move prometheus to own chart

Signed-off-by: Paul Czarkowski <username.taken@gmail.com>

README.md

@@ -1,5 +1,7 @@
 # Helm Charts for Managed Openshift Black Belt examples
 
+## Charts
+
 See [/charts](charts) for a list of charts.
 
 1. Add This Repository to your Helm
@@ -19,4 +21,12 @@ See [/charts](charts) for a list of charts.
     ```bash
     curl -sSL https://raw.githubusercontent.com/rh-mobb/helm-charts/main/charts/rosa-federated-prometheus/files/deploy-operators.sh | bash
     helm install -n my-prometheus mobb/rosa-federated-prometheus
-    ```
+    ```
+
+## Starters
+
+To create a new chat using one of our starters, clone down this repo and run
+
+```bash
+helm create example-cr --starter $(pwd)/../starters/cr
+```

charts/prometheus-cr/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/prometheus-cr/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+appVersion: 0.1.0
+description: A Helm chart for Kubernetes
+name: prometheus-cr
+type: application
+version: 0.1.0
+home: "https://rh-mobb.github.io/helm-charts/"
+maintainers:
+  - name: rh-mobb

charts/prometheus-cr/README.md

@@ -0,0 +1,55 @@
+# Mobb Helm Chart - grafana-cr
+
+Creates a grafana instance using the Grafana Operator
+
+## TL;DR
+
+Deploy the Grafana Operator from OperatorHub, or YOLO from bash:
+
+```bash
+export NAMESPACE=grafana
+curl -sSL https://raw.githubusercontent.com/rh-mobb/helm-charts/main/charts/rosa-federated-prometheus/files/deploy-operators.sh | bash
+```
+
+Deploy from the Grafana Helm Chart:
+
+```bash
+helm repo add mobb https://mobb.github.io/helm-charts
+helm install -n grafana my-release mobb/grafana-cr
+```
+
+## Introduction
+
+## Prerequisites
+
+- OpenShift 4.x
+- Helm 3.x
+
+## Installing the Chart
+
+Deploy the Grafana Operator from OperatorHub, or YOLO from bash:
+
+```bash
+export NAMESPACE=grafana
+curl -sSL https://raw.githubusercontent.com/rh-mobb/helm-charts/main/charts/rosa-federated-prometheus/files/deploy-operators.sh | bash
+```
+
+> **Tip**: See [values.yaml](./values.yaml) for configurable parameters.
+
+
+Deploy from the Grafana Helm Chart:
+
+```bash
+helm repo add mobb https://mobb.github.io/helm-charts
+helm install -n $NAMESPACE my-release mobb/grafana-cr
+```
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm delete my-release
+```

charts/prometheus-cr/files/pre-install.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+if [[ -z $NAMESPACE ]]; then
+  echo "Please set NAMESPACE environment variable"
+  exit 1
+fi
+
+echo "--> Creating Namespace - $NAMESPACE"
+
+cat << EOF | kubectl apply -f -
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${NAMESPACE}
+EOF
+
+echo "--> Deploying OperatorGroup to $NAMESPACE"
+
+cat << EOF | kubectl apply -f -
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: mobb-operators
+  namespace: ${NAMESPACE}
+spec:
+  targetNamespaces:
+  - ${NAMESPACE}
+EOF
+
+echo "--> Deploying Prometheus Operator to $NAMESPACE"
+
+cat << EOF | kubectl apply -f -
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: prometheus
+  namespace: ${NAMESPACE}
+spec:
+  channel: beta
+  installPlanApproval: Automatic
+  name: prometheus
+  source: community-operators
+  sourceNamespace: openshift-marketplace
+EOF
+
+echo "--> Waiting for Prometheus Operator to be ready"
+
+while ! kubectl -n $NAMESPACE get sa prometheus-operator 2> /dev/null > /dev/null; do
+  sleep 1
+done

charts/prometheus-cr/templates/NOTES.txt

@@ -0,0 +1,6 @@
+{{ $prometheusRoute := lookup "route.openshift.io/v1" "Route"  .Release.Namespace  "prometheus-route" }}
+{{- if hasKey $prometheusRoute "spec" }}
+Prometheus URL:  {{ $prometheusRoute.spec.host }}
+{{- else }}
+Prometheus URL: kubectl -n {{ .Release.Namespace }} get route prometheus-route
+{{- end }}

charts/prometheus-cr/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "prometheus-cr.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "prometheus-cr.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "prometheus-cr.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "prometheus-cr.labels" -}}
+helm.sh/chart: {{ include "prometheus-cr.chart" . }}
+{{ include "prometheus-cr.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "prometheus-cr.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "prometheus-cr.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prometheus-cr.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "prometheus-cr.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/prometheus-cr/templates/prometheus.yaml

@@ -0,0 +1,62 @@
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+  name: {{ include "prometheus-cr.fullname" . }}
+  labels:
+    {{- include "prometheus-cr.labels" . | nindent 4 }}
+    prometheus: {{ include "prometheus-cr.fullname" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  version: {{ .Values.version }}
+  ruleSelector:
+    matchLabels:
+      prometheus: {{ include "prometheus-cr.fullname" . }}
+      role: alert-rules
+  ruleNamespaceSelector: {}
+  alerting:
+    alertmanagers:
+      - namespace: {{ .Release.Namespace}}
+        name: {{ include "prometheus-cr.fullname" . }}-alertmanager
+        port: web
+  serviceAccountName: {{ include "prometheus-cr.fullname" . }}
+  serviceMonitorSelector:
+    matchLabels:
+      prometheus: {{ include "prometheus-cr.fullname" . }}
+  configMaps:
+  - openshift-service-ca.crt
+  containers:
+  - args:
+      - -provider=openshift
+      - -https-address=:9091
+      - -http-address=
+      - -email-domain=*
+      - -upstream=http://localhost:9090
+      - -openshift-service-account={{ include "prometheus-cr.fullname" . }}
+      - '-openshift-sar={"resource": "namespaces", "verb": "get"}'
+      - -tls-cert=/etc/tls/private/tls.crt
+      - -tls-key=/etc/tls/private/tls.key
+      - -cookie-secret-file=/etc/proxy/secrets/session_secret
+      - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
+      - -openshift-ca=/etc/pki/tls/cert.pem
+      - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      - -htpasswd-file=/etc/proxy/htpasswd/auth
+      - -skip-auth-regex=^/metrics
+    image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2343bdce7a33e42269488bf7a429ea3c8f366f54b304b67706d5dd3f6df44f7c
+    name: oauth-proxy
+    ports:
+    - containerPort: 9091
+      name: web-proxy
+    volumeMounts:
+    - mountPath: /etc/tls/private
+      name: secret-{{ include "prometheus-cr.fullname" . }}-tls
+      readOnly: true
+    - mountPath: /etc/proxy/secrets
+      name: secret-{{ include "prometheus-cr.fullname" . }}-proxy
+      readOnly: true
+    - mountPath: /etc/proxy/htpasswd
+      name: secret-{{ include "prometheus-cr.fullname" . }}-htpasswd
+      readOnly: true
+  secrets:
+    - {{ include "prometheus-cr.fullname" . }}-tls
+    - {{ include "prometheus-cr.fullname" . }}-proxy
+    - {{ include "prometheus-cr.fullname" . }}-htpasswd

charts/rosa-federated-prometheus/templates/prometheus/rbac.yaml → charts/prometheus-cr/templates/rbac.yaml

@@ -41,4 +41,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "rosa-federated-prometheus.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}

charts/prometheus-cr/templates/secret.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "prometheus-cr.fullname" . }}-proxy
+  labels:
+    {{- include "prometheus-cr.labels" . | nindent 4 }}
+type: Opaque
+data:
+  session_secret: "{{ .Values.sessionSecret | b64enc }}"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "prometheus-cr.fullname" . }}-htpasswd
+  labels:
+    {{- include "prometheus-cr.labels" . | nindent 4 }}
+type: Opaque
+data:
+  auth: "{{ htpasswd .Values.basicAuthUsername .Values.basicAuthPassword  | b64enc }}"

charts/prometheus-cr/templates/service.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "prometheus-cr.fullname" . }}
+  labels:
+    {{- include "prometheus-cr.labels" . | nindent 4 }}
+  annotations:
+    service.alpha.openshift.io/serving-cert-secret-name: {{ include "prometheus-cr.fullname" . }}-tls
+spec:
+  ports:
+  - name: web-proxy
+    port: 9091
+    protocol: TCP
+    targetPort: web-proxy
+  selector:
+    app.kubernetes.io/instance: {{ include "prometheus-cr.fullname" . }}
+    prometheus: {{ include "prometheus-cr.fullname" . }}
+  type: ClusterIP
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: prometheus-route
+  labels:
+    {{- include "prometheus-cr.labels" . | nindent 4 }}
+spec:
+  port:
+    targetPort: web-proxy
+  to:
+    kind: Service
+    name: {{ include "prometheus-cr.fullname" . }}
+  tls:
+    termination: Reencrypt

charts/prometheus-cr/values.yaml

@@ -0,0 +1,9 @@
+nameOverride: ""
+fullnameOverride: ""
+
+replicaCount: 2
+version: v2.8.0
+basicAuthUsername: "internal"
+# Change these two fields
+sessionSecret: "112RXXaWl7wUQiSdXUMrUya7kN5gOZmHc0s202bKqAw"
+basicAuthPassword: "KgX1EUO3eQOBr1u9Df5B6XEhfxWGKaBKMhEa1ALQvu6"

charts/rosa-federated-prometheus/Chart.yaml

@@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes
 
 type: application
 
-version: 0.3.0
+version: 0.4.0
 
 appVersion: "0.1.0"
 
@@ -17,3 +17,6 @@ dependencies:
 - name: grafana-cr
   version: "0.1.0"
   repository: "https://rh-mobb.github.io/helm-charts/"
+- name: prometheus-cr
+  version: "0.1.0"
+  repository: "https://rh-mobb.github.io/helm-charts/"