kubecost · kc-adawson · Aug 21, 2024 · Aug 21, 2024 · Aug 23, 2024 · Aug 23, 2024
diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml
@@ -186,6 +186,7 @@ jobs:
           --set global.platforms.openshift.route.enabled=true \
           --set global.platforms.openshift.scc.nodeExporter=true \
           --set global.platforms.openshift.scc.networkCosts=true \
+          --set global.platforms.openshift.scc.clusterController=true \
           --set networkCosts.enabled=true \
           --set prometheus.nodeExporter.enabled=true
         # run: ct install --namespace kubecost --chart-dirs=cost-analyzer/ --charts cost-analyzer/

diff --git a/cost-analyzer/Chart.yaml b/cost-analyzer/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: development
+appVersion: "2.4.0"
 description: Kubecost Helm chart - monitor your cloud costs!
 name: cost-analyzer
-version: 2.3.3
+version: "2.4.0"
 icon: https://raw.githubusercontent.com/kubecost/.github/9602bea0c06773da66ba43cb9ce5e1eb2b797c32/kubecost_logo.png
 annotations:
   "artifacthub.io/links": |

diff --git a/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml
@@ -1425,7 +1425,7 @@ data:
                 "carbonEstimatesEnabled": "{{ template "carbonEstimatesEnabled" . }}",
                 "clusterControllerEnabled": "{{ template "clusterControllerEnabled" . }}",
                 "forecastingEnabled": "{{ template "forecastingEnabled" . }}",
-                "chartVersion": "DEVELOP_BRANCH",
+                "chartVersion": "2.4.0",
                 "hourlyDataRetention": "{{ (.Values.kubecostAggregator.etlHourlyStoreDurationHours) }}",
                 "dailyDataRetention": "{{ (.Values.kubecostAggregator.etlDailyStoreDurationDays) }}",
                 "hideDiagnostics": "{{ default false ((.Values.kubecostProductConfigs).hideDiagnostics) }}",

diff --git a/cost-analyzer/templates/kubecost-cluster-controller-ocp-scc.yaml b/cost-analyzer/templates/kubecost-cluster-controller-ocp-scc.yaml
@@ -0,0 +1,33 @@
+{{- if and (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") (.Values.global.platforms.openshift.scc.clusterController) (.Values.clusterController.enabled) }}
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: {{ template "kubecost.clusterControllerName" . }}
+priority: 10
+allowPrivilegedContainer: true
+allowHostDirVolumePlugin: true
+allowHostNetwork: true
+allowHostPorts: true
+allowHostPID: false
+allowHostIPC: false
+readOnlyRootFilesystem: false
+runAsUser:
+  type: RunAsAny
+fsGroup:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+seccompProfiles:
+- runtime/default
+volumes:
+  - hostPath
+  - projected
+  - configMap
+hostPorts:
+  - min: 9731
+    max: 9731  
+users:
+  - system:serviceaccount:{{ .Release.Namespace }}:{{ template "kubecost.clusterControllerName" . }}
+{{- end }}
diff --git a/cost-analyzer/templates/kubecost-cluster-controller-template.yaml b/cost-analyzer/templates/kubecost-cluster-controller-template.yaml
@@ -256,7 +256,6 @@ spec:
         ports:
         - name: http-server
           containerPort: 9731
-          hostPort: 9731
       serviceAccount: {{ template "kubecost.clusterControllerName" . }}
       serviceAccountName: {{ template "kubecost.clusterControllerName" . }}
       {{- with .Values.clusterController.tolerations }}

diff --git a/cost-analyzer/values-openshift.yaml b/cost-analyzer/values-openshift.yaml
@@ -12,14 +12,11 @@ global:
       scc:
         nodeExporter: false  # Creates an SCC for Prometheus Node Exporter. This requires Node Exporter be enabled.
         networkCosts: false  # Creates an SCC for Kubecost network-costs. This requires network-costs be enabled.
+        clusterController: false # Creates an SCC for Kubecost clusterContoller. This requires clusterController be enabled.
-        clusterController: false # Creates an SCC for Kubecost clusterContoller. This requires clusterController be enabled.
+        clusterController: false # Creates an SCC for Kubecost clusterController. This requires clusterController be enabled.
-        clusterController: false # Creates an SCC for Kubecost clusterContoller. This requires clusterController be enabled.
+        clusterController: false # Creates an SCC for Kubecost clusterController. This requires clusterController be enabled.
+
       # When OpenShift is enabled, the following securityContext will be applied to all resources unless they define their own.
       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
 
-# networkCosts:
-#   enabled: true  # Enable network costs.
-# prometheus:
-#   nodeExporter:
-#     enabled: true  # Enable Prometheus Node Exporter.
diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml
@@ -247,6 +247,7 @@ global:
       scc:
         nodeExporter: false  # Creates an SCC for Prometheus Node Exporter. This requires Node Exporter be enabled.
         networkCosts: false  # Creates an SCC for Kubecost network-costs. This requires network-costs be enabled.
+        clusterController: false  # Creates an SCC for Kubecost clusterContoller. This requires clusterController be enabled.
-        clusterController: false  # Creates an SCC for Kubecost clusterContoller. This requires clusterController be enabled.
+        clusterController: false  # Creates an SCC for Kubecost clusterController. This requires clusterController be enabled.
-        clusterController: false  # Creates an SCC for Kubecost clusterContoller. This requires clusterController be enabled.
+        clusterController: false  # Creates an SCC for Kubecost clusterController. This requires clusterController be enabled.
       # When OpenShift is enabled, the following securityContext will be applied to all resources unless they define their own.
       securityContext:
         runAsNonRoot: true