From 3e7dc5d77694c3d661dc6509b2def6076b660c34 Mon Sep 17 00:00:00 2001 From: Daniel Budziwojski <135250101+dbudziwojskiNR@users.noreply.github.com> Date: Wed, 29 May 2024 13:55:37 -0700 Subject: [PATCH] [nr-k8s-otel-collector] Add top level controls (#1352) #### Is this a new chart #### What this PR does / why we need it: #### Which issue this PR fixes *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)* - fixes # #### Special notes for your reviewer: #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] - [x] Chart Version bumped - [x] Variables are documented in the README.md - [x] Title of the PR starts with chart name (e.g. `[mychartname]`) --------- Co-authored-by: csongnr <115833851+csongnr@users.noreply.github.com> Co-authored-by: chris --- charts/nr-k8s-otel-collector/Chart.yaml | 2 +- charts/nr-k8s-otel-collector/README.md | 51 ++++++-- charts/nr-k8s-otel-collector/README.md.gotmpl | 4 +- .../templates/_affinity.tpl | 21 ++++ .../templates/_node_selector.tpl | 21 ++++ .../templates/_security_context.tpl | 43 +++++++ .../templates/_tolerations.tpl | 21 ++++ .../templates/clusterrole.yaml | 4 +- .../templates/clusterrolebinding.yaml | 2 + .../templates/daemonset-configmap.yaml | 26 +++- .../templates/daemonset.yaml | 42 +++++-- .../templates/deployment-configmap.yaml | 31 +++-- .../templates/deployment.yaml | 32 +++-- .../templates/serviceaccount.yaml | 6 +- charts/nr-k8s-otel-collector/values.yaml | 118 +++++++++++++----- 15 files changed, 341 insertions(+), 83 deletions(-) create mode 100644 charts/nr-k8s-otel-collector/templates/_affinity.tpl create mode 100644 charts/nr-k8s-otel-collector/templates/_node_selector.tpl create mode 100644 charts/nr-k8s-otel-collector/templates/_security_context.tpl create mode 100644 charts/nr-k8s-otel-collector/templates/_tolerations.tpl diff --git a/charts/nr-k8s-otel-collector/Chart.yaml b/charts/nr-k8s-otel-collector/Chart.yaml index 454fc98f6..3029d1386 100644 --- a/charts/nr-k8s-otel-collector/Chart.yaml +++ b/charts/nr-k8s-otel-collector/Chart.yaml @@ -17,7 +17,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.2.0 dependencies: - name: common-library diff --git a/charts/nr-k8s-otel-collector/README.md b/charts/nr-k8s-otel-collector/README.md index e7068e308..c2b656cec 100644 --- a/charts/nr-k8s-otel-collector/README.md +++ b/charts/nr-k8s-otel-collector/README.md @@ -18,7 +18,7 @@ You can install this chart using directly this Helm repository: ```shell helm repo add newrelic https://helm-charts.newrelic.com -helm upgrade nr-k8s-otel-collector newrelic/nr-k8s-otel-collector -f your-custom-values.yaml -n newrelic --create-namespace --install +helm upgrade nr-k8s-otel-collector newrelic/nr-k8s-otel-collector -f your-custom-values.yaml -n newrelic --create-namespace --install ``` ## Confirm installation @@ -64,25 +64,52 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | Sets pod/node affinities | +| affinity | object | `{}` | Sets all pods' affinities. Can be configured also with `global.affinity` | | cluster | string | `""` | Name of the Kubernetes cluster monitored. Mandatory. Can be configured also with `global.cluster` | +| containerSecurityContext | object | `{}` | Sets all security context (at container level). Can be configured also with `global.securityContext.container` | | customSecretLicenseKey | string | `""` | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | | customSecretName | string | `""` | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | +| daemonset.affinity | object | `{}` | Sets daemonset pod affinities. Overrides `affinity` and `global.affinity` | +| daemonset.containerSecurityContext | object | `{}` | Sets security context (at container level) for the daemonset. Overrides `containerSecurityContext` and `global.containerSecurityContext` | +| daemonset.nodeSelector | object | `{}` | Sets daemonset pod node selector. Overrides `nodeSelector` and `global.nodeSelector` | +| daemonset.podAnnotations | object | `{}` | Annotations to be added to the daemonset. | +| daemonset.podSecurityContext | object | `{}` | Sets security context (at pod level) for the daemonset. Overrides `podSecurityContext` and `global.podSecurityContext` | +| daemonset.resources | object | `{}` | Sets resources for the daemonset. | +| daemonset.tolerations | list | `[]` | Sets daemonset pod tolerations. Overrides `tolerations` and `global.tolerations` | +| deployment.affinity | object | `{}` | Sets deployment pod affinities. Overrides `affinity` and `global.affinity` | +| deployment.containerSecurityContext | object | `{}` | Sets security context (at container level) for the deployment. Overrides `containerSecurityContext` and `global.containerSecurityContext` | +| deployment.nodeSelector | object | `{}` | Sets deployment pod node selector. Overrides `nodeSelector` and `global.nodeSelector` | +| deployment.podAnnotations | object | `{}` | Annotations to be added to the deployment. | +| deployment.podSecurityContext | object | `{}` | Sets security context (at pod level) for the deployment. Overrides `podSecurityContext` and `global.podSecurityContext` | +| deployment.resources | object | `{}` | Sets resources for the deployment. | +| deployment.tolerations | list | `[]` | Sets deployment pod tolerations. Overrides `tolerations` and `global.tolerations` | +| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | | image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is also set to Always. | -| image.repository | string | `"otel/opentelemetry-collector-contrib"` | OTel collector image to be deployed. You can use your own collector as long it accomplish the following requirements mentioned below. | +| image.repository | string | `"otel/opentelemetry-collector-contrib"` | OTel collector image to be deployed. You can use your own collector as long it accomplish the following requirements mentioned below. | | image.tag | string | `"0.91.0"` | Overrides the image tag whose default is the chart appVersion. | | kube-state-metrics.enabled | bool | `true` | Install the [`kube-state-metrics` chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) from the stable helm charts repository. This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0. Note, kube-state-metrics v2+ disables labels/annotations metrics by default. You can enable the target labels/annotations metrics to be monitored by using the metricLabelsAllowlist/metricAnnotationsAllowList options described [here](https://github.com/prometheus-community/helm-charts/blob/159cd8e4fb89b8b107dcc100287504bb91bf30e0/charts/kube-state-metrics/values.yaml#L274) in your Kubernetes clusters. | | kube-state-metrics.prometheusScrape | bool | `false` | Disable prometheus from auto-discovering KSM and potentially scraping duplicated data | +| labels | object | `{}` | Additional labels for chart objects | | licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` | -| nodeSelector | object | `{}` | Sets pod's node selector. Can be configured also with `global.nodeSelector | +| nodeSelector | object | `{}` | Sets all pods' node selector. Can be configured also with `global.nodeSelector` | | nrStaging | bool | `false` | Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` | -| podAnnotations | object | `{}` | Annotations to be added to each pod created by the chart | -| podSecurityContext | object | `{}` | Sets security context (at pod level). Can be configured also with `global.podSecurityContext` | -| resources | object | `{}` | The default set of resources assigned to the pods is shown below: | -| securityContext | object | `{"privileged":true}` | Sets security context (at container level). Can be configured also with `global.podSecurityContext` | -| tolerations | list | `[]` | Sets pod's tolerations to node taints. Cab be configured also with `global.tolerations` | +| podLabels | object | `{}` | Additional labels for chart pods | +| podSecurityContext | object | `{}` | Sets all security contexts (at pod level). Can be configured also with `global.securityContext.pod` | +| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` | +| rbac.create | bool | `true` | Specifies whether RBAC resources should be created | +| receivers.filelog.enabled | bool | `true` | Specifies whether the `filelog` receiver is enabled | +| receivers.hostmetrics.enabled | bool | `true` | Specifies whether the `hostmetrics` receiver is enabled | +| receivers.k8sCluster.enabled | bool | `true` | Specifies whether the `k8s_cluster` receiver is enabled | +| receivers.k8sEvents.enabled | bool | `true` | Specifies whether the `k8s_events` receiver is enabled | +| receivers.kubeletstats.enabled | bool | `true` | Specifies whether the `kubeletstats` receiver is enabled | +| receivers.prometheus.enabled | bool | `true` | Specifies whether the `prometheus` receiver is enabled | +| serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation | +| serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created | +| tolerations | list | `[]` | Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` | | verboseLog | bool | `false` | Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` | +**Note:** If all receivers are disabled in the deployment or in the daemonset, the agent will not start. + ## Common Errors ### Exporting Errors @@ -91,7 +118,7 @@ Timeout errors while starting up the collector are expected as the collector att These timeout errors can also pop up over time as the collector is running but are transient and expected to self-resolve. Further improvements are underway to mitigate the amount of timeout errors we're seeing from the NR1 endpoint. ``` -info exporterhelper/retry_sender.go:154 Exporting failed. Will retry the request after interval. {"kind": "exporter", "data_type": "metrics", "name": "otlphttp/newrelic", "error": "failed to make an HTTP request: Post \"https://staging-otlp.nr-data.net/v1/metrics\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)", "interval": "5.445779213s"} +info exporterhelper/retry_sender.go:154 Exporting failed. Will retry the request after interval. {"kind": "exporter", "data_type": "metrics", "name": "otlphttp/newrelic", "error": "failed to make an HTTP request: Post \"https://staging-otlp.nr-data.net/v1/metrics\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)", "interval": "5.445779213s"} ``` ### No such file or directory @@ -100,11 +127,11 @@ Sometimes we see failed to open file errors on the `filelog` and `hostmetrics` r `filelog` error: ``` -Failed to open file {"kind": "receiver", "name": "filelog", "data_type": "logs", "component": "fileconsumer", "error": "open /var/log/pods///0.log: no such file or directory"} +Failed to open file {"kind": "receiver", "name": "filelog", "data_type": "logs", "component": "fileconsumer", "error": "open /var/log/pods///0.log: no such file or directory"} ``` `hostmetrics` error: ``` -Error scraping metrics {"kind": "receiver", "name": "hostmetrics", "data_type": "metrics", "error": "error reading for process \"\" (pid ): open /hostfs/proc//stat: no such file or directory; error reading info for process \"\" (pid 511766): open /hostfs/proc//: no such file or directory", "scraper": "process"} +Error scraping metrics {"kind": "receiver", "name": "hostmetrics", "data_type": "metrics", "error": "error reading for process \"\" (pid ): open /hostfs/proc//stat: no such file or directory; error reading info for process \"\" (pid 511766): open /hostfs/proc//: no such file or directory", "scraper": "process"} ``` ## Maintainers diff --git a/charts/nr-k8s-otel-collector/README.md.gotmpl b/charts/nr-k8s-otel-collector/README.md.gotmpl index 3ee116710..40c3e9fc2 100644 --- a/charts/nr-k8s-otel-collector/README.md.gotmpl +++ b/charts/nr-k8s-otel-collector/README.md.gotmpl @@ -20,7 +20,7 @@ You can install this chart using directly this Helm repository: ```shell helm repo add newrelic https://helm-charts.newrelic.com -helm upgrade --install newrelic/nr-k8s-otel-collector -f your-custom-values.yaml -n newrelic --create-namespace +helm upgrade nr-k8s-otel-collector newrelic/nr-k8s-otel-collector -f your-custom-values.yaml -n newrelic --create-namespace --install ``` {{ template "chart.sourcesSection" . }} @@ -66,6 +66,8 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera {{ template "chart.valuesSection" . }} +**Note:** If all receivers are disabled in the deployment or in the daemonset, the agent will not start. + ## Common Errors ### Exporting Errors diff --git a/charts/nr-k8s-otel-collector/templates/_affinity.tpl b/charts/nr-k8s-otel-collector/templates/_affinity.tpl new file mode 100644 index 000000000..47e87de4c --- /dev/null +++ b/charts/nr-k8s-otel-collector/templates/_affinity.tpl @@ -0,0 +1,21 @@ +{{- /* +A helper to return the affinity to apply to the deployment. +*/ -}} +{{- define "nrKubernetesOtel.deployment.affinity" -}} +{{- if .Values.deployment.affinity -}} + {{- toYaml .Values.deployment.affinity -}} +{{- else if include "newrelic.common.affinity" . -}} + {{- include "newrelic.common.affinity" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the affinity to apply to the daemonset. +*/ -}} +{{- define "nrKubernetesOtel.daemonset.affinity" -}} +{{- if .Values.daemonset.affinity -}} + {{- toYaml .Values.daemonset.affinity -}} +{{- else if include "newrelic.common.affinity" . -}} + {{- include "newrelic.common.affinity" . -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/templates/_node_selector.tpl b/charts/nr-k8s-otel-collector/templates/_node_selector.tpl new file mode 100644 index 000000000..e0b46a58b --- /dev/null +++ b/charts/nr-k8s-otel-collector/templates/_node_selector.tpl @@ -0,0 +1,21 @@ +{{- /* +A helper to return the nodeSelector to apply to the deployment. +*/ -}} +{{- define "nrKubernetesOtel.deployment.nodeSelector" -}} +{{- if .Values.deployment.nodeSelector -}} + {{- toYaml .Values.deployment.nodeSelector -}} +{{- else if include "newrelic.common.nodeSelector" . -}} + {{- include "newrelic.common.nodeSelector" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the nodeSelector to apply to the daemonset. +*/ -}} +{{- define "nrKubernetesOtel.daemonset.nodeSelector" -}} +{{- if .Values.daemonset.nodeSelector -}} + {{- toYaml .Values.daemonset.nodeSelector -}} +{{- else if include "newrelic.common.nodeSelector" . -}} + {{- include "newrelic.common.nodeSelector" . -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/templates/_security_context.tpl b/charts/nr-k8s-otel-collector/templates/_security_context.tpl new file mode 100644 index 000000000..0396b338b --- /dev/null +++ b/charts/nr-k8s-otel-collector/templates/_security_context.tpl @@ -0,0 +1,43 @@ +{{- /* +A helper to return the pod security context to apply to the deployment. +*/ -}} +{{- define "nrKubernetesOtel.deployment.securityContext.pod" -}} +{{- if .Values.deployment.podSecurityContext -}} + {{- toYaml .Values.deployment.podSecurityContext -}} +{{- else if include "newrelic.common.securityContext.pod" . -}} + {{- include "newrelic.common.securityContext.pod" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the container security context to apply to the deployment. +*/ -}} +{{- define "nrKubernetesOtel.deployment.securityContext.container" -}} +{{- if .Values.deployment.containerSecurityContext -}} + {{- toYaml .Values.deployment.containerSecurityContext -}} +{{- else if include "newrelic.common.securityContext.container" . -}} + {{- include "newrelic.common.securityContext.container" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the pod security context to apply to the daemonset. +*/ -}} +{{- define "nrKubernetesOtel.daemonset.securityContext.pod" -}} +{{- if .Values.daemonset.podSecurityContext -}} + {{- toYaml .Values.daemonset.podSecurityContext -}} +{{- else if include "newrelic.common.securityContext.pod" . -}} + {{- include "newrelic.common.securityContext.pod" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the container security context to apply to the daemonset. +*/ -}} +{{- define "nrKubernetesOtel.daemonset.securityContext.container" -}} +{{- if .Values.daemonset.containerSecurityContext -}} + {{- toYaml .Values.daemonset.containerSecurityContext -}} +{{- else if include "newrelic.common.securityContext.container" . -}} + {{- include "newrelic.common.securityContext.container" . -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/templates/_tolerations.tpl b/charts/nr-k8s-otel-collector/templates/_tolerations.tpl new file mode 100644 index 000000000..94c49d11f --- /dev/null +++ b/charts/nr-k8s-otel-collector/templates/_tolerations.tpl @@ -0,0 +1,21 @@ +{{- /* +A helper to return the tolerations to apply to the deployment. +*/ -}} +{{- define "nrKubernetesOtel.deployment.tolerations" -}} +{{- if .Values.deployment.tolerations -}} + {{- toYaml .Values.deployment.tolerations -}} +{{- else if include "newrelic.common.tolerations" . -}} + {{- include "newrelic.common.tolerations" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the tolerations to apply to the daemonset. +*/ -}} +{{- define "nrKubernetesOtel.daemonset.tolerations" -}} +{{- if .Values.daemonset.tolerations -}} + {{- toYaml .Values.daemonset.tolerations -}} +{{- else if include "newrelic.common.tolerations" . -}} + {{- include "newrelic.common.tolerations" . -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/templates/clusterrole.yaml b/charts/nr-k8s-otel-collector/templates/clusterrole.yaml index 477a5639e..564917e45 100644 --- a/charts/nr-k8s-otel-collector/templates/clusterrole.yaml +++ b/charts/nr-k8s-otel-collector/templates/clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -74,4 +75,5 @@ rules: - watch # following required for prometheus receiver - nonResourceURLs: ["/metrics"] - verbs: ["get"] \ No newline at end of file + verbs: ["get"] +{{- end -}} diff --git a/charts/nr-k8s-otel-collector/templates/clusterrolebinding.yaml b/charts/nr-k8s-otel-collector/templates/clusterrolebinding.yaml index 6530262e9..84ca6c413 100644 --- a/charts/nr-k8s-otel-collector/templates/clusterrolebinding.yaml +++ b/charts/nr-k8s-otel-collector/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -12,3 +13,4 @@ roleRef: kind: ClusterRole name: {{ include "newrelic.common.naming.fullname" . }} apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml b/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml index 36f862688..62327e18d 100644 --- a/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml +++ b/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml @@ -303,7 +303,7 @@ data: action: update from_attribute: node - key: k8s.namespace.name - action: upsert + action: upsert from_attribute: namespace batch: @@ -320,14 +320,24 @@ data: # insecure: true service: - {{ if include "newrelic.common.verboseLog" . }} + {{- if include "newrelic.common.verboseLog" . }} telemetry: logs: level: "debug" - {{ end }} + {{- end }} pipelines: + {{- if or .Values.receivers.hostmetrics.enabled (or .Values.receivers.kubeletstats.enabled .Values.receivers.prometheus.enabled) }} metrics: - receivers: [hostmetrics, kubeletstats, prometheus] + receivers: + {{- if .Values.receivers.hostmetrics.enabled }} + - hostmetrics + {{- end }} + {{- if .Values.receivers.kubeletstats.enabled }} + - kubeletstats + {{- end }} + {{- if .Values.receivers.prometheus.enabled }} + - prometheus + {{- end }} processors: # - transform/truncate - filter/exclude_cpu_utilization @@ -346,8 +356,12 @@ data: - batch exporters: - otlphttp/newrelic + {{- end }} + {{- if .Values.receivers.filelog.enabled }} logs: - receivers: [filelog] + receivers: + - filelog processors: [transform/truncate, resource, k8sattributes, batch] exporters: - - otlphttp/newrelic \ No newline at end of file + - otlphttp/newrelic + {{- end }} \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/templates/daemonset.yaml b/charts/nr-k8s-otel-collector/templates/daemonset.yaml index 17fe33a9e..c98874f19 100644 --- a/charts/nr-k8s-otel-collector/templates/daemonset.yaml +++ b/charts/nr-k8s-otel-collector/templates/daemonset.yaml @@ -17,19 +17,35 @@ spec: component: daemonset annotations: checksum/config: {{ include (print $.Template.BasePath "/daemonset-configmap.yaml") . | sha256sum }} + {{- with .Values.daemonset.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }} - containers: + {{- with include "nrKubernetesOtel.daemonset.securityContext.pod" . }} + securityContext: + {{- . | nindent 8 }} + {{- end }} + {{- with include "newrelic.common.priorityClassName" . }} + priorityClassName: {{ . }} + {{- end }} + {{- with include "newrelic.common.dnsConfig" . }} + dnsConfig: + {{- . | nindent 8 }} + {{- end }} + containers: - name: otel-collector-daemonset + {{- with include "nrKubernetesOtel.daemonset.securityContext.container" . }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- . | nindent 12 }} + {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /otelcol-contrib - --config=/conf/otel-collector-config.yaml resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.daemonset.resources | nindent 12 }} env: - name: HOST_IP valueFrom: @@ -75,18 +91,18 @@ spec: - name: config-volume configMap: name: {{ include "nrKubernetesOtel.daemonset.configmap.fullname" . }} - - name: varlogpods + - name: varlogpods hostPath: path: /var/log/pods - {{- with include "newrelic.common.nodeSelector" . }} + {{- with include "nrKubernetesOtel.daemonset.nodeSelector" . }} nodeSelector: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.affinity" . }} + {{- . | nindent 8 }} + {{- end }} + {{- with include "nrKubernetesOtel.daemonset.affinity" . }} affinity: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} + {{- . | nindent 8 }} + {{- end }} + {{- with include "nrKubernetesOtel.daemonset.tolerations" . }} tolerations: - {{- . | nindent 8 -}} - {{- end }} \ No newline at end of file + {{- . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/templates/deployment-configmap.yaml b/charts/nr-k8s-otel-collector/templates/deployment-configmap.yaml index 8774a8a80..a1ffa92fb 100644 --- a/charts/nr-k8s-otel-collector/templates/deployment-configmap.yaml +++ b/charts/nr-k8s-otel-collector/templates/deployment-configmap.yaml @@ -239,12 +239,12 @@ data: filter/exclude_zero_value_kube_persistentvolumeclaim_status_phase: metrics: - datapoint: - - metric.name == "kube_persistentvolumeclaim_status_phase" and value_double == 0.0 + datapoint: + - metric.name == "kube_persistentvolumeclaim_status_phase" and value_double == 0.0 filter/exclude_zero_value_kube_pod_status_phase: metrics: - datapoint: + datapoint: - metric.name == "kube_pod_status_phase" and value_double == 0.0 filter/exclude_zero_value_kube_pod_container_status: @@ -317,7 +317,7 @@ data: action: upsert from_attribute: node - key: k8s.namespace.name - action: upsert + action: upsert from_attribute: namespace batch: @@ -328,15 +328,22 @@ data: headers: api-key: ${env:NR_LICENSE_KEY} service: - {{ if include "newrelic.common.verboseLog" . }} + {{- if include "newrelic.common.verboseLog" . }} telemetry: logs: level: "debug" - {{ end }} + {{- end }} pipelines: + {{- if or .Values.receivers.prometheus.enabled .Values.receivers.k8sCluster.enabled }} metrics: - receivers: [prometheus, k8s_cluster] - processors: + receivers: + {{- if .Values.receivers.prometheus.enabled }} + - prometheus + {{- end }} + {{- if .Values.receivers.k8sCluster.enabled }} + - k8s_cluster + {{- end }} + processors: - metricstransform/k8s_cluster_info - metricstransform/kube_pod_status_phase - filter/exclude_zero_value_kube_node_status_condition @@ -349,14 +356,18 @@ data: - batch exporters: - otlphttp/newrelic + {{- end }} # TODO(chris): revisit using the gateway collector # logs: # receivers: [otlp] # processors: [batch] # exporters: # - otlphttp/newrelic + {{- if .Values.receivers.k8sEvents.enabled }} logs/events: - receivers: [k8s_events] + receivers: + - k8s_events processors: [resource/events, batch] exporters: - - otlphttp/newrelic \ No newline at end of file + - otlphttp/newrelic + {{- end }} diff --git a/charts/nr-k8s-otel-collector/templates/deployment.yaml b/charts/nr-k8s-otel-collector/templates/deployment.yaml index a04fafd12..d570432fb 100644 --- a/charts/nr-k8s-otel-collector/templates/deployment.yaml +++ b/charts/nr-k8s-otel-collector/templates/deployment.yaml @@ -19,15 +19,33 @@ spec: component: deployment annotations: checksum/config: {{ include (print $.Template.BasePath "/deployment-configmap.yaml") . | sha256sum }} + {{- with .Values.deployment.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }} + {{- with include "nrKubernetesOtel.deployment.securityContext.pod" . }} + securityContext: + {{- . | nindent 8 }} + {{- end }} + {{- with include "newrelic.common.priorityClassName" . }} + priorityClassName: {{ . }} + {{- end }} + {{- with include "newrelic.common.dnsConfig" . }} + dnsConfig: + {{- . | nindent 8 }} + {{- end }} containers: - name: otel-collector-deployment + {{- with include "nrKubernetesOtel.deployment.securityContext.container" . }} + securityContext: + {{- . | nindent 12 }} + {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" args: ["--config", "/config/deployment-config.yaml"] imagePullPolicy: {{ .Values.image.pullPolicy }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.deployment.resources | nindent 12 }} env: - name: KUBE_NODE_NAME valueFrom: @@ -55,15 +73,15 @@ spec: - name: deployment-config configMap: name: {{ include "nrKubernetesOtel.deployment.configmap.fullname" . }} - {{- with include "newrelic.common.nodeSelector" . }} + {{- with include "nrKubernetesOtel.deployment.nodeSelector" . }} nodeSelector: - {{- . | nindent 8 -}} + {{- . | nindent 8 }} {{- end }} - {{- with include "newrelic.common.affinity" . }} + {{- with include "nrKubernetesOtel.deployment.affinity" . }} affinity: - {{- . | nindent 8 -}} + {{- . | nindent 8 }} {{- end }} - {{- with include "newrelic.common.tolerations" . }} + {{- with include "nrKubernetesOtel.deployment.tolerations" . }} tolerations: - {{- . | nindent 8 -}} + {{- . | nindent 8 }} {{- end }} \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/templates/serviceaccount.yaml b/charts/nr-k8s-otel-collector/templates/serviceaccount.yaml index 68dcd0b49..552e9e1c5 100644 --- a/charts/nr-k8s-otel-collector/templates/serviceaccount.yaml +++ b/charts/nr-k8s-otel-collector/templates/serviceaccount.yaml @@ -1,7 +1,11 @@ -apiVersion: v1 +{{- if include "newrelic.common.serviceAccount.create" . }} +apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "newrelic.common.serviceAccount.name" . }} namespace: {{ .Release.Namespace }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} + annotations: + {{- include "newrelic.common.serviceAccount.annotations" . | nindent 4 }} +{{- end -}} diff --git a/charts/nr-k8s-otel-collector/values.yaml b/charts/nr-k8s-otel-collector/values.yaml index 94b57c0ec..ca3e42635 100644 --- a/charts/nr-k8s-otel-collector/values.yaml +++ b/charts/nr-k8s-otel-collector/values.yaml @@ -28,44 +28,74 @@ customSecretName: "" # -- In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` customSecretLicenseKey: "" -# -- Annotations to be added to each pod created by the chart -podAnnotations: {} +# -- Additional labels for chart pods +podLabels: {} +# -- Additional labels for chart objects +labels: {} -# -- Sets security context (at pod level). Can be configured also with `global.podSecurityContext` -podSecurityContext: {} - # fsGroup: 2000 +# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` +priorityClassName: "" -# -- Sets security context (at container level). Can be configured also with `global.podSecurityContext` -securityContext: - privileged: true - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` +dnsConfig: {} -# -- The default set of resources assigned to the pods is shown below: -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi +daemonset: + # -- Sets daemonset pod node selector. Overrides `nodeSelector` and `global.nodeSelector` + nodeSelector: {} + # -- Sets daemonset pod tolerations. Overrides `tolerations` and `global.tolerations` + tolerations: [] + # -- Sets daemonset pod affinities. Overrides `affinity` and `global.affinity` + affinity: {} + # -- Annotations to be added to the daemonset. + podAnnotations: {} + # -- Sets security context (at pod level) for the daemonset. Overrides `podSecurityContext` and `global.podSecurityContext` + podSecurityContext: {} + # -- Sets security context (at container level) for the daemonset. Overrides `containerSecurityContext` and `global.containerSecurityContext` + containerSecurityContext: {} + # -- Sets resources for the daemonset. + resources: {} -# -- Sets pod's node selector. Can be configured also with `global.nodeSelector -nodeSelector: {} +deployment: + # -- Sets deployment pod node selector. Overrides `nodeSelector` and `global.nodeSelector` + nodeSelector: {} + # -- Sets deployment pod tolerations. Overrides `tolerations` and `global.tolerations` + tolerations: [] + # -- Sets deployment pod affinities. Overrides `affinity` and `global.affinity` + affinity: {} + # -- Annotations to be added to the deployment. + podAnnotations: {} + # -- Sets security context (at pod level) for the deployment. Overrides `podSecurityContext` and `global.podSecurityContext` + podSecurityContext: {} + # -- Sets security context (at container level) for the deployment. Overrides `containerSecurityContext` and `global.containerSecurityContext` + containerSecurityContext: {} + # -- Sets resources for the deployment. + resources: {} -# -- Sets pod's tolerations to node taints. Cab be configured also with `global.tolerations` +# -- Sets all pods' node selector. Can be configured also with `global.nodeSelector` +nodeSelector: {} +# -- Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` tolerations: [] - -# -- Sets pod/node affinities +# -- Sets all pods' affinities. Can be configured also with `global.affinity` affinity: {} +# -- Sets all security contexts (at pod level). Can be configured also with `global.securityContext.pod` +podSecurityContext: {} +# -- Sets all security context (at container level). Can be configured also with `global.securityContext.container` +containerSecurityContext: {} + +rbac: + # -- Specifies whether RBAC resources should be created + create: true + +# -- Settings controlling ServiceAccount creation +# @default -- See `values.yaml` +serviceAccount: + # serviceAccount.create -- (bool) Specifies whether a ServiceAccount should be created + # @default -- `true` + create: + # If not set and create is true, a name is generated using the fullname template + name: "" + # Specify any annotations to add to the ServiceAccount + annotations: # -- (bool) Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` # @default -- `false` @@ -74,3 +104,29 @@ verboseLog: # -- (bool) Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` # @default -- `false` nrStaging: + +receivers: + prometheus: + # -- (bool) Specifies whether the `prometheus` receiver is enabled + # @default -- `true` + enabled: true + k8sCluster: + # -- (bool) Specifies whether the `k8s_cluster` receiver is enabled + # @default -- `true` + enabled: true + k8sEvents: + # -- (bool) Specifies whether the `k8s_events` receiver is enabled + # @default -- `true` + enabled: true + hostmetrics: + # -- (bool) Specifies whether the `hostmetrics` receiver is enabled + # @default -- `true` + enabled: true + kubeletstats: + # -- (bool) Specifies whether the `kubeletstats` receiver is enabled + # @default -- `true` + enabled: true + filelog: + # -- (bool) Specifies whether the `filelog` receiver is enabled + # @default -- `true` + enabled: true