Update Helm release cost-analyzer to v2.3.0

[renovate[bot]]

This PR contains the following updates:

Package	Update	Change
cost-analyzer	minor	2.2.5 -> 2.3.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions[bot]]

Changes Default Values

```diff diff -U 4 -r out-default-values/target/kubecost_default-values.out out-default-values/pr/kubecost_default-values.out --- out-default-values/target/kubecost_default-values.out 2024-06-20 19:29:24.666763631 +0000 +++ out-default-values/pr/kubecost_default-values.out 2024-06-20 19:29:10.902724116 +0000 @@ -1,8 +1,8 @@ global: # zone: cluster.local (use only if your DNS server doesn't live in the same zone as kubecost) prometheus: - enabled: true # If false, Prometheus will not be installed -- Warning: Before changing this setting, please read to understand this setting https://docs.kubecost.com/install-and-configure/install/custom-prom + enabled: true # Kubecost depends on Prometheus data, it is not optional. When enabled: false, Prometheus will not be installed and you must configure your own Prometheus to scrape kubecost as well as provide the fqdn below. -- Warning: Before changing this setting, please read to understand the risks https://docs.kubecost.com/install-and-configure/install/custom-prom fqdn: http://cost-analyzer-prometheus-server.default.svc # example address of a prometheus to connect to. Include protocol (http:// or https://) Ignored if enabled: true # insecureSkipVerify: false # If true, kubecost will not check the TLS cert of prometheus # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD # queryServiceBearerTokenSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN @@ -29,9 +29,9 @@ prometheusServerEndpoint: http://localhost:8085/ # The prometheus service endpoint used by kubecost. The calls are forwarded through the GMP Prom proxy side car to the GMP database. gmpProxy: enabled: false image: gke.gcr.io/prometheus-engine/frontend:v0.4.1-gke.0 # GMP Prometheus proxy image that serve as an endpoint to query metrics from GMP - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: gmp-proxy port: 8085 projectId: YOUR_PROJECT_ID # example GCP project ID @@ -140,22 +140,22 @@ chartDisplay: "category" idle: "separate" rate: "cumulative" accumulate: false # daily resolution - filters: # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api - - key: "cluster" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#allocation-apis-request-sizing-v2-api - operator: ":" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#filter-operators + filters: # Ref: https://docs.kubecost.com/apis/filters-api + - key: "cluster" # Ref: https://docs.kubecost.com/apis/filters-api#allocation-apis-request-sizing-v2-api + operator: ":" # Ref: https://docs.kubecost.com/apis/filters-api#filter-operators value: "dev" - title: "Example Saved Report 1" window: "month" aggregateBy: "controllerKind" chartDisplay: "category" idle: "share" rate: "monthly" accumulate: false - filters: # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api - - key: "namespace" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#allocation-apis-request-sizing-v2-api - operator: "!:" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#filter-operators + filters: # Ref: https://docs.kubecost.com/apis/filters-api + - key: "namespace" # Ref: https://docs.kubecost.com/apis/filters-api#allocation-apis-request-sizing-v2-api + operator: "!:" # Ref: https://docs.kubecost.com/apis/filters-api#filter-operators value: "kubecost" - title: "Example Saved Report 2" window: "2020-11-11T00:00:00Z,2020-12-09T23:59:59Z" aggregateBy: "service" @@ -185,11 +185,11 @@ reports: - title: "Example Advanced Report 0" window: "7d" aggregateBy: "namespace" - filters: # same as allocation api filters Ref: https://docs.kubecost.com/apis/apis-overview/filters-api - - key: "cluster" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#allocation-apis-request-sizing-v2-api - operator: ":" # Ref: https://docs.kubecost.com/apis/apis-overview/filters-api#filter-operators + filters: # same as allocation api filters Ref: https://docs.kubecost.com/apis/filters-api + - key: "cluster" # Ref: https://docs.kubecost.com/apis/filters-api#allocation-apis-request-sizing-v2-api + operator: ":" # Ref: https://docs.kubecost.com/apis/filters-api#filter-operators value: "dev" cloudBreakdown: "service" cloudJoin: "label:kubernetes_namespace" @@ -207,8 +207,10 @@ # value: "service1" # corresponds to a value to filter cloud cost aggregate by service data on. podAnnotations: {} # iam.amazonaws.com/role: role-arn + + # Applies these labels to all Deployments, StatefulSets, DaemonSets, and their pod templates. additionalLabels: {} securityContext: runAsNonRoot: true @@ -248,8 +250,50 @@ cicd: enabled: false # Set to true when using affected CI/CD tools for access to the below configuration options. skipSanityChecks: false # If true, skip all sanity/existence checks for resources like Secrets. + ## Kubecost Integrations + ## Ref: https://docs.kubecost.com/integrations + ## + integrations: + postgres: + enabled: false + runInterval: "12h" # How frequently to run the integration. + databaseHost: "" # REQUIRED. ex: my.postgres.database.azure.com + databasePort: "" # REQUIRED. ex: 5432 + databaseName: "" # REQUIRED. ex: postgres + databaseUser: "" # REQUIRED. ex: myusername + databasePassword: "" # REQUIRED. ex: mypassword + databaseSecretName: "" # OPTIONAL. Specify your own k8s secret containing the above credentials. Must have key "creds.json". + + ## Configure what Postgres table to write to, and what parameters to pass + ## when querying Kubecost's APIs. Ensure all parameters are enclosed in + ## quotes. Ref: https://docs.kubecost.com/apis/apis-overview + queryConfigs: + allocations: [] + # - databaseTable: "kubecost_allocation_data" + # window: "7d" + # aggregate: "namespace" + # idle: "true" + # shareIdle: "true" + # shareNamespaces: "kubecost,kube-system" + # shareLabels: "" + # - databaseTable: "kubecost_allocation_data_by_cluster" + # window: "10d" + # aggregate: "cluster" + # idle: "true" + # shareIdle: "false" + # shareNamespaces: "" + # shareLabels: "" + assets: [] + # - databaseTable: "kubecost_assets_data" + # window: "7d" + # aggregate: "cluster" + cloudCosts: [] + # - databaseTable: "kubecost_cloudcosts_data" + # window: "7d" + # aggregate: "service" + ## Provide a name override for the chart. # nameOverride: "" ## Provide a full name override option for the chart. # fullnameOverride: "" @@ -370,9 +414,9 @@ enabled: true deployMethod: singlepod # haMode or singlepod - haMode is currently only supported with Enterprise tier haReplicas: 2 # only used with haMode image: "gcr.io/kubecost1/frontend" - imagePullPolicy: Always + imagePullPolicy: IfNotPresent # fullImageName overrides the default image construction logic. The exact # image provided (registry, image, tag) will be used for the frontend. # fullImageName: @@ -487,9 +531,9 @@ extraArgs: [] sigV4Proxy: image: public.ecr.aws/aws-observability/aws-sigv4-proxy:latest - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: aps port: 8005 region: us-west-2 # The AWS region host: aps-workspaces.us-west-2.amazonaws.com # The hostname for AMP service. @@ -503,9 +547,9 @@ resources: {} kubecostModel: image: "gcr.io/kubecost1/cost-model" - imagePullPolicy: Always + imagePullPolicy: IfNotPresent # fullImageName overrides the default image construction logic. The exact # image provided (registry, image, tag) will be used for cost-model. # fullImageName: @@ -513,11 +557,8 @@ # - name: SOME_VARIABLE # value: "some_value" # securityContext: # readOnlyRootFilesystem: true - # Enables the emission of the kubecost_cloud_credit_total and - # kubecost_cloud_expense_total metrics - outOfClusterPromMetricsEnabled: false # Build local cost allocation cache warmCache: false # Run allocation ETL pipelines etl: true @@ -569,9 +610,13 @@ enabledPlugins: [] # - datadog # pre-existing secret for plugin configuration - configSecret: kubecost-plugin-secret + existingCustomSecret: + enabled: false + name: "" # name of the secret containing plugin config + + secretName: kubecost-plugin-secret # uncomment this to define plugin configuration via the values file # configs: # datadog: | @@ -580,18 +625,8 @@ # "datadog_api_key": "", # "datadog_app_key": "" # } - ## Feature to view your out-of-cluster costs and their k8s utilization - ## Ref: https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/cloud-costs-explorer - cloudCost: - # enabled: true # this logic is always enabled if cloud billing integration is configured. This option is no longer configurable. - labelList: - IsIncludeList: false - # format labels as comma separated string (ex. "label1,label2,label3") - labels: "" - topNItems: 1000 - allocation: # Enables or disables adding node labels to allocation data (i.e. workloads). # Defaults to "true" and starts with a sensible includeList for basics like # topology (e.g. zone, region) and instance type labels. @@ -676,12 +711,12 @@ fullImageName: null resources: {} env: {} nodeSelector: {} - tolerations: {} + tolerations: [] affinity: {} -# Basic Kubecost ingress, more examples available at https://github.com/kubecost/docs/blob/main/ingress-examples.md +# Basic Kubecost ingress, more examples available at https://docs.kubecost.com/install-and-configure/install/ingress-examples ingress: enabled: false # className: nginx labels: @@ -839,8 +874,22 @@ regex: kubecost - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name] action: keep regex: network-costs + - job_name: kubecost-aggregator + scrape_interval: 1m + scrape_timeout: 60s + metrics_path: /metrics + scheme: http + dns_sd_configs: + - names: + - {{ template "aggregator.serviceName" . }} + type: 'A' + {{- if or .Values.saml.enabled .Values.oidc.enabled }} + port: 9008 + {{- else }} + port: 9004 + {{- end }} server: # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID # to use as unique cluster ID in kubecost cost-analyzer deployment. # This overrides the cluster_id set in prometheus.server.global.external_labels. @@ -862,9 +911,9 @@ ## Prometheus server container image ## image: repository: quay.io/prometheus/prometheus - tag: v2.50.1 + tag: v2.52.0 pullPolicy: IfNotPresent ## prometheus server priorityClassName ## @@ -1559,9 +1608,9 @@ ## configmap-reload container image ## image: repository: quay.io/prometheus-operator/prometheus-config-reloader - tag: v0.72.0 + tag: v0.74.0 pullPolicy: IfNotPresent ## Additional configmap-reload container arguments ## @@ -1599,9 +1648,9 @@ ## configmap-reload container image ## image: repository: quay.io/prometheus-operator/prometheus-config-reloader - tag: v0.72.0 + tag: v0.74.0 pullPolicy: IfNotPresent ## Additional configmap-reload container arguments ## @@ -1655,9 +1704,9 @@ ## node-exporter container image ## image: repository: prom/node-exporter - tag: v1.7.0 + tag: v1.8.0 pullPolicy: IfNotPresent ## node-exporter priorityClassName ## @@ -1782,9 +1831,9 @@ ## pushgateway container image ## image: repository: prom/pushgateway - tag: v1.6.2 + tag: v1.8.0 pullPolicy: IfNotPresent ## pushgateway priorityClassName ## @@ -2200,19 +2249,20 @@ ## enabled: false -## Module for measuring network costs -## Ref: https://github.com/kubecost/docs/blob/main/network-allocation.md +## Optional daemonset to more accurately attribute network costs to the correct workload +## https://docs.kubecost.com/install-and-configure/advanced-configuration/network-costs-configuration networkCosts: enabled: false image: repository: gcr.io/kubecost1/kubecost-network-costs tag: v0.17.3 - imagePullPolicy: Always + imagePullPolicy: IfNotPresent updateStrategy: type: RollingUpdate - # For existing Prometheus Installs, annotates the Service which generates Endpoints for each of the network-costs pods. + # For existing Prometheus Installs, use the serviceMonitor: or prometheusScrape below. + # the below setting annotates the networkCost service endpoints for each of the network-costs pods. # The Service is annotated with prometheus.io/scrape: "true" to automatically get picked up by the prometheus config. # NOTE: Setting this option to true and leaving the above extraScrapeConfig "job_name: kubecost-networking" configured will cause the # NOTE: pods to be scraped twice. prometheusScrape: false @@ -2279,15 +2329,15 @@ # - "10.0.0.0/24" services: # google-cloud-services: when set to true, enables labeling traffic metrics with google cloud # service endpoints - google-cloud-services: false + google-cloud-services: true # amazon-web-services: when set to true, enables labeling traffic metrics with amazon web service # endpoints. - amazon-web-services: false + amazon-web-services: true # azure-cloud-services: when set to true, enables labeling traffic metrics with azure cloud service # endpoints - azure-cloud-services: false + azure-cloud-services: true # user defined services provide a way to define custom service endpoints which will label traffic metrics # falling within the defined address range. # services: # - service: "test-service-1" @@ -2363,9 +2413,10 @@ # fullImageName overrides the default image construction logic. The exact # image provided (registry, image, tag) will be used for the forecasting # container. # Example: fullImageName: gcr.io/kubecost1/forecasting:v0.0.1 - fullImageName: gcr.io/kubecost1/kubecost-modeling:v0.1.6 + fullImageName: gcr.io/kubecost1/kubecost-modeling:v0.1.12 + imagePullPolicy: IfNotPresent # Resource specification block for the forecasting container. resources: requests: @@ -2389,9 +2440,9 @@ # Define a nodeSelector for the forecasting Deployment. nodeSelector: {} # Define tolerations for the forecasting Deployment. - tolerations: {} + tolerations: [] # Define Pod affinity for the forecasting Deployment. affinity: {} @@ -2422,8 +2473,9 @@ # fullImageName overrides the default image construction logic. The exact # image provided (registry, image, tag) will be used for aggregator. # fullImageName: + imagePullPolicy: IfNotPresent # For legacy configuration support, `enabled: true` overrides deployMethod # and causes `deployMethod: "statefulset"` enabled: false @@ -2447,15 +2499,20 @@ # new data to show in the kubecost UI # set to 0 for max partitioning (minimum possible ram usage, but the slowest) # the default of 25 is sufficient for 95%+ of users. This should only be modified # after consulting with Kubecost's support team - numDBCopyPartitions: 25 + numDBCopyPartitions: 1 + logLevel: info - env: - "LOG_LEVEL": "info" - "DB_READ_THREADS": "1" - "DB_WRITE_THREADS": "1" - "DB_CONCURRENT_INGESTION_COUNT": "3" + # env: has been removed to avoid unknown issues that would be caused by + # customizations that were required to run aggregator in previous versions + # extraEnv: can be used to add new environment variables to the aggregator pod + + # the below settings should only be modified with support from Kubecost staff + dbReadThreads: 1 + dbWriteThreads: 1 + dbConcurrentIngestionCount: 1 + dbCopyFull: false persistentConfigsStorage: storageClass: "" # default storage class storageRequest: 1Gi @@ -2522,9 +2579,8 @@ # The cloudCost component of Aggregator depends on # kubecostAggregator.deployMethod: # kA.dM = "singlepod" -> cloudCost is run as container inside cost-analyzer # kA.dM = "statefulset" -> cloudCost is run as single-replica Deployment - enabled: false resources: {} # requests: # cpu: 1000m # memory: 1Gi @@ -2541,9 +2597,9 @@ ## Add a nodeSelector for aggregator cloud costs # nodeSelector: {} ## Tolerations for the aggregator cloud costs - # tolerations: {} + # tolerations: [] ## Affinity for the aggregator cloud costs # affinity: {} @@ -2614,9 +2670,9 @@ labels: {} securityContext: {} containerSecurityContext: {} nodeSelector: {} - tolerations: {} + tolerations: [] affinity: {} ## Provide a full name override for the diagnostics Deployment. # diagnosticsFullnameOverride: "" @@ -2625,10 +2681,10 @@ clusterController: enabled: false image: repository: gcr.io/kubecost1/cluster-controller - tag: v0.16.0 - imagePullPolicy: Always + tag: v0.16.2 + imagePullPolicy: IfNotPresent ## PriorityClassName ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" # Set custom tolerations for the cluster controller. @@ -2704,9 +2760,9 @@ # level. # # See the examples below. # - # [1] https://docs.kubecost.com/apis/apis-overview/filters-api + # [1] https://docs.kubecost.com/apis/filters-api # filterConfig: # - filter: | # namespace:"abc"+controllerKind:"deployment" # - filter: | @@ -2747,18 +2803,27 @@ # googleAnalyticsTag: G-XXXXXXXXX serviceMonitor: # the kubecost included prometheus uses scrapeConfigs and does not support service monitors. The following options assume an existing prometheus that supports serviceMonitors. enabled: false + interval: 1m + scrapeTimeout: 10s additionalLabels: {} metricRelabelings: [] relabelings: [] networkCosts: enabled: false + interval: 1m + scrapeTimeout: 10s + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + aggregatorMetrics: + enabled: false + interval: 1m scrapeTimeout: 10s additionalLabels: {} metricRelabelings: [] relabelings: [] - prometheusRule: enabled: false additionalLabels: {} @@ -2827,9 +2892,9 @@ ## Container image settings for the Grafana deployment image: repository: grafana/grafana - tag: 10.3.4 + tag: 10.4.3 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -3021,9 +3086,9 @@ ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: image: repository: kiwigrid/k8s-sidecar - tag: 1.26.0 + tag: 1.27.2 pullPolicy: IfNotPresent resources: {} dashboards: enabled: true @@ -3095,8 +3160,14 @@ ## If true, push ETL data to the federated storage bucket federatedCluster: false + ## If true, this cluster will be able to read from the federated-store but will + ## not write to it. This is useful in situations when you want to deploy a + ## primary cluster, but don't want the primary cluster's ETL data to be + ## pushed to the bucket + readOnlyPrimary: false + ## If true, changes the dir of S3 backup to the Federated combined store. ## Commonly used when transitioning from Thanos to Federated ETL architecture. redirectS3Backup: false @@ -3241,8 +3312,22 @@ # enabled: false # key: "" # secretname: productkeysecret # Reference an existing k8s secret created from a file named productkey.json of format { "key": "enterprise-key-here" }. If the secretname is specified, a configmap with the key will not be created. # mountPath: "/some/custom/path/productkey.json" # (use instead of secretname) Declare the path at which the product key file is mounted (eg. by a secrets provisioner). The file must be of format { "key": "enterprise-key-here" }. +# # The following block enables the use of a custom SMTP server which overrides Kubecost's built-in, external SMTP server for alerts and reports +# smtp: +# config: | +# { +# "sender_email": "", +# "host": "", +# "port": 587, +# "authentication": true, +# "username": "", +# "password": "", +# "secure": true +# } +# secretname: smtpconfigsecret # Reference an existing k8s secret created from a file named smtp.json of format specified by config above. If the secretname is specified, a configmap with the key will not be created. +# mountPath: "/some/custom/path/smtp.json" # (use instead of secretname) Declare the path at which the SMTP config file is mounted (eg. by a secrets provisioner). The file must be of format specified by config above. # carbonEstimates: false # Enables Kubecost beta carbon estimation endpoints /assets/carbon and /allocations/carbon ## Specify an existing Kubernetes Secret holding the cloud integration information. This Secret must contain ## a key with name `cloud-integration.json` and the contents must be in a specific format. It is expected @@ -3295,10 +3380,12 @@ # ingestPodUID: false # Enables using UIDs to uniquely ID pods. This requires either Kubecost's replicated KSM metrics, or KSM v2.1.0+. This may impact performance, and changes the default cost-model allocation behavior. # regionOverrides: "region1,region2,region3" # list of regions which will override default costmodel provider regions -# Explicit name of the ConfigMap to use for pricing overrides. If not set, a default will apply. +# Explicit names of various ConfigMaps to use. If not set, a default will apply. # pricingConfigmapName: "" +# productConfigmapName: "" +# smtpConfigmapName: "" # -- Array of extra K8s manifests to deploy ## Note: Supports use of custom Helm templates extraObjects: [] ```