Grafana Beyla helm chart

Signed-off-by: Mario Macias <mario.macias@grafana.com>

charts/beyla/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+.github

charts/beyla/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: beyla
+version: 1.0.0
+appVersion: 1.5.0
+description: eBPF-based autoinstrumentation HTTP, HTTP2 and gRPC services, as well as network metrics.
+home: https://grafana.com/oss/beyla-ebpf/
+icon: https://grafana.com/static/img/logos/beyla-logo.svg
+sources:
+  - https://github.com/grafana/beyla
+type: application
+keywords:
+  - observability
+  - autoinstrumentation
+  - eBPF-based

charts/beyla/README.md

@@ -0,0 +1,64 @@
+# beyla
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square)
+
+eBPF-based autoinstrumentation HTTP, HTTP2 and gRPC services, as well as network metrics.
+
+**Homepage:** <https://grafana.com/oss/beyla-ebpf/>
+
+## Source Code
+
+* <https://github.com/grafana/beyla>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | used for scheduling of pods based on affinity rules |
+| config.create | bool | `true` | set to true, to use the below default configurations |
+| config.data | object | `{"attributes":{"kubernetes":{"enable":true}},"prometheus_export":{"path":"/metrics","port":9090}}` | default value of beyla configuration |
+| config.name | string | `""` |  |
+| env | object | `{}` | extra environment variables |
+| envValueFrom | object | `{}` | extra environment variables to be set from resources such as k8s configMaps/secrets |
+| fullnameOverride | string | `""` | Overrides the chart's computed fullname. |
+| global.image.pullSecrets | list | `[]` | Optional set of global image pull secrets. |
+| global.image.registry | string | `""` | Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...) |
+| image.digest | string | `nil` | Beyla image's SHA256 digest (either in format "sha256:XYZ" or "XYZ"). When set, will override `image.tag`. |
+| image.pullPolicy | string | `"IfNotPresent"` | Beyla image pull policy. |
+| image.pullSecrets | list | `[]` | Optional set of image pull secrets. |
+| image.registry | string | `"docker.io"` | Beyla image registry (defaults to docker.io) |
+| image.repository | string | `"grafana/beyla"` | Beyla image repository. |
+| image.tag | string | `nil` | Beyla image tag. When empty, the Chart's appVersion is used. |
+| nameOverride | string | `""` | Overrides the chart's name |
+| namespaceOverride | string | `""` | Override the deployment namespace |
+| nodeSelector | object | `{}` | The nodeSelector field allows user to constrain which nodes your DaemonSet pods are scheduled to based on labels on the node |
+| podAnnotations | object | `{}` | Adds custom annotations to the Beyla Pods. |
+| podLabels | object | `{}` | Adds custom labels to the Beyla Pods. |
+| podSecurityContext | object | `{}` |  |
+| preset | string | `"application"` | Preconfigures some default properties for network or application observability. Accepted values are "network" or "application". |
+| rbac.create | bool | `true` | Whether to create RBAC resources for Belya |
+| rbac.extraClusterRoleRules | list | `[]` | Extra custer roles to be created for Belya |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.annotations | object | `{}` | Service annotations. |
+| service.appProtocol | string | `""` | Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp" |
+| service.clusterIP | string | `""` | cluster IP |
+| service.enabled | bool | `false` | whether to create a service for internal metrics |
+| service.labels | object | `{}` | Service labels. |
+| service.loadBalancerClass | string | `""` | loadbalancer class name |
+| service.loadBalancerIP | string | `""` | loadbalancer IP |
+| service.loadBalancerSourceRanges | list | `[]` | source ranges for loadbalancer |
+| service.port | int | `80` | service port |
+| service.portName | string | `"service"` | name of the port for internal metrics service. |
+| service.targetPort | int | `9090` | targetPort has to be configured based on the values of `BEYLA_INTERNAL_METRICS_PROMETHEUS_PORT` environment variable or the value of `prometheus_export.port` from beyla configuration file. see more at https://grafana.com/docs/beyla/latest/configure/options/#internal-metrics-reporter |
+| service.type | string | `"ClusterIP"` | type of the service |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.labels | object | `{}` | ServiceAccount labels. |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| tolerations | list | `[]` | Tolerations allow pods to be scheduled on nodes with specific taints |
+| updateStrategy.type | string | `"RollingUpdate"` | update strategy type |
+| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
+| volumes | list | `[]` | Additional volumes on the output daemonset definition. |
+

charts/beyla/templates/_helpers.tpl

@@ -0,0 +1,95 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "beyla.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "beyla.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "beyla.namespace" -}}
+{{- if .Values.namespaceOverride }}
+{{- .Values.namespaceOverride }}
+{{- else }}
+{{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "beyla.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "beyla.labels" -}}
+helm.sh/chart: {{ include "beyla.chart" . }}
+{{ include "beyla.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector (pod) labels
+*/}}
+{{- define "beyla.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "beyla.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- with .Values.podLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "beyla.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "beyla.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Calculate name of image ID to use for "beyla".
+*/}}
+{{- define "beyla.imageId" -}}
+{{- if .Values.image.digest }}
+{{- $digest := .Values.image.digest }}
+{{- if not (hasPrefix "sha256:" $digest) }}
+{{- $digest = printf "sha256:%s" $digest }}
+{{- end }}
+{{- printf "@%s" $digest }}
+{{- else if .Values.image.tag }}
+{{- printf ":%s" .Values.image.tag }}
+{{- else }}
+{{- printf ":%s" .Chart.AppVersion }}
+{{- end }}
+{{- end }}

charts/beyla/templates/cluster-role-binding.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "beyla.fullname" . }}
+  labels:
+    {{- include "beyla.labels" . | nindent 4 }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "beyla.serviceAccountName" . }}
+    namespace: {{ include "beyla.namespace" .}}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "beyla.fullname" . }}
+{{- end }}

charts/beyla/templates/cluster-role.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "beyla.fullname" . }}
+  labels:
+    {{- include "beyla.labels" . | nindent 4 }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+rules:
+  - apiGroups: [ "apps" ]
+    resources: [ "replicasets" ]
+    verbs: [ "list", "watch" ]
+  - apiGroups: [ "" ]
+    {{- if eq .Values.preset "network" }}
+    resources: [ "pods", "services", "nodes" ]
+    {{- else }}
+    resources: [ "pods" ]
+    {{- end }}
+    verbs: [ "list", "watch" ]
+  {{- with .Values.rbac.extraClusterRoleRules }}
+  {{- toYaml . | nindent 2 }}
+  {{- end}}
+{{- end }}

charts/beyla/templates/configmap.yaml

@@ -0,0 +1,32 @@
+{{- if and (not .Values.config.create) (eq .Values.config.name "") }}
+  {{- fail "if .Values.config.name is not set, then .Values.config.create should be set to true to use default configuration" }}
+{{- end }}
+{{- if and (.Values.config.create) (eq .Values.config.name "") }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "beyla.fullname" . }}
+  namespace: {{ include "beyla.namespace" . }}
+  labels:
+    {{- include "beyla.labels" . | nindent 4 }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+data:
+  beyla-config.yml: |
+    {{- if eq .Values.preset "network" }}
+    {{- if not .Values.config.data.network }}
+    network:
+      enable: true
+    {{- end }}
+    {{- end }}
+    {{- if eq .Values.preset "application" }}
+    {{- if not .Values.config.data.discovery }}
+    discovery:
+      services:
+        - k8s_namespace: .
+    {{- end }}
+    {{- end }}
+  {{- toYaml .Values.config.data | nindent 4}}
+{{- end }}

charts/beyla/templates/daemon-set.yml

@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "beyla.fullname" . }}
+  namespace: {{ include "beyla.namespace" .}}
+  labels:
+  {{- include "beyla.labels" . | nindent 4 }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+{{ include "beyla.selectorLabels" . | indent 6 }}
+  {{- with .Values.updateStrategy }}
+  updateStrategy:
+    {{- toYaml . | trim | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+{{ include "beyla.selectorLabels" . | indent 8 }}
+    spec:
+     {{- if .Values.serviceAccount.create }}
+      serviceAccountName: {{ include "beyla.serviceAccountName" . }}
+     {{- end }}
+      {{- if eq .Values.preset "application" }}
+      hostPID: true
+      {{- end }}
+      {{- if eq .Values.preset "network" }}
+      hostNetwork: true
+      {{- end }}
+      containers:
+        - name: beyla
+          image: {{ .Values.global.image.registry | default .Values.image.registry }}/{{ .Values.image.repository }}{{ include "beyla.imageId" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            privileged: true
+          ports:
+          - containerPort: {{ .Values.service.targetPort }}
+            protocol: TCP
+          env:
+            - name: BEYLA_CONFIG_PATH
+              value: "/etc/beyla/config/beyla-config.yml"
+          {{- range $key, $value := .Values.env }}
+            - name: {{ $key }}
+              value: "{{ $value }}"
+          {{- end }}
+          {{- range $key, $value := .Values.envValueFrom }}
+            - name: {{ $key | quote }}
+              valueFrom:
+          {{- tpl (toYaml $value) $ | nindent 16 }}
+          {{- end }}
+          {{- with .Values.nodeSelector }}          
+          nodeSelector:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.affinity }}
+          affinity:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
+          {{- with .Values.tolerations }}
+          tolerations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /etc/beyla/config
+              name: beyla-config
+        {{- if or .Values.global.image.pullSecrets .Values.image.pullSecrets }}
+        imagePullSecrets:
+          {{- if .Values.global.image.pullSecrets }}
+          {{- toYaml .Values.global.image.pullSecrets | nindent 4 }}
+          {{- else }}
+          {{- toYaml .Values.image.pullSecrets | nindent 4 }}
+          {{- end }}
+        {{- end }}
+      volumes:
+        - name: beyla-config
+          configMap:
+            name: {{ default (include "beyla.fullname" .) .Values.config.name }}