charts/karavi-observability Karavi observability release v1.3.0 (#143)

* Update otel-collector-config.yaml updated tls settings for otel * Update Chart.yaml increment helm chart version * Update otel-collector-config.yaml updating correct tls settings * Update otel-collector-config.yaml update tls settings * update observability metric service immage taags for CSM .3 release (#124) * align authorization sidecar with CSM 1.3 release (#126) * add support for PowerScale topology (#123) * Rollback otel-collecter image version to 0.42.0 (#131) * Update code owners list (#132) * Add more code owners * chart/csm-authorization: Release v1.3.0 updates (#128) * [charts/csm-authorization] feature-261: Authorization helm chart (#109) * use 1.3.0 (#125) Co-authored-by: Aaron Tye <tyeaaron@gmail.com> Co-authored-by: EvgenyUglov <63835199+EvgenyUglov@users.noreply.github.com> Co-authored-by: sharmilarama <72404078+sharmilarama@users.noreply.github.com> Co-authored-by: Aaron Tye <tyeaaron@gmail.com> Co-authored-by: EvgenyUglov <63835199+EvgenyUglov@users.noreply.github.com> * Correct codeowners format (#133) * add support for csm-metrics-powerscale (#129) Add powerscale configuration to support csm-metrics-powerscale: - Add karavi-metrics-powerscale.yaml, karavi-metrics-powerscale.yaml; - Add pscale configuration to karavi-observability-configmap.yaml, values.yaml, cert-manager.yaml and NOTES.txt. * Adjust PowerScale polling enable and frequency (#134) The new enable and frequency are: capacityMetricsEnabled: "true" performanceMetricsEnabled: "true" clusterCapacityPollFrequencySeconds: 30 clusterPerformancePollFrequencySeconds: 20 quotaCapacityPollFrequencySeconds: 30 Co-authored-by: Yiming Bao <yiming.bao@emc.com> * enable authorization for csm observability powerscale (#135) * Update Authorization sidecar image to 1.4.0 (#138) * Update observability image tags for CSM 1.4 release (#142) Co-authored-by: Yiming Bao <yiming.bao@dell.com> Co-authored-by: hoppea2 <33433874+hoppea2@users.noreply.github.com> Co-authored-by: shaynafinocchiaro <66699024+shaynafinocchiaro@users.noreply.github.com> Co-authored-by: Sharmila Ramamoorthy <sharmila.ramamoorthy@dell.com> Co-authored-by: YianZong <63342088+YianZong@users.noreply.github.com> Co-authored-by: taohe1012 <88763781+taohe1012@users.noreply.github.com> Co-authored-by: sharmilarama <72404078+sharmilarama@users.noreply.github.com> Co-authored-by: Aaron Tye <tyeaaron@gmail.com> Co-authored-by: EvgenyUglov <63835199+EvgenyUglov@users.noreply.github.com> Co-authored-by: baoy1 <105041111+baoy1@users.noreply.github.com> Co-authored-by: Yiming Bao <yiming.bao@emc.com> Co-authored-by: bjiang27 <105997542+bjiang27@users.noreply.github.com> Co-authored-by: Yiming Bao <yiming.bao@dell.com>
dell · Sep 21, 2022 · 2154435 · 2154435
1 parent 4579622
commit 2154435
Show file tree

Hide file tree

Showing 8 changed files with 273 additions and 12 deletions.
diff --git a/charts/karavi-observability/Chart.yaml b/charts/karavi-observability/Chart.yaml
@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "1.2.0"
+appVersion: "1.3.0"
 name: karavi-observability
 description: CSM for Observability is part of the [Container Storage Modules](https://github.com/dell/csm) open source suite of Kubernetes storage enablers for Dell EMC storage products. CSM for Observability provides Kubernetes administrators with visibility into metrics and topology data related to containerized storage.
 type: application
-version: 1.2.0
+version: 1.3.0
 dependencies:
 - name: cert-manager
   version: 1.6.1

diff --git a/charts/karavi-observability/otel-collector-config.yaml b/charts/karavi-observability/otel-collector-config.yaml
@@ -2,7 +2,8 @@ receivers:
   otlp:
     protocols:
       grpc:
-        tls_settings:
+        endpoint: 0.0.0.0:55680
+        tls:
           cert_file: /etc/ssl/certs/tls.crt
           key_file: /etc/ssl/certs/tls.key
 

diff --git a/charts/karavi-observability/templates/NOTES.txt b/charts/karavi-observability/templates/NOTES.txt
@@ -37,3 +37,15 @@ CSM Metrics for PowerStore
     From inside the Kubernetes cluster: otel-collector:8443
 
 {{- end}}
+
+{{ if .Values.karaviMetricsPowerscale.enabled -}}
+
+CSM Metrics for PowerScale
+
+  The CSM Metrics for PowerScale deployment has been successfully installed.
+
+  Provisioner Names: {{ .Values.karaviMetricsPowerscale.provisionerNames }}
+  Prometheus Scrape Target: 
+    From inside the Kubernetes cluster: otel-collector:8443
+
+{{- end}}
diff --git a/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml b/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml
@@ -75,7 +75,7 @@ spec:
         env:
           - name: PROXY_HOST
             value: "{{ .Values.karaviMetricsPowerflex.authorization.proxyHost }}"
-          - name: INSECURE
+          - name: SKIP_CERTIFICATE_VALIDATION
             value: "{{ .Values.karaviMetricsPowerflex.authorization.skipCertificateValidation }}"
           - name: PLUGIN_IDENTIFIER
             value: powerflex

diff --git a/charts/karavi-observability/templates/karavi-metrics-powerscale-service-account.yaml b/charts/karavi-observability/templates/karavi-metrics-powerscale-service-account.yaml
@@ -0,0 +1,42 @@
+{{ if .Values.karaviMetricsPowerscale.enabled }}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}-metrics-powerscale-controller
+  namespace: {{ .Release.Namespace }}
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.Name }}-metrics-powerscale-controller
+rules:
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes", "storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes", "nodes"]
+    verbs: ["list"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["*"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.Name }}-metrics-powerscale-controller
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}-metrics-powerscale-controller
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Release.Name }}-metrics-powerscale-controller
+  apiGroup: rbac.authorization.k8s.io
+
+{{ end }}
+
diff --git a/charts/karavi-observability/templates/karavi-metrics-powerscale.yaml b/charts/karavi-observability/templates/karavi-metrics-powerscale.yaml
@@ -0,0 +1,131 @@
+{{ if .Values.karaviMetricsPowerscale.enabled }}
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: karavi-metrics-powerscale
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  name: karavi-metrics-powerscale
+spec:
+  type: {{ .Values.karaviMetricsPowerscale.service.type }}
+  ports:
+  - name: karavi-metrics-powerscale
+    port: 8080
+    targetPort: 8080
+  selector:
+    app.kubernetes.io/name: karavi-metrics-powerscale
+    app.kubernetes.io/instance: {{ .Release.Name }}
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: karavi-metrics-powerscale
+  labels:
+    app.kubernetes.io/name: karavi-metrics-powerscale
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- if hasKey .Values "karaviMetricsPowerscale.authorization" }}
+  {{- if eq .Values.karaviMetricsPowerscale.authorization.enabled true }}
+  annotations:
+    com.dell.karavi-authorization-proxy: "true"
+  {{ end }}
+  {{ end }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: karavi-metrics-powerscale
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  replicas: 1
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: karavi-metrics-powerscale
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccount: {{ .Release.Name }}-metrics-powerscale-controller
+      containers:
+      - name: karavi-metrics-powerscale
+        image: {{ .Values.karaviMetricsPowerscale.image }}
+        resources: {}
+        env:
+        - name: POWERSCALE_METRICS_ENDPOINT	
+          value: "{{ .Values.karaviMetricsPowerscale.endpoint }}"
+        - name: POWERSCALE_METRICS_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: TLS_ENABLED
+          value: "true"
+        volumeMounts:
+        - name: isilon-creds
+          mountPath: /isilon-creds
+        - name: tls-secret
+          mountPath: /etc/ssl/certs
+          readOnly: true
+        - name: karavi-metrics-powerscale-configmap
+          mountPath: /etc/config
+      {{- if hasKey .Values.karaviMetricsPowerscale "authorization" }}
+      {{- if eq .Values.karaviMetricsPowerscale.authorization.enabled true }}
+      - name: karavi-authorization-proxy
+        imagePullPolicy: IfNotPresent
+        image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerscale.authorization.sidecarProxyImage }}
+        env:
+          - name: PROXY_HOST
+            value: "{{ .Values.karaviMetricsPowerscale.authorization.proxyHost }}"
+          - name: SKIP_CERTIFICATE_VALIDATION
+            value: "{{ .Values.karaviMetricsPowerscale.authorization.skipCertificateValidation }}"
+          - name: PLUGIN_IDENTIFIER
+            value: powerscale
+          - name: ACCESS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: isilon-proxy-authz-tokens
+                key: access
+          - name: REFRESH_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: isilon-proxy-authz-tokens
+                key: refresh
+        volumeMounts:
+          - name: karavi-authorization-config
+            mountPath: /etc/karavi-authorization/config
+          - name: proxy-server-root-certificate
+            mountPath: /etc/karavi-authorization/root-certificates
+          - name: isilon-config-params
+            mountPath: /etc/karavi-authorization
+      {{ end }}
+      {{ end }}
+      volumes:
+      - name: isilon-creds
+        secret:
+          secretName: isilon-creds
+      - name: tls-secret
+        secret:
+          secretName: otel-collector-tls
+          items:
+            - key: tls.crt
+              path: cert.crt
+      - name: karavi-metrics-powerscale-configmap
+        configMap:
+          name: karavi-metrics-powerscale-configmap
+     {{- if hasKey .Values.karaviMetricsPowerscale "authorization" }}
+     {{- if eq .Values.karaviMetricsPowerscale.authorization.enabled true }}
+      - name: karavi-authorization-config
+        secret:
+          secretName: isilon-karavi-authorization-config
+      - name: proxy-server-root-certificate
+        secret:
+          secretName: isilon-proxy-server-root-certificate
+      - name: isilon-config-params
+        configMap:
+          name: isilon-config-params
+      {{ end }}
+      {{ end }}
+      restartPolicy: Always
+status: {}
+
+{{ end }}
+
diff --git a/charts/karavi-observability/templates/karavi-observability-configmap.yaml b/charts/karavi-observability/templates/karavi-observability-configmap.yaml
@@ -65,3 +65,28 @@ data:
 
 {{ end }}
 
+---
+
+{{ if .Values.karaviMetricsPowerscale.enabled }}
+
+apiVersion: v1 
+kind: ConfigMap 
+metadata:
+  name: karavi-metrics-powerscale-configmap
+data:
+  karavi-metrics-powerscale.yaml : |
+    COLLECTOR_ADDR: {{ .Values.karaviMetricsPowerscale.collectorAddr }}
+    PROVISIONER_NAMES: {{ .Values.karaviMetricsPowerscale.provisionerNames }}
+    POWERSCALE_MAX_CONCURRENT_QUERIES: "{{ .Values.karaviMetricsPowerscale.concurrentPowerscaleQueries }}"
+    POWERSCALE_CAPACITY_METRICS_ENABLED: "{{ .Values.karaviMetricsPowerscale.capacityMetricsEnabled }}"
+    POWERSCALE_PERFORMANCE_METRICS_ENABLED: "{{ .Values.karaviMetricsPowerscale.performanceMetricsEnabled }}"
+    POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: "{{ .Values.karaviMetricsPowerscale.clusterCapacityPollFrequencySeconds }}"
+    POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: "{{ .Values.karaviMetricsPowerscale.clusterPerformancePollFrequencySeconds }}"
+    POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: "{{ .Values.karaviMetricsPowerscale.quotaCapacityPollFrequencySeconds }}"
+    POWERSCALE_ISICLIENT_INSECURE: "{{ .Values.karaviMetricsPowerscale.isiClientOptions.isiSkipCertificateValidation }}"
+    POWERSCALE_ISICLIENT_AUTH_TYPE: "{{ .Values.karaviMetricsPowerscale.isiClientOptions.isiAuthType }}"
+    POWERSCALE_ISICLIENT_VERBOSE: "{{ .Values.karaviMetricsPowerscale.isiClientOptions.isiLogVerbose }}"
+    LOG_LEVEL: "{{ .Values.karaviMetricsPowerscale.logLevel }}"
+    LOG_FORMAT: "{{ .Values.karaviMetricsPowerscale.logFormat }}"
+
+{{ end }}
diff --git a/charts/karavi-observability/values.yaml b/charts/karavi-observability/values.yaml
@@ -1,8 +1,8 @@
 karaviTopology:
-  image: dellemc/csm-topology:v1.2.0
+  image: dellemc/csm-topology:v1.3.0
   enabled: true
   # comma separated list of provisioner names (ex: csi-vxflexos.dellemc.com)
-  provisionerNames: csi-vxflexos.dellemc.com,csi-powerstore.dellemc.com
+  provisionerNames: csi-vxflexos.dellemc.com,csi-powerstore.dellemc.com,csi-isilon.dellemc.com
   service:
     type: ClusterIP
   logLevel: INFO
@@ -13,7 +13,7 @@ karaviTopology:
     probability: 0.0
 
 karaviMetricsPowerflex:
-  image: dellemc/csm-metrics-powerflex:v1.2.0
+  image: dellemc/csm-metrics-powerflex:v1.3.0
   enabled: true
   collectorAddr: otel-collector:55680
   # comma separated list of provisioner names (ex: csi-vxflexos.dellemc.com)
@@ -40,8 +40,8 @@ karaviMetricsPowerflex:
   authorization:
     enabled: false
     # sidecarProxyImage: the container image used for the csm-authorization-sidecar.
-    # Default value: dellemc/csm-authorization-sidecar:v1.3.0
-    sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.3.0
+    # Default value: dellemc/csm-authorization-sidecar:v1.4.0
+    sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.4.0
     # proxyHost: hostname of the csm-authorization server
     # Default value: None
     proxyHost:
@@ -53,7 +53,7 @@ karaviMetricsPowerflex:
     skipCertificateValidation: true
 
 karaviMetricsPowerstore:
-  image: dellemc/csm-metrics-powerstore:v1.2.0
+  image: dellemc/csm-metrics-powerstore:v1.3.0
   enabled: true
   collectorAddr: otel-collector:55680
   # comma separated list of provisioner names (ex: csi-powerstore.dellemc.com)
@@ -78,12 +78,62 @@ karaviMetricsPowerstore:
     serviceName: metrics-powerstore
     probability: 0.0
 
+karaviMetricsPowerscale:
+  image: dellemc/csm-metrics-powerscale:v1.3.0
+  enabled: true
+  collectorAddr: otel-collector:55680
+  # comma separated list of provisioner names (ex: csi-isilon.dellemc.com)
+  provisionerNames: csi-isilon.dellemc.com
+  # set capacityMetricsEnabled to "false" to disable collection of capacity metrics
+  capacityMetricsEnabled: "true"
+  # set performanceMetricsEnabled to "false" to disable collection of performance metrics
+  performanceMetricsEnabled: "true"
+  # set polling frequency to get cluster capacity metrics data
+  clusterCapacityPollFrequencySeconds: 30
+  # set polling frequency to get cluster performance data
+  clusterPerformancePollFrequencySeconds: 20
+  # set polling frequency to get quota capacity metrics data
+  quotaCapacityPollFrequencySeconds: 30
+  # set the the default max concurrent queries to PowerScale
+  concurrentPowerscaleQueries: 10
+  # set the default endpoint for PowerScale service
+  endpoint: karavi-metrics-powerscale
+  service:
+    type: ClusterIP
+  logLevel: INFO
+  logFormat: text
+  # isiClientOptions to access Powerscale OneFS API server
+  isiClientOptions:
+    # set isiSkipCertificateValidation to true/false to skip/verify OneFS API server's certificates
+    # default isiSkipCertificateValidation: true to skip OneFS API server's certificates
+    isiSkipCertificateValidation: true
+    # set isiAuthType to 0/1 to enables session-based/basic Authentication
+    # default isiAuthType: 0 to use session-based Authentication
+    isiAuthType: 1
+    # set isiLogVerbose to 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs
+    # default isiLogVerbose: 0 to log full content of the HTTP request and response
+    isiLogVerbose: 0
+  authorization:
+    enabled: false
+    # sidecarProxyImage: the container image used for the csm-authorization-sidecar.
+    # Default value: dellemc/csm-authorization-sidecar:v1.4.0
+    sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.4.0
+    # proxyHost: hostname of the csm-authorization server
+    # Default value: None
+    proxyHost:
+    # skipCertificateValidation: certificate validation of the csm-authorization server
+    # Allowed Values:
+    #   "true" - TLS certificate verification will be skipped
+    #   "false" - TLS certificate will be verified
+    # Default value: "true"
+    skipCertificateValidation: true
+
 otelCollector:
-  image: otel/opentelemetry-collector:0.9.0
+  image: otel/opentelemetry-collector:0.42.0
   service:
     type: ClusterIP
   nginxProxy:
-    image: nginxinc/nginx-unprivileged:1.18
+    image: nginxinc/nginx-unprivileged:1.20
 
 cert-manager:
   startupapicheck: