Skip to content

Commit c8ad584

Browse files
AlbertoBarbaAlbertoBarba
committed
feat(shield): add the enable_prometheus_scraping flag also to host sections
1 parent 6d6cb1e commit c8ad584

File tree

10 files changed

+161
-5
lines changed

10 files changed

+161
-5
lines changed

charts/shield/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,5 @@ maintainers:
1313
- name: mavimo
1414
email: [email protected]
1515
type: application
16-
version: 1.12.4
16+
version: 1.12.5
1717
appVersion: "1.0.0"

charts/shield/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,7 @@ The following table lists the configurable parameters of the `shield` chart and
128128
| features.monitor.kubernetes_events.enabled | Enable the Kubernetes Events feature | <code>false</code> |
129129
| host_windows.enabled | Enable the host shield for Windows | <code>false</code> |
130130
| host_windows.additional_settings.monitoring_port | | <code>8081</code> |
131+
| host_windows.enable_prometheus_scraping | Automatically adds the Prometheus annotations to the Host Shield Windows pods | <code>true</code> |
131132
| host_windows.agent_runtime_additional_settings | Additional settings to be passed to the agent-runtime component (overrides dragent.yaml generated by helm) | <code>{}</code> |
132133
| host_windows.image.registry | The registry where the host shield images are stored | <code>quay.io</code> |
133134
| host_windows.image.repository | The repository where the host shield images are stored | <code>sysdig</code> |
@@ -185,6 +186,7 @@ The following table lists the configurable parameters of the `shield` chart and
185186
| host.node_selector | The node selector for the host shield | <code>{}</code> |
186187
| host.tolerations | The tolerations for the host shield | <code>[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/controlplane","operator":"Equal","value":"true"},{"effect":"NoExecute","key":"node-role.kubernetes.io/etcd","operator":"Equal","value":"true"},{"effect":"NoExecute","key":"CriticalAddonsOnly","operator":"Equal","value":"true"}]</code> |
187188
| host.affinity | The affinity for the host shield | <code>{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["amd64","arm64","ppc64le","s390x"]},{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}}</code> |
189+
| host.enable_prometheus_scraping | Automatically adds the Prometheus annotations to the Host Shield Windows pods | <code>true</code> |
188190
| host.probes.readiness.initialDelaySeconds | The readiness probe initial delay | <code>90</code> |
189191
| host.probes.readiness.periodSeconds | The readiness probe period | <code>10</code> |
190192
| host.probes.readiness.failureThreshold | The readiness probe failure threshold | <code>9</code> |

charts/shield/templates/host/_annotations.tpl

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,7 @@
1313
{{- if not .Values.host.privileged -}}
1414
{{- $_ := set $podAnnotations "container.apparmor.security.beta.kubernetes.io/sysdig-host-shield" "unconfined" -}}
1515
{{- end -}}
16-
{{- $podAnnotations | toYaml -}}
16+
{{- with $podAnnotations -}}
17+
{{- . | toYaml -}}
18+
{{- end -}}
1719
{{- end -}}

charts/shield/templates/host/_helpers.tpl

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -277,3 +277,13 @@ true
277277
true
278278
{{- end }}
279279
{{- end }}
280+
281+
{{- define "host.prometheus_exporter_enabled" }}
282+
{{- if dig "prometheus_exporter" "enabled" false .Values.host.additional_settings }}
283+
true
284+
{{- end }}
285+
{{- end }}
286+
287+
{{- define "host.metrics_port" }}
288+
{{- regexFind "[0-9]+$" (dig "prometheus_exporter" "listen_url" "0.0.0.0:9544" .Values.host.additional_settings) -}}
289+
{{- end }}

charts/shield/templates/host/_windows_annotations.tpl

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,5 +7,7 @@
77

88
{{- define "host.windows.pod_annotations" -}}
99
{{- $podAnnotations := merge (dict) .Values.pod_annotations .Values.host_windows.pod_annotations -}}
10-
{{- $podAnnotations | toYaml -}}
10+
{{- with $podAnnotations -}}
11+
{{- . | toYaml -}}
12+
{{- end -}}
1113
{{- end -}}

charts/shield/templates/host/daemonset-windows.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,11 @@ spec:
2121
{{- include "host.windows.pod_labels" . | nindent 8 }}
2222
annotations:
2323
{{- include "host.windows.pod_annotations" . | nindent 8 }}
24+
{{- if .Values.host_windows.enable_prometheus_scraping }}
25+
prometheus.io/scrape: "true"
26+
prometheus.io/path: "/metrics"
27+
prometheus.io/port: {{ .Values.host_windows.additional_settings.monitoring_port | quote }}
28+
{{- end }}
2429
spec:
2530
securityContext:
2631
windowsOptions:

charts/shield/templates/host/daemonset.yaml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,11 @@ spec:
2020
{{- include "host.pod_labels" . | nindent 8 }}
2121
annotations:
2222
{{- include "host.pod_annotations" . | nindent 8 }}
23+
{{- if and (include "host.prometheus_exporter_enabled" .) .Values.host.enable_prometheus_scraping }}
24+
prometheus.io/scrape: "true"
25+
prometheus.io/path: "/metrics"
26+
prometheus.io/port: {{ (include "host.metrics_port" .) | quote }}
27+
{{- end }}
2328
spec:
2429
hostNetwork: true
2530
dnsPolicy: {{ default "ClusterFirstWithHostNet" .Values.host.dns_policy }}
@@ -151,8 +156,8 @@ spec:
151156
- containerPort: {{ dig "kspm_analyzer" "port" 12000 .Values.host.additional_settings }}
152157
name: kspm-analyzer
153158
{{- end }}
154-
{{- if (dig "prometheus_exporter" "enabled" false .Values.host.additional_settings) }}
155-
- containerPort: {{ regexFind "[0-9]+$" (dig "prometheus_exporter" "listen_url" "0.0.0.0:9544" .Values.host.additional_settings) }}
159+
{{- if include "host.prometheus_exporter_enabled" . }}
160+
- containerPort: {{ include "host.metrics_port" . }}
156161
name: metrics
157162
{{- end }}
158163
readinessProbe:

charts/shield/tests/host/daemonset-windows_test.yaml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -436,3 +436,50 @@ tests:
436436
asserts:
437437
- isNullOrEmpty:
438438
path: spec.template.spec.imagePullSecrets
439+
440+
- it: Default pod annotations with prometheus scraping enabled
441+
asserts:
442+
- equal:
443+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
444+
value: "true"
445+
- equal:
446+
path: spec.template.metadata.annotations["prometheus.io/path"]
447+
value: "/metrics"
448+
- equal:
449+
path: spec.template.metadata.annotations["prometheus.io/port"]
450+
value: "8081"
451+
452+
- it: Default pod annotations with prometheus scraping disabled
453+
set:
454+
host_windows:
455+
enable_prometheus_scraping: false
456+
asserts:
457+
- notExists:
458+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
459+
- notExists:
460+
path: spec.template.metadata.annotations["prometheus.io/path"]
461+
- notExists:
462+
path: spec.template.metadata.annotations["prometheus.io/port"]
463+
464+
- it: Custom pod annotations
465+
set:
466+
host_windows:
467+
pod_annotations:
468+
custom/annotation1: "custom-value1"
469+
custom/annotation2: "custom-value2"
470+
asserts:
471+
- equal:
472+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
473+
value: "true"
474+
- equal:
475+
path: spec.template.metadata.annotations["prometheus.io/path"]
476+
value: "/metrics"
477+
- equal:
478+
path: spec.template.metadata.annotations["prometheus.io/port"]
479+
value: "8081"
480+
- equal:
481+
path: spec.template.metadata.annotations["custom/annotation1"]
482+
value: "custom-value1"
483+
- equal:
484+
path: spec.template.metadata.annotations["custom/annotation2"]
485+
value: "custom-value2"

charts/shield/tests/host/daemonset_test.yaml

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -737,3 +737,82 @@ tests:
737737
- equal:
738738
path: spec.template.spec.dnsPolicy
739739
value: ClusterFirst
740+
741+
- it: Default pod annotations with prometheus scraping enabled
742+
set:
743+
host:
744+
additional_settings:
745+
prometheus_exporter:
746+
enabled: true
747+
asserts:
748+
- equal:
749+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
750+
value: "true"
751+
- equal:
752+
path: spec.template.metadata.annotations["prometheus.io/path"]
753+
value: "/metrics"
754+
- equal:
755+
path: spec.template.metadata.annotations["prometheus.io/port"]
756+
value: "9544"
757+
758+
- it: Default pod annotations with prometheus exporter not enabled
759+
asserts:
760+
- notExists:
761+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
762+
- notExists:
763+
path: spec.template.metadata.annotations["prometheus.io/path"]
764+
- notExists:
765+
path: spec.template.metadata.annotations["prometheus.io/port"]
766+
767+
- it: Default pod annotations with prometheus exporter and prometheus scraping not enabled
768+
set:
769+
host:
770+
enable_prometheus_scraping: false
771+
asserts:
772+
- notExists:
773+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
774+
- notExists:
775+
path: spec.template.metadata.annotations["prometheus.io/path"]
776+
- notExists:
777+
path: spec.template.metadata.annotations["prometheus.io/port"]
778+
779+
- it: Default pod annotations with prometheus scraping not enabled
780+
set:
781+
host:
782+
enable_prometheus_scraping: false
783+
additional_settings:
784+
prometheus_exporter:
785+
enabled: true
786+
asserts:
787+
- notExists:
788+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
789+
- notExists:
790+
path: spec.template.metadata.annotations["prometheus.io/path"]
791+
- notExists:
792+
path: spec.template.metadata.annotations["prometheus.io/port"]
793+
794+
- it: Custom pod annotations
795+
set:
796+
host:
797+
additional_settings:
798+
prometheus_exporter:
799+
enabled: true # Enabling this to add the neeeded annotations and verify that the template has no issues
800+
pod_annotations:
801+
custom/annotation1: "custom-value1"
802+
custom/annotation2: "custom-value2"
803+
asserts:
804+
- equal:
805+
path: spec.template.metadata.annotations["prometheus.io/scrape"]
806+
value: "true"
807+
- equal:
808+
path: spec.template.metadata.annotations["prometheus.io/path"]
809+
value: "/metrics"
810+
- equal:
811+
path: spec.template.metadata.annotations["prometheus.io/port"]
812+
value: "9544"
813+
- equal:
814+
path: spec.template.metadata.annotations["custom/annotation1"]
815+
value: "custom-value1"
816+
- equal:
817+
path: spec.template.metadata.annotations["custom/annotation2"]
818+
value: "custom-value2"

0 commit comments

Comments
 (0)