From 0310353f99273e6f14e7bcc7ba9739333dc3c28a Mon Sep 17 00:00:00 2001 From: Robert Brennan Date: Wed, 8 Nov 2023 11:42:40 -0600 Subject: [PATCH] [stable/fairwinds-insights] refactor cronjob logic (#1338) * first pass * add rest of cjs * last cj * remove interval * move slack job * tweakds * remove old * better sec context * minimal diff * set default resources * fix defaults * fix up docs * bump version * remove blank --- stable/fairwinds-insights/CHANGELOG.md | 3 + stable/fairwinds-insights/Chart.yaml | 2 +- stable/fairwinds-insights/README.md | 65 +--- .../templates/action-items-statistics.yaml | 41 --- .../action_items_filters_refresher.yaml | 39 --- .../templates/benchmark-cronjob.yaml | 38 --- .../templates/close-tickets.yaml | 49 --- .../{costs-update.yaml => cronjobs.yaml} | 36 +-- .../templates/database-cleanup.yaml | 41 --- .../templates/email-cronjob.yaml | 41 --- .../templates/hubspot-cronjob.yaml | 41 --- .../templates/integration-cronjob.yaml | 41 --- .../templates/resources-recommendations.yaml | 41 --- .../templates/saml-cronjob.yaml | 39 --- .../slack-channels-local-refresher.yaml | 41 --- stable/fairwinds-insights/values.yaml | 306 +++++++----------- 16 files changed, 145 insertions(+), 719 deletions(-) delete mode 100644 stable/fairwinds-insights/templates/action-items-statistics.yaml delete mode 100644 stable/fairwinds-insights/templates/action_items_filters_refresher.yaml delete mode 100644 stable/fairwinds-insights/templates/benchmark-cronjob.yaml delete mode 100644 stable/fairwinds-insights/templates/close-tickets.yaml rename stable/fairwinds-insights/templates/{costs-update.yaml => cronjobs.yaml} (55%) delete mode 100644 stable/fairwinds-insights/templates/database-cleanup.yaml delete mode 100644 stable/fairwinds-insights/templates/email-cronjob.yaml delete mode 100644 stable/fairwinds-insights/templates/hubspot-cronjob.yaml delete mode 100644 stable/fairwinds-insights/templates/integration-cronjob.yaml delete mode 100644 stable/fairwinds-insights/templates/resources-recommendations.yaml delete mode 100644 stable/fairwinds-insights/templates/saml-cronjob.yaml delete mode 100644 stable/fairwinds-insights/templates/slack-channels-local-refresher.yaml diff --git a/stable/fairwinds-insights/CHANGELOG.md b/stable/fairwinds-insights/CHANGELOG.md index 7f3839492..3f4397bc8 100644 --- a/stable/fairwinds-insights/CHANGELOG.md +++ b/stable/fairwinds-insights/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.0.0 +* Refactor logic for creating and modifying CronJobs + ## 0.21.8 * Allow additional chars in the URL prefix diff --git a/stable/fairwinds-insights/Chart.yaml b/stable/fairwinds-insights/Chart.yaml index d7dab190a..9fe077559 100644 --- a/stable/fairwinds-insights/Chart.yaml +++ b/stable/fairwinds-insights/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "14.7" description: A Helm chart to run the Fairwinds Insights server name: fairwinds-insights -version: 0.21.8 +version: 1.0.0 kubeVersion: ">= 1.22.0-0" maintainers: - name: rbren diff --git a/stable/fairwinds-insights/README.md b/stable/fairwinds-insights/README.md index 2740a6b3e..91030f661 100644 --- a/stable/fairwinds-insights/README.md +++ b/stable/fairwinds-insights/README.md @@ -37,16 +37,21 @@ See [insights.docs.fairwinds.com](https://insights.docs.fairwinds.com/technical- | options.overprovisioning.enabled | bool | `false` | | | options.overprovisioning.cpu | string | `"1000m"` | | | options.overprovisioning.memory | string | `"1Gi"` | | -| hubspotCronjob.resources.limits.cpu | string | `"500m"` | | -| hubspotCronjob.resources.limits.memory | string | `"1024Mi"` | | -| hubspotCronjob.resources.requests.cpu | string | `"80m"` | | -| hubspotCronjob.resources.requests.memory | string | `"128Mi"` | | -| hubspotCronjob.schedules | list | `[]` | | -| benchmarkCronjob.resources.limits.cpu | string | `"500m"` | | -| benchmarkCronjob.resources.limits.memory | string | `"1024Mi"` | | -| benchmarkCronjob.resources.requests.cpu | string | `"80m"` | | -| benchmarkCronjob.resources.requests.memory | string | `"128Mi"` | | -| benchmarkCronjob.schedules | list | `[]` | | +| cronjobOptions.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10324}` | Default security context for cronjobs | +| cronjobOptions.resources | object | `{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}}` | Default resources for cronjobs | +| cronjobs.action-item-filters-refresh | object | `{"command":"action_items_filters_refresher","schedule":"0/15 * * * *"}` | Options for the action-items filters refresher job. | +| cronjobs.action-items-statistics | object | `{"command":"action_items_statistics","schedule":"15 * * * *"}` | Options for the action item stats job | +| cronjobs.alerts-realtime | object | `{"command":"notifications_digest","interval":"10m","schedule":"5/10 * * * *"}` | Options for the realtime alerts job | +| cronjobs.benchmark | object | `{"command":"benchmark","schedule":""}` | Options for the benchmark job | +| cronjobs.close-tickets | object | `{"command":"close_tickets","includeGitHubSecret":true,"resources":{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"2Gi"}},"schedule":"0/15 * * * *"}` | Options for the close tickets job. | +| cronjobs.costs-update | object | `{"command":"cloud_costs_update","includeGitHubSecret":true,"resources":{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"2Gi"}},"schedule":"15 */3 * * *"}` | Options for the cloud costs update job | +| cronjobs.database-cleanup | object | `{"command":"database_cleanup","schedule":"0 0 * * *"}` | Options for the database cleanup job. | +| cronjobs.email | object | `{"command":"email_digest","schedule":""}` | Options for the email digest job. | +| cronjobs.hubspot | object | `{"command":"hubspot_sync","schedule":""}` | Options for the hubspot job. | +| cronjobs.notifications-digest | object | `{"command":"notifications_digest","interval":"24h","schedule":"0 16 * * *"}` | Options for digest notifications job | +| cronjobs.resources-recommendations | object | `{"command":"resources_recommendations","resources":{"limits":{"cpu":1,"memory":"3Gi"},"requests":{"cpu":1,"memory":"3Gi"}},"schedule":"0 2 * * *"}` | Options for the resources recommendations job | +| cronjobs.saml | object | `{"command":"refresh_saml_metadata","schedule":"0 * * * *"}` | Options for the SAML sync job | +| cronjobs.slack-channels | object | `{"command":"slack_channels_local_refresher","schedule":"0/15 * * * *"}` | Options for the slack channels job. | | selfHostedSecret | string | `nil` | | | additionalEnvironmentVariables | object | `{}` | Additional Environment Variables to set on the Fairwinds Insights pods. | | rbac.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | @@ -87,42 +92,6 @@ See [insights.docs.fairwinds.com](https://insights.docs.fairwinds.com/technical- | openApi.service.type | string | `nil` | Service type for Open API server | | dbMigration.resources | object | `{"limits":{"cpu":1,"memory":"1024Mi"},"requests":{"cpu":"80m","memory":"128Mi"}}` | Resources for the database migration job. | | dbMigration.securityContext.runAsUser | int | `10324` | The user ID to run the database migration job under. | -| samlCronjob.resources | object | `{"limits":{"cpu":"500m","memory":"1024Mi"},"requests":{"cpu":"80m","memory":"128Mi"}}` | Resources for the SAML sync job. | -| samlCronjob.schedules | list | `[{"cron":"0 * * * *","interval":"60m","name":"hourly"}]` | CRON schedules for the SAML sync job | -| alertsCronjob.resources | object | `{"limits":{"cpu":"500m","memory":"1024Mi"},"requests":{"cpu":"80m","memory":"128Mi"}}` | Resources for the Slack/Datadog integrations | -| alertsCronjob.schedules | list | `[{"cron":"5/10 * * * *","interval":"10m","name":"realtime"},{"cron":"0 16 * * *","interval":"24h","name":"digest"}]` | CRON schedules for the Slack/Datadog integrations | -| alertsCronjob.securityContext.runAsUser | int | `10324` | The user ID to run the alerts job under. | -| emailCronjob.resources | object | `{"limits":{"cpu":"500m","memory":"1024Mi"},"requests":{"cpu":"80m","memory":"128Mi"}}` | Resources for the Action Items email job. | -| emailCronjob.schedules | list | `[]` | CRON schedules for the Action Items email job. | -| emailCronjob.securityContext.runAsUser | int | `10324` | The user ID to run the email job under. | -| databaseCleanupCronjob.enabled | bool | `true` | Enable database cleanup true by default | -| databaseCleanupCronjob.resources | object | `{"limits":{"cpu":"500m","memory":"1024Mi"},"requests":{"cpu":"80m","memory":"128Mi"}}` | Resources for the database cleanup job. | -| databaseCleanupCronjob.schedules | list | `[{"cron":"0 0 * * *","interval":"24h","name":"database-cleanup"}]` | CRON schedules for the database cleanup job. | -| databaseCleanupCronjob.securityContext.runAsUser | int | `10324` | The user ID to run the database cleanup job under. | -| actionItemsStatisticsCronjob.enabled | bool | `true` | | -| actionItemsStatisticsCronjob.resources.limits.cpu | string | `"500m"` | | -| actionItemsStatisticsCronjob.resources.limits.memory | string | `"1024Mi"` | | -| actionItemsStatisticsCronjob.resources.requests.cpu | string | `"80m"` | | -| actionItemsStatisticsCronjob.resources.requests.memory | string | `"128Mi"` | | -| actionItemsStatisticsCronjob.schedules[0].name | string | `"action-items-statistics"` | | -| actionItemsStatisticsCronjob.schedules[0].interval | string | `"60m"` | | -| actionItemsStatisticsCronjob.schedules[0].cron | string | `"15 * * * *"` | | -| actionItemsStatisticsCronjob.securityContext.runAsUser | int | `10324` | | -| resourcesRecommendationsCronjob.enabled | bool | `true` | Enable resources recommendations true by default | -| resourcesRecommendationsCronjob.resources | object | `{"limits":{"cpu":1,"memory":"3Gi"},"requests":{"cpu":1,"memory":"3Gi"}}` | Resources for the resources recommendations job. | -| resourcesRecommendationsCronjob.schedules | list | `[{"cron":"0 2 * * *","interval":"24h","name":"resources-recommendations"}]` | CRON schedules for the resources recommendations job. | -| resourcesRecommendationsCronjob.securityContext.runAsUser | int | `10324` | The user ID to run the resources recommendations job under. | -| closeTicketsCronjob.enabled | bool | `true` | Close tickets enabled by default | -| closeTicketsCronjob.resources | object | `{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"1.5Gi"}}` | Resources for the close tickets job. | -| closeTicketsCronjob.schedules | list | `[{"cron":"0/15 * * * *","name":"close-tickets"}]` | CRON schedules for the close tickets job. | -| closeTicketsCronjob.securityContext.runAsUser | int | `10324` | The user ID to run the close tickets job under. | -| cloudCostsUpdateCronjob.enabled | bool | `true` | Cloud costs update enabled by default | -| cloudCostsUpdateCronjob.resources | object | `{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"2Gi"}}` | Resources for the cloud costs update job. | -| cloudCostsUpdateCronjob.schedules | list | `[{"cron":"15 */3 * * *","name":"costs-update"}]` | CRON schedules for the cloud costs update job | -| cloudCostsUpdateCronjob.securityContext.runAsUser | int | `10324` | The user ID to run the cloud costs update job under. | -| actionItemsFiltersRefresherCronJob.resources | object | `{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}}` | Resources for the action-items filters refresher job. | -| actionItemsFiltersRefresherCronJob.schedules | list | `[{"cron":"0/15 * * * *","name":"every-15-min"}]` | CRON schedules for the action-items filters refresher job. | -| actionItemsFiltersRefresherCronJob.securityContext.runAsUser | int | `10324` | The user ID to run the action-items filters refresher job under. | | service.port | int | `80` | Port to be used for the API and Dashboard services. | | service.type | string | `"ClusterIP"` | Service type for the API and Dashboard services | | service.annotations | string | `nil` | Annotations for the services | @@ -256,7 +225,3 @@ See [insights.docs.fairwinds.com](https://insights.docs.fairwinds.com/technical- | repoScanJob.resources.requests.memory | string | `"128Mi"` | | | repoScanJob.nodeSelector | object | `{}` | | | repoScanJob.tolerations | list | `[]` | | -| slackChannelsLocalRefresherCronjob.enabled | bool | `true` | | -| slackChannelsLocalRefresherCronjob.resources | object | `{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"150m","memory":"256Mi"}}` | Resources for the slack channels local refresher cron-job. | -| slackChannelsLocalRefresherCronjob.schedules | list | `[{"cron":"0/15 * * * *","name":"default-schedule"}]` | CRON schedules for the slack channels local refresher cron-job. | -| slackChannelsLocalRefresherCronjob.securityContext.runAsUser | int | `10324` | | diff --git a/stable/fairwinds-insights/templates/action-items-statistics.yaml b/stable/fairwinds-insights/templates/action-items-statistics.yaml deleted file mode 100644 index e6da49d3e..000000000 --- a/stable/fairwinds-insights/templates/action-items-statistics.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.actionItemsStatisticsCronjob .Values.actionItemsStatisticsCronjob.enabled }} -{{ range .Values.actionItemsStatisticsCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: action-items-statistics-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["action_items_statistics"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.actionItemsStatisticsCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: {{ $.Values.actionItemsStatisticsCronjob.securityContext.runAsUser }} - capabilities: - drop: - - ALL -{{ end }} -{{- end }} diff --git a/stable/fairwinds-insights/templates/action_items_filters_refresher.yaml b/stable/fairwinds-insights/templates/action_items_filters_refresher.yaml deleted file mode 100644 index ad31334f9..000000000 --- a/stable/fairwinds-insights/templates/action_items_filters_refresher.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range .Values.actionItemsFiltersRefresherCronJob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: action-items-filters-refresher-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["action_items_filters_refresher"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.actionItemsFiltersRefresherCronJob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: 10324 - capabilities: - drop: - - ALL -{{- end }} diff --git a/stable/fairwinds-insights/templates/benchmark-cronjob.yaml b/stable/fairwinds-insights/templates/benchmark-cronjob.yaml deleted file mode 100644 index 5635a8ea4..000000000 --- a/stable/fairwinds-insights/templates/benchmark-cronjob.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ range .Values.benchmarkCronjob.schedules }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: benchmark-cronjob-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with index $.Values "image" "pullSecret" }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ index $.Values "cronjobImage" "repository" }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["benchmark"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.benchmarkCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: 10324 - capabilities: - drop: - - ALL -{{ end }} diff --git a/stable/fairwinds-insights/templates/close-tickets.yaml b/stable/fairwinds-insights/templates/close-tickets.yaml deleted file mode 100644 index 69d85da47..000000000 --- a/stable/fairwinds-insights/templates/close-tickets.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.closeTicketsCronjob.enabled }} -{{ range .Values.closeTicketsCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: close-tickets-cronjob -spec: - concurrencyPolicy: Forbid - schedule: "{{ .cron }}" - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["close_tickets"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.closeTicketsCronjob.resources | nindent 16 }} - volumeMounts: - - name: secrets - mountPath: /var/run/secrets/github - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: 10324 - capabilities: - drop: - - ALL - volumes: - - name: secrets - secret: - secretName: github-secrets - optional: true -{{ end }} -{{- end }} diff --git a/stable/fairwinds-insights/templates/costs-update.yaml b/stable/fairwinds-insights/templates/cronjobs.yaml similarity index 55% rename from stable/fairwinds-insights/templates/costs-update.yaml rename to stable/fairwinds-insights/templates/cronjobs.yaml index 9bf817b24..6106a108f 100644 --- a/stable/fairwinds-insights/templates/costs-update.yaml +++ b/stable/fairwinds-insights/templates/cronjobs.yaml @@ -1,16 +1,15 @@ -{{- if .Values.cloudCostsUpdateCronjob.enabled }} -{{ range .Values.cloudCostsUpdateCronjob.schedules }} ---- +{{ range $name, $options := .Values.cronjobs }} +{{ if $options.schedule }} apiVersion: batch/v1 kind: CronJob metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} + name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ $name }} labels: {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: costs-update-cronjob + app.kubernetes.io/component: cronjob-{{ $name }} spec: + schedule: "{{ $options.schedule }}" concurrencyPolicy: Forbid - schedule: "{{ .cron }}" jobTemplate: spec: template: @@ -21,29 +20,30 @@ spec: - name: {{ . }} {{- end }} containers: - - name: fairwinds-insights + - name: {{ $name }} image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["cloud_costs_update"] + command: ["{{ $options.command }}"] + args: + {{- with $options.interval }} + - --interval={{ . }} + {{- end }} {{- include "env" $ | indent 14 }} imagePullPolicy: Always resources: - {{- toYaml $.Values.cloudCostsUpdateCronjob.resources | nindent 16 }} + {{- toYaml (default $.Values.cronjobOptions.resources $options.resources) | nindent 16 }} + {{- if $options.includeGitHubSecret }} volumeMounts: - name: secrets mountPath: /var/run/secrets/github + {{- end }} securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: {{ $.Values.cloudCostsUpdateCronjob.securityContext.runAsUser }} - capabilities: - drop: - - ALL + {{- toYaml (default $.Values.cronjobOptions.securityContext $options.securityContext) | nindent 16 }} + {{- if $options.includeGitHubSecret }} volumes: - name: secrets secret: secretName: github-secrets optional: true + {{- end }} +{{ end }} {{ end }} -{{- end }} diff --git a/stable/fairwinds-insights/templates/database-cleanup.yaml b/stable/fairwinds-insights/templates/database-cleanup.yaml deleted file mode 100644 index e7a295fba..000000000 --- a/stable/fairwinds-insights/templates/database-cleanup.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.databaseCleanupCronjob.enabled }} -{{ range .Values.databaseCleanupCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: database-cleanup-cronjob -spec: - concurrencyPolicy: Forbid - schedule: "{{ .cron }}" - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["database_cleanup"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.databaseCleanupCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: {{ $.Values.databaseCleanupCronjob.securityContext.runAsUser }} - capabilities: - drop: - - ALL -{{ end }} -{{- end }} diff --git a/stable/fairwinds-insights/templates/email-cronjob.yaml b/stable/fairwinds-insights/templates/email-cronjob.yaml deleted file mode 100644 index d203ab13a..000000000 --- a/stable/fairwinds-insights/templates/email-cronjob.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ range .Values.emailCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: email-cronjob-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["email_digest"] - args: - - --interval={{ .interval }} - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.emailCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: {{ $.Values.emailCronjob.securityContext.runAsUser }} - capabilities: - drop: - - ALL -{{ end }} diff --git a/stable/fairwinds-insights/templates/hubspot-cronjob.yaml b/stable/fairwinds-insights/templates/hubspot-cronjob.yaml deleted file mode 100644 index c21284d83..000000000 --- a/stable/fairwinds-insights/templates/hubspot-cronjob.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if not (index .Values "options" "insightsSAASHost") }} -{{ range .Values.hubspotCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: hubspot-cronjob-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with index $.Values "image" "pullSecret" }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ index $.Values "cronjobImage" "repository" }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["hubspot_sync"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.hubspotCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: 10324 - capabilities: - drop: - - ALL - {{ end }} - {{- end }} diff --git a/stable/fairwinds-insights/templates/integration-cronjob.yaml b/stable/fairwinds-insights/templates/integration-cronjob.yaml deleted file mode 100644 index 99a920c52..000000000 --- a/stable/fairwinds-insights/templates/integration-cronjob.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ range .Values.alertsCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: alerts-cronjob-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["notifications_digest"] - args: - - --interval={{ .interval }} - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.alertsCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: {{ $.Values.alertsCronjob.securityContext.runAsUser }} - capabilities: - drop: - - ALL -{{ end }} diff --git a/stable/fairwinds-insights/templates/resources-recommendations.yaml b/stable/fairwinds-insights/templates/resources-recommendations.yaml deleted file mode 100644 index eacb14dc0..000000000 --- a/stable/fairwinds-insights/templates/resources-recommendations.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.resourcesRecommendationsCronjob.enabled }} -{{ range .Values.resourcesRecommendationsCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: recommendations-cronjob -spec: - concurrencyPolicy: Forbid - schedule: "{{ .cron }}" - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["resources_recommendations"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.resourcesRecommendationsCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: {{ $.Values.resourcesRecommendationsCronjob.securityContext.runAsUser }} - capabilities: - drop: - - ALL -{{ end }} -{{- end }} diff --git a/stable/fairwinds-insights/templates/saml-cronjob.yaml b/stable/fairwinds-insights/templates/saml-cronjob.yaml deleted file mode 100644 index 1e5ffbad7..000000000 --- a/stable/fairwinds-insights/templates/saml-cronjob.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{ range .Values.samlCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-saml-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: saml-cronjob-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["refresh_saml_metadata"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.samlCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: 10324 - capabilities: - drop: - - ALL - {{ end }} diff --git a/stable/fairwinds-insights/templates/slack-channels-local-refresher.yaml b/stable/fairwinds-insights/templates/slack-channels-local-refresher.yaml deleted file mode 100644 index 6d222f598..000000000 --- a/stable/fairwinds-insights/templates/slack-channels-local-refresher.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.slackChannelsLocalRefresherCronjob .Values.slackChannelsLocalRefresherCronjob.enabled }} -{{ range .Values.slackChannelsLocalRefresherCronjob.schedules }} ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "fairwinds-insights.fullname" $ }}-cronjob-{{ .name }} - labels: - {{- include "fairwinds-insights.labels" $ | nindent 4 }} - app.kubernetes.io/component: slack-channels-local-refresher-{{ .name }} -spec: - schedule: "{{ .cron }}" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - {{- with $.Values.image.pullSecret }} - imagePullSecrets: - - name: {{ . }} - {{- end }} - containers: - - name: fairwinds-insights - image: "{{ $.Values.cronjobImage.repository }}:{{ include "fairwinds-insights.cronjobImageTag" $ }}" - command: ["slack_channels_local_refresher"] - {{- include "env" $ | indent 14 }} - imagePullPolicy: Always - resources: - {{- toYaml $.Values.slackChannelsLocalRefresherCronjob.resources | nindent 16 }} - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - privileged: false - runAsNonRoot: true - runAsUser: {{ $.Values.slackChannelsLocalRefresherCronjob.securityContext.runAsUser }} - capabilities: - drop: - - ALL -{{ end }} -{{- end }} \ No newline at end of file diff --git a/stable/fairwinds-insights/values.yaml b/stable/fairwinds-insights/values.yaml index 44d3f1963..8651d2fff 100644 --- a/stable/fairwinds-insights/values.yaml +++ b/stable/fairwinds-insights/values.yaml @@ -72,28 +72,119 @@ options: cpu: 1000m memory: 1Gi -hubspotCronjob: - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 80m - memory: 128Mi - schedules: [] -benchmarkCronjob: +cronjobOptions: + # -- Default security context for cronjobs + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 10324 + capabilities: + drop: + - ALL + # -- Default resources for cronjobs resources: - limits: - cpu: 500m - memory: 1024Mi requests: - cpu: 80m - memory: 128Mi - schedules: [] + cpu: 250m + memory: 512Mi + limits: + cpu: 250m + memory: 512Mi -selfHostedSecret: +cronjobs: + # -- Options for the action-items filters refresher job. + action-item-filters-refresh: + command: 'action_items_filters_refresher' + schedule: "0/15 * * * *" + + # -- Options for the action item stats job + action-items-statistics: + command: action_items_statistics + schedule: "15 * * * *" + + # -- Options for the realtime alerts job + alerts-realtime: + command: 'notifications_digest' + interval: 10m + schedule: "5/10 * * * *" + + # -- Options for the benchmark job + benchmark: + command: benchmark + schedule: '' + + # -- Options for the close tickets job. + close-tickets: + command: close_tickets + includeGitHubSecret: true + schedule: "0/15 * * * *" + resources: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 500m + memory: 2Gi + + # -- Options for the cloud costs update job + costs-update: + command: cloud_costs_update + includeGitHubSecret: true + schedule: "15 */3 * * *" + resources: + requests: + cpu: 500m + memory: 2Gi + limits: + cpu: 500m + memory: 2Gi + + # -- Options for the database cleanup job. + database-cleanup: + command: database_cleanup + schedule: "0 0 * * *" + + # -- Options for the email digest job. + email: + command: email_digest + schedule: '' + + # -- Options for the hubspot job. + hubspot: + command: 'hubspot_sync' + schedule: '' + + # -- Options for digest notifications job + notifications-digest: + command: 'notifications_digest' + schedule: "0 16 * * *" + interval: 24h + + # -- Options for the resources recommendations job + resources-recommendations: + command: resources_recommendations + schedule: "0 2 * * *" + resources: + requests: + cpu: 1 + memory: 3Gi + limits: + cpu: 1 + memory: 3Gi + # -- Options for the SAML sync job + saml: + command: refresh_saml_metadata + schedule: "0 * * * *" + + # -- Options for the slack channels job. + slack-channels: + command: slack_channels_local_refresher + schedule: "0/15 * * * *" + +selfHostedSecret: # -- Additional Environment Variables to set on the Fairwinds Insights pods. additionalEnvironmentVariables: {} @@ -258,170 +349,6 @@ dbMigration: # -- The user ID to run the database migration job under. runAsUser: 10324 -samlCronjob: - # -- Resources for the SAML sync job. - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 80m - memory: 128Mi - # -- CRON schedules for the SAML sync job - schedules: - - name: hourly - interval: 60m - cron: "0 * * * *" - -alertsCronjob: - # -- Resources for the Slack/Datadog integrations - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 80m - memory: 128Mi - # -- CRON schedules for the Slack/Datadog integrations - schedules: - - name: realtime - interval: 10m - # On the 5 minutes but the realtime job strips down to the nearest 10 minute - # This way there can be slight variation in when the job runs without duplicate or missed entries - cron: "5/10 * * * *" - - name: digest - interval: 24h - cron: "0 16 * * *" - securityContext: - # -- The user ID to run the alerts job under. - runAsUser: 10324 - -emailCronjob: - # -- Resources for the Action Items email job. - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 80m - memory: 128Mi - # -- CRON schedules for the Action Items email job. - schedules: [] - securityContext: - # -- The user ID to run the email job under. - runAsUser: 10324 - -databaseCleanupCronjob: - # -- Enable database cleanup true by default - enabled: true - # -- Resources for the database cleanup job. - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 80m - memory: 128Mi - # -- CRON schedules for the database cleanup job. - schedules: - - name: database-cleanup - interval: 24h - cron: "0 0 * * *" - securityContext: - # -- The user ID to run the database cleanup job under. - runAsUser: 10324 - -actionItemsStatisticsCronjob: - enabled: true - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 80m - memory: 128Mi - schedules: - - name: action-items-statistics - interval: 60m - cron: "15 * * * *" - securityContext: - runAsUser: 10324 - -resourcesRecommendationsCronjob: - # -- Enable resources recommendations true by default - enabled: true - # -- Resources for the resources recommendations job. - resources: - limits: - cpu: 1 - memory: 3Gi - requests: - cpu: 1 - memory: 3Gi - # -- CRON schedules for the resources recommendations job. - schedules: - - name: resources-recommendations - interval: 24h - cron: "0 2 * * *" - securityContext: - # -- The user ID to run the resources recommendations job under. - runAsUser: 10324 - -closeTicketsCronjob: - # -- Close tickets enabled by default - enabled: true - # -- Resources for the close tickets job. - resources: - limits: - cpu: 500m - memory: 2Gi - requests: - cpu: 500m - memory: 1.5Gi - # -- CRON schedules for the close tickets job. - schedules: - - name: close-tickets - cron: "0/15 * * * *" - securityContext: - # -- The user ID to run the close tickets job under. - runAsUser: 10324 - -cloudCostsUpdateCronjob: - # -- Cloud costs update enabled by default - enabled: true - # -- Resources for the cloud costs update job. - resources: - limits: - cpu: 500m - memory: 2Gi - requests: - cpu: 500m - memory: 2Gi - # -- CRON schedules for the cloud costs update job - schedules: - - name: costs-update - cron: "15 */3 * * *" - securityContext: - # -- The user ID to run the cloud costs update job under. - runAsUser: 10324 - -actionItemsFiltersRefresherCronJob: - # -- Resources for the action-items filters refresher job. - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 250m - memory: 512Mi - # -- CRON schedules for the action-items filters refresher job. - schedules: - - name: every-15-min - cron: "0/15 * * * *" - securityContext: - # -- The user ID to run the action-items filters refresher job under. - runAsUser: 10324 - service: # -- Port to be used for the API and Dashboard services. port: 80 @@ -710,20 +637,3 @@ repoScanJob: memory: 128Mi nodeSelector: {} tolerations: [] - -slackChannelsLocalRefresherCronjob: - enabled: true - # -- Resources for the slack channels local refresher cron-job. - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 150m - memory: 256Mi - # -- CRON schedules for the slack channels local refresher cron-job. - schedules: - - name: default-schedule - cron: "0/15 * * * *" - securityContext: - runAsUser: 10324