Merge branch 'develop' into thomasn/standardize-comments

.github/workflows/chart.yaml

@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -78,7 +78,7 @@ jobs:
     name: ${{ matrix.k8s-version.name }} test
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -157,7 +157,7 @@ jobs:
         - distribution: openshift
           version: 4.15.0-okd
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       # Outputs: `cluster-kubeconfig`, `cluster-id`
@@ -213,7 +213,7 @@ jobs:
         - distribution: eks
           version: v1.30
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       # Outputs: `cluster-kubeconfig`, `cluster-id`

.github/workflows/link-checker.yaml

@@ -19,7 +19,7 @@ jobs:
       ## Ref: https://github.com/lycheeverse/lychee#commandline-parameters
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v1
+        uses: lycheeverse/lychee-action@v2
         with:
           fail: true
           debug: false

.github/workflows/upgrade.yaml

@@ -65,7 +65,7 @@ jobs:
     name: ${{ matrix.target }} upgrade test
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Create KinD cluster
         uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0

.lycheeignore

@@ -7,6 +7,7 @@ prometheus.monitor.azure.com
 
 # Prometheus
 cost-analyzer-prometheus-server
+prometheus-k8s
 kubecost-prometheus-server
 kubecost-cost-analyzer-mimir-proxy
 prometheus-operated
@@ -38,3 +39,4 @@ cluster-a.kubecost.com
 cluster-b.kubecost.com
 https://hooks.slack.com/services/
 https://xxxxx.webhook.office.com/
+kubecost.me.com

ISSUE_GUIDELINES.md

@@ -1,16 +1,16 @@
 # Issue Guidelines
 
-Issues filed in this repository are specific to the Kubecost Helm chart only. If your issue pertains to the Kubecost application and not the Helm chart, follow the guidance below.
+Issues filed in this repository are specific to the Kubecost Helm chart only. If your issue pertains to the Kubecost application and not the Helm chart, please raise a request at https://support.kubecost.com.
 
 To help route you to the best location, see some examples of feature requests and bug reports [below](#examples-of-helm-requests).
 
 ## Kubecost Feature Requests
 
-For all feature requests to Kubecost, please create an enhancement request in the [feature requests and bugs repository](https://github.com/kubecost/features-bugs).
+For all feature requests to Kubecost, please create an enhancement request at https://support.kubecost.com.
 
 ## Kubecost Bug Reports
 
-Bug reports for the Kubecost application stack should be directed to the [feature requests and bugs repository](https://github.com/kubecost/features-bugs).
+Bug reports for the Kubecost application stack should be directed to https://support.kubecost.com.
 
 ## Examples of Helm Requests
 

README.md

@@ -71,8 +71,6 @@ Parameter | Description | Default
 `ingress.paths` | Ingress paths | `["/"]`
 `ingress.hosts` | Ingress hostnames | `[cost-analyzer.local]`
 `ingress.tls` | Ingress TLS configuration (YAML) | `[]`
-`kubecostModel.ingress.*` | Same as ingress.*, but will create an ingress directly to the model | `{ enabled: false }`
-`networkPolicy.enabled` | If true, create a NetworkPolicy to deny egress  | `false`
 `networkCosts.enabled` | If true, collect network allocation metrics [More info](https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/cost-allocation/network-allocation) | `false`
 `networkCosts.podMonitor.enabled` | If true, a [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor) for the network-cost daemonset is created | `false`
 `serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false`

cost-analyzer/README.md

@@ -52,12 +52,6 @@ The following table lists commonly used configuration parameters for the Kubecos
 | `ingress.paths`                                                                    | Ingress paths                                                                                                                                                | `["/"]`                                               |
 | `ingress.hosts`                                                                    | Ingress hostnames                                                                                                                                            | `[cost-analyzer.local]`                               |
 | `ingress.tls`                                                                      | Ingress TLS configuration (YAML)                                                                                                                             | `[]`                                                  |
-| `networkPolicy.enabled`                                                            | If true, create a NetworkPolicy to deny egress                                                                                                               | `false`                                               |
-| `networkPolicy.costAnalyzer.enabled`                                               | If true, create a newtork policy for cost-analzyer                                                                                                           | `false`                                               |
-| `networkPolicy.costAnalyzer.annotations`                                           | Annotations to be added to the network policy                                                                                                                | `{}`                                                  |
-| `networkPolicy.costAnalyzer.additionalLabels`                                      | Additional labels to be added to the network policy                                                                                                          | `{}`                                                  |
-| `networkPolicy.costAnalyzer.ingressRules`                                          | A list of network policy ingress rules                                                                                                                       | `null`                                                |
-| `networkPolicy.costAnalyzer.egressRules`                                           | A list of network policy egress rules                                                                                                                        | `null`                                                |
 | `networkCosts.enabled`                                                             | If true, collect network allocation metrics [More info](http://docs.kubecost.com/network-allocation)                                                         | `false`                                               |
 | `networkCosts.podMonitor.enabled`                                                  | If true, a [PodMonitor](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor) for the network-cost daemonset is created | `false`                                               |
 | `serviceMonitor.enabled`                                                           | Set this to `true` to create ServiceMonitor for Prometheus operator                                                                                          | `false`                                               |

cost-analyzer/templates/NOTES.txt

@@ -9,6 +9,7 @@
 {{- include "federatedStorageSourceCheck" . -}}
 {{- include "prometheusRetentionCheck" . -}}
 {{- include "clusterIDCheck" . -}}
+{{- include "kubeRBACProxyBearerTokenCheck" . -}}
 
 {{- $servicePort := .Values.service.port | default 9090 }}
 Kubecost {{ .Chart.Version }} has been successfully installed.

cost-analyzer/templates/_helpers.tpl

@@ -79,15 +79,6 @@ Kubecost 2.0 preconditions
     {{- end -}}
   {{- end -}}
 
-  {{- if not .Values.kubecostModel.etlFileStoreEnabled -}}
-    {{- fail "\n\nKubecost 2.0 does not support running fully in-memory. Some file system must be available to store cost data." -}}
-  {{- end -}}
-
-
-  {{- if .Values.kubecostModel.openSourceOnly -}}
-    {{- fail "In Kubecost 2.0, kubecostModel.openSourceOnly is not supported" -}}
-  {{- end -}}
-
   {{/* Aggregator config reconciliation and common config */}}
   {{- if eq (include "aggregator.deployMethod" .) "statefulset" -}}
     {{- if .Values.kubecostAggregator -}}
@@ -203,6 +194,15 @@ Verify a cluster_id is set in the Prometheus global config
   {{- end -}}
 {{- end -}}
 
+{{/*
+  Verify if both kube-rbac-proxy and bearer token are set
+*/}}
+{{- define "kubeRBACProxyBearerTokenCheck" -}}
+{{- if and (.Values.global.prometheus.kubeRBACProxy) (.Values.global.prometheus.queryServiceBearerTokenSecretName) }}
+  {{- fail "\n\nBoth kubeRBACProxy and queryServiceBearerTokenSecretName are set. Please specify only one." -}}
+{{- end -}}
+{{- end -}}
+
 
 {{/*
 Verify the cloud integration secret exists with the expected key when cloud integration is enabled.
@@ -1265,10 +1265,6 @@ Begin Kubecost 2.0 templates
     - name: federated-storage-config
       mountPath: /var/configs/etl/federated
       readOnly: true
-  {{- else if .Values.kubecostModel.etlBucketConfigSecret }}
-    - name: etl-bucket-config
-      mountPath: /var/configs/etl
-      readOnly: true
   {{- end }}
   {{- if or (.Values.kubecostProductConfigs).cloudIntegrationSecret (.Values.kubecostProductConfigs).cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaBucketName) }}
     - name: cloud-integration
@@ -1291,10 +1287,6 @@ Begin Kubecost 2.0 templates
   env:
     - name: CONFIG_PATH
       value: /var/configs/
-    {{- if .Values.kubecostModel.etlBucketConfigSecret }}
-    - name: ETL_BUCKET_CONFIG
-      value: /var/configs/etl/object-store.yaml
-    {{- end}}
     {{- if or .Values.kubecostModel.federatedStorageConfigSecret .Values.kubecostModel.federatedStorageConfig }}
     - name: FEDERATED_STORE_CONFIG
       value: /var/configs/etl/federated/federated-store.yaml
@@ -1366,7 +1358,7 @@ Groups is only used when using external RBAC.
 Backups configured flag for nginx configmap
 */}}
 {{- define "dataBackupConfigured" -}}
-  {{- if or (.Values.kubecostModel).etlBucketConfigSecret (.Values.kubecostModel).federatedStorageConfigSecret (.Values.kubecostModel).federatedStorageConfig -}}
+  {{- if or (.Values.kubecostModel).federatedStorageConfigSecret (.Values.kubecostModel).federatedStorageConfig -}}
     {{- printf "true" -}}
   {{- else -}}
     {{- printf "false" -}}
@@ -1487,7 +1479,6 @@ for more information
   "alibaba-service-key-secret.yaml"
   "aws-service-key-secret.yaml"
   "azure-service-key-secret.yaml"
-  "azure-storage-config-secret.yaml"
   "cloud-integration-secret.yaml"
   "cost-analyzer-account-mapping-configmap.yaml"
   "cost-analyzer-alerts-configmap.yaml"
@@ -1506,14 +1497,12 @@ for more information
   "cost-analyzer-smtp-configmap.yaml"
   "external-grafana-config-map-template.yaml"
   "gcpstore-config-map-template.yaml"
-  "grafana-secret.yaml"
+  "grafana/grafana-secret.yaml"
   "install-plugins.yaml"
   "integrations-postgres-queries-configmap.yaml"
   "integrations-postgres-secret.yaml"
-  "kubecost-agent-secret-template.yaml"
-  "kubecost-agent-secretprovider-template.yaml"
+  "kubecost-cluster-context-switcher.yaml"
   "kubecost-cluster-controller-actions-config.yaml"
-  "kubecost-cluster-manager-configmap-template.yaml"
   "kubecost-oidc-secret-template.yaml"
   "kubecost-saml-secret-template.yaml"
   "mimir-proxy-configmap-template.yaml"
@@ -1525,4 +1514,27 @@ for more information
   {{- $checksum = printf "%s%s" $checksum $content | sha256sum -}}
 {{- end -}}
 {{- $checksum | sha256sum -}}
-{{- end -}}
+{{- end -}}
+
+{{- define "cost-model.image" }}
+{{- if .Values.kubecostModel }}
+  {{- if .Values.kubecostModel.fullImageName }}
+    {{ .Values.kubecostModel.fullImageName }}
+  {{- else if .Values.imageVersion }}
+    {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }}
+  {{- else if eq "development" .Chart.AppVersion }}
+    gcr.io/kubecost1/cost-model-nightly:latest
+  {{- else }}
+    {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }}
+  {{- end }}
+{{- else }}
+  gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }}
+{{- end }}
+{{- end }}
+
+{{- define "cost-model.imagetag" }}
+{{- $image := include "cost-model.image" . }}
+{{- $parts := splitList ":" $image }}
+{{- $tag := last $parts }}
+{{- $tag }}
+{{- end }}

cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml

@@ -19,6 +19,13 @@ metadata:
     {{- with .Values.global.additionalLabels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
+  annotations:
+  {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.kubecostAggregator.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   replicas: 1
   selector:
@@ -56,12 +63,6 @@ spec:
       restartPolicy: Always
       serviceAccountName: {{ template "cloudCost.serviceAccountName" . }}
       volumes:
-        {{- if .Values.kubecostModel.etlBucketConfigSecret }}
-        - name: etl-bucket-config
-          secret:
-            defaultMode: 420
-            secretName: {{ .Values.kubecostModel.etlBucketConfigSecret }}
-        {{- end }}
         {{- if or .Values.kubecostModel.federatedStorageConfigSecret .Values.kubecostModel.federatedStorageConfig }}
         - name: federated-storage-config
           secret:
@@ -105,16 +106,20 @@ spec:
           secret:
             secretName: {{ .Values.kubecostModel.plugins.secretName }}
             items:
-              - key: datadog_config.json
-                path: datadog_config.json
+             {{- range $key, $config := .Values.kubecostModel.plugins.enabledPlugins }}
+              - key: {{ $config }}_config.json
+                path: {{ $config }}_config.json
+            {{- end }}
         {{- end }}
         {{- if .Values.kubecostModel.plugins.existingCustomSecret.enabled }}
         - name: plugins-config
           secret:
             secretName: {{ .Values.kubecostModel.plugins.existingCustomSecret.name }}
             items:
-              - key: datadog_config.json
-                path: datadog_config.json
+            {{- range $key, $config := .Values.kubecostModel.plugins.enabledPlugins }}
+              - key: {{ $config }}_config.json
+                path: {{ $config }}_config.json
+            {{- end }}
         {{- end }}
         - name: tmp
           emptyDir: {}
@@ -140,7 +145,9 @@ spec:
         {{- include "aggregator.cloudCost.containerTemplate" . | nindent 8 }}
     {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
-      {{ toYaml .Values.imagePullSecrets | indent 2 }}
+      {{- range $.Values.imagePullSecrets }}
+        - name: {{ .name }}
+      {{- end }}
     {{- end }}
       {{- if .Values.kubecostAggregator.priority }}
       {{- if .Values.kubecostAggregator.priority.enabled }}
@@ -163,4 +170,4 @@ spec:
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-{{- end }}
+{{- end }}

cost-analyzer/templates/aggregator-statefulset.yaml

@@ -11,6 +11,13 @@ metadata:
     {{- with .Values.global.additionalLabels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
+  annotations:
+  {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.kubecostAggregator.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   replicas: {{ .Values.kubecostAggregator.replicas }}
   serviceName: {{ template "aggregator.serviceName" . }}
@@ -181,7 +188,9 @@ spec:
 
     {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
-      {{ toYaml .Values.imagePullSecrets | indent 2 }}
+      {{- range $.Values.imagePullSecrets }}
+        - name: {{ .name }}
+      {{- end }}
     {{- end }}
       {{- if .Values.kubecostAggregator.priority }}
       {{- if .Values.kubecostAggregator.priority.enabled }}
@@ -205,4 +214,4 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}

cost-analyzer/templates/awsstore-deployment-template.yaml

@@ -10,6 +10,13 @@ metadata:
     {{- with .Values.global.additionalLabels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
+  annotations:
+  {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.awsstore.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   selector:
     matchLabels: