Helm: chart fixes and improvements (#259)

* fix: ServiceMonitor release label and selector

Signed-off-by: crabique <crabique@users.noreply.github.com>

* add: support for extraVolumes, extraVolumeMounts and annotations; restart pod upon SSH key change too

Signed-off-by: crabique <crabique@users.noreply.github.com>

* fix: serviceaccount blank line

Signed-off-by: crabique <crabique@users.noreply.github.com>

* bump: update chart version and bump exporter image

Signed-off-by: crabique <crabique@users.noreply.github.com>

* docs: update chart README with the new options, fix some typos

Signed-off-by: crabique <crabique@users.noreply.github.com>

---------

Signed-off-by: crabique <crabique@users.noreply.github.com>

Author: crabique

helm/README.md

@@ -5,13 +5,16 @@
 ### Authentication
 
 #### SSH key authentication
-Add your ssh-keyfile and config.yml to values.yml
+Add your SSH key and `configyml` to `values.yml`
 
-> sshkey is the base64 encoded id_rsa you want to use for authentication  
+> sshkey is the base64 encoded id_rsa you want to use for authentication
 > generate sshkey with `cat $HOME/.ssh/id_rsa | base64 -w0 && echo`
 
 `sshkey: QWRkIHlvdXIgb3duIGlkX3JzYSBoZXJl`
 
+It is also possible to use the existing-secret pattern (e.g. with ExternalSecrets operator),
+the secret with the SSH key should be mounted via `extraVolumes` and `extraVolumeMounts`.
+
 #### Password authentication
 To use password authentication the following values.yaml configuration could
 be used with a `junos-exporter-ssh` secret object storing SSH secrets:
@@ -51,8 +54,20 @@ data:
 ```
 
 ### Devices configuration
-Add your devices to the devices in configyml in values.yml
+Add your devices to the devices in `configyml` in `values.yaml`
+
+### Handling configuration/authorization changes
+To force reload of the exporter pods upon `configyml` or `sshkey` configuration changes,
+enable the `rollOutJunosExporterPods` option in `values.yaml`.
+
+If Reloader controller is installed in the cluster, for `extraEnv` passwords or `extraVolumes` keys
+the `annotations` map in `values.yaml` can be used to specify a policy to handle the updates:
+
+```yaml
+annotations:
+  reloader.stakater.com/auto: "true"
+```
 
 ### Installation
-> cd helm  
-> helm install junosexporter ./junosexporter 
+> cd helm
+> helm install junosexporter ./junosexporter

helm/junosexporter/Chart.yaml

@@ -14,11 +14,11 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v0.12.2
+appVersion: v0.12.4
 
 # dependencies:
 # - name: prometheus-operator

helm/junosexporter/templates/deployment.yaml

@@ -4,6 +4,10 @@ metadata:
   name: {{ include "junos_exporter.fullname" . }}
   labels:
     {{- include "junos_exporter.labels" . | nindent 4 }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | trim | nindent 4 }}
+  {{- end }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
@@ -16,6 +20,10 @@ spec:
         {{- if .Values.rollOutJunosExporterPods }}
         # ensure pods roll when configmap updates
         junos-exporter.github.io/junos-exporter-configmap-checksum: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }}
+        {{- with .Values.sshkey }}
+        # same but for the SSH key (hash salted with the release and truncated just in case)
+        junos-exporter.github.io/junos-exporter-key-checksum: {{ cat $.Release.Name . | sha256sum | trunc 12 | quote }}
+        {{- end }}
         {{- end }}
       {{- end }}
       labels:
@@ -57,7 +65,7 @@ spec:
           {{- with .Values.extraEnv }}
           {{- toYaml . | trim | nindent 10 }}
           {{- end }}
-          {{- if or .Values.configyml .Values.sshkey }}
+          {{- if or .Values.configyml .Values.sshkey .Values.extraVolumeMounts }}
           volumeMounts:
           {{- if .Values.configyml }}
           - mountPath: /config
@@ -67,10 +75,13 @@ spec:
           - mountPath: /ssh
             name: {{ .Release.Name }}-sshkey
           {{- end }}
+          {{- with .Values.extraVolumeMounts }}
+          {{- toYaml . | trim | nindent 10 }}
+          {{- end }}
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-      {{- if or .Values.configyml .Values.sshkey }}
+      {{- if or .Values.configyml .Values.sshkey .Values.extraVolumes }}
       volumes:
         {{- if .Values.configyml }}
         - name: {{ .Release.Name }}-configmap
@@ -82,6 +93,9 @@ spec:
           secret:
             secretName: {{ .Release.Name }}-sshkey
         {{- end }}
+        {{- with .Values.extraVolumes }}
+        {{- toYaml . | trim | nindent 8 }}
+        {{- end }}
       {{- end }}
     {{- with .Values.nodeSelector }}
       nodeSelector:

helm/junosexporter/templates/serviceaccount.yaml

@@ -4,5 +4,5 @@ kind: ServiceAccount
 metadata:
   name: {{ include "junos_exporter.serviceAccountName" . }}
   labels:
-{{ include "junos_exporter.labels" . | nindent 4 }}
+{{- include "junos_exporter.labels" . | nindent 4 }}
 {{- end -}}

helm/junosexporter/templates/servicemonitor.yaml

@@ -4,8 +4,8 @@ kind: ServiceMonitor
 metadata:
   name: {{ .Release.Name }}-servicemonitor
   namespace: {{ .Values.namespace }}
-  release: {{ .Values.prometheusOperator }}
   labels:
+    release: {{ .Values.prometheusOperator }}
     {{- include "junos_exporter.labels" . | nindent 4 }}
 spec:
   endpoints:
@@ -14,5 +14,6 @@ spec:
     interval: {{ default "120s" .Values.serviceMonitor.interval }}
   jobLabel: {{ default "jobLabel" .Values.serviceMonitor.jobLabel }}
   selector:
-    {{- include "junos_exporter.selectorLabels" . | nindent 4 }}
+    matchLabels:
+      {{- include "junos_exporter.selectorLabels" . | nindent 6 }}
 {{- end }}

helm/junosexporter/values.yaml

@@ -4,7 +4,7 @@
 
 replicaCount: 1
 
-# prometheusOperator is the relase label for prometheus-operator to look at the servicemonitor
+# prometheusOperator is the release label for prometheus-operator to look at the servicemonitor
 prometheusOperator: prometheus-operator
 
 image:
@@ -25,6 +25,10 @@ extraEnv: []
 # Additional junos_exporter container arguments.
 extraArgs: []
 
+# Additional volumes and mounts to add to the container.
+extraVolumes: []
+extraVolumeMounts: []
+
 # configyml is the configfile for the exporter
 # configyml:
 #     devices:
@@ -57,7 +61,7 @@ serviceAccount:
   create: true
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name:
+  name: ""
 
 podSecurityContext: {}
   # fsGroup: 2000
@@ -92,5 +96,8 @@ tolerations: []
 
 affinity: {}
 
-# Roll out junos-exporter pods automatically when configmap is updated.
+# Annotations to add to the Deployment
+annotations: {}
+
+# Roll out junos-exporter pods automatically when configyml or sshkey is updated
 rollOutJunosExporterPods: false