keptn-contrib
diff --git a/‎README.md
Lines changed: 17 additions & 3 deletions b/‎README.md
Lines changed: 17 additions & 3 deletions
diff --git a/‎chart/templates/_helpers.tpl
Lines changed: 1 addition & 5 deletions b/‎chart/templates/_helpers.tpl
Lines changed: 1 addition & 5 deletions
diff --git a/‎chart/templates/deployment.yaml
Lines changed: 61 additions & 16 deletions b/‎chart/templates/deployment.yaml
Lines changed: 61 additions & 16 deletions
diff --git a/‎chart/templates/serviceaccount.yaml
Lines changed: 112 additions & 0 deletions b/‎chart/templates/serviceaccount.yaml
Lines changed: 112 additions & 0 deletions
diff --git a/‎chart/values.yaml
Lines changed: 31 additions & 13 deletions b/‎chart/values.yaml
Lines changed: 31 additions & 13 deletions
@@ -29,7 +29,7 @@ Please always double-check the version of Keptn you are using compared to the ve
 |       0.9.0      |                           keptncontrib/prometheus-service:0.6.2                           |
 |   0.9.0 - 0.9.2  |                           keptncontrib/prometheus-service:0.7.0                           |
 |   0.10.0         |                           keptncontrib/prometheus-service:0.7.1                           |
-|   0.10.0         |                           keptncontrib/prometheus-service:0.7.2                           |
+|   0.10.0         |                      keptncontrib/prometheus-service:0.7.2 <PENDING>                      |
 
 
 ## Installation instructions
@@ -40,11 +40,14 @@ Keptn does not install or manage Prometheus and its components. Users need to in
 
 The easiest way would be to setup Prometheus using helm, e.g.:
 ```console
-kubectl create ns monitoring
+kubectl create namespace monitoring
 helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
 helm install prometheus prometheus-community/prometheus --namespace monitoring
 ```
 
+**Note**: After setting up prometheus, make sure to apply [deploy/role.yaml](deploy/role.yaml) such that prometheus-service can access the `monitoring` namespace (see instructions below).
+
+
 ### Install prometheus-service
 
 Please replace the placeholders in the commands below. Examples are provided.
@@ -60,6 +63,11 @@ Once this is done, you can go ahead and install prometheus-service:
 
 * Install Keptn prometheus-service in Kubernetes using
 
+```bash
+helm install -n keptn prometheus-service https://github.com/keptn-contrib/prometheus-service/releases/download/<VERSION>/prometheus-service-<VERSION>.tgz
+```
+
+Prior to version 0.7.2 installation should be done via `kubectl`:
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/keptn-contrib/prometheus-service/release-<VERSION>/deploy/service.yaml
 ```
@@ -71,8 +79,14 @@ kubectl apply -f https://raw.githubusercontent.com/keptn-contrib/prometheus-serv
 ```
 
 
-* Replace the environment variable value according to the use case and apply the manifest:
+* (Optional) Replace the environment variable value according to the use case and apply the manifest:
+
+```bash
+helm upgrade -n keptn prometheus-service https://github.com/keptn-contrib/prometheus-service/releases/download/<VERSION>/prometheus-service-<VERSION>.tgz --reuse-values --set=prometheus.namespace="<PROMETHEUS_NS>",prometheus.endpoint="<PROMETHEUS_ENDPOINT>",prometheus.namespace_am="<ALERT_MANAGER_NS>"
+```
+
 
+Prior to version 0.7.2 setting variables should be done via `kubectl`:
 ```
 # Prometheus installed namespace
 kubectl set env deployment/prometheus-service -n keptn --containers="prometheus-service" PROMETHEUS_NS="<PROMETHEUS_NS>"
 
@@ -54,9 +54,5 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Create the name of the service account to use
 */}}
 {{- define "prometheus-service.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "prometheus-service.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
+keptn-prometheus-service
 {{- end }}
@@ -18,7 +18,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "prometheus-service.selectorLabels" . | nindent 8 }}
+        {{- include "prometheus-service.labels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -39,18 +39,45 @@ spec:
               protocol: TCP
           livenessProbe:
             httpGet:
-              path: /healthz
+              path: /health
               port: http
           readinessProbe:
             httpGet:
-              path: /healthz
+              path: /health
               port: http
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            - name: METRICS_SCRAPE_PATH
+              value: '/metrics'
+            - name: CONFIGURATION_SERVICE
+              value: 'http://configuration-service:8080'
+            - name: PROMETHEUS_NS
+              value: '{{ .Values.prometheus.namespace }}'
+            - name: PROMETHEUS_CM
+              value: 'prometheus-server'
+            - name: PROMETHEUS_LABELS
+              value: 'component=server'
+            - name: PROMETHEUS_ENDPOINT
+              value: "{{ .Values.prometheus.endpoint }}"
+            - name: PROMETHEUS_CONFIG_FILENAME
+              value: 'prometheus.yml'
+            - name: ALERT_MANAGER_CONFIG_FILENAME
+              value: 'alertmanager.yml'
+            - name: ALERT_MANAGER_CM
+              value: 'prometheus-alertmanager'
+            - name: ALERT_MANAGER_LABELS
+              value: 'component=alertmanager'
+            - name: ALERT_MANAGER_NS
+              value: '{{ .Values.prometheus.namespace_am }}'
+            - name: ALERT_MANAGER_TEMPLATE_CM
+              value: 'alertmanager-templates'
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
         - name: distributor
-          image: keptn/distributor:0.9.1
-          ports:
-            - containerPort: 8081
+          image: "{{ .Values.distributor.image.repository }}:{{ .Values.distributor.image.tag | default .Chart.AppVersion }}"
           livenessProbe:
             httpGet:
               path: /health
@@ -63,45 +90,63 @@ spec:
               port: 10999
             initialDelaySeconds: 5
             periodSeconds: 5
+          imagePullPolicy: {{ .Values.distributor.image.pullPolicy }}
+          ports:
+            - containerPort: 8080
           resources:
             requests:
               memory: "16Mi"
               cpu: "25m"
             limits:
-              memory: "128Mi"
-              cpu: "250m"
+              memory: "32Mi"
+              cpu: "100m"
           env:
             - name: PUBSUB_URL
               value: 'nats://keptn-nats-cluster'
             - name: PUBSUB_TOPIC
               value: 'sh.keptn.event.monitoring.configure,sh.keptn.event.get-sli.triggered'
             - name: PUBSUB_RECIPIENT
-              value: 'prometheus-service'
+              value: '127.0.0.1'
+            - name: STAGE_FILTER
+              value: "{{ .Values.distributor.stageFilter }}"
+            - name: PROJECT_FILTER
+              value: "{{ .Values.distributor.projectFilter }}"
+            - name: SERVICE_FILTER
+              value: "{{ .Values.distributor.serviceFilter }}"
             - name: VERSION
               valueFrom:
                 fieldRef:
-                  apiVersion: v1
-                  fieldPath: 'metadata.labels[''app.kubernetes.io/version'']'
+                  fieldPath: metadata.labels['app.kubernetes.io/version']
+            - name: LOCATION
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.labels['app.kubernetes.io/component']
             - name: K8S_DEPLOYMENT_NAME
               valueFrom:
                 fieldRef:
-                  apiVersion: v1
-                  fieldPath: 'metadata.labels[''app.kubernetes.io/name'']'
+                  fieldPath: metadata.labels['app.kubernetes.io/name']
             - name: K8S_POD_NAME
               valueFrom:
                 fieldRef:
-                  apiVersion: v1
                   fieldPath: metadata.name
             - name: K8S_NAMESPACE
               valueFrom:
                 fieldRef:
-                  apiVersion: v1
                   fieldPath: metadata.namespace
             - name: K8S_NODE_NAME
               valueFrom:
                 fieldRef:
-                  apiVersion: v1
                   fieldPath: spec.nodeName
+            {{- if .Values.remoteControlPlane.enabled }}
+            - name: KEPTN_API_ENDPOINT
+              value: "{{ .Values.remoteControlPlane.api.protocol }}://{{ .Values.remoteControlPlane.api.hostname }}/api"
+            - name: KEPTN_API_TOKEN
+              value: "{{ .Values.remoteControlPlane.api.token }}"
+            - name: HTTP_SSL_VERIFY
+              {{- $apiValidateTls := .Values.remoteControlPlane.api.apiValidateTls | ternary "true" "false" }}
+              value: "{{ $apiValidateTls }}"
+            {{- end }}
+
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
 
@@ -9,4 +9,116 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keptn-create-prom-clusterrole
+rules:
+  - apiGroups:
+      - "rbac.authorization.k8s.io"
+    resources:
+      - clusterroles
+      - clusterrolebindings
+    verbs:
+      - get
+      - create
+      - update
+    resourceNames:
+      - "prometheus"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keptn-prom-prometheus
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+      - nodes
+      - nodes/proxy
+      - pods
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - "ingresses"
+    verbs:
+      - get
+      - list
+      - watch
+  - nonResourceURLs: [ "/metrics" ]
+    verbs: [ "get" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keptn-read-secret-prometheus
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: keptn-prometheus-sli-service
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: keptn-read-secret-prometheus
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "prometheus-service.serviceAccountName" . }}
+    namespace: keptn
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: keptn-create-prom-clusterrole
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: keptn-create-prom-clusterrole
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "prometheus-service.serviceAccountName" . }}
+    namespace: keptn
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: keptn-prom-prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: keptn-prom-prometheus
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "prometheus-service.serviceAccountName" . }}
+    namespace: keptn
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: keptn-keptndomain-prom-service
+  namespace: keptn
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: keptn-read-keptndomain
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "prometheus-service.serviceAccountName" . }}
+    namespace: keptn
+
 {{- end }}
@@ -10,6 +10,28 @@ image:
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
 
+prometheus:
+  namespace: "monitoring"                    # K8s namespace where prometheus is installed
+  namespace_am: "monitoring"                 # K8s namespace where prometheus-alertmanager is installed
+  endpoint: "http://prometheus-server.monitoring.svc.cluster.local:80"   # HTTP Endpoint for Prometheus
+
+distributor:
+  stageFilter: ""                            # Sets the stage this helm service belongs to
+  serviceFilter: ""                          # Sets the service this helm service belongs to
+  projectFilter: ""                          # Sets the project this helm service belongs to
+  image:
+    repository: docker.io/keptn/distributor  # Container Image Name
+    pullPolicy: IfNotPresent                 # Kubernetes Image Pull Policy
+    tag: "0.10.0"                            # Container Tag
+
+remoteControlPlane:
+  enabled: false                             # Enables remote execution plane mode
+  api:
+    protocol: "https"                        # Used Protocol (http, https)
+    hostname: ""                             # Hostname of the control plane cluster (and Port)
+    apiValidateTls: true                     # Defines if the control plane certificate should be validated
+    token: ""                                # Keptn API Token
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -21,7 +43,7 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: "keptn-prometheus-service"
 
 podAnnotations: {}
 
@@ -38,7 +60,7 @@ securityContext: {}
 
 service:
   type: ClusterIP
-  port: 80
+  port: 8080
 
 ingress:
   enabled: false
@@ -56,17 +78,13 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources: # Resource limits and requests
+  limits:
+    cpu: 500m
+    memory: 128Mi
+  requests:
+    cpu: 50m
+    memory: 32Mi
 
 autoscaling:
   enabled: false