diff --git a/charts/grpcbeacon-prober/Chart.yaml b/charts/grpcbeacon-prober/Chart.yaml index ec896f7..b5b0f31 100644 --- a/charts/grpcbeacon-prober/Chart.yaml +++ b/charts/grpcbeacon-prober/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/grpcbeacon-prober/templates/config-map.yaml b/charts/grpcbeacon-prober/templates/config-map.yaml new file mode 100644 index 0000000..195b3a5 --- /dev/null +++ b/charts/grpcbeacon-prober/templates/config-map.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prober-config + namespace: {{ .Release.Name }} + labels: + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + beacon_addr: "localhost:7000" + prober_interval: "10s" + envoy-config: | + node: + id: default + cluster: kind-cluster + + static_resources: + listeners: + - name: listener_0 + address: + socket_address: + address: 0.0.0.0 + port_value: 7000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + access_log: + - name: envoy.access_loggers.stdout + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + route_config: + name: beacon-service + virtual_hosts: + - name: beacon-service + domains: ["*"] + routes: + - match: + prefix: "/grpcbeacon.Beacon" + grpc: {} + route: + cluster: beacon-service + clusters: + - name: beacon-service + type: STRICT_DNS + dns_lookup_family: V4_ONLY + http2_protocol_options: {} + load_assignment: + cluster_name: beacon-service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ .Values.beaconAddr }} + port_value: {{ .Values.beaconPort }} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_certificate_sds_secret_configs: + - name: "spiffe://spire-in-a-box.troydai.cc/wl/ns/{{.Release.Name}}/prober" + sds_config: + api_config_source: + api_type: GRPC + transport_api_version: V3 + grpc_services: + envoy_grpc: + cluster_name: spire_agent + combined_validation_context: + default_validation_context: + match_subject_alt_names: + exact: "spiffe://spire-in-a-box.troydai.cc/wl/beacon" + validation_context_sds_secret_config: + name: "spiffe://spire-in-a-box.troydai.cc" + sds_config: + api_config_source: + api_type: GRPC + transport_api_version: V3 + grpc_services: + envoy_grpc: + cluster_name: spire_agent + tls_params: + ecdh_curves: + - X25519:P-256:P-521:P-384 + - name: spire_agent + connect_timeout: 0.25s + http2_protocol_options: {} + load_assignment: + cluster_name: spire_agent + endpoints: + - lb_endpoints: + - endpoint: + address: + pipe: + path: /opt/spire/sockets/spire-agent.sock diff --git a/charts/grpcbeacon-prober/templates/deployment.yaml b/charts/grpcbeacon-prober/templates/deployment.yaml new file mode 100644 index 0000000..be4c9da --- /dev/null +++ b/charts/grpcbeacon-prober/templates/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prober-deployment + namespace: {{ .Release.Name }} + labels: + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: prober + template: + metadata: + labels: + app: prober + spec: + serviceAccountName: prober-sa + containers: + - name: envoy + image: envoyproxy/envoy:v1.25.1 + volumeMounts: + - name: envoy-config + mountPath: /etc/envoy + readOnly: true + - name: spiffe-workload-api + mountPath: /opt/spire/sockets + readOnly: true + - name: prober + image: troydai/grpcprober:{{ .Values.proberVersion }} + volumeMounts: + - name: spiffe-workload-api + mountPath: /opt/spire/sockets + readOnly: true + env: + - name: SERVER_ADDRESS + valueFrom: + configMapKeyRef: + name: prober-config + key: beacon_addr + - name: CLIENT_INTERVAL + valueFrom: + configMapKeyRef: + name: prober-config + key: prober_interval + + volumes: + - name: envoy-config + configMap: + name: prober-config + items: + - key: envoy-config + path: envoy.yaml + - name: spiffe-workload-api + csi: + driver: "csi.spiffe.io" + readOnly: true diff --git a/charts/grpcbeacon-prober/templates/namespace.yaml b/charts/grpcbeacon-prober/templates/namespace.yaml new file mode 100644 index 0000000..439ce81 --- /dev/null +++ b/charts/grpcbeacon-prober/templates/namespace.yaml @@ -0,0 +1,10 @@ +# create a k8s namespace +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Release.Name }} + labels: + app: {{ .Release.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} diff --git a/charts/grpcbeacon-prober/templates/serviceaccount.yaml b/charts/grpcbeacon-prober/templates/serviceaccount.yaml index 1585615..1fe0198 100644 --- a/charts/grpcbeacon-prober/templates/serviceaccount.yaml +++ b/charts/grpcbeacon-prober/templates/serviceaccount.yaml @@ -1,5 +1,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Release.Name }}-sa - namespace: {{ .Release.Namespace }} + name: prober-sa + namespace: {{ .Release.Name }} + labels: + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} diff --git a/charts/grpcbeacon-prober/values.yaml b/charts/grpcbeacon-prober/values.yaml index 19ebb1a..567a7e1 100644 --- a/charts/grpcbeacon-prober/values.yaml +++ b/charts/grpcbeacon-prober/values.yaml @@ -1,3 +1,8 @@ # Default values for grpcbeacon-prober. # This is a YAML-formatted file. # Declare variables to be passed into your templates. + +replicaCount: 1 +proberVersion: v0.8.4 +beaconAddr: beacon-service.workload-ns.svc.cluster.local +beaconPort: 9090 \ No newline at end of file