jetstack · maria-reynoso · Nov 28, 2024 · Nov 29, 2024 · Nov 29, 2024 · Nov 29, 2024
@@ -1,3 +1,4 @@
+{{ if and .Values.dashboards }}
 {{- range $path, $_ :=  .Files.Glob  "dashboards/**.json" }}
 ---
 apiVersion: v1
@@ -11,3 +12,4 @@ data:
   {{ base $path  }}: |-
     {{ ($.Files.Get $path) | nindent 6 }}
 {{ end }}
+{{ end }}
@@ -0,0 +1,143 @@
+repositories:
+- name: kyverno
+  url: https://kyverno.github.io/kyverno/
+- name: prometheus-opencost-exporter
+  url: https://prometheus-community.github.io/helm-charts
+- name: prometheus
+  url: https://prometheus-community.github.io/helm-charts
+- name: grafana
+  url: https://grafana.github.io/helm-charts
+- name: vpa
+  url: https://charts.fairwinds.com/stable
+- name: cert-manager
+  url: https://charts.jetstack.io
+- name: fairwinds-stable
+  url: https://charts.fairwinds.com/stable
+
+---
+helmDefaults:
+  wait: true
+  timeout: 1200
+---
+environments:
+  default:
+    values:
+    - "./config/{{ requiredEnv "HOST_ENV" }}/enabled.yaml"
+---
+releases:
+- name: kyverno
+  version: "3.2.6"
+  chart: kyverno/kyverno
+  condition: kyverno.enabled
+  namespace: finops-stack
+  values:
+  - "./config/common/kyverno-values.yaml"
+  - "./config/{{ requiredEnv "HOST_ENV" }}/kyverno-values.yaml"  
+
+- name: finops-policies
+  version: "0.1.0"
+  chart: "../charts/finops-policies"
+  condition: finops-policies.enabled
+  namespace: finops-stack
+  disableValidationOnInstall: true
+  needs:
+  - kyverno
+
+- name: cert-manager
+  version: v1.15.3
+  chart: cert-manager/cert-manager
+  condition: cert-manager.enabled
+  namespace: cert-manager
+  values:
+  - "./config/common/cert-manager-values.yaml"
+  - "./config/{{ requiredEnv "HOST_ENV" }}/cert-manager-values.yaml"
+  - global:
+      leaderElection:
+        namespace: cert-manager
+      commonLabels:
+        cost-center-label: "xyz"
+  - serviceAccount:
+      annotations:
+        {{ env "CERT_MANAGER_SA_ANNOTATION" }}
+
+- name: cert-manager-config
+  version: "0.1.0"
+  chart: "../charts/cert-manager-config"
+  condition: cert-manager.enabled
+  namespace: finops-stack
+  disableValidationOnInstall: true
+  needs:
+  - cert-manager/cert-manager
+  values:
+  - email: {{ env "CERT_MANAGER_EMAIL" }}
+  - grafanaTLSCert:
+      hostname: {{ env "GRAFANA_FQDN" }}
+
+- name: grafana
+  version: "8.4.7"
+  chart: grafana/grafana
+  condition: grafana.enabled
+  namespace: finops-stack
+  values:
+  - "./config/common/grafana-values.yaml"
+  - "./config/{{ requiredEnv "HOST_ENV" }}/grafana-values.yaml"
+  - adminUser: {{ env "GRAFANA_ADMIN_USER" }}
+  - adminPassword: {{ env "GRAFANA_ADMIN_PW" }}
+  - serviceAccount:
+      annotations:
+        {{ env "GRAFANA_SA_ANNOTATION" }}
+
+  # If you don't require ingress via an FQDN remove this ingress section
+  - ingress:
+      enabled: {{ env "GRAFANA_INGRESS" }}
+      annotations:
+        kubernetes.io/ingress.global-static-ip-name: {{ env "GRAFANA_PUBLIC_IP_NAME" }}
+      hosts:
+      - {{ env "GRAFANA_FQDN" }}
+    # If you don't require https access to the Grafana dashboard remove this tls section
+      tls:
+      - secretName: {{ env "GRAFANA_FQDN" }}-tls
+        hosts:
+        - {{ env "GRAFANA_FQDN" }}
+  needs:
+  - cert-manager/cert-manager
+
+- name: vpa
+  version: "4.5.0"
+  chart: "vpa/vpa"
+  condition: vpa.enabled
+  namespace: finops-stack
+  values:
+  - "./config/common/vpa-values.yaml"
+
+- name: prometheus-opencost-exporter
+  version: "0.1.1"
+  chart: "prometheus-opencost-exporter/prometheus-opencost-exporter"
+  condition: opencost-exporter.enabled
+  namespace: finops-stack
+  values:
+  - "./config/common/prometheus-opencost-exporter-values.yaml"
+  - "./config/{{ requiredEnv "HOST_ENV" }}/prometheus-opencost-exporter-values.yaml"
+  - opencost:
+      exporter:
+        secret_access_key: {{ env "AWS_SECRET_ACCESS_KEY" }}
+        access_key_id: {{ env "AWS_ACCESS_KEY_ID" }}
+
+- name: finops-stack-opencost-templates
+  version: "0.1.0"
+  chart: "../charts/opencost-config"
+  condition: opencost-templates.enabled
+  namespace: finops-stack
+  disableValidationOnInstall: true
+  values:
+  - "./config/{{ requiredEnv "HOST_ENV" }}/opencost-templates-values.yaml"
+
+- name: goldilocks
+  version: "9.0.0"
+  chart: fairwinds-stable/goldilocks
+  condition: goldilocks.enabled
+  namespace: finops-stack
+  values:
+  - "./config/common/goldilocks-values.yaml"
+
+
@@ -1,10 +1,5 @@
 .DEFAULT_GOAL := help
 
-CLUSTER_NAME := ambient
-PROJECT_ID := "$(shell gcloud config get-value project)"
-M_TYPE := n1-standard-2
-ZONE := europe-west2-a
-
 cluster: ## Setup cluster
 	kind create cluster
 

@@ -0,0 +1,29 @@
+# -- Enable / Disable the installation of Kyverno
+kyverno:
+  enabled: true
+
+# -- Enable / Disable the installation of Kyverno FinOps Policies
+finops-policies:
+  enabled: true
+# -- Enable / Disable the installation of the VPA Controller
+vpa:
+  enabled: true
+# -- Enable / Disable the installation of the Grafana
+grafana:
+  enabled: true
+# -- Enable / Disable the installation of cert-manager
+cert-manager:
+  enabled: false
+# -- Enable / Disable the installation of OpenCost
+opencost:
+  enabled: false
+# -- Enable / Disable the installation of OpenCost Exporter
+opencost-exporter:
+  enabled: true
+
+opencost-templates:
+  enabled: true
+
+# -- Enable / Disable the installation of Fairwinds' Goldilocks
+goldilocks:
+  enabled: true
@@ -0,0 +1,16 @@
+datasources:
+  datasources.yaml:
+    apiVersion: 1
+    datasources:
+      - name: Prometheus
+        type: prometheus
+        uid: "PFB5ABA51A8A585D7"
+        url: http://prometheus-server
+        isDefault: true
+        editable: true
+ingress:
+  enabled: false
+  annotations:
+    kubernetes.io/ingress.global-static-ip-name: "ip-name"
+  hosts:
+  - grafana.example.com
@@ -0,0 +1,13 @@
+features:
+  backgroundScan:
+    skipResourceFilters: false # Important so that background Scan's Exclude Namespaces, etc
+config:
+  resourceFiltersIncludeNamespaces:
+    - kube-system
+  webhooks:
+    - namespaceSelector:
+        matchExpressions:
+          - key: kubernetes.io/metadata.name
+            operator: NotIn
+            values:
+              - kube-system
@@ -0,0 +1,5 @@
+dashboards: true
+opencost:
+  customPricing:
+    # -- This is only to enable custom pricing on on-premises or kind
+    enabled: false
@@ -0,0 +1,24 @@
+cloudCost:
+  enabled: false
+opencost:
+  cloudCost:
+    enabled: false
+  prometheus:
+    external:
+      enabled: false
+      # url: http://prometheus-server
+    internal:
+      # -- Use in-cluster Prometheus
+      enabled: true
+      # -- Service name of in-cluster Prometheus
+      serviceName: prometheus-server
+      # -- Namespace of in-cluster Prometheus
+      namespaceName: finops-stack
+      # -- Service port of in-cluster Prometheus
+      port: 80
+  exporter:
+    aws:
+      # -- AWS secret access key
+      secret_access_key: ""
+      # -- AWS secret key id
+      access_key_id: ""
@@ -0,0 +1,32 @@
+service:
+  enabled: true
+opencost:
+  prometheus:
+    external:
+      enabled: false
+      # url: http://prometheus-server
+    internal:
+      # -- Use in-cluster Prometheus
+      enabled: true
+      # -- Service name of in-cluster Prometheus
+      serviceName: prometheus-server
+      # -- Namespace of in-cluster Prometheus
+      namespaceName: finops-stack
+      # -- Service port of in-cluster Prometheus
+      port: 80
+  exporter:
+    aws:
+      # -- AWS secret access key
+      secret_access_key: ""
+      # -- AWS secret key id
+      access_key_id: ""
+    persistence:
+      enabled: false
+      # -- Annotations for persistent volume
+      annotations: {}
+      # -- Access mode for persistent volume
+      accessMode: ""
+      # -- Storage class for persistent volume
+      storageClass: "standard-rwo"
+      # -- Size for persistent volume
+      size: "10g"
@@ -0,0 +1,17 @@
+extraScrapeConfigs: |
+  - job_name: opencost
+    honor_labels: true
+    scrape_interval: 1m
+    scrape_timeout: 10s
+    metrics_path: /metrics
+    scheme: http
+    dns_sd_configs:
+    - names:
+      - opencost.opencost
+      type: 'A'
+      port: 9003
+
+alertmanager:
+  enabled: false
+prometheus-pushgateway:
+  enabled: false
@@ -0,0 +1,33 @@
+# -- Enable / Disable the installation of Kyverno
+kyverno:
+  enabled: true
+
+# -- Enable / Disable the installation of Kyverno FinOps Policies
+finops-policies:
+  enabled: true
+# -- Enable / Disable the installation of the VPA Controller
+vpa:
+  enabled: true
+# -- Enable / Disable the installation of the Grafana
+grafana:
+  enabled: true
+# -- Enable / Disable the installation of cert-manager
+cert-manager:
+  enabled: false
+# -- Enable / Disable the installation of OpenCost
+opencost:
+  enabled: false
+# -- Enable / Disable the installation of OpenCost Exporter
+opencost-exporter:
+  enabled: true
+
+opencost-templates:
+  enabled: true
+
+# -- Enable / Disable the installation of GMP Proxy (required when using Google Managed Prometheus)
+gmp-proxy:
+  enabled: true
+
+# -- Enable / Disable the installation of Fairwinds' Goldilocks
+goldilocks:
+  enabled: true
@@ -1,2 +1,7 @@
+dashboards: true
+opencost:
+  customPricing:
+    # -- This is only to enable custom pricing on on-premises or kind
+    enabled: false
 gke:
   podmonitoring: true