Skip to content

Commit

Permalink
chart and test updates
Browse files Browse the repository at this point in the history
  • Loading branch information
jinja2 committed Oct 5, 2024
1 parent 27ef561 commit ba0db1f
Show file tree
Hide file tree
Showing 24 changed files with 689 additions and 216 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ on:

jobs:
release:
if: github.repository == 'splunk/synthetics-helm-charts'
permissions:
contents: write
runs-on: ubuntu-latest
Expand Down Expand Up @@ -45,6 +46,8 @@ jobs:

- name: Run chart-releaser
uses: helm/[email protected]
with:
config: cr.yaml
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
if: ${{ steps.check_update_chart.outputs.VALID_UPDATE == 1 }}
24 changes: 15 additions & 9 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,25 +33,31 @@ jobs:
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Linting charts
run: helm lint charts/*

- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --config=ct.yaml --target-branch ${{ github.event.repository.default_branch }}

- name: Run helm-docs
id: helm-docs
run: |
make docs
if [[ $(git diff --stat) != '' ]]; then
echo -e '\033[0;31mREADME outdated! Please run "make docs".\033[0m ❌'
git diff --color
exit 1
else
echo -e '\033[0;32mREADME is up-to-date\033[0m ✔'
fi
- name: Run helm unit tests
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest
make unittest
- name: Run chart-testing (install)
run: ct install --config=ct.yaml

# - name: Create kind cluster
# uses: helm/[email protected]
# # Only build a kind cluster if there are chart changes to test.
# if: steps.list-changed.outputs.changed == 'true'

# - name: Run chart-testing (install)
# run: ct install --config=ct.yaml


# e2e-test: []
13 changes: 11 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,16 @@ repos:
exclude: ^charts/.*/templates/
args: [ --allow-multiple-documents ]
- id: check-added-large-files
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.23
- repo: https://github.com/norwoodj/helm-docs
rev: v1.14.2
hooks:
- id: helm-docs
args:
- --chart-search-root=charts
- repo: local
hooks:
- id: helmlint
name: Lint the helm chart
entry: make lint
files: "charts/*"
language: system
7 changes: 5 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# The general settings and variables for the project
SHELL := /bin/bash

# TODO: Move CHART_FILE_PATH and VALUES_FILE_PATH here, currently set in multiple places
# The version of the chart
VERSION := $(shell grep "^version:" charts/splunk-synthetics-runner/Chart.yaml | awk '{print $$2}')

Expand All @@ -15,7 +14,7 @@ lint: ## Lint the Helm chart with ct
ct lint --config=ct.yaml || exit 1

.PHONY: pre-commit
pre-commit: render ## Test the Helm chart with pre-commit
pre-commit: ## Test the Helm chart with pre-commit
@echo "Checking the Helm chart with pre-commit..."
pre-commit run --all-files || exit 1

Expand All @@ -28,3 +27,7 @@ unittest: ## Run unittests on the Helm chart
docs: ## Run unittests on the Helm chart
@echo "Update docs for helm chart..."
cd charts/splunk-synthetics-runner && helm-docs || exit 1

.PHONY: install-tools
install-tools: ## Install tools (macOS)
LOCALBIN=$(LOCALBIN) scripts/install-tools.sh || exit 1
9 changes: 8 additions & 1 deletion charts/splunk-synthetics-runner/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,11 @@ name: splunk-synthetics-runner
description: Private location runners for Splunk Synthetic Monitoring
type: application
version: 0.0.1
appVersion: "0.16.7"
appVersion: "0.19.3"
keywords:
- Splunk
- Observability
- Synthetic Monitoring
- Private Location
maintainers:
- name: Splunk
12 changes: 3 additions & 9 deletions charts/splunk-synthetics-runner/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## Splunk Synthetic Monitoring - Kubernetes Private Locations

![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.16.7](https://img.shields.io/badge/AppVersion-0.16.7-informational?style=flat-square)
![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.3](https://img.shields.io/badge/AppVersion-0.19.3-informational?style=flat-square)

Helm chart to deploy [private location runners](https://docs.splunk.com/observability/en/synthetics/test-config/private-locations.html) for [Splunk Synthetic Monitoring](https://www.splunk.com/en_us/products/synthetic-monitoring.html).

Expand All @@ -19,12 +19,6 @@ $ helm install my-splunk-synthetics-runner release synthetics-helm-charts/splunk
|-----|------|---------|-------------|
| affinity | object | `{}` | Inter-pod and node affinity/anti-affinity rules. |
| automountServiceAccountToken | bool | `true` | Indicates whether a service account token should be automatically mounted to the runner pod. |
| autoscaling | object | `{"enabled":false,"maxReplicas":6,"minReplicas":1,"targetCPUUtilizationPercentage":95,"targetMemoryUtilizationPercentage":95}` | Configuration for HPA |
| autoscaling.enabled | bool | `false` | Enable HPA |
| autoscaling.maxReplicas | int | `6` | Maximum replicas of runner |
| autoscaling.minReplicas | int | `1` | Minimum replicas of runner |
| autoscaling.targetCPUUtilizationPercentage | int | `95` | Target CPU utilization |
| autoscaling.targetMemoryUtilizationPercentage | int | `95` | Target Memory utilization |
| commonLabels | object | `{}` | Additional labels which will be included on all objects and as selectors. |
| containerSecurityContext | object | `{}` | Container security context for runner container. |
| dnsConfig | object | `{}` | Specify additional DNS parameters for the runner pods. |
Expand Down Expand Up @@ -55,10 +49,10 @@ $ helm install my-splunk-synthetics-runner release synthetics-helm-charts/splunk
| serviceAccount.create | bool | `true` | If true, service account will be created. |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set, the release's fullname will be used when create is true. Set this variable to add user created service account to pod. |
| synthetics | object | `{"additionalCaCerts":{},"enableNetworkShaping":true,"logLevel":"info","secret":{"create":false,"name":"","runnerToken":""}}` | Splunk Synthetics Runner configurations |
| synthetics.additionalCaCerts | object | `{}` | Add custom CA certs to use in API/HTTP tests. Requires privilege escalation. |
| synthetics.additionalCaCerts | object | `{}` | Add custom CA certs (should be in PEM format) to use in API/HTTP tests. Requires privilege escalation in an init container which adds these certs to the runner's system cacerts. |
| synthetics.enableNetworkShaping | bool | `true` | Enable netwrok shapping capabilities which allows runner to simulate different device's throughputs. Needs privilege escalation and CAP_NET_ADMIN. |
| synthetics.logLevel | string | `"info"` | logLevel is to set log level of the Splunk Synthetics runner. Available values are: debug, info, warn, error |
| synthetics.secret | object | `{"create":false,"name":"","runnerToken":""}` | Private location token configuration. Rotating the runner token requires an explicit rollout/restart of the deployment. |
| synthetics.secret | object | `{"create":false,"name":"","runnerToken":""}` | Private location token configuration. |
| synthetics.secret.create | bool | `false` | Option for creating a new secret or using an existing one. When true, a new kubernetes secret will be created by the chart that will contain value from runnerToken. When false, the user must set secret.name to the name of the k8s secret the user created with the runner's token. |
| synthetics.secret.name | string | `""` | The name of the secret created by chart (if name is empty the default name is used) or the name of a secret that the user created. If secret is created outside of the helm chart, make sure the key for token is 'runner_token' in the secret. The chart references this key when passing token as env variable. |
| synthetics.secret.runnerToken | string | `""` | Used when sythentics.secret.create=true. The runner's token available in Splunk Observability when Private Location was created. |
Expand Down
11 changes: 11 additions & 0 deletions charts/splunk-synthetics-runner/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,14 @@
{{/* Throws an error when the token is not provided. Not an exhaustive check of
all the different ways a user could add an env variable to container,
so might need to be removed later if requested by users.
If none of the below checks pass, we throw an error -
1. Check if token var has value and secret creation is enabled
2. Check is a custom secret name is provided with in chart secret creation disabled
3. Check if token is set as an env var directly */}}
{{- if not (or (and .Values.synthetics.secret.create .Values.synthetics.secret.runnerToken) (and (not .Values.synthetics.secret.create) (or .Values.synthetics.secret.name (hasKey .Values.env "RUNNER_TOKEN")))) }}
{{ fail "[ERROR] Splunk Synthetic Private Location Runner requires token to be supplied in the environment variable RUNNER_TOKEN. Users can provide this as value to the variable synthetics.secret.runnerToken or supply the secret name which contains the token in the variable synthetics.secret.name" }}
{{- end }}

Check the status of Splunk Synthetic Private Location deployment by running this comamnd:

kubectl get deployments --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "splunk-synthetics-runner.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }}"
Expand Down
28 changes: 27 additions & 1 deletion charts/splunk-synthetics-runner/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,33 @@ Render security context
Render names compliant with DNS label standard as defined in RFC 1123
*/}}
{{- define "cleanupNames" -}}
{{- $name := regexReplaceAll "\\W+" . "-" | lower -}}
{{- $name := regexReplaceAll "[^A-Za-z0-9\\-]" . "-" | lower -}}
{{- $name = regexReplaceAll "^-+|-+$" $name "" | trunc 63 | trimSuffix "-" -}}
{{- $name -}}
{{- end -}}


{{/*
Render pod annotations.
Checksums are calculated for secret and additionalCaCerts if they exist. This
checksum is further used to trigger a rolling update when the secret/configmap
changes. The checksum is stored in the pod annotation `checksum/config`.
*/}}
{{- define "splunk-synthetics-runner.podAnnotations" -}}
{{- $checksums := list -}}
{{- if and .Values.synthetics.secret.create .Values.synthetics.token -}}
{{- $checksums = append $checksums (include (print .Template.BasePath "/secret.yaml") . | sha256sum) }}
{{- end -}}
{{- if .Values.synthetics.additionalCaCerts -}}
{{- $checksums = append $checksums (include (print .Template.BasePath "/configmap-ca.yaml" ) . | sha256sum) }}
{{- end -}}
{{- if or $checksums .Values.podAnnotations -}}
annotations:
{{- if $checksums }}
checksum/config: {{ (join "" $checksums) | sha256sum }}
{{- end -}}
{{- if .Values.podAnnotations -}}
{{- toYaml .Values.podAnnotations | nindent 2 }}
{{- end -}}
{{- end -}}
{{- end -}}
50 changes: 34 additions & 16 deletions charts/splunk-synthetics-runner/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@ metadata:
labels:
{{- include "splunk-synthetics-runner.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
{{- if .Values.updateStrategy }}
strategy:
{{- toYaml .Values.updateStrategy | nindent 4 }}
Expand All @@ -17,18 +15,17 @@ spec:
{{- include "splunk-synthetics-runner.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "splunk-synthetics-runner.podLabels" . | nindent 8 }}
{{- include "splunk-synthetics-runner.podAnnotations" . | nindent 6 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.serviceAccount.create .Values.serviceAccount.name }}
serviceAccountName: {{ include "splunk-synthetics-runner.serviceAccountName" . }}
{{- end}}
{{- if .Values.automountServiceAccountToken }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- end }}
Expand All @@ -50,24 +47,45 @@ spec:
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if .Values.synthetics.additionalCaCerts }}
{{- if .Values.synthetics.additionalCaCerts }}
initContainers:
- name: update-ca-certificates
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/usr/bin/sh", "-c", "--"]
args: ["sudo update-ca-certificates; exec /usr/bin/tini -s -- bundle exec bin/start_runner"]
args: ["sudo update-ca-certificates && cp -r /etc/ssl/certs/* /cacerts/"]
securityContext:
allowPrivilegeEscalation: true
volumeMounts:
{{- if .Values.synthetics.additionalCaCerts }}
{{- range $cert := keys .Values.synthetics.additionalCaCerts | sortAlpha }}
{{- $crtFile := regexReplaceAll "^(.*)\\.(\\w+)$" $cert "${1}.crt" }}
- name: {{ include "cleanupNames" $cert }}
mountPath: {{ printf "/usr/local/share/ca-certificates/%s" $crtFile }}
subPath: {{ $crtFile }}
readOnly: false
{{- end }}
{{- end }}
- name: cacerts
mountPath: /cacerts/
readOnly: false
{{- end }}
containers:
- name: {{ .Chart.Name }}
env:
{{- if not .Values.synthetics.enableNetworkShaping }}
- name: DISABLE_NETWORK_SHAPING
value: "true"
{{- end }}
- name: LOG_LEVEL
value: {{ .Values.synthetics.logLevel | upper }}
{{- if or .Values.synthetics.secret.create .Values.synthetics.secret.name }}
- name: RUNNER_TOKEN
valueFrom:
secretKeyRef:
name: {{ include "splunk-synthetics-runner.secretName" . }}
key: runner_token
{{- end }}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
Expand All @@ -92,12 +110,9 @@ spec:
{{- if or .Values.synthetics.additionalCaCerts .Values.volumeMounts }}
volumeMounts:
{{- if .Values.synthetics.additionalCaCerts }}
{{- range $cert := keys .Values.synthetics.additionalCaCerts | sortAlpha }}
- name: {{ include "cleanupNames" $cert }}
mountPath: {{ printf "/usr/local/share/ca-certificates/%s" $cert }}
subPath: {{ $cert }}
- name: cacerts
mountPath: /etc/ssl/certs
readOnly: false
{{- end }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
Expand All @@ -108,13 +123,16 @@ spec:
volumes:
{{- if .Values.synthetics.additionalCaCerts }}
{{- range $cert := keys .Values.synthetics.additionalCaCerts | sortAlpha }}
{{- $crtFile := regexReplaceAll "^(.*)\\.(\\w+)$" $cert "${1}.crt" }}
- name: {{ include "cleanupNames" $cert }}
configMap:
name: {{ include "splunk-synthetics-runner.fullname" $ }}
items:
- key: {{ $cert }}
path: {{ $cert }}
path: {{ $crtFile }}
{{- end }}
- name: cacerts
emptyDir: {}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
Expand Down
32 changes: 0 additions & 32 deletions charts/splunk-synthetics-runner/templates/hpa.yaml

This file was deleted.

2 changes: 1 addition & 1 deletion charts/splunk-synthetics-runner/templates/secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ metadata:
{{- include "splunk-synthetics-runner.labels" . | nindent 4 }}
type: Opaque
data:
runner_token: {{ .Values.synthetics.secret.runnerToken }}
runner_token: {{ .Values.synthetics.secret.runnerToken | b64enc | quote }}
{{- end -}}
Loading

0 comments on commit ba0db1f

Please sign in to comment.