From f78d015dffa2f8be13a48269f20c440735747f10 Mon Sep 17 00:00:00 2001 From: jmatsuok Date: Fri, 7 Mar 2025 15:36:48 -0500 Subject: [PATCH] Implement declarative automated rules --- charts/cryostat/README.md | 2 + .../templates/cryostat_deployment.yaml | 15 +++++ .../tests/cryostat_deployment_test.yaml | 57 ++++++++++++++++++- charts/cryostat/values.schema.json | 26 +++++++++ charts/cryostat/values.yaml | 7 +++ 5 files changed, 105 insertions(+), 2 deletions(-) diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index d2b1aed..9c01d63 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -84,6 +84,8 @@ helm install cryostat ./charts/cryostat | `core.discovery.kubernetes.portNames` | List of port names that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | | `core.discovery.kubernetes.builtInPortNumbersDisabled` | When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. | `false` | | `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | +| `core.config.declarative.fsMode` | default filesystem mode (permissions) for declarative configuration volumes | `440` | +| `core.config.rules.configMapNames` | List of ConfigMap names. Each ConfigMap is expected to contain one or more files, which are automated rule definitions, to be mounted to the Cryostat container. | `[]` | ### Report Generator Deployment diff --git a/charts/cryostat/templates/cryostat_deployment.yaml b/charts/cryostat/templates/cryostat_deployment.yaml index cb0fbca..5ada30b 100644 --- a/charts/cryostat/templates/cryostat_deployment.yaml +++ b/charts/cryostat/templates/cryostat_deployment.yaml @@ -141,6 +141,12 @@ spec: failureThreshold: 18 resources: {{- toYaml .Values.core.resources | nindent 12 }} + {{- if .Values.core.config.rules.configMapNames}} + volumeMounts: + - name: declarative-rules + mountPath: /opt/cryostat.d/rules.d + readOnly: true + {{- end }} - name: {{ printf "%s-%s" .Chart.Name "grafana" }} securityContext: {{- toYaml .Values.grafana.securityContext | nindent 12 }} @@ -216,3 +222,12 @@ spec: secret: secretName: {{ .Release.Name }}-proxy-tls {{- end }} + - name: declarative-rules + projected: + defaultMode: {{ .Values.core.config.declarative.fsMode }} + sources: + {{- range .Values.core.config.rules.configMapNames}} + - configMap: + name: {{ . }} + optional: false + {{- end }} diff --git a/charts/cryostat/tests/cryostat_deployment_test.yaml b/charts/cryostat/tests/cryostat_deployment_test.yaml index e8a3064..b0b4492 100644 --- a/charts/cryostat/tests/cryostat_deployment_test.yaml +++ b/charts/cryostat/tests/cryostat_deployment_test.yaml @@ -180,7 +180,8 @@ tests: requests: cpu: 500m memory: 384Mi - + - notExists: + path: spec.template.spec.contains[?(@.name=='cryostat')].volumeMounts - it: should set log level set: core: @@ -513,4 +514,56 @@ tests: - equal: path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].imagePullPolicy value: "IfNotPresent" - + - it: should add volume mounts for declarative automated rules + set: + core.config.rules.configMapNames: ['a', 'b'] + asserts: + - equal: + path: spec.template.spec.containers[?(@.name=='cryostat')].volumeMounts + value: + - name: declarative-rules + mountPath: /opt/cryostat.d/rules.d + readOnly: true + - equal: + path: spec.template.spec.volumes + value: + - name: alpha-config + configMap: + name: RELEASE-NAME-alpha-config + - name: declarative-rules + projected: + defaultMode: 0440 + sources: + - configMap: + name: a + optional: false + - configMap: + name: b + optional: false + - it: should add volume mounts for declarative rules with a specific default fs mode + set: + core.config.rules.configMapNames: ['a', 'b'] + core.config.declarative.fsMode: 0644 + asserts: + - equal: + path: spec.template.spec.containers[?(@.name=='cryostat')].volumeMounts + value: + - name: declarative-rules + mountPath: /opt/cryostat.d/rules.d + readOnly: true + - equal: + path: spec.template.spec.volumes + value: + - name: alpha-config + configMap: + name: RELEASE-NAME-alpha-config + - name: declarative-rules + projected: + defaultMode: 0644 + sources: + - configMap: + name: a + optional: false + - configMap: + name: b + optional: false diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index f94e994..dbfa428 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -258,6 +258,32 @@ } } } + }, + "config": { + "type": "object", + "properties": { + "declarative": { + "type": "object", + "properties": { + "fsMode": { + "type": "number", + "description": "default filesystem mode (permissions) for declarative configuration volumes", + "default": 440 + } + } + }, + "rules": { + "type": "object", + "properties": { + "configMapNames": { + "type": "array", + "description": "List of ConfigMap names. Each ConfigMap is expected to contain one or more files, which are automated rule definitions, to be mounted to the Cryostat container.", + "default": [], + "items": {} + } + } + } + } } } }, diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index ce91cd1..ffe4123 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -85,6 +85,13 @@ core: builtInPortNumbersDisabled: false ## @param core.discovery.kubernetes.portNumbers [array] List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable portNumbers: [] + config: + declarative: + ## @param core.config.declarative.fsMode default filesystem mode (permissions) for declarative configuration volumes + fsMode: 0440 + rules: + ## @param core.config.rules.configMapNames [array] List of ConfigMap names. Each ConfigMap is expected to contain one or more files, which are automated rule definitions, to be mounted to the Cryostat container. + configMapNames: [] ## @section Report Generator Deployment ## @extra reports Configuration for the Reports Generator deployment