feat: Additional configuration options in helm chart (#1275)

* feat(helm): add flag to restrict canary checker to single namespace * chore: sanitise default resource requests * feat: ensure leadership is true if multiple replicas are deployed * feat: add ability to configure check disable in chart * fix: config file location * feat: allow configuration of data retention times via chart * feat: allow configuration of upstream connection via chart * fix: rework upstream secret injection * chore: rework disableChecks
flanksource · Sep 28, 2023 · f9b0ae0 · f9b0ae0
1 parent b43b840
commit f9b0ae0
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 2 deletions.
diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "canary-checker.name" . }}
+  labels:
+    {{- include "canary-checker.labels" . | nindent 4 }}
+data:
+  canary-checker.properties: |
+    {{- range $k, $v := .Values.disableChecks }}
+    check.disabled.{{ $k }}={{ $v }}
+    {{- end }}
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -52,6 +52,9 @@ spec:
               - path: "labels"
                 fieldRef:
                   fieldPath: metadata.labels
+        - name: config
+          configMap:
+            name: {{ include "canary-checker.name" . }}
       securityContext:
         fsGroup: 1000
       containers:
@@ -74,11 +77,16 @@ spec:
               {{- if eq .Values.db.external.enabled true }}
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.db.external.secretKeyRef.name }}
+                  name: {{ .Values.db.external.secretKeyRef.name  }}
                   key: {{ .Values.db.external.secretKeyRef.key }}
               {{- else }}
               value: "embedded:///opt/database/"
               {{- end }}
+          {{- if .Values.upstream.enabled }}
+          envFrom:
+            - secretRef:
+                name: {{ include "canary-checker.name" . }}
+          {{- end }}
           volumeMounts:
             {{- if eq .Values.dockerSocket true }}
             - name: dockersock
@@ -96,6 +104,9 @@ spec:
             {{- end }}
             - mountPath: /etc/podinfo
               name: podinfo
+            - mountPath: /app/canary-checker.properties
+              name: config
+              subpath: canary-checker.properties
           command:
             - /app/canary-checker
           args:
@@ -105,6 +116,23 @@ spec:
             - "8080"
             - --disable-postgrest={{ .Values.disablePostgrest }}
             - --db-migrations={{ .Values.db.runMigrations }}
+            - --cache-timeout={{ .Values.data.cacheTimeoutDays }}
+            - --default-window={{ .Values.data.defaultSearchWindow }}
+            - --check-status-retention-period={{ .Values.data.checkStatusRetentionDays }}
+            - --check-retention-period={{ .Values.data.checkRetentionDays }}
+            - --canary-retention-period={{ .Values.data.canaryRetentionDays }}
+            {{- if ne .Values.canaryNamespace "" }}
+            - --namespace={{ .Values.canaryNamespace }}
+            {{- end }}
+            {{- if gt (int .Values.replicas) 1 }}
+            - --enable-leader-election=true
+            {{- end }}
+            {{- if .Values.upstream.enabled }}
+            - --agent-name={{ .Values.upstream.agentName }}
+            - --upstream-host={{ .Values.upstream.host }}
+            - --upstream-user=$UPSTREAM_USER
+            - --upstream-password=$UPSTREAM_PASSWORD
+            {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           livenessProbe:

diff --git a/chart/templates/secret.yaml b/chart/templates/secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.upstream.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "canary-checker.name" . }}
+data:
+  UPSTREAM_USERNAME: {{ .Values.upstream.username | b64enc }}
+  UPSTREAM_PASSWORD: {{ .Values.upstream.password | b64enc }}
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -27,6 +27,9 @@ grafanaDashboards: false
 debug: false
 logLevel: "-v"
 
+# restrict canary-checker to monitor single namespace for canaries.  Leave blank to monitor all namespaces
+canaryNamespace: ""
+
 db:
   runMigrations: true
   embedded:
@@ -58,6 +61,20 @@ nameOverride: ""
 
 allowPrivilegeEscalation: true
 
+data:
+  defaultSearchWindow: 1h
+  cacheTimeoutDays: 90
+  checkStatusRetentionDays: 180
+  checkRetentionDays: 7
+  canaryRetentionDays: 7
+
+upstream:
+  enabled: false
+  host: ""
+  agentName: ""
+  username: ""
+  password: ""
+
 ingress:
   enabled: false
   className: ""
@@ -95,13 +112,16 @@ resources:
     cpu: 200m
     memory: 200Mi
   limits:
-    memory: 1512Mi
+    cpu: 500m
+    memory: 512Mi
 
 serviceAccount: {}
   # Configures extra annotations on the service account
   # annotations:
   #   some: annotation
 
+disableChecks: {}
+
 extra:
   # nodeSelector:
   #   key: value