From 1bc2fcec138308c7db4f3043cf4704a68ed0b58e Mon Sep 17 00:00:00 2001 From: Timo <32620814+timojohlo@users.noreply.github.com> Date: Thu, 11 Jun 2026 15:51:58 +0200 Subject: [PATCH 1/7] fix(logs): add scrape annotation for metrics (#1727) Signed-off-by: I504010 Signed-off-by: Ganesh Kugulakrishnan --- logs/charts/Chart.yaml | 2 +- logs/charts/templates/metrics-collector.yaml | 2 ++ logs/plugindefinition.yaml | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/logs/charts/Chart.yaml b/logs/charts/Chart.yaml index 2a63e8968..a2be53368 100644 --- a/logs/charts/Chart.yaml +++ b/logs/charts/Chart.yaml @@ -4,7 +4,7 @@ apiVersion: v2 appVersion: 0.152.0 name: logs -version: 0.2.7 +version: 0.2.8 description: OpenTelemetry Operator Helm chart for Kubernetes icon: https://raw.githubusercontent.com/cncf/artwork/a718fa97fffec1b9fd14147682e9e3ac0c8817cb/projects/opentelemetry/icon/color/opentelemetry-icon-color.png type: application diff --git a/logs/charts/templates/metrics-collector.yaml b/logs/charts/templates/metrics-collector.yaml index 44c087656..80c2f3650 100644 --- a/logs/charts/templates/metrics-collector.yaml +++ b/logs/charts/templates/metrics-collector.yaml @@ -15,6 +15,8 @@ metadata: {{- end }} spec: mode: deployment + podAnnotations: + prometheus.io/scrape: "false" image: {{ index .Values "openTelemetry" "collectorImage" "repository" }}:{{ index .Values "openTelemetry" "collectorImage" "tag" }} config: receivers: diff --git a/logs/plugindefinition.yaml b/logs/plugindefinition.yaml index d1b3900a7..10d78e8f0 100644 --- a/logs/plugindefinition.yaml +++ b/logs/plugindefinition.yaml @@ -6,14 +6,14 @@ kind: PluginDefinition metadata: name: logs spec: - version: 0.13.7 + version: 0.13.8 displayName: Logs description: Observability framework for instrumenting, generating, collecting, and exporting logs. icon: https://raw.githubusercontent.com/cloudoperators/greenhouse-extensions/main/logs/logo.png helmChart: name: logs repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts - version: 0.2.7 + version: 0.2.8 options: - default: true description: Set to true to enable the installation of the OpenTelemetry Operator. From 7545f6ab7df8448c4bbd9e7f9fd135e7169bb06c Mon Sep 17 00:00:00 2001 From: Ganesh Kugulakrishnan Date: Thu, 11 Jun 2026 09:24:59 -0600 Subject: [PATCH 2/7] feat(storage): netapp-monitoring plugin Signed-off-by: Ganesh Kugulakrishnan --- netapp-monitoring/.helmignore | 23 +++ netapp-monitoring/Chart.lock | 6 + netapp-monitoring/Chart.yaml | 15 ++ netapp-monitoring/PluginDefinition.yaml | 58 +++++++ netapp-monitoring/README.md | 125 +++++++++++++++ netapp-monitoring/charts/owner-info-1.0.0.tgz | Bin 0 -> 2140 bytes netapp-monitoring/templates/_helpers.tpl | 83 ++++++++++ .../templates/harvest-basic-auth.yaml | 16 ++ .../templates/harvest-netappsd-configmap.yaml | 40 +++++ .../harvest-netappsd-master-deployment.yaml | 76 +++++++++ .../harvest-netappsd-master-service.yaml | 24 +++ .../templates/harvest-netappsd-secret.yaml | 15 ++ .../harvest-netappsd-serviceaccount.yaml | 37 +++++ .../harvest-netappsd-worker-deployment.yaml | 145 ++++++++++++++++++ .../harvest-netappsd-worker-service.yaml | 24 +++ netapp-monitoring/values.yaml | 98 ++++++++++++ 16 files changed, 785 insertions(+) create mode 100644 netapp-monitoring/.helmignore create mode 100644 netapp-monitoring/Chart.lock create mode 100644 netapp-monitoring/Chart.yaml create mode 100644 netapp-monitoring/PluginDefinition.yaml create mode 100644 netapp-monitoring/README.md create mode 100644 netapp-monitoring/charts/owner-info-1.0.0.tgz create mode 100644 netapp-monitoring/templates/_helpers.tpl create mode 100644 netapp-monitoring/templates/harvest-basic-auth.yaml create mode 100644 netapp-monitoring/templates/harvest-netappsd-configmap.yaml create mode 100644 netapp-monitoring/templates/harvest-netappsd-master-deployment.yaml create mode 100644 netapp-monitoring/templates/harvest-netappsd-master-service.yaml create mode 100644 netapp-monitoring/templates/harvest-netappsd-secret.yaml create mode 100644 netapp-monitoring/templates/harvest-netappsd-serviceaccount.yaml create mode 100644 netapp-monitoring/templates/harvest-netappsd-worker-deployment.yaml create mode 100644 netapp-monitoring/templates/harvest-netappsd-worker-service.yaml create mode 100644 netapp-monitoring/values.yaml diff --git a/netapp-monitoring/.helmignore b/netapp-monitoring/.helmignore new file mode 100644 index 000000000..691fa13d6 --- /dev/null +++ b/netapp-monitoring/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/netapp-monitoring/Chart.lock b/netapp-monitoring/Chart.lock new file mode 100644 index 000000000..857e8c85a --- /dev/null +++ b/netapp-monitoring/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: owner-info + repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm + version: 1.0.0 +digest: sha256:45a74346d8c73d1b61264fa06d5cb48d3dc38abcfbaa2900b0b918fb532b52ba +generated: "2026-06-04T10:28:40.511395675-06:00" diff --git a/netapp-monitoring/Chart.yaml b/netapp-monitoring/Chart.yaml new file mode 100644 index 000000000..af643408b --- /dev/null +++ b/netapp-monitoring/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: netapp-monitoring +description: A Helm chart for harvest.io - https://github.com/NetApp/harvest +type: application +version: 1.0.2 + +# * Release tag of Harvest - https://github.com/NetApp/harvest/releases +appVersion: "25.11.0" +maintainers: + - name: Ganesh Kugulakrishnan + - name: Chandrakanth Renduchintala +dependencies: + - name: owner-info + repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm + version: 1.0.0 \ No newline at end of file diff --git a/netapp-monitoring/PluginDefinition.yaml b/netapp-monitoring/PluginDefinition.yaml new file mode 100644 index 000000000..027c6a011 --- /dev/null +++ b/netapp-monitoring/PluginDefinition.yaml @@ -0,0 +1,58 @@ +apiVersion: greenhouse.sap/v1alpha1 +kind: PluginDefinition +metadata: + name: netapp-monitoring +spec: + version: 1.0.2 + displayName: NetApp Monitoring + description: Helm chart for NetApp storage monitoring using harvest.io + helmChart: + name: netapp-monitoring + repository: oci://ghcr.io/sapcc/helm-charts/netapp-monitoring + version: 1.0.2 + options: + - name: harvest.image + description: Harvest container image + required: true + type: string + - name: harvest.tag + description: Harvest container image tag + required: true + type: string + - name: netappsd.enabled + description: Enable NetApp service discovery + required: true + default: true + type: bool + - name: netappsd.image.repository + description: NetApp SD container image repository + required: true + type: string + - name: netappsd.image.tag + description: NetApp SD container image tag + required: true + type: string + - name: netappsd.region + description: Region for NetApp service discovery + required: true + type: string + - name: netappsd.netapp_exporter_user + description: NetApp exporter username + required: true + type: secret + - name: netappsd.netapp_exporter_password + description: NetApp exporter password + required: true + type: secret + - name: netappsd.netbox_api_token + description: Netbox API token + required: true + type: secret + - name: netappsd.netbox_host + description: Netbox host URL + required: true + type: secret + - name: apps + description: "Map of apps to enable (e.g. cinder, manila, apod, cinder-manila)" + required: false + type: map \ No newline at end of file diff --git a/netapp-monitoring/README.md b/netapp-monitoring/README.md new file mode 100644 index 000000000..afffa7c01 --- /dev/null +++ b/netapp-monitoring/README.md @@ -0,0 +1,125 @@ +--- +title: NetApp Monitoring +--- + +Learn more about the **netapp-monitoring** plugin. Use it to deploy [Harvest](https://github.com/NetApp/harvest) for monitoring NetApp storage filers via Prometheus metrics. + +## Overview + +This plugin deploys a monitoring stack for NetApp storage systems using [NetApp Harvest](https://github.com/NetApp/harvest). Harvest collects performance, capacity, and health metrics from ONTAP systems and exposes them via a Prometheus exporter. + +The chart includes a service discovery component ([netappsd](https://github.com/sapcc/netappsd/tree/dme-strg)) that automatically discovers NetApp filers from Netbox and spawns Harvest instances to collect metrics. + +## Architecture + +Components included in this plugin: + +- **Harvest** — Collects metrics from NetApp ONTAP systems using REST/ZAPI collectors and exports them in Prometheus format. +- **NetApp SD (Service Discovery)** — Discovers filers from Netbox and manages Harvest worker instances dynamically. + - **Master** — Queries Netbox for filer inventory and coordinates workers. + - **Worker** — Runs Harvest instances for discovered filers and exposes metrics. + +## Quick Start + +**Prerequisites** + +- A running and Greenhouse-onboarded Kubernetes cluster. +- NetApp ONTAP filer credentials. +- Netbox API access with a valid token. + +**Step 1:** + +Install the `netapp-monitoring` plugin via the Greenhouse dashboard or by creating a `Plugin` resource in your Greenhouse central cluster. + +**Step 2:** + +Configure the required options: + +| Parameter | Description | Required | +|-----------|-------------|----------| +| `harvest.image.repository` | Harvest container image repository | Yes | +| `harvest.image.tag` | Harvest container image tag | Yes | +| `netappsd.enabled` | Enable NetApp service discovery | Yes | +| `netappsd.image.repository` | NetApp SD container image repository | Yes | +| `netappsd.image.tag` | NetApp SD container image tag | Yes | +| `netappsd.region` | Region for service discovery | Yes | +| `netappsd.netapp_exporter_user` | NetApp exporter username | Yes | +| `netappsd.netapp_exporter_password` | NetApp exporter password | Yes | +| `netappsd.netbox_api_token` | Netbox API token | Yes | +| `netappsd.netbox_host` | Netbox host URL | No | + +## Configuration + +### Harvest + +The Harvest component is configured with the following default collectors: + +- `Ems` — Event Management System +- `Rest` — REST API metrics +- `RestPerf` — REST performance counters +- `KeyPerf` — Key performance metrics +- `Unix` — Unix host metrics +- `Simple` — Simple counter metrics + +Metrics are exposed on port `13000` via the Prometheus exporter. + +### Service Discovery Apps + +The `apps` section configures which filers are discovered based on their Netbox labels: + +```yaml +apps: + cinder: + enabled: true + manila: + enabled: true + apod: + enabled: true + cinder-manila: + enabled: true +``` + +### Example Plugin Resource + +```yaml +apiVersion: greenhouse.sap/v1alpha1 +kind: Plugin +metadata: + name: netapp-monitoring +spec: + pluginDefinition: netapp-monitoring + clusterName: my-cluster + optionValues: + - name: harvest.image.repository + value: ghcr.io/netapp/harvest + - name: harvest.image.tag + value: "25.11.0" + - name: netappsd.enabled + value: true + - name: netappsd.image.repository + value: keppel.eu-de-1.cloud.sap/ccloud/netappsd + - name: netappsd.image.tag + value: latest + - name: netappsd.region + value: eu-de-1 + - name: netappsd.netapp_exporter_user + valueFrom: + secret: + name: netapp-monitoring-secrets + key: exporter-user + - name: netappsd.netapp_exporter_password + valueFrom: + secret: + name: netapp-monitoring-secrets + key: exporter-password + - name: netappsd.netbox_api_token + valueFrom: + secret: + name: netapp-monitoring-secrets + key: netbox-token +``` + +## Maintainers + +- Ganesh Kugulakrishnan +- Chandrakanth Renduchintala diff --git a/netapp-monitoring/charts/owner-info-1.0.0.tgz b/netapp-monitoring/charts/owner-info-1.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..697004d3253e54d4e0650544ba3d71e489a84c0b GIT binary patch literal 2140 zcmV-i2&4BOiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI=abKAHP_cQ;B9jP<6Rq;cPqfGU3lg2kq+H;d}ed$9c9f9Oh z#2Ew_0F=T?_rG@lkP=1Nb=~tNcNycwqy_93_T#rpvEnFw$}N{~MjXcz!fFpH9xsr;}&X=}|O!cJ^X&1koeQaqFs-Ch{oy#k~5;{Z1As z>3ful3OE77!y;3R574UWz616nRoZT!YX#N=HBi9w!BM#qgG`sFNTHBJXP( z?;BX1_+JuMq52gPz&-IlnMBim{69Z?ivKUNhA_yH6}}BQzmjYKMWwWfQNrQ%_4T`x zf1JXPS3iJD4Kd{lSmh|uL~=%X3OYx4jjV8C3zWlOsD53=fI11hed;qfKK6z%Cx;lUm$AuxP)7v%a}$=Nf)_> zhCEpE-X62owhHBvCTMwYjY@cG>?l?Wl#o^gYuP<1jENe%N+hiChISJu$`=g#yd4|M z^=o_a)B1l`C;w|KN=7uQFtIhhAm!r}gM0G-v-9bsm;a}eC;azi)_Uy&&ESOc6hA}o z-eQ2mny@h$3O`>Go#Zh1SFUxbzMF-i`GpI83jWVOdjN)7Mks?pLn+w#SFlghB0{Q^ z%|y}=0n)8E1545nM4oP+ZxOYZaC?$|ApXB2|4;tMKmOq%vhES>iQ0j@OTuVs>jz1+ ztz~x!-STL%=AB}W9wuf(?Li`WH3AUguwN*jdn&@uT`v%OV(?+HwGNh?X}R% zy6p*mf(T9+^7d@d0S2e1?!X>aSg+wHK{*V@Fu3gyY(P`Z@Q|muM56{kul66xe-Idl z;`hDM{t9UB Dgj5QF+D6hk zRa^ssqSC}-nH9#l5H|*yTKr-exMotsKVhOxXgE$5F-qsdKqSISQmv5#SW*0MClmk(=fW6J@J3?m^MT4kW6Z(K+=5TJ(uA?Gd9KQZBq<*5^;c-% z>0kx}e-cH5TXv+#P^0fO9?T%dOi1+YZ;3=J#<&zpH#>Ks`kV6fuU)Vod3EsL)%Pzi zF24_o^s#x|ga6K_lm7hgYoCa-Hz z`V5!I8qrQ@fWdA8;MA){bu7_yLQ=js4d6{?d;X>X8ES;rJE5qXQq-c72Q0LyN9OQ~ zG6oCO-gZ8*HLL5pZIOY55tRp?Hypx`iY(CcUZ&~3HvOro7LIj0b)E0#_;bi8!^6;6(p6Erlz+gER&*uowPox$gU#dZX41C7VF5t@bJg6h1AgG3aeB4v_U1M0STjdw!=d(GBpp-+UW*M*E!NZQR0w;3kYUj4A zgAM%9OgEeHq|G`1Wup13&NKI>nI>}F?6pbQF@lgON(Z(}Nrj}k9>X?kmXa1k)*TP- z93{HVxs5UQoVIs;N{NIL1Gp`w?F>JymTn-aO5=gc-W)P;AiHe~x-(XrGicJq^KRe? zC#A3j$zbfX9>cr$uYkK&BdZu2TYoqmTWSRoRY^lnq7s#K?Y624=fiQmFOQwHHUZ}d zq{!$JErpA>Z{NX^3g$rf*lxD>;fk7xyoG8F=7?-P=Ow5rHU&b_j3$#Q! z-VD?~&c_`$WOd_u1u07-F;ze+EefJ(LKv%|M41U$xcJ#sBTL<<+-PjaNku6*avgk) z-lBv56B=q%+JE%#fcJg>pPaww;s58+izod5MOGit{PN=0|0rdA>RaoYpVrfQT2Jfu Szy1>d0RR6-m=O&CC;$L7gA!E$ literal 0 HcmV?d00001 diff --git a/netapp-monitoring/templates/_helpers.tpl b/netapp-monitoring/templates/_helpers.tpl new file mode 100644 index 000000000..7efcf3eed --- /dev/null +++ b/netapp-monitoring/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "netapp-monitoring.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "netapp-monitoring.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "netapp-monitoring.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "netapp-monitoring.labels" -}} +helm.sh/chart: {{ include "netapp-monitoring.chart" . }} +{{ include "netapp-monitoring.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "netapp-monitoring.selectorLabels" -}} +app.kubernetes.io/name: {{ include "netapp-monitoring.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "netapp-monitoring.serviceAccountName" -}} +{{- default "netappsd" .Values.netappsd.serviceAccountName }} +{{- end }} + + +{{/* +Create harvest basic auth credential entry based on credentials_secret. +*/}} + +{{- define "netapp-monitoring.defaultCredentialsYaml" -}} +Defaults: + username: {{ printf "{{ resolve \"%s/username\" }}" .SecretPath }} + password: {{ printf "{{ resolve \"%s/password\" }}" .SecretPath }} +{{- end }} + + +{{- define "netapp-monitoring.credentials-entry" -}} +{{- if eq .Values.netappsd.credentials_secret "local-basic-auth" -}} +{{ include "netapp-monitoring.defaultCredentialsYaml" (dict "SecretPath" "vault+kvv2:///secrets/shared/harvest/harvest-ad/local-user") }} +{{- else if eq .Values.netappsd.credentials_secret "sci-basic-auth" -}} +{{ include "netapp-monitoring.defaultCredentialsYaml" (dict "SecretPath" "vault+kvv2:///secrets/shared/harvest/harvest-ad/sci-user") }} +{{- else if eq .Values.netappsd.credentials_secret "hec-basic-auth" -}} +{{ include "netapp-monitoring.defaultCredentialsYaml" (dict "SecretPath" "vault+kvv2:///secrets/shared/harvest/harvest-ad/hec-user") }} +{{- else if eq .Values.netappsd.credentials_secret "internal-basic-auth" -}} +{{ include "netapp-monitoring.defaultCredentialsYaml" (dict "SecretPath" "vault+kvv2:///secrets/shared/harvest/harvest-ad/internal-user") }} +{{- end }} +{{- end }} + diff --git a/netapp-monitoring/templates/harvest-basic-auth.yaml b/netapp-monitoring/templates/harvest-basic-auth.yaml new file mode 100644 index 000000000..48422335a --- /dev/null +++ b/netapp-monitoring/templates/harvest-basic-auth.yaml @@ -0,0 +1,16 @@ +{{- if .Values.netappsd.enabled }} +apiVersion: v1 +kind: Secret +metadata: + finalizers: + {{- range $.Values.finalizers }} + - {{ . | quote }} + {{- end }} + name: {{ required ".Values.netappsd.credentials_secret is required" .Values.netappsd.credentials_secret }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + {{ required ".Values.netappsd.credentials_secret is required" .Values.netappsd.credentials_secret }}.yml: {{ include "netapp-monitoring.credentials-entry" . | b64enc }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-configmap.yaml b/netapp-monitoring/templates/harvest-netappsd-configmap.yaml new file mode 100644 index 000000000..91b08555b --- /dev/null +++ b/netapp-monitoring/templates/harvest-netappsd-configmap.yaml @@ -0,0 +1,40 @@ +{{- if .Values.netappsd.enabled }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "netapp-monitoring.fullname" . }}-sd-config + namespace: {{ .Release.Namespace }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} +data: + start-poller.sh: | + #!/bin/sh + until [ -f /app/shared/harvest.yaml ]; do + echo "Waiting for config file generated by netappsd-worker, sleeping 10 seconds..." + sleep 10 + done + echo "Config file found, starting harvest..." + exec /opt/harvest/bin/harvest start -f --config /app/shared/harvest.yaml + harvest.yaml.tpl: | + Exporters: + {{- toYaml .Values.exporters | nindent 6 }} + Defaults: + {{- toYaml .Values.defaults | nindent 6 }} + auth_style: {{ .Values.auth.auth_style | default "basic_auth" }} + credentials_file: {{ .Values.netappsd.credentials_file | default "/app/secrets/local-basic-auth.yml" }} + Pollers:{{` + {{ .Name }}: + {{- if .Ip }} + addr: {{ .Ip }} + {{- else }} + addr: {{ .Host }} + {{- end }} + datacenter: `}}{{ required ".Values.netappsd.region is required" .Values.netappsd.region }}{{` + labels: + - Availability_Zone: {{ .AvailabilityZone }} + - filer: {{ .Name }} + - host: {{ .Host }} + - DC: {{ .Facility }} + - Service: {{ .Service }} + - lob: `}}{{ required ".Values.netappsd.lob is required" .Values.netappsd.lob }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-master-deployment.yaml b/netapp-monitoring/templates/harvest-netappsd-master-deployment.yaml new file mode 100644 index 000000000..b7896b63b --- /dev/null +++ b/netapp-monitoring/templates/harvest-netappsd-master-deployment.yaml @@ -0,0 +1,76 @@ +{{- if .Values.netappsd.enabled }} +{{- range $appName, $appValues := .Values.apps }} +{{- if $appValues.enabled }} +{{- with $ }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master + namespace: {{ .Release.Namespace }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: netappsd + prometheus.io/scrape: "true" + prometheus.io/targets: storage + labels: + app: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }} + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master + spec: + serviceAccountName: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} + containers: + - name: netappsd + image: "{{ .Values.netappsd.image.repository }}:{{ .Values.netappsd.image.tag }}" + imagePullPolicy: {{ .Values.netappsd.image.pullPolicy | default "IfNotPresent" }} + command: ["/netappsd", "master"] + args: + - --region + - {{ .Values.netappsd.region }} + - --tag + - {{ $appName }} + - --listen-addr + - 0.0.0.0:{{ .Values.netappsd.ports.master }} + - --worker + - {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-worker + env: + - name: NETAPP_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "netapp-monitoring.fullname" . }}-sd + key: netappUsername + - name: NETAPP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "netapp-monitoring.fullname" . }}-sd + key: netappPassword + - name: NETBOX_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "netapp-monitoring.fullname" . }}-sd + key: netboxToken + - name: NETBOX_HOST + valueFrom: + secretKeyRef: + name: {{ include "netapp-monitoring.fullname" . }}-sd + key: netboxHost + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: metrics + containerPort: {{ .Values.netappsd.ports.master }} + resources: + {{- toYaml .Values.netappsd.resources | nindent 12 }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-master-service.yaml b/netapp-monitoring/templates/harvest-netappsd-master-service.yaml new file mode 100644 index 000000000..2177f642a --- /dev/null +++ b/netapp-monitoring/templates/harvest-netappsd-master-service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.netappsd.enabled }} +{{- range $appName, $appValues := .Values.apps }} +{{- if $appValues.enabled }} +{{- with $ }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master + namespace: {{ .Release.Namespace }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} +spec: + selector: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master + ports: + - name: metrics + port: {{ .Values.netappsd.ports.master }} + targetPort: {{ .Values.netappsd.ports.master }} + protocol: TCP +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-secret.yaml b/netapp-monitoring/templates/harvest-netappsd-secret.yaml new file mode 100644 index 000000000..af2f198ed --- /dev/null +++ b/netapp-monitoring/templates/harvest-netappsd-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.netappsd.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "netapp-monitoring.fullname" . }}-sd + namespace: {{ .Release.Namespace }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} +type: Opaque +data: + netappUsername: {{ .Values.netappsd.netapp_exporter_user | b64enc | quote }} + netappPassword: {{ .Values.netappsd.netapp_exporter_password | b64enc | quote }} + netboxToken: {{ .Values.netappsd.netbox_api_token | b64enc | quote }} + netboxHost: {{ .Values.netappsd.netbox_host | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-serviceaccount.yaml b/netapp-monitoring/templates/harvest-netappsd-serviceaccount.yaml new file mode 100644 index 000000000..28a7b5c94 --- /dev/null +++ b/netapp-monitoring/templates/harvest-netappsd-serviceaccount.yaml @@ -0,0 +1,37 @@ +{{- if .Values.netappsd.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "update", "patch"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} +subjects: + - kind: ServiceAccount + name: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-worker-deployment.yaml b/netapp-monitoring/templates/harvest-netappsd-worker-deployment.yaml new file mode 100644 index 000000000..18874b1cf --- /dev/null +++ b/netapp-monitoring/templates/harvest-netappsd-worker-deployment.yaml @@ -0,0 +1,145 @@ +{{- if .Values.netappsd.enabled }} +{{- range $appName, $appValues := .Values.apps }} +{{- if $appValues.enabled }} +{{- with $ }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-worker + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: poller + prometheus.io/scrape: "true" + prometheus.io/targets: storage + labels: + app: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }} + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-worker + spec: + serviceAccountName: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} + containers: + - name: poller + image: "{{ .Values.harvest.image.repository }}:{{ .Values.harvest.image.tag }}" + imagePullPolicy: {{ .Values.harvest.image.pullPolicy | default "IfNotPresent" }} + command: ["/busybox/sh"] + args: + - /app/scripts/start-poller.sh + ports: + - name: metrics + containerPort: {{ .Values.netappsd.ports.harvest }} + livenessProbe: + httpGet: + path: /health + port: {{ .Values.netappsd.ports.harvest }} + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /health + port: {{ .Values.netappsd.ports.harvest }} + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + {{- toYaml .Values.harvest.resources | nindent 12 }} + volumeMounts: + - name: shared + mountPath: /app/shared + - name: harvest-sd-config + mountPath: /app/scripts/start-poller.sh + subPath: start-poller.sh + - name: basic-auth + mountPath: {{ required ".Values.netappsd.credentials_file is required" .Values.netappsd.credentials_file }} + subPath: {{ required ".Values.netappsd.credentials_secret is required" .Values.netappsd.credentials_secret }}.yml + readOnly: true + securityContext: + {{- toYaml .Values.harvest.securityContext | nindent 12 }} + - name: worker + image: "{{ .Values.netappsd.image.repository }}:{{ .Values.netappsd.image.tag }}" + imagePullPolicy: {{ .Values.netappsd.image.pullPolicy | default "IfNotPresent" }} + command: ["/netappsd", "worker"] + args: + - --master-url + - http://{{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master.{{ .Release.Namespace }}.svc:{{ .Values.netappsd.ports.master }} + - --listen-addr + - :{{ .Values.netappsd.ports.worker }} + - --template-file + - /app/harvest.yaml.tpl + - --output-file + - /app/shared/harvest.yaml + env: + - name: NETAPP_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "netapp-monitoring.fullname" . }}-sd + key: netappUsername + - name: NETAPP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "netapp-monitoring.fullname" . }}-sd + key: netappPassword + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - name: liveness + containerPort: {{ .Values.netappsd.ports.worker }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.netappsd.ports.worker }} + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.netappsd.ports.worker }} + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + {{- toYaml .Values.netappsd.resources | nindent 12 }} + volumeMounts: + - name: harvest-sd-config + mountPath: /app/harvest.yaml.tpl + subPath: harvest.yaml.tpl + - name: shared + mountPath: /app/shared + volumes: + - name: harvest-sd-config + configMap: + name: {{ include "netapp-monitoring.fullname" . }}-sd-config + - name: shared + emptyDir: {} + - name: basic-auth + secret: + secretName: {{ required ".Values.netappsd.credentials_secret is required" .Values.netappsd.credentials_secret }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-worker-service.yaml b/netapp-monitoring/templates/harvest-netappsd-worker-service.yaml new file mode 100644 index 000000000..18f58676f --- /dev/null +++ b/netapp-monitoring/templates/harvest-netappsd-worker-service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.netappsd.enabled }} +{{- range $appName, $appValues := .Values.apps }} +{{- if $appValues.enabled }} +{{- with $ }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} +spec: + selector: + name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-worker + ports: + - name: metrics + port: {{ required ".Values.netappsd.ports.harvest is required" .Values.netappsd.ports.harvest }} + targetPort: {{ required ".Values.netappsd.ports.harvest is required" .Values.netappsd.ports.harvest }} + protocol: TCP +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/values.yaml b/netapp-monitoring/values.yaml new file mode 100644 index 000000000..fc881a54f --- /dev/null +++ b/netapp-monitoring/values.yaml @@ -0,0 +1,98 @@ +--- +harvest: + image: + repository: + tag: + pullPolicy: IfNotPresent + resources: + requests: + cpu: "100m" + memory: "1Gi" + limits: + cpu: "500m" + memory: "2Gi" + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +auth: + auth_style: basic_auth + +exporters: + prometheus: + exporter: Prometheus + port: 13000 + +defaults: + collectors: + - Ems + - Rest + - RestPerf + - KeyPerf + - Unix + - Simple + use_insecure_tls: true + exporters: + - prometheus + +netappsd: + enabled: true + serviceAccountName: netappsd + lob: CCloud + image: + repository: + tag: + pullPolicy: IfNotPresent + region: "" + ports: + master: 8000 + harvest: 13000 + worker: 8080 + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 200m + memory: 256Mi + netapp_exporter_user: "" + netapp_exporter_password: "" + netbox_api_token: "" + netbox_host: "" + credentials_file: + credentials_secret: + +# apps: Configures which filers are discovered by the service discovery. +# Each key corresponds to a label assigned to devices in Netbox. +# cinder: Targets filers labeled as cinder storage backends. +# manila: Targets filers labeled as manila shared filesystem backends. +# apod: Targets filers labeled as apod storage devices. +# cinder-manila: Targets filers that have both the cinder and manila labels. +apps: + cinder: + enabled: true + manila: + enabled: true + apod: + enabled: true + cinder-manila: + enabled: true + +finalizers: + - dme-storage/prevent-deletion + +owner-info: + support-group: storage + service: netapp-monitoring + maintainers: + - Ganesh Kugulakrishnan + - Chandrakanth Renduchintala + helm-chart-url: https://github.com/sapcc/helm-charts/tree/master/prometheus-exporters/netapp-monitoring \ No newline at end of file From e597ee55e59d6b9bc4db56dccf186e245368bc45 Mon Sep 17 00:00:00 2001 From: Ganesh Kugulakrishnan Date: Tue, 16 Jun 2026 12:54:05 -0600 Subject: [PATCH 3/7] feat(storage): fixes Signed-off-by: Ganesh Kugulakrishnan --- .github/workflows/ci-pr-build.yaml | 2 ++ .github/workflows/helm-release.yaml | 3 +++ kustomization.yaml | 1 + netapp-monitoring/{ => charts}/.helmignore | 0 netapp-monitoring/{ => charts}/Chart.lock | 0 netapp-monitoring/{ => charts}/Chart.yaml | 3 +++ .../charts/{ => charts}/owner-info-1.0.0.tgz | Bin .../{ => charts}/templates/_helpers.tpl | 6 +++++ .../templates/harvest-basic-auth.yaml | 3 +++ .../templates/harvest-netappsd-configmap.yaml | 3 +++ .../harvest-netappsd-master-deployment.yaml | 5 +++- .../harvest-netappsd-master-service.yaml | 3 +++ .../templates/harvest-netappsd-secret.yaml | 18 ++++++++++++++ .../harvest-netappsd-serviceaccount.yaml | 3 +++ .../harvest-netappsd-worker-deployment.yaml | 7 ++++-- .../harvest-netappsd-worker-service.yaml | 3 +++ netapp-monitoring/{ => charts}/values.yaml | 3 +++ ...nDefinition.yaml => plugindefinition.yaml} | 22 +++++++++++++++--- .../templates/harvest-netappsd-secret.yaml | 15 ------------ 19 files changed, 79 insertions(+), 21 deletions(-) rename netapp-monitoring/{ => charts}/.helmignore (100%) rename netapp-monitoring/{ => charts}/Chart.lock (100%) rename netapp-monitoring/{ => charts}/Chart.yaml (76%) rename netapp-monitoring/charts/{ => charts}/owner-info-1.0.0.tgz (100%) rename netapp-monitoring/{ => charts}/templates/_helpers.tpl (89%) rename netapp-monitoring/{ => charts}/templates/harvest-basic-auth.yaml (81%) rename netapp-monitoring/{ => charts}/templates/harvest-netappsd-configmap.yaml (91%) rename netapp-monitoring/{ => charts}/templates/harvest-netappsd-master-deployment.yaml (88%) rename netapp-monitoring/{ => charts}/templates/harvest-netappsd-master-service.yaml (82%) create mode 100644 netapp-monitoring/charts/templates/harvest-netappsd-secret.yaml rename netapp-monitoring/{ => charts}/templates/harvest-netappsd-serviceaccount.yaml (89%) rename netapp-monitoring/{ => charts}/templates/harvest-netappsd-worker-deployment.yaml (90%) rename netapp-monitoring/{ => charts}/templates/harvest-netappsd-worker-service.yaml (84%) rename netapp-monitoring/{ => charts}/values.yaml (93%) rename netapp-monitoring/{PluginDefinition.yaml => plugindefinition.yaml} (69%) delete mode 100644 netapp-monitoring/templates/harvest-netappsd-secret.yaml diff --git a/.github/workflows/ci-pr-build.yaml b/.github/workflows/ci-pr-build.yaml index c6955ef4e..fb39c64b8 100644 --- a/.github/workflows/ci-pr-build.yaml +++ b/.github/workflows/ci-pr-build.yaml @@ -62,6 +62,8 @@ jobs: chartName: shoot-grafter - chartDir: oidc-discovery-access/charts/1.0.0/oidc-discovery-access chartName: oidc-discovery-access + - chartDir: netapp-monitoring/charts + chartName: netapp-monitoring steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index 838d22c8a..52cf5b7f8 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -30,6 +30,7 @@ on: - trust-manager/charts/** - repo-guard/charts/** - oidc-discovery-access/** + - netapp-monitoring/charts/** permissions: @@ -91,6 +92,8 @@ jobs: chartName: repo-guard - chartDir: oidc-discovery-access/charts/1.0.0/oidc-discovery-access chartName: oidc-discovery-access + - chartDir: netapp-monitoring/charts + chartName: netapp-monitoring steps: diff --git a/kustomization.yaml b/kustomization.yaml index aa16a03f5..9e4c3a3bc 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -20,3 +20,4 @@ resources: - teams2slack/plugindefinition.yaml - thanos/plugindefinition.yaml - trust-manager/plugindefinition.yaml + - netapp-monitoring/plugindefinition.yaml diff --git a/netapp-monitoring/.helmignore b/netapp-monitoring/charts/.helmignore similarity index 100% rename from netapp-monitoring/.helmignore rename to netapp-monitoring/charts/.helmignore diff --git a/netapp-monitoring/Chart.lock b/netapp-monitoring/charts/Chart.lock similarity index 100% rename from netapp-monitoring/Chart.lock rename to netapp-monitoring/charts/Chart.lock diff --git a/netapp-monitoring/Chart.yaml b/netapp-monitoring/charts/Chart.yaml similarity index 76% rename from netapp-monitoring/Chart.yaml rename to netapp-monitoring/charts/Chart.yaml index af643408b..9b8b5d724 100644 --- a/netapp-monitoring/Chart.yaml +++ b/netapp-monitoring/charts/Chart.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + apiVersion: v2 name: netapp-monitoring description: A Helm chart for harvest.io - https://github.com/NetApp/harvest diff --git a/netapp-monitoring/charts/owner-info-1.0.0.tgz b/netapp-monitoring/charts/charts/owner-info-1.0.0.tgz similarity index 100% rename from netapp-monitoring/charts/owner-info-1.0.0.tgz rename to netapp-monitoring/charts/charts/owner-info-1.0.0.tgz diff --git a/netapp-monitoring/templates/_helpers.tpl b/netapp-monitoring/charts/templates/_helpers.tpl similarity index 89% rename from netapp-monitoring/templates/_helpers.tpl rename to netapp-monitoring/charts/templates/_helpers.tpl index 7efcf3eed..75036b6ac 100644 --- a/netapp-monitoring/templates/_helpers.tpl +++ b/netapp-monitoring/charts/templates/_helpers.tpl @@ -1,4 +1,8 @@ {{/* +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 +*/}} +{{/* Expand the name of the chart. */}} {{- define "netapp-monitoring.name" -}} @@ -78,6 +82,8 @@ Defaults: {{ include "netapp-monitoring.defaultCredentialsYaml" (dict "SecretPath" "vault+kvv2:///secrets/shared/harvest/harvest-ad/hec-user") }} {{- else if eq .Values.netappsd.credentials_secret "internal-basic-auth" -}} {{ include "netapp-monitoring.defaultCredentialsYaml" (dict "SecretPath" "vault+kvv2:///secrets/shared/harvest/harvest-ad/internal-user") }} +{{- else -}} +{{- fail (printf "unsupported .Values.netappsd.credentials_secret: %q — must be one of local-basic-auth, sci-basic-auth, hec-basic-auth, internal-basic-auth" .Values.netappsd.credentials_secret) }} {{- end }} {{- end }} diff --git a/netapp-monitoring/templates/harvest-basic-auth.yaml b/netapp-monitoring/charts/templates/harvest-basic-auth.yaml similarity index 81% rename from netapp-monitoring/templates/harvest-basic-auth.yaml rename to netapp-monitoring/charts/templates/harvest-basic-auth.yaml index 48422335a..328b3f78b 100644 --- a/netapp-monitoring/templates/harvest-basic-auth.yaml +++ b/netapp-monitoring/charts/templates/harvest-basic-auth.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + {{- if .Values.netappsd.enabled }} apiVersion: v1 kind: Secret diff --git a/netapp-monitoring/templates/harvest-netappsd-configmap.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-configmap.yaml similarity index 91% rename from netapp-monitoring/templates/harvest-netappsd-configmap.yaml rename to netapp-monitoring/charts/templates/harvest-netappsd-configmap.yaml index 91b08555b..9d643253f 100644 --- a/netapp-monitoring/templates/harvest-netappsd-configmap.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-configmap.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + {{- if .Values.netappsd.enabled }} kind: ConfigMap apiVersion: v1 diff --git a/netapp-monitoring/templates/harvest-netappsd-master-deployment.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml similarity index 88% rename from netapp-monitoring/templates/harvest-netappsd-master-deployment.yaml rename to netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml index b7896b63b..667c80d88 100644 --- a/netapp-monitoring/templates/harvest-netappsd-master-deployment.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + {{- if .Values.netappsd.enabled }} {{- range $appName, $appValues := .Values.apps }} {{- if $appValues.enabled }} @@ -27,7 +30,7 @@ spec: serviceAccountName: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} containers: - name: netappsd - image: "{{ .Values.netappsd.image.repository }}:{{ .Values.netappsd.image.tag }}" + image: "{{ required ".Values.netappsd.image.repository is required" .Values.netappsd.image.repository }}:{{ required ".Values.netappsd.image.tag is required" .Values.netappsd.image.tag }}" imagePullPolicy: {{ .Values.netappsd.image.pullPolicy | default "IfNotPresent" }} command: ["/netappsd", "master"] args: diff --git a/netapp-monitoring/templates/harvest-netappsd-master-service.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-master-service.yaml similarity index 82% rename from netapp-monitoring/templates/harvest-netappsd-master-service.yaml rename to netapp-monitoring/charts/templates/harvest-netappsd-master-service.yaml index 2177f642a..d9b019817 100644 --- a/netapp-monitoring/templates/harvest-netappsd-master-service.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-master-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + {{- if .Values.netappsd.enabled }} {{- range $appName, $appValues := .Values.apps }} {{- if $appValues.enabled }} diff --git a/netapp-monitoring/charts/templates/harvest-netappsd-secret.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-secret.yaml new file mode 100644 index 000000000..05fd74884 --- /dev/null +++ b/netapp-monitoring/charts/templates/harvest-netappsd-secret.yaml @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.netappsd.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "netapp-monitoring.fullname" . }}-sd + namespace: {{ .Release.Namespace }} + labels: + {{- include "netapp-monitoring.labels" . | nindent 4 }} +type: Opaque +data: + netappUsername: {{ required ".Values.netappsd.netapp_exporter_user is required" .Values.netappsd.netapp_exporter_user | b64enc | quote }} + netappPassword: {{ required ".Values.netappsd.netapp_exporter_password is required" .Values.netappsd.netapp_exporter_password | b64enc | quote }} + netboxToken: {{ required ".Values.netappsd.netbox_api_token is required" .Values.netappsd.netbox_api_token | b64enc | quote }} + netboxHost: {{ required ".Values.netappsd.netbox_host is required" .Values.netappsd.netbox_host | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/netapp-monitoring/templates/harvest-netappsd-serviceaccount.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-serviceaccount.yaml similarity index 89% rename from netapp-monitoring/templates/harvest-netappsd-serviceaccount.yaml rename to netapp-monitoring/charts/templates/harvest-netappsd-serviceaccount.yaml index 28a7b5c94..df55b18c8 100644 --- a/netapp-monitoring/templates/harvest-netappsd-serviceaccount.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-serviceaccount.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + {{- if .Values.netappsd.enabled }} apiVersion: v1 kind: ServiceAccount diff --git a/netapp-monitoring/templates/harvest-netappsd-worker-deployment.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-worker-deployment.yaml similarity index 90% rename from netapp-monitoring/templates/harvest-netappsd-worker-deployment.yaml rename to netapp-monitoring/charts/templates/harvest-netappsd-worker-deployment.yaml index 18874b1cf..2e9b41c07 100644 --- a/netapp-monitoring/templates/harvest-netappsd-worker-deployment.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-worker-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + {{- if .Values.netappsd.enabled }} {{- range $appName, $appValues := .Values.apps }} {{- if $appValues.enabled }} @@ -32,7 +35,7 @@ spec: serviceAccountName: {{ .Values.netappsd.serviceAccountName | default "netappsd" }} containers: - name: poller - image: "{{ .Values.harvest.image.repository }}:{{ .Values.harvest.image.tag }}" + image: "{{ required ".Values.harvest.image.repository is required" .Values.harvest.image.repository }}:{{ required ".Values.harvest.image.tag is required" .Values.harvest.image.tag }}" imagePullPolicy: {{ .Values.harvest.image.pullPolicy | default "IfNotPresent" }} command: ["/busybox/sh"] args: @@ -71,7 +74,7 @@ spec: securityContext: {{- toYaml .Values.harvest.securityContext | nindent 12 }} - name: worker - image: "{{ .Values.netappsd.image.repository }}:{{ .Values.netappsd.image.tag }}" + image: "{{ required ".Values.netappsd.image.repository is required" .Values.netappsd.image.repository }}:{{ required ".Values.netappsd.image.tag is required" .Values.netappsd.image.tag }}" imagePullPolicy: {{ .Values.netappsd.image.pullPolicy | default "IfNotPresent" }} command: ["/netappsd", "worker"] args: diff --git a/netapp-monitoring/templates/harvest-netappsd-worker-service.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-worker-service.yaml similarity index 84% rename from netapp-monitoring/templates/harvest-netappsd-worker-service.yaml rename to netapp-monitoring/charts/templates/harvest-netappsd-worker-service.yaml index 18f58676f..b6e7013c2 100644 --- a/netapp-monitoring/templates/harvest-netappsd-worker-service.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-worker-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + {{- if .Values.netappsd.enabled }} {{- range $appName, $appValues := .Values.apps }} {{- if $appValues.enabled }} diff --git a/netapp-monitoring/values.yaml b/netapp-monitoring/charts/values.yaml similarity index 93% rename from netapp-monitoring/values.yaml rename to netapp-monitoring/charts/values.yaml index fc881a54f..cf8fe7d99 100644 --- a/netapp-monitoring/values.yaml +++ b/netapp-monitoring/charts/values.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + --- harvest: image: diff --git a/netapp-monitoring/PluginDefinition.yaml b/netapp-monitoring/plugindefinition.yaml similarity index 69% rename from netapp-monitoring/PluginDefinition.yaml rename to netapp-monitoring/plugindefinition.yaml index 027c6a011..032e4d39c 100644 --- a/netapp-monitoring/PluginDefinition.yaml +++ b/netapp-monitoring/plugindefinition.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + apiVersion: greenhouse.sap/v1alpha1 kind: PluginDefinition metadata: @@ -11,11 +14,11 @@ spec: repository: oci://ghcr.io/sapcc/helm-charts/netapp-monitoring version: 1.0.2 options: - - name: harvest.image - description: Harvest container image + - name: harvest.image.repository + description: Harvest container image repository required: true type: string - - name: harvest.tag + - name: harvest.image.tag description: Harvest container image tag required: true type: string @@ -36,6 +39,19 @@ spec: description: Region for NetApp service discovery required: true type: string + - name: netappsd.lob + description: Line of business label applied to pollers + required: true + default: CCloud + type: string + - name: netappsd.credentials_file + description: Path where credentials file is mounted in the container + required: true + type: string + - name: netappsd.credentials_secret + description: Name of the credentials secret (e.g. local-basic-auth, sci-basic-auth) + required: true + type: string - name: netappsd.netapp_exporter_user description: NetApp exporter username required: true diff --git a/netapp-monitoring/templates/harvest-netappsd-secret.yaml b/netapp-monitoring/templates/harvest-netappsd-secret.yaml deleted file mode 100644 index af2f198ed..000000000 --- a/netapp-monitoring/templates/harvest-netappsd-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.netappsd.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "netapp-monitoring.fullname" . }}-sd - namespace: {{ .Release.Namespace }} - labels: - {{- include "netapp-monitoring.labels" . | nindent 4 }} -type: Opaque -data: - netappUsername: {{ .Values.netappsd.netapp_exporter_user | b64enc | quote }} - netappPassword: {{ .Values.netappsd.netapp_exporter_password | b64enc | quote }} - netboxToken: {{ .Values.netappsd.netbox_api_token | b64enc | quote }} - netboxHost: {{ .Values.netappsd.netbox_host | b64enc | quote }} -{{- end }} \ No newline at end of file From 7bc9b19b241502e98d3e073eca2d3bb5451194e7 Mon Sep 17 00:00:00 2001 From: Ganesh Kugulakrishnan Date: Tue, 16 Jun 2026 12:58:45 -0600 Subject: [PATCH 4/7] feat(storage): fixes Signed-off-by: Ganesh Kugulakrishnan --- netapp-monitoring/charts/Chart.yaml | 2 +- netapp-monitoring/plugindefinition.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/netapp-monitoring/charts/Chart.yaml b/netapp-monitoring/charts/Chart.yaml index 9b8b5d724..48f7a59f8 100644 --- a/netapp-monitoring/charts/Chart.yaml +++ b/netapp-monitoring/charts/Chart.yaml @@ -5,7 +5,7 @@ apiVersion: v2 name: netapp-monitoring description: A Helm chart for harvest.io - https://github.com/NetApp/harvest type: application -version: 1.0.2 +version: 1.0.0 # * Release tag of Harvest - https://github.com/NetApp/harvest/releases appVersion: "25.11.0" diff --git a/netapp-monitoring/plugindefinition.yaml b/netapp-monitoring/plugindefinition.yaml index 032e4d39c..b3f1d88f5 100644 --- a/netapp-monitoring/plugindefinition.yaml +++ b/netapp-monitoring/plugindefinition.yaml @@ -6,13 +6,13 @@ kind: PluginDefinition metadata: name: netapp-monitoring spec: - version: 1.0.2 + version: 1.0.0 displayName: NetApp Monitoring description: Helm chart for NetApp storage monitoring using harvest.io helmChart: name: netapp-monitoring - repository: oci://ghcr.io/sapcc/helm-charts/netapp-monitoring - version: 1.0.2 + repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts/netapp-monitoring + version: 1.0.0 options: - name: harvest.image.repository description: Harvest container image repository From ba9aeb5a74249acceb7af61e2fc8f0d3f603d8bf Mon Sep 17 00:00:00 2001 From: Ganesh Kugulakrishnan Date: Wed, 17 Jun 2026 09:07:54 -0600 Subject: [PATCH 5/7] feat(storage): fixes Signed-off-by: Ganesh Kugulakrishnan --- netapp-monitoring/README.md | 16 ++++++++++++++++ netapp-monitoring/charts/templates/_helpers.tpl | 16 ++++++++++++++++ .../harvest-netappsd-master-deployment.yaml | 1 + .../harvest-netappsd-worker-deployment.yaml | 3 +++ 4 files changed, 36 insertions(+) diff --git a/netapp-monitoring/README.md b/netapp-monitoring/README.md index afffa7c01..29890b9eb 100644 --- a/netapp-monitoring/README.md +++ b/netapp-monitoring/README.md @@ -50,6 +50,22 @@ Configure the required options: ## Configuration +### netappsd Controller Behavior and RBAC + +The `netappsd` master component acts as a controller for discovered filers. + +- It monitors filer inventory from Netbox and reconciles the desired worker state. +- It scales worker Deployments up and down based on filers discovered for each configured app label. +- It patches Pod metadata to update the `filer` label, which is used to associate running workers with the discovered filer identity. + +For this reason, the chart grants the `netappsd` service account these permissions in its namespace: + +- `get`, `list`, `update`, `patch` on Pods +- `get`, `list`, `update`, `patch` on Deployments +- `get`, `list` on Endpoints + +Without `patch` and `update`, the master cannot reconcile runtime labels or scaling decisions correctly. + ### Harvest The Harvest component is configured with the following default collectors: diff --git a/netapp-monitoring/charts/templates/_helpers.tpl b/netapp-monitoring/charts/templates/_helpers.tpl index 75036b6ac..fdff67f2b 100644 --- a/netapp-monitoring/charts/templates/_helpers.tpl +++ b/netapp-monitoring/charts/templates/_helpers.tpl @@ -87,3 +87,19 @@ Defaults: {{- end }} {{- end }} +{{/* +Checksum helpers used as pod-template annotations to force rolling updates +when config or secret templates change. +*/}} +{{- define "netapp-monitoring.checksum.configmap" -}} +{{ include (print $.Template.BasePath "/harvest-netappsd-configmap.yaml") . | sha256sum }} +{{- end }} + +{{- define "netapp-monitoring.checksum.sdSecret" -}} +{{ include (print $.Template.BasePath "/harvest-netappsd-secret.yaml") . | sha256sum }} +{{- end }} + +{{- define "netapp-monitoring.checksum.basicAuthSecret" -}} +{{ include (print $.Template.BasePath "/harvest-basic-auth.yaml") . | sha256sum }} +{{- end }} + diff --git a/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml index 667c80d88..208c1ca47 100644 --- a/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml @@ -23,6 +23,7 @@ spec: kubectl.kubernetes.io/default-container: netappsd prometheus.io/scrape: "true" prometheus.io/targets: storage + checksum/sd-secret: {{ include "netapp-monitoring.checksum.sdSecret" . }} labels: app: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }} name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master diff --git a/netapp-monitoring/charts/templates/harvest-netappsd-worker-deployment.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-worker-deployment.yaml index 2e9b41c07..9cea1f16d 100644 --- a/netapp-monitoring/charts/templates/harvest-netappsd-worker-deployment.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-worker-deployment.yaml @@ -28,6 +28,9 @@ spec: kubectl.kubernetes.io/default-container: poller prometheus.io/scrape: "true" prometheus.io/targets: storage + checksum/sd-config: {{ include "netapp-monitoring.checksum.configmap" . }} + checksum/sd-secret: {{ include "netapp-monitoring.checksum.sdSecret" . }} + checksum/basic-auth: {{ include "netapp-monitoring.checksum.basicAuthSecret" . }} labels: app: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }} name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-worker From e4588bd9d7e1813d609a431dd1b9d2383eaffab5 Mon Sep 17 00:00:00 2001 From: Ganesh Kugulakrishnan Date: Wed, 17 Jun 2026 09:24:04 -0600 Subject: [PATCH 6/7] feat(storage): fixes Signed-off-by: Ganesh Kugulakrishnan --- netapp-monitoring/README.md | 12 ++++++++---- .../harvest-netappsd-master-deployment.yaml | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/netapp-monitoring/README.md b/netapp-monitoring/README.md index 29890b9eb..5d69023f4 100644 --- a/netapp-monitoring/README.md +++ b/netapp-monitoring/README.md @@ -43,10 +43,14 @@ Configure the required options: | `netappsd.image.repository` | NetApp SD container image repository | Yes | | `netappsd.image.tag` | NetApp SD container image tag | Yes | | `netappsd.region` | Region for service discovery | Yes | +| `netappsd.lob` | Line of business label applied to discovered filer metrics | Yes | +| `netappsd.credentials_file` | Mount path for the Harvest credentials file inside the poller container | Yes | +| `netappsd.credentials_secret` | Name of the generated credentials secret (for example `local-basic-auth`) | Yes | | `netappsd.netapp_exporter_user` | NetApp exporter username | Yes | | `netappsd.netapp_exporter_password` | NetApp exporter password | Yes | | `netappsd.netbox_api_token` | Netbox API token | Yes | -| `netappsd.netbox_host` | Netbox host URL | No | +| `netappsd.netbox_host` | Netbox host URL | Yes | +| `apps` | Map of app labels to enable discovery (for example cinder/manila/apod/cinder-manila) | No | ## Configuration @@ -107,15 +111,15 @@ spec: clusterName: my-cluster optionValues: - name: harvest.image.repository - value: ghcr.io/netapp/harvest + value: keppel.eu-de-1.cloud.sap/ccloud/harvest - name: harvest.image.tag - value: "25.11.0" + value: "25.11.0-20251126205434" - name: netappsd.enabled value: true - name: netappsd.image.repository value: keppel.eu-de-1.cloud.sap/ccloud/netappsd - name: netappsd.image.tag - value: latest + value: dme-strg-20260617091551 - name: netappsd.region value: eu-de-1 - name: netappsd.netapp_exporter_user diff --git a/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml b/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml index 208c1ca47..0810a1ab2 100644 --- a/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml +++ b/netapp-monitoring/charts/templates/harvest-netappsd-master-deployment.yaml @@ -36,7 +36,7 @@ spec: command: ["/netappsd", "master"] args: - --region - - {{ .Values.netappsd.region }} + - {{ required ".Values.netappsd.region is required" .Values.netappsd.region }} - --tag - {{ $appName }} - --listen-addr From 6d9a617197488581257c66043f6341481184070c Mon Sep 17 00:00:00 2001 From: Ganesh Kugulakrishnan Date: Thu, 18 Jun 2026 09:47:51 -0600 Subject: [PATCH 7/7] feat(storage): fix doc Signed-off-by: Ganesh Kugulakrishnan --- netapp-monitoring/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netapp-monitoring/README.md b/netapp-monitoring/README.md index 5d69023f4..d4d77832b 100644 --- a/netapp-monitoring/README.md +++ b/netapp-monitoring/README.md @@ -70,6 +70,8 @@ For this reason, the chart grants the `netappsd` service account these permissio Without `patch` and `update`, the master cannot reconcile runtime labels or scaling decisions correctly. +The Deployment selectors and pod labels also stay app-specific on purpose. In [harvest-netappsd-master-deployment.yaml](charts/templates/harvest-netappsd-master-deployment.yaml) and [harvest-netappsd-worker-deployment.yaml](charts/templates/harvest-netappsd-worker-deployment.yaml), the shared helper labels used elsewhere in the chart are the same for every app (`cinder`, `manila`, `apod`, `cinder-manila`), so using them as the Deployment selector would make all master and worker Deployments select across each other's pods and break isolation. The `name: {{ include "netapp-monitoring.fullname" . }}-{{ $appName }}-master` label remains inline because it uniquely identifies pods per app and keeps each Deployment scoped to its own workload. + ### Harvest The Harvest component is configured with the following default collectors: