Merge pull request #1 from splunk/initial

Initial

.github/dependabot.yaml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/release.yaml

@@ -0,0 +1,27 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/test.yaml

@@ -0,0 +1,59 @@
+name: CI Build Test
+
+on:
+  pull_request:
+    branches-ignore:
+      - gh-pages
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v4.2.0
+
+      - uses: actions/[email protected]
+        with:
+          python-version: '3.x'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Linting charts
+        run: helm lint charts/*
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --config=ct.yaml --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Run helm unit tests
+        run: |
+          helm plugin install https://github.com/helm-unittest/helm-unittest
+          make unittest
+
+      # - name: Create kind cluster
+      #   uses: helm/[email protected]
+      #   # Only build a kind cluster if there are chart changes to test.
+      #   if: steps.list-changed.outputs.changed == 'true'
+
+      # - name: Run chart-testing (install)
+      #   run: ct install --config=ct.yaml
+
+
+  # e2e-test: []

.gitignore

@@ -11,8 +11,13 @@ _site/
 /vendor
 
 # Specific ignore for GitHub Pages
-# GitHub Pages will always use its own deployed version of pages-gem 
+# GitHub Pages will always use its own deployed version of pages-gem
 # This means GitHub Pages will NOT use your Gemfile.lock and therefore it is
 # counterproductive to check this file into the repository.
 # Details at https://github.com/github/pages-gem/issues/768
 Gemfile.lock
+
+*.tgz
+/.idea/*
+.vscode
+.DS_Store

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+    - id: trailing-whitespace
+      exclude: "^examples|^test"
+    - id: end-of-file-fixer
+      exclude: "^examples|^test"
+    - id: check-yaml
+      # Can't check source yaml since it has go templates in it.
+      exclude: ^charts/.*/templates/
+      args: [ --allow-multiple-documents ]
+    - id: check-added-large-files
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: v0.1.23
+    hooks:
+    - id: helmlint

Makefile

@@ -0,0 +1,30 @@
+##@ General
+# The general settings and variables for the project
+SHELL := /bin/bash
+
+# TODO: Move CHART_FILE_PATH and VALUES_FILE_PATH here, currently set in multiple places
+# The version of the chart
+VERSION := $(shell grep "^version:" charts/splunk-synthetics-runner/Chart.yaml | awk '{print $$2}')
+
+##@ Test
+# Tasks related to testing the Helm chart
+
+.PHONY: lint
+lint: ## Lint the Helm chart with ct
+	@echo "Linting Helm chart..."
+	ct lint --config=ct.yaml || exit 1
+
+.PHONY: pre-commit
+pre-commit: render ## Test the Helm chart with pre-commit
+	@echo "Checking the Helm chart with pre-commit..."
+	pre-commit run --all-files || exit 1
+
+.PHONY: unittest
+unittest: ## Run unittests on the Helm chart
+	@echo "Running unit tests on helm chart..."
+	cd charts/splunk-synthetics-runner && helm unittest --strict -f "../../tests/unittests/*.yaml" . || exit 1
+
+.PHONY: docs
+docs: ## Run unittests on the Helm chart
+	@echo "Update docs for helm chart..."
+	cd charts/splunk-synthetics-runner && helm-docs || exit 1

charts/splunk-synthetics-runner/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/splunk-synthetics-runner/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: splunk-synthetics-runner
+description: Private location runners for Splunk Synthetic Monitoring
+type: application
+version: 0.0.1
+appVersion: "0.16.7"

charts/splunk-synthetics-runner/README.md

@@ -0,0 +1,69 @@
+## Splunk Synthetic Monitoring - Kubernetes Private Locations
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.16.7](https://img.shields.io/badge/AppVersion-0.16.7-informational?style=flat-square)
+
+Helm chart to deploy [private location runners](https://docs.splunk.com/observability/en/synthetics/test-config/private-locations.html) for [Splunk Synthetic Monitoring](https://www.splunk.com/en_us/products/synthetic-monitoring.html).
+
+### Installing the Chart
+
+To install the chart with the release name `my-splunk-synthetics-runner`:
+
+```console
+$ helm repo add <tbd> http://tbd.splunk.github.io
+$ helm install my-splunk-synthetics-runner foo-bar/splunk-synthetics-runner
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | Inter-pod and node affinity/anti-affinity rules. |
+| automountServiceAccountToken | bool | `true` | Indicates whether a service account token should be automatically mounted to the runner pod. |
+| autoscaling | object | `{"enabled":false,"maxReplicas":6,"minReplicas":1,"targetCPUUtilizationPercentage":95,"targetMemoryUtilizationPercentage":95}` | Configuration for HPA |
+| autoscaling.enabled | bool | `false` | Enable HPA |
+| autoscaling.maxReplicas | int | `6` | Maximum replicas of runner |
+| autoscaling.minReplicas | int | `1` | Minimum replicas of runner |
+| autoscaling.targetCPUUtilizationPercentage | int | `95` | Target CPU utilization |
+| autoscaling.targetMemoryUtilizationPercentage | int | `95` | Target Memory utilization |
+| commonLabels | object | `{}` | Additional labels which will be included on all objects and as selectors. |
+| containerSecurityContext | object | `{}` | Container security context for runner container. |
+| dnsConfig | object | `{}` | Specify additional DNS parameters for the runner pods. |
+| dnsPolicy | string | `"ClusterFirst"` | DNS Policy to set for the runner pods. Valid values are ClusterFirst, ClusterFirstWithHostNet, Default, None |
+| env | object | `{}` | Additional environment variables as map. |
+| fullnameOverride | string | `""` | Overrides fully qualified app name |
+| hostAliases | list | `[]` | List of hosts/IPs to be injected into the pod's hosts file. |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/signalfx/splunk-synthetics-runner","tag":""}` | Configuration for container image for Splunk synthetics runner |
+| image.tag | string | `""` | Override the image tag; default is the chart appVersion. |
+| imagePullSecrets | list | `[]` | ImagePullSecrets to use for pulling the images in use. |
+| livenessProbe.enabled | bool | `true` | Enable liveness probe |
+| livenessProbe.failureThreshold | int | `3` |  |
+| livenessProbe.initialDelaySeconds | int | `60` |  |
+| livenessProbe.periodSeconds | int | `300` |  |
+| livenessProbe.successThreshold | int | `1` |  |
+| livenessProbe.timeoutSeconds | int | `10` |  |
+| nameOverride | string | `""` | Overrides app name |
+| nodeSelector | object | `{}` | Selector for the runner pods to fit on a node. |
+| podAnnotations | object | `{}` | Additional annotations for runner pods. |
+| podDisruptionBudget | object | `{"enabled":true,"minAvailable":1}` | Pod distruption budget |
+| podLabels | object | `{}` | Additional labels for runner pods. |
+| podSecurityContext | object | `{}` | Pod security context for runner pods. |
+| priorityClassName | string | `""` | Priority class for runner pods |
+| replicaCount | int | `1` | Count of runner pods. |
+| resources | object | `{"limits":{"cpu":2,"memory":"8G"},"requests":{"cpu":2,"memory":"8G"}}` | Resources for runner container. |
+| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | ServiceAccount config. Note that the runner pod does not need access to k8s api for its operation. |
+| serviceAccount.annotations | object | `{}` | Annotations to add to service account |
+| serviceAccount.create | bool | `true` | If true, service account will be created. |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set, the release's fullname will be used when create is true. Set this variable to add user created service account to pod. |
+| synthetics | object | `{"additionalCaCerts":{},"enableNetworkShaping":true,"logLevel":"info","secret":{"create":false,"name":"","runnerToken":""}}` | Splunk Synthetics Runner configurations |
+| synthetics.additionalCaCerts | object | `{}` | Add custom CA certs to use in API/HTTP tests. Requires privilege escalation. |
+| synthetics.enableNetworkShaping | bool | `true` | Enable netwrok shapping capabilities which allows runner to simulate different device's throughputs. Needs privilege escalation and CAP_NET_ADMIN. |
+| synthetics.logLevel | string | `"info"` | logLevel is to set log level of the Splunk Synthetics runner. Available values are: debug, info, warn, error |
+| synthetics.secret | object | `{"create":false,"name":"","runnerToken":""}` | Private location token configuration. Rotating the runner token requires an explicit rollout/restart of the deployment. |
+| synthetics.secret.create | bool | `false` | Option for creating a new secret or using an existing one. When true, a new kubernetes secret will be created by the chart that will contain value from runnerToken. When false, the user must set secret.name to the name of the k8s secret the user created with the runner's token. |
+| synthetics.secret.name | string | `""` | The name of the secret created by chart (if name is empty the default name is used) or the name of a secret that the user created. If secret is created outside of the helm chart, make sure the key for token is 'runner_token' in the secret. The chart references this key when passing token as env variable. |
+| synthetics.secret.runnerToken | string | `""` | Used when sythentics.secret.create=true. The runner's token available in Splunk Observability when Private Location was created. |
+| terminationGracePeriodSeconds | int | `10` | Duration in seconds the pod needs to terminate gracefully. |
+| tolerations | list | `[]` | Tolerations to attach to runner pods for node taints. |
+| updateStrategy | object | `{}` | Configure update strategy for runner pods. |
+| volumeMounts | list | `[]` | Additional volumeMounts to add to the runner deployment. |
+| volumes | list | `[]` | Additional volumes to add to runner deployment. |

charts/splunk-synthetics-runner/README.md.gotmpl

@@ -0,0 +1,18 @@
+## Splunk Synthetic Monitoring - Kubernetes Private Locations
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+Helm chart to deploy [private location runners](https://docs.splunk.com/observability/en/synthetics/test-config/private-locations.html) for [Splunk Synthetic Monitoring](https://www.splunk.com/en_us/products/synthetic-monitoring.html).
+
+### Installing the Chart
+
+To install the chart with the release name `my-splunk-synthetics-runner`:
+
+```console
+$ helm repo add <tbd> http://tbd.splunk.github.io
+$ helm install my-splunk-synthetics-runner foo-bar/{{ template "chart.name" . }}
+```
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/splunk-synthetics-runner/templates/NOTES.txt

@@ -0,0 +1,7 @@
+Check the status of Splunk Synthetic Private Location deployment by running this comamnd:
+
+kubectl get deployments --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "splunk-synthetics-runner.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }}"
+
+List the Runner Pods with the following command:
+
+kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "splunk-synthetics-runner.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }}"

charts/splunk-synthetics-runner/templates/_helpers.tpl

@@ -0,0 +1,107 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "splunk-synthetics-runner.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "splunk-synthetics-runner.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "splunk-synthetics-runner.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "splunk-synthetics-runner.labels" -}}
+helm.sh/chart: {{ include "splunk-synthetics-runner.chart" . }}
+{{ include "splunk-synthetics-runner.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "splunk-synthetics-runner.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "splunk-synthetics-runner.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.commonLabels }}
+{{ toYaml .Values.commonLabels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Pod labels
+*/}}
+{{- define "splunk-synthetics-runner.podLabels" -}}
+{{- $commonLabels := include "splunk-synthetics-runner.labels" . | fromYaml -}}
+{{- $podLabels := mustMerge .Values.podLabels $commonLabels -}}
+{{ toYaml $podLabels }}
+{{- end -}}
+
+{{/*
+Define name for the runner token secret
+*/}}
+{{- define "splunk-synthetics-runner.secretName" -}}
+{{- default (include "splunk-synthetics-runner.fullname" .) .Values.synthetics.secret.name }}
+{{- end -}}
+
+{{/*
+Define name for the runner service account
+*/}}
+{{- define "splunk-synthetics-runner.serviceAccountName" -}}
+{{- default (include "splunk-synthetics-runner.fullname" .) .Values.serviceAccount.name }}
+{{- end -}}
+
+{{/*
+Render security context
+*/}}
+{{- define "splunk-synthetics-runner.containerSecurityContext" -}}
+{{- $secContext := .Values.containerSecurityContext -}}
+{{- $netadminCap := dict "allowPrivilegeEscalation" true "capabilities" (dict "add" (list "NET_ADMIN")) -}}
+{{- if and .Values.synthetics.enableNetworkShaping (not $secContext) -}}
+  {{/* if no custom security context provided but n/w shaping is enabled, add CAP_NET_ADMIN */}}
+  {{- $secContext = $netadminCap }}
+{{- else if and $secContext .Values.synthetics.enableNetworkShaping -}}
+{{/* if custom securityContext exists and net shaping is enabled, we try to merge the two for final context */}}
+    {{- if (((.Values.containerSecurityContext).capabilities).add) -}}
+    {{/* custom secContext has capabilities.add, we append NET_ADMIN */}}
+    {{- $_ := set $secContext.capabilities "add" (mustAppend .Values.containerSecurityContext.capabilities.add "NET_ADMIN" | uniq) -}}
+    {{- else -}}
+    {{- $secContext = mustMerge $netadminCap .Values.containerSecurityContext -}}
+    {{- end -}}
+{{- end -}}
+{{ toYaml $secContext }}
+{{- end -}}
+
+{{/*
+Render names compliant with DNS label standard as defined in RFC 1123
+*/}}
+{{- define "cleanupNames" -}}
+  {{- $name := regexReplaceAll "\\W+" . "-" | lower -}}
+  {{- $name = regexReplaceAll "^-+|-+$" $name "" | trunc 63 | trimSuffix "-" -}}
+  {{- $name -}}
+{{- end -}}