Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add NGINX metrics and update security context #356

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add NGINX metrics and update security context #356

wants to merge 4 commits into from

Conversation

Jeroen0494
Copy link

@Jeroen0494 Jeroen0494 commented Mar 2, 2023
edited
Loading

Pull Request

Description of the change

  • Add additional securityContext options for the metrics exporter.
  • Add the option for including NGINX metrics collection. The allow rules are for a default k3s installation and service just as an example.

Benefits

  • securityContext makes my polaris dashboard (and kube-bench) happy.
  • Metrics can now be collected properly.
  • Metrics for NGINX are collected and automatically exported by the service monitor. You can use a Grafana dashboard to monitor connections.

Possible drawbacks

  • None, it's optional

Applicable issues

Checklist

jessebot
jessebot requested changes Mar 4, 2023
View reviewed changes
charts/nextcloud/README.md Outdated Show resolved Hide resolved
charts/nextcloud/README.md Outdated Show resolved Hide resolved
charts/nextcloud/Chart.yaml Outdated Show resolved Hide resolved
@jessebot
Copy link
Collaborator

jessebot commented Mar 4, 2023

There are also conflicts with the deployment.yaml.

Added Kate and Taylor as reviewers since this is a larger PR and I want to be sure I don't miss anything. 🙏

@Jeroen0494
Copy link
Author

Rebased on current master and fixed markdown table.

@Jeroen0494 Jeroen0494 requested review from jessebot and removed request for tvories and provokateurin March 4, 2023 10:58
@Jeroen0494
Copy link
Author

Uhm, I think my request for re-review removed @tvories and @provokateurin from the requested reviewers. Sorry.

@Jeroen0494 Jeroen0494 changed the title Add NGINX metrics as an option Add NGINX metrics and update security context Mar 6, 2023
provokateurin
provokateurin requested changes Mar 12, 2023
View reviewed changes
charts/nextcloud/README.md Outdated Show resolved Hide resolved
charts/nextcloud/templates/_helpers.tpl Outdated Show resolved Hide resolved
charts/nextcloud/templates/deployment.yaml Outdated Show resolved Hide resolved
charts/nextcloud/templates/deployment.yaml Outdated Show resolved Hide resolved
charts/nextcloud/templates/deployment.yaml Outdated Show resolved Hide resolved
charts/nextcloud/values.yaml Outdated Show resolved Hide resolved
@Jeroen0494 Jeroen0494 requested review from provokateurin and removed request for jessebot and tvories March 12, 2023 16:39
@jessebot
Copy link
Collaborator

Looks like there's conflicts for the chart, values, and readme. The README is likely due to the me splitting up the config parameters so that they're more easily linkable. Sorry about that :( If you can resolve the conflicts, I can take a look at what Kate requested for changes and review the PR again.

@Jeroen0494 Jeroen0494 force-pushed the feat/metrics branch 3 times, most recently from 1753f30 to 6765b7b Compare April 16, 2023 10:42
@Jeroen0494
Copy link
Author

Rebased on current master branch.

@jessebot jessebot self-requested a review April 16, 2023 16:09
@jessebot
Copy link
Collaborator

approved lint and test run

@Jeroen0494
Copy link
Author

@jessebot thanks for the review. The quotes for user and group numbers were my mistake. I also updated the securityContext, but didn't see the removed quoted from upstream.

@Jeroen0494 Jeroen0494 force-pushed the feat/metrics branch 4 times, most recently from 774ad8e to a021b56 Compare June 6, 2024 16:08
@Jeroen0494
Copy link
Author

I've rebased as best as possible.

@wrenix
Copy link
Collaborator

wrenix commented Jun 7, 2024
edited
Loading

It looks nice, thank you for your work.

Do you like to write simething for a sidecar with an nginx-exporter and maybe adjust or add an ServiceMonitor for Prometheus?

nginx exporter:

@Jeroen0494
Copy link
Author

It looks nice, thank you for your work.

Do you like to write simething for a sidecar with an nginx-exporter and maybe adjust or add an ServiceMonitor for Prometheus?

nginx exporter:

Prometheus already has their own Helm chart for this, I'd rather not reinvent the wheel. Maybe you could set this as a dependency when metrics is enabled, but for now I'd just like to have this included. This PR has been open for so long already.

jessebot
jessebot requested changes Jun 9, 2024
View reviewed changes
Copy link
Collaborator

@jessebot jessebot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a few more notes as there's some defaults that have been set in the templates that should be configurable.

@jessebot
Copy link
Collaborator

jessebot commented Jun 9, 2024
edited
Loading

Merged in the changes from #483

@Jeroen0494
Copy link
Author

I've included your comments and squashed my commits to make everything more legible. Ready for another review.

wrenix
wrenix requested changes Jun 9, 2024
View reviewed changes
Copy link
Collaborator

@wrenix wrenix left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still something todo (some things should be visible if you run chart-testing on your computer)

charts/nextcloud/templates/deployment.yaml Outdated Show resolved Hide resolved
charts/nextcloud/templates/deployment.yaml Outdated Show resolved Hide resolved
charts/nextcloud/values.yaml Outdated Show resolved Hide resolved
charts/nextcloud/values.yaml
# Example
# - 10.233.105.0/24
# - 10.43.0.0/16
service:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This value has no affact anywhere ....
But maybe usefull (on deployment under ports and your ConfigMap rendered; or service).

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually used in nginx-config.yaml:

            {{- range .Values.metrics.nginx.allow }}
                allow {{ . }};
            {{- end }}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.Values.metrics.nginx.allow is not the same as .Values.nginx.metrics.service.port, which is the values you have here. Am I maybe misunderstanding something?

@Jeroen0494
Update defaultMode
c64c534 
Signed-off-by: Jeroen Rijken <[email protected]>
@Jeroen0494
Copy link
Author

Fixes included, I think.

jessebot
jessebot reviewed Jun 17, 2024
View reviewed changes
charts/nextcloud/templates/deployment.yaml Outdated
Comment on lines 353 to 355
{{- if .Values.nextcloud.configs.defaultMode }}
defaultMode: .Values.nextcloud.configs.defaultMode
{{- end }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As @wrenix said, this could be with and it would save on required code, also you need {{}} surrounding the .Values.nextcloud.configs.defaultMode or the helm template won't work render:

Suggested change
{{- if .Values.nextcloud.configs.defaultMode }}
defaultMode: .Values.nextcloud.configs.defaultMode
{{- end }}
{{- with .Values.nextcloud.configs.defaultMode }}
defaultMode: {{ . }}
{{- end }}

You can commit this suggestion directly.

jessebot
jessebot reviewed Jun 17, 2024
View reviewed changes
charts/nextcloud/templates/deployment.yaml Outdated
Comment on lines 361 to 362
{{- if .Values.nextcloud.configs.defaultMode }}
defaultMode: .Values.nextcloud.configs.defaultMode
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

echoing wrenix here since it won't let me make a suggestion in a comment reply to their comment.

Suggested change
{{- if .Values.nextcloud.configs.defaultMode }}
defaultMode: .Values.nextcloud.configs.defaultMode
{{- with .Values.nextcloud.configs.defaultMode }}
defaultMode: {{ . }}

You can commit this suggestion directly from this PR.

jessebot
jessebot reviewed Jun 17, 2024
View reviewed changes
charts/nextcloud/templates/deployment.yaml Outdated
Comment on lines 369 to 370
{{- if .Values.nextcloud.configs.defaultMode }}
defaultMode: .Values.nextcloud.configs.defaultMode
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{{- if .Values.nextcloud.configs.defaultMode }}
defaultMode: .Values.nextcloud.configs.defaultMode
{{- with .Values.nextcloud.configs.defaultMode }}
defaultMode: {{ . }}

jessebot
jessebot requested changes Jun 17, 2024
View reviewed changes
Copy link
Collaborator

@jessebot jessebot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requesting a few changes to make the templates render properly and reduce wordiness.

@jessebot jessebot mentioned this pull request Jul 26, 2024
Merged
4 tasks
@jessebot jessebot added metrics anything to do with metrics gathering securityContext issues related security contexts labels Jul 26, 2024
@jessebot
Copy link
Collaborator

I've added metrics.securityContext and metrics.podSecurityContext in #609, so this PR can be reduced in complexity to just include the nginx metrics changes. 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jessebot jessebot jessebot requested changes

@wrenix wrenix wrenix requested changes

@provokateurin provokateurin Awaiting requested review from provokateurin

Requested changes must be addressed to merge this pull request.

Assignees

@Jeroen0494 Jeroen0494

Labels
metrics anything to do with metrics gathering securityContext issues related security contexts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Jeroen0494 @jessebot @wrenix @provokateurin