chore(pmm): support networkpolicy (#40)

EamonZhang · jianxiaoguo · web-flow · commit 475e2d28b778 · 2024-03-14T17:09:47.000+08:00
* chore(mysql-cluster): modify networkpolicy

* fix(prometheus): fix typo

* chore(prometheus): add plans 50

* chore(mysql-cluster): add networkpolicy

* chore(prometheus): add networkpolicy

* chore(promtheus): service discovery in namespace

* chore(mysql-cluster): plans 10

* chore(mysql-cluster): add max_connection_limit

* chore(mysql-cluster): add plans

* chore(prometheus): support discovery addons in namespaces

* fix(prometheus): is enabled scrape addons metrics

* feat(drycc-addons): add postgresql-cluster

* chore(postgresql-cluster): move patroni env to helper

* chore(postgresql-cluster):adjust patroni config use configmap

* chore(postgresql-cluster):organize code structure

* chore(postgresql-cluster): add metrics

* chore(postgresql-cluster): add metrics

* chore(postgresql-cluster): rename postgresql to postgresql-cluster

* chore(postgresql-cluster) add wal-g for backup

* chore(postgresql-cluster): redirect postgresql log

* chore(postgresql-cluster): add pgbackup

* chore(postgresql-cluster): add plans

* chore(addons): add cloudbeaver

* chore(addons): fix plan binds

* chore(prometheus): add auth

* fix(postgresql-cluster): service type nil

* fix(cloudbeaver): labels application

* fix(postgresql-cluster): plans describe typo

* chore(postgresql-cluster): allow dyrcc params

* chore(postgresql-cluster): generate password random

* chore(postgresql-cluster): Adjust backup strategy

* chore(postgresql-cluster): bind info

* chore(postgresql-cluster): fix typo

* chore(postgresql-cluster): megre

* chore(postgresql-cluster): megre

* chore(cloudbeaver): modify storage method

* chore(postgresql-cluster): adjust

* chore(postgresql-cluster): fix password &amp; netpolicy

* chore(addons): add persistentVolumeClaimRetentionPolicy

* chore(addons): update support

* megre(addons): megre from upstream

* chore(postgresql-cluster): reset wal retain size

* chore(postgresql-cluster):add hugepages-2Mi limit in plans

* chore(addons): alter cloudbeaver plan to 10, prometheus add hotupdate param

* chore(mysql-cluster): adjust bind params

* chore(postgresql-cluster): add plan 4t

* chore(postgresql-cluster): adjust pg params &amp; monitor user privilege

* chore(mysql-cluster): set persistentVolumeClaimRetentionPolicy deleted

* chore(mysql-cluster): persistence group_replication_group_name after greate new cluster

* chore(mysql-cluster): delete charts common

* chore(postgresql-cluster): reset max_slot_wal_keep_size

* chore(mysql): Re-implementing the cluster implementation

* chore(postgresql-cluster): fix 4t plan

* chore(addons): add pmm

* chore(pmm): set instance name

* chore(prometheus): add scrape namespace

* chore(postgres): set service type to ClusterIP

* chore(postgres): update metrics default values

* chore(mysql-cluster): add router configmap , add resources limits to router and metrics

* chore(mysql-cluster): modify networkpolicy rules. empty ingress when router service type is loadbalancer

* chore(postgresql-cluster): Allow all ip when service type is Loadbalancer

* chore(cloudbeaver): add networkpolicy ,Allow all ip when service type is Loadbalancer

* chore(cloudbeaver): fix typo

* chore(pmm): pmm network support

* chore(pmm): fix pmm chart.yaml

---------

Co-authored-by: lijianguo &lt;lijianguo1991@outlook.com&gt;
diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml
@@ -516,8 +516,8 @@ ingress:
   extraRules: []
   ## @section Network Policy
 
-## MySQL Nework Policy configuration
-##
+## Nework Policy configuration
+
 networkPolicy:
   ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
   ##
diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml
@@ -1,18 +1,27 @@
+annotations:
+  category: monitor
 apiVersion: v2
-name: pmm
-description: A Helm chart for Percona Monitoring and Management (PMM)
-type: application
-version: 1.3.11
-appVersion: "2.41.1"
-home: https://github.com/percona/pmm
-maintainers:
-  - name: tplavcic
-    email: tomislav.plavcic@percona.com
-  - name: bupychuk
-    email: nurlan.moldomurov@percona.com
-  - name: spron-in
-    email: sergey.pronin@percona.com
+appVersion: 2.41
+dependencies:
+  - name: common
+    repository: oci://registry.drycc.cc/charts
+    tags:
+      - drycc-common
+    version: ~1.1.2
+description:  Percona Monitoring and Management an open source database monitoring, observability and management tool 
+engine: gotpl
+home: https://github.com/drycc/charts/tree/master/drycc/pmm
+icon: https://drycc.com/assets/stacks/pmm/img/pmm-stack-220x234.png
 keywords:
-  - PMM
-  - Monitoring
-icon: https://www.percona.com/sites/default/files/pmm-logo.png
+  - mysql
+  - postgres
+  - mongodb
+  - monitor
+maintainers:
+  - name: Drycc
+    url: https://github.com/drycc/charts
+name: pmm
+sources:
+  - https://github.com/drycc/containers/tree/main/drycc/mysql
+  - https://github.com/percona/pmm
+version: 2.41
diff --git a/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml b/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml
@@ -0,0 +1,50 @@
+{{- /*
+Copyright Drycc Community.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "common.labels.matchLabels" . | nindent 6 }}
+  {{- if eq .Values.service.type "ClusterIP" }}
+  ingress:
+    # Allow inbound connections
+    {{- with .Values.service.ports }}
+    - ports:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
+    {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }}
+      from:
+      {{- if .Values.networkPolicy.allowCurrentNamespace }}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Release.Namespace }}
+      {{- end }}
+      {{- range $namespace := .Values.networkPolicy.allowNamespaces }}
+        {{- if $namespace }}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ $namespace }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if eq .Values.service.type "LoadBalancer" }}
+  ingress:
+    - {}
+  {{- end}}
+{{- end }}
diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml
@@ -226,3 +226,18 @@ extraVolumeMounts: []
 ## @param extraVolumes Optionally specify extra list of additional volumes
 ##
 extraVolumes: []
+
+## Nework Policy configuration
+##
+networkPolicy:
+  ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
+  ##
+  enabled: true 
+  ## @param networkPolicy.allowExternal The Policy model to apply.
+  ## When set to false, only pods with the correct
+  ## client label will have network access to the port MySQL is listening
+  ## on. When true, MySQL will accept connections from any source
+  ## (with the correct destination port).
+  ##
+  allowCurrentNamespace: true
+  allowNamespaces: []
