chore: mirror k8s-monitoring-2.0.12

upstream_repo:
2025-02-21 09:42:13 +01:00
commit 57712751f1
440 changed files with 101268 additions and 0 deletions
--- a/charts/k8s-monitoring/templates/secrets/_helpers.tpl
+++ b/charts/k8s-monitoring/templates/secrets/_helpers.tpl
@ -0,0 +1,172 @@
+{{/* Helper function to return the auth type, defaulting to none */}}
+{{/* Inputs: . (user of the secret, needs name, secret, auth) */}}
+{{- define "secrets.authType" }}
+{{- if hasKey . "auth" }}{{ .auth.type | default "none" }}{{ else }}none{{ end }}
+{{- end }}
+
+{{/* Helper function to determine the secret type */}}
+{{/* Inputs: . (user of the secret, needs name, secret, auth) */}}
+{{- define "secrets.secretType" }}
+{{- if hasKey . "secret" }}
+  {{- if eq .secret.embed true -}}embedded
+  {{- else if eq .secret.create false -}}external
+  {{- else }}create
+  {{- end }}
+{{- else -}}
+create
+{{- end }}
+{{- end }}
+
+{{/* Determine if a ___From field has been defined for a secret value */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
+{{- define "secrets.getSecretFromRef" -}}
+{{- $value := .object -}}
+{{- range $pathPart := (regexSplit "\\." (printf "%sFrom" .key) -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordFrom"] */}}
+{{- if $pathPart -}}
+  {{- if and (not (kindIs "string" $value)) (hasKey $value $pathPart) -}}
+    {{- $value = (index $value $pathPart) -}}
+  {{- else -}}
+    {{- $value = "" -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $value -}}
+{{- end -}}
+
+{{/* Determine the key to access a secret value within a secret component */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
+{{- define "secrets.getSecretKey" -}}
+{{- $value := .object -}}
+{{- $defaultKey := (( regexSplit "\\." .key -1) | last) -}}             {{/* "path.to.auth.password" --> "password" */}}
+{{- range $pathPart := (regexSplit "\\." (printf "%sKey" .key) -1) -}}  {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordKey"] */}}
+{{- if $pathPart -}}
+  {{- if and (not (kindIs "string" $value)) (hasKey $value $pathPart) -}}
+    {{- $value = (index $value $pathPart) -}}
+  {{- else -}}
+    {{- $value = $defaultKey -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $value -}}
+{{- end -}}
+
+{{/* Determine if a key was defined by the user */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
+{{- define "secrets.isSecretKeyDefined" -}}
+{{- $found := true}}
+{{- $value := .object -}}
+{{- range $pathPart := (regexSplit "\\." (printf "%sKey" .key) -1) -}}  {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordKey"] */}}
+{{- if $pathPart -}}
+  {{- if and (not (kindIs "string" $value)) (hasKey $value $pathPart) -}}
+    {{- $value = (index $value $pathPart) -}}
+  {{- else -}}
+    {{- $found = false -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $found -}}
+{{- end -}}
+
+{{/*Determine the path to the secret value*/}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
+{{- define "secrets.getSecretValue" }}
+{{- $value := .object -}}
+{{- range $pathPart := (regexSplit "\\." .key -1) -}}  {{/* "path.to.auth.password" --> ["path", "to", "auth" "password"] */}}
+{{- if $pathPart -}}
+  {{- if and (not (kindIs "string" $value)) (hasKey $value $pathPart) -}}
+    {{- $value = (index $value $pathPart) -}}
+  {{- else -}}
+    {{- $value = "" -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $value -}}
+{{- end }}
+
+{{/* Build the alloy command to read a secret value */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}}
+{{- define "secrets.read" }}
+{{- $credRef := include "secrets.getSecretFromRef" . -}}
+{{- if $credRef -}}
+{{ $credRef }}
+{{- else if eq (include "secrets.secretType" .object) "embedded" -}}
+{{ include "secrets.getSecretValue" (dict "object" .object "key" .key) | quote }}
+{{- else if eq (include "secrets.usesKubernetesSecret" .object) "true" -}}
+{{- $credKey := include "secrets.getSecretKey" (dict "object" .object "key" .key) -}}
+{{- if .nonsensitive -}}
+nonsensitive(remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{ $credKey | quote }}])
+{{- else -}}
+remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{ $credKey | quote }}]
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Determines if the object will reference a secret value */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}}
+{{- define "secrets.usesSecret" -}}
+{{- $secretType := (include "secrets.secretType" .object) }}
+{{- $ref := include "secrets.getSecretFromRef" . -}}
+{{- $value := include "secrets.getSecretValue" . -}}
+{{- if (not (eq $ref "")) }}true
+{{- else if (eq $secretType "external") }}true
+{{- else if (eq $value "") }}false
+{{- else -}}true{{- end -}}
+{{- end -}}
+
+{{/* Determines if the object will reference a Kubernetes secret */}}
+{{/* Inputs: . (user of the secret, needs name, secret, auth) */}}
+{{- define "secrets.usesKubernetesSecret" -}}
+{{- $secretType := (include "secrets.secretType" .) }}
+{{- if eq $secretType "embedded" -}}false
+{{- else -}}
+  {{- $usesK8sSecret := false }}
+  {{- range $secret := include (printf "secrets.list.%s" .type) . | fromYamlArray }}
+    {{- $ref := include "secrets.getSecretFromRef" (dict "object" $ "key" $secret) -}}
+    {{- $keyDefined := include "secrets.isSecretKeyDefined" (dict "object" $ "key" $secret) -}}
+    {{- $value := include "secrets.getSecretValue" (dict "object" $ "key" $secret) -}}
+    {{- if (eq $secretType "external") }}
+      {{- if eq $keyDefined "true" }}{{- $usesK8sSecret = true }}{{- end }}
+    {{- else }}
+      {{- if and $value (not $ref) }}{{- $usesK8sSecret = true }}{{- end }}
+    {{- end }}
+  {{- end }}
+{{- $usesK8sSecret -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Determines if the object will need to create a Kubernetes secret. NOTE that this object should be before merging with default values */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth) */}}
+{{- define "secrets.shouldCreateKubernetesSecret" -}}
+{{- if eq (include "secrets.usesKubernetesSecret" .) "false" }}false
+{{- else if and (hasKey . "secret") (hasKey .secret "create") -}}
+{{ .secret.create }}
+{{- else -}}
+true
+{{- end -}}
+{{- end -}}
+
+{{/* This returns the Kubernetes Secret name for this destination */}}
+{{/* Inputs: $ (top level helm data) object (user of the secret, needs name, secret, auth) */}}
+{{- define "secrets.kubernetesSecretName" -}}
+{{- if and (hasKey .object "secret") (hasKey .object.secret "name") (not (empty .object.secret.name)) -}}
+{{ .object.secret.name }}
+{{- else -}}
+
+{{- if contains .Chart.Name .Release.Name }}
+{{- printf "%s-%s" .object.name .Release.Name | trunc 63 | trimSuffix "-" | lower -}}
+{{- else }}
+{{- printf "%s-%s-%s" .object.name .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" | lower -}}
+{{- end }}
+
+{{- end }}
+{{- end }}
+
+{{/* This returns the Kubernetes Secret namespace for this destination */}}
+{{/* Inputs: $ (top level helm data) object (user of the secret, needs name, secret, auth) */}}
+{{- define "secrets.kubernetesSecretNamespace" -}}
+{{- if and (hasKey .object "secret") (hasKey .object.secret "namespace") (not (empty .object.secret.namespace)) -}}
+{{- .object.secret.namespace -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end }}
+{{- end }}
--- a/charts/k8s-monitoring/templates/secrets/_secret.alloy.tpl
+++ b/charts/k8s-monitoring/templates/secrets/_secret.alloy.tpl
@ -0,0 +1,8 @@
+{{/* This builds the remote.kubernetes.secret component for this destination */}}
+{{/* Inputs: $ (top level object) object (user of the secret, needs name, secret, auth) */}}
+{{ define "secret.alloy" }}
+remote.kubernetes.secret {{ include "helper.alloy_name" .object.name | quote }} {
+  name      = {{ include "secrets.kubernetesSecretName" . | quote }}
+  namespace = {{ include "secrets.kubernetesSecretNamespace" . | quote }}
+}
+{{ end }}
--- a/charts/k8s-monitoring/templates/secrets/test/secrets.yaml
+++ b/charts/k8s-monitoring/templates/secrets/test/secrets.yaml
@ -0,0 +1,105 @@
+{{- define "secrets.list.unittest.secrets" }}
+- auth.username
+- auth.password
+{{- end }}
+{{- if eq (((index .Values "testing") | default false) | toString) "true" }}
+{{- $noAuth := dict "type" "unittest.secrets"}}
+{{- $usernameAndPassword := dict "type" "unittest.secrets" "auth" (dict "username" "my-username" "password" "my-password") }}
+{{- $embeddedSecret := deepCopy $usernameAndPassword | merge (dict "secret" (dict "embed" true)) }}
+{{- $allSecretsHaveRefs := dict "type" "unittest.secrets" "auth" (dict "usernameFrom" "env('USER')" "passwordFrom" "env('PASS')") }}
+{{- $oneSecretHasRef := dict "type" "unittest.secrets" "auth" (dict "username" "my-username" "passwordFrom" "env('PASS')") }}
+{{- $externalNoKeys := dict "type" "unittest.secrets" "secret" (dict "create" false) "auth" dict }}
+{{- $externalOneKey := deepCopy $externalNoKeys | merge (dict "auth" (dict "usernameKey" "user")) }}
+{{- $externalBothKeys := deepCopy $externalNoKeys | merge (dict "auth" (dict "usernameKey" "user" "passwordKey" "pass")) }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-authType
+data:
+  testEmpty: {{ include "secrets.authType" $noAuth | quote }}
+  testEmptyAuth: {{ include "secrets.authType" (dict "auth" (dict)) | quote }}
+  testEmptyType: {{ include "secrets.authType" (dict "auth" (dict "type" "")) | quote }}
+  testAuthTypeBasic: {{ include "secrets.authType" (dict "auth" (dict "type" "basic")) | quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-secretType
+data:
+  testEmpty: {{ include "secrets.secretType" $noAuth | quote }}
+  testEmptySecret: {{ include "secrets.secretType" (dict "secret" (dict)) | quote }}
+  testEmbeddedTrue: {{ include "secrets.secretType" (dict "secret" (dict "embed" true)) | quote }}
+  testEmbeddedFalse: {{ include "secrets.secretType" (dict "secret" (dict "embed" false)) | quote }}
+  testCreateTrue: {{ include "secrets.secretType" (dict "secret" (dict "create" true)) | quote }}
+  testCreateFalse: {{ include "secrets.secretType" (dict "secret" (dict "create" false)) | quote }}
+  testBothTrue: {{ include "secrets.secretType" (dict "secret" (dict "create" true "embed" true)) | quote }}
+  testBothFalse: {{ include "secrets.secretType" (dict "secret" (dict "create" false "embed" false)) | quote }}
+  testCreateTrueEmbedFalse: {{ include "secrets.secretType" (dict "secret" (dict "create" true "embed" false)) | quote }}
+  testCreateFalseEmbedTrue: {{ include "secrets.secretType" (dict "secret" (dict "create" false "embed" true)) | quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-getSecretFromRef
+data:
+  testNoPath: {{ include "secrets.getSecretFromRef" (dict "object" dict "key" "auth.password") | quote }}
+  testNoReference: {{ include "secrets.getSecretFromRef" (dict "object" (dict "auth" dict) "key" "auth.password") | quote }}
+  testHasElementNoReference: {{ include "secrets.getSecretFromRef" (dict "object" (dict "auth" (dict "password" "test")) "key" "auth.password") | quote }}
+  testHasReference: {{ include "secrets.getSecretFromRef" (dict "object" (dict "auth" (dict "passwordFrom" "test")) "key" "auth.password") | quote }}
+  testHasReferenceAndElement: {{ include "secrets.getSecretFromRef" (dict "object" (dict "auth" (dict "password" "a-secret" "passwordFrom" "test")) "key" "auth.password") | quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-getSecretKey
+data:
+  testNoPath: {{ include "secrets.getSecretKey" (dict "object" dict "key" "auth.password") | quote }}
+  testNoKey: {{ include "secrets.getSecretKey" (dict "object" (dict "auth" dict) "key" "auth.password") | quote }}
+  testHasElementNoKey: {{ include "secrets.getSecretKey" (dict "object" (dict "auth" (dict "password" "test")) "key" "auth.password") | quote }}
+  testHasKey: {{ include "secrets.getSecretKey" (dict "object" (dict "auth" (dict "passwordKey" "test")) "key" "auth.password") | quote }}
+  testHasKeyAndElement: {{ include "secrets.getSecretKey" (dict "object" (dict "auth" (dict "password" "a-secret" "passwordKey" "test")) "key" "auth.password") | quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-isSecretKeyDefined
+data:
+  testNoPath: {{ include "secrets.isSecretKeyDefined" (dict "object" dict "key" "auth.password") | quote }}
+  testNoKey: {{ include "secrets.isSecretKeyDefined" (dict "object" $externalNoKeys "key" "auth.password") | quote }}
+  testHasElementNoKey: {{ include "secrets.isSecretKeyDefined" (dict "object" (dict "auth" (dict "password" "test")) "key" "auth.password") | quote }}
+  testHasKey: {{ include "secrets.isSecretKeyDefined" (dict "object" $externalOneKey "key" "auth.username") | quote }}
+  testHasKeyAndElement: {{ include "secrets.isSecretKeyDefined" (dict "object" (dict "auth" (dict "password" "a-secret" "passwordKey" "test")) "key" "auth.password") | quote }}
+  externalNoKeys: {{ include "secrets.isSecretKeyDefined" (dict "object" $externalNoKeys "key" "auth.username") | quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-getSecretValue
+data:
+  testNoPath: {{ include "secrets.getSecretValue" (dict "object" dict "key" "auth.password") | quote }}
+  testNoPassword: {{ include "secrets.getSecretValue" (dict "object" (dict "auth" dict) "key" "auth.password") | quote }}
+  testHasPassword: {{ include "secrets.getSecretValue" (dict "object" (dict "auth" (dict "password" "password")) "key" "auth.password") | quote }}
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-usesKubernetesSecret
+data:
+  noAuth: {{ include "secrets.usesKubernetesSecret" $noAuth | quote }}
+  usernameAndPassword: {{ include "secrets.usesKubernetesSecret" $usernameAndPassword | quote }}
+  embeddedSecret: {{ include "secrets.usesKubernetesSecret" $embeddedSecret | quote }}
+  allSecretsHaveRefs: {{ include "secrets.usesKubernetesSecret" $allSecretsHaveRefs | quote }}
+  oneSecretHasRef: {{ include "secrets.usesKubernetesSecret" $oneSecretHasRef | quote }}
+  externalNoKeys: {{ include "secrets.usesKubernetesSecret" $externalNoKeys | quote }}
+  externalOneKey: {{ include "secrets.usesKubernetesSecret" $externalOneKey | quote }}
+  externalBothKeys: {{ include "secrets.usesKubernetesSecret" $externalBothKeys | quote }}
+
+{{- end }}