diff --git a/chart/jetstacksecure-mp/templates/billing-agent-config.yml b/chart/jetstacksecure-mp/templates/billing-agent-config.yml new file mode 100644 index 0000000..141df12 --- /dev/null +++ b/chart/jetstacksecure-mp/templates/billing-agent-config.yml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "ubbagent-config" + labels: + helm.sh/chart: "{{ .Chart.Name }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" + app.kubernetes.io/component: ubbagent +data: + config.yaml: | + # The identity section contains authentication information used + # by the agent. + identities: + - name: gcp + gcp: + # This parameter accepts a base64-encoded JSON service + # account key. The value comes from the reporting secret. + encodedServiceAccountKey: $AGENT_ENCODED_KEY + + # The metrics section defines the metric that will be reported. + # Metric names should match verbatim the identifiers created + # during pricing setup. + metrics: + - name: time + type: int + endpoints: + - name: on_disk + - name: servicecontrol + + # The passthrough marker indicates that no aggregation should + # occur for this metric. Reports received are immediately sent + # to the reporting endpoint. We use passthrough for the + # instance_time metric since reports are generated + # automatically by a heartbeat source defined in a later + # section. + passthrough: {} + + # The endpoints section defines where metering data is ultimately + # sent. Currently supported endpoints include: + # * disk - some directory on the local filesystem + # * servicecontrol - Google Service Control + endpoints: + - name: on_disk + # The disk endpoint is useful for debugging, but its inclusion + # is not necessary in a production deployment. + disk: + reportDir: /var/lib/ubbagent/reports + expireSeconds: 3600 + - name: servicecontrol + servicecontrol: + identity: gcp + # The service name is unique to your application and will be + # provided during onboarding. + serviceName: jetstack-secure-for-cert-manager.jetstack-public.appspot.com + consumerId: $AGENT_CONSUMER_ID + + # The sources section lists metric data sources run by the agent + # itself. The currently-supported source is 'heartbeat', which + # sends a defined value to a metric at a defined interval. In + # this example, the heartbeat sends a 60-second value through the + # "instance_time" metric every minute. + sources: + - name: instance_time_heartbeat + heartbeat: + metric: time + intervalSeconds: 60 + value: + int64Value: 60 diff --git a/chart/jetstacksecure-mp/templates/billing-agent-deployment.yaml b/chart/jetstacksecure-mp/templates/billing-agent-deployment.yaml new file mode 100644 index 0000000..4c1f35a --- /dev/null +++ b/chart/jetstacksecure-mp/templates/billing-agent-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name | trunc 63 | trimSuffix "-" }}-ubbagent + labels: + helm.sh/chart: {{ .Chart.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/name: {{ .Release.Name | trunc 63 | trimSuffix "-" }} + app.kubernetes.io/component: ubbagent +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ .Release.Name | trunc 63 | trimSuffix "-" }} + app.kubernetes.io/component: ubbagent + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Release.Name | trunc 63 | trimSuffix "-" }} + app.kubernetes.io/component: ubbagent + spec: + containers: + - name: ubbagent + image: "{{ .Values.ubbagent.image.repository }}:{{ .Values.ubbagent.image.tag }}" + env: + - name: AGENT_CONFIG_FILE + value: "/etc/ubbagent/config.yaml" + - name: AGENT_LOCAL_PORT + value: "4567" + - name: AGENT_ENCODED_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.ubbagent.reportingSecretName }} + key: reporting-key + - name: AGENT_CONSUMER_ID + valueFrom: + secretKeyRef: + name: {{ .Values.ubbagent.reportingSecretName }} + key: consumer-id + volumeMounts: + - name: ubbagent-config + mountPath: /etc/ubbagent + volumes: + - name: ubbagent-config + configMap: + name: ubbagent-config diff --git a/chart/jetstacksecure-mp/values.yaml b/chart/jetstacksecure-mp/values.yaml index 62711ae..2841c4a 100644 --- a/chart/jetstacksecure-mp/values.yaml +++ b/chart/jetstacksecure-mp/values.yaml @@ -28,3 +28,9 @@ preflight: create: false # see note (1) rbac: create: false # see note (1) + +ubbagent: + # reportingSecretName: "some-secret-name" + image: {} + # tag: 1.1.0 + # repository: gcr.io/jetstack-public/ubbagent diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 12809a1..e2bd622 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -128,30 +128,27 @@ steps: waitFor: - tag-webhook - - - id: clone-ubbagent - name: gcr.io/cloud-builders/gcloud - entrypoint: bash + - id: pull-ubbagent + name: gcr.io/cloud-builders/docker args: - - -exc - - git clone https://github.com/GoogleCloudPlatform/ubbagent --branch 0.0.1 + - pull + - gcr.io/cloud-marketplace-tools/metering/ubbagent:latest waitFor: ["-"] - - id: build-ubbagent + - id: tag-ubbagent name: gcr.io/cloud-builders/docker args: - - build - - --tag + - tag + - gcr.io/cloud-marketplace-tools/metering/ubbagent:latest - gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/ubbagent:${_APP_VERSION} - - "./ubbagent" - waitFor: ["clone-ubbagent"] + waitFor: ["pull-ubbagent"] - id: push-ubbagent name: gcr.io/cloud-builders/docker args: - push - gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/ubbagent:${_APP_VERSION} - waitFor: ["build-ubbagent"] + waitFor: ["tag-ubbagent"] - id: build-deployer name: gcr.io/cloud-builders/docker @@ -234,6 +231,7 @@ steps: args: - ./mpdev - verify + - --wait_timeout=99999999 - --deployer=gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/deployer:${_APP_VERSION} waitFor: - check-cloud-marketplace-tools diff --git a/schema.yaml b/schema.yaml index 53ec756..734ded7 100644 --- a/schema.yaml +++ b/schema.yaml @@ -56,6 +56,12 @@ x-google-marketplace: type: REPO_WITH_REGISTRY preflight.image.tag: type: TAG + ubbagent: + properties: + ubbagent.image.repository: + type: REPO_WITH_REGISTRY + ubbagent.image.tag: + type: TAG # Allow the deployer to create CRDs and webhook configurations # See https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/schema.md#deployerserviceaccount @@ -332,28 +338,34 @@ properties: rules: - apiGroups: ["cert-manager.io"] resources: - - certificates - - certificaterequests - - issuers - - clusterissuers + - certificates + - certificaterequests + - issuers + - clusterissuers verbs: ["get", "list"] - type: ClusterRole rulesType: CUSTOM rules: - apiGroups: ["cas-issuer.jetstack.io"] resources: - - googlecasissuers - - googlecasclusterissuers + - googlecasissuers + - googlecasclusterissuers verbs: ["get", "list"] - type: ClusterRole rulesType: CUSTOM rules: - apiGroups: ["admissionregistration.k8s.io"] resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations + - validatingwebhookconfigurations + - mutatingwebhookconfigurations verbs: ["get", "list"] + # https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/64181be/docs/billing-integration.md + ubbagent.reportingSecretName: + type: string + x-google-marketplace: + type: REPORTING_SECRET + required: - name - namespace