Kubernetes operator that facilitates management of New Relic resources from within your K8s configuration. Currently supports:
- Alert Policies
- NRQL Alert Conditions
- Alert Destinations
- Alert Channels
- Alert Workflows
If you are looking for New Relic's Kubernetes operator for managing New Relic's Kubernetes integration, please see newrelic-k8s-operator.
Docker Images are available in DockerHub
- Install docker, kubectl, kustomize, and kind
brew cask install docker
brew install kubernetes-cli kustomize kind
- Create a test cluster with
kind
kind create cluster --name newrelic-test
kubectl cluster-info
- Install the operator in the test cluster
kustomize build github.com/newrelic/newrelic-k8s-operator-v2/config/default | kubectl apply -f -
Note: This will install operator on whatever kubernetes cluster kubectl is configured to use.
- Validate pods are running
kubectl get pods -n newrelic-k8s-operator-v2-system
Alternatively, you can deploy the operator in a custom container by overriding the image name in a kustomization.yaml
file:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: newrelic-k8s-operator-v2-system
resources:
- github.com/newrelic/newrelic-k8s-operator-v2/config/default
images:
- name: newrelic/newrelic-k8s-operator-v2:latest
newName: <CUSTOM_IMAGE>
newTag: <CUSTOM_TAG>
Then apply the file with:
kustomize build . | kubectl apply -f -
The operator can be removed with the reverse of installation:
kustomize build github.com/newrelic/newrelic-k8s-operator-v2/config/default | kubectl delete -f -
Helm charts are available via Github Pages
helm repo add newrelic-resource-operator https://newrelic.github.io/newrelic-k8s-operator-v2/
helm repo update
helm install nr-operator-v2 newrelic-resource-operator/nr-operator-v2
helm uninstall nr-operator-v2
Once the operator is successfully deployed to a cluster, resources can be provisioned with NR k8s objects. There are detailed examples provided under the examples section.
Using the policy example provided. Input the fields within the configuration, including a user API key, accountId to create the resource within, and policy specific inputs.
Note: You can also use a Kubernetes secret for providing your API key. We've provided an example secret configuration file in case you want to use this method. You'll need to replace
api_key
withapi_key_secret
.
apiVersion: alerts.k8s.newrelic.com/v1
kind: AlertPolicy
metadata:
labels:
app.kubernetes.io/name: newrelic-kubernetes-operator-v2
app.kubernetes.io/managed-by: kustomize
name: alertpolicy-example
spec:
apiKey: <api_key>
# apiKeySecret:
# name: nr-api-key
# namespace: default
# keyName: api-key
accountId: 1
region: "US"
name: test-policy
incidentPreference: "PER_CONDITION"
The config can then be applied with:
kubectl apply -f examples/example_policy.yaml
To see configured policies, run the command:
kubectl describe alertpolicies.alerts.k8s.newrelic.com
The operator will then create and update this policy within your New Relic account as needed by applying changes with kubectl apply -f <filename>
This process can be repeated for any of the examples provided. For more detail on all inputs - see Terraform docs for corresponding resources, which contain the same input definitions as this operator:
- Go v1.22.0+
- Docker (with Kubernetes enabled)
- kubectl
- kustomize
- kubebuilder
- Clone the repo
git clone git@github.com:newrelic/newrelic-k8s-operator-v2.git
-
Install kubebuilder following the instructions for your operating system. This installation will also get
etcd
andkube-apiserver
which are needed for the tests.Note: Do not install
kubebuilder
withbrew
. Homebrew'skubebuilder
package will not provide all the necessary dependencies for running the tests. -
Spin up a test cluster w/ Kind:
kind create cluster --name newrelic
kubectl cluster-info
- Run
make install
to install the operator on the local cluster. Confirm your configuration was deployed with:
- Show your namespaces. You should see
newrelic-k8s-operator-v2-system
in the list of namespaces.kubectl get namespaces
- Show the nodes within the
newrelic-k8s-operator-v2-system
namespace.You should see something similar to the following output:kubectl get nodes -n newrelic-k8s-operator-v2-system
NAME STATUS ROLES AGE VERSION newrelic-test-control-plane Ready control-plane 116s v1.28.7
-
Run
make run
in a separate terminal cd'd into the repo - This allows a live run/logging of the operator. -
Configure and apply example configurations from provided examples
kubectl apply -f examples/<resource>/<example_resource.yml>
A resource can be deleted as well with:
kubectl delete -f examples/<resource>/<example_resource.yml>
Below are other useful commands - See Makefile
for full list.
# Re-Generate CRDs if any api spec changes occur, alternatively `make` be ran
make manifests
# Run Ginkgo tests
make test
# Undeploy a resource
make undeploy
# Uninstall operator
make uninstall
# Build the manager binary under `bin/`
make build
# Build a docker image
make docker-build
# Get the node being used for the newrelic operator.
kubectl get nodes -n newrelic-k8s-operator-v2-system
# Describe the node being used for the newrelic operator.
kubectl describe node <your-node-name>
# Tail logs of the operator's manager container (useful during development).
# Use the `describe node` command above to locate your manager controller.
kubectl logs -f -n newrelic-k8s-operator-v2-system -c manager newrelic-kubernetes-operator-controller-manager-<hash from>
We encourage your contributions to improve the K8s New Relic Resource Operator! Keep in mind that when you submit your pull request, you'll need to sign the CLA via the click-through using CLA-Assistant. You only have to sign the CLA one time per project.
If you have any questions, or to execute our corporate CLA (which is required if your contribution is on behalf of a company), drop us an email at opensource@newrelic.com.
A note about vulnerabilities
As noted in our security policy, New Relic is committed to the privacy and security of our customers and their data. We believe that providing coordinated disclosure by security researchers and engaging with the security community are important means to achieve our security goals.
If you believe you have found a security vulnerability in this project or any of New Relic's products or websites, we welcome and greatly appreciate you reporting it to New Relic through HackerOne.
If you would like to contribute to this project, review these guidelines.
To all contributors, we thank you! Without your contribution, this project would not be what it is today.
K8s New Relic Resource Operator is licensed under the Apache 2.0 License.