k8s-monitoring 2.0 alpha

.configs/certificates.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: prometheus
+---
+apiVersion: secretgen.k14s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: ca-cert
+  namespace: prometheus
+spec:
+  isCA: true
+---
+apiVersion: secretgen.k14s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: prometheus-ssl
+  namespace: prometheus
+spec:
+  alternativeNames:
+    - prometheus-server.prometheus.svc.cluster.local
+  caRef:
+    name: ca-cert
+---
+apiVersion: secretgen.k14s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: prometheus-workload-ssl
+  namespace: prometheus
+spec:
+  alternativeNames:
+    - prometheus-workload-server.prometheus.svc.cluster.local
+  caRef:
+    name: ca-cert

.configs/loki.yaml

@@ -0,0 +1,93 @@
+---
+loki:
+  commonConfig:
+    replication_factor: 1
+  schemaConfig:
+    configs:
+      - from: 2024-04-01
+        store: tsdb
+        object_store: s3
+        schema: v13
+        index:
+          prefix: loki_index_
+          period: 24h
+  ingester:
+    chunk_encoding: snappy
+  querier:
+    # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing
+    max_concurrent: 2
+
+test:
+  enabled: false
+
+lokiCanary:
+  enabled: false
+
+gateway:
+  basicAuth:
+    enabled: true
+    username: loki
+    password: lokipassword
+  service:
+    port: 8080
+
+deploymentMode: SingleBinary
+singleBinary:
+  replicas: 1
+#  resources:
+#    limits:
+#      cpu: 3
+#      memory: 4Gi
+#    requests:
+#      cpu: 2
+#      memory: 2Gi
+#  extraEnv:
+#    # Keep a little bit lower than memory limits
+#    - name: GOMEMLIMIT
+#      value: 3750MiB
+
+# Enable minio for storage
+minio:
+  enabled: true
+
+# Zero out replica counts of other deployment modes
+backend:
+  replicas: 0
+read:
+  replicas: 0
+write:
+  replicas: 0
+
+ingester:
+  replicas: 0
+querier:
+  replicas: 0
+queryFrontend:
+  replicas: 0
+queryScheduler:
+  replicas: 0
+distributor:
+  replicas: 0
+compactor:
+  replicas: 0
+indexGateway:
+  replicas: 0
+bloomCompactor:
+  replicas: 0
+bloomGateway:
+  replicas: 0
+resultsCache:
+  enabled: false
+chunksCache:
+  enabled: false
+
+monitoring:
+  selfMonitoring:
+    enabled: false
+    grafanaAgent:
+      installOperator: false
+  serviceMonitor:
+    enabled: true
+    # This actually isn't recommended by Loki, the default is 15s for a reason, but we don't want to upset
+    # our DPM test calculations.
+    interval: 1m

.configs/prometheus.yaml

@@ -0,0 +1,49 @@
+---
+server:
+  extraFlags:
+    - enable-feature=otlp-write-receiver
+    - enable-feature=remote-write-receiver
+    - web.config.file=/etc/config/web.yml
+
+  extraSecretMounts:
+    - name: prometheus-ssl
+      mountPath: /etc/prometheus-ssl
+      secretName: prometheus-ssl
+      readOnly: true
+
+  persistentVolume:
+    enabled: false
+
+  probeHeaders:
+    - name: "Authorization"
+      value: "Basic cHJvbXVzZXI6cHJvbWV0aGV1c3Bhc3N3b3Jk"
+  probeScheme: HTTPS
+
+  service:
+    servicePort: 9090
+
+serverFiles:
+  prometheus.yml:
+    scrape_configs: []
+  web.yml:
+    basic_auth_users:
+      promuser: $2a$12$1UJsAG4QnhjjDzqcSVkZmeDxxjgIFOAmzfuVTybTuhhDnYgfuAbAq  # "prometheuspassword"
+    tls_server_config:
+      cert_file: /etc/prometheus-ssl/crt.pem
+      key_file: /etc/prometheus-ssl/key.pem
+
+configmapReload:
+  prometheus:
+    enabled: false
+
+alertmanager:
+  enabled: false
+
+kube-state-metrics:
+  enabled: false
+
+prometheus-node-exporter:
+  enabled: false
+
+prometheus-pushgateway:
+  enabled: false

.github/CODEOWNERS

@@ -0,0 +1,16 @@
+# This file is used to define the owners of the code in this repository.
+# https://help.github.com/articles/about-codeowners/
+
+# Global owners
+*                                           @petewall
+
+# Chart owners
+charts/feature-annotation-autodiscovery     @grafana/k8s-monitoring-dev
+charts/feature-application-observability    @rlankfo
+charts/feature-cluster-events               @grafana/k8s-monitoring-dev
+charts/feature-cluster-metrics              @grafana/k8s-monitoring-dev
+charts/feature-frontend-observability       @rlankfo
+charts/feature-pod-logs                     @grafana/k8s-monitoring-dev
+charts/feature-profiling                    @simonswine
+charts/feature-prometheus-operator-objects  @grafana/k8s-monitoring-dev
+charts/k8s-monitoring-v1                    @grafana/k8s-monitoring-dev

.github/workflows/helm-test.yml

@@ -15,7 +15,7 @@ on:
 
 env:
   CT_CONFIGFILE: "${{ github.workspace }}/.github/configs/ct.yaml"
-  LINT_CONFIGFILE: "${{ github.workspace }}/.github/configs/lintconf.yaml"
+  LINT_CONFIGFILE: "${{ github.workspace }}/.configs/lintconf.yaml"
   GRAFANA_ALLOY_VALUES: "${{ github.workspace }}/.github/configs/alloy-config.yaml"
   GRAFANA_ALLOY_LOKI_OTLP_VALUES: "${{ github.workspace }}/.github/configs/alloy-config-loki-otlp.yaml"
   GRAFANA_ALLOY_RECEIVER_SERVICE: "${{ github.workspace }}/.github/configs/receiver-service.yaml"
@@ -212,4 +212,4 @@ jobs:
         if: (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'full_test_required'))
         run: |
           latestRelease=$(git describe --abbrev=0 --tags)
-          ct install --all --config "${CT_CONFIGFILE}" --since "${latestRelease}" --helm-extra-args "--timeout 10m"
+          ct install --config "${CT_CONFIGFILE}" --since "${latestRelease}" --helm-extra-args "--timeout 10m" --charts charts/k8s-monitoring-v1

.github/workflows/integration-test.yml

@@ -0,0 +1,56 @@
+---
+name: Integration Test
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches: ["main"]
+    paths:
+      - 'charts/**'
+      - '!charts/k8s-monitoring-v1/**'
+  pull_request:
+    paths:
+      - 'charts/**'
+      - '!charts/k8s-monitoring-v1/**'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  list-tests:
+    name: List tests
+    runs-on: ubuntu-latest
+    outputs:
+      tests: ${{ steps.list_tests.outputs.tests }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: List tests
+        id: list_tests
+        run: |
+          tests=$(ls charts/k8s-monitoring/tests/integration)
+          echo "Tests: ${tests}"
+          echo "tests=$(echo "${tests}" | jq --raw-input --slurp --compact-output 'split("\n") | map(select(. != ""))')" >> "${GITHUB_OUTPUT}"
+
+  run-tests:
+    name: Integration Test
+    needs: list-tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        test: ${{ fromJson(needs.list-tests.outputs.tests) }}
+      fail-fast: false
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1
+
+      - name: Run test
+        run: |
+          echo "Testing ${{ matrix.test }}"
+          CREATE_CLUSTER=false ./scripts/integration-test.sh "charts/k8s-monitoring/tests/integration/${{ matrix.test }}"

.github/workflows/reviewdog.yml

@@ -2,9 +2,13 @@
 name: ReviewDog
 # yamllint disable-line rule:truthy
 on:
-  pull_request:
+  push:
     branches: ["main"]
 
+  pull_request:
+
+  workflow_dispatch:
+
 jobs:
   markdownlint:
     name: runner / markdownlint
@@ -117,16 +121,6 @@ jobs:
           github_token: ${{ secrets.github_token }}
           reporter: github-check
 
-  eclint:
-    name: runner / eclint
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: reviewdog/action-eclint@v1
-        with:
-          github_token: ${{ secrets.github_token }}
-          reporter: github-check
-
   textlint:
     name: runner / textlint
     runs-on: ubuntu-latest
@@ -137,7 +131,7 @@ jobs:
       - env:
           REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          npx textlint --format checkstyle --config ./.textlintrc --ignore-path ./.textlintignore $(find . -type f -name "*.md" -not \( -path "./node_modules/*" -o -path "./data-alloy/*" \)) | \
+          npx textlint --format checkstyle --config ./.textlintrc --ignore-path ./.textlintignore "$(find . -type f -name "*.md" -not \( -path "./node_modules/*" -o -path "./data-alloy/*" \))" | \
             reviewdog -f=checkstyle -name="textlint" -reporter=github-check -level=info
 
   alloy: