces whose workloads the Cryostat application should be permitted to access and profile
## @param core.discovery.kubernetes.allNamespaces When true, this overrides the `namespaces` list and configures Cryostat to monitor all namespaces in the cluster. This requires elevated permissions to create a ClusterRole and ClusterRoleBinding, which will be done automatically if the rbac.create value is true.
allNamespaces: false
## @param core.discovery.kubernetes.namespaces [array] List of namespaces whose workloads the Cryostat application should be permitted to access and profile.
namespaces: []
## @param core.discovery.kubernetes.builtInPortNamesDisabled When false and `portNames` is empty, the Cryostat application will use the default port name `jfr-jmx` to look for JMX connectable targets.
builtInPortNamesDisabled: false
## @param core.discovery.kubernetes.portNames [array] List of port names that the Cryostat application should look for in order to consider a target as JMX connectable
## @param core.discovery.kubernetes.portNames [array] List of port names that the Cryostat application should look for in order to consider a target as JMX connectable.
portNames: []
## @param core.discovery.kubernetes.builtInPortNumbersDisabled When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets.
builtInPortNumbersDisabled: false
## @param core.discovery.kubernetes.portNumbers [array] List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable
## @param core.discovery.kubernetes.portNumbers [array] List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable.
portNumbers: []

## @section Report Generator Deployment
Expand Down

0 comments on commit 03dadd2

Please sign in to comment.