Add Helm support for Theia with ClickHouse PV

Signed-off-by: Yanjun Zhou <zhouya@vmware.com>

.github/workflows/go.yml

@@ -136,3 +136,12 @@ jobs:
       run: |
         sudo npm install -g markdownlint-cli@0.31.1
         make markdownlint
+    - name: Checking whether autogenerated Helm chart documentation is up-to-date
+      working-directory: build/charts/
+      run: |
+        make helm-docs
+        DIFF=$(git diff .)
+        if [ -n "$DIFF" ]; then
+          echo "The Helm chart documentation is out-of-date; please run 'make helm-docs' in 'build/charts/' and commit the changes"
+          exit 1
+        fi

Makefile

@@ -123,6 +123,11 @@ verify:
 	@echo "===> Verifying documentation formatting for website <==="
 	$(CURDIR)/hack/verify-docs-for-website.sh
 
+.PHONY: toc
+toc:
+	@echo "===> Generating Table of Contents for Antrea docs <==="
+	GO=$(GO) $(CURDIR)/hack/update-toc.sh
+
 .PHONE: markdownlint
 markdownlint:
 	@echo "===> Running markdownlint <==="

VERSION

@@ -1 +1 @@
-v1.7.0-dev
+v0.1.0-dev

build/charts/Makefile

@@ -0,0 +1,6 @@
+USERID  := $(shell id -u)
+GRPID   := $(shell id -g)
+
+.PHONY: helm-docs
+helm-docs:
+	docker run --rm --volume "$(CURDIR):/helm-docs" --user=$(USERID):$(GRPID) jnorwood/helm-docs:v1.7.0

build/charts/theia/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

build/charts/theia/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: theia
+type: application
+displayName: Theia
+home: https://antrea.io/
+version: 0.1.0-dev
+appVersion: 0.1.0-dev
+kubeVersion: ">= 1.16.0-0"
+icon: https://raw.githubusercontent.com/antrea-io/antrea/main/docs/assets/logo/antrea_logo.svg
+description: Antrea Network Flow Visibility
+keywords:
+  - Kubernetes
+  - CNCF
+  - Networking
+  - CNI
+  - Security
+  - Flow visibility
+sources:
+  - https://github.com/antrea-io/theia

build/charts/theia/README.md

@@ -0,0 +1,45 @@
+# theia
+
+![Version: 0.1.0-dev](https://img.shields.io/badge/Version-0.1.0--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0-dev](https://img.shields.io/badge/AppVersion-0.1.0--dev-informational?style=flat-square)
+
+Antrea Network Flow Visibility
+
+**Homepage:** <https://antrea.io/>
+
+## Source Code
+
+* <https://github.com/antrea-io/theia>
+
+## Requirements
+
+Kubernetes: `>= 1.16.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| clickhouse.httpPort | int | `8123` | HTTP port number for the ClickHouse service. |
+| clickhouse.image | object | `{"pullPolicy":"IfNotPresent","repository":"projects.registry.vmware.com/antrea/theia-clickhouse-server","tag":"21.11"}` | Container image to use for the ClickHouse. |
+| clickhouse.monitor.deletePercentage | float | `0.5` | The percentage of records in ClickHouse that will be deleted when the storage grows above threshold. Vary from 0 to 1. |
+| clickhouse.monitor.enable | bool | `true` | Determine whether to run a monitor to periodically check the ClickHouse memory usage and clean data. |
+| clickhouse.monitor.image | object | `{"pullPolicy":"IfNotPresent","repository":"projects.registry.vmware.com/antrea/theia-clickhouse-monitor","tag":"latest"}` | Container image to use for the ClickHouse Monitor. |
+| clickhouse.monitor.threshold | float | `0.5` | The storage percentage at which the monitor starts to delete old records. Vary from 0 to 1. |
+| clickhouse.password | string | `"clickhouse_operator_password"` | ClickHouse password. It will be stored in a secret. |
+| clickhouse.persistentVolume.affinity | object | `{"required":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"antrea.io/clickhouse-data-node","operator":"Exists"}]}]}}` | Affinity for the Local Persistent Volume. Required when Persistent Volumes is enable and the provisioner is "Local". |
+| clickhouse.persistentVolume.enable | bool | `false` | Enable deploying the ClickHouse with Persistent Volumes. |
+| clickhouse.persistentVolume.localPath | string | `"/data"` | The local path. Required when Persistent Volumes is enable and the provisioner is "Local". |
+| clickhouse.persistentVolume.nfsHost | string | `""` | The NFS server hostname or IP address. Required when Persistent Volumes is enable the provisioner is "NFS". |
+| clickhouse.persistentVolume.nfsPath | string | `""` | The path exported on the NFS server. Required when Persistent Volumes is enable the provisioner is "NFS". |
+| clickhouse.persistentVolume.provisioner | string | `"Local"` | Persistent Volume Provisioner. Required if Persistent Volumes is enable. It must be one of "StorageClass", "Local", "NFS". |
+| clickhouse.persistentVolume.storageClass | string | `""` |  |
+| clickhouse.storageSize | string | `"8Gi"` | ClickHouse storage size. Can be a plain integer or as a fixed-point number using one of these quantity suffixes: E, P, T, G, M, K. Or the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. |
+| clickhouse.tcpPort | int | `9000` | TCP port number for the ClickHouse service. |
+| clickhouse.ttl | int | `3600` | Time to live in seconds for data in the ClickHouse. |
+| clickhouse.username | string | `"clickhouse_operator"` | ClickHouse username. It will be stored in a secret. |
+| grafana.image | object | `{"pullPolicy":"IfNotPresent","repository":"projects.registry.vmware.com/antrea/theia-grafana","tag":"8.3.3"}` | Container image to use for the Grafana. |
+| grafana.password | string | `"admin"` | Grafana password. It will be stored in a secret. |
+| grafana.tcpPort | int | `3000` | TCP port number for the Grafana service. |
+| grafana.username | string | `"admin"` | Grafana username. It will be stored in a secret. |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.7.0](https://github.com/norwoodj/helm-docs/releases/v1.7.0)

build/yamls/base/provisioning/datasources/create_table.sh → build/charts/theia/provisioning/datasources/create_table.sh

@@ -69,10 +69,10 @@ clickhouse client -n -h 127.0.0.1 <<-EOSQL
         trusted UInt8 DEFAULT 0
     ) engine=MergeTree
     ORDER BY (timeInserted, flowEndSeconds)
-    TTL timeInserted + INTERVAL 1 HOUR
-    SETTINGS merge_with_ttl_timeout = 3600;
+    TTL timeInserted + INTERVAL {{ .Values.clickhouse.ttl }} SECOND
+    SETTINGS merge_with_ttl_timeout = {{ .Values.clickhouse.ttl }};
 
-    CREATE MATERIALIZED VIEW flows_pod_view
+    CREATE MATERIALIZED VIEW IF NOT EXISTS flows_pod_view
     ENGINE = SummingMergeTree
     ORDER BY (
         timeInserted,
@@ -86,8 +86,8 @@ clickhouse client -n -h 127.0.0.1 <<-EOSQL
         flowType,
         sourcePodNamespace,
         destinationPodNamespace)
-    TTL timeInserted + INTERVAL 1 HOUR
-    SETTINGS merge_with_ttl_timeout = 3600
+    TTL timeInserted + INTERVAL {{ .Values.clickhouse.ttl }} SECOND
+    SETTINGS merge_with_ttl_timeout = {{ .Values.clickhouse.ttl }}
     POPULATE
     AS SELECT
         timeInserted,
@@ -121,7 +121,7 @@ clickhouse client -n -h 127.0.0.1 <<-EOSQL
         sourcePodNamespace,
         destinationPodNamespace;
 
-    CREATE MATERIALIZED VIEW flows_node_view
+    CREATE MATERIALIZED VIEW IF NOT EXISTS flows_node_view
     ENGINE = SummingMergeTree
     ORDER BY (
         timeInserted,
@@ -132,8 +132,8 @@ clickhouse client -n -h 127.0.0.1 <<-EOSQL
         destinationNodeName,
         sourcePodNamespace,
         destinationPodNamespace)
-    TTL timeInserted + INTERVAL 1 HOUR
-    SETTINGS merge_with_ttl_timeout = 3600
+    TTL timeInserted + INTERVAL {{ .Values.clickhouse.ttl }} SECOND
+    SETTINGS merge_with_ttl_timeout = {{ .Values.clickhouse.ttl }}
     POPULATE
     AS SELECT
         timeInserted,
@@ -163,7 +163,7 @@ clickhouse client -n -h 127.0.0.1 <<-EOSQL
         sourcePodNamespace,
         destinationPodNamespace;
 
-    CREATE MATERIALIZED VIEW flows_policy_view
+    CREATE MATERIALIZED VIEW IF NOT EXISTS flows_policy_view
     ENGINE = SummingMergeTree
     ORDER BY (
         timeInserted,
@@ -176,8 +176,8 @@ clickhouse client -n -h 127.0.0.1 <<-EOSQL
         ingressNetworkPolicyRuleAction,
         sourcePodNamespace,
         destinationPodNamespace)
-    TTL timeInserted + INTERVAL 1 HOUR
-    SETTINGS merge_with_ttl_timeout = 3600
+    TTL timeInserted + INTERVAL {{ .Values.clickhouse.ttl }} SECOND
+    SETTINGS merge_with_ttl_timeout = {{ .Values.clickhouse.ttl }}
     POPULATE
     AS SELECT
         timeInserted,

build/yamls/base/provisioning/datasources/datasource_provider.yml → build/charts/theia/provisioning/datasources/datasource_provider.yaml

@@ -3,11 +3,11 @@ datasources:
   - name: ClickHouse
     type: grafana-clickhouse-datasource
     access: proxy
-    url: http://clickhouse-clickhouse.flow-visibility.svc:8123
+    url: http://clickhouse-clickhouse.{{ .Release.Namespace }}.svc:{{ .Values.clickhouse.httpPort }}
     editable: true
     jsonData:
-      server: clickhouse-clickhouse.flow-visibility.svc
-      port: 9000
+      server: clickhouse-clickhouse.{{ .Release.Namespace }}.svc
+      port: {{ .Values.clickhouse.tcpPort }}
       username: $CLICKHOUSE_USERNAME
     secureJsonData:
       password: $CLICKHOUSE_PASSWORD

build/charts/theia/templates/NOTES.txt

@@ -0,0 +1 @@
+The Theia has been successfully installed.

build/charts/theia/templates/clickhouse/clickhouseinstallation.yaml

@@ -0,0 +1,100 @@
+apiVersion: "clickhouse.altinity.com/v1"
+kind: "ClickHouseInstallation"
+metadata:
+  name: clickhouse
+  labels:
+    app: clickhouse
+  namespace: {{ .Release.Namespace }}
+spec:
+  configuration:
+    users:
+      {{ .Values.clickhouse.username }}/k8s_secret_password: {{ .Release.Namespace }}/clickhouse-secret/password
+      {{ .Values.clickhouse.username }}/networks/ip: "::/0"
+    clusters:
+      - name: "clickhouse"
+        layout:
+          shardsCount: 1
+          replicasCount: 1
+  defaults:
+    templates:
+      podTemplate: pod-template
+      serviceTemplate: service-template
+      {{- if .Values.clickhouse.persistentVolume.enable }}
+      dataVolumeClaimTemplate: clickhouse-storage-template
+      {{- end }}
+  templates:
+    serviceTemplates:
+      - name: service-template
+        spec:
+          ports:
+            - name: http
+              port: {{ .Values.clickhouse.httpPort }}
+            - name: tcp
+              port: {{ .Values.clickhouse.tcpPort }}
+    podTemplates:
+      - name: pod-template
+        spec:
+          containers:
+            - name: clickhouse
+              image: {{ .Values.clickhouse.image.repository }}:{{ .Values.clickhouse.image.tag }}
+              imagePullPolicy: {{ .Values.clickhouse.image.pullPolicy }}
+              volumeMounts:
+                - name: clickhouse-configmap-volume
+                  mountPath: /docker-entrypoint-initdb.d
+                {{- if not .Values.clickhouse.persistentVolume.enable }}
+                - name: clickhouse-storage-volume
+                  mountPath: /var/lib/clickhouse
+                {{- end }}
+            {{- if .Values.clickhouse.monitor.enable}}
+            - name: clickhouse-monitor
+              image: {{ .Values.clickhouse.monitor.image.repository }}:{{ .Values.clickhouse.monitor.image.tag }}
+              imagePullPolicy: {{ .Values.clickhouse.monitor.image.pullPolicy }}
+              env:
+                - name: CLICKHOUSE_USERNAME
+                  valueFrom:
+                    secretKeyRef: 
+                      name: clickhouse-secret
+                      key: username
+                - name: CLICKHOUSE_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: clickhouse-secret
+                      key: password
+                - name: DB_URL
+                  value: "tcp://localhost:9000"
+                - name: TABLE_NAME
+                  value: "default.flows"
+                - name: MV_NAMES
+                  value: "default.flows_pod_view default.flows_node_view default.flows_policy_view"
+                - name: STORAGE_SIZE
+                  value: {{ .Values.clickhouse.storageSize | quote }}
+                - name: THRESHOLD
+                  value: {{ .Values.clickhouse.monitor.threshold | quote }}
+                - name: DELETE_PERCENTAGE
+                  value: {{ .Values.clickhouse.monitor.deletePercentage | quote }}
+            {{- end}}
+          volumes:
+            - name: clickhouse-configmap-volume
+              configMap:
+                name: clickhouse-mounted-configmap
+            {{- if not .Values.clickhouse.persistentVolume.enable }}
+            - name: clickhouse-storage-volume
+              emptyDir:
+                medium: Memory
+                sizeLimit: {{ .Values.clickhouse.storageSize }}
+            {{- end }}
+    {{- if .Values.clickhouse.persistentVolume.enable }}
+    volumeClaimTemplates: 
+      - name: clickhouse-storage-template
+        spec:
+          {{- if eq .Values.clickhouse.persistentVolume.provisioner "StorageClass"}}
+          storageClassName: {{ .Values.clickhouse.persistentVolume.storageClass}}
+          {{- else }}
+          storageClassName: clickhouse-storage
+          {{- end }}
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: {{ .Values.clickhouse.storageSize }}
+    {{- end }}

build/charts/theia/templates/clickhouse/configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: clickhouse-mounted-configmap
+  namespace: {{ .Release.Namespace }}
+data:
+  create_table.sh: |-
+{{ tpl (.Files.Get "provisioning/datasources/create_table.sh") . | indent 4}}

build/charts/theia/templates/clickhouse/local-persistentvolume.yaml

@@ -0,0 +1,19 @@
+{{- if and (.Values.clickhouse.persistentVolume.enable) (eq (.Values.clickhouse.persistentVolume.provisioner) "Local") }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: clickhouse-pv
+spec:
+  storageClassName: clickhouse-storage
+  capacity:
+    storage: {{ .Values.clickhouse.storageSize }}
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  local:
+    path: {{ .Values.clickhouse.persistentVolume.localPath }}
+  {{- with .Values.clickhouse.persistentVolume.affinity }}
+  nodeAffinity:
+    {{- toYaml . | trim | nindent 4 }}
+  {{- end }}
+{{- end }}

build/charts/theia/templates/clickhouse/nfs-persistentvolume.yaml

@@ -0,0 +1,16 @@
+{{- if and (.Values.clickhouse.persistentVolume.enable) (eq (.Values.clickhouse.persistentVolume.provisioner) "NFS") }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: clickhouse-pv
+spec:
+  storageClassName: clickhouse-storage
+  capacity:
+    storage: {{ .Values.clickhouse.storageSize }}
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  nfs:
+    path: {{ .Values.clickhouse.persistentVolume.nfsPath }}
+    server: {{ .Values.clickhouse.persistentVolume.nfsHost }}
+{{- end }}

build/charts/theia/templates/clickhouse/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: clickhouse-secret
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+stringData:
+  username: {{ .Values.clickhouse.username }}
+  password: {{ .Values.clickhouse.password }}

build/charts/theia/templates/clickhouse/storageclass.yaml

@@ -0,0 +1,10 @@
+{{- if and (.Values.clickhouse.persistentVolume.enable) (not (eq (.Values.clickhouse.persistentVolume.provisioner) "StorageClass")) }}
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: clickhouse-storage
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Retain
+allowVolumeExpansion: True
+{{- end }}

build/charts/theia/templates/grafana/dashboard-configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-dashboard-config
+  namespace: {{ .Release.Namespace }}
+data:
+{{ (.Files.Glob "provisioning/dashboards/*.json").AsConfig | indent 2}}

build/charts/theia/templates/grafana/dashboard-provider-configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-dashboard-provider
+  namespace: {{ .Release.Namespace }}
+data:
+  dashboard_provider.yaml: |-
+{{ .Files.Get "provisioning/dashboards/dashboard_provider.yaml" | indent 4}}