diff --git a/addons/index.yaml b/addons/index.yaml index 3b8320d3..cd0ea8e0 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -51,3 +51,6 @@ entries: kafka: - version: 3.6 description: "Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications." + pmm: + - version: 2.41 + description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." diff --git a/addons/pmm/2.41/chart/pmm/.helmignore b/addons/pmm/2.41/chart/pmm/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml new file mode 100644 index 00000000..7353e99f --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: pmm +description: A Helm chart for Percona Monitoring and Management (PMM) +type: application +version: 1.3.11 +appVersion: "2.41.1" +home: https://github.com/percona/pmm +maintainers: + - name: tplavcic + email: tomislav.plavcic@percona.com + - name: bupychuk + email: nurlan.moldomurov@percona.com + - name: spron-in + email: sergey.pronin@percona.com +keywords: + - PMM + - Monitoring +icon: https://www.percona.com/sites/default/files/pmm-logo.png diff --git a/addons/pmm/2.41/chart/pmm/README.md b/addons/pmm/2.41/chart/pmm/README.md new file mode 100644 index 00000000..3f8a3a4b --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/README.md @@ -0,0 +1,205 @@ +# Percona Monitoring and Management (PMM) + +## Introduction + +PMM is an open source database monitoring, observability and management tool. + +Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html + +## Prerequisites + +- Kubernetes 1.22+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `pmm`: + +```sh +helm repo add percona https://percona.github.io/percona-helm-charts/ +helm install pmm percona/pmm +``` + +The command deploys PMM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall `pmm` deployment: + +```sh +helm uninstall pmm +``` + +This command takes a release name and uninstalls the release. + +It removes all of the resources associated with the last release of the chart as well as the release history. + +## Parameters + +### Percona Monitoring and Management (PMM) parameters + +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |----------------------| +| `image.repository` | PMM image repository | `percona/pmm-server` | +| `image.pullPolicy` | PMM image pull policy | `IfNotPresent` | +| `image.tag` | PMM image tag (immutable tags are recommended) | `2.41.1` | +| `image.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `pmmEnv.DISABLE_UPDATES` | Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) | `1` | +| `pmmResources` | optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) | `{}` | +| `readyProbeConf.initialDelaySeconds` | Number of seconds after the container has started before readiness probes is initiated | `1` | +| `readyProbeConf.periodSeconds` | How often (in seconds) to perform the probe | `5` | +| `readyProbeConf.failureThreshold` | When a probe fails, Kubernetes will try failureThreshold times before giving up | `6` | + + +### PMM secrets + +| Name | Description | Value | +| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | +| `secret.name` | Defines the name of the k8s secret that holds passwords and other secrets | `pmm-secret` | +| `secret.annotations` | Defines the annotations of the k8s secret that holds passwords and other secrets | `{}` | +| `secret.create` | If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. | `true` | +| `secret.pmm_password` | Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. | `""` | +| `certs` | Optional certificates, if not provided PMM would use generated self-signed certificates, | `{}` | + + +### PMM network configuration + +| Name | Description | Value | +| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.name` | Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. | `monitoring-service` | +| `service.type` | Kubernetes Service type | `NodePort` | +| `service.ports[0].port` | https port number | `443` | +| `service.ports[0].targetPort` | target port to map for statefulset and ingress | `https` | +| `service.ports[0].protocol` | protocol for https | `TCP` | +| `service.ports[0].name` | port name | `https` | +| `service.ports[1].port` | http port number | `80` | +| `service.ports[1].targetPort` | target port to map for statefulset and ingress | `http` | +| `service.ports[1].protocol` | protocol for http | `TCP` | +| `service.ports[1].name` | port name | `http` | +| `ingress.enabled` | -- Enable ingress controller resource | `false` | +| `ingress.nginxInc` | -- Using ingress controller from NGINX Inc | `false` | +| `ingress.annotations` | -- Ingress annotations configuration | `{}` | +| `ingress.community.annotations` | -- Ingress annotations configuration for community managed ingress (nginxInc = false) | `{}` | +| `ingress.ingressClassName` | -- Sets the ingress controller class name to use. | `""` | +| `ingress.hosts[0].host` | hostname | `chart-example.local` | +| `ingress.hosts[0].paths` | path mapping | `[]` | +| `ingress.pathType` | -- How ingress paths should be treated. | `Prefix` | +| `ingress.tls` | -- Ingress TLS configuration | `[]` | + + +### PMM storage configuration + +| Name | Description | Value | +| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `storage.name` | name of PVC | `pmm-storage` | +| `storage.storageClassName` | optional PMM data Persistent Volume Storage Class | `""` | +| `storage.size` | size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention | `10Gi` | +| `storage.dataSource` | VolumeSnapshot to start from | `{}` | +| `storage.selector` | select existing PersistentVolume | `{}` | + + +### PMM kubernetes configurations + +| Name | Description | Value | +| ---------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | +| `extraLabels` | Labels to add to all deployed objects | `{}` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `pmm-service-account` | +| `podAnnotations` | Pod annotations | `{}` | +| `podSecurityContext` | Configure Pods Security Context | `{}` | +| `securityContext` | Configure Container Security Context | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | + + +Specify each parameter using the `--set key=value[,key=value]` or `--set-string key=value[,key=value]` arguments to `helm install`. For example, + +```sh +helm install pmm \ + --set service.type="NodePort" \ + --set storage.storageClassName="linode-block-storage-retain" \ + percona/pmm +``` + +The above command installs PMM with the Service network type set to `NodePort` and storage class to `linode-block-storage-retain` for persistence storage on LKE. + +> NOTE: Once this chart is deployed, it is impossible to change the application's access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: + +```sh +helm install pmm -f values.yaml percona/pmm +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) or get them from chart definition: `helm show values percona/pmm > values.yaml` + +## Configuration and installation details + +### [Image tags](https://kubernetes.io/docs/concepts/containers/images/#updating-images) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Percona will release a new chart updating its containers if a new version of the main container is available, there are any significant changes, or critical vulnerabilities exist. + +### PMM admin password + +PMM admin password would be set only on the first deployment. That setting is ignored if PMM was already provisioned and just restarted and/or updated. In real-life situations it is recommended to create the `pmm-secret` secret manually before the release and set `secret.create` to false. The chart then won't overwrite secret during install or upgrade and values.yaml won't contain any secret. + +If PMM admin password is not set explicitly (default), it will be generated. + +To get admin password execute: + +```sh +kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode +``` + +### PMM SSL certificates + +PMM ships with self signed SSL certificates to provide secure connection between client and server ([check here](https://docs.percona.com/percona-monitoring-and-management/how-to/secure.html#ssl-encryption)). +You could see the warning when connecting to PMM. To further increase security, you could provide your certificates and add values of credentials to the fields of the `cert` section: + +```yaml +certs: + name: pmm-certs + files: + certificate.crt: + certificate.key: + ca-certs.pem: + dhparam.pem: +``` + +### PMM updates + +By default UI update feature is disabled and should not be enabled. Do not modify that parameter or add it while modifying the custom `values.yaml` file: + +```yaml +pmmEnv: + DISABLE_UPDATES: "1" +``` + +Before updating the helm chart, it is recommended to pre-pull the image on the node where PMM is running, as the PMM images could be large and could take time to download + +PMM updates should happen in a standard way: + +```sh +helm repo update percona +helm upgrade pmm -f values.yaml percona/pmm +``` + +This will check updates in the repo and upgrade deployment if the updates are available. + +### [PMM environment variables](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables) + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `pmmEnv` property. + +```yaml +pmmEnv: + DISABLE_UPDATES: "1" + DATA_RETENTION: "2160h" # 90 days +``` diff --git a/addons/pmm/2.41/chart/pmm/templates/NOTES.txt b/addons/pmm/2.41/chart/pmm/templates/NOTES.txt new file mode 100644 index 00000000..a517561e --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/NOTES.txt @@ -0,0 +1,26 @@ + +Percona Monitoring and Management (PMM) + +An open source database monitoring, observability and management tool +Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html + +Get the application URL: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.service.name }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo https://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.service.name }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.service.name }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + echo https://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pmm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") + echo "Visit https://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} + +Get password for the "admin" user: + export ADMIN_PASS=$(kubectl get secret pmm-secret --namespace {{ .Release.Namespace }} -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode) + echo $ADMIN_PASS diff --git a/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl b/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl new file mode 100644 index 00000000..5a31f77b --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "pmm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pmm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pmm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "pmm.labels" -}} +helm.sh/chart: {{ include "pmm.chart" . }} +{{ include "pmm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pmm.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pmm.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: pmm-server +app.kubernetes.io/part-of: percona-platform +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end }} + +{{/* +Pod annotation +*/}} +{{- define "pmm.podAnnotations" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "pmm.chart" . }} +checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations }} +{{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml new file mode 100644 index 00000000..a470d4de --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml @@ -0,0 +1,28 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +rules: +# standard RBAC +- apiGroups: [""] # "" indicates the core API group + resources: + - namespaces + - endpoints + - services + - nodes + - pods + - secrets + - serviceaccounts + verbs: + - get + - watch + - list +- nonResourceURLs: + - /metrics + - /metrics/resources + verbs: + - get +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..d82e4ccc --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml @@ -0,0 +1,29 @@ +{{- if .Values.serviceAccount.create -}} +{{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "pmm.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ include "pmm.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "pmm.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "pmm.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "pmm.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/configmap.yaml b/addons/pmm/2.41/chart/pmm/templates/configmap.yaml new file mode 100644 index 00000000..cda6b950 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.pmmEnv -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +data: +# environment passed to the PMM + {{- with .Values.pmmEnv }} + {{- . | toYaml | nindent 6 }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml b/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml new file mode 100644 index 00000000..f05117df --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml @@ -0,0 +1,18 @@ +{{- if .Values.certs.name -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.certs.name }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: +# ngnix ssl certificates + {{- with .Values.certs.files }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/secret.yaml b/addons/pmm/2.41/chart/pmm/templates/secret.yaml new file mode 100644 index 00000000..a7602c88 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/secret.yaml @@ -0,0 +1,24 @@ +{{- if .Values.secret.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.secret.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: +# base64 encoded password +# encode some password: `echo -n "admin" | base64` +# to get the password on deployed cluster: `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` + PMM_ADMIN_PASSWORD: {{ .Values.secret.pmm_password | default (randAscii 16) | b64enc | quote }} + {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID -}} + GF_AUTH_GENERIC_OAUTH_CLIENT_ID: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} + {{- end }} + {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET -}} + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/service.yaml b/addons/pmm/2.41/chart/pmm/templates/service.yaml new file mode 100644 index 00000000..6eef557a --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.service.finalizers }} + finalizers: + {{- toYaml . | nindent 8 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- with .Values.service.ports }} + ports: + {{- toYaml . | nindent 8 }} + {{- end }} + selector: + {{- include "pmm.selectorLabels" . | nindent 4 }} + diff --git a/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml b/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml new file mode 100644 index 00000000..094261b9 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +secrets: + - name: {{ include "pmm.fullname" . }}-token +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: {{ include "pmm.fullname" . }}-token + annotations: + kubernetes.io/service-account.name: {{ include "pmm.fullname" . }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml new file mode 100644 index 00000000..18fae7d6 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +spec: + serviceName: {{ .Values.service.name }} + replicas: 1 + selector: + matchLabels: + {{- include "pmm.selectorLabels" . | nindent 6 }} + updateStrategy: + type: RollingUpdate + template: + metadata: + annotations: + {{- include "pmm.podAnnotations" . | nindent 8 }} + labels: + {{- include "pmm.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.image.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ include "pmm.fullname" . }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.pmmResources }} + resources: + {{- toYaml .Values.pmmResources | nindent 12 }} + {{- end }} + + # environment passed to PMM, defined in configMap + envFrom: + - configMapRef: + name: {{ include "pmm.fullname" . }} + optional: true + + # additional secrets that could be used for Grafana iDP + env: + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + optional: true + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + optional: true + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + key: PMM_ADMIN_PASSWORD + optional: true + - name: PMM_INSTALL_METHOD + valueFrom: + fieldRef: + fieldPath: metadata.annotations['app.kubernetes.io/managed-by'] + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + readinessProbe: + httpGet: + path: /v1/readyz + port: http + {{- if .Values.readyProbeConf }} + {{- toYaml .Values.readyProbeConf | nindent 12 }} + {{- end }} + volumeMounts: + - name: {{ include "pmm.fullname" . }} + mountPath: /srv + - name: annotations + mountPath: "/var/run/pmm/annotations" + readOnly: true + {{- if .Values.certs.name }} + - name: {{ .Values.certs.name }} + mountPath: /srv/nginx + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + - name: annotations + projected: + sources: + - downwardAPI: + items: + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + {{- if .Values.certs.name }} + - name: {{ .Values.certs.name }} + secret: + secretName: {{ .Values.certs.name }} + optional: false + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: {{ include "pmm.fullname" . }} + spec: + {{- if .Values.storage.selector }} + selector: + {{- toYaml .Values.storage.selector | nindent 10 }} + {{- end }} + {{ if .Values.storage.storageClassName }} + storageClassName: {{ .Values.storage.storageClassName }} + {{ end }} + {{- if .Values.storage.dataSource }} + dataSource: + {{- toYaml .Values.storage.dataSource | nindent 10 }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.size }} diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml new file mode 100644 index 00000000..21e4f3c6 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/values.yaml @@ -0,0 +1,228 @@ +## @section Percona Monitoring and Management (PMM) parameters +## Default values for PMM. +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. + +## PMM image version +## ref: https://hub.docker.com/r/percona/pmm-server/tags +## @param image.repository PMM image repository +## @param image.pullPolicy PMM image pull policy +## @param image.tag PMM image tag (immutable tags are recommended) +## @param image.imagePullSecrets Global Docker registry secret names as an array +## +image: + repository: percona/pmm-server + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "2.41.1" + imagePullSecrets: [] + +## PMM environment variables +## ref: https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables +## +pmmEnv: + ## @param pmmEnv.DISABLE_UPDATES Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) + ## + DISABLE_UPDATES: "1" +# optional variables to integrate Grafana with internal iDP, see also secret part +# GF_AUTH_GENERIC_OAUTH_ENABLED: 'true' +# GF_AUTH_GENERIC_OAUTH_SCOPES: '' +# GF_AUTH_GENERIC_OAUTH_AUTH_URL: '' +# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: '' +# GF_AUTH_GENERIC_OAUTH_API_URL: '' +# GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '' + +## @param pmmResources optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) + ## pmmResources: + ## requests: + ## memory: "32Gi" + ## cpu: "8" + ## limits: + ## memory: "64Gi" + ## cpu: "32" +#pmmResources: {} +pmmResources: + requests: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + + +## Readiness probe Config +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readyProbeConf.initialDelaySeconds Number of seconds after the container has started before readiness probes is initiated +## @param readyProbeConf.periodSeconds How often (in seconds) to perform the probe +## @param readyProbeConf.failureThreshold When a probe fails, Kubernetes will try failureThreshold times before giving up +## +readyProbeConf: + initialDelaySeconds: 1 + periodSeconds: 5 + failureThreshold: 6 + +## @section PMM secrets +## +secret: + ## @param secret.annotations -- Secret annotations configuration + annotations: {} + ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. + ## + create: true + ## @param secret.pmm_password Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. + ## E.g. + ## pmm_password: admin + ## + ## To get password execute `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` + ## + pmm_password: "admin" + ## + # GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional client ID to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv + # GF_AUTH_GENERIC_OAUTH_CLIENT_ID: + # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional secret to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv + # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: + +## @param certs Optional certificates, if not provided PMM would use generated self-signed certificates, +## please provide your own signed ssl certificates like this in base 64 format: +## certs: + ## name: pmm-certs + ## files: + ## certificate.crt: + ## certificate.key: + ## ca-certs.pem: + ## dhparam.pem: + ## certificate.conf: +certs: {} + +## @section PMM network configuration +## Service configuration +## +service: + ## @param service.type Kubernetes Service type + ## + type: LoadBalancer + + ## Ports 443 and/or 80 + ## + ports: + ## @param service.ports[0].port https port number + - port: 443 + ## @param service.ports[0].targetPort target port to map for statefulset and ingress + targetPort: https + ## @param service.ports[0].protocol protocol for https + protocol: TCP + ## @param service.ports[0].name port name + name: https + ## @param service.ports[1].port http port number + - port: 80 + ## @param service.ports[1].targetPort target port to map for statefulset and ingress + targetPort: http + ## @param service.ports[1].protocol protocol for http + protocol: TCP + ## @param service.ports[1].name port name + name: http + +storage: + ## @param storage.storageClassName optional PMM data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClassName: "" + ## + ## @param storage.size size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention + ## + size: 10Gi + ## + ## @param storage.dataSource VolumeSnapshot to start from + ## + dataSource: {} + ## name: before-vX.Y.Z-upgrade + ## kind: VolumeSnapshot + ## apiGroup: snapshot.storage.k8s.io + ## + ## @param storage.selector select existing PersistentVolume + ## + selector: {} + ## matchLabels: + ## release: "stable" + ## matchExpressions: + ## - key: environment + ## operator: In + ## values: + ## - dev + +## @section PMM kubernetes configurations +## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) +## +nameOverride: "" + +## @param extraLabels Labels to add to all deployed objects +## +extraLabels: {} + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## @param serviceAccount.create Specifies whether a ServiceAccount should be created +## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. +## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. +## +serviceAccount: + create: true + annotations: {} + name: "" + +## @param podAnnotations Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## @param podSecurityContext Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## E.g +## podSecurityContext: + ## fsGroup: 2000 +## +podSecurityContext: {} + +## @param securityContext Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## securityContext.capabilities The capabilities to add/drop when running containers +## securityContext.runAsUser Set pmm containers' Security Context runAsUser +## securityContext.runAsNonRoot Set pmm container's Security Context runAsNonRoot +## E.g. +## securityContext: + ## capabilities: + ## drop: + ## - ALL + ## readOnlyRootFilesystem: true + ## runAsNonRoot: true + ## runAsUser: 1000 +securityContext: {} + + +## @param nodeSelector Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## @param tolerations Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes +## +extraVolumes: [] diff --git a/addons/pmm/2.41/meta.yaml b/addons/pmm/2.41/meta.yaml new file mode 100644 index 00000000..25bf83f3 --- /dev/null +++ b/addons/pmm/2.41/meta.yaml @@ -0,0 +1,21 @@ +name: pmm +version: 2.41 +id: 1db95161-7193-4544-8c76-e5ad5f6c03f6 +description: "pmm" +displayName: "pmm" +metadata: + displayName: "pmm" + provider: + name: drycc + supportURL: https://www.percona.com/software/database-tools/percona-monitoring-and-management + documentationURL: https://www.percona.com/software/database-tools/percona-monitoring-and-management +tags: pmm +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/bind.yaml b/addons/pmm/2.41/plans/standard-10/bind.yaml new file mode 100644 index 00000000..973abc94 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/bind.yaml @@ -0,0 +1,15 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + value: 80 \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/create-instance-schema.json b/addons/pmm/2.41/plans/standard-10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/meta.yaml b/addons/pmm/2.41/plans/standard-10/meta.yaml new file mode 100644 index 00000000..aaa411c0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-10" +id: d4d9338c-4958-4203-8e7d-bdfcb0d81945 +description: "pmm standard-10 plan: Disk 10Gi ,vCPUs 2 , RAM 2G" +displayName: "standard-10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-10/values.yaml b/addons/pmm/2.41/plans/standard-10/values.yaml new file mode 100644 index 00000000..676edb9d --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/values.yaml @@ -0,0 +1,30 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: pmm-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +pmmResources: + requests: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +storage: + size: 10Gi