Merge pull request #40 from Icinga/add-icinga-kuberentes

Add `Icinga Kubernetes`

.github/workflows/lint_test_charts.yaml

@@ -24,4 +24,5 @@ jobs:
           run: |
             set -x
             cd charts/icinga-stack
-            helm unittest .
+            helm dependency update
+            helm unittest .

charts/icinga-stack/Chart.yaml

@@ -1,3 +1,8 @@
+dependencies:
+  - name: common
+    version: 2.x.x
+    repository: oci://registry-1.docker.io/bitnamicharts
+
 apiVersion: v2
 name: icinga-stack
 description: Icinga is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting.

charts/icinga-stack/README.md

@@ -45,6 +45,8 @@ helm install <release-name> \
   --set global.databases.icingaweb2.password.value=CHANGE-ME \
   --set global.databases.icingadb.username.value=CHANGE-ME \
   --set global.databases.icingadb.password.value=CHANGE-ME \
+  --set global.databases.kubernetes.username.value=CHANGE-ME \
+  --set global.databases.kubernetes.password.value=CHANGE-ME \
 icinga/icinga-stack
 ```
 

charts/icinga-stack/charts/icinga-kubernetes/Chart.yaml

@@ -0,0 +1,16 @@
+dependencies:
+  - name: common
+    version: 2.x.x
+    repository: oci://registry-1.docker.io/bitnamicharts
+
+apiVersion: v2
+name: icinga-kubernetes
+description: Icinga Kubernetes
+maintainers:
+  - name: Icinga GmbH
+    email: [email protected]
+    url: https://icinga.com
+
+type: application
+version: 0.1.0
+appVersion: "edge"

charts/icinga-stack/charts/icinga-kubernetes/templates/_config.tpl

@@ -0,0 +1,27 @@
+{{/*
+ Create the config
+ */}}
+{{- define "icinga-kubernetes.config" -}}
+# This is the configuration file for Icinga Kubernetes.
+
+# Connection configuration for the database to which Icinga Kubernetes synchronizes data.
+# This is also the database used in Icinga Kubernetes Web to view and work with the data.
+database:
+    # Database type. Only 'mysql' is supported yet which is the default.
+    #  type: mysql
+
+    # Database host or absolute Unix socket path.
+    host: {{ if .Values.global.databases.kubernetes.enabled }} {{ .Release.Name }}-kubernetes-database {{ else }} {{ .Values.global.databases.kubernetes.host | quote }} {{ end }}
+
+    # Database port. By default, the MySQL port.
+    port: {{ .Values.global.databases.kubernetes.port | default 3306 }}
+
+    # Database name.
+    database: kubernetes
+
+    # Database user.
+    user: {{ .Values.global.databases.kubernetes.username.value }}
+
+    # Database password.
+    password: {{ .Values.global.databases.kubernetes.password.value }}
+{{- end -}}

charts/icinga-stack/charts/icinga-kubernetes/templates/_helpers.tpl

@@ -0,0 +1,18 @@
+{{/*
+ Create the name of the service account to use
+ */}}
+{{- define "icinga-kubernetes.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{- default (include "common.names.fullname" .) .Values.serviceAccount.name -}}
+{{- else -}}
+    {{- default "default" .Values.serviceAccount.name -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the config map to use
+ */}}
+{{- define "icinga-kubernetes.configmapName" -}}
+{{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+

charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrole.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - get
+      - watch
+      - list
+{{- end }}

charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrolebinding.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRoleBinding
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "common.names.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "icinga-kubernetes.serviceAccountName" . }}
+    namespace: {{ include "common.names.namespace" . | quote }}
+{{- end }}

charts/icinga-stack/charts/icinga-kubernetes/templates/configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "icinga-kubernetes.configmapName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  config.yml: |-
+    {{- include "icinga-kubernetes.config" . | nindent 4 }}

charts/icinga-stack/charts/icinga-kubernetes/templates/deployment.yaml

@@ -0,0 +1,39 @@
+{{ if .Values.enabled -}}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: 1
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+  template:
+    metadata:
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+      annotations:
+        {{- if .Values.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ include "icinga-kubernetes.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name}}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          volumeMounts:
+            - name: configuration
+              mountPath: /config.yml
+              subPath: config.yml
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        - name: configuration
+          configMap:
+            name: {{ include "icinga-kubernetes.configmapName" . }}
+{{- end }}

charts/icinga-stack/charts/icinga-kubernetes/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "icinga-kubernetes.serviceAccountName" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/icinga-stack/charts/icinga-kubernetes/values.yaml

@@ -0,0 +1,12 @@
+enabled: true
+
+image:
+  repository: icinga/icinga-kubernetes
+  tag: edge
+  pullPolicy: Always
+
+rbac:
+  create: true
+
+serviceAccount:
+  create: true

charts/icinga-stack/tests/global_database_statefulset_test.yaml

@@ -2,7 +2,7 @@ suite: "[Global] Internal databases for Icinga services"
 templates:
   - internal-databases.yaml
 tests:
-  # Director DB 
+  # Director DB
   - it: deploys a Director database StatefulSet using values
     documentIndex: 0
     values:
@@ -81,6 +81,11 @@ tests:
               secretKey: username
             password:
               secretKey: password
+          kubernetes:
+            username:
+              value: kubernetes
+            password:
+              value: insecurekubernetespassword
     release:
       name: my-icinga
     asserts:
@@ -129,7 +134,7 @@ tests:
     asserts:
       - failedTemplate:
           errorMessage: "director password not set. Set either .Values.global.databases.director.password.value or .Values.global.databases.director.credSecret and .Values.global.databases.director.password.secretKey"
-  
+
   # IcingaDB DB
   - it: deploys an IcingaDB database StatefulSet using values
     documentIndex: 2
@@ -184,7 +189,7 @@ tests:
               secretKeyRef:
                 name: database-icingadb
                 key: password
-      
+
   # IcingaWeb DB
   - it: deploys an Icingaweb2 database StatefulSet using values
     documentIndex: 4
@@ -240,6 +245,31 @@ tests:
                 name: database-icingaweb2
                 key: password
 
+  # Icinga Kubernetes DB
+  - it: deploys an Icinga Kubernetes database StatefulSet using values
+    documentIndex: 6
+    values:
+      - required_values.yaml
+    release:
+      name: my-icinga
+    asserts:
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+      - equal:
+          path: metadata.name
+          value: my-icinga-icinga-stack-kubernetes-database
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: MARIADB_USER
+            value: kubernetes
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: MARIADB_PASSWORD
+            value: insecurekubernetesdbpassword
+
   # Test persistence for databases
   - it: deploys a PVC for a database if persistence is enabled
     documentIndex: 0
@@ -253,6 +283,8 @@ tests:
       global.databases.icingadb.password.value: insecurepassword
       global.databases.icingaweb2.username.value: icingaweb2
       global.databases.icingaweb2.password.value: insecurepassword
+      global.databases.kubernetes.username.value: kubernetes
+      global.databases.kubernetes.password.value: insecurepassword
     release:
       name: my-icinga
     asserts:
@@ -268,5 +300,3 @@ tests:
                 requests:
                   storage: 5Gi
               selector: null
-
-

charts/icinga-stack/tests/icinga-kubernetes_clusterrole_test.yaml

@@ -0,0 +1,32 @@
+suite: "[Icinga Kubernetes] ClusterRole creation"
+templates:
+  - ../charts/icinga-kubernetes/templates/clusterrole.yaml
+tests:
+  - it: creates a ClusterRole if enabled
+    values:
+      - required_values.yaml
+    set:
+      icinga-kubernetes:
+        rbac:
+          create: true
+    release:
+      name: my-icinga
+      namespace: my-namespace
+    asserts:
+      - containsDocument:
+          kind: ClusterRole
+          apiVersion: rbac.authorization.k8s.io/v1
+      - equal:
+          path: metadata.name
+          value: my-icinga-icinga-kubernetes
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - '*'
+            resources:
+              - '*'
+            verbs:
+              - get
+              - watch
+              - list

charts/icinga-stack/tests/icinga-kubernetes_clusterrolebinding_test.yaml

@@ -0,0 +1,37 @@
+suite: "[Icinga Kubernetes] ClusterRoleBinding creation"
+templates:
+  - ../charts/icinga-kubernetes/templates/clusterrolebinding.yaml
+tests:
+  - it: creates a ClusterRoleBinding if enabled
+    values:
+      - required_values.yaml
+    set:
+      icinga-kubernetes:
+        rbac:
+          create: true
+    release:
+      name: my-icinga
+      namespace: my-namespace
+    asserts:
+      - containsDocument:
+          kind: ClusterRoleBinding
+          apiVersion: rbac.authorization.k8s.io/v1
+      - equal:
+          path: metadata.name
+          value: my-icinga-icinga-kubernetes
+      - equal:
+          path: roleRef.apiGroup
+          value: rbac.authorization.k8s.io
+      - equal:
+          path: roleRef.kind
+          value: ClusterRole
+      - equal:
+          path: roleRef.name
+          value: my-icinga-icinga-kubernetes
+      - contains:
+          path: subjects
+          content:
+            kind: ServiceAccount
+            name: my-icinga-icinga-kubernetes
+            namespace: my-namespace
+

charts/icinga-stack/tests/icinga-kubernetes_serviceaccount_test.yaml

@@ -0,0 +1,21 @@
+suite: "[Icinga Kubernetes] ServiceAccount creation"
+templates:
+  - ../charts/icinga-kubernetes/templates/serviceaccount.yaml
+tests:
+  - it: creates a ServiceAccount if enabled
+    values:
+      - required_values.yaml
+    set:
+      icinga-kubernetes:
+        serviceAccount:
+          create: true
+    release:
+      name: my-icinga
+      namespace: my-namespace
+    asserts:
+      - containsDocument:
+          kind: ServiceAccount
+          apiVersion: v1
+      - equal:
+          path: metadata.name
+          value: my-icinga-icinga-kubernetes

charts/icinga-stack/tests/required_values.yaml

@@ -32,3 +32,8 @@ global:
         value: icingadb
       password:
         value: insecureicingadbpassword
+    kubernetes:
+      username:
+        value: kubernetes
+      password:
+        value: insecurekubernetesdbpassword