logicmonitor / k8s-helm-charts Goto Github PK

View Code? Open in Web Editor NEW

8.0 13.0 37.0 5.62 MB

The official LogicMonitor Helm chart repository.

License: Mozilla Public License 2.0

Makefile 7.80% Smarty 46.43% Dockerfile 1.06% Mustache 44.71%

kubernetes helm charts

k8s-helm-charts's Introduction

k8s-helm-charts

Helm repository for LogicMonitor helm charts

$ helm repo add logicmonitor https://logicmonitor.github.io/k8s-helm-charts

Releasemanager

Check the Releasemanager for more details on Releasemanager Helm Chart.

LM-logs

Check the LM-logs for more details on LM-logs Helm Chart.

LM-Otel

Check the LM-Otel for more details on LM-otel Helm Chart.

Argus

⚠️ Deprecated: We have stopped development of Argus and Collectorset-Controller Helm Charts in this repo. See new helm-charts where these charts are being maintained. It is not recommended to install individual Argus and Collectorset Controller Helm charts using new repo here, please use LM Container helm chart.

Check the Argus for more details on Argus Helm Chart.

Helm chart Argus 3.0.0 onwards will be available on new helm charts repo here. Find more about LM Container Helm chart on Logicmonitor documentation site.

Collectorset-controller

⚠️ Deprecated: We have stopped development of Argus and Collectorset-Controller Helm Charts in this repo. See new helm-charts where these charts are being maintained. It is not recommended to install individual Argus and Collectorset Controller Helm charts using new repo here, please use LM Container helm chart. Find more about LM Container Helm chart on Logicmonitor documentation site.

Check the Collectorset-controller for more details on Collectorset-controller Helm Chart.

Helm chart Collectorset Controller 2.0.0 onwards will be available on new helm charts repo here

k8s-helm-charts's People

Stargazers

Watchers

k8s-helm-charts's Issues

RBAC Failures Blocking Argus Deployments

Attempts to deploy Argus are failing due to RBAC issues.

This has been verified on both minikube (minikube v0.23.0, kubectl v1.8.0) and GKE (nodes running v1.8.2-gke.0). Client kubectl is v1.8.4.

Steps to replicate:

$ helm upgrade -i --debug --wait --namespace 'logicmonitor' -f values.yml argus logicmonitor/argus
[debug] Created tunnel using local port: '53473'

[debug] SERVER: "127.0.0.1:53473"

[debug] Fetched logicmonitor/argus to /Users/USERNAME/.helm/cache/archive/argus-0.2.0.tgz

Error: UPGRADE FAILED: failed to create resource: clusterroles.rbac.authorization.k8s.io "collectorset-controller" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["statefulsets"], APIGroups:["apps"], Verbs:["*"]} PolicyRule{Resources:["collectorsets"], APIGroups:["*"], Verbs:["*"]} PolicyRule{Resources:["customresourcedefinitions"], APIGroups:["apiextensions.k8s.io"], Verbs:["*"]}] user=&{system:serviceaccount:kube-system:default bf82f105-c9d8-11e7-a490-42010a840067 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swagger-2.0.0.pb-v1" "/swagger.json" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]

Running a second time produces:

Error: UPGRADE FAILED: failed to create resource: clusterroles.rbac.authorization.k8s.io "collector" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["containers"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["containers"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["componentstatuses"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["componentstatuses"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["replicasets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["replicasets"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["ingress"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["ingress"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{NonResourceURLs:["/"], Verbs:["get"]} PolicyRule{NonResourceURLs:["/healthz/*"], Verbs:["get"]}] user=&{system:serviceaccount:kube-system:default bf82f105-c9d8-11e7-a490-42010a840067 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swagger-2.0.0.pb-v1" "/swagger.json" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]

Contents of values.yml:

clusterName: "argus"
collectorDescription: "argus"
global:
  account: "real_account"
  accessID: "real_access_id"
  accessKey: "real_access_key"

Prometheus's helm chart works with issue and I have full admin rights for the GCP account.

Argus: NodeSelector and Tolerations are not working on the Collector

Issue

We're using the latest version of the logicmonitor/argus and logicmonitor/collectorset-controller charts. While deploying logicmonitor/argus, we're passing in a nodeSelector and tolerations to the statefulsetspec for the collector, and it's not applying to the collector.

Steps to Reproduce

Action

Example taint on the nodes: key1=value1:NoSchedule
Example label on the nodes: label1=""

Run:

     helm upgrade \
          --install \
          --debug \
          --wait \
          --cleanup-on-fail \
          --namespace="default" \
          --set accessID=<<accessId>> \
          --set accessKey=<<accessKey>> \
          --set account=<<account>> \
          --set nodeSelector.label1="" \
          --set tolerations[0].key=key1 \
          --set tolerations[0].operator="Exists" \
          --set tolerations[0].effect="NoSchedule" \
          --set enableRBAC=true \
          --set clusterName=cluster1 \
          collectorset-controller logicmonitor/collectorset-controller

    helm upgrade \
          --install \
          --debug \
          --wait \
          --cleanup-on-fail \
          --namespace="default" \
          --set accessID=<<accessId>> \
          --set nodeSelector.label1="" \
          --set tolerations[0].key="key1" \
          --set tolerations[0].operator="Exists" \
          --set tolerations[0].effect="NoSchedule" \
          --set accessKey=<<accessKey>> \
          --set account=<<account>> \
          --set enableRBAC=true \
          --set clusterName=cluster1 \
          --set clusterGroupID=<<clusterGroupID>> \
          --set collector.groupID=<<collectorGroup>> \
          --set collector.replicas=1 \
          --set collector.size=small \
          --set collector.escalationChainID=25 \
          --set collector.statefulsetspec.template.spec.nodeSelector.label1="" \
          --set collector.statefulsetspec.template.spec.tolerations[0].key="key1" \
          --set collector.statefulsetspec.template.spec.tolerations[0].operator="Exists" \
          --set collector.statefulsetspec.template.spec.tolerations[0].effect="NoSchedule" \
          argus logicmonitor/argus

Expected Behavior

The following resources are created

On Nodes with label1 and taint key1=value1:NoSchedule:

pod/argus-xxxx
pod/collectorset-controller-xxxx
Collector Pod: pod/cluster1-0
service/argus
service/collectorset-controller
deployment.apps/argus
deployment.apps/collectorset-controller
replicaset.apps/argus
replicaset.apps/collectorset-controller
Collector statefulset: statefulset.apps/cluster1

On other Nodes:
N/A

Actual Behavior

The following resources are created

On Nodes with label1 and taint key1=value1:NoSchedule:

pod/argus-xxxx
pod/collectorset-controller-xxxx
service/argus
service/collectorset-controller
deployment.apps/argus
deployment.apps/collectorset-controller
replicaset.apps/argus
replicaset.apps/collectorset-controller

On other Nodes:

Collector Pod: pod/cluster1-0
Collector statefulset: statefulset.apps/cluster1

Details

The nodeSelector is being rendered into the template and is clearly there in the output of --dry-run

apiVersion: logicmonitor.com/v1alpha1
kind: CollectorSet
metadata:
  name: cluster1
  namespace: default
spec:
  clusterName: cluster1
  escalationChainID: 25
  groupID: 4
  imagePullPolicy: Always
  imageRepository: logicmonitor/collector
  imageTag: latest
  policy:
    distributionStrategy: RoundRobin
    orchestrator: Kubernetes
  replicas: 1
  size: small
  statefulsetspec:
    template:
      spec:
        nodeSelector:
          label1: ""
        tolerations:
        - effect: NoSchedule
          key: key1
          operator: Exists

It appears that the nodeSelector and tolerations are not being passed to the collector pod upon execution

From kubectl describe pod cluster1-0:

Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                                     node.kubernetes.io/unreachable:NoExecute op=Exists for 300s

unable to find collector

Hi, I found this and I have been following it for a little while. I know it is early stages but I am interested in what LM will have for k8s.

argus-918127526-k6xk1 collector
[argus-918127526-k6xk1 collector] DEBUG:root:finding collector Collector Description
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:39Z" level=info msg="Found device group "Kubernetes Cluster: cluster.example.com.au" with id 26"
[argus-918127526-k6xk1 collector] DEBUG:root:Collector not found
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:40Z" level=info msg="Found device group "Etcd" with id 57"
[argus-918127526-k6xk1 collector] DEBUG:root:finding collector group /
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:40Z" level=info msg="Found device group "_deleted" with id 58"
[argus-918127526-k6xk1 collector] DEBUG:root:adding collector
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:41Z" level=info msg="Found device group "Nodes" with id 28"
[argus-918127526-k6xk1 collector] ERROR:root:Status 1069 calling add_collector
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:41Z" level=info msg="Found device group "_deleted" with id 55"
[argus-918127526-k6xk1 collector] No such escalation chain id:1
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:42Z" level=info msg="Found device group "Services" with id 27"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:43Z" level=info msg="Found device group "_deleted" with id 54"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:43Z" level=info msg="Found device group "Pods" with id 29"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:44Z" level=info msg="Found device group "_deleted" with id 56"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:45Z" level=info msg="No collector found, waiting 10 seconds..."
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:55Z" level=info msg="No collector found, waiting 10 seconds..."
[argus-918127526-k6xk1 argus] time="2017-09-04T23:41:06Z" level=info msg="No collector found, waiting 10 seconds..."
[argus-918127526-k6xk1 argus] time="2017-09-04T23:41:16Z" level=info msg="No collector found, waiting 10 seconds..."

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:48:23Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:30:51Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

Run with:

helm upgrade \
  --install \
  --debug \
  --wait \
  --namespace kube-monitoring \
  --set accessID='aaaa' \
  --set accessKey='aaaa' \
  --set account='example' \
  --set clusterName='cluster.example.com.au' \
  --set collectorDescription='Collector Description' \
  --set etcdDiscoveryToken='etcd-cluster-token-etcd' \
  argus logicmonitor/argus

collectorset-controller helm chart broken on new'ish K8s

Collectorset-controller and argus helm templates are using a deprecated api endpoint and fails on k8s V: 1.19.3 with an error stating the API version must be updated to rbac.authorization.k8s.io/v1

The old api endpoint referanse can be seen in templates/rbac.yml - line 4

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1

provide option for Pod Security Policy

In more and more K8S setups we see the use of Pod Security Policies (PSP). In these setups ClusterRoles without a specific PSP default to no privileges and thus are disallowed to deploy any pods.

It would be great if there was an option to provide the PSP to be used at deployment stage with helm instead of manually change the helm created ClusterRoles afterwards.

Not a valid chart repository

We are seeing

Error: looks like "https://logicmonitor.github.com/k8s-helm-charts" is not a valid chart repository or cannot be reached: error converting YAML to JSON: yaml: line 6: could not find expected ':'
helm.go:81: [debug] error converting YAML to JSON: yaml: line 6: could not find expected ':'

In our pipelines.

Also seeing same error from our dev machines.

helm version

version.BuildInfo{Version:"v3.5.3", GitCommit:"041ce5a2c17a58be0fcd5f5e16fb3e7e95fea622", GitTreeState:"dirty", GoVersion:"go1.16"}

This was working for us a few days ago, perhaps something with https://github.com/logicmonitor/k8s-helm-charts/pull/76