Update master to release v1.93.0-rc.0 (#1401)

* Pin local chart dependencies in Chart.yaml files * Add condition flags for dependencies * Add condition flag for kube-state-metrics chart * Add INGEST_POD_UID env variable + helm value * Re-comment code + add clarification * remove deprecated server port * Add maxPrometheusQueryDurationMinutes setting * Update values.yaml (#1342) * Added SEK to supported currencies. * Added in Customer Google Tag to values and environment variables * Fixed tag names. * Updated google analytics tag to be marked as enterprise. * Fix duplicate app labels and expose Grafana PSP config (#1347) * fix: fixed duplicate app labels in metric exporter * fix: added default value for Grafana PSP Co-authored-by: Ajay Tripathy <[email protected]> * FIX prometheus ingress (#1375) Co-authored-by: Volodymyr Lisnyi <[email protected]> * cluster controller service key secret optional This smooths the adoption path for cluster controller features, like 1-click request sizing, that don't require service keys. Cluster controller will be updated to gracefully handle situations where these keys don't exist. * Reverse patch of #1361 into develop from v1.92 * Reverse patch of #1338 into develop from v1.92 * cluster controller to v0.0.6 for optional secret * Changing version (#1381) Changing to lastest version i.e. 1.92.0 * Fix PSP issue for Network-Costs if you want to run multiple kubecost maybe for Testing Use Release Name instead of ServiceAccount Name for Role, ClusterRole and bindings. * Adds an env var to the cost model indicating whether Grafana is enabled. * Modified GRAFANA_ENABLED env var logic to be clearer * Add athena workgroup to config * fix cloud usage defaulting * Remove GOGC tuning from cost-model * Add github action to validate chart * Bump to v1.93.0-rc.0 Commit auto-generated by release script. Co-authored-by: keith.hand <[email protected]> Co-authored-by: keith.hand <[email protected]> Co-authored-by: keith.hand <[email protected]> Co-authored-by: Kaelan Patel <[email protected]> Co-authored-by: Niko Kovacevic <[email protected]> Co-authored-by: Naresh Agrawal <[email protected]> Co-authored-by: Thomas Evans <[email protected]> Co-authored-by: Thomas Evans <[email protected]> Co-authored-by: Cameron Hall <[email protected]> Co-authored-by: Ajay Tripathy <[email protected]> Co-authored-by: Volodymyr <[email protected]> Co-authored-by: Volodymyr Lisnyi <[email protected]> Co-authored-by: Michael Dresser <[email protected]> Co-authored-by: dschunack <[email protected]> Co-authored-by: Daniel Ramich <[email protected]> Co-authored-by: Dan Ramich <[email protected]> Co-authored-by: Sean Holcomb <[email protected]> Co-authored-by: Matt Bolt <[email protected]> Co-authored-by: Kaelan Patel <[email protected]>
kubecost · May 3, 2022 · fe4b746 · fe4b746
1 parent 0f8dea8
commit fe4b746
Show file tree

Hide file tree

Showing 13 changed files with 96 additions and 23 deletions.
diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml
@@ -0,0 +1,34 @@
+name: Chart build
+
+on:
+  pull_request:
+    branches:
+      - develop
+
+jobs:
+  build-with-cost-model-develop:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.8.2
+
+      - name: Run helm lint
+        working-directory: ./cost-analyzer
+        run: helm lint
+
+      - name: Run helm template
+        working-directory: ./cost-analyzer
+        # Template the chart out for kubeval usage and also validates that it can 'build'
+        run: helm template . --set global.prometheus.enabled=false --set global.grafana.enabled=false > full.yaml
+
+      - name: Kubeval
+        uses: instrumenta/kubeval-action@master
+        with:
+          files: ./cost-analyzer/full.yaml
+          ignore_missing_schemas: false
+
diff --git a/cost-analyzer/Chart.yaml b/cost-analyzer/Chart.yaml
@@ -1,10 +1,20 @@
 apiVersion: v2
-appVersion: "1.92.0"
+appVersion: "1.93.0-rc.0"
 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor
   cloud costs.
 name: cost-analyzer
-version: "1.92.0"
+version: "1.93.0-rc.0"
 annotations:
   "artifacthub.io/links": |
     - name: Homepage
       url: https://www.kubecost.com
+dependencies:
+  - condition: global.grafana.enabled
+    name: grafana
+    repository: file://./charts/grafana
+  - condition: global.prometheus.enabled
+    name: prometheus
+    repository: file://./charts/prometheus
+  - condition: global.thanos.enabled
+    name: thanos
+    repository: file://./charts/thanos
diff --git a/cost-analyzer/charts/prometheus/Chart.yaml b/cost-analyzer/charts/prometheus/Chart.yaml
@@ -18,3 +18,7 @@ sources:
 - https://github.com/kubernetes/kube-state-metrics
 tillerVersion: '>=2.8.0'
 version: 11.0.2
+dependencies:
+  - condition: kube-state-metrics.disabled
+    name: kube-state-metrics
+    repository: file://./charts/kube-state-metrics
diff --git a/cost-analyzer/charts/prometheus/values.yaml b/cost-analyzer/charts/prometheus/values.yaml
@@ -671,7 +671,7 @@ server:
     #   - domain.com/prometheus
 
     ## PathType determines the interpretation of the Path matching
-    pathType: "Exact"
+    pathType: "Prefix"
 
     ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
     extraPaths: []

diff --git a/cost-analyzer/templates/cost-analyzer-cluster-role-binding-template.yaml b/cost-analyzer/templates/cost-analyzer-cluster-role-binding-template.yaml
@@ -3,13 +3,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ template "cost-analyzer.serviceAccountName" . }}
+  name: {{ .Release.Name }}
   labels:
     {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ template "cost-analyzer.serviceAccountName" . }}
+  name: {{ .Release.Name }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "cost-analyzer.serviceAccountName" . }}
@@ -20,13 +20,13 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "cost-analyzer.serviceAccountName" . }}
+  name: {{ .Release.Name }}
   labels:
     {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ template "cost-analyzer.serviceAccountName" . }}
+  name: {{ .Release.Name }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "cost-analyzer.serviceAccountName" . }}

diff --git a/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml b/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml
@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   namespace: {{ .Release.Namespace }}
-  name: {{ template "cost-analyzer.serviceAccountName" . }}
+  name: {{ .Release.Name }}
   labels:
     {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
 rules:
@@ -20,7 +20,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ template "cost-analyzer.serviceAccountName" . }}
+  name: {{ .Release.Name }}
   labels:
     {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
 rules:

diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -336,6 +336,10 @@ spec:
             {{- end }}
             {{- end }}
           env:
+            {{- if .Values.global.grafana }}
+            - name: GRAFANA_ENABLED
+              value: {{ (quote .Values.global.grafana.enabled) | default (quote false) }}
+            {{- end}}
             {{- if .Values.kubecostModel.extraEnv -}}
             {{ toYaml .Values.kubecostModel.extraEnv | nindent 12 }}
             {{- end }}
@@ -405,17 +409,17 @@ spec:
               value: {{ .Values.kubecostProductConfigs.productKey.mountPath }}
             {{- end }}
             {{- end }}
+            {{- if .Values.kubecostProductConfigs.ingestPodUID }}
+            - name: INGEST_POD_UID
+              value: {{ (quote .Values.kubecostProductConfigs.ingestPodUID) }}
+            {{- end }}
             {{- end }}
             - name: REMOTE_WRITE_PASSWORD
               value: {{ .Values.remoteWrite.postgres.auth.password }}
             {{- if .Values.remoteWrite.postgres.enabled }}
             - name: REMOTE_WRITE_ENABLED
               value: "true"
             {{- end }}
-            - name: GOGC
-              value: "60"
-            - name: GODEBUG
-              value: "madvdontneed=1"
             {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}}
             - name: MC_BASIC_AUTH_USERNAME
               valueFrom:
@@ -543,8 +547,8 @@ spec:
             {{- end }}
             - name: ETL_RESOLUTION_SECONDS
               value: {{ (quote .Values.kubecostModel.etlResolutionSeconds) | default (quote 300) }}
-            - name: ETL_MAX_BATCH_HOURS
-              value: {{ (quote .Values.kubecostModel.etlMaxBatchHours) | default (quote 6) }}
+            - name: ETL_MAX_PROMETHEUS_QUERY_DURATION_MINUTES
+              value: {{ (quote .Values.kubecostModel.maxPrometheusQueryDurationMinutes) | default (quote 1440) }}
             - name: ETL_DAILY_STORE_DURATION_DAYS
               value: {{ (quote .Values.kubecostModel.etlDailyStoreDurationDays) | default (quote 91) }}
             - name: ETL_HOURLY_STORE_DURATION_HOURS
@@ -673,6 +677,10 @@ spec:
             - name: PROM_CLUSTER_ID_LABEL
               value: {{ .Values.kubecostModel.promClusterIDLabel }}
             {{- end }}
+            {{- if .Values.reporting.googleAnalyticsTag }}
+            - name: GOOGLE_ANALYTICS_TAG
+              value: {{ .Values.reporting.googleAnalyticsTag }}
+            {{- end }}
             - name: RELEASE_NAME
               value: {{ .Release.Name }}
             - name: KUBECOST_NAMESPACE

diff --git a/cost-analyzer/templates/cost-analyzer-pricing-configmap.yaml b/cost-analyzer/templates/cost-analyzer-pricing-configmap.yaml
@@ -122,6 +122,9 @@ data:
   {{- if .Values.kubecostProductConfigs.athenaTable }}
     athenaTable: "{{ .Values.kubecostProductConfigs.athenaTable }}"
   {{- end -}}
+  {{- if .Values.kubecostProductConfigs.athenaWorkgroup }}
+    athenaWorkgroup: "{{ .Values.kubecostProductConfigs.athenaWorkgroup }}"
+  {{- end -}}
   {{- if .Values.kubecostProductConfigs.masterPayerARN}}
     masterPayerARN: "{{ .Values.kubecostProductConfigs.masterPayerARN }}"
   {{- end }}

diff --git a/cost-analyzer/templates/kubecost-cluster-controller-template.yaml b/cost-analyzer/templates/kubecost-cluster-controller-template.yaml
@@ -224,6 +224,11 @@ spec:
       - name: cluster-controller-keys
         secret:
           secretName: {{ .Values.clusterController.secretName | default "cluster-controller-service-key" }}
+          # The secret is optional because not all of cluster controller's
+          # functionality requires this secret. Cluster controller will
+          # partially or fully initialize based on the presence of these keys
+          # and their validity.
+          optional: true
 ---
 apiVersion: v1
 kind: Service

diff --git a/cost-analyzer/templates/network-costs-psp.template.yaml b/cost-analyzer/templates/network-costs-psp.template.yaml
@@ -5,7 +5,7 @@
 apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }}
 kind: PodSecurityPolicy
 metadata:
-    name: kubecost-network-costs
+    name: {{ template "cost-analyzer.fullname" . }}-network-costs
     labels:
       {{ include "cost-analyzer.commonLabels" . | nindent 6 }}
 spec:

diff --git a/cost-analyzer/templates/network-costs-role.template.yaml b/cost-analyzer/templates/network-costs-role.template.yaml
@@ -5,7 +5,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: kubecost-network-costs
+  name: {{ template "cost-analyzer.fullname" . }}-network-costs
   labels:
     {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
   annotations:
@@ -17,7 +17,7 @@ rules:
   resources: ['podsecuritypolicies']
   verbs: ['use']
   resourceNames:
-  - kubecost-network-costs
+  - {{ template "cost-analyzer.fullname" . }}-network-costs
 {{- end }}
 {{- end }}
 {{- end }}

diff --git a/cost-analyzer/templates/network-costs-rolebinding.template.yaml b/cost-analyzer/templates/network-costs-rolebinding.template.yaml
@@ -5,13 +5,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-    name: kubecost-network-costs
+    name: {{ template "cost-analyzer.fullname" . }}-network-costs
     labels:
       {{ include "cost-analyzer.commonLabels" . | nindent 6 }}
 roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: Role
-    name: kubecost-network-costs
+    name: {{ template "cost-analyzer.fullname" . }}-network-costs
 subjects:
 - kind: ServiceAccount
   name: {{ template "cost-analyzer.serviceAccountName" . }}

diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml
@@ -5,7 +5,7 @@ global:
     fqdn: http://cost-analyzer-prometheus-server.default.svc #example address of a prometheus to connect to. Include protocol (http:// or https://) Ignored if enabled: true
     # insecureSkipVerify : false # If true, kubecost will not check the TLS cert of prometheus
     # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD
-    # queryServiceBearerTokenSecretName: dbsecret  # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN
+    # queryServiceBearerTokenSecretName: mcdbsecret  # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN
 
   # Durable storage option, product key required
   thanos:
@@ -602,7 +602,7 @@ kubecostDeployment:
 # Kubecost Cluster Controller for Right Sizing and Cluster Turndown
 clusterController:
   enabled: false
-  image: gcr.io/kubecost1/cluster-controller:v0.0.5
+  image: gcr.io/kubecost1/cluster-controller:v0.0.6
   imagePullPolicy: Always
 #  fqdn: kubecost-cluster-controller.kubecost.svc.cluster.local:9731
 
@@ -612,9 +612,13 @@ reporting:
   logCollection: true
   # Basic frontend analytics
   productAnalytics: true
+
   # Report Javascript errors
   errorReporting: true
   valuesReporting: true
+  # googleAnalyticsTag allows you to embed your Google Global Site Tag to track usage of Kubecost.
+  # googleAnalyticsTag is only included in our Enterprise offering.
+  # googleAnalyticsTag: G-XXXXXXXXX
 
 serviceMonitor:
   enabled: false
@@ -637,6 +641,9 @@ initChownData:
 grafana:
   # namespace_datasources: kubecost # override the default namespace here
   # namespace_dashboards: kubecost # override the default namespace here
+  rbac:
+    # Manage the Grafana Pod Security Policy
+    pspEnabled: true
   datasources:
     datasources.yaml:
       apiVersion: 1
@@ -724,6 +731,7 @@ awsstore:
 #  athenaRegion: us-east-1
 #  athenaDatabase: athenacurcfn_athena_test1
 #  athenaTable: "athena_test1"
+#  athenaWorkgroup: "primary" # The default workgroup in AWS is 'primary'
 #  masterPayerARN: ""
 #  projectID: "123456789"  # Also known as AccountID on AWS -- the current account/project that this instance of Kubecost is deployed on.
 #  gcpSecretName: gcp-secret # Name of a secret representing the gcp service key
@@ -750,7 +758,7 @@ awsstore:
 #    pod_external_label: "kubernetes_pod"
 #  grafanaURL: ""
 #  clusterName: "" # used for display in Kubecost UI
-#  currencyCode: "USD" # official support for USD, AUD, BRL, CAD, CHF, CNY, DKK, EUR, GBP, INR, JPY, NOK
+#  currencyCode: "USD" # official support for USD, AUD, BRL, CAD, CHF, CNY, DKK, EUR, GBP, INR, JPY, NOK, SEK
 #  azureBillingRegion: US # Represents 2-letter region code, e.g. West Europe = NL, Canada = CA. ref: https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
 #  azureSubscriptionID: 0bd50fdf-c923-4e1e-850c-196dd3dcc5d3
 #  azureClientID: f2ef6f7d-71fb-47c8-b766-8d63a19db017
@@ -774,3 +782,4 @@ awsstore:
 #    secretname: productkeysecret # create a secret out of a file named productkey.json of format { "key": "kc-b1325234" }
 #    mountPath: "/some/custom/path/productkey.json" # (use instead of secretname) declare the path at which the product key file is mounted (eg. by a secrets provisioner). The file must be of format { "key": "kc-b1325234" }
 #  cloudIntegrationSecret: "cloud-integration"
+#  ingestPodUID: false # Enables using UIDs to uniquely ID pods. This requires either Kubecost's replicated KSM metrics, or KSM v2.1.0+. This may impact performance, and changes the default cost-model allocation behavior.