Skip to content

Commit

Permalink
Merge branch 'develop' into dependabot/docker/cost-analyzer/grafana/g…
Browse files Browse the repository at this point in the history 
…rafana-11.4.0
  • Loading branch information
@jessegoodier
jessegoodier authored Dec 21, 2024
2 parents 8625bd3 + ba8f3c6 commit 253e8cc
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 4 deletions.
4 changes: 3 additions & 1 deletion .github/workflows/chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,8 +186,10 @@ jobs:
--set global.platforms.openshift.route.enabled=true \
--set global.platforms.openshift.scc.nodeExporter=true \
--set global.platforms.openshift.scc.networkCosts=true \
--set global.platforms.openshift.scc.clusterController=true \
--set networkCosts.enabled=true \
--set prometheus.nodeExporter.enabled=true
--set clusterController.enabled=true \
--set prometheus.nodeExporter.enabled=true
# run: ct install --namespace kubecost --chart-dirs=cost-analyzer/ --charts cost-analyzer/
- name: Wait for ready
run: kubectl wait -n kubecost --for=condition=ready pod --selector app.kubernetes.io/name=cost-analyzer --timeout=120s
Expand Down
31 changes: 31 additions & 0 deletions cost-analyzer/templates/cloud-controller-ocp-scc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{{- if and (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") (.Values.global.platforms.openshift.scc.clusterController) (.Values.clusterController.enabled) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: {{ template "kubecost.clusterControllerName" . }}
priority: 10
allowPrivilegedContainer: true
allowHostDirVolumePlugin: true
allowHostNetwork: true
allowHostPorts: true
allowHostPID: false
allowHostIPC: false
readOnlyRootFilesystem: false
runAsUser:
type: RunAsAny
fsGroup:
type: RunAsAny
seLinuxContext:
type: RunAsAny
supplementalGroups:
type: RunAsAny
seccompProfiles:
- runtime/default
volumes:
- hostPath
- projected
- configMap
- secret
users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ template "kubecost.clusterControllerName" . }}
{{- end }}
2 changes: 1 addition & 1 deletion cost-analyzer/values-openshift.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ global:
platforms:
# Deploying to OpenShift (OCP) requires enabling this option.
openshift:
enabled: true # Deploy Kubecost to OpenShift.
enabled: true # Deploy Kubecost to OpenShift.
5 changes: 3 additions & 2 deletions cost-analyzer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,7 @@ global:
scc:
nodeExporter: false # Creates an SCC for Prometheus Node Exporter. This requires Node Exporter be enabled.
networkCosts: false # Creates an SCC for Kubecost network-costs. This requires network-costs be enabled.
clusterController: false # Creates an SCC for Kubecost Cluster Controller. This requires clusterController be enabled.
# When OpenShift is enabled, the following securityContext will be applied to all resources unless they define their own.
securityContext:
runAsNonRoot: true
Expand Down Expand Up @@ -1087,7 +1088,7 @@ prometheus:
name: configmap-reload
image:
repository: quay.io/prometheus-operator/prometheus-config-reloader
tag: v0.78.2
tag: v0.79.1
pullPolicy: IfNotPresent
extraArgs: {}
extraVolumeDirs: []
Expand All @@ -1100,7 +1101,7 @@ prometheus:
name: configmap-reload
image:
repository: quay.io/prometheus-operator/prometheus-config-reloader
tag: v0.78.2
tag: v0.79.1
pullPolicy: IfNotPresent
extraArgs: {}
extraVolumeDirs: []
Expand Down

0 comments on commit 253e8cc

Please sign in to comment.