[prometheus] Add CI test cases (#4477)

* [prometheus] Add CI values files

Signed-off-by: zeritti <47476160+zeritti@users.noreply.github.com>

* Use helper template setting labels in clusterrole

Signed-off-by: zeritti <47476160+zeritti@users.noreply.github.com>

---------

Signed-off-by: zeritti <47476160+zeritti@users.noreply.github.com>
Co-authored-by: MH <zanhsieh@gmail.com>

charts/prometheus/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: prometheus
 appVersion: v2.51.2
-version: 25.20.0
+version: 25.20.1
 kubeVersion: ">=1.19.0-0"
 description: Prometheus is a monitoring system and time series database.
 home: https://prometheus.io/

charts/prometheus/ci/01-automount-sa-token-values.yaml

@@ -0,0 +1,5 @@
+---
+## Test case: automount SA token
+serviceAccounts:
+  server:
+    automountServiceAccountToken: true

charts/prometheus/ci/02-config-reloader-deployment-values.yaml

@@ -0,0 +1,25 @@
+---
+## Test case: test config-reloader in deployment
+configmapReload:
+  env:
+    - name: APPNAME
+      value: "prometheus-config-reloader"
+
+  prometheus:
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+      runAsNonRoot: true
+      readOnlyRootFilesystem: true
+      seccompProfile:
+        type: RuntimeDefault
+
+    extraArgs:
+      log-level: debug
+      watch-interval: 1m
+
+server:
+  statefulSet:
+    enabled: false

charts/prometheus/ci/03-config-reloader-sts-values.yaml

@@ -0,0 +1,25 @@
+---
+## Test case: test config-reloader in statefulset
+configmapReload:
+  env:
+    - name: APPNAME
+      value: "prometheus-config-reloader"
+
+  prometheus:
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+      runAsNonRoot: true
+      readOnlyRootFilesystem: true
+      seccompProfile:
+        type: RuntimeDefault
+
+    extraArgs:
+      log-level: debug
+      watch-interval: 1m
+
+server:
+  statefulSet:
+    enabled: true

charts/prometheus/ci/04-extra-manifest-values.yaml

@@ -0,0 +1,22 @@
+---
+## Test case: set extra manifests to deploy
+extraManifests:
+  - |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      labels:
+        ci: "true"
+      name: prometheus-extra-cm-first
+    data:
+      GREETING: "hello"
+  - |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      labels:
+        ci: "true"
+      name: prometheus-extra-cm-second
+    data:
+      prometheus.txt: "{{ include "prometheus.server.fullname" . }}"
+    immutable: true

charts/prometheus/ci/05-server-deployment-values.yaml

@@ -0,0 +1,43 @@
+---
+## Test case: set various fields in deployment
+server:
+  automountServiceAccountToken: true
+
+  clusterRoleNameOverride: "ci-prometheus-server-cluster-role"
+
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    seccompProfile:
+      type: RuntimeDefault
+
+  env:
+    - name: APPNAME
+      value: prometheus
+
+  extraArgs:
+    query.timeout: 1m
+    query.max-concurrency: 15
+
+  global:
+    external_labels:
+      cluster: "ci"
+
+  persistentVolume:
+    enabled: true
+    size: 2Gi
+
+  prefixURL: /prometheus
+
+  retentionSize: 1GB
+
+  startupProbe:
+    enabled: true
+
+  statefulSet:
+    enabled: false
+
+  tsdb:
+    out_of_order_time_window: 10s

charts/prometheus/ci/06-server-sts-values.yaml

@@ -0,0 +1,44 @@
+---
+# Test case: set various fields in statefulset
+server:
+  automountServiceAccountToken: true
+
+  clusterRoleNameOverride: "ci-prometheus-server-cluster-role"
+
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    seccompProfile:
+      type: RuntimeDefault
+
+  env:
+    - name: APPNAME
+      value: prometheus
+
+  extraArgs:
+    query.timeout: 1m
+    query.max-concurrency: 15
+
+  global:
+    external_labels:
+      cluster: "ci"
+
+  persistentVolume:
+    enabled: true
+    statefulSetNameOverride: "ci-prometheus-server-pvc"
+    size: 2Gi
+
+  prefixURL: /prometheus
+
+  retentionSize: 1GB
+
+  startupProbe:
+    enabled: true
+
+  statefulSet:
+    enabled: true
+
+  tsdb:
+    out_of_order_time_window: 10s

charts/prometheus/ci/07-meta-labels-values.yaml

@@ -0,0 +1,5 @@
+---
+# Test case: set meta labels
+commonMetaLabels:
+  ci: "true"
+  env: "ci"

charts/prometheus/ci/08-sts-pvc-retention-policy-values.yaml

@@ -0,0 +1,13 @@
+---
+## Test case: set PVC retention policy in statefulset
+server:
+  automountServiceAccountToken: true
+
+  statefulSet:
+    enabled: true
+    pvcDeleteOnStsDelete: true
+    pvcDeleteOnStsScale: true
+
+  persistentVolume:
+    enabled: true
+    size: 2Gi

charts/prometheus/ci/09-standalone-deployment-values.yaml

@@ -0,0 +1,18 @@
+---
+## Test case: run standalone Prometheus deployment
+alertmanager:
+  enabled: false
+
+kube-state-metrics:
+  enabled: false
+
+prometheus-node-exporter:
+  enabled: false
+
+prometheus-pushgateway:
+  enabled: false
+
+server:
+  automountServiceAccountToken: true
+  persistentVolume:
+    enabled: false

charts/prometheus/ci/10-namespaced-sd-values.yaml

@@ -0,0 +1,114 @@
+---
+## Test case: Prometheus with namespaced SD
+## Prometheus runs service discovery (SD) in its own namespace only.
+## A custom cluster role is set up and bound to SA through a role binding
+## in the given namespace. Prometheus *must* be told that its SD
+## is namespaced by means of 'scrape_configs.kubernetes_sd_configs.namespaces'.
+server:
+  automountServiceAccountToken: true
+  namespaces: []
+  releaseNamespace: true
+  useExistingClusterRoleName: "prometheus-cluster-role"
+
+  persistentVolume:
+    enabled: false
+
+alertmanager:
+  enabled: false
+
+kube-state-metrics:
+  enabled: true
+
+prometheus-node-exporter:
+  enabled: false
+
+prometheus-pushgateway:
+  enabled: false
+
+serverFiles:
+  prometheus.yml:
+    scrape_configs:
+      - job_name: "prometheus"
+        static_configs:
+          - targets:
+            - localhost:9090
+      - job_name: "kubernetes-service-endpoints"
+        honor_labels: true
+        kubernetes_sd_configs:
+          - role: endpoints
+            namespaces:
+              own_namespace: true
+        relabel_configs:
+          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
+            action: keep
+            regex: true
+          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
+            action: replace
+            target_label: __scheme__
+            regex: (https?)
+          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
+            action: replace
+            target_label: __metrics_path__
+            regex: (.+)
+          - source_labels:
+            - __address__
+            - __meta_kubernetes_service_annotation_prometheus_io_port
+            action: replace
+            target_label: __address__
+            regex: (.+?)(?::\d+)?;(\d+)
+            replacement: $1:$2
+          - action: labelmap
+            regex: __meta_kubernetes_service_label_(.+)
+          - source_labels: [__meta_kubernetes_namespace]
+            action: replace
+            target_label: namespace
+          - source_labels: [__meta_kubernetes_service_name]
+            action: replace
+            target_label: service
+          - source_labels: [__meta_kubernetes_pod_node_name]
+            action: replace
+            target_label: node
+
+extraManifests:
+  - |
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      labels:
+        {{- include "prometheus.server.labels" . | nindent 4 }}
+      name: prometheus-cluster-role
+    rules:
+      - apiGroups:
+        - ""
+        resources:
+        - services
+        - endpoints
+        - pods
+        - ingresses
+        - configmaps
+        verbs:
+        - get
+        - list
+        - watch
+      - apiGroups:
+        - "extensions"
+        - "networking.k8s.io"
+        resources:
+        - ingresses/status
+        - ingresses
+        verbs:
+        - get
+        - list
+        - watch
+      - apiGroups:
+        - "discovery.k8s.io"
+        resources:
+        - endpointslices
+        verbs:
+        - get
+        - list
+        - watch
+      - nonResourceURLs:
+        - "/metrics"
+        verbs:
+        - get

charts/prometheus/ci/11-default-values.yaml

@@ -0,0 +1 @@
+## Test case: use chart's default values