feat(demeter-fabric): add demeter fabric daemon helm chart

Signed-off-by: Ales Verbic <verbotenj@blinklabs.io>

Author: verbotenj

.github/workflows/publish-demeter-fabric-helm-chart.yml

@@ -0,0 +1,36 @@
+name: publish-demeter-fabric-helm-chart
+
+on:
+  push:
+    branches: ["main"]
+    paths:
+      [
+        "charts/demeter-fabric/**",
+        ".github/workflows/publish-demeter-fabric-helm-chart.yml",
+      ]
+
+jobs:
+  build-and-push-demeter-fabric-helm-chart:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v6.0.2
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+      - name: Package and upload chart
+        shell: bash
+        env:
+          REGISTRY: "ghcr.io"
+          REPOSITORY: "${{ github.repository }}"
+          TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          USER: "${{ github.repository_owner }}"
+        run: |
+          rm -rf dist
+          mkdir dist
+          helm package charts/demeter-fabric/ -d dist/
+          echo "${TOKEN}" | helm registry login "${REGISTRY}" -u "${USER}" --password-stdin
+          for file in dist/*; do
+            helm push "$file" "oci://${REGISTRY}/${REPOSITORY,,}/charts"
+          done

charts/demeter-fabric/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: demeter-fabric
+description: Demeter Fabric Daemon - Kafka-based monitoring daemon for Demeter platform
+version: 0.1.0
+appVersion: "0.1.0"
+
+sources:
+  - https://github.com/demeter-run/fabric
+
+maintainers:
+  - name: aurora
+    email: aurora@blinklabs.io
+  - name: verbotenj
+    email: verbotenj@blinklabs.io
+  - name: wolf31o2
+    email: wolf31o2@blinklabs.io

charts/demeter-fabric/templates/_helpers.tpl

@@ -0,0 +1,50 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "demeter-fabric.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "demeter-fabric.fullname" -}}
+  {{- if .Values.fullnameOverride -}}
+    {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" | lower -}}
+  {{- else -}}
+    {{- $name := default .Chart.Name .Values.nameOverride -}}
+    {{- if contains $name .Release.Name -}}
+      {{- .Release.Name | trunc 63 | trimSuffix "-" | lower -}}
+    {{- else -}}
+      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" | lower -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "demeter-fabric.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "demeter-fabric.labels" -}}
+helm.sh/chart: {{ include "demeter-fabric.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/name: {{ include "demeter-fabric.name" . }}
+{{ include "demeter-fabric.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels – must match the live StatefulSet's immutable selector exactly.
+*/}}
+{{- define "demeter-fabric.selectorLabels" -}}
+role: fabric-daemon
+{{- end }}

charts/demeter-fabric/templates/configmap.yaml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-config
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "demeter-fabric.labels" . | nindent 4 }}
+data:
+  daemon.toml: |
+    db_path="/var/cache/{{ required "config.kafka.consumerCacheName is required" .Values.config.kafka.consumerCacheName }}.db"
+    topic_events = "{{ required "config.kafka.topicEvents is required" .Values.config.kafka.topicEvents }}"
+    topic_usage = "{{ required "config.kafka.topicUsage is required" .Values.config.kafka.topicUsage }}"
+    cluster_id = "{{ required "config.clusterId is required" .Values.config.clusterId }}"
+    delay_sec = {{ required "config.prometheus.delaySec is required" .Values.config.prometheus.delaySec }}
+    mode = "{{ required "config.mode is required" .Values.config.mode }}"
+
+    [metrics]
+    addr = "0.0.0.0:{{ .Values.ports.metrics }}"
+
+    [prometheus]
+    url = "{{ .Values.config.prometheus.url }}"
+    query_step = "{{ .Values.config.prometheus.queryStep }}"
+
+    [kafka_producer]
+    "bootstrap.servers" = "{{ required "config.kafka.brokerUrls is required" .Values.config.kafka.brokerUrls }}"
+    "security.protocol" = "SASL_SSL"
+    "message.timeout.ms" = "30000"
+    "sasl.mechanisms" = "SCRAM-SHA-256"
+    "sasl.username" = "{{ required "config.kafka.username is required" .Values.config.kafka.username }}"
+    "sasl.password" = "{{ required "config.kafka.password is required" .Values.config.kafka.password }}"
+
+    [kafka_monitor]
+    "bootstrap.servers" = "{{ required "config.kafka.brokerUrls is required" .Values.config.kafka.brokerUrls }}"
+    "group.id"= "{{ required "config.kafka.consumerMonitorName is required" .Values.config.kafka.consumerMonitorName }}"
+    "auto.offset.reset" = "earliest"
+    "security.protocol" = "SASL_SSL"
+    "sasl.mechanisms" = "SCRAM-SHA-256"
+    "sasl.username" = "{{ required "config.kafka.username is required" .Values.config.kafka.username }}"
+    "sasl.password" = "{{ required "config.kafka.password is required" .Values.config.kafka.password }}"
+
+    [kafka_cache]
+    "bootstrap.servers" = "{{ required "config.kafka.brokerUrls is required" .Values.config.kafka.brokerUrls }}"
+    "group.id"= "{{ required "config.kafka.consumerCacheName is required" .Values.config.kafka.consumerCacheName }}"
+    "auto.offset.reset" = "earliest"
+    "security.protocol" = "SASL_SSL"
+    "sasl.mechanisms" = "SCRAM-SHA-256"
+    "sasl.username" = "{{ required "config.kafka.username is required" .Values.config.kafka.username }}"
+    "sasl.password" = "{{ required "config.kafka.password is required" .Values.config.kafka.password }}"

charts/demeter-fabric/templates/headless-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service.name | default .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "demeter-fabric.labels" . | nindent 4 }}
+spec:
+  clusterIP: None
+  selector: {{- include "demeter-fabric.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: metrics
+      port: {{ .Values.ports.metrics }}
+      targetPort: {{ .Values.ports.metrics }}

charts/demeter-fabric/templates/podmonitor.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "demeter-fabric.labels" . | nindent 4 }}
+    {{- with .Values.podMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "demeter-fabric.selectorLabels" . | nindent 6 }}
+  podMetricsEndpoints:
+    - port: metrics
+      path: /metrics
+{{- end }}

charts/demeter-fabric/templates/rbac.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "demeter-fabric.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "demeter-fabric.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "demeter-fabric.fullname" . }}
+  labels: {{- include "demeter-fabric.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["", "demeter.run", "networking.k8s.io", "gateway.networking.k8s.io", "configuration.konghq.com", "coordination.k8s.io"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "demeter-fabric.fullname" . }}
+  labels: {{- include "demeter-fabric.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "demeter-fabric.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "demeter-fabric.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/demeter-fabric/templates/sts.yaml

@@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "demeter-fabric.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  revisionHistoryLimit: 0
+  serviceName: {{ .Values.service.name | default .Release.Name }}
+  {{- with .Values.updateStrategy }}
+  updateStrategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  persistentVolumeClaimRetentionPolicy:
+    whenDeleted: Retain
+    whenScaled: Retain
+  selector:
+    matchLabels: {{- include "demeter-fabric.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels: {{- include "demeter-fabric.selectorLabels" . | nindent 8 -}}
+        {{- if .Values.podLabels }}
+          {{- toYaml .Values.podLabels | nindent 8 -}}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ if .Values.rbac.enabled }}{{ include "demeter-fabric.fullname" . }}{{ else }}default{{ end }}
+      automountServiceAccountToken: true
+      terminationGracePeriodSeconds: 30
+      {{- if .Values.tolerations }}
+      tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{ toYaml .Values.affinity | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ .Release.Name }}-config
+      containers:
+        - name: daemon
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: DAEMON_CONFIG
+              value: /fabric/daemon.toml
+            - name: RUST_LOG
+              value: {{ .Values.config.rustLog | quote }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: cache
+              mountPath: /var/cache
+            - name: config
+              mountPath: /fabric
+          ports:
+            - name: metrics
+              containerPort: {{ .Values.ports.metrics }}
+              protocol: TCP
+  volumeClaimTemplates:
+    - metadata:
+        name: cache
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: {{ .Values.storage.size }}
+        {{- if not (kindIs "invalid" .Values.storage.storageClassName) }}
+        storageClassName: {{ .Values.storage.storageClassName }}
+        {{- end }}

charts/demeter-fabric/values.yaml

@@ -0,0 +1,57 @@
+replicaCount: 1
+
+updateStrategy:
+  type: RollingUpdate
+
+image:
+  repository: ghcr.io/demeter-run/fabric-daemon
+  tag: "6077ca0335291f668a4cbe122759c310cb46a4f1"
+  pullPolicy: IfNotPresent
+
+podAnnotations: {}
+podLabels: {}
+
+resources: {}
+
+storage:
+  size: 10Gi
+  storageClassName: ""
+
+tolerations: []
+
+affinity: {}
+
+ports:
+  metrics: 9946
+
+service:
+  # Optional custom service name. If not set, release name will be used.
+  name: ""
+
+# Daemon TOML configuration
+config:
+  clusterId: ""
+  mode: "full"
+  rustLog: "error"
+  prometheus:
+    url: "http://prometheus-operated.dmtr-system.svc.cluster.local:9090/api/v1"
+    delaySec: 3600
+    queryStep: "10m"
+  kafka:
+    brokerUrls: ""
+    username: ""
+    password: ""
+    topicEvents: "events"
+    topicUsage: "usage"
+    consumerMonitorName: ""
+    consumerCacheName: ""
+
+# RBAC - grants cluster-wide permissions to the default ServiceAccount.
+# Names are scoped to the namespace, so only one release per namespace is supported.
+rbac:
+  enabled: true
+
+# PodMonitor for Prometheus Operator
+podMonitor:
+  enabled: false
+  labels: {}