Many more examples and fixes found from making them. (#771)

Signed-off-by: Pete Wall <pete.wall@grafana.com>

charts/feature-annotation-autodiscovery/README.md

@@ -8,7 +8,7 @@
 ![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
 Gathers metrics automatically based on Kubernetes Pod and Service annotations
 
-The annotation-based autodiscovery feature makes it very simple to add scrape targets. With this feature enabled, any
+The annotation-based autodiscovery feature makes it easy to add scrape targets. With this feature enabled, any
 Kubernetes Pods or Services with the `k8s.grafana.com/scrape` annotation set to `true` will be automatically discovered
 and scraped by the collector. There are several other annotations that can be used to customize the behavior of the
 scrape configuration, such as:

charts/feature-annotation-autodiscovery/README.md.gotmpl

@@ -9,7 +9,7 @@
 {{ template "chart.description" . }}
 {{ template "chart.homepageLine" . }}
 
-The annotation-based autodiscovery feature makes it very simple to add scrape targets. With this feature enabled, any
+The annotation-based autodiscovery feature makes it easy to add scrape targets. With this feature enabled, any
 Kubernetes Pods or Services with the `k8s.grafana.com/scrape` annotation set to `true` will be automatically discovered
 and scraped by the collector. There are several other annotations that can be used to customize the behavior of the
 scrape configuration, such as:

charts/feature-pod-logs/templates/_collector_validation.tpl

@@ -6,14 +6,14 @@
     {{- fail (printf "Pod Logs feature requires Alloy to be a DaemonSet when using the \"volumes\" gather method.\nPlease set:\n%s:\n  controller:\n    type: daemonset" .CollectorName) }}
   {{- end -}}
   {{- if not .Collector.alloy.mounts.varlog }}
-    {{- fail (printf "Pod Logs feature requires Alloy to mount /var/log when using the \"volumes\" gather method.\nPlease set:\n%s:\n  controller:\n    mounts:\n      varlog: true" .CollectorName) }}
+    {{- fail (printf "Pod Logs feature requires Alloy to mount /var/log when using the \"volumes\" gather method.\nPlease set:\n%s:\n  alloy:\n    mounts:\n      varlog: true" .CollectorName) }}
   {{- end -}}
   {{- if .Collector.alloy.clustering.enabled }}
     {{- fail (printf "Pod Logs feature requires Alloy to not be in clustering mode when using the \"volumes\" gather method.\nPlease set:\n%s:\n  alloy:\n    clustering:\n      enabled: true" .CollectorName) }}
   {{- end -}}
 {{- else if eq .Values.gatherMethod "kubernetesApi" }}
-  {{- if not .Collector.alloy.mounts.varlog }}
-    {{- fail (printf "Pod Logs feature should not mount /var/log when using the \"kubernetesApi\" gather method.\nPlease set:\n%s:\n  controller:\n    mounts:\n      varlog: false" .CollectorName) }}
+  {{- if .Collector.alloy.mounts.varlog }}
+    {{- fail (printf "Pod Logs feature should not mount /var/log when using the \"kubernetesApi\" gather method.\nPlease set:\n%s:\n  alloy:\n    mounts:\n      varlog: false" .CollectorName) }}
   {{- end -}}
   {{- if not .Collector.alloy.clustering.enabled }}
     {{- fail (printf "Pod Logs feature requires Alloy to be in clustering mode when using the \"kubernetesApi\" gather method.\nPlease set:\n%s:\n  alloy:\n    clustering:\n      enabled: true" .CollectorName) }}

charts/k8s-monitoring/Chart.lock

@@ -42,4 +42,4 @@ dependencies:
   repository: https://grafana.github.io/helm-charts
   version: 0.7.0
 digest: sha256:a7478342074296ebf188fa7f1f61da0acebcf11cbe7293a9c5b933d834bcc30e
-generated: "2024-10-04T16:06:31.559013-05:00"
+generated: "2024-10-07T15:10:21.807216-05:00"

charts/k8s-monitoring/Makefile

@@ -1,5 +1,6 @@
 HAS_HELM_DOCS := $(shell command -v helm-docs;)
 HAS_HELM_UNITTEST := $(shell helm plugin list | grep unittest 2> /dev/null)
+HAS_SHELLSPEC := $(shell command -v shellspec;)
 
 CHART_TEMPLATE_FILES = $(shell find templates -name "*.tpl")
 CHART_YAML_FILES = $(shell find templates -name "*.yaml")
@@ -115,6 +116,14 @@ Chart.lock: Chart.yaml
 .PHONY: examples
 examples: $(EXAMPLE_OUTPUT_FILES) $(EXAMPLE_ALLOY_FILES) $(EXAMPLE_README_FILES)
 
+.PHONY: example-checks
+example-checks: $(EXAMPLE_OUTPUT_FILES)
+ifdef HAS_SHELLSPEC
+	shellspec -c tests/example-checks
+else
+	docker run --platform linux/amd64 --rm --volume $(shell pwd):/src shellspec/shellspec -c /src/tests/example-checks -s /bin/sh
+endif
+
 .PHONY: clean
 clean:
 	rm -f README.md values.schema.json templates/destinations/_destination_types.tpl schema-mods/destination-list.json $(DESTINATION_SCHEMA_FILES) $(DESTINATION_DOCS_FILES)
@@ -126,7 +135,7 @@ build: README.md examples values.schema.json templates/destinations/_destination
 
 # Test targets
 .PHONY: test unittest lint-helm lint-configs
-test: unittest lint-helm lint-configs
+test: unittest lint-helm lint-configs example-checks
 lint-configs: $(EXAMPLE_ALLOY_FILES)
 	../../scripts/lint-alloy.sh $(EXAMPLE_ALLOY_FILES)
 

charts/k8s-monitoring/destinations/loki-values.yaml

@@ -33,11 +33,11 @@ extraHeadersFrom: {}
 # -- Custom labels to be added to all logs and events.
 # All values are treated as strings and automatically quoted.
 # @section -- General
-externalLabels: {}
+extraLabels: {}
 # -- Custom labels to be added to all logs and events through a dynamic reference.
 # All values are treated as raw strings and not quoted.
 # @section -- General
-externalLabelsFrom: {}
+extraLabelsFrom: {}
 
 auth:
   # -- The type of authentication to do.
@@ -77,9 +77,10 @@ auth:
   bearerTokenFrom: ""
 
 secret:
-  # -- Whether to create a secret for this Loki destination.
+  # -- (bool) Whether to create a secret for this Loki destination.
+  # @default -- `true`
   # @section -- Secret
-  create: true
+  create:
   # -- If true, skip secret creation and embed the credentials directly into the configuration.
   # @section -- Secret
   embed: false

charts/k8s-monitoring/destinations/otlp-values.yaml

@@ -27,10 +27,6 @@ logs:
 # @section -- General
 url: ""
 
-# -- The Proxy URL for the OTLP destination.
-# @section -- General
-proxyURL: ""
-
 # -- The tenant ID for the OTLP destination.
 # @section -- General
 tenantId: ""
@@ -88,9 +84,10 @@ auth:
   bearerTokenFrom: ""
 
 secret:
-  # -- Whether to create a secret for this Prometheus destination.
+  # -- (bool) Whether to create a secret for this Prometheus destination.
+  # @default -- `true`
   # @section -- Secret
-  create: true
+  create:
   # -- If true, skip secret creation and embed the credentials directly into the configuration.
   # @section -- Secret
   embed: false

charts/k8s-monitoring/destinations/prometheus-values.yaml

@@ -50,7 +50,7 @@ metricProcessingRules: ""
 
 auth:
   # -- The type of authentication to do.
-  # Options are "none" (default), "basic", "bearerToken".
+  # Options are "none" (default), "basic", "bearerToken", "sigv4".
   # @default -- none
   # @section -- Authentication
   type: "none"
@@ -85,10 +85,45 @@ auth:
   # @section -- Authentication - Bearer Token
   bearerTokenFrom: ""
 
+  # Authentication using AWS Signature Version 4
+  sigv4:
+    # -- The access key for sigv4 authentication.
+    # @section -- Authentication - SigV4
+    accessKey: ""
+    # -- The key for storing the access key in the secret.
+    # @section -- Authentication - SigV4
+    accessKeyKey: "accessKey"
+    # -- Raw config for accessing the access key.
+    # @section -- Authentication - SigV4
+    accessKeyFrom: ""
+
+    # -- The secret key for sigv4 authentication.
+    # @section -- Authentication - SigV4
+    secretKey: ""
+    # -- The key for storing the secret key in the secret.
+    # @section -- Authentication - Sig
+    secretKeyKey: "secretKey"
+    # -- Raw config for accessing the secret key.
+    # @section -- Authentication - SigV4
+    secretKeyFrom: ""
+
+    # -- The named AWS profile for sigv4 authentication.
+    # @section -- Authentication - SigV4
+    profile: ""
+
+    # -- The AWS region for sigv4 authentication.
+    # @section -- Authentication - SigV4
+    region: ""
+
+    # -- The Role ARN for sigv4 authentication.
+    # @section -- Authentication - SigV4
+    roleArn: ""
+
 secret:
-  # -- Whether to create a secret for this Prometheus destination.
+  # -- (bool) Whether to create a secret for this Prometheus destination.
+  # @default -- `true`
   # @section -- Secret
-  create: true
+  create:
   # -- If true, skip secret creation and embed the credentials directly into the configuration.
   # @section -- Secret
   embed: false

charts/k8s-monitoring/destinations/pyroscope-values.yaml

@@ -68,9 +68,10 @@ auth:
   bearerTokenFrom: ""
 
 secret:
-  # -- Whether to create a secret for this Pyroscope destination.
+  # -- (bool) Whether to create a secret for this Pyroscope destination.
+  # @default -- `true`
   # @section -- Secret
-  create: true
+  create:
   # -- If true, skip secret creation and embed the credentials directly into the configuration.
   # @section -- Secret
   embed: false

charts/k8s-monitoring/docs/destinations/loki.md

@@ -33,10 +33,10 @@ This defines the options for defining a destination for logs that use the Loki p
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| externalLabels | object | `{}` | Custom labels to be added to all logs and events. All values are treated as strings and automatically quoted. |
-| externalLabelsFrom | object | `{}` | Custom labels to be added to all logs and events through a dynamic reference. All values are treated as raw strings and not quoted. |
 | extraHeaders | object | `{}` | Extra headers to be set when sending data. All values are treated as strings and automatically quoted. |
 | extraHeadersFrom | object | `{}` | Extra headers to be set when sending data through a dynamic reference. All values are treated as raw strings and not quoted. |
+| extraLabels | object | `{}` | Custom labels to be added to all logs and events. All values are treated as strings and automatically quoted. |
+| extraLabelsFrom | object | `{}` | Custom labels to be added to all logs and events through a dynamic reference. All values are treated as raw strings and not quoted. |
 | name | string | `""` | The name for this Loki destination. |
 | proxyURL | string | `""` | The Proxy URL for the Loki destination. |
 | tenantId | string | `""` | The tenant ID for the Loki destination. |

charts/k8s-monitoring/docs/destinations/otlp.md

@@ -37,7 +37,6 @@ This defines the options for defining a destination for OpenTelemetry data that
 | extraHeadersFrom | object | `{}` | Extra headers to be set when sending data through a dynamic reference. All values are treated as raw strings and not quoted. |
 | name | string | `""` | The name for this OTLP destination. |
 | protocol | string | `"grpc"` | The protocol for the OTLP destination. Options are "grpc" (default), "http". |
-| proxyURL | string | `""` | The Proxy URL for the OTLP destination. |
 | readBufferSize | string | `""` | Size of the read buffer the gRPC client to use for reading server responses. |
 | tenantId | string | `""` | The tenant ID for the OTLP destination. |
 | tenantIdFrom | string | `""` | Raw config for accessing the tenant ID. |

charts/k8s-monitoring/docs/destinations/prometheus.md

@@ -23,11 +23,30 @@ This defines the options for defining a destination for metrics that use the Pro
 | auth.usernameFrom | string | `""` | Raw config for accessing the username. |
 | auth.usernameKey | string | `"username"` | The key for storing the username in the secret. |
 
+### Authentication - SigV4
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| auth.sigv4.accessKey | string | `""` | The access key for sigv4 authentication. |
+| auth.sigv4.accessKeyFrom | string | `""` | Raw config for accessing the access key. |
+| auth.sigv4.accessKeyKey | string | `"accessKey"` | The key for storing the access key in the secret. |
+| auth.sigv4.profile | string | `""` | The named AWS profile for sigv4 authentication. |
+| auth.sigv4.region | string | `""` | The AWS region for sigv4 authentication. |
+| auth.sigv4.roleArn | string | `""` | The Role ARN for sigv4 authentication. |
+| auth.sigv4.secretKey | string | `""` | The secret key for sigv4 authentication. |
+| auth.sigv4.secretKeyFrom | string | `""` | Raw config for accessing the secret key. |
+
+### Authentication - Sig
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| auth.sigv4.secretKeyKey | string | `"secretKey"` | The key for storing the secret key in the secret. |
+
 ### Authentication
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| auth.type | string | none | The type of authentication to do. Options are "none" (default), "basic", "bearerToken". |
+| auth.type | string | none | The type of authentication to do. Options are "none" (default), "basic", "bearerToken", "sigv4". |
 
 ### General
 

charts/k8s-monitoring/docs/examples/auth/bearer-token/README.md

@@ -0,0 +1,74 @@
+<!--
+(NOTE: Do not edit README.md directly. It is a generated file!)
+(      To make changes, please modify values.yaml or description.txt and run `make examples`)
+-->
+# Bearer Token Authentication
+
+This example demonstrates how to use a bearer token for authentication. The Prometheus destination defines the bearer
+token inside the values file. The Loki destination gets a bearer token from an environment variable defined on the
+`alloy-logs` collector. And the OTLP destination gets a bearer token from a pre-existing Kubernetes secret.
+
+## Values
+
+```yaml
+---
+cluster:
+  name: bearer-token-example-cluster
+
+destinations:
+  - name: prometheus
+    type: prometheus
+    url: http://prometheus.prometheus.svc:9090/api/v1/write
+    auth:
+      type: bearerToken
+      bearerToken: sample-bearer-token
+
+  - name: loki
+    type: loki
+    url: http://loki.loki.svc:3100/loki/api/v1/push
+    auth:
+      type: bearerToken
+      bearerTokenFrom: env("LOKI_BEARER_TOKEN")
+
+  - name: tempo
+    type: otlp
+    url: http://tempo.tempo.svc:4317
+    auth:
+      type: bearerToken
+      bearerTokenKey: tempoBearerToken
+    secret:
+      create: false
+      name: my-tempo-secret
+      namespace: tempo
+
+applicationObservability:
+  enabled: true
+  receivers:
+    grpc:
+      enabled: true
+
+prometheusOperatorObjects:
+  enabled: true
+
+podLogs:
+  enabled: true
+
+alloy-metrics:
+  enabled: true
+
+alloy-logs:
+  enabled: true
+  alloy:
+    extraEnv:
+      - name: LOKI_BEARER_TOKEN
+        value: sample-bearer-token
+
+alloy-receiver:
+  enabled: true
+  alloy:
+    extraPorts:
+      - name: otlp-grpc
+        port: 4317
+        targetPort: 4317
+        protocol: TCP
+```