diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 2f2bb87..a7abd35 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -16,7 +16,7 @@ annotations: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 8cadb51..5914960 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # wg-portal -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) WireGuard Configuration Portal with LDAP, OAuth, OIDC authentication @@ -76,6 +76,7 @@ The [Values](#values) section lists the parameters that can be configured during | service.wireguard.annotations | object | `{}` | Annotations for the WireGuard service | | service.wireguard.type | string | `"LoadBalancer"` | Wireguard service type | | service.wireguard.ports | list | `[51820]` | Wireguard service ports. Exposes the WireGuard ports for created interfaces. Lowerest port is selected as start port for the first interface. Increment next port by 1 for each additional interface. | +| service.metrics.port | int | `8787` | | | ingress.enabled | bool | `false` | Specifies whether an ingress resource should be created | | ingress.className | string | `""` | Ingress class name | | ingress.annotations | object | `{}` | Ingress annotations | @@ -104,3 +105,14 @@ The [Values](#values) section lists the parameters that can be configured during | serviceAccount.annotations | object | `{}` | Service account annotations | | serviceAccount.automount | bool | `false` | Automatically mount a ServiceAccount's API credentials | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| monitoring.enabled | bool | `true` | Enable Prometheus monitoring. | +| monitoring.apiVersion | string | `"monitoring.coreos.com/v1"` | API version of the Prometheus resource. Use `azmonitoring.coreos.com/v1` for Azure Managed Prometheus. | +| monitoring.kind | string | `"PodMonitor"` | Kind of the Prometheus resource. Could be `PodMonitor` or `ServiceMonitor`. | +| monitoring.labels | object | `{}` | Resource labels. | +| monitoring.annotations | object | `{}` | Resource annotations. | +| monitoring.interval | string | `""` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | +| monitoring.metricRelabelings | list | `[]` | Relabelings to samples before ingestion. | +| monitoring.relabelings | list | `[]` | Relabelings to samples before scraping. | +| monitoring.scrapeTimeout | string | `""` | Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used. | +| monitoring.jobLabel | string | `""` | The label to use to retrieve the job name from. | +| monitoring.podTargetLabels | object | `{}` | Transfers labels on the Kubernetes Pod onto the target. | diff --git a/deploy/helm/templates/_helpers.tpl b/deploy/helm/templates/_helpers.tpl index a8c9dde..71f8874 100644 --- a/deploy/helm/templates/_helpers.tpl +++ b/deploy/helm/templates/_helpers.tpl @@ -107,3 +107,23 @@ Define hostname {{- (urlParse (tpl .Values.config.web.external_url .)).hostname -}} {{- end -}} {{- end -}} + + +{{/* +wg-portal.util.merge will merge two YAML templates or dict with template and output the result. +This takes an array of three values: +- the top context +- the template name or dict of the overrides (destination) +- the template name of the base (source) +{{- include "wg-portal.util.merge" (list $ .Values.podLabels "wg-portal.selectorLabels") }} +{{- include "wg-portal.util.merge" (list $ "wg-portal.destTemplate" "wg-portal.sourceTemplate") }} +*/}} +{{- define "wg-portal.util.merge" -}} +{{- $top := first . -}} +{{- $overrides := index . 1 -}} +{{- $base := fromYaml (include (index . 2) $top) | default (dict) -}} +{{- if kindIs "string" $overrides -}} + {{- $overrides = fromYaml (include $overrides $top) | default (dict) -}} +{{- end -}} +{{- toYaml (merge $overrides $base) -}} +{{- end -}} diff --git a/deploy/helm/templates/_pod.tpl b/deploy/helm/templates/_pod.tpl index 99bd6c2..ad6fd47 100644 --- a/deploy/helm/templates/_pod.tpl +++ b/deploy/helm/templates/_pod.tpl @@ -6,11 +6,7 @@ metadata: {{- with .Values.podAnnotations }} {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} - labels: - {{- include "wg-portal.selectorLabels" . | nindent 4 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} + labels: {{- include "wg-portal.util.merge" (list $ .Values.podLabels "wg-portal.selectorLabels") | nindent 4 }} spec: {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 4 }} @@ -36,6 +32,9 @@ spec: envFrom: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} ports: + - name: metrics + containerPort: {{ .Values.service.metrics.port}} + protocol: TCP - name: web containerPort: {{ .Values.service.web.port }} protocol: TCP diff --git a/deploy/helm/templates/monitoring.yaml b/deploy/helm/templates/monitoring.yaml new file mode 100644 index 0000000..2d6e3ce --- /dev/null +++ b/deploy/helm/templates/monitoring.yaml @@ -0,0 +1,41 @@ +{{- with .Values.monitoring -}} +{{- if and .enabled ($.Capabilities.APIVersions.Has .apiVersion) -}} +{{- $endpointsKey := (eq .kind "PodMonitor") | ternary "podMetricsEndpoints" "endpoints" -}} +apiVersion: {{ .apiVersion }} +kind: {{ .kind }} +metadata: + {{- with .annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} + labels: {{- include "wg-portal.util.merge" (list $ .labels "wg-portal.labels") | nindent 4 }} + name: {{ include "wg-portal.fullname" $ }} +spec: + namespaceSelector: + matchNames: + - {{ $.Release.Namespace }} + selector: + matchLabels: + {{- include "wg-portal.selectorLabels" $ | nindent 6 }} + {{ $endpointsKey }}: + - port: metrics + path: /metrics + {{- with .interval }} + interval: {{ . }} + {{- end }} + {{- with .metricRelabelings }} + metricRelabelings: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .relabelings }} + relabelings: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .jobLabel }} + jobLabel: {{ . }} + {{- end }} + {{- with .podTargetLabels }} + podTargetLabels: {{- toYaml . | nindent 2 }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/deploy/helm/templates/secret.yaml b/deploy/helm/templates/secret.yaml index 93d2719..93daa0b 100644 --- a/deploy/helm/templates/secret.yaml +++ b/deploy/helm/templates/secret.yaml @@ -27,9 +27,12 @@ stringData: mail: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with .Values.config.statistics }} - statistics: {{- tpl (toYaml .) $ | nindent 6 }} - {{- end }} + statistics: + listening_address: :{{ .Values.service.metrics.port }} + {{- with .Values.config.statistics }} + {{- tpl (toYaml (omit . "listening_address")) $ | nindent 6 }} + {{- end }} + web: listening_address: :{{ .Values.service.web.port }} {{- with .Values.config.web }} diff --git a/deploy/helm/templates/service.yaml b/deploy/helm/templates/service.yaml index 1b38d3f..808f990 100644 --- a/deploy/helm/templates/service.yaml +++ b/deploy/helm/templates/service.yaml @@ -12,3 +12,9 @@ --- {{ include "wg-portal.service.tpl" (dict "context" . "scope" .Values.service.wireguard "ports" $ports "name" "wireguard") }} {{- end -}} + +{{- if and .Values.monitoring.enabled (eq .Values.monitoring.kind "ServiceMonitor") }} +--- +{{- $portsMetrics := list (dict "name" "metrics" "port" .Values.service.metrics.port "protocol" "TCP" "targetPort" "metrics") -}} +{{- include "wg-portal.service.tpl" (dict "context" . "scope" .Values.service.metrics "ports" $portsWeb "name" "metrics") }} +{{- end -}} diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index c1d4b90..0cff1b4 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -134,6 +134,8 @@ service: # Increment next port by 1 for each additional interface. ports: - 51820 + metrics: + port: 8787 ingress: # -- Specifies whether an ingress resource should be created @@ -202,3 +204,29 @@ serviceAccount: # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: '' + +monitoring: + # -- Enable Prometheus monitoring. + enabled: true + # -- API version of the Prometheus resource. + # Use `azmonitoring.coreos.com/v1` for Azure Managed Prometheus. + apiVersion: monitoring.coreos.com/v1 + # -- Kind of the Prometheus resource. + # Could be `PodMonitor` or `ServiceMonitor`. + kind: PodMonitor + # -- Resource labels. + labels: {} + # -- Resource annotations. + annotations: {} + # -- Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. + interval: '' + # -- Relabelings to samples before ingestion. + metricRelabelings: [] + # -- Relabelings to samples before scraping. + relabelings: [] + # -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used. + scrapeTimeout: '' + # -- The label to use to retrieve the job name from. + jobLabel: '' + # -- Transfers labels on the Kubernetes Pod onto the target. + podTargetLabels: {}