feat(reports): enable optional reports generator deployment

charts/cryostat/README.md

@@ -84,6 +84,21 @@ helm install cryostat ./charts/cryostat
 | `core.discovery.kubernetes.builtInPortNumbersDisabled` | When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. | `false` |
 | `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` |
 
+### Report Generator Deployment
+
+| Name | Description | Value |
+| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
+| `reports` | Configuration for the Reports Generator deployment | |
+| `reports.image.repository` | Repository for the Report Generator container image | `quay.io/cryostat/cryostat-reports` |
+| `reports.image.pullPolicy` | Image pull policy for the Report Generator container image | `Always` |
+| `reports.image.tag` | Tag for the Report Generator image | `4.0.0-snapshot` |
+| `reports.service.type` | Type of Service to create for the Report Generator Deployment | `ClusterIP` |
+| `reports.service.httpPort` | Port number to expose on the Service for the Report Generator Deployment | `10001` |
+| `reports.replicas` | Number of Report Generator replicas to deploy. If zero, the Deployment and Service will not be created and the main Cryostat container will handle all report generations on its own. | `0` |
+| `reports.resources.requests.cpu` | CPU resource request for each Pod in the Report Generator Deployment. | `500m` |
+| `reports.resources.requests.memory` | Memory resource request for each Pod in the Report Generator Deployment. | `512Mi` |
+| `reports.securityContext` | Security Context for the Report Generator containers. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` |
+
 ### Database Container
 
 | Name | Description | Value |

charts/cryostat/templates/cryostat_deployment.yaml

@@ -57,6 +57,10 @@ spec:
  value: none
  - name: QUARKUS_HIBERNATE_ORM_SQL_LOAD_SCRIPT
  value: no-file
+ {{- if gt (int (.Values.reports).replicas) 0 }}
+ - name: QUARKUS_REST_CLIENT_REPORTS_URL
+ value: {{ printf "http://%s-reports:%d" $fullName (int .Values.reports.service.httpPort) }}
+ {{- end }}
  - name: QUARKUS_DATASOURCE_USERNAME
  value: cryostat
  - name: QUARKUS_DATASOURCE_PASSWORD

charts/cryostat/templates/reports_deployment.yaml

@@ -0,0 +1,71 @@
+{{- $fullName := include "cryostat.fullname" . -}}
+---
+{{- if gt (int (.Values.reports).replicas) 0 -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "cryostat.fullname" . }}-reports
+ labels:
+ {{- include "cryostat.labels" . | nindent 4 }}
+spec:
+ replicas: {{ (.Values.reports).replicas }}
+ strategy:
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ {{- include "cryostat.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "cryostat.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "cryostat.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ printf "%s-%s" .Chart.Name "reports" }}
+ securityContext:
+ {{- toYaml (.Values.reports).securityContext | nindent 12 }}
+ image: "{{ (.Values.reports).image.repository }}:{{ (.Values.reports).image.tag }}"
+ imagePullPolicy: {{ (.Values.reports).image.pullPolicy }}
+ env:
+ - name: QUARKUS_HTTP_PORT
+ value: "{{ .Values.reports.service.httpPort }}"
+ ports:
+ - containerPort: {{ .Values.reports.service.httpPort }}
+ protocol: TCP
+ startupProbe:
+ httpGet:
+ path: "/health"
+ port: {{ .Values.reports.service.httpPort }}
+ periodSeconds: 10
+ failureThreshold: 9
+ livenessProbe:
+ httpGet:
+ path: "/health"
+ port: {{ .Values.reports.service.httpPort }}
+ periodSeconds: 10
+ failureThreshold: 2
+ resources:
+ {{- toYaml (.Values.reports).resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end -}}

charts/cryostat/templates/reports_service.yaml

@@ -0,0 +1,16 @@
+{{- $fullName := include "cryostat.fullname" . -}}
+---
+{{- if gt (int (.Values.reports).replicas) 0 -}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ $fullName }}-reports
+ labels:
+ {{- include "cryostat.labels" $ | nindent 4 }}
+spec:
+ type: {{ .Values.reports.service.type }}
+ ports:
+ - port: {{ .Values.reports.service.httpPort }}
+ selector:
+ {{- include "cryostat.selectorLabels" $ | nindent 4 }}
+{{- end -}}

charts/cryostat/tests/cryostat_deployment_test.yaml

@@ -121,6 +121,8 @@ tests:
  - equal:
  path: spec.template.spec.containers[?(@.name=='cryostat')].env[?(@.name=='AWS_SECRET_ACCESS_KEY')].value
  value: $(QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY)
+ - notExists:
+ path: spec.template.spec.containers[?(@.name=='cryostat')].env[?(@.name=='QUARKUS_REST_CLIENT_REPORTS_URL')].value
  - equal:
  path: spec.template.spec.containers[?(@.name=='cryostat')].env[?(@.name=='GRAFANA_DATASOURCE_URL')].value
  value: "http://localhost:8800"
@@ -170,6 +172,15 @@ tests:
  cpu: 500m
  memory: 384Mi
 
+ - it: should set environment variable if sidecar report generator is enabled
+ set:
+ reports:
+ replicas: 1
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[?(@.name=='cryostat')].env[?(@.name=='QUARKUS_REST_CLIENT_REPORTS_URL')].value
+ value: http://RELEASE-NAME-cryostat-reports:10001
+
  - it: should set oauth2proxy resource overrides
  set:
  oauth2Proxy:

charts/cryostat/tests/reports_deployment_test.yaml

@@ -0,0 +1,119 @@
+suite: test reports_deployment.yaml
+templates:
+ - reports_deployment.yaml
+
+tests:
+ - it: should verify general deployment settings when disabled
+ asserts:
+ - hasDocuments:
+ count: 0
+
+ - it: should verify general deployment settings when enabled
+ set:
+ reports:
+ replicas: 2
+ asserts:
+ - equal:
+ path: kind
+ value: Deployment
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-cryostat-reports
+ - equal:
+ path: spec.replicas
+ value: 2
+ - equal:
+ path: spec.strategy.type
+ value: Recreate
+ - equal:
+ path: spec.selector.matchLabels
+ value:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: cryostat
+ - equal:
+ path: spec.template.metadata.labels
+ value:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: cryostat
+ - equal:
+ path: spec.template.spec.serviceAccountName
+ value: RELEASE-NAME-cryostat
+ - equal:
+ path: spec.template.spec.securityContext.runAsNonRoot
+ value: true
+ - equal:
+ path: spec.template.spec.securityContext.seccompProfile.type
+ value: RuntimeDefault
+ - equal:
+ path: metadata.labels
+ value:
+ helm.sh/chart: cryostat-2.0.0-dev
+ app.kubernetes.io/name: cryostat
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/version: "4.0.0-dev"
+ app.kubernetes.io/managed-by: Helm
+
+ - it: should validate all container settings including environment variables and security contexts
+ set:
+ reports:
+ replicas: 1
+ asserts:
+ - exists:
+ path: spec.template.spec.containers[?(@.name=='cryostat-reports')]
+ - equal:
+ path: spec.template.spec.containers[?(@.name=='cryostat-reports')].image
+ value: "quay.io/cryostat/cryostat-reports:4.0.0-snapshot"
+ - equal:
+ path: spec.template.spec.containers[?(@.name=='cryostat-reports')].env[?(@.name=='QUARKUS_HTTP_PORT')].value
+ value: "10001"
+
+ - it: should apply Kubernetes specific settings when configured
+ set:
+ reports:
+ replicas: 1
+ nodeSelector:
+ disktype: ssd
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: disktype
+ operator: In
+ values:
+ - ssd
+ tolerations:
+ - key: "key"
+ operator: "Equal"
+ value: "value"
+ effect: "NoSchedule"
+ asserts:
+ - exists:
+ path: spec.template.spec.nodeSelector
+ - exists:
+ path: spec.template.spec.affinity
+ - exists:
+ path: spec.template.spec.tolerations
+
+ - it: should verify image pull policies for development snapshots
+ set:
+ reports:
+ replicas: 1
+ image:
+ tag: "4.0.0-snapshot"
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[?(@.name=='cryostat-reports')].imagePullPolicy
+ value: Always
+
+ - it: should verify image pull policies for release versions
+ set:
+ reports:
+ replicas: 1
+ image:
+ tag: "4.1.0"
+ pullPolicy: "IfNotPresent"
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[?(@.name=='cryostat-reports')].imagePullPolicy
+ value: "IfNotPresent"