Task Details:
=============
Task ID : AETHER-2167 : Implement helm charts for deploying prom-label-proxy
Task Link : https://jira.opennetworking.org/browse/AETHER-2167
Features/Root Cause Analysis :
==============================
* config model helm chart for prom label proxy
* prom-label-proxy helm chart
* getting initial config not done deliberatlywq
Unit Test:
=============
* Integration testing with prometheus done
* Integration testing with Grafana pending
Change-Id: I1b94feee56cb7046dd1affb036c3d02585aedcaf
diff --git a/prom-label-proxy/.helmignore b/prom-label-proxy/.helmignore
new file mode 100644
index 0000000..01d4cd9
--- /dev/null
+++ b/prom-label-proxy/.helmignore
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2021 Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/prom-label-proxy/Chart.yaml b/prom-label-proxy/Chart.yaml
new file mode 100644
index 0000000..25e5f94
--- /dev/null
+++ b/prom-label-proxy/Chart.yaml
@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v2
+name: prom-label-proxy
+kubeVersion: ">=1.17.0"
+type: application
+version: 0.0.1
+appVersion: v0.3.3
+description: Prom Label Proxy
+keywords:
+ - onos
+home: https://onosproject.org
+maintainers:
+ - name: ONOS Support
+ email: support@opennetworking.org
diff --git a/prom-label-proxy/files/certs/README.md b/prom-label-proxy/files/certs/README.md
new file mode 100644
index 0000000..17dfe1c
--- /dev/null
+++ b/prom-label-proxy/files/certs/README.md
@@ -0,0 +1,32 @@
+<!--
+SPDX-FileCopyrightText: 2021 Open Networking Foundation
+
+SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+-->
+
+This folder contains self-signed certificates for use in testing. _DO NOT USE THESE
+CERTIFICATES IN PRODUCTION!_
+
+The certificates were generated with the
+https://github.com/onosproject/simulators/blob/master/pkg/certs/generate_certs.sh
+script as
+```bash
+generate_certs.sh prom-label-proxy-v1
+```
+
+In this folder they **must** be (re)named
+* tls.cacrt
+* tls.crt
+* tls.key
+
+Use
+```bash
+openssl x509 -in deployments/helm/onos-config/files/certs/tls.crt -text -noout
+```
+to verify the contents (especially the subject).
+
+There is another Cert for onos-config in test/certs but these were created with:
+```
+generate-certs.sh onos-config
+```
+and are left named onf.cacrt, onos-config.key and onos-config.crt
diff --git a/prom-label-proxy/files/certs/tls.cacert b/prom-label-proxy/files/certs/tls.cacert
new file mode 100644
index 0000000..879bc06
--- /dev/null
+++ b/prom-label-proxy/files/certs/tls.cacert
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAkgCCQDe99fSN9qxSTANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCU1lbmxvUGFyazEMMAoGA1UECgwDT05G
+MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEeMBwGA1UEAwwVY2Eub3Blbm5ldHdvcmtp
+bmcub3JnMB4XDTE5MDQxMTA5MDYxM1oXDTI5MDQwODA5MDYxM1owcjELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAkNBMRIwEAYDVQQHDAlNZW5sb1BhcmsxDDAKBgNVBAoM
+A09ORjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNhLm9wZW5uZXR3
+b3JraW5nLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEg7CZR
+X8Y+syKHaQCh6mNIL1D065trwX8RnuKM2kBwSu034zefQAPloWugSoJgJnf5fe0j
+nUD8gN3Sm8XRhCkvf67pzfabgw4n8eJmHScyL/ugyExB6Kahwzn37bt3oT3gSqhr
+6PUznWJ8fvfVuCHZZkv/HPRp4eyAcGzbJ4TuB0go4s6VE0WU5OCxCSlAiK3lvpVr
+3DOLdYLVoCa5q8Ctl3wXDrfTLw5/Bpfrg9fF9ED2/YKIdV8KZ2ki/gwEOQqWcKp8
+0LkTlfOWsdGjp4opPuPT7njMBGXMJzJ8/J1e1aJvIsoB7n8XrfvkNiWL5U3fM4N7
+UZN9jfcl7ULmm7cCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAIh6FjkQuTfXddmZY
+FYpoTen/VD5iu2Xxc1TexwmKeH+YtaKp1Zk8PTgbCtMEwEiyslfeHTMtODfnpUIk
+DwvtB4W0PAnreRsqh9MBzdU6YZmzGyZ92vSUB3yukkHaYzyjeKM0AwgVl9yRNEZw
+Y/OM070hJXXzJh3eJpLl9dlUbMKzaoAh2bZx6y3ZJIZFs/zrpGfg4lvBAvfO/59i
+mxJ9bQBSN3U2Hwp6ioOQzP0LpllfXtx9N5LanWpB0cu/HN9vAgtp3kRTBZD0M1XI
+Ctit8bXV7Mz+1iGqoyUhfCYcCSjuWTgAxzir+hrdn7uO67Hv4ndCoSj4SQaGka3W
+eEfVeA==
+-----END CERTIFICATE-----
diff --git a/prom-label-proxy/files/certs/tls.crt b/prom-label-proxy/files/certs/tls.crt
new file mode 100644
index 0000000..6b3627b
--- /dev/null
+++ b/prom-label-proxy/files/certs/tls.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlACFErBGzsXHo1l8bmZRmDkF+h2bsdVMA0GCSqGSIb3DQEBCwUAMHIx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJTWVubG9QYXJrMQww
+CgYDVQQKDANPTkYxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR4wHAYDVQQDDBVjYS5v
+cGVubmV0d29ya2luZy5vcmcwHhcNMjExMDA3MTAwODAyWhcNMzExMDA1MTAwODAy
+WjBvMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCU1lbmxvUGFy
+azEMMAoGA1UECgwDT05GMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEbMBkGA1UEAwwS
+cGxwcm94eS1zZXJ2aWNlLXYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuoTmp1i/ng8G8RWik+8dUZOY6epVF3wO1nOKQ8c9V77zuy40QCTxRiHieWBq
+Qe95s8d6yJjr0NyNtr8SbisfXS/wizUsJuQif8W4TXbxnjYMHSoSmMIsFJFZLznw
+sCLOlxzysJdQGj9C2BW6akItgrjiAvhYx+tEa/9+pnhNY+e5Y6hGUEbfh6FkzmoP
+2cMpp8Qm1HUGJ1BDPBdK7FjGIXM9KUbIcMNfxUrhpssA3SFHrWB96FTH3orQkQds
+Z5ATdedUZ4UiDzwVJoGFOfTvkdU7TQwTfrVjDAav3UvXC78kM/r/gBskP5uxXDXl
+etW5UxrlIAlGbcMdiXfUJIBt3QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCB5cFh
+f0DvuzepB/doaLBgjaoOSKdtTGbFNHlYpagVzJffPvIpNGBmIRkmkzO+/xg3lXsm
+YLMUOTyvNJ8Zu9nWiEtYjCHqcyS8CB+lMnEqjhYBTMyfavG8GPS45ejJRdnuBJB7
+mrfoEHX+HVb5+4SDX4DvZJGeEuUiswWZqTLPeYzUBOWzc8ygjrfoIgTElcC9mrU/
+fhlxv+lTGSWD4pQO3QXNM7aOMrXKV+GBeBWz0JprXnMtNAgo9s8uhYix2A2B0Yq3
+B9JI8K8dq7UlgmRNtvDhhROHhYwJpMPIivVgW2k8Q/dcq7il4ZaTok0SXKDzcgik
+97ZwRax7g7M0HQs7
+-----END CERTIFICATE-----
diff --git a/prom-label-proxy/files/certs/tls.key b/prom-label-proxy/files/certs/tls.key
new file mode 100644
index 0000000..bc33d25
--- /dev/null
+++ b/prom-label-proxy/files/certs/tls.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6hOanWL+eDwbx
+FaKT7x1Rk5jp6lUXfA7Wc4pDxz1XvvO7LjRAJPFGIeJ5YGpB73mzx3rImOvQ3I22
+vxJuKx9dL/CLNSwm5CJ/xbhNdvGeNgwdKhKYwiwUkVkvOfCwIs6XHPKwl1AaP0LY
+FbpqQi2CuOIC+FjH60Rr/36meE1j57ljqEZQRt+HoWTOag/ZwymnxCbUdQYnUEM8
+F0rsWMYhcz0pRshww1/FSuGmywDdIUetYH3oVMfeitCRB2xnkBN151RnhSIPPBUm
+gYU59O+R1TtNDBN+tWMMBq/dS9cLvyQz+v+AGyQ/m7FcNeV61blTGuUgCUZtwx2J
+d9QkgG3dAgMBAAECggEAG/B2gJDZuzpzBr//53sFAEhEup1ge7EYo+UQzBBXTwKK
+jfpg107xWVkQDLB1mkTeDSEPcmb9w/6Vt88tWpVZEGNy+9dOMtEvncYnUmtDzDg6
+XlAEEx/a7IXNPzbFqAy+t4IdlHhGBnh9cdLnZq1dFdzN9jXvTpseV7Mg7JzOsu0s
+h+CbKBmWD8bd51UZdYdYdmGGcu8oMmaCdEbISGA0gCqUzMRo8pM3mhz1s5zr8lkk
+9o++WY4ZPb8ShyrTg0J3/urrElCOOTWOeb65Jf1jztF7SRd4+nkK/yYi361PCCAc
+PgxIEVB+kv6T0Ms8bHQWRJ6dGipq5Yv0eC1ELGF/4QKBgQDqKdSii9nvm8O+wXRK
+RAFqbKJ5KEXsniZ8Da0/ZffRo0B90WjDBP7x+vICuQMdEN9PQNjCGN+g9ff1BtyI
+kxr+WQg2GSHnj+5jLWu6rRTvjmocmkviChAZqByL5mP8pDtcXHiAXmgyccVjOC85
+i0qLqReDKiQN4kYizd1aUDZ+OQKBgQDL6alreWh5SWFs1P+OY6Q6UpNGcm7oQus4
+/OMvZy17WsiCfvpFLh3RIs//ES1rfyUe8pnOtWURUhLqZcEnu5SGYdJrR7ILvzl3
+rrvaiwkaXzqPul8hyN/etBKPQEGQ/FVujKDfoLuG3+5GcDI9sHnEHHgcjHpNfF4G
+fX6Qa9usxQKBgDPAUvIpnlzKPBSohJ71MKron2/PasTEnxTDoQpl6sM2JUapRVH0
+hLPOFjZr1ThTRkcpub4L6UCVm9tXTN4SROD5pErwewHGWZUpsKltHzdibiksIKEw
+QCardMOmg2qOkV/0P91+/+BGLK2k+SrqkesTz9J5Ocanv4BppwYSvDhhAoGAZcVw
+FkDZALe8FTpVdfaLL8So1p8kdW14ws+Mf8sqKwfLTT4coMx8ezW5w98J4T3rBAAm
+/cEQ+U0SPcSdW7xGS6+k+oAk/7Hn97DQ9ykvWOcwbi2hb1Y3TYpoPPDgCIG4Dd3I
+KPSqw40d+i/jE2Dx1Qw0cmM2Y1fwAaM+uMvsLtUCgYBHv4ZioE3l1QDTpNpVmgQv
+xtFIUhHLo693WWUsRs2TjtiQigcYR9lYGVqJ14oVBVZYdDw4exwn9VpGHwAYEbC7
+X/kyYoNkwbWvH7c5YsyhUstjGzuFV2tAxZe8vXR9QaudpQRN3FB0F7y6eafueiaD
+Eo8rj2dEsLskvSyV/jpZBg==
+-----END PRIVATE KEY-----
diff --git a/prom-label-proxy/templates/_helpers.tpl b/prom-label-proxy/templates/_helpers.tpl
new file mode 100644
index 0000000..bb3c234
--- /dev/null
+++ b/prom-label-proxy/templates/_helpers.tpl
@@ -0,0 +1,56 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Expand the name of the chart.
+*/}}
+{{- define "prom-label-proxy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "prom-label-proxy.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "prom-label-proxy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Common labels
+*/}}
+{{- define "prom-label-proxy.labels" -}}
+helm.sh/chart: {{ include "prom-label-proxy.chart" . }}
+{{ include "prom-label-proxy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "prom-label-proxy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "prom-label-proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
diff --git a/prom-label-proxy/templates/deployment.yaml b/prom-label-proxy/templates/deployment.yaml
new file mode 100644
index 0000000..3d8cd09
--- /dev/null
+++ b/prom-label-proxy/templates/deployment.yaml
@@ -0,0 +1,85 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "prom-label-proxy.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ name: {{ template "prom-label-proxy.fullname" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "prom-label-proxy.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ name: {{ template "prom-label-proxy.fullname" . }}
+ {{- include "prom-label-proxy.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: OIDC_SERVER_URL
+ value: {{ .Values.config.openidc.issuer }}
+ args:
+ [
+ "-label={{ .Values.config.label }}",
+ "-admingroup={{ .Values.config.admingroup }}",
+ "-upstream={{ .Values.config.upstream }}",
+ "-insecure-listen-address=0.0.0.0:{{ .Values.config.http.port }}",
+ "-config_address=$(POD_IP):{{ .Values.config.gnmi.port }}",
+ "-onos_config_url={{ .Values.config.onos_config_url }}",
+ "-key=/etc/prom-label-proxy/certs/tls.key",
+ "-cert=/etc/prom-label-proxy/certs/tls.crt",
+ "-ca=/etc/prom-label-proxy/certs/tls.cacert" ]
+ ports:
+ - name: http
+ containerPort: {{ .Values.config.http.port }}
+ - name: gnmi
+ containerPort: {{ .Values.config.gnmi.port }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.config.http.port }}
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.config.http.port }}
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ volumeMounts:
+ - name: secret
+ mountPath: /etc/prom-label-proxy/certs
+ readOnly: true
+ volumes:
+ - name: secret
+ secret:
+ secretName: {{ template "prom-label-proxy.fullname" . }}-secret
diff --git a/prom-label-proxy/templates/secret.yaml b/prom-label-proxy/templates/secret.yaml
new file mode 100644
index 0000000..0e61df0
--- /dev/null
+++ b/prom-label-proxy/templates/secret.yaml
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "prom-label-proxy.fullname" . }}-secret
+ labels:
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+data:
+ {{ $root := . }}
+ {{ range $path, $bytes := .Files.Glob "files/certs/tls.*" }}
+ {{ base $path }}: '{{ $root.Files.Get $path | b64enc }}'
+ {{ end }}
+type: Opaque
diff --git a/prom-label-proxy/templates/service.yaml b/prom-label-proxy/templates/service.yaml
new file mode 100644
index 0000000..e606dce
--- /dev/null
+++ b/prom-label-proxy/templates/service.yaml
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "prom-label-proxy.fullname" . }}
+ labels:
+ app: {{ template "prom-label-proxy.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ {{- include "prom-label-proxy.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ selector:
+ name: {{ template "prom-label-proxy.fullname" . }}
+ ports:
+ - name: http
+ port: {{ .Values.service.http.port }}
+ - name: gnmi
+ port: {{ .Values.service.gnmi.port }}
+
diff --git a/prom-label-proxy/values.yaml b/prom-label-proxy/values.yaml
new file mode 100644
index 0000000..f9c4fe3
--- /dev/null
+++ b/prom-label-proxy/values.yaml
@@ -0,0 +1,44 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+nameOverride: ""
+fullnameOverride: ""
+
+replicaCount: 1
+annotations: {}
+
+image:
+ repository: onosproject/prom-label-proxy
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: v0.3.3
+ pullSecrets: []
+
+resources:
+ requests:
+ cpu: 0.5
+ memory: 128Mi
+
+config:
+ http:
+ port: 8080
+ gnmi:
+ port: 5150
+ label: "ent"
+ model:
+ version: ""
+ upstream: http://aether-roc-umbrella-prometheus-server.micro-onos.svc.cluster.local
+ admingroup: "AetherROCAdmin"
+ openidc:
+ issuer: ""
+ plproxy:
+ target: "plproxy-service-v1"
+ onos_config_url: "onos-config:5150"
+
+service:
+ type: ClusterIP
+ http:
+ port: 8080
+ gnmi:
+ port: 5150
+