ckotzbauer / helm-charts Goto Github PK
View Code? Open in Web Editor NEWHelm Charts
License: MIT License
Helm Charts
License: MIT License
Hi,
I would like to publish the metrics on the node port.
But there doesn't seem to be a setting for that in the values.yaml.
With kind regards,
Gerben Immeker.
I did the following:
kind create cluster
helm install monitoring prometheus-community/kube-prometheus-stack
helm install cadvisor ckotzbauer/cadvisor --set metrics.enabled=true
# 4. Wait for all pods to be running and healthy
# 5. Port forward prometheus-pod to localhost
# 6. Go to http://localhost:9090/targets?search=
but I didn't see any targets for cadvisor. Did I do something in the wrong order?
Hi there! I noticed that metrics like container_spec_cpu_quota
and container_spec_cpu_period
are not provided when installing this helm-chart.
When searching for the issue online I found this: google/cadvisor#3154 maybe it is related? OP said, that cadvisor doesn't construct the listed metrics, if
cpu soft quota is enabled
but I don't know cadvisor well enough to see, whether this is the cause for the issue when using this helm-chart or how I could alter the current behavior. Any idea on your part?
v0.44.1
is renamed to v0.44.1-test
link . Current chart will be stuck forever with ErrImagePull
. Use latest tag perhaps?
When I first tried helm deploy vulnerability operator, it failed at the stage where it tried to create the /reports
directory and save the report.json
. There is no volume for the /reports
directory created in the helm deployment yaml. The out-of-the-box deployment gives an error that says that the root directory is read-only, which is expected since the default config is set as:
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Setting readOnlyRootFilesystem
to false
was not enough, because then a permissions error occurred during the creation of the /reports
directory. The configuration required to make it work was:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
Obviously this is not ideal. The solution I came up with utilized the same solution as #174. This is also not ideal because the user should be able to set the reports-dir
argument and just expect it to work. I am currently working on an alternative solution which will add the /reports
volume and volumeMount in the deployment yaml code, and it will attempt to read from the user's custom-values.yaml file (or whatever it's called) for the name of the volume mount, and otherwise use the default value of /reports
When providing additional environment variables via the envVars
section, the indentation of the template is broken.
values.yaml
envVars:
- name: TEST_VAR
value: TEST
Command:
helm template ./charts/sbom-operator --dry-run --debug --generate-name -f values.yaml
Error: YAML parse error on sbom-operator/templates/deployment.yaml: error converting YAML to JSON: yaml: line 33: did not find expected key
template.yaml
# Source: sbom-operator/templates/deployment.yaml
# Document has been shortened for clarity!
apiVersion: apps/v1
kind: Deployment
metadata:
name: sbom-operator
# Document shrinked for better understandability
spec:
spec:
containers:
- name: sbom-operator
image: "ghcr.io/ckotzbauer/sbom-operator:0.13.0"
imagePullPolicy: IfNotPresent
args:
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# ---> Indentation of 10 expected but 12 is rendered
- name: TEST_VAR
value: TEST
Hi!
Thanks for the project.
I've tried installing cadvisor and found an issue with oom metrics being not available due to permission issue:
❯ kl cadvisor-ktblb
W0910 14:59:26.756250 1 machine_libipmctl.go:62] There are no NVM devices!
W0910 14:59:26.805682 1 manager.go:289] Could not configure a source for OOM detection, disabling OOM events: open /dev/kmsg: operation not permitted
It can be fixed by adding the following settings to the daemonset:
securityContext:
privileged: true
Do you have plans to add this to the chart? Or there is another option to enable oom detection?
Given a chart deployment
When I set custom labels for the pods using `Values.podLabels`
Then the pods should contain the labels in `metadata.labels`
Example: bitnami/nginx
https://github.com/bitnami/charts/blob/main/bitnami/nginx/templates/deployment.yaml#LL25C28-L25C30
https://github.com/bitnami/charts/blob/main/bitnami/nginx/values.yaml#L128
$ curl -IL https://ckotzbauer.github.io/helm-charts
HTTP/2 301
server: GitHub.com
content-type: text/html
permissions-policy: interest-cohort=()
location: https://www.ckotzbauer.de/helm-charts
x-github-request-id: 8E54:2DB5:8AAC3C:A2DD14:62226A36
accept-ranges: bytes
date: Fri, 04 Mar 2022 19:38:25 GMT
via: 1.1 varnish
age: 123
x-served-by: cache-bfi-krnt7300106-BFI
x-cache: HIT
x-cache-hits: 1
x-timer: S1646422705.136698,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 71177e2d015b1237b47b33a74745639cf707bdc1
content-length: 162
HTTP/2 301
server: GitHub.com
content-type: text/html
location: https://www.ckotzbauer.de/helm-charts/
x-github-request-id: CCC4:4853:19AD1C:20F2D8:62226A39
accept-ranges: bytes
date: Fri, 04 Mar 2022 19:38:25 GMT
via: 1.1 varnish
age: 120
x-served-by: cache-bfi-krnt7300053-BFI
x-cache: HIT
x-cache-hits: 1
x-timer: S1646422705.198529,VS0,VE0
vary: Accept-Encoding
x-fastly-request-id: 192b999fdfce3dc839b84a49abb17072ce791eda
content-length: 162
HTTP/2 404
server: GitHub.com
content-type: text/html; charset=utf-8
access-control-allow-origin: *
etag: "61ba6cb3-247b"
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
x-proxy-cache: MISS
x-github-request-id: 487A:82BE:569B28:64541F:62226A39
accept-ranges: bytes
date: Fri, 04 Mar 2022 19:38:25 GMT
via: 1.1 varnish
age: 120
x-served-by: cache-bfi-krnt7300053-BFI
x-cache: HIT
x-cache-hits: 1
x-timer: S1646422705.217036,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 2f92153c24a7a522e0e59825258e1519c438915e
content-length: 9339
Most of the templates in the chart are missing following key:
namespace: {{ .Release.Namespace}}
.
Steps to reproduce:
helm repo add ckotzbauer https://ckotzbauer.github.io/helm-charts && \
helm repo update && \
helm upgrade --install cadvisor ckotzbauer/cadvisor \
--namespace monitoring \
--create-namespace \
--set metrics.enabled=true \
--version v2.2.4
I get the same error with 2.2.3/2.2.2
Daemonset is deployed with the error on all worker nodes:
Error: container create failed: time="2023-04-15T14:58:20+10:00" level=error msg="runc create failed: unable to start container process: error during container init: error mounting \"/run/containers/storage/overlay-containers/5e99476e2d47dc1d78f6c6de64793a6b7d0651780a21ce8802b20827da85b40c/userdata/run/secrets\" to rootfs at \"/run/secrets\": mkdir /var/lib/containers/storage/overlay/15210da1c05500b6f951ba387c617dcf88d74133bf9bb1d6abe93ffe2f2d54f3/merged/run/secrets: read-only file system"
I think I'm missing something in the set up. CRIO is read_only = false
in the config.
Please add the possibility to add securityContext from values both on pod and container level, and remove the hardcoded
seccomp annotation. This way we can set more than just privilged true/false which are required by podSecurityAdmission (PSA)
the original helm chart will be going soon, so im hoping to use this as a base for the nfs-client helm chart
could you maybe ask them to take over that chart for the nfs-client anyways?
can you update your chart to include the accessmode that they have included in there chart?
https://github.com/helm/charts/tree/master/stable/nfs-client-provisioner
helm/charts@a4a35c3#diff-ec531825a9cf4a43add171082b59e73dff020a2e22bc911fb2b8f66005370226
I recently modified the housekeeping interval of the values.yaml to increase the scraping rate with the following additional args. But it seems the housekeeping interval is still using the default, 10s and 15s. Does it means these two args is not working (given that this issue or I just didn't configure it correcly?
additionalArgs:
- --allow_dynamic_housekeeping=false
- --housekeeping_interval=2s
- --max_housekeeping_interval=2s
- --event_storage_event_limit=default=0
- --event_storage_age_limit=default=0
- --disable_metrics=percpu,process,sched,tcp,udp # enable only diskIO, cpu, memory, network, disk
- --docker_only
I ran into an issue with vulnerability-operator and sbom-operator deployments where I needed to add a CA for our privately hosted git repository. The helm deployment source code allowed extraVolumes, but not extraVolumeMounts. I modified the deployment yaml to take extraVolumeMounts from a my-values.yaml values file, and I added my CA through this method. It works and I have the solution in my local repository. I will fork this repo on GitHub and post a solution shortly.
Deprecate the chart here at the end of Q2 in favor of the official chart if prometheus-msteams/helm-chart#1 is merged
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.