Merge pull request #496 from onprem/parca-server

Add helm chart for parca-server
timescale · Nov 23, 2022 · 4dc935d · 4dc935d
2 parents de66375 + 208df31
commit 4dc935d
Show file tree

Hide file tree

Showing 11 changed files with 463 additions and 0 deletions.
diff --git a/charts/parca-server/Chart.yaml b/charts/parca-server/Chart.yaml
@@ -0,0 +1,26 @@
+# This file and its contents are licensed under the Apache License 2.0.
+# Please see the included NOTICE for copyright information and LICENSE for a copy of the license.
+
+apiVersion: v2
+name: parca-server
+description: Parca Server deployment.
+
+version: 0.1.0
+appVersion: v0.14.0
+
+home: https://github.com/timescale/helm-charts
+
+sources:
+  - https://github.com/timescale/helm-charts
+  - https://github.com/parca-dev/parca
+
+maintainers:
+  - name: timescale
+    url: https://www.timescale.com/
+
+keywords:
+  - continuous-profiling
+  - performance
+  - profiling
+  - monitoring
+  - prometheus
diff --git a/charts/parca-server/README.md b/charts/parca-server/README.md
@@ -0,0 +1,54 @@
+<!---
+This file and its contents are licensed under the Apache License 2.0.
+Please see the included NOTICE for copyright information and LICENSE for a copy of the license.
+-->
+
+# Parca Server
+
+##### Table of Contents
+- [Introduction](#introduction)
+- [Installation](#installation)
+  - [Installing from the Timescale Helm Repo](#installing-from-the-timescale-helm-repo)
+
+## Introduction
+This directory contains a Helm chart to deploy [Parca Server](https://github.com/parca-dev/parca),
+used for Open Source infrastructure-wide continous profiling.
+
+## Installation
+
+To install the chart with the release name `my-release`, you can clone the git repo and run the command:
+```console
+helm install --name my-release ./charts/parca-server
+```
+
+You can override parameters using the `--set key=value[,key=value]` argument to `helm install`,
+e.g., to disable service account creation:
+
+```console
+helm install --name my-release ./charts/parca-server --set serviceAccount.create=false
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+```console
+helm install --name my-release -f myvalues.yaml ./charts/parca-server
+```
+
+### Installing from the Timescale Helm Repo
+
+We have a Helm Repository that you can use, instead of cloning this Git repo. 
+
+First add the repository with:
+```console
+helm repo add timescale 'https://charts.timescale.com'
+```
+
+Next proceed to install the chart:
+
+```console
+helm install my-release timescale/parca-server
+```
+
+To keep the repo up to date with new versions you can do:
+```console
+helm repo update
+```
diff --git a/charts/parca-server/templates/_helpers.tpl b/charts/parca-server/templates/_helpers.tpl
@@ -0,0 +1,67 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "parca-server.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else if contains .Release.Name $name -}}
+{{- $name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "parca-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Allow the release namespace to be overridden
+*/}}
+{{- define "parca-server.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Generate labels to be used
+*/}}
+{{- define "parca-server.labels" -}}
+app: {{ include "parca-server.fullname" . }}
+chart: {{ template "parca-server.chart" . }}
+release: {{ .Release.Name }}
+heritage: {{ .Release.Service }}
+{{- end }}
+
+{{- define "parca-server-helm.labels" -}}
+{{ include "parca-server.labels" . }}
+app.kubernetes.io/name: "parca"
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/component: "observability"
+app.kubernetes.io/instance: {{ include "parca-server.fullname" . | quote }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use.
+*/}}
+{{- define "parca-server.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "parca-server.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/parca-server/templates/config.yaml b/charts/parca-server/templates/config.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "parca-server.fullname" . }}-config
+  namespace: {{ template "parca-server.namespace" . }}
+  labels:
+{{- include "parca-server-helm.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-delete
+    "helm.sh/hook-weight": "0"
+data:
+  parca.yaml: |
+{{- toYaml .Values.config | nindent 4 }}
diff --git a/charts/parca-server/templates/deployment.yaml b/charts/parca-server/templates/deployment.yaml
@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "parca-server.fullname" . }}
+  namespace: {{ template "parca-server.namespace" . }}
+  labels:
+{{- include "parca-server-helm.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations: {{ toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "parca-server.fullname" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+{{- include "parca-server-helm.labels" . | nindent 8 }}
+      annotations:
+        checksum/config: {{ printf "%s" .Values.config | sha256sum }}
+        {{- if .Values.podAnnotations }}
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+        {{- end }}
+    spec:
+      containers:
+        - image: {{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: parca
+          args:
+          - "/parca"
+          - "--config-path=/var/parca/parca.yaml"
+          {{- with .Values.extraArgs }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          env:
+            - name: TOBS_TELEMETRY_INSTALLED_BY
+              value: "promscale"
+          {{- if .Values.extraEnv }}
+            {{- range $.Values.extraEnv }}
+            - name: {{ .name }}
+              value: {{ tpl (.value | quote) $ }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.resources }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          ports:
+            - containerPort: 7070
+              name: http
+          readinessProbe:
+          {{- toYaml .Values.readinessProbe | nindent 12 }}
+          livenessProbe:
+          {{- toYaml .Values.livenessProbe | nindent 12 }}
+          volumeMounts:
+            - name: parca-config
+              mountPath: /var/parca/
+          {{- if .Values.extraVolumeMounts }}
+          {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+          {{- end }}
+      terminationGracePeriodSeconds: 120
+      volumes:
+        - name: parca-config
+          configMap:
+            name: {{ include "parca-server.fullname" . }}-config
+      {{- if .Values.extraVolumes }}
+      {{- toYaml .Values.extraVolumes | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "parca-server.serviceAccountName" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity: {{ toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/parca-server/templates/pod-security-policy.yaml b/charts/parca-server/templates/pod-security-policy.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "parca-server.fullname" . }}-policy
+  namespace: {{ template "parca-server.namespace" . }}
+  labels:
+{{- include "parca-server-helm.labels" . | nindent 4 }}
+    app.kubernetes.io/component: policy
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+  - persistentVolumeClaim
+{{ end }}
diff --git a/charts/parca-server/templates/role.yaml b/charts/parca-server/templates/role.yaml
@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "parca-server.fullname" . }}
+  namespace: {{ template "parca-server.namespace" . }}
+  labels:
+{{- include "parca-server-helm.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - {{ include "parca-server.fullname" . }}-policy
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
diff --git a/charts/parca-server/templates/rolebinding.yaml b/charts/parca-server/templates/rolebinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "parca-server.fullname" . }}
+  namespace: {{ template "parca-server.namespace" . }}
+  labels:
+{{- include "parca-server-helm.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "parca-server.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "parca-server.serviceAccountName" . }}
diff --git a/charts/parca-server/templates/service-acccount.yaml b/charts/parca-server/templates/service-acccount.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "parca-server.serviceAccountName" . }}
+  namespace: {{ template "parca-server.namespace" . }}
+  labels:
+{{- include "parca-server-helm.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+{{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/parca-server/templates/service.yaml b/charts/parca-server/templates/service.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "parca-server.fullname" . }}
+  namespace: {{ include "parca-server.namespace" . }}
+  labels:
+{{- include "parca-server-helm.labels" . | nindent 4 }}
+  {{- if .Values.service.annotations }}
+  annotations:
+    {{- .Values.service.annotations | toYaml | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    app: {{ include "parca-server.fullname" . }}
+    release: {{ .Release.Name }}
+  type: {{ .Values.service.type }}
+  ports:
+  - name: http
+    port: {{ .Values.service.port }}
+    targetPort: http
+    protocol: TCP
+    {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }}
+    nodePort: {{ .Values.service.nodePort }}
+    {{- end }}
+{{- if .Values.service.spec }}
+{{ .Values.service.spec | toYaml | nindent 2 }}
+{{- end }}