From 82f0507008f23d10a8f2c97591cd4fcddfd76eb6 Mon Sep 17 00:00:00 2001 From: Peter Olivo <7140818+peterolivo@users.noreply.github.com> Date: Thu, 11 Sep 2025 00:47:23 -0700 Subject: [PATCH 1/6] first pass at pdc-agent dependency chart feature --- charts/k8s-monitoring/Chart.lock | 7 +- charts/k8s-monitoring/Chart.yaml | 5 + charts/k8s-monitoring/README.md | 9 + .../Chart.lock | 6 + .../Chart.yaml | 17 ++ .../Makefile | 38 +++ .../README.md | 227 ++++++++++++++++++ .../README.md.gotmpl | 174 ++++++++++++++ .../charts/pdc-agent-0.0.1.tgz | Bin 0 -> 3523 bytes .../templates/_helpers.tpl | 84 +++++++ .../templates/_module.alloy.tpl | 114 +++++++++ .../templates/_notes.tpl | 58 +++++ .../templates/_validations.tpl | 47 ++++ .../templates/configmap.yaml | 15 ++ .../tests/__snapshot__/default_test.yaml.snap | 69 ++++++ .../tests/default_test.yaml | 38 +++ .../values.schema.json | 171 +++++++++++++ .../values.yaml | 134 +++++++++++ .../templates/features/_feature_helpers.tpl | 1 + .../_feature_private_datasource_connect.tpl | 52 ++++ charts/k8s-monitoring/values.schema.json | 14 ++ charts/k8s-monitoring/values.yaml | 22 ++ 22 files changed, 1300 insertions(+), 2 deletions(-) create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/Makefile create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/charts/pdc-agent-0.0.1.tgz create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_helpers.tpl create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_module.alloy.tpl create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_notes.tpl create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_validations.tpl create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/configmap.yaml create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/__snapshot__/default_test.yaml.snap create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/default_test.yaml create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/values.schema.json create mode 100644 charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml create mode 100644 charts/k8s-monitoring/templates/features/_feature_private_datasource_connect.tpl diff --git a/charts/k8s-monitoring/Chart.lock b/charts/k8s-monitoring/Chart.lock index 6334f073e8..db7e9bcd79 100644 --- a/charts/k8s-monitoring/Chart.lock +++ b/charts/k8s-monitoring/Chart.lock @@ -20,6 +20,9 @@ dependencies: - name: feature-node-logs repository: "" version: 1.0.0 +- name: feature-private-datasource-connect + repository: "" + version: 1.0.0 - name: feature-pod-logs repository: "" version: 1.0.0 @@ -35,5 +38,5 @@ dependencies: - name: alloy-operator repository: https://grafana.github.io/helm-charts version: 0.3.9 -digest: sha256:d7ff598436ab7b66ce0bf17bb8d246f67efa44101acccce422e24d126f863cbd -generated: "2025-09-10T11:02:57.550572-05:00" +digest: sha256:4de5a9bbe78660e5c6f25e4ada8bea5fe0647014ba627e4f636be793412380c6 +generated: "2025-09-11T00:34:04.100906-07:00" diff --git a/charts/k8s-monitoring/Chart.yaml b/charts/k8s-monitoring/Chart.yaml index 2b9de26a5c..0da8c76041 100644 --- a/charts/k8s-monitoring/Chart.yaml +++ b/charts/k8s-monitoring/Chart.yaml @@ -48,6 +48,11 @@ dependencies: repository: "" version: 1.0.0 condition: nodeLogs.enabled + - alias: privateDatasourceConnect + name: feature-private-datasource-connect + repository: "" + version: 1.0.0 + condition: privateDatasourceConnect.enabled - alias: podLogs name: feature-pod-logs repository: "" diff --git a/charts/k8s-monitoring/README.md b/charts/k8s-monitoring/README.md index cfecffb979..c9c6572094 100644 --- a/charts/k8s-monitoring/README.md +++ b/charts/k8s-monitoring/README.md @@ -250,6 +250,7 @@ details: | | integrations(feature-integrations) | 1.0.0 | | | nodeLogs(feature-node-logs) | 1.0.0 | | | podLogs(feature-pod-logs) | 1.0.0 | +| | privateDatasourceConnect(feature-private-datasource-connect) | 1.0.0 | | | profilesReceiver(feature-profiles-receiver) | 1.0.0 | | | profiling(feature-profiling) | 1.0.0 | | | prometheusOperatorObjects(feature-prometheus-operator-objects) | 1.0.0 | @@ -404,6 +405,14 @@ details: | podLogs.destinations | list | `[]` | The destinations where logs will be sent. If empty, all logs-capable destinations will be used. | | podLogs.enabled | bool | `false` | Enable gathering Kubernetes Pod logs. | +### Features - Private Datasource Connect + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| privateDatasourceConnect | object | Disabled | Private Datasource Connect (PDC) Agent. Deploys and configures the PDC Agent for Grafana Cloud observability. Requires a destination that supports metrics. To see the valid options, please see the [PDC Agent feature documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-pdc-agent). | +| privateDatasourceConnect.destinations | list | `[]` | The destinations where PDC Agent metrics will be sent. If empty, all metrics-capable destinations will be used. | +| privateDatasourceConnect.enabled | bool | `false` | Enable the PDC Agent deployment. | + ### Features - Profiles Receiver | Key | Type | Default | Description | diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock new file mode 100644 index 0000000000..3dbf755885 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: pdc-agent + repository: "" + version: 0.0.1 +digest: sha256:b4d74e65bf1173d5089f8f363cf4d5fabd5d2dd41ef4caae700843c30e2a4cfd +generated: "2025-09-11T00:28:19.924582-07:00" diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml new file mode 100644 index 0000000000..199a71e0a7 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v2 +name: feature-private-datasource-connect +description: Deploys and configures the PDC Agent for Grafana Cloud observability +icon: https://raw.githubusercontent.com/grafana/grafana/main/public/img/grafana_icon.svg +sources: + - https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-private-datasource-connect +version: 1.0.0 +appVersion: 1.0.0 +maintainers: + - email: peter.olivo@grafana.com + name: peterolivo +dependencies: + - name: pdc-agent + version: 0.0.1 + repository: "" + condition: enabled diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/Makefile b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Makefile new file mode 100644 index 0000000000..a3c8a5aa57 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Makefile @@ -0,0 +1,38 @@ +HAS_HELM_UNITTEST := $(shell helm plugin list | grep unittest 2> /dev/null) + +.SECONDEXPANSION: +README.md: values.yaml Chart.yaml $$(wildcard README.md.gotmpl) + docker run --rm --platform linux/amd64 --volume $(shell pwd):/chart ghcr.io/grafana/helm-chart-toolbox-doc-generator --chart /chart > $@ + +Chart.lock: Chart.yaml + helm dependency update . + @touch Chart.lock # Ensure the timestamp is updated + +values.schema.json: values.yaml $$(wildcard schema-mods/*) + docker run --rm --platform linux/amd64 --volume $(shell pwd):/chart ghcr.io/grafana/helm-chart-toolbox-schema-generator --chart /chart > $@ + +.PHONY: clean +clean: + rm -f README.md values.schema.json + +.PHONY: build +build: README.md Chart.lock values.schema.json + +.PHONY: test +test: build + helm repo add grafana https://grafana.github.io/helm-charts + helm lint . + ct lint --lint-conf ../../.lintconf.yaml --helm-dependency-extra-args=--skip-refresh --charts . +ifdef HAS_HELM_UNITTEST + helm unittest . +else + docker run --rm --volume $(shell pwd):/apps helmunittest/helm-unittest:3.18.4-1.0.0 . +endif + +.PHONY: update-test-snapshots +update-test-snapshots: +ifdef HAS_HELM_UNITTEST + helm unittest . --update-snapshot +else + docker run --rm --volume $(shell pwd):/apps helmunittest/helm-unittest:3.18.4-1.0.0 . --update-snapshot +endif diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md new file mode 100644 index 0000000000..c1f280810a --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md @@ -0,0 +1,227 @@ + + +# Feature: Private Datasource Connect + +The Private Datasource Connect (PDC) feature enables the deployment and monitoring of the PDC Agent for Grafana Cloud observability within a Kubernetes cluster. + +The PDC Agent creates secure tunnels to connect external data sources (like databases, APIs, or services running outside your Kubernetes cluster) to your Grafana Cloud instance through Private Data Source Connect. + +## Overview + +The Private Datasource Connect feature: + +- **Deploys the PDC Agent**: Uses the official pdc-agent Helm chart as a dependency +- **Configures Metrics Collection**: Sets up Alloy to discover and scrape PDC Agent metrics +- **Provides Security**: Uses proper security contexts and non-root containers +- **Enables Monitoring**: Routes PDC Agent metrics to your chosen destinations +- **Validates Configuration**: Ensures required PDC connection settings are provided + +## Required Setup + +Before enabling this feature, you must: + +1. **Create an Access Policy token** in your Grafana Cloud stack with appropriate permissions +2. **Create a Kubernetes secret** with the token (recommended for production): + ```bash + kubectl create secret generic pdc-token --from-literal=token=YOUR_ACCESS_POLICY_TOKEN + ``` + +## Usage + +### Basic Configuration + +```yaml +privateDatasourceConnect: + enabled: true + pdc-agent: + cluster: "prod-us-central-0" # Your Hosted Grafana stack cluster + hostedGrafanaId: "123456" # Your Hosted Grafana stack ID + tokenSecretName: "pdc-token" # Kubernetes secret with Access Policy token +``` + +### Advanced Configuration + +```yaml +privateDatasourceConnect: + enabled: true + destinations: ["prometheus"] # Custom destination routing + + pdc-agent: + # Required PDC connection settings + cluster: "prod-us-central-0" + hostedGrafanaId: "123456" + tokenSecretName: "pdc-token" + + # Optional deployment settings + replicaCount: 3 + image: + repository: grafana/pdc-agent + tag: "v1.2.3" + pullPolicy: IfNotPresent + + metricsPort: 8090 + debug: false + + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + + # Security contexts (using chart defaults) + podSecurityContext: + runAsUser: 30000 + runAsGroup: 30000 + fsGroup: 30000 + + securityContext: + capabilities: + drop: [ALL] + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + + # Additional arguments for the PDC agent + extraArgs: [] + + # Feature-specific metric filtering + metricsTuning: + includeMetrics: + - "pdc_.*" + - "ssh_.*" + - "go_.*" + excludeMetrics: + - ".*_debug_.*" + + # Custom relabeling rules + extraDiscoveryRules: | + rule { + source_labels = ["__meta_kubernetes_pod_annotation_custom_label"] + target_label = "custom_label" + } + + extraMetricProcessingRules: | + rule { + source_labels = ["__name__"] + regex = "pdc_ssh_connection_duration_seconds" + target_label = "__tmp_connection_time" + } +``` + +### Testing Configuration (Not Recommended for Production) + +For testing purposes only, you can use an insecure token value: + +```yaml +privateDatasourceConnect: + enabled: true + pdc-agent: + cluster: "prod-us-central-0" + hostedGrafanaId: "123456" + insecureTokenValue: "your-access-policy-token-here" # NOT for production! +``` + +## Configuration Reference + +### Required Settings + +The following settings are required when the feature is enabled: + +- `pdc-agent.cluster`: The cluster where your Hosted Grafana stack is running +- `pdc-agent.hostedGrafanaId`: The numeric ID of your Hosted Grafana stack +- Authentication: Either `pdc-agent.tokenSecretName` OR `pdc-agent.insecureTokenValue` + +### PDC Agent Configuration + +All configuration under `pdc-agent.*` is passed directly to the PDC Agent Helm chart. See the [PDC Agent documentation](https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/configure-pdc/) for complete configuration options. + +### Metrics Collection + +The feature automatically configures Alloy to: +- Discover PDC Agent pods using Kubernetes service discovery +- Scrape metrics from the `/metrics` endpoint on port 8090 +- Apply custom relabeling rules if specified +- Route metrics to configured destinations + +## Testing + +This chart contains unit tests to verify the generated configuration. The hidden value `deployAsConfigMap` will render +the generated configuration into a ConfigMap object. While this ConfigMap is not used during regular operation, you can +use it to show the outcome of a given values file. + +The unit tests use this ConfigMap to create an object with the configuration that can be asserted against. To run the +tests, use `helm test`. + +Be sure perform actual integration testing in a live environment in the main [k8s-monitoring](../..) chart. + + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| peterolivo | | | + + + +## Source Code + +* + + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| | pdc-agent | 0.0.1 | + +## Values + +### PDC Agent + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| enabled | bool | `true` | Enable the PDC Agent deployment. | +| extraDiscoveryRules | string | `""` | Rule blocks to be added to the prometheus.scrape component for PDC Agent metrics. These relabeling rules are applied pre-scrape against the targets from service discovery. ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.scrape/#rule-block)) | +| extraMetricProcessingRules | string | `""` | Rule blocks to be added to the prometheus.relabel component for PDC Agent. These relabeling rules are applied post-scrape against the metrics returned from the scraped target. ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.relabel/#rule-block)) | +| maxCacheSize | string | `nil` | Sets the max_cache_size for PDC Agent prometheus.relabel component. This should be at least 2x-5x your largest scrape target or samples appended rate. ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.relabel/#arguments)) Overrides global.maxCacheSize | +| metricsTuning.excludeMetrics | list | `[]` | Metrics to drop. Can use regular expressions. | +| metricsTuning.includeMetrics | list | `[]` | Metrics to keep. Can use regular expressions. | +| namespace | string | `""` | Namespace to deploy the PDC Agent in. | +| scrapeInterval | string | 60s | The default interval between scraping targets. Overrides global.scrapeInterval | +| scrapeTimeout | string | 10s | The default timeout for scrape requests. | + +### Global Settings + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| global.maxCacheSize | int | `100000` | Sets the max_cache_size for every prometheus.relabel component. ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.relabel/#arguments)) This should be at least 2x-5x your largest scrape target or samples appended rate. | +| global.scrapeInterval | string | `"60s"` | How frequently to scrape metrics. | + +### Other Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| pdc-agent.affinity | object | `{}` | | +| pdc-agent.cluster | string | `""` | The cluster where your Hosted Grafana stack is running | +| pdc-agent.debug | bool | `false` | Enable debug logging for the agent | +| pdc-agent.extraArgs | list | `[]` | Extra arguments for the pdc-agent | +| pdc-agent.fullnameOverride | string | `""` | | +| pdc-agent.hostedGrafanaId | string | `""` | The numeric ID of your Hosted Grafana stack | +| pdc-agent.image | object | `{"pullPolicy":"IfNotPresent","repository":"grafana/pdc-agent","tag":""}` | Container image configuration | +| pdc-agent.imagePullSecrets | list | `[]` | Secrets for pulling an image from a private repository | +| pdc-agent.insecureTokenValue | string | `""` | Insecure token value for testing purposes (not recommended for production) | +| pdc-agent.metricsPort | int | `8090` | The port where metrics are served from the pdc agent | +| pdc-agent.nameOverride | string | `""` | Override the chart name | +| pdc-agent.nodeSelector | object | `{}` | Node selector, tolerations, and affinity | +| pdc-agent.podLabels | object | `{}` | Pod labels | +| pdc-agent.podSecurityContext | object | `{"fsGroup":30000,"runAsGroup":30000,"runAsUser":30000}` | Pod security context | +| pdc-agent.replicaCount | int | `3` | This will set the replicaset count | +| pdc-agent.resources | object | `{"requests":{"cpu":"100m","memory":"256Mi"}}` | Resource limits and requests | +| pdc-agent.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"runAsNonRoot":true}` | Container security context | +| pdc-agent.tokenSecretName | string | `""` | Secret name containing the Access Policy token (expects key 'token') | +| pdc-agent.tolerations | list | `[]` | | diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl new file mode 100644 index 0000000000..ba8fcbba67 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl @@ -0,0 +1,174 @@ + + +# Feature: Private Datasource Connect + +{{ template "chart.deprecationWarning" . }} + +The Private Datasource Connect (PDC) feature enables the deployment and monitoring of the PDC Agent for Grafana Cloud observability within a Kubernetes cluster. + +The PDC Agent creates secure tunnels to connect external data sources (like databases, APIs, or services running outside your Kubernetes cluster) to your Grafana Cloud instance through Private Data Source Connect. + +## Overview + +The Private Datasource Connect feature: + +- **Deploys the PDC Agent**: Uses the official pdc-agent Helm chart as a dependency +- **Configures Metrics Collection**: Sets up Alloy to discover and scrape PDC Agent metrics +- **Provides Security**: Uses proper security contexts and non-root containers +- **Enables Monitoring**: Routes PDC Agent metrics to your chosen destinations +- **Validates Configuration**: Ensures required PDC connection settings are provided + +## Required Setup + +Before enabling this feature, you must: + +1. **Create an Access Policy token** in your Grafana Cloud stack with appropriate permissions +2. **Create a Kubernetes secret** with the token (recommended for production): + ```bash + kubectl create secret generic pdc-token --from-literal=token=YOUR_ACCESS_POLICY_TOKEN + ``` + +## Usage + +### Basic Configuration + +```yaml +privateDatasourceConnect: + enabled: true + pdc-agent: + cluster: "prod-us-central-0" # Your Hosted Grafana stack cluster + hostedGrafanaId: "123456" # Your Hosted Grafana stack ID + tokenSecretName: "pdc-token" # Kubernetes secret with Access Policy token +``` + +### Advanced Configuration + +```yaml +privateDatasourceConnect: + enabled: true + destinations: ["prometheus"] # Custom destination routing + + pdc-agent: + # Required PDC connection settings + cluster: "prod-us-central-0" + hostedGrafanaId: "123456" + tokenSecretName: "pdc-token" + + # Optional deployment settings + replicaCount: 3 + image: + repository: grafana/pdc-agent + tag: "v1.2.3" + pullPolicy: IfNotPresent + + metricsPort: 8090 + debug: false + + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + + # Security contexts (using chart defaults) + podSecurityContext: + runAsUser: 30000 + runAsGroup: 30000 + fsGroup: 30000 + + securityContext: + capabilities: + drop: [ALL] + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + + # Additional arguments for the PDC agent + extraArgs: [] + + # Feature-specific metric filtering + metricsTuning: + includeMetrics: + - "pdc_.*" + - "ssh_.*" + - "go_.*" + excludeMetrics: + - ".*_debug_.*" + + # Custom relabeling rules + extraDiscoveryRules: | + rule { + source_labels = ["__meta_kubernetes_pod_annotation_custom_label"] + target_label = "custom_label" + } + + extraMetricProcessingRules: | + rule { + source_labels = ["__name__"] + regex = "pdc_ssh_connection_duration_seconds" + target_label = "__tmp_connection_time" + } +``` + +### Testing Configuration (Not Recommended for Production) + +For testing purposes only, you can use an insecure token value: + +```yaml +privateDatasourceConnect: + enabled: true + pdc-agent: + cluster: "prod-us-central-0" + hostedGrafanaId: "123456" + insecureTokenValue: "your-access-policy-token-here" # NOT for production! +``` + +## Configuration Reference + +### Required Settings + +The following settings are required when the feature is enabled: + +- `pdc-agent.cluster`: The cluster where your Hosted Grafana stack is running +- `pdc-agent.hostedGrafanaId`: The numeric ID of your Hosted Grafana stack +- Authentication: Either `pdc-agent.tokenSecretName` OR `pdc-agent.insecureTokenValue` + +### PDC Agent Configuration + +All configuration under `pdc-agent.*` is passed directly to the PDC Agent Helm chart. See the [PDC Agent documentation](https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/configure-pdc/) for complete configuration options. + +### Metrics Collection + +The feature automatically configures Alloy to: +- Discover PDC Agent pods using Kubernetes service discovery +- Scrape metrics from the `/metrics` endpoint on port 8090 +- Apply custom relabeling rules if specified +- Route metrics to configured destinations + +## Testing + +This chart contains unit tests to verify the generated configuration. The hidden value `deployAsConfigMap` will render +the generated configuration into a ConfigMap object. While this ConfigMap is not used during regular operation, you can +use it to show the outcome of a given values file. + +The unit tests use this ConfigMap to create an object with the configuration that can be asserted against. To run the +tests, use `helm test`. + +Be sure perform actual integration testing in a live environment in the main [k8s-monitoring](../..) chart. + + +{{ template "chart.maintainersSection" . }} + + + +{{ template "chart.sourcesSection" . }} + + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/charts/pdc-agent-0.0.1.tgz b/charts/k8s-monitoring/charts/feature-private-datasource-connect/charts/pdc-agent-0.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4946703645cfd7ae67440c51f97672cf20c62547 GIT binary patch literal 3523 zcmV;!4LtH6iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH(|Z`-(%{ac@6)_D)u=2nuOI7!#IcZVR!?iQPEgF5YDQ7l?o z8q3^Jq?V+d_~PDYKakWf%Sz(3Y5Eojfi^NVoEZ-12RTD!apaQ(xekwJMCxEcQugeD zTfg7$?+=IeZ@=Gf|LyPf`_Be@{oR9uz5V{d@L7Mb+aC^}LI0r{>1w&sL_X_(F|GFG z{w9rN^c_k?1s}nD$0J!*{p<(*V7TYSs3J)-ZTrrSkHD%6Pz8h+&r=~G5}aeCDNjHP z_*s%E;RMbkofD04Of&%{av32UIY@6NQXIid>r9QpFmWS-NTgvbB2{+y5fgbF7U+Gv z(kMA$Y~jy@(in%CBjLwH6W@{W3+T|}#L%de+;i{M$n$H$RL}B>rCX2;Yk0lLa0DdF z7>$S#fj4i8XW)J7_50FR+y9)f9M#uw0C(8`-e7ppw*TG1{*(PbM%#j8oRXYraO-bv zxl)S2+k*2MRo2?!_ru>#{i%>C(HdizQicZL7$Zg`!kkD-CJdEv0273aD1|Xlt_3Va zE;l~Y%!mF3M0B$T5B znvw(`jI|1{3N2z4diL+g10xTis1|ZDf_3i%(B?7A8G}qP8ZGQfI)s4-_RX1nF@l%V zS3;jjR3(zvbCi1v`btZ1h+$tC)ki2X{?q2a@~9QbAUkeE=V<)RS& zSCQ$1&Bgi4RM%26WDN5%F@bXnlrZ6*%FdMZNuiT)hytYOpsYp1kOZk ztn4QtJ7hA$=tAUrGet9O&naG7W1u|oFR7mSV)7?OT7}Hg482Umj{FF&KY8Zo7^7TL zy*LtF_!}Yg2(--6D72(=$}qur1XIG4=_8DZ%d_&uiHZm#ZsX!0Jc-o~z!=wGIVxR{ zwI1o{>}}ayDR8AW0h}AXGwa3$WP);CEuH~1gJ(3Ep&3Uw41RzKMkH4VB15j!%nVhO zC(NjhL=t0cX-8Q;fXg!RK@Hw2 zoaU@BJ~RO1@h|ld<=MwdX`J!t87eHI#5$x356@GSG=i7MAf`9t@f`m}-^;j0;+*{} zk|La3WyY@nDLTP;8@Rv)eAMCs`A4{%(P&m`w2Li=QG`l?3shj?3>%OjHyVerXZyw# znVK}^*1O=j0eEMY$xJslTM#X(4TeK$R}o?=G16>dRMfnSF=Jwp8Wl0SV7I}kTyqF#7j?)S6UJvGRY0%IxJREd^NC9KJvCUI-7(OCMID@C=auXBvfi< z{soB$KM#RXvxreM`$XIyMU=)Ch52C+*m)ny#CeEsz0G}UH?(>wtKE6{>h<}_IM7%6 zfoR;7{}~R4t@Gb-Z*TAE{P!5mc>O9_Qzdt1M8O1+7cSAcP#X@4uo1xTBDbE4i%Y0t z6~uL($8KNE-bWh;YH)MZX6G4r-uRKDXZ@3`fNSCBsy+jBU^3&s^%{N6)@A=6X2>#> zD$v=3q=N3S|DA)~cK&y7IDE?gJW9L14!6CNtBmm2ZcEHz)$IMMlWpK_ho3%q*VjJ8 zIHeq+SEq*zbPxRcz0DH@u9RSRfx$bMR%{-EVQJ2AJc9jQ`$*GqKAqAl==nV;a3PP) zqi6X$l1MZHsVJCZ^#cCN38PbrF_0`PPT>E84!4EZhJu-est#gGq}V)Z+xbo@ve+Fs z7)_~m{?7WX?g18a7DD#Pe`;JuuJM218aLaX+%bwU8BcImANx{atk2pQ%J zZf_B7nK`J%OQ)4I+i8VTYB#>$MB+?Uc>ZCzAN_0dC9Qd^-lZC@1g{@({&0?alM4pnXaV`@a!JzJW%gLNjMkWkL(D$G!fE7G8q-q*lVfS7F zd*K+Z$Jtz4DXc1^--goScapN(F%|yA{47_blSsR2QsY^xr`&^w76;vvYt<)e;Er;` zXA`cgbTt~kwuWZlZb-0$VRaL?w{m<7*MpsPiYu&Fi!g#-!-i~E&?vcm`ZQX5tw{pQ z_BL=OQuo?a&Ki}*HGFj$a+SYK$fjmArCVhBSKc+&!&Lwpgc_BBRT`F#6k0@rjo|#~ z?6zg9Dn+X}RtiWDvoy%(-4j25{p-oA7XPh-Kr0)*K3|*Z{z-~-)OrC$TK-pDyus=E z+lHqvi#pIdEOYtp*i@vl>%5W6u2WSF>21!bX&1N{IV2s^wr7CG+&dEf-P2!H!}U>( zt>X<;JKszRWzajJ+7|p;(-X3*Ad%)u+p7^$%xP@I(@nFjBDGE&oxUBPpS-zon$5K; zt3vK5+O;Sp#0?TCiT?6>e13BL;paDpKOMe0{P6O4Bl4XUsF%mxoU|%R-5e2_toaDP zm_w`kAKw>}dftX#S1$u?ZEX!Uu{p>h;pmr%NgA&WUz5=DHTTfaTvusa6SmJp5-^-2 zYrU}WYY02E#B@u-llqWem0{M&8KdYzaC^LM){Sehm1^>X#`m&bT!T~<HAFLlwM)%%<#MC0lemH0fO6+h9$^Q0;3!QFE}257;7QX+kzsE_3mg4F_p>-5~@S{ zzhmDECjTo#`+wOnOG5Ks`BTk#SRa z|LpD$TK2y)9Q2>;|1sKD<8r+B-TRfx|ARliFN?G^O#(HuWs-o3a6;k)!vfg1uzurS zB4Pin^n&5Pri^G`{go4m&*8iG=k43{cMve}egk|H8i#9NFx)|;9^gCpJE?fyLw*L~ zZEyb~Qq0Wxe0v-I^Q+dy|I72XwqRUx5ToZcN#1hR$BlHGCC^*Jueg9Em=%I$b%)$M zRbPw1(p&nbx&O;QD^K>9x2*PbumpD>6_)Vv`qM|VzuM$lp`iu!X+~*jR$vJqdp(2W z^X|x5q;9XigozN$AhdS^4bF$SXlNSL z`{gp-_d2Y_x`~#o9N)gg*y^P6I+hZkm6#2R>)`d2?X~dRM%0(e?>p$NvYw!G%u4m3 zhH=9G_xU8H;I&9N2IY12AjzerpiKQe^M@f2^{2czW8qad`d3!NwGuUoJETX_?n!+Nr~J%l+!NstZ2q z3`pCzZt532|6a{I%(bYwuzt;5q$rDHkQ;@A_cLUvZ|n!=gWyGTYuebfa3L>+i2n>L z=&-n=qe3_A`QPD8_L!|c|3x%3!ODO5??CU${|t88-+vDG_YR)Ue~-~RKU^5>><;(# x4_^G(?=`*?vD#7m>~(ws(j4`zr}fmH+EaUKPwkHO{{a91|Nmj_Oqu{j004?X2Lu2B literal 0 HcmV?d00001 diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_helpers.tpl b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_helpers.tpl new file mode 100644 index 0000000000..500a1ffd4b --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_helpers.tpl @@ -0,0 +1,84 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "feature-private-datasource-connect.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "feature-private-datasource-connect.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "feature-private-datasource-connect.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "feature-private-datasource-connect.labels" -}} +helm.sh/chart: {{ include "feature-private-datasource-connect.chart" . }} +{{ include "feature-private-datasource-connect.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "feature-private-datasource-connect.selectorLabels" -}} +app.kubernetes.io/name: {{ include "feature-private-datasource-connect.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the namespace for PDC Agent if specified +*/}} +{{- define "feature-private-datasource-connect.namespace" -}} +{{- if .Values.namespace }} +{{- .Values.namespace }} +{{- else }} +{{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Get the scrape interval for PDC Agent +*/}} +{{- define "feature-private-datasource-connect.scrapeInterval" -}} +{{- if .Values.scrapeInterval }} +{{- .Values.scrapeInterval }} +{{- else }} +{{- .Values.global.scrapeInterval | default "60s" }} +{{- end }} +{{- end }} + +{{/* +Get the max cache size for PDC Agent +*/}} +{{- define "feature-private-datasource-connect.maxCacheSize" -}} +{{- if .Values.maxCacheSize }} +{{- .Values.maxCacheSize }} +{{- else }} +{{- .Values.global.maxCacheSize | default 100000 }} +{{- end }} +{{- end }} diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_module.alloy.tpl b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_module.alloy.tpl new file mode 100644 index 0000000000..166146ac50 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_module.alloy.tpl @@ -0,0 +1,114 @@ +{{- define "feature.privateDatasourceConnect.module" }} +{{- if .Values.enabled }} +declare "pdc_agent" { + argument "metrics_destinations" { + comment = "Must be a list of metric destinations where collected metrics should be forwarded to" + } + + {{- $metricAllowList := .Values.metricsTuning.includeMetrics }} + {{- $metricDenyList := .Values.metricsTuning.excludeMetrics }} + {{- $namespace := include "feature-private-datasource-connect.namespace" . }} + + // Kubernetes service discovery for PDC Agent + discovery.kubernetes "pdc_agent_pods" { + role = "pod" + {{- if $namespace }} + namespaces { + names = [{{ $namespace | quote }}] + } + {{- end }} + } + + // Relabel rules for PDC Agent service discovery + discovery.relabel "pdc_agent_pods" { + targets = discovery.kubernetes.pdc_agent_pods.targets + + // Only target pods with the pdc-agent label + rule { + source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"] + regex = "pdc-agent" + action = "keep" + } + + // Set the address to the pod IP and port + rule { + source_labels = ["__meta_kubernetes_pod_ip"] + target_label = "__address__" + replacement = "${1}:{{ index .Values "pdc-agent" "metricsPort" | default "8090" }}" + } + + // Set the instance label + rule { + source_labels = ["__meta_kubernetes_pod_name"] + target_label = "instance" + } + + // Set the job label + rule { + target_label = "job" + replacement = "pdc-agent" + } + + // Set the namespace label + rule { + source_labels = ["__meta_kubernetes_pod_namespace"] + target_label = "namespace" + } + + // Set the pod label + rule { + source_labels = ["__meta_kubernetes_pod_name"] + target_label = "pod" + } + + {{- if .Values.extraDiscoveryRules }} + {{ .Values.extraDiscoveryRules | indent 4 }} + {{- end }} + + } + + // Prometheus scraper for PDC Agent + prometheus.scrape "pdc_agent" { + targets = discovery.relabel.pdc_agent_pods.output + scrape_interval = {{ include "feature-private-datasource-connect.scrapeInterval" . | quote }} + {{- if .Values.scrapeTimeout }} + scrape_timeout = {{ .Values.scrapeTimeout | quote }} + {{- end }} + metrics_path = "/metrics" + scheme = "http" + + {{- if or $metricAllowList $metricDenyList .Values.extraMetricProcessingRules }} + forward_to = [prometheus.relabel.pdc_agent.receiver] + {{- else }} + forward_to = argument.metrics_destinations.value + {{- end }} + } + + {{- if or $metricAllowList $metricDenyList .Values.extraMetricProcessingRules }} + // Metric processing and filtering + prometheus.relabel "pdc_agent" { + {{- if $metricAllowList }} + rule { + source_labels = ["__name__"] + regex = "{{ $metricAllowList | join "|" }}" + action = "keep" + } + {{- end }} + {{- if $metricDenyList }} + rule { + source_labels = ["__name__"] + regex = "{{ $metricDenyList | join "|" }}" + action = "drop" + } + {{- end }} + {{- if .Values.extraMetricProcessingRules }} + {{ .Values.extraMetricProcessingRules | indent 4 }} + {{- end }} + + max_cache_size = {{ include "feature-private-datasource-connect.maxCacheSize" . }} + forward_to = argument.metrics_destinations.value + } + {{- end }} +} +{{- end }} +{{- end -}} diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_notes.tpl b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_notes.tpl new file mode 100644 index 0000000000..42a5f5c850 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_notes.tpl @@ -0,0 +1,58 @@ +{{- define "feature.privateDatasourceConnect.notes.deployments" }} +{{- if .Values.enabled }} +* PDC Agent deployment and associated resources +{{- end }} +{{- end }} + +{{- define "feature.privateDatasourceConnect.notes.task" }} +{{- if .Values.enabled }} +Deploys and monitors the PDC (Private Data Cloud) Agent for Grafana Cloud observability. +{{- else }} +PDC Agent feature is disabled. +{{- end }} +{{- end }} + +{{- define "feature.privateDatasourceConnect.notes.actions" }} +{{- if .Values.enabled }} +{{- if not (index .Values "pdc-agent" "image" "tag") }} +NOTE: No specific image tag was set for PDC Agent. The chart will use the default tag. +{{- end }} +{{- if not (index .Values "pdc-agent" "cluster") }} +WARNING: PDC Agent cluster is not configured. Please set 'pdc-agent.cluster'. +{{- end }} +{{- if not (index .Values "pdc-agent" "hostedGrafanaId") }} +WARNING: PDC Agent hostedGrafanaId is not configured. Please set 'pdc-agent.hostedGrafanaId'. +{{- end }} +{{- if and (not (index .Values "pdc-agent" "tokenSecretName")) (not (index .Values "pdc-agent" "insecureTokenValue")) }} +WARNING: PDC Agent authentication token is not configured. Please set either 'tokenSecretName' or 'insecureTokenValue'. +{{- end }} +{{- if index .Values "pdc-agent" "debug" }} +NOTE: PDC Agent debug logging is enabled. This may produce verbose logs. +{{- end }} +{{- end }} +{{- end }} + +{{- define "feature.privateDatasourceConnect.summary" -}} +version: {{ .Chart.Version }} +enabled: {{ .Values.enabled }} +{{- if .Values.enabled }} +{{- if .Values.namespace }} +namespace: {{ .Values.namespace }} +{{- end }} +{{- if .Values.scrapeInterval }} +scrapeInterval: {{ .Values.scrapeInterval }} +{{- else if .Values.global.scrapeInterval }} +scrapeInterval: {{ .Values.global.scrapeInterval }} +{{- end }} +metricsPort: {{ index .Values "pdc-agent" "metricsPort" | default "8090" }} +{{- if index .Values "pdc-agent" "replicaCount" }} +replicas: {{ index .Values "pdc-agent" "replicaCount" }} +{{- end }} +{{- if index .Values "pdc-agent" "cluster" }} +cluster: {{ index .Values "pdc-agent" "cluster" }} +{{- end }} +{{- if index .Values "pdc-agent" "hostedGrafanaId" }} +hostedGrafanaId: {{ index .Values "pdc-agent" "hostedGrafanaId" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_validations.tpl b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_validations.tpl new file mode 100644 index 0000000000..6e65739b6a --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/_validations.tpl @@ -0,0 +1,47 @@ +{{- define "feature.privateDatasourceConnect.validate" -}} +{{- if .Values.enabled }} + {{- if not (index .Values "pdc-agent") }} + {{- $msg := list "" "PDC Agent is enabled but no pdc-agent configuration is provided. Please provide configuration in the 'pdc-agent' section. For example:" }} + {{- $msg = append $msg "pdc-agent:" }} + {{- $msg = append $msg " cluster: \"prod-us-central-0\"" }} + {{- $msg = append $msg " hostedGrafanaId: \"123456\"" }} + {{- $msg = append $msg " tokenSecretName: \"pdc-token\"" }} + {{- fail (join "\n" $msg) }} + {{- end }} + + {{- if not (index .Values "pdc-agent" "cluster") }} + {{- $msg := list "" "PDC Agent is enabled but no cluster is specified. Please specify the cluster where your Hosted Grafana stack is running. For example:" }} + {{- $msg = append $msg "pdc-agent:" }} + {{- $msg = append $msg " cluster: \"prod-us-central-0\"" }} + {{- fail (join "\n" $msg) }} + {{- end }} + + {{- if not (index .Values "pdc-agent" "hostedGrafanaId") }} + {{- $msg := list "" "PDC Agent is enabled but no hostedGrafanaId is specified. Please specify the numeric ID of your Hosted Grafana stack. For example:" }} + {{- $msg = append $msg "pdc-agent:" }} + {{- $msg = append $msg " hostedGrafanaId: \"123456\"" }} + {{- fail (join "\n" $msg) }} + {{- end }} + + {{- if and (not (index .Values "pdc-agent" "tokenSecretName")) (not (index .Values "pdc-agent" "insecureTokenValue")) }} + {{- $msg := list "" "PDC Agent is enabled but no authentication token is provided. Please specify either tokenSecretName or insecureTokenValue. For example:" }} + {{- $msg = append $msg "pdc-agent:" }} + {{- $msg = append $msg " tokenSecretName: \"pdc-token\"" }} + {{- $msg = append $msg " # OR for testing only:" }} + {{- $msg = append $msg " # insecureTokenValue: \"your-token-here\"" }} + {{- fail (join "\n" $msg) }} + {{- end }} + + {{- if and .Values.scrapeInterval (not (regexMatch "^[0-9]+(ns|us|µs|ms|s|m|h)$" .Values.scrapeInterval)) }} + {{- fail "PDC Agent scrapeInterval must be a valid duration (e.g., '30s', '1m', '5m')" }} + {{- end }} + + {{- if and .Values.scrapeTimeout (not (regexMatch "^[0-9]+(ns|us|µs|ms|s|m|h)$" .Values.scrapeTimeout)) }} + {{- fail "PDC Agent scrapeTimeout must be a valid duration (e.g., '10s', '30s')" }} + {{- end }} + + {{- if and .Values.maxCacheSize (not (kindIs "float64" .Values.maxCacheSize)) }} + {{- fail "PDC Agent maxCacheSize must be a number" }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/configmap.yaml b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/configmap.yaml new file mode 100644 index 0000000000..cd7695e2bf --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/templates/configmap.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.deployAsConfigMap .Values.enabled }} +{{- $alloyConfig := include "feature.privateDatasourceConnect.module" . }} +{{- $alloyConfig = regexReplaceAll `[ \t]+(\r?\n)` $alloyConfig "\n" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-config + namespace: {{ .Release.Namespace }} + labels: + {{- include "feature-private-datasource-connect.labels" . | nindent 4 }} +data: + module.alloy: |- + {{- $alloyConfig | trim | nindent 4 }} +{{- end }} diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/__snapshot__/default_test.yaml.snap b/charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/__snapshot__/default_test.yaml.snap new file mode 100644 index 0000000000..b1a4b70b95 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/__snapshot__/default_test.yaml.snap @@ -0,0 +1,69 @@ +should generate the default configuration: + 1: | + |- + declare "pdc_agent" { + argument "metrics_destinations" { + comment = "Must be a list of metric destinations where collected metrics should be forwarded to" + } + + // Kubernetes service discovery for PDC Agent + discovery.kubernetes "pdc_agent_pods" { + role = "pod" + namespaces { + names = ["NAMESPACE"] + } + } + + // Relabel rules for PDC Agent service discovery + discovery.relabel "pdc_agent_pods" { + targets = discovery.kubernetes.pdc_agent_pods.targets + + // Only target pods with the pdc-agent label + rule { + source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"] + regex = "pdc-agent" + action = "keep" + } + + // Set the address to the pod IP and port + rule { + source_labels = ["__meta_kubernetes_pod_ip"] + target_label = "__address__" + replacement = "${1}:8090" + } + + // Set the instance label + rule { + source_labels = ["__meta_kubernetes_pod_name"] + target_label = "instance" + } + + // Set the job label + rule { + target_label = "job" + replacement = "pdc-agent" + } + + // Set the namespace label + rule { + source_labels = ["__meta_kubernetes_pod_namespace"] + target_label = "namespace" + } + + // Set the pod label + rule { + source_labels = ["__meta_kubernetes_pod_name"] + target_label = "pod" + } + + } + + // Prometheus scraper for PDC Agent + prometheus.scrape "pdc_agent" { + targets = discovery.relabel.pdc_agent_pods.output + scrape_interval = "60s" + metrics_path = "/metrics" + scheme = "http" + forward_to = argument.metrics_destinations.value + } + } diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/default_test.yaml b/charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/default_test.yaml new file mode 100644 index 0000000000..4f8d9b95d2 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/tests/default_test.yaml @@ -0,0 +1,38 @@ +# yamllint disable rule:document-start rule:line-length rule:trailing-spaces +suite: Feature - Private Datasource Connect - Defaults +templates: + - configmap.yaml +tests: + - it: should generate the default configuration + set: + deployAsConfigMap: true + enabled: true + pdc-agent: + cluster: "test-cluster" + hostedGrafanaId: "12345" + insecureTokenValue: "test-token" + asserts: + - isKind: + of: ConfigMap + - matchSnapshot: + path: data["module.alloy"] + + - it: should not create configmap when deployAsConfigMap is false + set: + deployAsConfigMap: false + enabled: true + pdc-agent: + cluster: "test-cluster" + hostedGrafanaId: "12345" + insecureTokenValue: "test-token" + asserts: + - hasDocuments: + count: 0 + + - it: should not create configmap when feature is disabled + set: + deployAsConfigMap: true + enabled: false + asserts: + - hasDocuments: + count: 0 diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.schema.json b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.schema.json new file mode 100644 index 0000000000..b69687f482 --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.schema.json @@ -0,0 +1,171 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "deployAsConfigMap": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + }, + "extraDiscoveryRules": { + "type": "string" + }, + "extraMetricProcessingRules": { + "type": "string" + }, + "global": { + "type": "object", + "properties": { + "maxCacheSize": { + "type": "integer" + }, + "scrapeInterval": { + "type": "string" + } + } + }, + "maxCacheSize": { + "type": "null" + }, + "metricsTuning": { + "type": "object", + "properties": { + "excludeMetrics": { + "type": "array" + }, + "includeMetrics": { + "type": "array" + } + } + }, + "namespace": { + "type": "string" + }, + "pdc-agent": { + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "cluster": { + "type": "string" + }, + "debug": { + "type": "boolean" + }, + "extraArgs": { + "type": "array" + }, + "fullnameOverride": { + "type": "string" + }, + "hostedGrafanaId": { + "type": "string" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "insecureTokenValue": { + "type": "string" + }, + "metricsPort": { + "type": "integer" + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "privileged": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "tokenSecretName": { + "type": "string" + }, + "tolerations": { + "type": "array" + } + } + }, + "scrapeInterval": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + } + } +} diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml new file mode 100644 index 0000000000..ff910bf5ae --- /dev/null +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml @@ -0,0 +1,134 @@ +--- +global: + # -- How frequently to scrape metrics. + # @section -- Global Settings + scrapeInterval: 60s + + # -- Sets the max_cache_size for every prometheus.relabel component. ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.relabel/#arguments)) + # This should be at least 2x-5x your largest scrape target or samples appended rate. + # @section -- Global Settings + maxCacheSize: 100000 + +# Feature configuration +# -- Enable the PDC Agent deployment. +# @section -- PDC Agent +enabled: true + +# -- Namespace to deploy the PDC Agent in. +# @section -- PDC Agent +namespace: "" + +# PDC Agent subchart values - passed directly to pdc-agent chart +pdc-agent: + # -- This will set the replicaset count + replicaCount: 3 + + # -- Container image configuration + image: + repository: grafana/pdc-agent + tag: "" + pullPolicy: IfNotPresent + + # -- Secrets for pulling an image from a private repository + imagePullSecrets: [] + + # -- Override the chart name + nameOverride: "" + fullnameOverride: "" + + # -- Pod labels + podLabels: {} + + # -- Pod security context + podSecurityContext: + runAsUser: 30000 + runAsGroup: 30000 + fsGroup: 30000 + + # -- Container security context + securityContext: + capabilities: + drop: + - ALL + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + + # -- Resource limits and requests + resources: + requests: + cpu: 100m + memory: 256Mi + + # -- Node selector, tolerations, and affinity + nodeSelector: {} + tolerations: [] + affinity: {} + + # -- The port where metrics are served from the pdc agent + metricsPort: 8090 + + # -- Enable debug logging for the agent + debug: false + + # PDC Connection Configuration + # See https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/configure-pdc/#pdc-connection-steps + + # -- The cluster where your Hosted Grafana stack is running + cluster: "" + + # -- The numeric ID of your Hosted Grafana stack + hostedGrafanaId: "" + + # -- Secret name containing the Access Policy token (expects key 'token') + tokenSecretName: "" + + # -- Insecure token value for testing purposes (not recommended for production) + insecureTokenValue: "" + + # -- Extra arguments for the pdc-agent + extraArgs: [] + +# Feature-specific configuration (not passed to subchart) +# -- Rule blocks to be added to the prometheus.scrape component for PDC Agent metrics. +# These relabeling rules are applied pre-scrape against the targets from service discovery. +# ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.scrape/#rule-block)) +# @section -- PDC Agent +extraDiscoveryRules: "" + +# -- Rule blocks to be added to the prometheus.relabel component for PDC Agent. +# These relabeling rules are applied post-scrape against the metrics returned from the scraped target. +# ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.relabel/#rule-block)) +# @section -- PDC Agent +extraMetricProcessingRules: "" + +# Adjustments to the scraped metrics to filter the amount of data sent to storage. +metricsTuning: + # -- Metrics to keep. Can use regular expressions. + # @section -- PDC Agent + includeMetrics: [] + # -- Metrics to drop. Can use regular expressions. + # @section -- PDC Agent + excludeMetrics: [] + +# -- The default interval between scraping targets. +# Overrides global.scrapeInterval +# @default -- 60s +# @section -- PDC Agent +scrapeInterval: "" + +# -- The default timeout for scrape requests. +# @default -- 10s +# @section -- PDC Agent +scrapeTimeout: "" + +# -- Sets the max_cache_size for PDC Agent prometheus.relabel component. +# This should be at least 2x-5x your largest scrape target or samples appended rate. +# ([docs](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.relabel/#arguments)) +# Overrides global.maxCacheSize +# @raw +# @section -- PDC Agent +maxCacheSize: + +# @ignore +deployAsConfigMap: false diff --git a/charts/k8s-monitoring/templates/features/_feature_helpers.tpl b/charts/k8s-monitoring/templates/features/_feature_helpers.tpl index 23c6340d21..05b3a81092 100644 --- a/charts/k8s-monitoring/templates/features/_feature_helpers.tpl +++ b/charts/k8s-monitoring/templates/features/_feature_helpers.tpl @@ -5,6 +5,7 @@ - clusterMetrics - clusterEvents - nodeLogs +- privateDatasourceConnect - podLogs - profilesReceiver - profiling diff --git a/charts/k8s-monitoring/templates/features/_feature_private_datasource_connect.tpl b/charts/k8s-monitoring/templates/features/_feature_private_datasource_connect.tpl new file mode 100644 index 0000000000..41a10ae610 --- /dev/null +++ b/charts/k8s-monitoring/templates/features/_feature_private_datasource_connect.tpl @@ -0,0 +1,52 @@ +{{- define "features.privateDatasourceConnect.enabled" }}{{ .Values.privateDatasourceConnect.enabled }}{{- end }} + +{{- define "features.privateDatasourceConnect.collectors" }} +{{- if .Values.privateDatasourceConnect.enabled -}} +- {{ .Values.privateDatasourceConnect.collector }} +{{- end }} +{{- end }} + +{{- define "features.privateDatasourceConnect.include" }} +{{- if .Values.privateDatasourceConnect.enabled -}} +{{- $destinations := include "features.privateDatasourceConnect.destinations" . | fromYamlArray }} +// Feature: Private Datasource Connect (PDC Agent) +{{- include "feature.privateDatasourceConnect.module" (dict "Values" $.Values.privateDatasourceConnect "Files" $.Subcharts.privateDatasourceConnect.Files "Release" $.Release) }} +pdc_agent "feature" { + metrics_destinations = [ + {{ include "destinations.alloy.targets" (dict "destinations" $.Values.destinations "names" $destinations "type" "metrics" "ecosystem" "prometheus") | indent 4 | trim }} + ] +} +{{- end -}} +{{- end -}} + +{{- define "features.privateDatasourceConnect.destinations" }} +{{- if .Values.privateDatasourceConnect.enabled -}} +{{- include "destinations.get" (dict "destinations" $.Values.destinations "type" "metrics" "ecosystem" "prometheus" "filter" $.Values.privateDatasourceConnect.destinations) -}} +{{- end -}} +{{- end -}} + +{{- define "features.privateDatasourceConnect.destinations.isTranslating" }} +{{- $isTranslating := false -}} +{{- $destinations := include "features.privateDatasourceConnect.destinations" . | fromYamlArray -}} +{{ range $destination := $destinations -}} + {{- $destinationEcosystem := include "destination.getEcosystem" (deepCopy $ | merge (dict "destination" $destination)) -}} + {{- if ne $destinationEcosystem "prometheus" -}} + {{- $isTranslating = true -}} + {{- end -}} +{{- end -}} +{{- $isTranslating -}} +{{- end -}} + +{{- define "features.privateDatasourceConnect.collector.values" }}{{- end -}} + +{{- define "features.privateDatasourceConnect.validate" }} +{{- if .Values.privateDatasourceConnect.enabled -}} +{{- $featureName := "Private Datasource Connect" }} +{{- $destinations := include "features.privateDatasourceConnect.destinations" . | fromYamlArray }} +{{- include "destinations.validate_destination_list" (dict "destinations" $destinations "type" "metrics" "ecosystem" "prometheus" "feature" $featureName) }} +{{- range $collector := include "features.privateDatasourceConnect.collectors" . | fromYamlArray }} + {{- include "collectors.require_collector" (dict "Values" $.Values "name" $collector "feature" $featureName) }} +{{- end -}} +{{- include "feature.privateDatasourceConnect.validate" (dict "Values" $.Values.privateDatasourceConnect) }} +{{- end -}} +{{- end -}} diff --git a/charts/k8s-monitoring/values.schema.json b/charts/k8s-monitoring/values.schema.json index f5707a6470..9a6e6a67f6 100644 --- a/charts/k8s-monitoring/values.schema.json +++ b/charts/k8s-monitoring/values.schema.json @@ -266,6 +266,20 @@ } } }, + "privateDatasourceConnect": { + "type": "object", + "properties": { + "collector": { + "type": "string" + }, + "destinations": { + "type": "array" + }, + "enabled": { + "type": "boolean" + } + } + }, "profilesReceiver": { "type": "object", "properties": { diff --git a/charts/k8s-monitoring/values.yaml b/charts/k8s-monitoring/values.yaml index 626978d35c..78ec4af168 100644 --- a/charts/k8s-monitoring/values.yaml +++ b/charts/k8s-monitoring/values.yaml @@ -224,6 +224,28 @@ prometheusOperatorObjects: # To see additional options, please see the [Prometheus Operator Objects feature documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-prometheus-operator-objects). +# -- Private Datasource Connect (PDC) Agent. +# Deploys and configures the PDC Agent for Grafana Cloud observability. +# Requires a destination that supports metrics. +# To see the valid options, please see the [PDC Agent feature documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-pdc-agent). +# @default -- Disabled +# @section -- Features - Private Datasource Connect +privateDatasourceConnect: + # -- Enable the PDC Agent deployment. + # @section -- Features - Private Datasource Connect + enabled: false + + # -- The destinations where PDC Agent metrics will be sent. If empty, all metrics-capable destinations will be used. + # @section -- Features - Private Datasource Connect + destinations: [] + + # -- Which collector to assign this feature to. Do not change this unless you are sure of what you are doing. + # @section -- Features - Private Datasource Connect + # @ignored + collector: alloy-metrics + + # To see additional options, please see the [PDC Agent feature documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-private-datasource-connect). + # -- Profiling enables gathering profiles from applications. # Requires a destination that supports profiles. # To see the valid options, please see the [Profiling feature documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-profiling). From a2ced4d228dc347fd8639b26d70ea2993d164e85 Mon Sep 17 00:00:00 2001 From: Peter Olivo <7140818+peterolivo@users.noreply.github.com> Date: Thu, 11 Sep 2025 01:06:01 -0700 Subject: [PATCH 2/6] fix whitespace --- .../README.md | 20 +++++++++---------- .../README.md.gotmpl | 20 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md index c1f280810a..6719760460 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md @@ -48,23 +48,23 @@ privateDatasourceConnect: privateDatasourceConnect: enabled: true destinations: ["prometheus"] # Custom destination routing - + pdc-agent: # Required PDC connection settings cluster: "prod-us-central-0" hostedGrafanaId: "123456" tokenSecretName: "pdc-token" - + # Optional deployment settings replicaCount: 3 image: repository: grafana/pdc-agent tag: "v1.2.3" pullPolicy: IfNotPresent - + metricsPort: 8090 debug: false - + resources: requests: cpu: 100m @@ -72,23 +72,23 @@ privateDatasourceConnect: limits: cpu: 500m memory: 512Mi - + # Security contexts (using chart defaults) podSecurityContext: runAsUser: 30000 runAsGroup: 30000 fsGroup: 30000 - + securityContext: capabilities: drop: [ALL] runAsNonRoot: true privileged: false allowPrivilegeEscalation: false - + # Additional arguments for the PDC agent extraArgs: [] - + # Feature-specific metric filtering metricsTuning: includeMetrics: @@ -97,14 +97,14 @@ privateDatasourceConnect: - "go_.*" excludeMetrics: - ".*_debug_.*" - + # Custom relabeling rules extraDiscoveryRules: | rule { source_labels = ["__meta_kubernetes_pod_annotation_custom_label"] target_label = "custom_label" } - + extraMetricProcessingRules: | rule { source_labels = ["__name__"] diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl index ba8fcbba67..34d907aee9 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl @@ -50,23 +50,23 @@ privateDatasourceConnect: privateDatasourceConnect: enabled: true destinations: ["prometheus"] # Custom destination routing - + pdc-agent: # Required PDC connection settings cluster: "prod-us-central-0" hostedGrafanaId: "123456" tokenSecretName: "pdc-token" - + # Optional deployment settings replicaCount: 3 image: repository: grafana/pdc-agent tag: "v1.2.3" pullPolicy: IfNotPresent - + metricsPort: 8090 debug: false - + resources: requests: cpu: 100m @@ -74,23 +74,23 @@ privateDatasourceConnect: limits: cpu: 500m memory: 512Mi - + # Security contexts (using chart defaults) podSecurityContext: runAsUser: 30000 runAsGroup: 30000 fsGroup: 30000 - + securityContext: capabilities: drop: [ALL] runAsNonRoot: true privileged: false allowPrivilegeEscalation: false - + # Additional arguments for the PDC agent extraArgs: [] - + # Feature-specific metric filtering metricsTuning: includeMetrics: @@ -99,14 +99,14 @@ privateDatasourceConnect: - "go_.*" excludeMetrics: - ".*_debug_.*" - + # Custom relabeling rules extraDiscoveryRules: | rule { source_labels = ["__meta_kubernetes_pod_annotation_custom_label"] target_label = "custom_label" } - + extraMetricProcessingRules: | rule { source_labels = ["__name__"] From ea9193f38d62b75b7da99771374611d60c230f78 Mon Sep 17 00:00:00 2001 From: Peter Olivo <7140818+peterolivo@users.noreply.github.com> Date: Thu, 11 Sep 2025 09:23:41 -0700 Subject: [PATCH 3/6] fix readme linting --- .../README.md | 30 ++++++++++--------- .../README.md.gotmpl | 30 ++++++++++--------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md index 6719760460..b7cbc540de 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md @@ -13,18 +13,19 @@ The PDC Agent creates secure tunnels to connect external data sources (like data The Private Datasource Connect feature: -- **Deploys the PDC Agent**: Uses the official pdc-agent Helm chart as a dependency -- **Configures Metrics Collection**: Sets up Alloy to discover and scrape PDC Agent metrics -- **Provides Security**: Uses proper security contexts and non-root containers -- **Enables Monitoring**: Routes PDC Agent metrics to your chosen destinations -- **Validates Configuration**: Ensures required PDC connection settings are provided +- **Deploys the PDC Agent**: Uses the official pdc-agent Helm chart as a dependency +- **Configures Metrics Collection**: Sets up Alloy to discover and scrape PDC Agent metrics +- **Provides Security**: Uses proper security contexts and non-root containers +- **Enables Monitoring**: Routes PDC Agent metrics to your chosen destinations +- **Validates Configuration**: Ensures required PDC connection settings are provided ## Required Setup Before enabling this feature, you must: -1. **Create an Access Policy token** in your Grafana Cloud stack with appropriate permissions -2. **Create a Kubernetes secret** with the token (recommended for production): +1. **Create an Access Policy token** in your Grafana Cloud stack with appropriate permissions +2. **Create a Kubernetes secret** with the token (recommended for production): + ```bash kubectl create secret generic pdc-token --from-literal=token=YOUR_ACCESS_POLICY_TOKEN ``` @@ -132,9 +133,9 @@ privateDatasourceConnect: The following settings are required when the feature is enabled: -- `pdc-agent.cluster`: The cluster where your Hosted Grafana stack is running -- `pdc-agent.hostedGrafanaId`: The numeric ID of your Hosted Grafana stack -- Authentication: Either `pdc-agent.tokenSecretName` OR `pdc-agent.insecureTokenValue` +- `pdc-agent.cluster`: The cluster where your Hosted Grafana stack is running +- `pdc-agent.hostedGrafanaId`: The numeric ID of your Hosted Grafana stack +- Authentication: Either `pdc-agent.tokenSecretName` OR `pdc-agent.insecureTokenValue` ### PDC Agent Configuration @@ -143,10 +144,11 @@ All configuration under `pdc-agent.*` is passed directly to the PDC Agent Helm c ### Metrics Collection The feature automatically configures Alloy to: -- Discover PDC Agent pods using Kubernetes service discovery -- Scrape metrics from the `/metrics` endpoint on port 8090 -- Apply custom relabeling rules if specified -- Route metrics to configured destinations + +- Discover PDC Agent pods using Kubernetes service discovery +- Scrape metrics from the `/metrics` endpoint on port 8090 +- Apply custom relabeling rules if specified +- Route metrics to configured destinations ## Testing diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl index 34d907aee9..61b4975fdd 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md.gotmpl @@ -15,18 +15,19 @@ The PDC Agent creates secure tunnels to connect external data sources (like data The Private Datasource Connect feature: -- **Deploys the PDC Agent**: Uses the official pdc-agent Helm chart as a dependency -- **Configures Metrics Collection**: Sets up Alloy to discover and scrape PDC Agent metrics -- **Provides Security**: Uses proper security contexts and non-root containers -- **Enables Monitoring**: Routes PDC Agent metrics to your chosen destinations -- **Validates Configuration**: Ensures required PDC connection settings are provided +- **Deploys the PDC Agent**: Uses the official pdc-agent Helm chart as a dependency +- **Configures Metrics Collection**: Sets up Alloy to discover and scrape PDC Agent metrics +- **Provides Security**: Uses proper security contexts and non-root containers +- **Enables Monitoring**: Routes PDC Agent metrics to your chosen destinations +- **Validates Configuration**: Ensures required PDC connection settings are provided ## Required Setup Before enabling this feature, you must: -1. **Create an Access Policy token** in your Grafana Cloud stack with appropriate permissions -2. **Create a Kubernetes secret** with the token (recommended for production): +1. **Create an Access Policy token** in your Grafana Cloud stack with appropriate permissions +2. **Create a Kubernetes secret** with the token (recommended for production): + ```bash kubectl create secret generic pdc-token --from-literal=token=YOUR_ACCESS_POLICY_TOKEN ``` @@ -134,9 +135,9 @@ privateDatasourceConnect: The following settings are required when the feature is enabled: -- `pdc-agent.cluster`: The cluster where your Hosted Grafana stack is running -- `pdc-agent.hostedGrafanaId`: The numeric ID of your Hosted Grafana stack -- Authentication: Either `pdc-agent.tokenSecretName` OR `pdc-agent.insecureTokenValue` +- `pdc-agent.cluster`: The cluster where your Hosted Grafana stack is running +- `pdc-agent.hostedGrafanaId`: The numeric ID of your Hosted Grafana stack +- Authentication: Either `pdc-agent.tokenSecretName` OR `pdc-agent.insecureTokenValue` ### PDC Agent Configuration @@ -145,10 +146,11 @@ All configuration under `pdc-agent.*` is passed directly to the PDC Agent Helm c ### Metrics Collection The feature automatically configures Alloy to: -- Discover PDC Agent pods using Kubernetes service discovery -- Scrape metrics from the `/metrics` endpoint on port 8090 -- Apply custom relabeling rules if specified -- Route metrics to configured destinations + +- Discover PDC Agent pods using Kubernetes service discovery +- Scrape metrics from the `/metrics` endpoint on port 8090 +- Apply custom relabeling rules if specified +- Route metrics to configured destinations ## Testing From a95c311f00ad9edd1c84f17b14a34ce28c1be98c Mon Sep 17 00:00:00 2001 From: Peter Olivo <7140818+peterolivo@users.noreply.github.com> Date: Thu, 11 Sep 2025 09:45:13 -0700 Subject: [PATCH 4/6] fix yaml linting --- .../values.yaml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml index ff910bf5ae..86c0326cd3 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml @@ -22,29 +22,29 @@ namespace: "" pdc-agent: # -- This will set the replicaset count replicaCount: 3 - + # -- Container image configuration image: repository: grafana/pdc-agent tag: "" pullPolicy: IfNotPresent - + # -- Secrets for pulling an image from a private repository imagePullSecrets: [] - + # -- Override the chart name nameOverride: "" fullnameOverride: "" - + # -- Pod labels podLabels: {} - + # -- Pod security context podSecurityContext: runAsUser: 30000 runAsGroup: 30000 fsGroup: 30000 - + # -- Container security context securityContext: capabilities: @@ -53,39 +53,39 @@ pdc-agent: runAsNonRoot: true privileged: false allowPrivilegeEscalation: false - + # -- Resource limits and requests resources: requests: cpu: 100m memory: 256Mi - + # -- Node selector, tolerations, and affinity nodeSelector: {} tolerations: [] affinity: {} - + # -- The port where metrics are served from the pdc agent metricsPort: 8090 - + # -- Enable debug logging for the agent debug: false - + # PDC Connection Configuration # See https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/configure-pdc/#pdc-connection-steps - + # -- The cluster where your Hosted Grafana stack is running cluster: "" - + # -- The numeric ID of your Hosted Grafana stack hostedGrafanaId: "" - + # -- Secret name containing the Access Policy token (expects key 'token') tokenSecretName: "" - + # -- Insecure token value for testing purposes (not recommended for production) insecureTokenValue: "" - + # -- Extra arguments for the pdc-agent extraArgs: [] From 27f95f6f791eab1e510e65ab3232152a3bcf80f0 Mon Sep 17 00:00:00 2001 From: Peter Olivo <7140818+peterolivo@users.noreply.github.com> Date: Thu, 11 Sep 2025 09:45:41 -0700 Subject: [PATCH 5/6] fix remote chart reference --- .../charts/feature-private-datasource-connect/Chart.lock | 6 +++--- .../charts/feature-private-datasource-connect/Chart.yaml | 2 +- .../charts/feature-private-datasource-connect/README.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock index 3dbf755885..ee1fae5bb7 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: pdc-agent - repository: "" + repository: https://grafana.github.io/helm-charts version: 0.0.1 -digest: sha256:b4d74e65bf1173d5089f8f363cf4d5fabd5d2dd41ef4caae700843c30e2a4cfd -generated: "2025-09-11T00:28:19.924582-07:00" +digest: sha256:3f43086bdec4e95b9c9ad052b6c5b186549cc8a847560479415a2bb00fbf2749 +generated: "2025-09-11T09:40:52.670396-07:00" diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml index 199a71e0a7..1c6c521118 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/Chart.yaml @@ -13,5 +13,5 @@ maintainers: dependencies: - name: pdc-agent version: 0.0.1 - repository: "" + repository: https://grafana.github.io/helm-charts condition: enabled diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md index b7cbc540de..66b37dd450 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/README.md @@ -179,7 +179,7 @@ Be sure perform actual integration testing in a live environment in the main [k8 | Repository | Name | Version | |------------|------|---------| -| | pdc-agent | 0.0.1 | +| https://grafana.github.io/helm-charts | pdc-agent | 0.0.1 | ## Values From 05db674b83246a0e7e79f07fca60bd29fe2fc373 Mon Sep 17 00:00:00 2001 From: Peter Olivo <7140818+peterolivo@users.noreply.github.com> Date: Thu, 11 Sep 2025 09:48:38 -0700 Subject: [PATCH 6/6] fix yaml linting, again --- .../charts/feature-private-datasource-connect/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml index 86c0326cd3..bd4e1b96bb 100644 --- a/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml +++ b/charts/k8s-monitoring/charts/feature-private-datasource-connect/values.yaml @@ -49,7 +49,7 @@ pdc-agent: securityContext: capabilities: drop: - - ALL + - ALL runAsNonRoot: true privileged: false allowPrivilegeEscalation: false