feat: Add AKS Support (besides OpenShift) (CP-3881) (#83)

JIRA: https://cloudbolt.atlassian.net/browse/CP-3881
Related:
CloudBoltSoftware/cloudbolt-collector#51

Author: nimeshjm

.github/workflows/jira-check.yml

@@ -26,9 +26,9 @@ jobs:
         continue-on-error: true
         run: |
           PR_TITLE=$(jq -r .pull_request.title "$GITHUB_EVENT_PATH")
-          JIRA_TICKET_REGEX="(CMP|IN)-[0-9]+"
+          JIRA_TICKET_REGEX="(CMP|CP|IN)-[0-9]+"
           if ! [[ $PR_TITLE =~ $JIRA_TICKET_REGEX ]]; then
-            echo "PR title does not contain a valid JIRA ticket format (CMP-xxxx) or (IN-xxxx)."
+            echo "PR title does not contain a valid JIRA ticket format (CMP-xxxx), (CP-xxxx) or (IN-xxxx)."
             exit 1
           fi
         env:

README.md

@@ -16,11 +16,13 @@ and sends it to the CloudBolt platform.
 
 Below is a table of various parameters that can be set in the `values.yaml` file of the `cloudbolt-collector-helm` chart, along with their required status and default values:
 
-| Parameter                          | Required   | Description                          | Default Value       |
+| Helm Parameter                     | Required   | Description                          | Default Value       |
 |------------------------------------|------------|--------------------------------------|---------------------|
+| `INGESTION_API_URL`                | Yes        | Ingestion API URL                    | `""` (empty string) |
 | `DEBUG`                            | No         | Debug mode flag                      | `""` (empty string) |
 | `IMAGE_VERSION`                    | No         | Version of the image                 | `"<helm-chart-version>"`|
-| `INGESTION_API_URL`                | Yes        | Ingestion API URL                    | `""` (empty string) |
+| `PROMETHEUS_BASE_URL`              | No         | URL to prometheus service            | `""` (defaults to OpenShift prometheus URL) |
+| `COREAPI_BASE_URL`.                | No         | URL to core api.                     | `""` (defaults to OpenShift coreapi URL) |
 
 ## Prerequisites
 
@@ -79,6 +81,7 @@ oc create secret generic cb-ingestion-token \
   --from-literal=INGESTION_API_TOKEN=<ingestion-api-token> \
   -n cloudbolt-collector
 ```
+
 ### 7. Install the Chart
 
 Install the latest CloudBolt Collector Helm chart from the `cloudbolt-collector` repository. 
@@ -112,3 +115,29 @@ helm upgrade cloudbolt-collector cloudbolt-collector/cloudbolt-collector \
   --set IMAGE_VERSION=$IMAGE_VERSION \
   --set INGESTION_API_URL=$INGESTION_API_URL
 ```
+
+## Installation on Microsoft Azure
+
+This helm chart was also succesfully used on Azure's Kubernetes cluster (AKS) and might even work on other Kubernetes offerings.
+
+As an additional prerequisite a Prometheus installation scraping node and pod metrics is required.
+
+```console
+export PROMETHEUS_BASE_URL="http://prometheus-kube-prometheus-prometheus.monitoring.svc.cluster.local:9090"
+export COREAPI_BASE_URL="https://kubernetes.default.svc"
+export INGESTION_API_URL="<cloudbolt-ingestion-api-url>"
+
+# create a secret with the CloudBolt API token
+kubectl create secret generic cb-ingestion-token \
+  --from-literal=INGESTION_API_TOKEN=<cloudbolt-ingestion-api-token> \
+  -n cloudbolt-collector
+
+# Updates or installs the cloudbolt-collector helm chart
+helm upgrade --install cloudbolt-collector cloudbolt-collector/cloudbolt-collector \
+  --namespace cloudbolt-collector --create-namespace \
+  --set INGESTION_API_URL=$INGESTION_API_URL \
+  --set PROMETHEUS_BASE_URL=$PROMETHEUS_BASE_URL \
+  --set COREAPI_BASE_URL=$COREAPI_BASE_URL \
+  --set clusterRole.create=true \
+  --set securityContext.runAsUser=1001
+```

templates/clusterrolebinding.yaml

@@ -1,4 +1,27 @@
+{{/* ClusterRoles don't seem to be required on OpenShift */}}
+{{- if .Values.clusterRole.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-nodes-access
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-pv-access
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list"]
+{{ end }}
+
 {{- if .Values.serviceAccount.create -}}
+---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -37,4 +60,44 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: admin
-{{- end }}
+{{- end }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-pv-access
+  labels:
+    {{- include "cloudbolt-collector-helm.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-pv-access
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cloudbolt-collector-helm.serviceAccountName" . }}
+    namespace: {{ include "cloudbolt-collector-helm.namespace" . }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-nodes-access
+  labels:
+    {{- include "cloudbolt-collector-helm.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-nodes-access
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cloudbolt-collector-helm.serviceAccountName" . }}
+    namespace: {{ include "cloudbolt-collector-helm.namespace" . }}

templates/deployment.yaml

@@ -51,6 +51,14 @@ spec:
                secretKeyRef:
                  name: cb-ingestion-token
                  key: INGESTION_API_TOKEN
+          {{- with .Values.PROMETHEUS_BASE_URL }}
+           - name: PROMETHEUS_BASE_URL
+             value: "{{ . }}"
+          {{- end }}
+          {{- with .Values.COREAPI_BASE_URL }}
+           - name: COREAPI_BASE_URL
+             value: "{{ . }}"
+          {{- end }}
           livenessProbe:
             httpGet:
               path: {{ .Values.liveness.httpGet_path }}

values.yaml

@@ -5,6 +5,14 @@ replicaCount: 1
 DEBUG: ""
 IMAGE_VERSION: ""
 INGESTION_API_URL: ""
+
+# Optional: Base URL for Prometheus and CoreAPI (e.g. "http://prometheus.monitoring.svc.cluster.local:9090")
+PROMETHEUS_BASE_URL: ""
+COREAPI_BASE_URL: ""
+
+clusterRole:
+  # Set to true to create a ClusterRoles for the collector
+  create: false
 image:
   repository: cloudboltsoftware/cloudbolt-collector
   pullPolicy: Always
@@ -29,6 +37,7 @@ securityContext:
   capabilities:
     drop: ["ALL"]
   runAsNonRoot: true
+  runAsUser:
   seccompProfile:
     type: "RuntimeDefault"
 service: