From 9d8c3cd239a74daa77fd3865af6b5f3292932da7 Mon Sep 17 00:00:00 2001 From: jcounts Date: Thu, 17 Oct 2024 19:29:40 -0500 Subject: [PATCH] feat: Added newrelic into hybrid dir --- .../Partner/newrelic/external-secret.yaml | 22 ++++++ .../Addons/Partner/newrelic/namespace.yaml | 9 +++ .../Partner/newrelic/newrelic-source.yaml | 10 +++ .../Addons/Partner/newrelic/newrelic.yaml | 48 +++++++++++++ .../Testers/newrelic/README.md | 47 +++++++++++++ .../Testers/newrelic/test-job-role.yaml | 31 +++++++++ .../Testers/newrelic/test-job.yaml | 67 +++++++++++++++++++ .../Testers/newrelic/test-spec-configmap.yaml | 19 ++++++ 8 files changed, 253 insertions(+) create mode 100644 eks-anywhere-hybrid/Addons/Partner/newrelic/external-secret.yaml create mode 100644 eks-anywhere-hybrid/Addons/Partner/newrelic/namespace.yaml create mode 100644 eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic-source.yaml create mode 100644 eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic.yaml create mode 100644 eks-anywhere-hybrid/Testers/newrelic/README.md create mode 100644 eks-anywhere-hybrid/Testers/newrelic/test-job-role.yaml create mode 100644 eks-anywhere-hybrid/Testers/newrelic/test-job.yaml create mode 100644 eks-anywhere-hybrid/Testers/newrelic/test-spec-configmap.yaml diff --git a/eks-anywhere-hybrid/Addons/Partner/newrelic/external-secret.yaml b/eks-anywhere-hybrid/Addons/Partner/newrelic/external-secret.yaml new file mode 100644 index 00000000..4fddd196 --- /dev/null +++ b/eks-anywhere-hybrid/Addons/Partner/newrelic/external-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: newrelic-external-secret + namespace: newrelic +spec: + refreshInterval: 1m + secretStoreRef: + name: eksa-secret-store #The secret store name we have just created. + kind: ClusterSecretStore + target: + name: newrelic-secret # Secret name in k8s + data: + - secretKey: newrelic-licensekey # which key it's going to be stored + remoteRef: + key: newrelic-licensekey # Our secret-name goes here + - secretKey: newrelic-account + remoteRef: + key: newrelic-account + - secretKey: newrelic-apikey # which key it's going to be stored + remoteRef: + key: newrelic-apikey \ No newline at end of file diff --git a/eks-anywhere-hybrid/Addons/Partner/newrelic/namespace.yaml b/eks-anywhere-hybrid/Addons/Partner/newrelic/namespace.yaml new file mode 100644 index 00000000..82354221 --- /dev/null +++ b/eks-anywhere-hybrid/Addons/Partner/newrelic/namespace.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: newrelic + labels: + aws.conformance.vendor: newrelic + aws.conformance.vendor-solution: nri-bundle + aws.conformance.vendor-solution-version: 5.0.95 + scrape: "true" diff --git a/eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic-source.yaml b/eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic-source.yaml new file mode 100644 index 00000000..323eb9c0 --- /dev/null +++ b/eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic-source.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: newrelic-charts + namespace: flux-system +spec: + interval: 30s + url: https://helm-charts.newrelic.com + diff --git a/eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic.yaml b/eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic.yaml new file mode 100644 index 00000000..bf27653c --- /dev/null +++ b/eks-anywhere-hybrid/Addons/Partner/newrelic/newrelic.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: newrelic + namespace: newrelic +spec: + chart: + spec: + chart: nri-bundle + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: newrelic-charts + namespace: flux-system + version: 5.0.95 + interval: 1m0s + targetNamespace: newrelic + values: + global: + cluster: eks-conformance-testing + lowDataMode: false + newrelic-infrastructure: + controlPlane: + enabled: false + privileged: false + common: + config: + interval: 40s + namespaceSelector: + matchLabels: + scrape: "true" + kube-state-metrics: + image: + tag: v2.6.0 + enabled: true + nri-metadata-injection: + enabled: false + valuesFrom: + - kind: Secret + name: newrelic-secret + valuesKey: newrelic-licensekey + targetPath: global.licenseKey + # - kind: ConfigMap + # name: aws-env-metadata + # namespace: kube-system + # valuesKey: clusterName + # targetPath: global.cluster diff --git a/eks-anywhere-hybrid/Testers/newrelic/README.md b/eks-anywhere-hybrid/Testers/newrelic/README.md new file mode 100644 index 00000000..58bc7564 --- /dev/null +++ b/eks-anywhere-hybrid/Testers/newrelic/README.md @@ -0,0 +1,47 @@ +## Development Setup for the TestJob + +* Set Environment variables, replacing NR license keys, API Keys and Account as appropriate + +`` +export newrelic_licensekey=YOUR_LICENSE_KEY +export newrelic_account=YOUR_ACCOUNT +export newrelic_apikey=YOUR_APIKEY + +`` + +* Install NR K8 instrumentation + +``` +function ver { printf "%03d%03d" $(echo "$1" | tr '.' ' '); } && \ +K8S_VERSION=$(kubectl version --short 2>&1 | grep 'Server Version' | awk -F' v' '{ print $2; }' | awk -F. '{ print $1"."$2; }') && \ +if [[ $(ver $K8S_VERSION) -lt $(ver "1.25") ]]; then KSM_IMAGE_VERSION="v2.6.0"; else KSM_IMAGE_VERSION="v2.7.0"; fi && \ +helm repo add newrelic https://helm-charts.newrelic.com && helm repo update && \ +kubectl create namespace newrelic ; helm upgrade --install newrelic-bundle newrelic/nri-bundle \ + --set global.licenseKey=$newrelic_licensekey \ + --set global.cluster=development \ + --namespace=newrelic \ + --set newrelic-infrastructure.privileged=false \ + --set global.lowDataMode=true \ + --set kube-state-metrics.image.tag=${KSM_IMAGE_VERSION} \ + --set kube-state-metrics.enabled=true \ + --set kubeEvents.enabled=true +``` + +* Create Secret + +``` +kubectl create secret generic newrelic-secret -n newrelic \ + --from-literal=newrelic-licensekey=$newrelic_licensekey \ + --from-literal=newrelic-account=$newrelic_account \ + --from-literal=newrelic-apikey=$newrelic_apikey +``` + +* Modify Cron job time + +Make changes in spec.schedule in eks-cloud/Testers/newrelic/test-job.yaml reflect the time when you want the cron job to run in your development environment + +* Install K8 manifest files + +``` +kubectl apply -f eks-cloud/Testers/newrelic/ +``` \ No newline at end of file diff --git a/eks-anywhere-hybrid/Testers/newrelic/test-job-role.yaml b/eks-anywhere-hybrid/Testers/newrelic/test-job-role.yaml new file mode 100644 index 00000000..af97ea9c --- /dev/null +++ b/eks-anywhere-hybrid/Testers/newrelic/test-job-role.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: newrelic-testjob-service-account + namespace: newrelic +automountServiceAccountToken: true +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: newrelic-testjob-role + namespace: newrelic +rules: +- apiGroups: ["*"] + resources: ["pods","secret"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: newrelic-testjob-clusterrole-binding + namespace: newrelic +subjects: +- kind: ServiceAccount + name: newrelic-testjob-service-account + namespace: newrelic +roleRef: + kind: ClusterRole + name: newrelic-testjob-role + apiGroup: rbac.authorization.k8s.io diff --git a/eks-anywhere-hybrid/Testers/newrelic/test-job.yaml b/eks-anywhere-hybrid/Testers/newrelic/test-job.yaml new file mode 100644 index 00000000..24d615ff --- /dev/null +++ b/eks-anywhere-hybrid/Testers/newrelic/test-job.yaml @@ -0,0 +1,67 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: newrelic-testjob + namespace: newrelic +spec: + schedule: "10 10 * * *" + # Running the cron at the 10 minute of 10th hour everyday + jobTemplate: + spec: + activeDeadlineSeconds: 900 + # timeout after 15 minutes + template: + spec: + # serviceAccount: newrelic-testjob-service-account + # initContainers: + # - name: kubectl + # image: bitnami/kubectl + # command: ['sh', '-c', "while [[$(kubectl get pods -l app.kubernetes.io/name=nri-metadata-injection -o 'jsonpath={..status.conditions[?(@.type==\"Running\")].status}') != \"True\" ]]; do echo \"waiting to init\"; sleep 10; done"] + containers: + - name: test-container + image: golang:latest + command: [ "bash", "-c", "--"] + args: + - >- + sleep 300; + export NR_LICENSE_KEY=$(cat /tmp/newrelic-licensekey/newrelic-licensekey); + export NR_ACCOUNT=$(cat /tmp/newrelic-account/newrelic-account); + export NR_API_KEY=$(cat /tmp/newrelic-apikey/newrelic-apikey); + git clone https://github.com/newrelic/newrelic-integration-e2e-action.git; + cd newrelic-integration-e2e-action; + go run main.go -account_id=$NR_ACCOUNT -agent_enabled=false -api_key=$NR_API_KEY -license_key=$NR_LICENSE_KEY -region="US" -spec_path=/tmp/configmaps/test-spec.yml -scenario_tag=$HOSTNAME --retry_attempts=1 --retry_seconds=5 -verbose_mode=true; + volumeMounts: + - name: newrelic-licensekey + mountPath: "/tmp/newrelic-licensekey" + readOnly: true + - name: newrelic-account + mountPath: "/tmp/newrelic-account" + readOnly: true + - name: newrelic-apikey + mountPath: "/tmp/newrelic-apikey" + readOnly: true + - name: test-spec-volume + mountPath: /tmp/configmaps + restartPolicy: Never + volumes: + - name: newrelic-licensekey + secret: + secretName: newrelic-secret + items: + - key: newrelic-licensekey + path: newrelic-licensekey + - name: newrelic-account + secret: + secretName: newrelic-secret + items: + - key: newrelic-account + path: newrelic-account + - name: newrelic-apikey + secret: + secretName: newrelic-secret + items: + - key: newrelic-apikey + path: newrelic-apikey + - name: test-spec-volume + configMap: + name: test-spec \ No newline at end of file diff --git a/eks-anywhere-hybrid/Testers/newrelic/test-spec-configmap.yaml b/eks-anywhere-hybrid/Testers/newrelic/test-spec-configmap.yaml new file mode 100644 index 00000000..5a599caf --- /dev/null +++ b/eks-anywhere-hybrid/Testers/newrelic/test-spec-configmap.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-spec + namespace: newrelic +data: + test-spec.yml: |- + description: | + End-to-end tests for k8s integration + custom_test_key: k8s.podName + scenarios: + - description: | + This scenario will verify that metrics from a k8s Cluster are correctly collected without privileges + tests: + nrqls: + - query: "SELECT latest(k8s.pod.startTime) FROM Metric SINCE 5 MINUTES AGO" + entities: [] + \ No newline at end of file