From c942e55ceea4ce28e84168bb672a83572d0a6313 Mon Sep 17 00:00:00 2001
From: Dileep Ranganathan <dileep.ranganathan@intel.com>
Date: Fri, 25 Jan 2019 02:44:36 -0800
Subject: Helm charts for Distributed Edge Analytics.

Initial Helm charts for CollectD, Prometheus Operator,
Kafka Strimzi operator, Rook Ceph Operator.

Change-Id: I7323029bd0bf1e4b39aac329fc567f705a59bc0c
Issue-ID: ONAPARC-366
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
---
 .../prometheus/additionalAlertRelabelConfigs.yaml  |  11 ++
 .../prometheus/additionalAlertmanagerConfigs.yaml  |  11 ++
 .../prometheus/additionalScrapeConfigs.yaml        |  11 ++
 .../templates/prometheus/clusterrole.yaml          |  35 +++++
 .../templates/prometheus/clusterrolebinding.yaml   |  18 +++
 .../templates/prometheus/ingress.yaml              |  33 ++++
 .../templates/prometheus/podDisruptionBudget.yaml  |  20 +++
 .../templates/prometheus/prometheus.yaml           | 173 +++++++++++++++++++++
 .../templates/prometheus/psp-clusterrole.yaml      |  15 ++
 .../prometheus/psp-clusterrolebinding.yaml         |  18 +++
 .../templates/prometheus/psp.yaml                  |  47 ++++++
 .../templates/prometheus/role-config.yaml          |  16 ++
 .../prometheus/role-specificNamespace.yaml         |  27 ++++
 .../templates/prometheus/rolebinding-config.yaml   |  17 ++
 .../prometheus/rolebinding-specificNamespace.yaml  |  23 +++
 .../templates/prometheus/service.yaml              |  44 ++++++
 .../templates/prometheus/serviceaccount.yaml       |  11 ++
 .../templates/prometheus/servicemonitor.yaml       |  21 +++
 .../templates/prometheus/servicemonitors.yaml      |  29 ++++
 19 files changed, 580 insertions(+)
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml
 create mode 100644 vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml

(limited to 'vnfs/DAaaS/prometheus-operator/templates/prometheus')

diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml
new file mode 100644
index 00000000..1c54f40b
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-relabel-confg
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus-am-relabel-confg
+{{ include "prometheus-operator.labels" . | indent 4 }}
+data:
+  additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml
new file mode 100644
index 00000000..4475e7bd
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-confg
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus-am-confg
+{{ include "prometheus-operator.labels" . | indent 4 }}
+data:
+  additional-alertmanager-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml
new file mode 100644
index 00000000..9d6bb616
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-scrape-confg
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus-scrape-confg
+{{ include "prometheus-operator.labels" . | indent 4 }}
+data:
+  additional-scrape-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
new file mode 100644
index 00000000..799027d9
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
@@ -0,0 +1,35 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes/metrics
+  verbs:
+  - get
+  - list
+  - watch
+# This permission are not in the prometheus-operator repo
+# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml
new file mode 100644
index 00000000..b0c0e9e1
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml
new file mode 100644
index 00000000..e013e960
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml
@@ -0,0 +1,33 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }}
+{{- $routePrefix := .Values.prometheus.prometheusSpec.routePrefix }}
+{{- $serviceName := printf "%s-%s" (include "prometheus-operator.fullname" .) "prometheus" }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+{{- if .Values.prometheus.ingress.annotations }}
+  annotations:
+{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }}
+{{- end }}
+  name: {{ $serviceName }}
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+{{- if .Values.prometheus.ingress.labels }}
+{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
+{{- end }}
+spec:
+  rules:
+    {{- range $host := .Values.prometheus.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: "{{ $routePrefix }}"
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: 9090
+    {{- end }}
+{{- if .Values.prometheus.ingress.tls }}
+  tls:
+{{ toYaml .Values.prometheus.ingress.tls | indent 4 }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml
new file mode 100644
index 00000000..a51cda5d
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+  {{- if .Values.prometheus.podDisruptionBudget.minAvailable }}
+  minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }}
+  {{- end  }}
+  {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }}
+  {{- end  }}
+  selector:
+    matchLabels:
+      app: prometheus
+      prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml
new file mode 100644
index 00000000..509142e2
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml
@@ -0,0 +1,173 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }}
+kind: Prometheus
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+  alerting:
+    alertmanagers:
+{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }}
+{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }}
+{{- else }}
+      - namespace: {{ .Release.Namespace }}
+        name: {{ template "prometheus-operator.fullname" . }}-alertmanager
+        port: web
+        {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
+        pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
+        {{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.image }}
+  baseImage: {{ .Values.prometheus.prometheusSpec.image.repository }}
+  version: {{ .Values.prometheus.prometheusSpec.image.tag }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.externalLabels }}
+  externalLabels:
+{{ toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4}}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.externalUrl }}
+  externalUrl: "{{ .Values.prometheus.prometheusSpec.externalUrl }}"
+{{- else if .Values.prometheus.ingress.enabled }}
+  externalUrl: "http://{{ index .Values.prometheus.ingress.hosts 0 }}{{ .Values.prometheus.prometheusSpec.routePrefix }}"
+{{- else }}
+  externalUrl: http://{{ template "prometheus-operator.fullname" . }}-prometheus.{{ .Release.Namespace }}:9090
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.nodeSelector }}
+  nodeSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }}
+{{- end }}
+  paused: {{ .Values.prometheus.prometheusSpec.paused }}
+  replicas: {{ .Values.prometheus.prometheusSpec.replicas }}
+  logLevel:  {{ .Values.prometheus.prometheusSpec.logLevel }}
+  listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }}
+{{- if .Values.prometheus.prometheusSpec.scrapeInterval }}
+  scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.evaluationInterval }}
+  evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.resources }}
+  resources:
+{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }}
+{{- end }}
+  retention: {{ .Values.prometheus.prometheusSpec.retention | quote  }}
+{{- if .Values.prometheus.prometheusSpec.routePrefix }}
+  routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote  }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.secrets }}
+  secrets:
+{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.configMaps }}
+  configMaps:
+{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }}
+{{- end }}
+  serviceAccountName: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }}
+  serviceMonitorSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }}
+{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues  }}
+  serviceMonitorSelector:
+    matchLabels:
+      release: {{ .Release.Name | quote }}
+{{ else }}
+  serviceMonitorSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }}
+  serviceMonitorNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }}
+{{ else }}
+  serviceMonitorNamespaceSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.remoteRead }}
+  remoteRead:
+{{ toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.remoteWrite }}
+  remoteWrite:
+{{ toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.securityContext }}
+  securityContext:
+{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }}
+{{- end }}
+
+{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }}
+  ruleNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.ruleSelector }}
+  ruleSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}}
+{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }}
+  ruleSelector:    
+    matchLabels:
+      app: {{ template "prometheus-operator.name" . }}
+      release: {{ .Release.Name | quote }}
+  {{- end }}
+{{- if .Values.prometheus.prometheusSpec.storageSpec }}
+  storage:
+{{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }}
+{{- end }}
+  {{- if .Values.prometheus.prometheusSpec.podMetadata }}
+  podMetadata:
+{{ toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4 }}
+  {{- end }}
+{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }}
+  affinity:
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - topologyKey: kubernetes.io/hostname
+        labelSelector:
+          matchLabels:
+            app: prometheus
+            prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }}
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          topologyKey: kubernetes.io/hostname
+          labelSelector:
+            matchLabels:
+              app: prometheus
+              prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.tolerations }}
+  tolerations:
+{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+  imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 4 }}
+{{- end }}
+{{- if or .Values.prometheus.prometheusSpec.additionalScrapeConfigs .Values.prometheus.prometheusSpec.additionalScrapeConfigsExternal }}
+  additionalScrapeConfigs:
+    name: {{ template "prometheus-operator.fullname" . }}-prometheus-scrape-confg
+    key: additional-scrape-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
+  additionalAlertManagerConfigs:
+    name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-confg
+    key: additional-alertmanager-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
+  additionalAlertRelabelConfigs:
+    name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-relabel-confg
+    key: additional-alert-relabel-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.containers }}
+  containers:
+{{ toYaml .Values.prometheus.prometheusSpec.containers | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.priorityClassName }}
+  priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.thanos }}
+  thanos:
+{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml
new file mode 100644
index 00000000..a2ab02db
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups: ['extensions']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml
new file mode 100644
index 00000000..08faa722
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml
new file mode 100644
index 00000000..40d33462
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml
@@ -0,0 +1,47 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  # allowPrivilegeEscalation: false
+  # This is redundant with non-root + disallow privilege escalation,
+  # but we can provide it for defense in depth.
+  #requiredDropCapabilities:
+  #  - ALL
+  # Allow core volume types.
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    - 'persistentVolumeClaim'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Permits the container to run with root privileges as well.
+    rule: 'RunAsAny'
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 0
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 0
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml
new file mode 100644
index 00000000..eef28dad
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-config
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+{{- end}}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml
new file mode 100644
index 00000000..9fe3f20e
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.prometheus.rbac.roleNamespaces }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleList
+items:
+{{- range uniq (append .Values.prometheus.rbac.roleNamespaces .Release.Namespace) }}
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: Role
+  metadata:
+    name: {{ template "prometheus-operator.fullname" $ }}-prometheus
+    labels:
+      app: {{ template "prometheus-operator.name" $ }}-prometheus
+{{ include "prometheus-operator.labels" $ | indent 6 }}
+    namespace: {{ . | quote }}
+  rules:
+  - apiGroups:
+    - ""
+    resources:
+    - nodes
+    - services
+    - endpoints
+    - pods
+    verbs:
+    - get
+    - list
+    - watch
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml
new file mode 100644
index 00000000..89fb9ce7
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus-config
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+subjects:
+- kind: ServiceAccount
+  name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml
new file mode 100644
index 00000000..64161876
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBindingList
+items:
+{{- range uniq (append .Values.prometheus.rbac.roleNamespaces .Release.Namespace) }}
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    name: {{ template "prometheus-operator.fullname" $ }}-prometheus
+    labels:
+      app: {{ template "prometheus-operator.name" $ }}-prometheus
+{{ include "prometheus-operator.labels" $ | indent 6 }}
+    namespace: {{ . | quote }}
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: {{ template "prometheus-operator.fullname" $ }}-prometheus
+  subjects:
+  - kind: ServiceAccount
+    name: {{ template "prometheus-operator.prometheus.serviceAccountName" $ }}
+    namespace: {{ $.Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml
new file mode 100644
index 00000000..831a8814
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+{{- if .Values.prometheus.service.annotations }}
+  annotations:
+{{ toYaml .Values.prometheus.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.prometheus.service.clusterIP }}
+  clusterIP: {{ .Values.prometheus.service.clusterIP }}
+{{- end }}
+{{- if .Values.prometheus.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.prometheus.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }}
+    - {{ $cidr }}
+  {{- end }}
+{{- end }}
+  ports:
+  - name: web
+    {{- if eq .Values.prometheus.service.type "NodePort" }}
+    nodePort: {{ .Values.prometheus.service.nodePort }}
+    {{- end }}
+    port: 9090
+    {{- if eq .Values.prometheus.service.type "NodePort" }}
+    nodePort: {{ .Values.prometheus.service.nodePort }}
+    {{- end }}
+    targetPort: web
+  selector:
+    app: prometheus
+    prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+  type: "{{ .Values.prometheus.service.type }}"
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml
new file mode 100644
index 00000000..88df10ad
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.prometheus.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml
new file mode 100644
index 00000000..36790450
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }}
+apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }}
+kind: ServiceMonitor
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "prometheus-operator.name" . }}-prometheus
+      release: {{ .Release.Name | quote }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
+  endpoints:
+  - port: web
+    interval: 30s
+    path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics"
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml
new file mode 100644
index 00000000..61f3ca3c
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml
@@ -0,0 +1,29 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }}
+apiVersion: v1
+kind: List
+items:
+{{- range .Values.prometheus.additionalServiceMonitors }}
+  - apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }}
+    kind: ServiceMonitor
+    metadata:
+      name: {{ .name }}
+      labels:
+        app: {{ template "prometheus-operator.name" $ }}-prometheus
+{{ include "prometheus-operator.labels" $ | indent 8 }}
+        {{- if .additionalLabels }}
+{{ toYaml .additionalLabels | indent 8 }}
+        {{- end }}
+    spec:
+      endpoints:
+{{ toYaml .endpoints | indent 8 }}
+    {{- if .jobLabel }}
+      jobLabel: {{ .jobLabel }}
+    {{- end }}
+    {{- if .namespaceSelector }}
+      namespaceSelector:
+{{ toYaml .namespaceSelector | indent 8 }}
+    {{- end }}
+      selector:
+{{ toYaml .selector | indent 8 }}
+{{- end }}
+{{- end }}
-- 
cgit 1.2.3-korg