From 858b569eeabc70202b3648559e9fcc9d00f6d9ba Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sat, 7 Dec 2024 19:09:08 +0100 Subject: [PATCH 01/24] Added ALPHA quality kargo stack from cnoe stack --- template/registry/kargo.yaml | 24 ++++++ template/stacks/kargo/kargo.yaml | 23 ++++++ template/stacks/kargo/kargo/cert-manager.yaml | 28 +++++++ template/stacks/kargo/kargo/kargo.yaml | 73 +++++++++++++++++++ 4 files changed, 148 insertions(+) create mode 100644 template/registry/kargo.yaml create mode 100644 template/stacks/kargo/kargo.yaml create mode 100644 template/stacks/kargo/kargo/cert-manager.yaml create mode 100644 template/stacks/kargo/kargo/kargo.yaml diff --git a/template/registry/kargo.yaml b/template/registry/kargo.yaml new file mode 100644 index 0000000..7917f2b --- /dev/null +++ b/template/registry/kargo.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kargo + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + name: in-cluster + namespace: argocd + source: + path: stacks/kargo + repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + targetRevision: HEAD + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/template/stacks/kargo/kargo.yaml b/template/stacks/kargo/kargo.yaml new file mode 100644 index 0000000..987ca3b --- /dev/null +++ b/template/stacks/kargo/kargo.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kargo + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + name: in-cluster + namespace: kargo + source: + path: stacks/kargo/kargo + repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD diff --git a/template/stacks/kargo/kargo/cert-manager.yaml b/template/stacks/kargo/kargo/cert-manager.yaml new file mode 100644 index 0000000..53cc976 --- /dev/null +++ b/template/stacks/kargo/kargo/cert-manager.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + server: "https://kubernetes.default.svc" + namespace: cert-manager + source: + chart: cert-manager + repoURL: https://charts.jetstack.io + targetRevision: 1.14.5 + helm: + releaseName: cert-manager + valueFiles: + - values.yaml + values: | + installCRDs: true + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/template/stacks/kargo/kargo/kargo.yaml b/template/stacks/kargo/kargo/kargo.yaml new file mode 100644 index 0000000..d712e0e --- /dev/null +++ b/template/stacks/kargo/kargo/kargo.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kargo +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kargo-helm + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + server: "https://kubernetes.default.svc" + namespace: kargo + source: + chart: kargo + repoURL: ghcr.io/akuity/kargo-charts + targetRevision: 1.0.3 + helm: + parameters: + - name: api.ingress.tls.enabled + value: "false" + - name: api.tls.selfSignedCert + value: "true" + - name: api.secret.name + value: kargo-api + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kargo-api + namespace: kargo + annotations: + # We need the ingress to pass through ssl traffic to the vCluster + # This only works for the nginx-ingress (enable via --enable-ssl-passthrough + # https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough ) + # for other ingress controllers please check their respective documentation. + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" +spec: + ingressClassName: "nginx" + rules: + - host: kargo.cnoe.localtest.me + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kargo-api + port: + number: 443 +--- +apiVersion: v1 +data: + ADMIN_ACCOUNT_PASSWORD_HASH: JDJhJDEwJFpyaGhpZTR2THo1eWd0VlNhaWY2by5xTjM2amdzNnZqdE1CZE02eXJVMUZPZWlBQU1NeE9t + ADMIN_ACCOUNT_TOKEN_SIGNING_KEY: aXdpc2h0b3dhc2hteWlyaXNod3Jpc3R3YXRjaA== +kind: Secret +metadata: + labels: + name: kargo-api + namespace: kargo +type: Opaque From 2ed2dbcc96c332246cea395a5e60e4f4eb8ee74c Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sat, 7 Dec 2024 19:40:57 +0100 Subject: [PATCH 02/24] Removed ALPHA quality kargo stack from cnoe stack --- template/registry/kargo.yaml | 24 ------ template/stacks/kargo/kargo.yaml | 23 ------ template/stacks/kargo/kargo/cert-manager.yaml | 28 ------- template/stacks/kargo/kargo/kargo.yaml | 73 ------------------- 4 files changed, 148 deletions(-) delete mode 100644 template/registry/kargo.yaml delete mode 100644 template/stacks/kargo/kargo.yaml delete mode 100644 template/stacks/kargo/kargo/cert-manager.yaml delete mode 100644 template/stacks/kargo/kargo/kargo.yaml diff --git a/template/registry/kargo.yaml b/template/registry/kargo.yaml deleted file mode 100644 index 7917f2b..0000000 --- a/template/registry/kargo.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kargo - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: stacks/kargo - repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/template/stacks/kargo/kargo.yaml b/template/stacks/kargo/kargo.yaml deleted file mode 100644 index 987ca3b..0000000 --- a/template/stacks/kargo/kargo.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kargo - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - destination: - name: in-cluster - namespace: kargo - source: - path: stacks/kargo/kargo - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder - targetRevision: HEAD diff --git a/template/stacks/kargo/kargo/cert-manager.yaml b/template/stacks/kargo/kargo/cert-manager.yaml deleted file mode 100644 index 53cc976..0000000 --- a/template/stacks/kargo/kargo/cert-manager.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cert-manager - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: "https://kubernetes.default.svc" - namespace: cert-manager - source: - chart: cert-manager - repoURL: https://charts.jetstack.io - targetRevision: 1.14.5 - helm: - releaseName: cert-manager - valueFiles: - - values.yaml - values: | - installCRDs: true - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/template/stacks/kargo/kargo/kargo.yaml b/template/stacks/kargo/kargo/kargo.yaml deleted file mode 100644 index d712e0e..0000000 --- a/template/stacks/kargo/kargo/kargo.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kargo ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kargo-helm - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: "https://kubernetes.default.svc" - namespace: kargo - source: - chart: kargo - repoURL: ghcr.io/akuity/kargo-charts - targetRevision: 1.0.3 - helm: - parameters: - - name: api.ingress.tls.enabled - value: "false" - - name: api.tls.selfSignedCert - value: "true" - - name: api.secret.name - value: kargo-api - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kargo-api - namespace: kargo - annotations: - # We need the ingress to pass through ssl traffic to the vCluster - # This only works for the nginx-ingress (enable via --enable-ssl-passthrough - # https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough ) - # for other ingress controllers please check their respective documentation. - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" -spec: - ingressClassName: "nginx" - rules: - - host: kargo.cnoe.localtest.me - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: kargo-api - port: - number: 443 ---- -apiVersion: v1 -data: - ADMIN_ACCOUNT_PASSWORD_HASH: JDJhJDEwJFpyaGhpZTR2THo1eWd0VlNhaWY2by5xTjM2amdzNnZqdE1CZE02eXJVMUZPZWlBQU1NeE9t - ADMIN_ACCOUNT_TOKEN_SIGNING_KEY: aXdpc2h0b3dhc2hteWlyaXNod3Jpc3R3YXRjaA== -kind: Secret -metadata: - labels: - name: kargo-api - namespace: kargo -type: Opaque From 76c7d07c06fe659cb9ecf23b53e2183a22a2fb07 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sat, 7 Dec 2024 22:58:43 +0100 Subject: [PATCH 03/24] Refactored forgejo-runner --- template/forgejo-runner/.helmignore | 23 ------ template/forgejo-runner/Chart.yaml | 24 ------ template/forgejo-runner/templates/NOTES.txt | 7 -- .../forgejo-runner/templates/_helpers.tpl | 62 -------------- .../forgejo-runner/templates/deployment.yaml | 82 ------------------- template/forgejo-runner/templates/secret.yaml | 13 --- template/forgejo-runner/values.yaml | 45 ---------- .../stacks/core/forgejo-runner/values.yaml | 3 - .../forgejo-runner.yaml | 4 +- .../forgejo-runner/values.yaml | 14 ++++ 10 files changed, 16 insertions(+), 261 deletions(-) delete mode 100644 template/forgejo-runner/.helmignore delete mode 100644 template/forgejo-runner/Chart.yaml delete mode 100644 template/forgejo-runner/templates/NOTES.txt delete mode 100644 template/forgejo-runner/templates/_helpers.tpl delete mode 100644 template/forgejo-runner/templates/deployment.yaml delete mode 100644 template/forgejo-runner/templates/secret.yaml delete mode 100644 template/forgejo-runner/values.yaml delete mode 100644 template/stacks/core/forgejo-runner/values.yaml rename template/stacks/{core => ref-implementation}/forgejo-runner.yaml (77%) create mode 100644 template/stacks/ref-implementation/forgejo-runner/values.yaml diff --git a/template/forgejo-runner/.helmignore b/template/forgejo-runner/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/template/forgejo-runner/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/template/forgejo-runner/Chart.yaml b/template/forgejo-runner/Chart.yaml deleted file mode 100644 index 49a663c..0000000 --- a/template/forgejo-runner/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: forgejo-runner -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/template/forgejo-runner/templates/NOTES.txt b/template/forgejo-runner/templates/NOTES.txt deleted file mode 100644 index e2dcc06..0000000 --- a/template/forgejo-runner/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -{{- if not .Values.registration.enabled}} -You will have to manually create a secret with the registration token, since you have not specified the registration token in the values.yaml file. - -To create a secret with the registration token, run the following command: - - kubectl create secret generic {{ include "forgejo-runner.fullname" . }}-token --from-literal=token= -{{- end}} diff --git a/template/forgejo-runner/templates/_helpers.tpl b/template/forgejo-runner/templates/_helpers.tpl deleted file mode 100644 index 7af352b..0000000 --- a/template/forgejo-runner/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "forgejo-runner.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "forgejo-runner.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "forgejo-runner.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "forgejo-runner.labels" -}} -helm.sh/chart: {{ include "forgejo-runner.chart" . }} -{{ include "forgejo-runner.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "forgejo-runner.selectorLabels" -}} -app.kubernetes.io/name: {{ include "forgejo-runner.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "forgejo-runner.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "forgejo-runner.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/template/forgejo-runner/templates/deployment.yaml b/template/forgejo-runner/templates/deployment.yaml deleted file mode 100644 index 0134e8f..0000000 --- a/template/forgejo-runner/templates/deployment.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - {{- include "forgejo-runner.labels" . | nindent 4 }} - name: {{ include "forgejo-runner.fullname" . }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "forgejo-runner.selectorLabels" . | nindent 6 }} - strategy: {} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "forgejo-runner.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - volumes: - - name: docker-certs - emptyDir: {} - - name: runner-data - emptyDir: {} - initContainers: - - name: runner-register - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL)] - env: - - name: RUNNER_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: RUNNER_SECRET - valueFrom: - secretKeyRef: - name: {{ include "forgejo-runner.fullname" . }}-token - key: token - - name: FORGEJO_INSTANCE_URL - value: {{ .Values.forgejoUrl }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: runner-data - mountPath: /data - containers: - - name: runner - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - command: ["sh", "-c", "while ! nc -z localhost 2376 Date: Sun, 8 Dec 2024 00:00:28 +0100 Subject: [PATCH 04/24] Added velero preparations --- .../create-new-cluster-guestbook/kindcluster.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml b/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml index 796b866..3abe324 100644 --- a/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml +++ b/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml @@ -15,6 +15,10 @@ spec: nodeRegistration: kubeletExtraArgs: node-labels: "ingress-ready=true" + # TODO: RIRE used maybe for velero backup + # extraMounts: + # - hostPath: /tmp/backup # replace with your own path + # containerPath: /backup providerConfigRef: name: kind-provider writeConnectionSecretToRef: From 77404e8475976fe95b16e0fc65875fec21300d7e Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 00:29:28 +0100 Subject: [PATCH 05/24] Backported changes of stacks in edfbuilder repo --- template/registry/local-backup.yaml | 24 + template/stacks/local-backup/README.md | 126 +++ template/stacks/local-backup/demo/backup.yaml | 9 + .../stacks/local-backup/demo/restore.yaml | 10 + template/stacks/local-backup/minio.yaml | 33 + .../local-backup/minio/helm/values.yaml | 23 + .../minio/manifests/minio-pv.yaml | 13 + .../minio/manifests/secret-sync.yaml | 154 ++++ template/stacks/local-backup/velero.yaml | 31 + .../local-backup/velero/helm/values.yaml | 25 + .../stacks/monitoring/grafana-dashboards.yaml | 25 + .../stacks/monitoring/kube-prometheus.yaml | 4 +- .../dashboards/dashboard_loki_apps.yaml | 268 ++++++ .../dashboards/dashboard_loki_components.yaml | 845 ++++++++++++++++++ .../dashboards/dashboard_loki_container.yaml | 537 +++++++++++ .../monitoring/kube-prometheus/values.yaml | 34 +- .../kube-prometheus/values_test_osc.yaml | 15 + template/stacks/monitoring/loki.yaml | 34 + template/stacks/monitoring/loki/values.yaml | 13 + template/stacks/monitoring/promtail.yaml | 29 + .../stacks/monitoring/promtail/values.yaml | 45 + .../ref-implementation/fibonacci-app.yaml | 25 + .../fibonacci-app/deployment.yaml | 20 + .../fibonacci-app/ingress.yaml | 18 + .../fibonacci-app/service.yaml | 13 + .../stacks/ref-implementation/openbao.yaml | 34 + .../ref-implementation/openbao/values.yaml | 12 + 27 files changed, 2411 insertions(+), 8 deletions(-) create mode 100644 template/registry/local-backup.yaml create mode 100644 template/stacks/local-backup/README.md create mode 100644 template/stacks/local-backup/demo/backup.yaml create mode 100644 template/stacks/local-backup/demo/restore.yaml create mode 100644 template/stacks/local-backup/minio.yaml create mode 100644 template/stacks/local-backup/minio/helm/values.yaml create mode 100644 template/stacks/local-backup/minio/manifests/minio-pv.yaml create mode 100644 template/stacks/local-backup/minio/manifests/secret-sync.yaml create mode 100644 template/stacks/local-backup/velero.yaml create mode 100644 template/stacks/local-backup/velero/helm/values.yaml create mode 100644 template/stacks/monitoring/grafana-dashboards.yaml create mode 100644 template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml create mode 100644 template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml create mode 100644 template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml create mode 100644 template/stacks/monitoring/kube-prometheus/values_test_osc.yaml create mode 100644 template/stacks/monitoring/loki.yaml create mode 100644 template/stacks/monitoring/loki/values.yaml create mode 100644 template/stacks/monitoring/promtail.yaml create mode 100644 template/stacks/monitoring/promtail/values.yaml create mode 100644 template/stacks/ref-implementation/fibonacci-app.yaml create mode 100644 template/stacks/ref-implementation/fibonacci-app/deployment.yaml create mode 100644 template/stacks/ref-implementation/fibonacci-app/ingress.yaml create mode 100644 template/stacks/ref-implementation/fibonacci-app/service.yaml create mode 100644 template/stacks/ref-implementation/openbao.yaml create mode 100644 template/stacks/ref-implementation/openbao/values.yaml diff --git a/template/registry/local-backup.yaml b/template/registry/local-backup.yaml new file mode 100644 index 0000000..dc5cfbe --- /dev/null +++ b/template/registry/local-backup.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: local-backup + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + name: in-cluster + namespace: argocd + source: + path: stacks/local-backup + repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + targetRevision: HEAD + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/template/stacks/local-backup/README.md b/template/stacks/local-backup/README.md new file mode 100644 index 0000000..3ded63d --- /dev/null +++ b/template/stacks/local-backup/README.md @@ -0,0 +1,126 @@ +# Local Backup with Velero and Minio + +This is example is adapted from the original icpbuilder stack. + +The two significant changes from the original were made: + +* disabled `hostPath` mount to persist backups within kind, since backups do not work sufficiently in this example due to PVC issues, see below. +* renamed `minio` namespace to `minio-backup` so it does not collide with other minio examples. + +Within kind, it can only backup kubernetes objects. Data from PVC's is skipped, see below why. + +[Velero](https://velero.io/) requires some compatible storage providers as its backup target. This local installation uses [MinIO](https://min.io/) as an example. +However, MinIO is not officially supported by Velero but works due to S3 compatibility. + +The current setup does NOT persist backups but stores them in MinIO's PVCs. Proper backups should configure external storage, see [Supported Providers](https://velero.io/docs/main/supported-providers/). + +## Installation + +The stack is installed as part of the `./example.sh` run. + +In order to persist a local backup you have to mount a local directory within `main.go`: + +```yaml +nodes: + - role: control-plane + extraMounts: + - hostPath: /some/path/backup # replace with your own path + containerPath: /backup +``` + +Kind creates the directory on the host but you might have to adjust the permissions, otherwise the minio pod fails to start. + +## Using it + +After the installation velero and minio should be visible in ArgoCD. + +During the installation credentials for minio are generated and shared with velero. You can access them manually: + +```bash +kubectl -n minio-backup get secret root-creds -o go-template='{{ range $key, $value := .data }}{{ printf "%s: %s\n" $key ($value | base64decode) }}{{ end }}' +# example output +# rootPassword: aKKZzLnyry6OYZts17vMTf32H5ghFL4WYgu6bHujm +# rootUser: ge8019yksArb7BICt3MLY9 +``` + +A bucket in minio was created and velero uses it for its backups by default, see helm `values.yaml` files. + + +### Backup and Restore + +Backups and subsequent restores can be scheduled by either using the velero cli or by creating CRD objects. + +Check the `./demo` directory for equivalent CRD manifests. + +Create a backup of the backstage namespace, see `schedule` task for more permanent setups: + +```shell +velero backup create backstage-backup --include-namespaces backstage +``` + +There are more options to create a fine granular backup and to set the backup storage. +See velero's docs for details. + +Check the backup with: +```shell +velero backup get +``` + +To get more details on the backup you need to be able to connect to velero's backup storage, i.e. minio. +Using `kubefwd` here helps a lot (this is not necessary for restore). + +```shell +kubefwd services -n minio-backup +``` + +More details with `describe` and `logs`: + +```shell +velero backup describe backstage-backup --details +velero backup logs backstage-backup +``` + +Restore the backup into the original namespace, you might want to delete the existing namespace beforehand: + +```shell +kubectl delete namespace backstage +velero restore create --from-backup backstage-backup +``` + +When restoring, velero does not replace existing objects in the backup target. + +ArgoCD does pickup on the changes and also validates that the backup is in sync. + + +## Issues with Persistent Volumes + +Velero has no issue to backup kubernetes objects like Deployments, ConfigMaps, etc. since they are just yaml/json definitions. +Volumes containing data are, however, more complex. The preferred type of backup are kubernetes' VolumeSnapshots as they consistently store the state +of a volume at a given point in time in an atomic action. Those snapshots live within the cluster and are subsequently downloaded into one of velero's +storage backends for safekeeping. + +However, VolumeSnapshots are only possible on storage backends that support them via CSI drivers. +Backends like `nfs` or `hostPath` do NOT support them. Here, velero uses an alternative method +called [File System Backups](https://velero.io/docs/main/file-system-backup/). +In essence, this a simple copy operation based on the file system. Even though +this uses more sophisticated tooling under the hood, i.e. kopia, it is not +possible to create a backup in an atomic transaction. Thus, the resulting backup +might be inconsistent. + +Furthermore, for file system backups to work velero installs a node-agent as a +DaemonSet on each Kubernetes node. The agent is aware of the node's internal +storage and accesses the directories on the host directly to copy the files. +This is not supported for hostPath volumes as they mount an arbitrary path +on the host. In theory, a backup is possible but due extra config and security +considerations intentionally skipped. Kind's local-path provider storage uses +a hostPath and is thus not supported for any kind of backup. + +## TODOs + +* The MinIO -backup installation is only intended as an example and must either +be configured properly or replaced. + +* The current example does not automatically schedule backups. + +* velero chart must be properly parameterized + diff --git a/template/stacks/local-backup/demo/backup.yaml b/template/stacks/local-backup/demo/backup.yaml new file mode 100644 index 0000000..e335141 --- /dev/null +++ b/template/stacks/local-backup/demo/backup.yaml @@ -0,0 +1,9 @@ +# velero backup create backstage-backup --include-namespaces backstage +apiVersion: velero.io/v1 +kind: Backup +metadata: + name: backstage-backup + namespace: velero +spec: + includedNamespaces: + - 'backstage' diff --git a/template/stacks/local-backup/demo/restore.yaml b/template/stacks/local-backup/demo/restore.yaml new file mode 100644 index 0000000..b0fd5b5 --- /dev/null +++ b/template/stacks/local-backup/demo/restore.yaml @@ -0,0 +1,10 @@ +# velero restore create --from-backup backstage-backup +apiVersion: velero.io/v1 +kind: Restore +metadata: + name: backstage-backup + namespace: velero +spec: + backupName: backstage-backup + includedNamespaces: + - 'backstage' diff --git a/template/stacks/local-backup/minio.yaml b/template/stacks/local-backup/minio.yaml new file mode 100644 index 0000000..cd23156 --- /dev/null +++ b/template/stacks/local-backup/minio.yaml @@ -0,0 +1,33 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: minio + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + sources: + - repoURL: 'https://charts.min.io' + targetRevision: 5.0.15 + helm: + releaseName: minio + valueFiles: + - $values/stacks/local-backup/minio/helm/values.yaml + chart: minio + - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + ref: values + - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/local-backup/minio/manifests" + destination: + server: "https://kubernetes.default.svc" + namespace: minio-backup + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true diff --git a/template/stacks/local-backup/minio/helm/values.yaml b/template/stacks/local-backup/minio/helm/values.yaml new file mode 100644 index 0000000..8a58d96 --- /dev/null +++ b/template/stacks/local-backup/minio/helm/values.yaml @@ -0,0 +1,23 @@ +replicas: 1 +mode: standalone + +resources: + requests: + memory: 128Mi + +persistence: + enabled: true + storageClass: standard + size: 512Mi + # volumeName: backup # re-enable this to mount a local host path, see minio-pv.yaml + +buckets: + - name: edfbuilder-backups + +consoleIngress: + enabled: true + ingressClassName: nginx + hosts: + - minio-backup.{{ .Values.edfbuilderTargetDomain }} + +existingSecret: root-creds diff --git a/template/stacks/local-backup/minio/manifests/minio-pv.yaml b/template/stacks/local-backup/minio/manifests/minio-pv.yaml new file mode 100644 index 0000000..8f2c88c --- /dev/null +++ b/template/stacks/local-backup/minio/manifests/minio-pv.yaml @@ -0,0 +1,13 @@ +# re-enable this config to mount a local host path, see `../helm/values.yaml` +# apiVersion: v1 +# kind: PersistentVolume +# metadata: +# name: backup +# spec: +# storageClassName: standard +# accessModes: +# - ReadWriteOnce +# capacity: +# storage: 512Mi +# hostPath: +# path: /backup diff --git a/template/stacks/local-backup/minio/manifests/secret-sync.yaml b/template/stacks/local-backup/minio/manifests/secret-sync.yaml new file mode 100644 index 0000000..c4c7032 --- /dev/null +++ b/template/stacks/local-backup/minio/manifests/secret-sync.yaml @@ -0,0 +1,154 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: secret-sync + namespace: minio-backup + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/sync-wave: "-20" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: secret-sync + namespace: minio-backup + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/sync-wave: "-20" +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: secret-sync + namespace: minio-backup + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/sync-wave: "-20" +subjects: + - kind: ServiceAccount + name: secret-sync + namespace: minio-backup +roleRef: + kind: Role + name: secret-sync + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: secret-sync + namespace: velero + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/sync-wave: "-20" +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: secret-sync + namespace: velero + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/sync-wave: "-20" +subjects: + - kind: ServiceAccount + name: secret-sync + namespace: minio-backup +roleRef: + kind: Role + name: secret-sync + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: secret-sync + namespace: minio-backup + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + generateName: secret-sync + spec: + serviceAccountName: secret-sync + restartPolicy: Never + containers: + - name: kubectl + image: docker.io/bitnami/kubectl + command: ["/bin/bash", "-c"] + args: + - | + set -e + kubectl get secrets -n minio-backup root-creds -o json > /tmp/secret + ACCESS=$(jq -r '.data.rootUser | @base64d' /tmp/secret) + SECRET=$(jq -r '.data.rootPassword | @base64d' /tmp/secret) + + echo \ + "apiVersion: v1 + kind: Secret + metadata: + name: secret-key + namespace: velero + type: Opaque + stringData: + aws: | + [default] + aws_access_key_id=${ACCESS} + aws_secret_access_key=${SECRET} + " > /tmp/secret.yaml + + kubectl apply -f /tmp/secret.yaml +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: minio-root-creds + namespace: minio-backup + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/sync-wave: "-10" +spec: + template: + metadata: + generateName: minio-root-creds + spec: + serviceAccountName: secret-sync + restartPolicy: Never + containers: + - name: kubectl + image: docker.io/bitnami/kubectl + command: ["/bin/bash", "-c"] + args: + - | + kubectl get secrets -n minio-backup root-creds + if [ $? -eq 0 ]; then + exit 0 + fi + + set -e + + NAME=$(openssl rand -base64 24) + PASS=$(openssl rand -base64 36) + + echo \ + "apiVersion: v1 + kind: Secret + metadata: + name: root-creds + namespace: minio-backup + type: Opaque + stringData: + rootUser: "${NAME}" + rootPassword: "${PASS}" + " > /tmp/secret.yaml + + kubectl apply -f /tmp/secret.yaml diff --git a/template/stacks/local-backup/velero.yaml b/template/stacks/local-backup/velero.yaml new file mode 100644 index 0000000..4a818ab --- /dev/null +++ b/template/stacks/local-backup/velero.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: velero + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + sources: + - repoURL: 'https://vmware-tanzu.github.io/helm-charts' + targetRevision: 8.0.0 + helm: + releaseName: velero + valueFiles: + - $values/stacks/local-backup/velero/helm/values.yaml + chart: velero + - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + ref: values + destination: + server: "https://kubernetes.default.svc" + namespace: velero + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true diff --git a/template/stacks/local-backup/velero/helm/values.yaml b/template/stacks/local-backup/velero/helm/values.yaml new file mode 100644 index 0000000..5b7d8d7 --- /dev/null +++ b/template/stacks/local-backup/velero/helm/values.yaml @@ -0,0 +1,25 @@ +resources: + requests: + memory: 128Mi +initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.11.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins +# snapshotsEnabled: false # create snapshot crd? +# deployNodeAgent: true # install node agent as daemonset for file system backups? +configuration: + # defaultVolumesToFsBackup: true # backup pod volumes via fsb without explicit annotation? + backupStorageLocation: + - name: default + provider: aws + bucket: edfbuilder-backups + credential: + name: secret-key # this key is created within the minio-backup/secret-sync and injected into the velero namespace + key: aws + config: + region: minio + s3Url: http://minio.minio-backup.svc.cluster.local:9000 # internal resolution, external access for velero cli via fwd + s3ForcePathStyle: "true" diff --git a/template/stacks/monitoring/grafana-dashboards.yaml b/template/stacks/monitoring/grafana-dashboards.yaml new file mode 100644 index 0000000..8a4b7be --- /dev/null +++ b/template/stacks/monitoring/grafana-dashboards.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: grafana-dashboards + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/monitoring/kube-prometheus/dashboards" + destination: + server: "https://kubernetes.default.svc" + namespace: monitoring + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus.yaml b/template/stacks/monitoring/kube-prometheus.yaml index c0d1347..2dac1f1 100644 --- a/template/stacks/monitoring/kube-prometheus.yaml +++ b/template/stacks/monitoring/kube-prometheus.yaml @@ -14,7 +14,7 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true - - ServerSideApply=true + - ServerSideApply=true # TODO: RIRE What does this mean: do not copy metdata, since (because of its large size) it can lead to sync failure destination: name: in-cluster namespace: monitoring @@ -27,4 +27,4 @@ spec: - $values/stacks/monitoring/kube-prometheus/values.yaml - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder targetRevision: HEAD - ref: values \ No newline at end of file + ref: values diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml new file mode 100644 index 0000000..9e84526 --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml @@ -0,0 +1,268 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-1 + labels: + grafana_dashboard: "1" +data: + k8s-dashboard-01.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 1, + "links": [ + ], + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 5, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "expr": "{app=\"crossplane\"}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: App crossplane", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 4, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "expr": "{app=\"argo-server\"}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: App argo-server", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 3, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "expr": "{app=\"forgejo\"}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: App forgejo", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 2, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "expr": "{app=\"backstage\"}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: App backstage", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 1, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "expr": "{app=\"shoot-control-plane\"}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: App shoot-control-plane", + "type": "logs" + } + ], + "preload": false, + "schemaVersion": 40, + "tags": [ + ], + "templating": { + "list": [ + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + }, + "timezone": "browser", + "title": "Loki Logs: Apps", + "uid": "ee4iuluru756of", + "version": 2, + "weekStart": "" + } \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml new file mode 100644 index 0000000..b35ed60 --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml @@ -0,0 +1,845 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-2 + labels: + grafana_dashboard: "1" +data: + k8s-dashboard-02.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 30, + "links": [ + ], + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 19, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"server\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component server", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 17, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"repo-server\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component repo-server", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 16, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"redis\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component redis", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 15, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"query-frontend\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component query-frontend", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 14, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"querier\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component querier", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 13, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"prometheus-operator-webhook\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component prometheus-operator-webhook", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 48 + }, + "id": 12, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"prometheus-operator\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component prometheus-operator", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 11, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"metrics\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component metrics", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 64 + }, + "id": 10, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"kube-scheduler\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component kube-scheduler", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 72 + }, + "id": 9, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"kube-controller-manager\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component kube-controller-manager", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 80 + }, + "id": 8, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"kube-apiserver\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component kube-apiserver", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 88 + }, + "id": 7, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"ingester\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component ingester", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 96 + }, + "id": 6, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"gateway\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component gateway", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 104 + }, + "id": 5, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"etcd\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component etcd", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 112 + }, + "id": 4, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"distributor\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component distributor", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 120 + }, + "id": 3, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"controller\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component controller", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 128 + }, + "id": 2, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"cloud-infrastructure-controller\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component cloud-infrastructure-controller", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 136 + }, + "id": 1, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{component=\"applicationset-controller\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Component application-controller", + "type": "logs" + } + ], + "preload": false, + "schemaVersion": 40, + "tags": [ + ], + "templating": { + "list": [ + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + }, + "timezone": "browser", + "title": "Loki Logs: Components", + "uid": "ae4zuyp1kui9sc", + "version": 2, + "weekStart": "" + } \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml new file mode 100644 index 0000000..267bd90 --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml @@ -0,0 +1,537 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-3 + labels: + grafana_dashboard: "1" +data: + k8s-dashboard-03.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 31, + "links": [ + ], + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 11, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"repo-server\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container repo-server", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 10, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"promtail\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container promtail", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 9, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"prometheus\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container prometheus", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 8, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"postgres\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container postgres", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 7, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"kube-prometheus-stack\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container kube-prometheus-stack", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 6, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"keycloak\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container keycloak", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 48 + }, + "id": 5, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"grafana\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container grafana", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 4, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"forgejo\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container forgejo", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 64 + }, + "id": 3, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"crossplane\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container crossplane", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 72 + }, + "id": 2, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"backstage\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container backstage", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + }, + "overrides": [ + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 80 + }, + "id": 1, + "options": { + "dedupStrategy": "none", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "builder", + "expr": "{container=\"argo-server\"} |= ``", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs: Container argo-server", + "type": "logs" + } + ], + "preload": false, + "schemaVersion": 40, + "tags": [ + ], + "templating": { + "list": [ + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + }, + "timezone": "browser", + "title": "Loki Logs: Container", + "uid": "ee50bcaehmv40e", + "version": 2, + "weekStart": "" + } \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index d4f21b9..7b80872 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -6,15 +6,37 @@ grafana: userKey: admin-user passwordKey: admin-password - grafana.ini: - server: - domain: {{ .Values.edfbuilderTargetDomain }} - root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true + defaultDashboardsTimezone: Europe/Berlin + + additionalDataSources: + - name: Loki + type: loki + url: http://loki-loki-distributed-gateway.monitoring:80 + + syncPolicy: + syncOptions: + - ServerSideApply=true ingress: enabled: true ingressClassName: nginx hosts: - {{ .Values.edfbuilderTargetDomain }} - path: /grafana \ No newline at end of file + path: /grafana + + sidecar: + dashboards: + enabled: true + label: grafana_dashboard + folder: /tmp/dashboards + updateIntervalSeconds: 10 + folderAnnotation: grafana_folder + provider: + allowUiUpdates: true + foldersFromFilesStructure: true + + grafana.ini: + server: + domain: {{ .Values.edfbuilderTargetDomain }} + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml new file mode 100644 index 0000000..55c0451 --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml @@ -0,0 +1,15 @@ +grafana: + namespaceOverride: "monitoring" + + grafana.ini: + server: + domain: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true + + ingress: + enabled: true + ingressClassName: nginx + hosts: + - {{ .Values.edfbuilderTargetDomain }} + path: /grafana \ No newline at end of file diff --git a/template/stacks/monitoring/loki.yaml b/template/stacks/monitoring/loki.yaml new file mode 100644 index 0000000..10e254f --- /dev/null +++ b/template/stacks/monitoring/loki.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: loki + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + name: in-cluster + namespace: monitoring + sources: + - repoURL: https://github.com/grafana/helm-charts + path: charts/loki-distributed + targetRevision: HEAD + helm: + valueFiles: + - $values/stacks/monitoring/loki/values.yaml + - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + ref: values + + ## consider using the following version, if it works again + #- repoURL: https://github.com/grafana/loki + # path: production/helm/loki + diff --git a/template/stacks/monitoring/loki/values.yaml b/template/stacks/monitoring/loki/values.yaml new file mode 100644 index 0000000..e682468 --- /dev/null +++ b/template/stacks/monitoring/loki/values.yaml @@ -0,0 +1,13 @@ +loki: + commonConfig: + replication_factor: 1 + auth_enabled: false + + #experimental + storageConfig: + # boltdb_shipper: + # shared_store: s3 + # aws: + # s3: s3://${cluster_region} + # bucketnames: ${bucket_name} + filesystem: null diff --git a/template/stacks/monitoring/promtail.yaml b/template/stacks/monitoring/promtail.yaml new file mode 100644 index 0000000..279ee88 --- /dev/null +++ b/template/stacks/monitoring/promtail.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: promtail + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + name: in-cluster + namespace: monitoring + sources: + - repoURL: https://github.com/grafana/helm-charts + path: charts/promtail + targetRevision: HEAD + helm: + valueFiles: + - $values/stacks/monitoring/promtail/values.yaml + - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + ref: values \ No newline at end of file diff --git a/template/stacks/monitoring/promtail/values.yaml b/template/stacks/monitoring/promtail/values.yaml new file mode 100644 index 0000000..49faadc --- /dev/null +++ b/template/stacks/monitoring/promtail/values.yaml @@ -0,0 +1,45 @@ +# -- Overrides the chart's name +nameOverride: null + +# -- Overrides the chart's computed fullname +fullnameOverride: null + +global: + # -- Allow parent charts to override registry hostname + imageRegistry: "" + # -- Allow parent charts to override registry credentials + imagePullSecrets: [] + +daemonset: + # -- Deploys Promtail as a DaemonSet + enabled: true + autoscaling: + # -- Creates a VerticalPodAutoscaler for the daemonset + enabled: false + +deployment: + # -- Deploys Promtail as a Deployment + enabled: false + +config: + enabled: true + logLevel: info + logFormat: logfmt + serverPort: 3101 + clients: + - url: http://loki-loki-distributed-gateway/loki/api/v1/push + scrape_configs: + - job_name: authlog + static_configs: + - targets: + - authlog + labels: + job: authlog + __path__: /logs/auth.log + - job_name: syslog + static_configs: + - targets: + - syslog + labels: + job: syslog + __path__: /logs/syslog \ No newline at end of file diff --git a/template/stacks/ref-implementation/fibonacci-app.yaml b/template/stacks/ref-implementation/fibonacci-app.yaml new file mode 100644 index 0000000..bd5c94a --- /dev/null +++ b/template/stacks/ref-implementation/fibonacci-app.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: fibonacci-app + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/ref-implementation/fibonacci-app" + destination: + server: "https://kubernetes.default.svc" + namespace: fibonacci-app + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 diff --git a/template/stacks/ref-implementation/fibonacci-app/deployment.yaml b/template/stacks/ref-implementation/fibonacci-app/deployment.yaml new file mode 100644 index 0000000..16f42e8 --- /dev/null +++ b/template/stacks/ref-implementation/fibonacci-app/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fibonacci-deployment + namespace: fibonacci-app +spec: + replicas: 1 + selector: + matchLabels: + app: fibonacci-go + template: + metadata: + labels: + app: fibonacci-go + spec: + containers: + - name: fibonacci-go + image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/christopher.hase/fibonacci_http_go:1.0.0 + ports: + - containerPort: 9090 \ No newline at end of file diff --git a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml b/template/stacks/ref-implementation/fibonacci-app/ingress.yaml new file mode 100644 index 0000000..c5d189b --- /dev/null +++ b/template/stacks/ref-implementation/fibonacci-app/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: fibonacci-service + namespace: fibonacci-app +spec: + ingressClassName: nginx + rules: + - host: {{ .Values.edfbuilderTargetDomain }} + http: + paths: + - backend: + service: + name: fibonacci-service + port: + number: 9090 + path: /fibonacci + pathType: Prefix \ No newline at end of file diff --git a/template/stacks/ref-implementation/fibonacci-app/service.yaml b/template/stacks/ref-implementation/fibonacci-app/service.yaml new file mode 100644 index 0000000..6458fa4 --- /dev/null +++ b/template/stacks/ref-implementation/fibonacci-app/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: fibonacci-service + namespace: fibonacci-app +spec: + selector: + app: fibonacci-go + ports: + - protocol: TCP + port: 9090 + targetPort: 9090 + type: ClusterIP \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml new file mode 100644 index 0000000..b378351 --- /dev/null +++ b/template/stacks/ref-implementation/openbao.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: openbao + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + syncPolicy: + automated: + selfHeal: false + syncOptions: + - CreateNamespace=true + destination: + name: in-cluster + namespace: openbao + sources: + - repoURL: https://github.com/openbao/openbao-helm.git + path: charts/openbao + targetRevision: HEAD + helm: + valueFiles: + - $values/stacks/ref-implementation/openbao/values.yaml + - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + ref: values + ignoreDifferences: + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + jqPathExpressions: + - .webhooks[]?.clientConfig.caBundle diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml new file mode 100644 index 0000000..d929572 --- /dev/null +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -0,0 +1,12 @@ +server: + ingress: + enabled: true + ingressClassName: nginx + hosts: + - host: openbao.{{ .Values.edfbuilderTargetDomain }} + paths: [] + dev: + enabled: true + +ui: + enabled: true \ No newline at end of file From 47f0536858688eb70f0ac90af1b75dab77924554 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 11:54:47 +0100 Subject: [PATCH 06/24] Imported OSC postgres config to KIND --- .../stacks/ref-implementation/backstage/manifests/install.yaml | 1 + .../stacks/ref-implementation/keycloak/manifests/install.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index 6451dcb..6a77cfb 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -336,6 +336,7 @@ spec: volumeMounts: - name: data mountPath: /var/lib/postgresql/data + subPath: postgres volumeClaimTemplates: - metadata: name: data diff --git a/template/stacks/ref-implementation/keycloak/manifests/install.yaml b/template/stacks/ref-implementation/keycloak/manifests/install.yaml index 82f1eeb..4d01c35 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/install.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/install.yaml @@ -151,6 +151,7 @@ spec: volumeMounts: - name: data mountPath: /var/lib/postgresql/data + subPath: postgres volumeClaimTemplates: - metadata: name: data From 86af4d2db4ce558e7cec713a1e7131ee0cb7956e Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 17:27:59 +0100 Subject: [PATCH 07/24] Start moving all ingresses out of the apps to a central place --- template/stacks/core/ingress-apps.yaml | 22 ++ .../stacks/core/ingress-apps/manifests.yaml | 219 ++++++++++++++++++ .../monitoring/kube-prometheus/values.yaml | 7 - .../fibonacci-app/ingress.yaml | 18 -- .../keycloak/manifests/ingress.yaml | 30 --- .../ref-implementation/openbao/values.yaml | 6 - 6 files changed, 241 insertions(+), 61 deletions(-) create mode 100644 template/stacks/core/ingress-apps.yaml create mode 100644 template/stacks/core/ingress-apps/manifests.yaml delete mode 100644 template/stacks/ref-implementation/fibonacci-app/ingress.yaml delete mode 100644 template/stacks/ref-implementation/keycloak/manifests/ingress.yaml diff --git a/template/stacks/core/ingress-apps.yaml b/template/stacks/core/ingress-apps.yaml new file mode 100644 index 0000000..7b6b125 --- /dev/null +++ b/template/stacks/core/ingress-apps.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-apps + namespace: argocd + labels: + example: ref-implementation + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + server: "https://kubernetes.default.svc" + source: + repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/core/ingress-apps" + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/template/stacks/core/ingress-apps/manifests.yaml b/template/stacks/core/ingress-apps/manifests.yaml new file mode 100644 index 0000000..67a18b3 --- /dev/null +++ b/template/stacks/core/ingress-apps/manifests.yaml @@ -0,0 +1,219 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + name: argo-workflows-ingress + namespace: argo +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: argo-server + port: + name: web + path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: argo-server + port: + name: web + path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + name: argocd-server + namespace: argocd +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: argocd-server + port: + number: 80 + path: /argocd(/|$)(.*) + pathType: ImplementationSpecific + tls: + - hosts: + - cnoe.localtest.me + secretName: argocd-net-tls +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: backstage + namespace: backstage +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: backstage + port: + name: http + path: / + pathType: Prefix + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: backstage + port: + name: http + path: / + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: fibonacci-service + namespace: fibonacci-app +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: fibonacci-service + port: + number: 9090 + path: /fibonacci + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 512m + name: forgejo + namespace: gitea +spec: + ingressClassName: nginx + rules: + - host: gitea.cnoe.localtest.me + http: + paths: + - backend: + service: + name: forgejo-http + port: + number: 3000 + path: / + pathType: Prefix + tls: + - hosts: + - gitea.cnoe.localtest.me + secretName: forgejo-net-tls +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress-localhost + namespace: keycloak +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: keycloak + port: + name: http + path: /keycloak + pathType: ImplementationSpecific + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: keycloak + port: + name: http + path: /keycloak + pathType: ImplementationSpecific +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minio-console + namespace: minio-backup +spec: + ingressClassName: nginx + rules: + - host: minio-backup.cnoe.localtest.me + http: + paths: + - backend: + service: + name: minio-console + port: + number: 9001 + path: / + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kube-prometheus-stack-grafana + namespace: monitoring +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: kube-prometheus-stack-grafana + port: + number: 80 + path: /grafana + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: openbao + namespace: openbao +spec: + ingressClassName: nginx + rules: + - host: openbao.cnoe.localtest.me + http: + paths: + - backend: + service: + name: openbao + port: + number: 8200 + path: / + pathType: Prefix diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index 7b80872..bd4be29 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -17,13 +17,6 @@ grafana: syncOptions: - ServerSideApply=true - ingress: - enabled: true - ingressClassName: nginx - hosts: - - {{ .Values.edfbuilderTargetDomain }} - path: /grafana - sidecar: dashboards: enabled: true diff --git a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml b/template/stacks/ref-implementation/fibonacci-app/ingress.yaml deleted file mode 100644 index c5d189b..0000000 --- a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: fibonacci-service - namespace: fibonacci-app -spec: - ingressClassName: nginx - rules: - - host: {{ .Values.edfbuilderTargetDomain }} - http: - paths: - - backend: - service: - name: fibonacci-service - port: - number: 9090 - path: /fibonacci - pathType: Prefix \ No newline at end of file diff --git a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml b/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml deleted file mode 100644 index 6fea2c7..0000000 --- a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: keycloak-ingress-localhost - namespace: keycloak - annotations: - argocd.argoproj.io/sync-wave: "100" -spec: - ingressClassName: "nginx" - rules: - - host: localhost - http: - paths: - - path: /keycloak - pathType: ImplementationSpecific - backend: - service: - name: keycloak - port: - name: http - - host: {{ .Values.edfbuilderTargetDomain }} - http: - paths: - - path: /keycloak - pathType: ImplementationSpecific - backend: - service: - name: keycloak - port: - name: http diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index d929572..7fecb1d 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,10 +1,4 @@ server: - ingress: - enabled: true - ingressClassName: nginx - hosts: - - host: openbao.{{ .Values.edfbuilderTargetDomain }} - paths: [] dev: enabled: true From 24e2e11116b444b9ea4f258908109f810c78f114 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 17:53:42 +0100 Subject: [PATCH 08/24] Moved all ingresses exect the core ones --- .../local-backup/minio/helm/values.yaml | 6 ---- .../argo-workflows/manifests/dev/ingress.yaml | 31 ------------------- .../backstage/manifests/install.yaml | 29 ----------------- 3 files changed, 66 deletions(-) delete mode 100644 template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml diff --git a/template/stacks/local-backup/minio/helm/values.yaml b/template/stacks/local-backup/minio/helm/values.yaml index 8a58d96..eff14f0 100644 --- a/template/stacks/local-backup/minio/helm/values.yaml +++ b/template/stacks/local-backup/minio/helm/values.yaml @@ -14,10 +14,4 @@ persistence: buckets: - name: edfbuilder-backups -consoleIngress: - enabled: true - ingressClassName: nginx - hosts: - - minio-backup.{{ .Values.edfbuilderTargetDomain }} - existingSecret: root-creds diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml deleted file mode 100644 index ea8c75f..0000000 --- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: argo-workflows-ingress - namespace: argo - annotations: - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/rewrite-target: /$2 -spec: - ingressClassName: "nginx" - rules: - - host: localhost - http: - paths: - - path: /argo-workflows(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: argo-server - port: - name: web - - host: {{ .Values.edfbuilderTargetDomain }} - http: - paths: - - path: /argo-workflows(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: argo-server - port: - name: web diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index 6a77cfb..57124f2 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -425,32 +425,3 @@ spec: remoteRef: key: gitea-credential property: password ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: backstage - namespace: backstage -spec: - ingressClassName: "nginx" - rules: - - host: localhost - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: backstage - port: - name: http - - host: {{ .Values.edfbuilderTargetDomain }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: backstage - port: - name: http From 67a7ba0a3c58925dd1a63bef2355af3e0078404c Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 18:01:13 +0100 Subject: [PATCH 09/24] Separated each ingress --- .../ingress-apps/argo-workflows-ingress.yaml | 31 +++ .../core/ingress-apps/argocd-server.yaml | 27 +++ .../stacks/core/ingress-apps/backstage.yaml | 28 +++ .../core/ingress-apps/fibonacci-service.yaml | 18 ++ .../stacks/core/ingress-apps/forgejo.yaml | 25 ++ .../keycloak-ingress-localhost.yaml | 28 +++ .../kube-prometheus-stack-grafana.yaml | 18 ++ .../stacks/core/ingress-apps/manifests.yaml | 219 ------------------ .../core/ingress-apps/minio-console.yaml | 18 ++ .../stacks/core/ingress-apps/openbao.yaml | 18 ++ 10 files changed, 211 insertions(+), 219 deletions(-) create mode 100644 template/stacks/core/ingress-apps/argo-workflows-ingress.yaml create mode 100644 template/stacks/core/ingress-apps/argocd-server.yaml create mode 100644 template/stacks/core/ingress-apps/backstage.yaml create mode 100644 template/stacks/core/ingress-apps/fibonacci-service.yaml create mode 100644 template/stacks/core/ingress-apps/forgejo.yaml create mode 100644 template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml create mode 100644 template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml delete mode 100644 template/stacks/core/ingress-apps/manifests.yaml create mode 100644 template/stacks/core/ingress-apps/minio-console.yaml create mode 100644 template/stacks/core/ingress-apps/openbao.yaml diff --git a/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml b/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml new file mode 100644 index 0000000..71cead0 --- /dev/null +++ b/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + name: argo-workflows-ingress + namespace: argo +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: argo-server + port: + name: web + path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: argo-server + port: + name: web + path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific diff --git a/template/stacks/core/ingress-apps/argocd-server.yaml b/template/stacks/core/ingress-apps/argocd-server.yaml new file mode 100644 index 0000000..10b4a3a --- /dev/null +++ b/template/stacks/core/ingress-apps/argocd-server.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + name: argocd-server + namespace: argocd +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: argocd-server + port: + number: 80 + path: /argocd(/|$)(.*) + pathType: ImplementationSpecific + tls: + - hosts: + - cnoe.localtest.me + secretName: argocd-net-tls diff --git a/template/stacks/core/ingress-apps/backstage.yaml b/template/stacks/core/ingress-apps/backstage.yaml new file mode 100644 index 0000000..7f44187 --- /dev/null +++ b/template/stacks/core/ingress-apps/backstage.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: backstage + namespace: backstage +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: backstage + port: + name: http + path: / + pathType: Prefix + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: backstage + port: + name: http + path: / + pathType: Prefix diff --git a/template/stacks/core/ingress-apps/fibonacci-service.yaml b/template/stacks/core/ingress-apps/fibonacci-service.yaml new file mode 100644 index 0000000..c499226 --- /dev/null +++ b/template/stacks/core/ingress-apps/fibonacci-service.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: fibonacci-service + namespace: fibonacci-app +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: fibonacci-service + port: + number: 9090 + path: /fibonacci + pathType: Prefix diff --git a/template/stacks/core/ingress-apps/forgejo.yaml b/template/stacks/core/ingress-apps/forgejo.yaml new file mode 100644 index 0000000..f53b3ec --- /dev/null +++ b/template/stacks/core/ingress-apps/forgejo.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 512m + name: forgejo + namespace: gitea +spec: + ingressClassName: nginx + rules: + - host: gitea.cnoe.localtest.me + http: + paths: + - backend: + service: + name: forgejo-http + port: + number: 3000 + path: / + pathType: Prefix + tls: + - hosts: + - gitea.cnoe.localtest.me + secretName: forgejo-net-tls diff --git a/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml b/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml new file mode 100644 index 0000000..16b20c3 --- /dev/null +++ b/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress-localhost + namespace: keycloak +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: keycloak + port: + name: http + path: /keycloak + pathType: ImplementationSpecific + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: keycloak + port: + name: http + path: /keycloak + pathType: ImplementationSpecific diff --git a/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml b/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml new file mode 100644 index 0000000..44c2b02 --- /dev/null +++ b/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kube-prometheus-stack-grafana + namespace: monitoring +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: kube-prometheus-stack-grafana + port: + number: 80 + path: /grafana + pathType: Prefix diff --git a/template/stacks/core/ingress-apps/manifests.yaml b/template/stacks/core/ingress-apps/manifests.yaml deleted file mode 100644 index 67a18b3..0000000 --- a/template/stacks/core/ingress-apps/manifests.yaml +++ /dev/null @@ -1,219 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/use-regex: "true" - name: argo-workflows-ingress - namespace: argo -spec: - ingressClassName: nginx - rules: - - host: localhost - http: - paths: - - backend: - service: - name: argo-server - port: - name: web - path: /argo-workflows(/|$)(.*) - pathType: ImplementationSpecific - - host: cnoe.localtest.me - http: - paths: - - backend: - service: - name: argo-server - port: - name: web - path: /argo-workflows(/|$)(.*) - pathType: ImplementationSpecific ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/use-regex: "true" - name: argocd-server - namespace: argocd -spec: - ingressClassName: nginx - rules: - - host: cnoe.localtest.me - http: - paths: - - backend: - service: - name: argocd-server - port: - number: 80 - path: /argocd(/|$)(.*) - pathType: ImplementationSpecific - tls: - - hosts: - - cnoe.localtest.me - secretName: argocd-net-tls ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: backstage - namespace: backstage -spec: - ingressClassName: nginx - rules: - - host: localhost - http: - paths: - - backend: - service: - name: backstage - port: - name: http - path: / - pathType: Prefix - - host: cnoe.localtest.me - http: - paths: - - backend: - service: - name: backstage - port: - name: http - path: / - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: fibonacci-service - namespace: fibonacci-app -spec: - ingressClassName: nginx - rules: - - host: cnoe.localtest.me - http: - paths: - - backend: - service: - name: fibonacci-service - port: - number: 9090 - path: /fibonacci - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: 512m - name: forgejo - namespace: gitea -spec: - ingressClassName: nginx - rules: - - host: gitea.cnoe.localtest.me - http: - paths: - - backend: - service: - name: forgejo-http - port: - number: 3000 - path: / - pathType: Prefix - tls: - - hosts: - - gitea.cnoe.localtest.me - secretName: forgejo-net-tls ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: keycloak-ingress-localhost - namespace: keycloak -spec: - ingressClassName: nginx - rules: - - host: localhost - http: - paths: - - backend: - service: - name: keycloak - port: - name: http - path: /keycloak - pathType: ImplementationSpecific - - host: cnoe.localtest.me - http: - paths: - - backend: - service: - name: keycloak - port: - name: http - path: /keycloak - pathType: ImplementationSpecific ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: minio-console - namespace: minio-backup -spec: - ingressClassName: nginx - rules: - - host: minio-backup.cnoe.localtest.me - http: - paths: - - backend: - service: - name: minio-console - port: - number: 9001 - path: / - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kube-prometheus-stack-grafana - namespace: monitoring -spec: - ingressClassName: nginx - rules: - - host: cnoe.localtest.me - http: - paths: - - backend: - service: - name: kube-prometheus-stack-grafana - port: - number: 80 - path: /grafana - pathType: Prefix ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: openbao - namespace: openbao -spec: - ingressClassName: nginx - rules: - - host: openbao.cnoe.localtest.me - http: - paths: - - backend: - service: - name: openbao - port: - number: 8200 - path: / - pathType: Prefix diff --git a/template/stacks/core/ingress-apps/minio-console.yaml b/template/stacks/core/ingress-apps/minio-console.yaml new file mode 100644 index 0000000..ffa909d --- /dev/null +++ b/template/stacks/core/ingress-apps/minio-console.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minio-console + namespace: minio-backup +spec: + ingressClassName: nginx + rules: + - host: minio-backup.cnoe.localtest.me + http: + paths: + - backend: + service: + name: minio-console + port: + number: 9001 + path: / + pathType: Prefix diff --git a/template/stacks/core/ingress-apps/openbao.yaml b/template/stacks/core/ingress-apps/openbao.yaml new file mode 100644 index 0000000..bb00b92 --- /dev/null +++ b/template/stacks/core/ingress-apps/openbao.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: openbao + namespace: openbao +spec: + ingressClassName: nginx + rules: + - host: openbao.cnoe.localtest.me + http: + paths: + - backend: + service: + name: openbao + port: + number: 8200 + path: / + pathType: Prefix From 442d53a3f7cf4ec12c67ea6341fa9fa15927f7b6 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 18:13:39 +0100 Subject: [PATCH 10/24] Removed core ingresses in helm values --- template/stacks/core/argocd/values.kind.yaml | 17 ---------------- template/stacks/core/argocd/values.osc.yaml | 20 ------------------- template/stacks/core/forgejo/values.kind.yaml | 17 ---------------- template/stacks/core/forgejo/values.osc.yaml | 20 ------------------- 4 files changed, 74 deletions(-) diff --git a/template/stacks/core/argocd/values.kind.yaml b/template/stacks/core/argocd/values.kind.yaml index 8df9df4..8c3cc7f 100644 --- a/template/stacks/core/argocd/values.kind.yaml +++ b/template/stacks/core/argocd/values.kind.yaml @@ -25,20 +25,3 @@ notifications: dex: enabled: false - -server: - ingress: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - path: /argocd(/|$)(.*) - pathType: ImplementationSpecific - extraTls: - - hosts: - - {{ .Values.edfbuilderTargetDomain }} - secretName: argocd-net-tls - diff --git a/template/stacks/core/argocd/values.osc.yaml b/template/stacks/core/argocd/values.osc.yaml index 122234c..9563036 100644 --- a/template/stacks/core/argocd/values.osc.yaml +++ b/template/stacks/core/argocd/values.osc.yaml @@ -31,23 +31,3 @@ notifications: dex: enabled: false - -server: - ingress: - enabled: true - ingressClassName: nginx - annotations: - dns.gardener.cloud/class: garden - dns.gardener.cloud/dnsnames: {{ .Values.edfbuilderTargetDomain }} - dns.gardener.cloud/ttl: "600" - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - path: /argocd(/|$)(.*) - pathType: ImplementationSpecific - extraTls: - - hosts: - - {{ .Values.edfbuilderTargetDomain }} - secretName: argocd-net-tls - diff --git a/template/stacks/core/forgejo/values.kind.yaml b/template/stacks/core/forgejo/values.kind.yaml index 210f6ca..243ca82 100644 --- a/template/stacks/core/forgejo/values.kind.yaml +++ b/template/stacks/core/forgejo/values.kind.yaml @@ -34,23 +34,6 @@ service: nodePort: 32222 externalTrafficPolicy: Local -ingress: - # NOTE: The ingress is generated in a later step for path based routing feature See: hack/argo-cd/generate-manifests.sh - enabled: true - className: nginx - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 512m - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - hosts: - - host: gitea.{{ .Values.edfbuilderTargetDomain }} - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - gitea.{{ .Values.edfbuilderTargetDomain }} - secretName: forgejo-net-tls - image: pullPolicy: "IfNotPresent" # Overrides the image tag whose default is the chart appVersion. diff --git a/template/stacks/core/forgejo/values.osc.yaml b/template/stacks/core/forgejo/values.osc.yaml index 9ff2a9f..243ca82 100644 --- a/template/stacks/core/forgejo/values.osc.yaml +++ b/template/stacks/core/forgejo/values.osc.yaml @@ -34,26 +34,6 @@ service: nodePort: 32222 externalTrafficPolicy: Local -ingress: - # NOTE: The ingress is generated in a later step for path based routing feature See: hack/argo-cd/generate-manifests.sh - enabled: true - className: nginx - annotations: - dns.gardener.cloud/class: garden - dns.gardener.cloud/dnsnames: gitea.{{ .Values.edfbuilderTargetDomain }} - dns.gardener.cloud/ttl: "600" - nginx.ingress.kubernetes.io/proxy-body-size: 512m - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - hosts: - - host: gitea.{{ .Values.edfbuilderTargetDomain }} - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - gitea.{{ .Values.edfbuilderTargetDomain }} - secretName: forgejo-net-tls - image: pullPolicy: "IfNotPresent" # Overrides the image tag whose default is the chart appVersion. From 9c5ed74967278c60cef73bf70957b52aca2957f0 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 18:26:06 +0100 Subject: [PATCH 11/24] Fixed kuszomize of argo-workflows --- .../argo-workflows/manifests/dev/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml index 042c3f6..2c56a2b 100644 --- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml +++ b/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml @@ -1,7 +1,6 @@ resources: - ../base - external-secret.yaml - - ingress.yaml - sa-admin.yaml patches: - path: patches/cm-argo-workflows.yaml From f842a7dbb6c7b1165ff9c8b435485555bb3ef203 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 19:14:19 +0100 Subject: [PATCH 12/24] Removed argocd and forgejo differentiation between osc and kind --- template/stacks/core/argocd/values.kind.yaml | 27 --------- .../argocd/{values.osc.yaml => values.yaml} | 0 template/stacks/core/forgejo/values.osc.yaml | 55 ------------------- .../forgejo/{values.kind.yaml => values.yaml} | 0 4 files changed, 82 deletions(-) delete mode 100644 template/stacks/core/argocd/values.kind.yaml rename template/stacks/core/argocd/{values.osc.yaml => values.yaml} (100%) delete mode 100644 template/stacks/core/forgejo/values.osc.yaml rename template/stacks/core/forgejo/{values.kind.yaml => values.yaml} (100%) diff --git a/template/stacks/core/argocd/values.kind.yaml b/template/stacks/core/argocd/values.kind.yaml deleted file mode 100644 index 8c3cc7f..0000000 --- a/template/stacks/core/argocd/values.kind.yaml +++ /dev/null @@ -1,27 +0,0 @@ -global: - domain: {{ .Values.edfbuilderTargetDomain }} - -configs: - params: - server.insecure: true - server.basehref: /argocd - cm: - application.resourceTrackingMethod: annotation - timeout.reconciliation: 60s - resource.exclusions: | - - apiGroups: - - "*" - kinds: - - ProviderConfigUsage - accounts.provider-argocd: apiKey - rbac: - policy.csv: 'g, provider-argocd, role:admin' - - tls: - certificates: - -notifications: - enabled: false - -dex: - enabled: false diff --git a/template/stacks/core/argocd/values.osc.yaml b/template/stacks/core/argocd/values.yaml similarity index 100% rename from template/stacks/core/argocd/values.osc.yaml rename to template/stacks/core/argocd/values.yaml diff --git a/template/stacks/core/forgejo/values.osc.yaml b/template/stacks/core/forgejo/values.osc.yaml deleted file mode 100644 index 243ca82..0000000 --- a/template/stacks/core/forgejo/values.osc.yaml +++ /dev/null @@ -1,55 +0,0 @@ -redis-cluster: - enabled: false -postgresql: - enabled: false -postgresql-ha: - enabled: false - -persistence: - enabled: true - size: 5Gi - -test: - enabled: false - -gitea: - admin: - existingSecret: gitea-credential - config: - database: - DB_TYPE: sqlite3 - session: - PROVIDER: memory - cache: - ADAPTER: memory - queue: - TYPE: level - server: - DOMAIN: 'gitea.{{ .Values.edfbuilderTargetDomain }}' - ROOT_URL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}:443' - -service: - ssh: - type: NodePort - nodePort: 32222 - externalTrafficPolicy: Local - -image: - pullPolicy: "IfNotPresent" - # Overrides the image tag whose default is the chart appVersion. - #tag: "8.0.3" - # Adds -rootless suffix to image name - rootless: true - -forgejo: - runner: - enabled: true - image: - tag: latest - # replicas: 3 - config: - runner: - labels: - - docker:docker://node:16-bullseye - - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04 - - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04 diff --git a/template/stacks/core/forgejo/values.kind.yaml b/template/stacks/core/forgejo/values.yaml similarity index 100% rename from template/stacks/core/forgejo/values.kind.yaml rename to template/stacks/core/forgejo/values.yaml From 30063e3c2c4c2d19b2294fce5c83c7049af92753 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 21:29:02 +0100 Subject: [PATCH 13/24] Moved provider-shell from user org to devfw-cicd org --- template/stacks/core/crossplane-providers/provider-kind.yaml | 2 +- template/stacks/core/crossplane-providers/provider-shell.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/template/stacks/core/crossplane-providers/provider-kind.yaml b/template/stacks/core/crossplane-providers/provider-kind.yaml index a3b8aba..9a00f5b 100644 --- a/template/stacks/core/crossplane-providers/provider-kind.yaml +++ b/template/stacks/core/crossplane-providers/provider-kind.yaml @@ -1,7 +1,7 @@ apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: - name: richardrobertreitz-provider-kind + name: provider-kind spec: package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/richardrobertreitz/provider-kind:v0.1.0 packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache. diff --git a/template/stacks/core/crossplane-providers/provider-shell.yaml b/template/stacks/core/crossplane-providers/provider-shell.yaml index de54980..4080668 100644 --- a/template/stacks/core/crossplane-providers/provider-shell.yaml +++ b/template/stacks/core/crossplane-providers/provider-shell.yaml @@ -1,9 +1,9 @@ apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: - name: richardrobertreitz-provider-shell + name: provider-shell spec: - package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/richardrobertreitz/provider-shell:v0.1.0 + package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/provider-shell:v0.1.1 packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache. revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy revisionHistoryLimit: 1 From d6e3f83043c094551906809224b61c738046fb4d Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 21:53:43 +0100 Subject: [PATCH 14/24] Moved provider-kind from user org to devfw-cicd org --- template/stacks/core/crossplane-providers/provider-kind.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/crossplane-providers/provider-kind.yaml b/template/stacks/core/crossplane-providers/provider-kind.yaml index 9a00f5b..36014f7 100644 --- a/template/stacks/core/crossplane-providers/provider-kind.yaml +++ b/template/stacks/core/crossplane-providers/provider-kind.yaml @@ -3,7 +3,7 @@ kind: Provider metadata: name: provider-kind spec: - package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/richardrobertreitz/provider-kind:v0.1.0 + package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/provider-kind:v0.1.0 packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache. revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy revisionHistoryLimit: 1 From c24ab8d976478ba26220745b03f446840d859597 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 22:53:58 +0100 Subject: [PATCH 15/24] Using gomplate as hydration template engine --- template/edfbuilder.yaml | 2 +- template/registry/core.yaml | 2 +- template/registry/local-backup.yaml | 2 +- template/registry/monitoring.yaml | 2 +- template/registry/ref-implementation.yaml | 2 +- template/registry/second-cluster.yaml | 2 +- template/stacks/core/argocd.yaml | 2 +- template/stacks/core/argocd/values.yaml | 2 +- .../stacks/core/crossplane-compositions.yaml | 2 +- .../stacks/core/crossplane-providers.yaml | 2 +- template/stacks/core/forgejo.yaml | 2 +- template/stacks/core/forgejo/values.yaml | 4 ++-- template/stacks/core/ingress-apps.yaml | 2 +- template/stacks/core/ingress-nginx.yaml | 2 +- template/stacks/local-backup/minio.yaml | 4 ++-- template/stacks/local-backup/velero.yaml | 2 +- .../stacks/monitoring/grafana-dashboards.yaml | 2 +- .../stacks/monitoring/kube-prometheus.yaml | 2 +- .../monitoring/kube-prometheus/values.yaml | 2 +- .../kube-prometheus/values_test_osc.yaml | 2 +- template/stacks/monitoring/loki.yaml | 2 +- template/stacks/monitoring/promtail.yaml | 2 +- template/stacks/ref-implementation/README.md | 22 ++++++++--------- .../ref-implementation/argo-workflows.yaml | 2 +- .../dev/patches/cm-argo-workflows.yaml | 4 ++-- .../backstage-templates.yaml | 2 +- .../skeleton/catalog-info.yaml | 2 +- .../entities/app-with-bucket/template.yaml | 4 ++-- .../argo-workflows/skeleton/catalog-info.yaml | 2 +- .../entities/argo-workflows/template.yaml | 4 ++-- .../entities/basic/skeleton/catalog-info.yaml | 2 +- .../entities/basic/template.yaml | 4 ++-- .../skeleton/catalog-info.yaml | 4 ++-- .../demo-go-hello-world/template.yaml | 2 +- .../stacks/ref-implementation/backstage.yaml | 2 +- .../backstage/manifests/install.yaml | 24 +++++++++---------- .../stacks/ref-implementation/codespaces.md | 2 +- .../ref-implementation/external-secrets.yaml | 2 +- .../ref-implementation/fibonacci-app.yaml | 2 +- .../ref-implementation/forgejo-runner.yaml | 2 +- .../stacks/ref-implementation/keycloak.yaml | 2 +- .../keycloak/manifests/install.yaml | 2 +- .../keycloak/manifests/keycloak-config.yaml | 4 ++-- .../stacks/ref-implementation/openbao.yaml | 2 +- .../create-new-cluster-guestbook.yaml | 2 +- 45 files changed, 74 insertions(+), 74 deletions(-) diff --git a/template/edfbuilder.yaml b/template/edfbuilder.yaml index 60d71ea..9b970f1 100644 --- a/template/edfbuilder.yaml +++ b/template/edfbuilder.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: registry - repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/core.yaml b/template/registry/core.yaml index 1dcd61d..9a5384d 100644 --- a/template/registry/core.yaml +++ b/template/registry/core.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/core - repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/local-backup.yaml b/template/registry/local-backup.yaml index dc5cfbe..217ef55 100644 --- a/template/registry/local-backup.yaml +++ b/template/registry/local-backup.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/local-backup - repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/monitoring.yaml b/template/registry/monitoring.yaml index c3622f8..dfbb50e 100644 --- a/template/registry/monitoring.yaml +++ b/template/registry/monitoring.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/monitoring - repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/ref-implementation.yaml b/template/registry/ref-implementation.yaml index 3ed97c2..828c086 100644 --- a/template/registry/ref-implementation.yaml +++ b/template/registry/ref-implementation.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/ref-implementation - repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/second-cluster.yaml b/template/registry/second-cluster.yaml index 9d93dc8..5416cd5 100644 --- a/template/registry/second-cluster.yaml +++ b/template/registry/second-cluster.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/second-cluster - repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/stacks/core/argocd.yaml b/template/stacks/core/argocd.yaml index aafa998..8d7425a 100644 --- a/template/stacks/core/argocd.yaml +++ b/template/stacks/core/argocd.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/argocd/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/core/argocd/values.yaml b/template/stacks/core/argocd/values.yaml index 9563036..c9231cc 100644 --- a/template/stacks/core/argocd/values.yaml +++ b/template/stacks/core/argocd/values.yaml @@ -1,5 +1,5 @@ global: - domain: {{ .Values.edfbuilderTargetDomain }} + domain: {{]] .Env.DOMAIN [[}} configs: params: diff --git a/template/stacks/core/crossplane-compositions.yaml b/template/stacks/core/crossplane-compositions.yaml index b92effb..b105a31 100644 --- a/template/stacks/core/crossplane-compositions.yaml +++ b/template/stacks/core/crossplane-compositions.yaml @@ -17,7 +17,7 @@ spec: namespace: crossplane-system source: path: stacks/core/crossplane-compositions - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD directory: recurse: true diff --git a/template/stacks/core/crossplane-providers.yaml b/template/stacks/core/crossplane-providers.yaml index 1935b8d..7970fef 100644 --- a/template/stacks/core/crossplane-providers.yaml +++ b/template/stacks/core/crossplane-providers.yaml @@ -17,5 +17,5 @@ spec: namespace: crossplane-system source: path: stacks/core/crossplane-providers - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml index fdc5792..6b73bc1 100644 --- a/template/stacks/core/forgejo.yaml +++ b/template/stacks/core/forgejo.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/forgejo/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 243ca82..5baa85d 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -25,8 +25,8 @@ gitea: queue: TYPE: level server: - DOMAIN: 'gitea.{{ .Values.edfbuilderTargetDomain }}' - ROOT_URL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}:443' + DOMAIN: 'gitea.{{]] .Env.DOMAIN [[}}' + ROOT_URL: 'https://gitea.{{]] .Env.DOMAIN [[}}:443' service: ssh: diff --git a/template/stacks/core/ingress-apps.yaml b/template/stacks/core/ingress-apps.yaml index 7b6b125..4c07d83 100644 --- a/template/stacks/core/ingress-apps.yaml +++ b/template/stacks/core/ingress-apps.yaml @@ -11,7 +11,7 @@ spec: destination: server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/core/ingress-apps" project: default diff --git a/template/stacks/core/ingress-nginx.yaml b/template/stacks/core/ingress-nginx.yaml index 0774a2c..ac1a8b3 100644 --- a/template/stacks/core/ingress-nginx.yaml +++ b/template/stacks/core/ingress-nginx.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/ingress-nginx/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/local-backup/minio.yaml b/template/stacks/local-backup/minio.yaml index cd23156..5ec2f32 100644 --- a/template/stacks/local-backup/minio.yaml +++ b/template/stacks/local-backup/minio.yaml @@ -17,10 +17,10 @@ spec: valueFiles: - $values/stacks/local-backup/minio/helm/values.yaml chart: minio - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/local-backup/minio/manifests" destination: diff --git a/template/stacks/local-backup/velero.yaml b/template/stacks/local-backup/velero.yaml index 4a818ab..a6fb44c 100644 --- a/template/stacks/local-backup/velero.yaml +++ b/template/stacks/local-backup/velero.yaml @@ -17,7 +17,7 @@ spec: valueFiles: - $values/stacks/local-backup/velero/helm/values.yaml chart: velero - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values destination: diff --git a/template/stacks/monitoring/grafana-dashboards.yaml b/template/stacks/monitoring/grafana-dashboards.yaml index 8a4b7be..00b66d8 100644 --- a/template/stacks/monitoring/grafana-dashboards.yaml +++ b/template/stacks/monitoring/grafana-dashboards.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/monitoring/kube-prometheus/dashboards" destination: diff --git a/template/stacks/monitoring/kube-prometheus.yaml b/template/stacks/monitoring/kube-prometheus.yaml index 2dac1f1..fca9e3e 100644 --- a/template/stacks/monitoring/kube-prometheus.yaml +++ b/template/stacks/monitoring/kube-prometheus.yaml @@ -25,6 +25,6 @@ spec: helm: valueFiles: - $values/stacks/monitoring/kube-prometheus/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index bd4be29..f183e88 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -30,6 +30,6 @@ grafana: grafana.ini: server: - domain: {{ .Values.edfbuilderTargetDomain }} + domain: {{]] .Env.DOMAIN [[}} root_url: "%(protocol)s://%(domain)s/grafana" serve_from_sub_path: true \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml index 55c0451..cf32ce4 100644 --- a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml +++ b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml @@ -11,5 +11,5 @@ grafana: enabled: true ingressClassName: nginx hosts: - - {{ .Values.edfbuilderTargetDomain }} + - {{]] .Env.DOMAIN [[}} path: /grafana \ No newline at end of file diff --git a/template/stacks/monitoring/loki.yaml b/template/stacks/monitoring/loki.yaml index 10e254f..7c5b6dd 100644 --- a/template/stacks/monitoring/loki.yaml +++ b/template/stacks/monitoring/loki.yaml @@ -24,7 +24,7 @@ spec: helm: valueFiles: - $values/stacks/monitoring/loki/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/monitoring/promtail.yaml b/template/stacks/monitoring/promtail.yaml index 279ee88..c9a00cf 100644 --- a/template/stacks/monitoring/promtail.yaml +++ b/template/stacks/monitoring/promtail.yaml @@ -24,6 +24,6 @@ spec: helm: valueFiles: - $values/stacks/monitoring/promtail/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values \ No newline at end of file diff --git a/template/stacks/ref-implementation/README.md b/template/stacks/ref-implementation/README.md index acb945b..b6e1d35 100644 --- a/template/stacks/ref-implementation/README.md +++ b/template/stacks/ref-implementation/README.md @@ -30,7 +30,7 @@ idpbuilder create --use-path-routing \ --package https://github.com/cnoe-io/stacks//ref-implementation ``` -This will take ~6 minutes for everything to come up. To track the progress, you can go to the [ArgoCD UI](https://{{ .Values.edfbuilderTargetDomain }}:8443/argocd/applications). +This will take ~6 minutes for everything to come up. To track the progress, you can go to the [ArgoCD UI](https://{{]] .Env.DOMAIN [[}}:8443/argocd/applications). ### What was installed? @@ -47,15 +47,15 @@ The only package that cannot be removed this way is Keycloak because other packa #### Accessing UIs -- Argo CD: https://{{ .Values.edfbuilderTargetDomain }}:8443/argocd -- Argo Workflows: https://{{ .Values.edfbuilderTargetDomain }}:8443/argo-workflows -- Backstage: https://{{ .Values.edfbuilderTargetDomain }}:8443/ -- Gitea: https://{{ .Values.edfbuilderTargetDomain }}:8443/gitea -- Keycloak: https://{{ .Values.edfbuilderTargetDomain }}:8443/keycloak/admin/master/console/ +- Argo CD: https://{{]] .Env.DOMAIN [[}}:8443/argocd +- Argo Workflows: https://{{]] .Env.DOMAIN [[}}:8443/argo-workflows +- Backstage: https://{{]] .Env.DOMAIN [[}}:8443/ +- Gitea: https://{{]] .Env.DOMAIN [[}}:8443/gitea +- Keycloak: https://{{]] .Env.DOMAIN [[}}:8443/keycloak/admin/master/console/ # Using it -For this example, we will walk through a few demonstrations. Once applications are ready, go to the [backstage URL](https://{{ .Values.edfbuilderTargetDomain }}:8443). +For this example, we will walk through a few demonstrations. Once applications are ready, go to the [backstage URL](https://{{]] .Env.DOMAIN [[}}:8443). Click on the Sign-In button, you will be asked to log into the Keycloak instance. There are two users set up in this configuration, and their password can be retrieved with the following command: @@ -70,7 +70,7 @@ Both users use the same password retrieved above. If you want to create a new user or change existing users: -1. Go to the [Keycloak UI](https://{{ .Values.edfbuilderTargetDomain }}:8443/keycloak/admin/master/console/). +1. Go to the [Keycloak UI](https://{{]] .Env.DOMAIN [[}}:8443/keycloak/admin/master/console/). Login with the username `cnoe-admin`. Password is the `KEYCLOAK_ADMIN_PASSWORD` field from the command above. 2. Select `cnoe` from the realms drop down menu. 3. Select users tab. @@ -97,9 +97,9 @@ You can click on the ArgoCD Application name to see more details. ### What just happened? -1. Backstage created [a git repository](https://{{ .Values.edfbuilderTargetDomain }}:8443/gitea/giteaAdmin/demo), then pushed templated contents to it. -2. Backstage created [an ArgoCD Application](https://{{ .Values.edfbuilderTargetDomain }}:8443/argocd/applications/argocd/demo?) and pointed it to the git repository. -3. Backstage registered the application as [a component](https://{{ .Values.edfbuilderTargetDomain }}:8443/gitea/giteaAdmin/demo/src/branch/main/catalog-info.yaml) in Backstage. +1. Backstage created [a git repository](https://{{]] .Env.DOMAIN [[}}:8443/gitea/giteaAdmin/demo), then pushed templated contents to it. +2. Backstage created [an ArgoCD Application](https://{{]] .Env.DOMAIN [[}}:8443/argocd/applications/argocd/demo?) and pointed it to the git repository. +3. Backstage registered the application as [a component](https://{{]] .Env.DOMAIN [[}}:8443/gitea/giteaAdmin/demo/src/branch/main/catalog-info.yaml) in Backstage. 4. ArgoCD deployed the manifests stored in the repo to the cluster. 5. Backstage retrieved application health from ArgoCD API, then displayed it. diff --git a/template/stacks/ref-implementation/argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows.yaml index a5794b0..43928d0 100644 --- a/template/stacks/ref-implementation/argo-workflows.yaml +++ b/template/stacks/ref-implementation/argo-workflows.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/argo-workflows/manifests/dev" destination: diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml index 29bb00b..3f2d5cb 100644 --- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml +++ b/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml @@ -7,14 +7,14 @@ data: config: | sso: insecureSkipVerify: true - issuer: https://{{ .Values.edfbuilderTargetDomain }}/keycloak/realms/cnoe + issuer: https://{{]] .Env.DOMAIN [[}}/keycloak/realms/cnoe clientId: name: keycloak-oidc key: client-id clientSecret: name: keycloak-oidc key: secret-key - redirectUrl: https://{{ .Values.edfbuilderTargetDomain }}:443/argo-workflows/oauth2/callback + redirectUrl: https://{{]] .Env.DOMAIN [[}}:443/argo-workflows/oauth2/callback rbac: enabled: true scopes: diff --git a/template/stacks/ref-implementation/backstage-templates.yaml b/template/stacks/ref-implementation/backstage-templates.yaml index 8083351..a635a7f 100644 --- a/template/stacks/ref-implementation/backstage-templates.yaml +++ b/template/stacks/ref-implementation/backstage-templates.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/backstage-templates/entities" directory: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml index 3cbbf60..2e2b83f 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml @@ -20,7 +20,7 @@ metadata: backstage.io/kubernetes-namespace: default argocd/app-name: ${{values.name | dump}} links: - - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443 + - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml index 7c042f5..96364c6 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml @@ -100,7 +100,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -111,7 +111,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/${{parameters.name}} path: "kustomize/base" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml index 5f358e6..663722d 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml @@ -14,7 +14,7 @@ metadata: apache-spark.cnoe.io/label-selector: env=dev,entity-id=${{values.name}} apache-spark.cnoe.io/cluster-name: local links: - - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443 + - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml index fb3934a..2a0a2d3 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml @@ -35,7 +35,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -46,7 +46,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/${{parameters.name}} path: "manifests" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml index 2444abd..39c3c20 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml @@ -10,7 +10,7 @@ metadata: backstage.io/kubernetes-namespace: default argocd/app-name: ${{values.name | dump}} links: - - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443 + - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml index ee2a472..0f44d97 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml @@ -31,7 +31,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -42,7 +42,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/${{parameters.name}} path: "manifests" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml index e476c6e..a67e735 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml @@ -9,7 +9,7 @@ metadata: backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}' backstage.io/kubernetes-namespace: gitea links: - - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443 + - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 title: Repo URL icon: git spec: @@ -26,7 +26,7 @@ metadata: annotations: backstage.io/techdocs-ref: dir:. links: - - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443 + - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 title: Gitea Repo icon: git spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml index 956e0b5..ef929c8 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml @@ -33,7 +33,7 @@ spec: name: Publish to Gitea action: publish:gitea input: - repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} description: This is the repository for ${{ parameters.name }} sourcePath: ./skeleton defaultBranch: main diff --git a/template/stacks/ref-implementation/backstage.yaml b/template/stacks/ref-implementation/backstage.yaml index b4cc1a3..c31ab31 100644 --- a/template/stacks/ref-implementation/backstage.yaml +++ b/template/stacks/ref-implementation/backstage.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/backstage/manifests" destination: diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index 57124f2..c234da3 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -70,7 +70,7 @@ data: app-config.yaml: | app: title: CNOE Backstage - baseUrl: https://{{ .Values.edfbuilderTargetDomain }}:443 + baseUrl: https://{{]] .Env.DOMAIN [[}}:443 organization: name: CNOE backend: @@ -80,7 +80,7 @@ data: # auth: # keys: # - secret: ${BACKEND_SECRET} - baseUrl: https://{{ .Values.edfbuilderTargetDomain }}:443 + baseUrl: https://{{]] .Env.DOMAIN [[}}:443 listen: port: 7007 # Uncomment the following host directive to bind to specific interfaces @@ -90,7 +90,7 @@ data: # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference # Default Helmet Content-Security-Policy values can be removed by setting the key to false cors: - origin: https://{{ .Values.edfbuilderTargetDomain }}:443 + origin: https://{{]] .Env.DOMAIN [[}}:443 methods: [GET, HEAD, PATCH, POST, PUT, DELETE] credentials: true database: @@ -106,12 +106,12 @@ data: integrations: gitea: - - baseUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443 - host: gitea.{{ .Values.edfbuilderTargetDomain }}:443 + - baseUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443 + host: gitea.{{]] .Env.DOMAIN [[}}:443 username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} - - baseUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }} - host: gitea.{{ .Values.edfbuilderTargetDomain }} + - baseUrl: https://gitea.{{]] .Env.DOMAIN [[}} + host: gitea.{{]] .Env.DOMAIN [[}} username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} # github: @@ -165,7 +165,7 @@ data: locations: # Examples from a public GitHub repository. - type: url - target: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml + target: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml rules: - allow: [Component, System, API, Resource, Location, Template, User, Group] kubernetes: @@ -180,7 +180,7 @@ data: - type: 'config' instances: - name: in-cluster - url: https://{{ .Values.edfbuilderTargetDomain }}:443/argocd + url: https://{{]] .Env.DOMAIN [[}}:443/argocd username: admin password: ${ARGOCD_ADMIN_PASSWORD} argoWorkflows: @@ -374,14 +374,14 @@ spec: template: engineVersion: v2 data: - BACKSTAGE_FRONTEND_URL: https://{{ .Values.edfbuilderTargetDomain }}:443/backstage + BACKSTAGE_FRONTEND_URL: https://{{]] .Env.DOMAIN [[}}:443/backstage POSTGRES_HOST: postgresql.backstage.svc.cluster.local POSTGRES_PORT: '5432' POSTGRES_DB: backstage POSTGRES_USER: backstage POSTGRES_PASSWORD: "{{.POSTGRES_PASSWORD}}" - ARGO_WORKFLOWS_URL: https://{{ .Values.edfbuilderTargetDomain }}:443/argo-workflows - KEYCLOAK_NAME_METADATA: https://{{ .Values.edfbuilderTargetDomain }}:443/keycloak/realms/cnoe/.well-known/openid-configuration + ARGO_WORKFLOWS_URL: https://{{]] .Env.DOMAIN [[}}:443/argo-workflows + KEYCLOAK_NAME_METADATA: https://{{]] .Env.DOMAIN [[}}:443/keycloak/realms/cnoe/.well-known/openid-configuration KEYCLOAK_CLIENT_SECRET: "{{.BACKSTAGE_CLIENT_SECRET}}" ARGOCD_AUTH_TOKEN: "argocd.token={{.ARGOCD_SESSION_TOKEN}}" ARGO_CD_URL: 'https://argocd-server.argocd.svc.cluster.local/api/v1/' diff --git a/template/stacks/ref-implementation/codespaces.md b/template/stacks/ref-implementation/codespaces.md index 37144ae..d0ff7af 100644 --- a/template/stacks/ref-implementation/codespaces.md +++ b/template/stacks/ref-implementation/codespaces.md @@ -69,5 +69,5 @@ From here on, you can follow the instructions in the [README](./README.md) file. echo https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN} ``` -For example, if you need to access Argo Workflows UI, instead of going to `https://{{ .Values.edfbuilderTargetDomain }}:8443/argo`, +For example, if you need to access Argo Workflows UI, instead of going to `https://{{]] .Env.DOMAIN [[}}:8443/argo`, you go to `https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}/argo` diff --git a/template/stacks/ref-implementation/external-secrets.yaml b/template/stacks/ref-implementation/external-secrets.yaml index fdea39f..d8856f6 100644 --- a/template/stacks/ref-implementation/external-secrets.yaml +++ b/template/stacks/ref-implementation/external-secrets.yaml @@ -12,7 +12,7 @@ spec: namespace: external-secrets server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/external-secrets/manifests" project: default diff --git a/template/stacks/ref-implementation/fibonacci-app.yaml b/template/stacks/ref-implementation/fibonacci-app.yaml index bd5c94a..ca006d3 100644 --- a/template/stacks/ref-implementation/fibonacci-app.yaml +++ b/template/stacks/ref-implementation/fibonacci-app.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/fibonacci-app" destination: diff --git a/template/stacks/ref-implementation/forgejo-runner.yaml b/template/stacks/ref-implementation/forgejo-runner.yaml index c2dee0f..0f2a821 100644 --- a/template/stacks/ref-implementation/forgejo-runner.yaml +++ b/template/stacks/ref-implementation/forgejo-runner.yaml @@ -24,6 +24,6 @@ spec: helm: valueFiles: - $values/stacks/ref-implementation/forgejo-runner/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/ref-implementation/keycloak.yaml b/template/stacks/ref-implementation/keycloak.yaml index 32bee77..52a7221 100644 --- a/template/stacks/ref-implementation/keycloak.yaml +++ b/template/stacks/ref-implementation/keycloak.yaml @@ -12,7 +12,7 @@ spec: namespace: keycloak server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/keycloak/manifests" project: default diff --git a/template/stacks/ref-implementation/keycloak/manifests/install.yaml b/template/stacks/ref-implementation/keycloak/manifests/install.yaml index 4d01c35..3cd7600 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/install.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/install.yaml @@ -83,7 +83,7 @@ data: proxy=edge # hostname configuration - hostname={{ .Values.edfbuilderTargetDomain }} + hostname={{]] .Env.DOMAIN [[}} http-relative-path=keycloak # the admin url requires its own configuration to reflect correct url diff --git a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml index e48960e..4af40bb 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml @@ -145,7 +145,7 @@ data: "rootUrl": "", "baseUrl": "", "redirectUris": [ - "https://{{ .Values.edfbuilderTargetDomain }}:443/argo-workflows/oauth2/callback" + "https://{{]] .Env.DOMAIN [[}}:443/argo-workflows/oauth2/callback" ], "webOrigins": [ "/*" @@ -174,7 +174,7 @@ data: "rootUrl": "", "baseUrl": "", "redirectUris": [ - "https://{{ .Values.edfbuilderTargetDomain }}:443/api/auth/keycloak-oidc/handler/frame" + "https://{{]] .Env.DOMAIN [[}}:443/api/auth/keycloak-oidc/handler/frame" ], "webOrigins": [ "/*" diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml index b378351..e392908 100644 --- a/template/stacks/ref-implementation/openbao.yaml +++ b/template/stacks/ref-implementation/openbao.yaml @@ -24,7 +24,7 @@ spec: helm: valueFiles: - $values/stacks/ref-implementation/openbao/values.yaml - - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values ignoreDifferences: diff --git a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml index d8d167c..d0325e0 100644 --- a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml +++ b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml @@ -19,5 +19,5 @@ spec: namespace: crossplane-system source: path: stacks/second-cluster/create-new-cluster-guestbook - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD From 46c745bd283470574fcd01d5c271abf594c1b169 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 23:19:09 +0100 Subject: [PATCH 16/24] Using gomplate as hydration template engine --- .../stacks/core/crossplane-providers.yaml | 2 ++ .../stacks/core/ingress-nginx/values.osc.yaml | 16 ------------- .../{values.kind.yaml => values.yaml} | 23 +++++++++++-------- .../ref-implementation/metric-server.yaml | 2 ++ 4 files changed, 18 insertions(+), 25 deletions(-) delete mode 100644 template/stacks/core/ingress-nginx/values.osc.yaml rename template/stacks/core/ingress-nginx/{values.kind.yaml => values.yaml} (87%) diff --git a/template/stacks/core/crossplane-providers.yaml b/template/stacks/core/crossplane-providers.yaml index 7970fef..2ff859e 100644 --- a/template/stacks/core/crossplane-providers.yaml +++ b/template/stacks/core/crossplane-providers.yaml @@ -1,3 +1,4 @@ +{{]] if eq .Env.CLUSTER_TYPE "kind" [[}} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -19,3 +20,4 @@ spec: path: stacks/core/crossplane-providers repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder targetRevision: HEAD +{{]] end [[}} diff --git a/template/stacks/core/ingress-nginx/values.osc.yaml b/template/stacks/core/ingress-nginx/values.osc.yaml deleted file mode 100644 index 872c826..0000000 --- a/template/stacks/core/ingress-nginx/values.osc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -controller: - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - ingressClassResource: - name: nginx - - # added for idpbuilder - allowSnippetAnnotations: true - - # added for idpbuilder - config: - proxy-buffer-size: 32k - use-forwarded-headers: "true" diff --git a/template/stacks/core/ingress-nginx/values.kind.yaml b/template/stacks/core/ingress-nginx/values.yaml similarity index 87% rename from template/stacks/core/ingress-nginx/values.kind.yaml rename to template/stacks/core/ingress-nginx/values.yaml index 7930bc9..b823552 100644 --- a/template/stacks/core/ingress-nginx/values.kind.yaml +++ b/template/stacks/core/ingress-nginx/values.yaml @@ -3,12 +3,24 @@ controller: type: RollingUpdate rollingUpdate: maxUnavailable: 1 + + ingressClassResource: + name: nginx + + # added for idpbuilder + allowSnippetAnnotations: true + + # added for idpbuilder + config: + proxy-buffer-size: 32k + use-forwarded-headers: "true" + +{{]] if eq .Env.CLUSTER_TYPE "kind" [[}} hostPort: enabled: true terminationGracePeriodSeconds: 0 service: type: NodePort - watchIngressWithoutClass: true nodeSelector: ingress-ready: "true" @@ -26,11 +38,4 @@ controller: publish-status-address: localhost # added for idpbuilder enable-ssl-passthrough: "" - - # added for idpbuilder - allowSnippetAnnotations: true - - # added for idpbuilder - config: - proxy-buffer-size: 32k - use-forwarded-headers: "true" +{{]] end [[}} diff --git a/template/stacks/ref-implementation/metric-server.yaml b/template/stacks/ref-implementation/metric-server.yaml index 3c8699b..e7fde0b 100644 --- a/template/stacks/ref-implementation/metric-server.yaml +++ b/template/stacks/ref-implementation/metric-server.yaml @@ -1,3 +1,4 @@ +{{]] if eq .Env.CLUSTER_TYPE "kind" [[}} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -27,3 +28,4 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true +{{]] end [[}} From 92b56c53509e1edc6894c879326e8b2598004b28 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 23:25:06 +0100 Subject: [PATCH 17/24] Using gomplate as hydration template engine --- template/edfbuilder.yaml | 2 +- template/registry/core.yaml | 2 +- template/registry/local-backup.yaml | 2 +- template/registry/monitoring.yaml | 2 +- template/registry/ref-implementation.yaml | 2 +- template/registry/second-cluster.yaml | 2 +- template/stacks/core/argocd.yaml | 2 +- template/stacks/core/argocd/values.yaml | 2 +- .../stacks/core/crossplane-compositions.yaml | 2 +- .../stacks/core/crossplane-providers.yaml | 6 ++--- template/stacks/core/forgejo.yaml | 2 +- template/stacks/core/forgejo/values.yaml | 4 ++-- template/stacks/core/ingress-apps.yaml | 2 +- template/stacks/core/ingress-nginx.yaml | 2 +- .../stacks/core/ingress-nginx/values.yaml | 4 ++-- template/stacks/local-backup/minio.yaml | 4 ++-- template/stacks/local-backup/velero.yaml | 2 +- .../stacks/monitoring/grafana-dashboards.yaml | 2 +- .../stacks/monitoring/kube-prometheus.yaml | 2 +- .../monitoring/kube-prometheus/values.yaml | 2 +- .../kube-prometheus/values_test_osc.yaml | 2 +- template/stacks/monitoring/loki.yaml | 2 +- template/stacks/monitoring/promtail.yaml | 2 +- template/stacks/ref-implementation/README.md | 22 ++++++++--------- .../ref-implementation/argo-workflows.yaml | 2 +- .../dev/patches/cm-argo-workflows.yaml | 4 ++-- .../backstage-templates.yaml | 2 +- .../skeleton/catalog-info.yaml | 2 +- .../entities/app-with-bucket/template.yaml | 4 ++-- .../argo-workflows/skeleton/catalog-info.yaml | 2 +- .../entities/argo-workflows/template.yaml | 4 ++-- .../entities/basic/skeleton/catalog-info.yaml | 2 +- .../entities/basic/template.yaml | 4 ++-- .../skeleton/catalog-info.yaml | 4 ++-- .../demo-go-hello-world/template.yaml | 2 +- .../stacks/ref-implementation/backstage.yaml | 2 +- .../backstage/manifests/install.yaml | 24 +++++++++---------- .../stacks/ref-implementation/codespaces.md | 2 +- .../ref-implementation/external-secrets.yaml | 2 +- .../ref-implementation/fibonacci-app.yaml | 2 +- .../ref-implementation/forgejo-runner.yaml | 2 +- .../stacks/ref-implementation/keycloak.yaml | 2 +- .../keycloak/manifests/install.yaml | 2 +- .../keycloak/manifests/keycloak-config.yaml | 4 ++-- .../ref-implementation/metric-server.yaml | 4 ++-- .../stacks/ref-implementation/openbao.yaml | 2 +- .../create-new-cluster-guestbook.yaml | 2 +- 47 files changed, 80 insertions(+), 80 deletions(-) diff --git a/template/edfbuilder.yaml b/template/edfbuilder.yaml index 9b970f1..4e9fabd 100644 --- a/template/edfbuilder.yaml +++ b/template/edfbuilder.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: registry - repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/core.yaml b/template/registry/core.yaml index 9a5384d..3a722ac 100644 --- a/template/registry/core.yaml +++ b/template/registry/core.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/core - repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/local-backup.yaml b/template/registry/local-backup.yaml index 217ef55..a2ac46d 100644 --- a/template/registry/local-backup.yaml +++ b/template/registry/local-backup.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/local-backup - repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/monitoring.yaml b/template/registry/monitoring.yaml index dfbb50e..c9826bc 100644 --- a/template/registry/monitoring.yaml +++ b/template/registry/monitoring.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/monitoring - repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/ref-implementation.yaml b/template/registry/ref-implementation.yaml index 828c086..3a6cf1a 100644 --- a/template/registry/ref-implementation.yaml +++ b/template/registry/ref-implementation.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/ref-implementation - repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/second-cluster.yaml b/template/registry/second-cluster.yaml index 5416cd5..98ddd40 100644 --- a/template/registry/second-cluster.yaml +++ b/template/registry/second-cluster.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/second-cluster - repoURL: 'https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder' + repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/stacks/core/argocd.yaml b/template/stacks/core/argocd.yaml index 8d7425a..a79ef6c 100644 --- a/template/stacks/core/argocd.yaml +++ b/template/stacks/core/argocd.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/argocd/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/core/argocd/values.yaml b/template/stacks/core/argocd/values.yaml index c9231cc..3fb3ddf 100644 --- a/template/stacks/core/argocd/values.yaml +++ b/template/stacks/core/argocd/values.yaml @@ -1,5 +1,5 @@ global: - domain: {{]] .Env.DOMAIN [[}} + domain: {{{ .Env.DOMAIN }}} configs: params: diff --git a/template/stacks/core/crossplane-compositions.yaml b/template/stacks/core/crossplane-compositions.yaml index b105a31..f6a6bc0 100644 --- a/template/stacks/core/crossplane-compositions.yaml +++ b/template/stacks/core/crossplane-compositions.yaml @@ -17,7 +17,7 @@ spec: namespace: crossplane-system source: path: stacks/core/crossplane-compositions - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD directory: recurse: true diff --git a/template/stacks/core/crossplane-providers.yaml b/template/stacks/core/crossplane-providers.yaml index 2ff859e..760c33e 100644 --- a/template/stacks/core/crossplane-providers.yaml +++ b/template/stacks/core/crossplane-providers.yaml @@ -1,4 +1,4 @@ -{{]] if eq .Env.CLUSTER_TYPE "kind" [[}} +{{{ if eq .Env.CLUSTER_TYPE "kind" }}} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -18,6 +18,6 @@ spec: namespace: crossplane-system source: path: stacks/core/crossplane-providers - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD -{{]] end [[}} +{{{ end }}} diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml index 6b73bc1..c8328c0 100644 --- a/template/stacks/core/forgejo.yaml +++ b/template/stacks/core/forgejo.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/forgejo/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 5baa85d..bfcd384 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -25,8 +25,8 @@ gitea: queue: TYPE: level server: - DOMAIN: 'gitea.{{]] .Env.DOMAIN [[}}' - ROOT_URL: 'https://gitea.{{]] .Env.DOMAIN [[}}:443' + DOMAIN: 'gitea.{{{ .Env.DOMAIN }}}' + ROOT_URL: 'https://gitea.{{{ .Env.DOMAIN }}}:443' service: ssh: diff --git a/template/stacks/core/ingress-apps.yaml b/template/stacks/core/ingress-apps.yaml index 4c07d83..ae66d9f 100644 --- a/template/stacks/core/ingress-apps.yaml +++ b/template/stacks/core/ingress-apps.yaml @@ -11,7 +11,7 @@ spec: destination: server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/core/ingress-apps" project: default diff --git a/template/stacks/core/ingress-nginx.yaml b/template/stacks/core/ingress-nginx.yaml index ac1a8b3..4e1f1a8 100644 --- a/template/stacks/core/ingress-nginx.yaml +++ b/template/stacks/core/ingress-nginx.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/ingress-nginx/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/core/ingress-nginx/values.yaml b/template/stacks/core/ingress-nginx/values.yaml index b823552..a1e5923 100644 --- a/template/stacks/core/ingress-nginx/values.yaml +++ b/template/stacks/core/ingress-nginx/values.yaml @@ -15,7 +15,7 @@ controller: proxy-buffer-size: 32k use-forwarded-headers: "true" -{{]] if eq .Env.CLUSTER_TYPE "kind" [[}} +{{{ if eq .Env.CLUSTER_TYPE "kind" }}} hostPort: enabled: true terminationGracePeriodSeconds: 0 @@ -38,4 +38,4 @@ controller: publish-status-address: localhost # added for idpbuilder enable-ssl-passthrough: "" -{{]] end [[}} +{{{ end }}} diff --git a/template/stacks/local-backup/minio.yaml b/template/stacks/local-backup/minio.yaml index 5ec2f32..5163ef0 100644 --- a/template/stacks/local-backup/minio.yaml +++ b/template/stacks/local-backup/minio.yaml @@ -17,10 +17,10 @@ spec: valueFiles: - $values/stacks/local-backup/minio/helm/values.yaml chart: minio - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/local-backup/minio/manifests" destination: diff --git a/template/stacks/local-backup/velero.yaml b/template/stacks/local-backup/velero.yaml index a6fb44c..a798f63 100644 --- a/template/stacks/local-backup/velero.yaml +++ b/template/stacks/local-backup/velero.yaml @@ -17,7 +17,7 @@ spec: valueFiles: - $values/stacks/local-backup/velero/helm/values.yaml chart: velero - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values destination: diff --git a/template/stacks/monitoring/grafana-dashboards.yaml b/template/stacks/monitoring/grafana-dashboards.yaml index 00b66d8..f27e669 100644 --- a/template/stacks/monitoring/grafana-dashboards.yaml +++ b/template/stacks/monitoring/grafana-dashboards.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/monitoring/kube-prometheus/dashboards" destination: diff --git a/template/stacks/monitoring/kube-prometheus.yaml b/template/stacks/monitoring/kube-prometheus.yaml index fca9e3e..d526415 100644 --- a/template/stacks/monitoring/kube-prometheus.yaml +++ b/template/stacks/monitoring/kube-prometheus.yaml @@ -25,6 +25,6 @@ spec: helm: valueFiles: - $values/stacks/monitoring/kube-prometheus/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index f183e88..0d2cd88 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -30,6 +30,6 @@ grafana: grafana.ini: server: - domain: {{]] .Env.DOMAIN [[}} + domain: {{{ .Env.DOMAIN }}} root_url: "%(protocol)s://%(domain)s/grafana" serve_from_sub_path: true \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml index cf32ce4..21e8a8b 100644 --- a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml +++ b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml @@ -11,5 +11,5 @@ grafana: enabled: true ingressClassName: nginx hosts: - - {{]] .Env.DOMAIN [[}} + - {{{ .Env.DOMAIN }}} path: /grafana \ No newline at end of file diff --git a/template/stacks/monitoring/loki.yaml b/template/stacks/monitoring/loki.yaml index 7c5b6dd..8494955 100644 --- a/template/stacks/monitoring/loki.yaml +++ b/template/stacks/monitoring/loki.yaml @@ -24,7 +24,7 @@ spec: helm: valueFiles: - $values/stacks/monitoring/loki/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/monitoring/promtail.yaml b/template/stacks/monitoring/promtail.yaml index c9a00cf..bc4682d 100644 --- a/template/stacks/monitoring/promtail.yaml +++ b/template/stacks/monitoring/promtail.yaml @@ -24,6 +24,6 @@ spec: helm: valueFiles: - $values/stacks/monitoring/promtail/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values \ No newline at end of file diff --git a/template/stacks/ref-implementation/README.md b/template/stacks/ref-implementation/README.md index b6e1d35..66d887e 100644 --- a/template/stacks/ref-implementation/README.md +++ b/template/stacks/ref-implementation/README.md @@ -30,7 +30,7 @@ idpbuilder create --use-path-routing \ --package https://github.com/cnoe-io/stacks//ref-implementation ``` -This will take ~6 minutes for everything to come up. To track the progress, you can go to the [ArgoCD UI](https://{{]] .Env.DOMAIN [[}}:8443/argocd/applications). +This will take ~6 minutes for everything to come up. To track the progress, you can go to the [ArgoCD UI](https://{{{ .Env.DOMAIN }}}:8443/argocd/applications). ### What was installed? @@ -47,15 +47,15 @@ The only package that cannot be removed this way is Keycloak because other packa #### Accessing UIs -- Argo CD: https://{{]] .Env.DOMAIN [[}}:8443/argocd -- Argo Workflows: https://{{]] .Env.DOMAIN [[}}:8443/argo-workflows -- Backstage: https://{{]] .Env.DOMAIN [[}}:8443/ -- Gitea: https://{{]] .Env.DOMAIN [[}}:8443/gitea -- Keycloak: https://{{]] .Env.DOMAIN [[}}:8443/keycloak/admin/master/console/ +- Argo CD: https://{{{ .Env.DOMAIN }}}:8443/argocd +- Argo Workflows: https://{{{ .Env.DOMAIN }}}:8443/argo-workflows +- Backstage: https://{{{ .Env.DOMAIN }}}:8443/ +- Gitea: https://{{{ .Env.DOMAIN }}}:8443/gitea +- Keycloak: https://{{{ .Env.DOMAIN }}}:8443/keycloak/admin/master/console/ # Using it -For this example, we will walk through a few demonstrations. Once applications are ready, go to the [backstage URL](https://{{]] .Env.DOMAIN [[}}:8443). +For this example, we will walk through a few demonstrations. Once applications are ready, go to the [backstage URL](https://{{{ .Env.DOMAIN }}}:8443). Click on the Sign-In button, you will be asked to log into the Keycloak instance. There are two users set up in this configuration, and their password can be retrieved with the following command: @@ -70,7 +70,7 @@ Both users use the same password retrieved above. If you want to create a new user or change existing users: -1. Go to the [Keycloak UI](https://{{]] .Env.DOMAIN [[}}:8443/keycloak/admin/master/console/). +1. Go to the [Keycloak UI](https://{{{ .Env.DOMAIN }}}:8443/keycloak/admin/master/console/). Login with the username `cnoe-admin`. Password is the `KEYCLOAK_ADMIN_PASSWORD` field from the command above. 2. Select `cnoe` from the realms drop down menu. 3. Select users tab. @@ -97,9 +97,9 @@ You can click on the ArgoCD Application name to see more details. ### What just happened? -1. Backstage created [a git repository](https://{{]] .Env.DOMAIN [[}}:8443/gitea/giteaAdmin/demo), then pushed templated contents to it. -2. Backstage created [an ArgoCD Application](https://{{]] .Env.DOMAIN [[}}:8443/argocd/applications/argocd/demo?) and pointed it to the git repository. -3. Backstage registered the application as [a component](https://{{]] .Env.DOMAIN [[}}:8443/gitea/giteaAdmin/demo/src/branch/main/catalog-info.yaml) in Backstage. +1. Backstage created [a git repository](https://{{{ .Env.DOMAIN }}}:8443/gitea/giteaAdmin/demo), then pushed templated contents to it. +2. Backstage created [an ArgoCD Application](https://{{{ .Env.DOMAIN }}}:8443/argocd/applications/argocd/demo?) and pointed it to the git repository. +3. Backstage registered the application as [a component](https://{{{ .Env.DOMAIN }}}:8443/gitea/giteaAdmin/demo/src/branch/main/catalog-info.yaml) in Backstage. 4. ArgoCD deployed the manifests stored in the repo to the cluster. 5. Backstage retrieved application health from ArgoCD API, then displayed it. diff --git a/template/stacks/ref-implementation/argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows.yaml index 43928d0..93cc7b1 100644 --- a/template/stacks/ref-implementation/argo-workflows.yaml +++ b/template/stacks/ref-implementation/argo-workflows.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/argo-workflows/manifests/dev" destination: diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml index 3f2d5cb..03e31c2 100644 --- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml +++ b/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml @@ -7,14 +7,14 @@ data: config: | sso: insecureSkipVerify: true - issuer: https://{{]] .Env.DOMAIN [[}}/keycloak/realms/cnoe + issuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe clientId: name: keycloak-oidc key: client-id clientSecret: name: keycloak-oidc key: secret-key - redirectUrl: https://{{]] .Env.DOMAIN [[}}:443/argo-workflows/oauth2/callback + redirectUrl: https://{{{ .Env.DOMAIN }}}:443/argo-workflows/oauth2/callback rbac: enabled: true scopes: diff --git a/template/stacks/ref-implementation/backstage-templates.yaml b/template/stacks/ref-implementation/backstage-templates.yaml index a635a7f..adb5f08 100644 --- a/template/stacks/ref-implementation/backstage-templates.yaml +++ b/template/stacks/ref-implementation/backstage-templates.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/backstage-templates/entities" directory: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml index 2e2b83f..bc52aa8 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml @@ -20,7 +20,7 @@ metadata: backstage.io/kubernetes-namespace: default argocd/app-name: ${{values.name | dump}} links: - - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml index 96364c6..34ee8da 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml @@ -100,7 +100,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -111,7 +111,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} path: "kustomize/base" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml index 663722d..04416ba 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml @@ -14,7 +14,7 @@ metadata: apache-spark.cnoe.io/label-selector: env=dev,entity-id=${{values.name}} apache-spark.cnoe.io/cluster-name: local links: - - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml index 2a0a2d3..f6e3083 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml @@ -35,7 +35,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -46,7 +46,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} path: "manifests" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml index 39c3c20..102ff01 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml @@ -10,7 +10,7 @@ metadata: backstage.io/kubernetes-namespace: default argocd/app-name: ${{values.name | dump}} links: - - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml index 0f44d97..7fb96a7 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml @@ -31,7 +31,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -42,7 +42,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} path: "manifests" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml index a67e735..f75a37f 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml @@ -9,7 +9,7 @@ metadata: backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}' backstage.io/kubernetes-namespace: gitea links: - - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 title: Repo URL icon: git spec: @@ -26,7 +26,7 @@ metadata: annotations: backstage.io/techdocs-ref: dir:. links: - - url: https://gitea.{{]] .Env.DOMAIN [[}}:443 + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 title: Gitea Repo icon: git spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml index ef929c8..133e70e 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml @@ -33,7 +33,7 @@ spec: name: Publish to Gitea action: publish:gitea input: - repoUrl: gitea.{{]] .Env.DOMAIN [[}}:443/?repo=${{parameters.name}} + repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} description: This is the repository for ${{ parameters.name }} sourcePath: ./skeleton defaultBranch: main diff --git a/template/stacks/ref-implementation/backstage.yaml b/template/stacks/ref-implementation/backstage.yaml index c31ab31..f162001 100644 --- a/template/stacks/ref-implementation/backstage.yaml +++ b/template/stacks/ref-implementation/backstage.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/backstage/manifests" destination: diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index c234da3..bd65421 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -70,7 +70,7 @@ data: app-config.yaml: | app: title: CNOE Backstage - baseUrl: https://{{]] .Env.DOMAIN [[}}:443 + baseUrl: https://{{{ .Env.DOMAIN }}}:443 organization: name: CNOE backend: @@ -80,7 +80,7 @@ data: # auth: # keys: # - secret: ${BACKEND_SECRET} - baseUrl: https://{{]] .Env.DOMAIN [[}}:443 + baseUrl: https://{{{ .Env.DOMAIN }}}:443 listen: port: 7007 # Uncomment the following host directive to bind to specific interfaces @@ -90,7 +90,7 @@ data: # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference # Default Helmet Content-Security-Policy values can be removed by setting the key to false cors: - origin: https://{{]] .Env.DOMAIN [[}}:443 + origin: https://{{{ .Env.DOMAIN }}}:443 methods: [GET, HEAD, PATCH, POST, PUT, DELETE] credentials: true database: @@ -106,12 +106,12 @@ data: integrations: gitea: - - baseUrl: https://gitea.{{]] .Env.DOMAIN [[}}:443 - host: gitea.{{]] .Env.DOMAIN [[}}:443 + - baseUrl: https://gitea.{{{ .Env.DOMAIN }}}:443 + host: gitea.{{{ .Env.DOMAIN }}}:443 username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} - - baseUrl: https://gitea.{{]] .Env.DOMAIN [[}} - host: gitea.{{]] .Env.DOMAIN [[}} + - baseUrl: https://gitea.{{{ .Env.DOMAIN }}} + host: gitea.{{{ .Env.DOMAIN }}} username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} # github: @@ -165,7 +165,7 @@ data: locations: # Examples from a public GitHub repository. - type: url - target: https://gitea.{{]] .Env.DOMAIN [[}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml + target: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml rules: - allow: [Component, System, API, Resource, Location, Template, User, Group] kubernetes: @@ -180,7 +180,7 @@ data: - type: 'config' instances: - name: in-cluster - url: https://{{]] .Env.DOMAIN [[}}:443/argocd + url: https://{{{ .Env.DOMAIN }}}:443/argocd username: admin password: ${ARGOCD_ADMIN_PASSWORD} argoWorkflows: @@ -374,14 +374,14 @@ spec: template: engineVersion: v2 data: - BACKSTAGE_FRONTEND_URL: https://{{]] .Env.DOMAIN [[}}:443/backstage + BACKSTAGE_FRONTEND_URL: https://{{{ .Env.DOMAIN }}}:443/backstage POSTGRES_HOST: postgresql.backstage.svc.cluster.local POSTGRES_PORT: '5432' POSTGRES_DB: backstage POSTGRES_USER: backstage POSTGRES_PASSWORD: "{{.POSTGRES_PASSWORD}}" - ARGO_WORKFLOWS_URL: https://{{]] .Env.DOMAIN [[}}:443/argo-workflows - KEYCLOAK_NAME_METADATA: https://{{]] .Env.DOMAIN [[}}:443/keycloak/realms/cnoe/.well-known/openid-configuration + ARGO_WORKFLOWS_URL: https://{{{ .Env.DOMAIN }}}:443/argo-workflows + KEYCLOAK_NAME_METADATA: https://{{{ .Env.DOMAIN }}}:443/keycloak/realms/cnoe/.well-known/openid-configuration KEYCLOAK_CLIENT_SECRET: "{{.BACKSTAGE_CLIENT_SECRET}}" ARGOCD_AUTH_TOKEN: "argocd.token={{.ARGOCD_SESSION_TOKEN}}" ARGO_CD_URL: 'https://argocd-server.argocd.svc.cluster.local/api/v1/' diff --git a/template/stacks/ref-implementation/codespaces.md b/template/stacks/ref-implementation/codespaces.md index d0ff7af..dd9188d 100644 --- a/template/stacks/ref-implementation/codespaces.md +++ b/template/stacks/ref-implementation/codespaces.md @@ -69,5 +69,5 @@ From here on, you can follow the instructions in the [README](./README.md) file. echo https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN} ``` -For example, if you need to access Argo Workflows UI, instead of going to `https://{{]] .Env.DOMAIN [[}}:8443/argo`, +For example, if you need to access Argo Workflows UI, instead of going to `https://{{{ .Env.DOMAIN }}}:8443/argo`, you go to `https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}/argo` diff --git a/template/stacks/ref-implementation/external-secrets.yaml b/template/stacks/ref-implementation/external-secrets.yaml index d8856f6..de2c53a 100644 --- a/template/stacks/ref-implementation/external-secrets.yaml +++ b/template/stacks/ref-implementation/external-secrets.yaml @@ -12,7 +12,7 @@ spec: namespace: external-secrets server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/external-secrets/manifests" project: default diff --git a/template/stacks/ref-implementation/fibonacci-app.yaml b/template/stacks/ref-implementation/fibonacci-app.yaml index ca006d3..b049686 100644 --- a/template/stacks/ref-implementation/fibonacci-app.yaml +++ b/template/stacks/ref-implementation/fibonacci-app.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/fibonacci-app" destination: diff --git a/template/stacks/ref-implementation/forgejo-runner.yaml b/template/stacks/ref-implementation/forgejo-runner.yaml index 0f2a821..bceefc7 100644 --- a/template/stacks/ref-implementation/forgejo-runner.yaml +++ b/template/stacks/ref-implementation/forgejo-runner.yaml @@ -24,6 +24,6 @@ spec: helm: valueFiles: - $values/stacks/ref-implementation/forgejo-runner/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/ref-implementation/keycloak.yaml b/template/stacks/ref-implementation/keycloak.yaml index 52a7221..e4fb166 100644 --- a/template/stacks/ref-implementation/keycloak.yaml +++ b/template/stacks/ref-implementation/keycloak.yaml @@ -12,7 +12,7 @@ spec: namespace: keycloak server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/keycloak/manifests" project: default diff --git a/template/stacks/ref-implementation/keycloak/manifests/install.yaml b/template/stacks/ref-implementation/keycloak/manifests/install.yaml index 3cd7600..6e55a17 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/install.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/install.yaml @@ -83,7 +83,7 @@ data: proxy=edge # hostname configuration - hostname={{]] .Env.DOMAIN [[}} + hostname={{{ .Env.DOMAIN }}} http-relative-path=keycloak # the admin url requires its own configuration to reflect correct url diff --git a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml index 4af40bb..f1dd699 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml @@ -145,7 +145,7 @@ data: "rootUrl": "", "baseUrl": "", "redirectUris": [ - "https://{{]] .Env.DOMAIN [[}}:443/argo-workflows/oauth2/callback" + "https://{{{ .Env.DOMAIN }}}:443/argo-workflows/oauth2/callback" ], "webOrigins": [ "/*" @@ -174,7 +174,7 @@ data: "rootUrl": "", "baseUrl": "", "redirectUris": [ - "https://{{]] .Env.DOMAIN [[}}:443/api/auth/keycloak-oidc/handler/frame" + "https://{{{ .Env.DOMAIN }}}:443/api/auth/keycloak-oidc/handler/frame" ], "webOrigins": [ "/*" diff --git a/template/stacks/ref-implementation/metric-server.yaml b/template/stacks/ref-implementation/metric-server.yaml index e7fde0b..1a2073c 100644 --- a/template/stacks/ref-implementation/metric-server.yaml +++ b/template/stacks/ref-implementation/metric-server.yaml @@ -1,4 +1,4 @@ -{{]] if eq .Env.CLUSTER_TYPE "kind" [[}} +{{{ if eq .Env.CLUSTER_TYPE "kind" }}} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -28,4 +28,4 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true -{{]] end [[}} +{{{ end }}} diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml index e392908..a6f3ec8 100644 --- a/template/stacks/ref-implementation/openbao.yaml +++ b/template/stacks/ref-implementation/openbao.yaml @@ -24,7 +24,7 @@ spec: helm: valueFiles: - $values/stacks/ref-implementation/openbao/values.yaml - - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values ignoreDifferences: diff --git a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml index d0325e0..e71b4f0 100644 --- a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml +++ b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml @@ -19,5 +19,5 @@ spec: namespace: crossplane-system source: path: stacks/second-cluster/create-new-cluster-guestbook - repoURL: https://gitea.{{]] .Env.DOMAIN [[}}/giteaAdmin/edfbuilder + repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder targetRevision: HEAD From 28740aea659f3bce9abf003d8457bfcd3dc95e23 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 23:43:21 +0100 Subject: [PATCH 18/24] Added DNS annotations to osc stack --- .../stacks/core/ingress-apps/argo-workflows-ingress.yaml | 2 +- template/stacks/core/ingress-apps/argocd-server.yaml | 9 +++++++-- template/stacks/core/ingress-apps/backstage.yaml | 2 +- template/stacks/core/ingress-apps/fibonacci-service.yaml | 2 +- template/stacks/core/ingress-apps/forgejo.yaml | 9 +++++++-- .../core/ingress-apps/keycloak-ingress-localhost.yaml | 2 +- .../core/ingress-apps/kube-prometheus-stack-grafana.yaml | 2 +- template/stacks/core/ingress-apps/minio-console.yaml | 8 +++++++- template/stacks/core/ingress-apps/openbao.yaml | 8 +++++++- 9 files changed, 33 insertions(+), 11 deletions(-) diff --git a/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml b/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml index 71cead0..6b63a55 100644 --- a/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml +++ b/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml @@ -19,7 +19,7 @@ spec: name: web path: /argo-workflows(/|$)(.*) pathType: ImplementationSpecific - - host: cnoe.localtest.me + - host: {{{ .Env.DOMAIN }}} http: paths: - backend: diff --git a/template/stacks/core/ingress-apps/argocd-server.yaml b/template/stacks/core/ingress-apps/argocd-server.yaml index 10b4a3a..0446b6c 100644 --- a/template/stacks/core/ingress-apps/argocd-server.yaml +++ b/template/stacks/core/ingress-apps/argocd-server.yaml @@ -6,12 +6,17 @@ metadata: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/use-regex: "true" +{{{ if eq .Env.CLUSTER_TYPE "osc" }}} + dns.gardener.cloud/class: garden + dns.gardener.cloud/dnsnames: {{{ .Env.DOMAIN }}} + dns.gardener.cloud/ttl: "600" +{{{ end }}} name: argocd-server namespace: argocd spec: ingressClassName: nginx rules: - - host: cnoe.localtest.me + - host: {{{ .Env.DOMAIN }}} http: paths: - backend: @@ -23,5 +28,5 @@ spec: pathType: ImplementationSpecific tls: - hosts: - - cnoe.localtest.me + - {{{ .Env.DOMAIN }}} secretName: argocd-net-tls diff --git a/template/stacks/core/ingress-apps/backstage.yaml b/template/stacks/core/ingress-apps/backstage.yaml index 7f44187..4eef936 100644 --- a/template/stacks/core/ingress-apps/backstage.yaml +++ b/template/stacks/core/ingress-apps/backstage.yaml @@ -16,7 +16,7 @@ spec: name: http path: / pathType: Prefix - - host: cnoe.localtest.me + - host: {{{ .Env.DOMAIN }}} http: paths: - backend: diff --git a/template/stacks/core/ingress-apps/fibonacci-service.yaml b/template/stacks/core/ingress-apps/fibonacci-service.yaml index c499226..622cceb 100644 --- a/template/stacks/core/ingress-apps/fibonacci-service.yaml +++ b/template/stacks/core/ingress-apps/fibonacci-service.yaml @@ -6,7 +6,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: cnoe.localtest.me + - host: {{{ .Env.DOMAIN }}} http: paths: - backend: diff --git a/template/stacks/core/ingress-apps/forgejo.yaml b/template/stacks/core/ingress-apps/forgejo.yaml index f53b3ec..3143875 100644 --- a/template/stacks/core/ingress-apps/forgejo.yaml +++ b/template/stacks/core/ingress-apps/forgejo.yaml @@ -4,12 +4,17 @@ metadata: annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: 512m +{{{ if eq .Env.CLUSTER_TYPE "osc" }}} + dns.gardener.cloud/class: garden + dns.gardener.cloud/dnsnames: gitea.{{{ .Env.DOMAIN }}} + dns.gardener.cloud/ttl: "600" +{{{ end }}} name: forgejo namespace: gitea spec: ingressClassName: nginx rules: - - host: gitea.cnoe.localtest.me + - host: gitea.{{{ .Env.DOMAIN }}} http: paths: - backend: @@ -21,5 +26,5 @@ spec: pathType: Prefix tls: - hosts: - - gitea.cnoe.localtest.me + - gitea.{{{ .Env.DOMAIN }}} secretName: forgejo-net-tls diff --git a/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml b/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml index 16b20c3..4dcc41c 100644 --- a/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml +++ b/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml @@ -16,7 +16,7 @@ spec: name: http path: /keycloak pathType: ImplementationSpecific - - host: cnoe.localtest.me + - host: {{{ .Env.DOMAIN }}} http: paths: - backend: diff --git a/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml b/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml index 44c2b02..e60ebe7 100644 --- a/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml +++ b/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml @@ -6,7 +6,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: cnoe.localtest.me + - host: {{{ .Env.DOMAIN }}} http: paths: - backend: diff --git a/template/stacks/core/ingress-apps/minio-console.yaml b/template/stacks/core/ingress-apps/minio-console.yaml index ffa909d..19e2452 100644 --- a/template/stacks/core/ingress-apps/minio-console.yaml +++ b/template/stacks/core/ingress-apps/minio-console.yaml @@ -3,10 +3,16 @@ kind: Ingress metadata: name: minio-console namespace: minio-backup +{{{ if eq .Env.CLUSTER_TYPE "osc" }}} + annotations: + dns.gardener.cloud/class: garden + dns.gardener.cloud/dnsnames: minio-backup.{{{ .Env.DOMAIN }}} + dns.gardener.cloud/ttl: "600" +{{{ end }}} spec: ingressClassName: nginx rules: - - host: minio-backup.cnoe.localtest.me + - host: minio-backup.{{{ .Env.DOMAIN }}} http: paths: - backend: diff --git a/template/stacks/core/ingress-apps/openbao.yaml b/template/stacks/core/ingress-apps/openbao.yaml index bb00b92..26b379f 100644 --- a/template/stacks/core/ingress-apps/openbao.yaml +++ b/template/stacks/core/ingress-apps/openbao.yaml @@ -3,10 +3,16 @@ kind: Ingress metadata: name: openbao namespace: openbao +{{{ if eq .Env.CLUSTER_TYPE "osc" }}} + annotations: + dns.gardener.cloud/class: garden + dns.gardener.cloud/dnsnames: openbao.{{{ .Env.DOMAIN }}} + dns.gardener.cloud/ttl: "600" +{{{ end }}} spec: ingressClassName: nginx rules: - - host: openbao.cnoe.localtest.me + - host: openbao.{{{ .Env.DOMAIN }}} http: paths: - backend: From 163543dbe1ea18c5c699080fdde59b3079fb1ef0 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Thu, 12 Dec 2024 17:58:10 +0100 Subject: [PATCH 19/24] Fixed keycloak in OSC --- .../keycloak/manifests/keycloak-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml index f1dd699..e2a0981 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml @@ -225,7 +225,12 @@ spec: ADMIN_PASSWORD=$(cat /var/secrets/KEYCLOAK_ADMIN_PASSWORD) USER1_PASSWORD=$(cat /var/secrets/USER_PASSWORD) +{{{ if eq .Env.CLUSTER_TYPE "kind" }}} KEYCLOAK_URL=http://keycloak.keycloak.svc.cluster.local:8080/keycloak +{{{ end }}} +{{{ if eq .Env.CLUSTER_TYPE "osc" }}} + KEYCLOAK_URL=https://{{{ .Env.DOMAIN }}}/keycloak +{{{ end }}} KEYCLOAK_TOKEN=$(curl -sS --fail-with-body -X POST -H "Content-Type: application/x-www-form-urlencoded" \ --data-urlencode "username=cnoe-admin" \ From 4128ea7466e5cb176b4757fec1d9d6e4aa306de1 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Tue, 17 Dec 2024 19:45:28 +0100 Subject: [PATCH 20/24] merge step 1 --- .../stacks/core/ingress-nginx/values.yaml | 8 + .../local-backup/minio/helm/values.yaml | 6 + .../dashboards/dashboard_nginx-ingress.yaml | 1577 +++++++++++++++++ .../monitoring/kube-prometheus/values.yaml | 18 +- .../kube-prometheus/values_test_osc.yaml | 15 - template/stacks/monitoring/loki/values.yaml | 10 +- .../entities/catalog-info.yaml | 1 + .../entities/spring-petclinic/README.md | 94 + .../.github/workflows/gradle-build.yml | 32 + .../.github/workflows/maven-build.yml | 63 + .../skeleton/catalog-info.yaml | 36 + .../spring-petclinic/skeleton/k8s/db.yml | 76 + .../skeleton/k8s/petclinic.yml | 125 ++ .../entities/spring-petclinic/template.yaml | 84 + .../backstage/manifests/install.yaml | 2 + .../external-secrets/manifests/role.yaml | 9 + .../manifests/rolebinding.yaml | 13 + .../manifests/secret-store.yaml | 20 + .../ref-implementation/openbao/values.yaml | 25 +- 19 files changed, 2184 insertions(+), 30 deletions(-) create mode 100644 template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml delete mode 100644 template/stacks/monitoring/kube-prometheus/values_test_osc.yaml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml create mode 100644 template/stacks/ref-implementation/external-secrets/manifests/role.yaml create mode 100644 template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml create mode 100644 template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml diff --git a/template/stacks/core/ingress-nginx/values.yaml b/template/stacks/core/ingress-nginx/values.yaml index a1e5923..7bb7aa2 100644 --- a/template/stacks/core/ingress-nginx/values.yaml +++ b/template/stacks/core/ingress-nginx/values.yaml @@ -15,6 +15,14 @@ controller: proxy-buffer-size: 32k use-forwarded-headers: "true" + # monitoring nginx + metrics: + enabled: true + serviceMonitor: + additionalLabels: + release: "ingress-nginx" + enabled: true + {{{ if eq .Env.CLUSTER_TYPE "kind" }}} hostPort: enabled: true diff --git a/template/stacks/local-backup/minio/helm/values.yaml b/template/stacks/local-backup/minio/helm/values.yaml index eff14f0..a5c9aed 100644 --- a/template/stacks/local-backup/minio/helm/values.yaml +++ b/template/stacks/local-backup/minio/helm/values.yaml @@ -14,4 +14,10 @@ persistence: buckets: - name: edfbuilder-backups +consoleIngress: + enabled: true + ingressClassName: nginx + hosts: + - minio-backup.{{{ .Env.DOMAIN }}} + existingSecret: root-creds diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml new file mode 100644 index 0000000..8436c8c --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml @@ -0,0 +1,1577 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-4 + labels: + grafana_dashboard: "1" +data: + k8s-dashboard-04.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 32, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_response_size_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller response size sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 15, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_response_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller response duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 14, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_request_size_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller request size sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 13, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_request_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller request duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 12, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_orphan_ingress", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller orphan ingress", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 11, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_nginx_process_requests_total", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller nginx process requests total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 48 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_nginx_process_read_bytes_total", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller nginx process read bytes total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_nginx_process_connections_total", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller nginx process connections total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 64 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_ingress_upstream_latency_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller ingress upstream latency seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 72 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_header_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller header duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 80 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_connect_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller connect duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 88 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_config_last_reload_successful_timestamp_seconds", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller config last reload successful timestamp seconds", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 96 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_bytes_sent_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller bytes sent sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 104 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_admission_roundtrip_duration", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller admission roundtrip duration", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 112 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_admission_render_ingresses", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller admission render ingresses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 120 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_admission_render_duration", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller admission render duration", + "type": "timeseries" + } + ], + "preload": false, + "schemaVersion": 40, + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Nginx Ingress Controller", + "uid": "ae6eoqdik5n28e", + "version": 1, + "weekStart": "" + } \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index 0d2cd88..9c0ca32 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -13,9 +13,9 @@ grafana: type: loki url: http://loki-loki-distributed-gateway.monitoring:80 - syncPolicy: - syncOptions: - - ServerSideApply=true + # syncPolicy: + # syncOptions: + # - ServerSideApply=true sidecar: dashboards: @@ -32,4 +32,14 @@ grafana: server: domain: {{{ .Env.DOMAIN }}} root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true \ No newline at end of file + serve_from_sub_path: true + + serviceMonitor: + # If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator + enabled: true + +#monitoring nginx +prometheus: + prometheusSpec: + podMonitorSelectorNilUsesHelmValues: false + serviceMonitorSelectorNilUsesHelmValues: false diff --git a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml deleted file mode 100644 index 21e8a8b..0000000 --- a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml +++ /dev/null @@ -1,15 +0,0 @@ -grafana: - namespaceOverride: "monitoring" - - grafana.ini: - server: - domain: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live - root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true - - ingress: - enabled: true - ingressClassName: nginx - hosts: - - {{{ .Env.DOMAIN }}} - path: /grafana \ No newline at end of file diff --git a/template/stacks/monitoring/loki/values.yaml b/template/stacks/monitoring/loki/values.yaml index e682468..5cc5c1f 100644 --- a/template/stacks/monitoring/loki/values.yaml +++ b/template/stacks/monitoring/loki/values.yaml @@ -3,11 +3,5 @@ loki: replication_factor: 1 auth_enabled: false - #experimental - storageConfig: - # boltdb_shipper: - # shared_store: s3 - # aws: - # s3: s3://${cluster_region} - # bucketnames: ${bucket_name} - filesystem: null +# storageConfig: +# filesystem: null diff --git a/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml index 69139f1..b6f40c3 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml @@ -9,6 +9,7 @@ spec: - ./argo-workflows/template.yaml - ./app-with-bucket/template.yaml - ./demo-go-hello-world/template.yaml + - ./spring-petclinic/template.yaml --- apiVersion: backstage.io/v1alpha1 kind: Location diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md new file mode 100644 index 0000000..dceeb4a --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md @@ -0,0 +1,94 @@ +## Spring PetClinic Template + +This template can deploy a fork of Spring's PetClinic and showcase the entire +development workflow from version control over build and deployment into +kubernetes to monitoring the state at runtime. + +The goal is to demonstrate the migration of an existing GitHub project into the +stack by applying only minimal changes for compatibility. These changes +include: + + - Overwriting the CI workflows due to compatibility with forgejo actions and + container issues, thus making builds container less. + - Extending the kubernetes manifests to use Ingress and Service objects + - Integrate Prometheus monitoring endpoint + + +### Backstage - Forking + +The Backstage template allows you to define a URL to 'fork' from. However, +the template does not actually create a git fork but downloads the latest +`HEAD` from a given branch. The source repository has to be known by backstage +so it can apply the correct download mechanism, see `backend.integrations` in +the backstage config. + +In the first step, the original source code is downloaded from the given +upstream repository. Subsequently, overrides provided by the template are +copied into the codebase replacing some workflow and deployment files. + +This 'merged' codebase is pushed into a new git repository in the supplied +forgejo instance. Additionally, an ArgoCD deployment is created based on this +new given repo. + + +### Forgejo - CI with Forgejo Actions + +As soon as the patched codebase is pushed into the forgejo git repository, +forgejo actions are triggered and start executing the three existing workflows. +However, only the two build workflows are patched to work within the current +stack, the third deployment workflow fails as it cannot start a kind cluster. + +In the current configuration, workflows are by default executed in a minimal +node-debian container. This suffices in most cases to run GitHub actions. + +Like in the original upstream repository on GitHub, a Gradle- and a Maven-based +workflow are started. The Gradle one only executes a simple java build while +the Maven version also includes the creation of a container image and a +trivy-based security scan. + +Both workflows are patched as referencing of actions differs in forgejo actions +from GitHub actions. In GitHub Actions, actions are rerefenced as paths to +github repositories. In Forgejo Actions, this mechanism similarly refers to +actions hosted on `code.forgejo.org` even on self-hosted instances. As only a +small subset of actions is ported to `code.forgejo.org` due to licensing and +compatibility (not all GitHub actions can work with forgejo actions), forgejo +actions also allow referencing actions by URL. Thus, the action +`https://github.com/actions/setup-java` instructs the forgejo runner to +download the action from GitHub. (The default actions repository can be +overwritten) + +Creating the application container within the Maven workflow is accomplished +without using 'native' container tooling, i.e. docker or podman. Besides this +being favorable as it introduces less side effects, the current stack +implementation does not support running nested containers, yet. + +Furthermore, as the system uses self-signed certificates, certificate checks +are disabled throughout the system for now. + +After a successful build, the container image is published into the Forgejo +container registry and can be pulled for deployment. + + +### ArgoCD - Deployment + +The PetClinic consists of two components, a persistent PostgreSQL database and +the java application that is compiled from source. On execution of the +Backstage template an application deployment is created in ArgoCD. The +resources defined in the newly created git repository are synchronized into the +kubernetes cluster. However, as the java app container has to be built by +the CI workflows, the deployment will initially fail but become successful as +soon as the container image is available. + + + +### Prometheus & Grafana - Monitoring + +Prometheus and Grafana among others are deployed as apart of the IDP monitoring +stack. To integrate with these existing components the Backstage template adds +a ServiceMonitor definition to the deployment of the PetClinic. It instructs +Prometheus to scrape the `actuator/prometheus` endpoint in specific intervals. +The data contains jvm health data and can be visualized in Grafana. + +As the upstream PetClinic on GitHub does not contain the necessary dependencies +to enable the Prometheus endpoint, the app is by default bootstrapped from +a fork that contains the `micrometer-registry-prometheus` dependency. diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml new file mode 100644 index 0000000..61fadfd --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml @@ -0,0 +1,32 @@ +# This workflow will build a Java project with Gradle, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle + +name: Java CI with Gradle + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v4 + - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %} + uses: https://github.com/actions/setup-java@v4 + with: + java-version: '{% raw %}${{matrix.java}}{% endraw %}' + distribution: 'adopt' + cache: maven + - name: Setup Gradle + uses: https://github.com/gradle/actions/setup-gradle@v4 + - name: Build with Gradle + run: ./gradlew build + diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml new file mode 100644 index 0000000..f04cf78 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml @@ -0,0 +1,63 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-maven + +name: Java CI with Maven + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + + runs-on: ubuntu-latest + #container: + # image: ghcr.io/catthehacker/ubuntu:act-latest # the large image + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v4 + - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %} + uses: https://github.com/actions/setup-java@v4 + with: + java-version: '{% raw %}${{matrix.java}}{% endraw %}' + distribution: 'adopt' + cache: maven + - name: Build with Maven Wrapper + run: ./mvnw -B verify + - name: Build image + #run: ./mvnw spring-boot:build-image # the original image build + run: | + export CONTAINER_REPO=$(echo {% raw %}${{ env.GITHUB_REPOSITORY }}{% endraw %} | tr '[:upper:]' '[:lower:]') + ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage=gitea.{{{ .Env.DOMAIN }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} + - name: Build image as tar + run: | + ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:buildTar -Djib.allowInsecureRegistries=true + # separating the trivy scan into another job is not necessary. It, however, demonstrates forgejo's compatibility with GitHub + - uses: forgejo/upload-artifact@v4 + with: + name: petclinic-image + path: target/jib-image.tar + env: + NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this + + securityscan: + runs-on: ubuntu-latest + #container: + # image: aquasec/trivy # the container does not contain node... + steps: + - uses: forgejo/download-artifact@v4 + with: + name: petclinic-image + env: + NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this + - name: install trivy from deb package + run: | + wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-64bit.deb + DEBIAN_FRONTEND=noninteractive dpkg -i trivy.deb + - name: scan the image + run: trivy image --input jib-image.tar diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml new file mode 100644 index 0000000..94a7880 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: backstage.io/v1alpha1 +kind: Component +metadata: + name: ${{ values.name }} + description: This is a Backstage component created from the custom template that forks the PetClinic + annotations: + backstage.io/techdocs-ref: dir:. + backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}' + backstage.io/kubernetes-namespace: gitea + links: + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + title: Repo URL + icon: git +spec: + owner: guests + lifecycle: experimental + type: service + system: ${{ values.name | dump }} +--- +apiVersion: backstage.io/v1alpha1 +kind: System +metadata: + name: ${{ values.name | dump }} + description: A system for managing services created from the Gitea template. + annotations: + backstage.io/techdocs-ref: dir:. + links: + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + title: Gitea Repo + icon: git +spec: + owner: guests + lifecycle: experimental + type: service + diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml new file mode 100644 index 0000000..aff866e --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml @@ -0,0 +1,76 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: demo-db + namespace: ${{ values.namespace }} +type: servicebinding.io/postgresql +stringData: + type: "postgresql" + provider: "postgresql" + host: "demo-db" + port: "5432" + database: "petclinic" + username: "user" + password: "pass" + +--- +apiVersion: v1 +kind: Service +metadata: + name: demo-db + namespace: ${{ values.namespace }} +spec: + ports: + - port: 5432 + selector: + app: demo-db + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: demo-db + namespace: ${{ values.namespace }} + labels: + app: demo-db +spec: + selector: + matchLabels: + app: demo-db + template: + metadata: + labels: + app: demo-db + spec: + containers: + - image: postgres:17 + name: postgresql + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: demo-db + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: demo-db + key: password + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: demo-db + key: database + ports: + - containerPort: 5432 + name: postgresql + livenessProbe: + tcpSocket: + port: postgresql + readinessProbe: + tcpSocket: + port: postgresql + startupProbe: + tcpSocket: + port: postgresql diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml new file mode 100644 index 0000000..5098ca3 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml @@ -0,0 +1,125 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ${{ values.namespace }} +--- +apiVersion: v1 +kind: Service +metadata: + name: petclinic + namespace: ${{ values.namespace }} + labels: + app: petclinic +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: http + name: http + selector: + app: petclinic +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ${{ values.namespace }}-petclinic + namespace: ${{ values.namespace }} +spec: + ingressClassName: nginx + rules: + - host: ${{ values.namespace }}.{{{ .Env.DOMAIN }}} + http: + paths: + - backend: + service: + name: petclinic + port: + name: http + path: / + pathType: Prefix +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: petclinic + namespace: ${{ values.namespace }} + labels: + app: petclinic +spec: + replicas: 1 + selector: + matchLabels: + app: petclinic + template: + metadata: + labels: + app: petclinic + spec: + containers: + - name: workload + image: gitea.{{{ .Env.DOMAIN }}}/giteaadmin/${{ values.name }} + env: + - name: SPRING_PROFILES_ACTIVE + value: postgres + - name: POSTGRES_URL + value: jdbc:postgresql://demo-db/petclinic + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: demo-db + key: username + - name: POSTGRES_PASS + valueFrom: + secretKeyRef: + name: demo-db + key: password + - name: SERVICE_BINDING_ROOT + value: /bindings + - name: SPRING_APPLICATION_JSON + value: | + { + "management.endpoint.health.probes.add-additional-paths": true + } + ports: + - name: http + containerPort: 8080 + livenessProbe: + httpGet: + path: /livez + port: http + readinessProbe: + httpGet: + path: /readyz + port: http + volumeMounts: + - mountPath: /bindings/secret + name: binding + readOnly: true + volumes: + - name: binding + projected: + sources: + - secret: + name: demo-db + +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: ${{ values.namespace }}-petclinic-monitor + namespace: monitoring # Namespace where Prometheus is running + labels: + release: kube-prometheus-stack # this must match Prometheus' service monitor matching +spec: + selector: + matchLabels: + app: petclinic # Match your application's labels + namespaceSelector: + matchNames: + - ${{ values.namespace }} # Namespace where your app is running + endpoints: + - port: http # Name of the port in your Service + path: /actuator/prometheus # Path to your metrics endpoint + interval: 15s # How often to scrape metrics + diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml new file mode 100644 index 0000000..50afc43 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml @@ -0,0 +1,84 @@ +apiVersion: scaffolder.backstage.io/v1beta3 +kind: Template +metadata: + name: spring-petclinic + title: Spring PetClinic template + description: An example template for the scaffolder that creates a 'fork' of Spring's PetClinic +spec: + owner: user:guest + type: service + + parameters: + - title: Fill in some steps + required: + - name + properties: + name: + title: Project Name + type: string + description: Unique name of the fork app + ui:autofocus: true + upstreamurl: + title: Repo to Fork + type: string + description: The URL of the repo to fork + default: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Patrick.Sy/ipcei-petclinic/src/branch/main + ui:emptyValue: 'https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Patrick.Sy/ipcei-petclinic/src/branch/main' + + steps: + - id: fetch-code # get the latest upstream code + name: Fetch Code + action: fetch:plain + input: + # url: https://github.com/spring-projects/spring-petclinic/tree/main + url: ${{ parameters.upstreamurl }} + + - id: fetch-overrides # Apply specific overrides to add features and make modifications for compatibility + name: Fetch Overrides + action: fetch:template + input: + # url: ./skeleton/.github/workflows + # targetPath: ./.github/workflows + url: ./skeleton/ + targetPath: ./ + replace: true + values: + name: ${{ parameters.name }} + namespace: ${{ parameters.name }} + + - id: publish + name: Publish to Gitea + action: publish:gitea + input: + repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} + description: This is the repository for ${{ parameters.name }} + sourcePath: ./ + defaultBranch: main + + - id: create-argocd-app + name: Create ArgoCD App + action: cnoe:create-argocd-app + input: + appName: ${{parameters.name}} + appNamespace: ${{parameters.name}} + argoInstance: in-cluster + projectName: default + # necessary until we generate our own cert + repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} + path: "k8s" + + - id: register + name: Register in Catalog + action: catalog:register + input: + repoContentsUrl: ${{ steps['publish'].output.repoContentsUrl }} + catalogInfoPath: 'catalog-info.yaml' + + output: + links: + - title: Repository + url: ${{ steps['publish'].output.remoteUrl }} + - title: Open in Catalog + icon: catalog + entityRef: ${{ steps['register'].output.entityRef }} + diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index bd65421..b46fbd4 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -114,6 +114,8 @@ data: host: gitea.{{{ .Env.DOMAIN }}} username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} + - baseUrl: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live + host: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live # github: # - host: github.com # apps: diff --git a/template/stacks/ref-implementation/external-secrets/manifests/role.yaml b/template/stacks/ref-implementation/external-secrets/manifests/role.yaml new file mode 100644 index 0000000..53be85c --- /dev/null +++ b/template/stacks/ref-implementation/external-secrets/manifests/role.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: openbao + name: external-secrets-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] \ No newline at end of file diff --git a/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml b/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml new file mode 100644 index 0000000..7baa725 --- /dev/null +++ b/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: external-secrets-rolebinding + namespace: openbao +subjects: + - kind: ServiceAccount + name: external-secrets + namespace: external-secrets +roleRef: + kind: Role + name: external-secrets-role + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml b/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml new file mode 100644 index 0000000..c3fa8e7 --- /dev/null +++ b/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml @@ -0,0 +1,20 @@ +# cluster-store.yaml +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore #Kubernetes resource type +metadata: + name: bao-backend #resource name + namespace: openbao +spec: + provider: + vault: #specifies vault as the provider + # server: "http://10.244.0.28:8200" # how to map it dynamically? + server: "http://openbao.openbao.svc.cluster.local:8200" + path: "data" #path for accessing the secrets + version: "v1" #Vault API version + auth: + tokenSecretRef: + name: "vault-token" #Use a secret called vault-token + key: "token" #THIS REFERENCES THE INITIAL TOKEN NOW SAVED AS A K8 SECRET + +# openbao-0.openbao.pod.cluster.local +# 10.96.59.250:8200 \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 7fecb1d..e3e6761 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,6 +1,25 @@ server: - dev: + ingress: enabled: true - + ingressClassName: nginx + hosts: + - host: openbao.{{{ .Env.DOMAIN }}} + paths: [] + # dev: + # enabled: true + postStart: + - sh + - -c + - | + sleep 10 + bao operator init >> /tmp/init.txt + cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} + echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt + echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt + echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt + echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt + echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt + echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt + rm /tmp/init.txt ui: - enabled: true \ No newline at end of file + enabled: true From f3dfdf66eab6589db99d901a6eae2ab6dce89de8 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Tue, 17 Dec 2024 20:06:16 +0100 Subject: [PATCH 21/24] merge step 2 --- .../stacks/core/ingress-nginx/values.yaml | 8 + .../local-backup/minio/helm/values.yaml | 6 + .../stacks/monitoring/kube-prometheus.yaml | 2 +- .../dashboards/dashboard_nginx-ingress.yaml | 1577 +++++++++++++++++ .../monitoring/kube-prometheus/values.yaml | 14 +- .../kube-prometheus/values_test_osc.yaml | 15 - template/stacks/monitoring/loki/values.yaml | 10 +- .../argo-workflows/manifests/dev/ingress.yaml | 31 + .../entities/catalog-info.yaml | 1 + .../entities/spring-petclinic/README.md | 94 + .../.github/workflows/gradle-build.yml | 32 + .../.github/workflows/maven-build.yml | 63 + .../skeleton/catalog-info.yaml | 36 + .../spring-petclinic/skeleton/k8s/db.yml | 76 + .../skeleton/k8s/petclinic.yml | 125 ++ .../entities/spring-petclinic/template.yaml | 84 + .../backstage/manifests/install.yaml | 2 + .../external-secrets/manifests/role.yaml | 9 + .../manifests/rolebinding.yaml | 13 + .../manifests/secret-store.yaml | 20 + .../fibonacci-app/ingress.yaml | 18 + .../keycloak/manifests/ingress.yaml | 30 + .../ref-implementation/openbao/values.yaml | 19 +- 23 files changed, 2255 insertions(+), 30 deletions(-) create mode 100644 template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml delete mode 100644 template/stacks/monitoring/kube-prometheus/values_test_osc.yaml create mode 100644 template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml create mode 100644 template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml create mode 100644 template/stacks/ref-implementation/external-secrets/manifests/role.yaml create mode 100644 template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml create mode 100644 template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml create mode 100644 template/stacks/ref-implementation/fibonacci-app/ingress.yaml create mode 100644 template/stacks/ref-implementation/keycloak/manifests/ingress.yaml diff --git a/template/stacks/core/ingress-nginx/values.yaml b/template/stacks/core/ingress-nginx/values.yaml index a1e5923..108980b 100644 --- a/template/stacks/core/ingress-nginx/values.yaml +++ b/template/stacks/core/ingress-nginx/values.yaml @@ -15,6 +15,14 @@ controller: proxy-buffer-size: 32k use-forwarded-headers: "true" + #monitoring nginx + metrics: + enabled: true + serviceMonitor: + additionalLabels: + release: "ingress-nginx" + enabled: true + {{{ if eq .Env.CLUSTER_TYPE "kind" }}} hostPort: enabled: true diff --git a/template/stacks/local-backup/minio/helm/values.yaml b/template/stacks/local-backup/minio/helm/values.yaml index eff14f0..a5c9aed 100644 --- a/template/stacks/local-backup/minio/helm/values.yaml +++ b/template/stacks/local-backup/minio/helm/values.yaml @@ -14,4 +14,10 @@ persistence: buckets: - name: edfbuilder-backups +consoleIngress: + enabled: true + ingressClassName: nginx + hosts: + - minio-backup.{{{ .Env.DOMAIN }}} + existingSecret: root-creds diff --git a/template/stacks/monitoring/kube-prometheus.yaml b/template/stacks/monitoring/kube-prometheus.yaml index d526415..f4f6ea5 100644 --- a/template/stacks/monitoring/kube-prometheus.yaml +++ b/template/stacks/monitoring/kube-prometheus.yaml @@ -14,7 +14,7 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true - - ServerSideApply=true # TODO: RIRE What does this mean: do not copy metdata, since (because of its large size) it can lead to sync failure + - ServerSideApply=true # do not copy metdata, since (because of its large size) it can lead to sync failure destination: name: in-cluster namespace: monitoring diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml new file mode 100644 index 0000000..8436c8c --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml @@ -0,0 +1,1577 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-4 + labels: + grafana_dashboard: "1" +data: + k8s-dashboard-04.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 32, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_response_size_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller response size sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 15, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_response_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller response duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 14, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_request_size_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller request size sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 13, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_request_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller request duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 12, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_orphan_ingress", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller orphan ingress", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 11, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_nginx_process_requests_total", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller nginx process requests total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 48 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_nginx_process_read_bytes_total", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller nginx process read bytes total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_nginx_process_connections_total", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller nginx process connections total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 64 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_ingress_upstream_latency_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller ingress upstream latency seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 72 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_header_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller header duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 80 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_connect_duration_seconds_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller connect duration seconds sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 88 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_config_last_reload_successful_timestamp_seconds", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller config last reload successful timestamp seconds", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 96 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_bytes_sent_sum", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller bytes sent sum", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 104 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_admission_roundtrip_duration", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller admission roundtrip duration", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 112 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_admission_render_ingresses", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller admission render ingresses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 120 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "nginx_ingress_controller_admission_render_duration", + "fullMetaSearch": false, + "includeNullMetadata": true, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "nginx ingress controller admission render duration", + "type": "timeseries" + } + ], + "preload": false, + "schemaVersion": 40, + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Nginx Ingress Controller", + "uid": "ae6eoqdik5n28e", + "version": 1, + "weekStart": "" + } \ No newline at end of file diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index 0d2cd88..a9fd935 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -15,7 +15,7 @@ grafana: syncPolicy: syncOptions: - - ServerSideApply=true + - ServerSideApply=true sidecar: dashboards: @@ -32,4 +32,14 @@ grafana: server: domain: {{{ .Env.DOMAIN }}} root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true \ No newline at end of file + serve_from_sub_path: true + + serviceMonitor: + # If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator + enabled: true + +#monitoring nginx +prometheus: + prometheusSpec: + podMonitorSelectorNilUsesHelmValues: false + serviceMonitorSelectorNilUsesHelmValues: false diff --git a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml b/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml deleted file mode 100644 index 21e8a8b..0000000 --- a/template/stacks/monitoring/kube-prometheus/values_test_osc.yaml +++ /dev/null @@ -1,15 +0,0 @@ -grafana: - namespaceOverride: "monitoring" - - grafana.ini: - server: - domain: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live - root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true - - ingress: - enabled: true - ingressClassName: nginx - hosts: - - {{{ .Env.DOMAIN }}} - path: /grafana \ No newline at end of file diff --git a/template/stacks/monitoring/loki/values.yaml b/template/stacks/monitoring/loki/values.yaml index e682468..5cc5c1f 100644 --- a/template/stacks/monitoring/loki/values.yaml +++ b/template/stacks/monitoring/loki/values.yaml @@ -3,11 +3,5 @@ loki: replication_factor: 1 auth_enabled: false - #experimental - storageConfig: - # boltdb_shipper: - # shared_store: s3 - # aws: - # s3: s3://${cluster_region} - # bucketnames: ${bucket_name} - filesystem: null +# storageConfig: +# filesystem: null diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml new file mode 100644 index 0000000..358bf6b --- /dev/null +++ b/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: argo-workflows-ingress + namespace: argo + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 +spec: + ingressClassName: "nginx" + rules: + - host: localhost + http: + paths: + - path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific + backend: + service: + name: argo-server + port: + name: web + - host: {{{ .Env.DOMAIN }}} + http: + paths: + - path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific + backend: + service: + name: argo-server + port: + name: web diff --git a/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml index 69139f1..b6f40c3 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml @@ -9,6 +9,7 @@ spec: - ./argo-workflows/template.yaml - ./app-with-bucket/template.yaml - ./demo-go-hello-world/template.yaml + - ./spring-petclinic/template.yaml --- apiVersion: backstage.io/v1alpha1 kind: Location diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md new file mode 100644 index 0000000..dceeb4a --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md @@ -0,0 +1,94 @@ +## Spring PetClinic Template + +This template can deploy a fork of Spring's PetClinic and showcase the entire +development workflow from version control over build and deployment into +kubernetes to monitoring the state at runtime. + +The goal is to demonstrate the migration of an existing GitHub project into the +stack by applying only minimal changes for compatibility. These changes +include: + + - Overwriting the CI workflows due to compatibility with forgejo actions and + container issues, thus making builds container less. + - Extending the kubernetes manifests to use Ingress and Service objects + - Integrate Prometheus monitoring endpoint + + +### Backstage - Forking + +The Backstage template allows you to define a URL to 'fork' from. However, +the template does not actually create a git fork but downloads the latest +`HEAD` from a given branch. The source repository has to be known by backstage +so it can apply the correct download mechanism, see `backend.integrations` in +the backstage config. + +In the first step, the original source code is downloaded from the given +upstream repository. Subsequently, overrides provided by the template are +copied into the codebase replacing some workflow and deployment files. + +This 'merged' codebase is pushed into a new git repository in the supplied +forgejo instance. Additionally, an ArgoCD deployment is created based on this +new given repo. + + +### Forgejo - CI with Forgejo Actions + +As soon as the patched codebase is pushed into the forgejo git repository, +forgejo actions are triggered and start executing the three existing workflows. +However, only the two build workflows are patched to work within the current +stack, the third deployment workflow fails as it cannot start a kind cluster. + +In the current configuration, workflows are by default executed in a minimal +node-debian container. This suffices in most cases to run GitHub actions. + +Like in the original upstream repository on GitHub, a Gradle- and a Maven-based +workflow are started. The Gradle one only executes a simple java build while +the Maven version also includes the creation of a container image and a +trivy-based security scan. + +Both workflows are patched as referencing of actions differs in forgejo actions +from GitHub actions. In GitHub Actions, actions are rerefenced as paths to +github repositories. In Forgejo Actions, this mechanism similarly refers to +actions hosted on `code.forgejo.org` even on self-hosted instances. As only a +small subset of actions is ported to `code.forgejo.org` due to licensing and +compatibility (not all GitHub actions can work with forgejo actions), forgejo +actions also allow referencing actions by URL. Thus, the action +`https://github.com/actions/setup-java` instructs the forgejo runner to +download the action from GitHub. (The default actions repository can be +overwritten) + +Creating the application container within the Maven workflow is accomplished +without using 'native' container tooling, i.e. docker or podman. Besides this +being favorable as it introduces less side effects, the current stack +implementation does not support running nested containers, yet. + +Furthermore, as the system uses self-signed certificates, certificate checks +are disabled throughout the system for now. + +After a successful build, the container image is published into the Forgejo +container registry and can be pulled for deployment. + + +### ArgoCD - Deployment + +The PetClinic consists of two components, a persistent PostgreSQL database and +the java application that is compiled from source. On execution of the +Backstage template an application deployment is created in ArgoCD. The +resources defined in the newly created git repository are synchronized into the +kubernetes cluster. However, as the java app container has to be built by +the CI workflows, the deployment will initially fail but become successful as +soon as the container image is available. + + + +### Prometheus & Grafana - Monitoring + +Prometheus and Grafana among others are deployed as apart of the IDP monitoring +stack. To integrate with these existing components the Backstage template adds +a ServiceMonitor definition to the deployment of the PetClinic. It instructs +Prometheus to scrape the `actuator/prometheus` endpoint in specific intervals. +The data contains jvm health data and can be visualized in Grafana. + +As the upstream PetClinic on GitHub does not contain the necessary dependencies +to enable the Prometheus endpoint, the app is by default bootstrapped from +a fork that contains the `micrometer-registry-prometheus` dependency. diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml new file mode 100644 index 0000000..61fadfd --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml @@ -0,0 +1,32 @@ +# This workflow will build a Java project with Gradle, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle + +name: Java CI with Gradle + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v4 + - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %} + uses: https://github.com/actions/setup-java@v4 + with: + java-version: '{% raw %}${{matrix.java}}{% endraw %}' + distribution: 'adopt' + cache: maven + - name: Setup Gradle + uses: https://github.com/gradle/actions/setup-gradle@v4 + - name: Build with Gradle + run: ./gradlew build + diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml new file mode 100644 index 0000000..f04cf78 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml @@ -0,0 +1,63 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-maven + +name: Java CI with Maven + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + + runs-on: ubuntu-latest + #container: + # image: ghcr.io/catthehacker/ubuntu:act-latest # the large image + strategy: + matrix: + java: [ '17' ] + + steps: + - uses: actions/checkout@v4 + - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %} + uses: https://github.com/actions/setup-java@v4 + with: + java-version: '{% raw %}${{matrix.java}}{% endraw %}' + distribution: 'adopt' + cache: maven + - name: Build with Maven Wrapper + run: ./mvnw -B verify + - name: Build image + #run: ./mvnw spring-boot:build-image # the original image build + run: | + export CONTAINER_REPO=$(echo {% raw %}${{ env.GITHUB_REPOSITORY }}{% endraw %} | tr '[:upper:]' '[:lower:]') + ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage=gitea.{{{ .Env.DOMAIN }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} + - name: Build image as tar + run: | + ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:buildTar -Djib.allowInsecureRegistries=true + # separating the trivy scan into another job is not necessary. It, however, demonstrates forgejo's compatibility with GitHub + - uses: forgejo/upload-artifact@v4 + with: + name: petclinic-image + path: target/jib-image.tar + env: + NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this + + securityscan: + runs-on: ubuntu-latest + #container: + # image: aquasec/trivy # the container does not contain node... + steps: + - uses: forgejo/download-artifact@v4 + with: + name: petclinic-image + env: + NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this + - name: install trivy from deb package + run: | + wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-64bit.deb + DEBIAN_FRONTEND=noninteractive dpkg -i trivy.deb + - name: scan the image + run: trivy image --input jib-image.tar diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml new file mode 100644 index 0000000..94a7880 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: backstage.io/v1alpha1 +kind: Component +metadata: + name: ${{ values.name }} + description: This is a Backstage component created from the custom template that forks the PetClinic + annotations: + backstage.io/techdocs-ref: dir:. + backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}' + backstage.io/kubernetes-namespace: gitea + links: + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + title: Repo URL + icon: git +spec: + owner: guests + lifecycle: experimental + type: service + system: ${{ values.name | dump }} +--- +apiVersion: backstage.io/v1alpha1 +kind: System +metadata: + name: ${{ values.name | dump }} + description: A system for managing services created from the Gitea template. + annotations: + backstage.io/techdocs-ref: dir:. + links: + - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + title: Gitea Repo + icon: git +spec: + owner: guests + lifecycle: experimental + type: service + diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml new file mode 100644 index 0000000..aff866e --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml @@ -0,0 +1,76 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: demo-db + namespace: ${{ values.namespace }} +type: servicebinding.io/postgresql +stringData: + type: "postgresql" + provider: "postgresql" + host: "demo-db" + port: "5432" + database: "petclinic" + username: "user" + password: "pass" + +--- +apiVersion: v1 +kind: Service +metadata: + name: demo-db + namespace: ${{ values.namespace }} +spec: + ports: + - port: 5432 + selector: + app: demo-db + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: demo-db + namespace: ${{ values.namespace }} + labels: + app: demo-db +spec: + selector: + matchLabels: + app: demo-db + template: + metadata: + labels: + app: demo-db + spec: + containers: + - image: postgres:17 + name: postgresql + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: demo-db + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: demo-db + key: password + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: demo-db + key: database + ports: + - containerPort: 5432 + name: postgresql + livenessProbe: + tcpSocket: + port: postgresql + readinessProbe: + tcpSocket: + port: postgresql + startupProbe: + tcpSocket: + port: postgresql diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml new file mode 100644 index 0000000..5098ca3 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml @@ -0,0 +1,125 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ${{ values.namespace }} +--- +apiVersion: v1 +kind: Service +metadata: + name: petclinic + namespace: ${{ values.namespace }} + labels: + app: petclinic +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: http + name: http + selector: + app: petclinic +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ${{ values.namespace }}-petclinic + namespace: ${{ values.namespace }} +spec: + ingressClassName: nginx + rules: + - host: ${{ values.namespace }}.{{{ .Env.DOMAIN }}} + http: + paths: + - backend: + service: + name: petclinic + port: + name: http + path: / + pathType: Prefix +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: petclinic + namespace: ${{ values.namespace }} + labels: + app: petclinic +spec: + replicas: 1 + selector: + matchLabels: + app: petclinic + template: + metadata: + labels: + app: petclinic + spec: + containers: + - name: workload + image: gitea.{{{ .Env.DOMAIN }}}/giteaadmin/${{ values.name }} + env: + - name: SPRING_PROFILES_ACTIVE + value: postgres + - name: POSTGRES_URL + value: jdbc:postgresql://demo-db/petclinic + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: demo-db + key: username + - name: POSTGRES_PASS + valueFrom: + secretKeyRef: + name: demo-db + key: password + - name: SERVICE_BINDING_ROOT + value: /bindings + - name: SPRING_APPLICATION_JSON + value: | + { + "management.endpoint.health.probes.add-additional-paths": true + } + ports: + - name: http + containerPort: 8080 + livenessProbe: + httpGet: + path: /livez + port: http + readinessProbe: + httpGet: + path: /readyz + port: http + volumeMounts: + - mountPath: /bindings/secret + name: binding + readOnly: true + volumes: + - name: binding + projected: + sources: + - secret: + name: demo-db + +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: ${{ values.namespace }}-petclinic-monitor + namespace: monitoring # Namespace where Prometheus is running + labels: + release: kube-prometheus-stack # this must match Prometheus' service monitor matching +spec: + selector: + matchLabels: + app: petclinic # Match your application's labels + namespaceSelector: + matchNames: + - ${{ values.namespace }} # Namespace where your app is running + endpoints: + - port: http # Name of the port in your Service + path: /actuator/prometheus # Path to your metrics endpoint + interval: 15s # How often to scrape metrics + diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml new file mode 100644 index 0000000..50afc43 --- /dev/null +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml @@ -0,0 +1,84 @@ +apiVersion: scaffolder.backstage.io/v1beta3 +kind: Template +metadata: + name: spring-petclinic + title: Spring PetClinic template + description: An example template for the scaffolder that creates a 'fork' of Spring's PetClinic +spec: + owner: user:guest + type: service + + parameters: + - title: Fill in some steps + required: + - name + properties: + name: + title: Project Name + type: string + description: Unique name of the fork app + ui:autofocus: true + upstreamurl: + title: Repo to Fork + type: string + description: The URL of the repo to fork + default: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Patrick.Sy/ipcei-petclinic/src/branch/main + ui:emptyValue: 'https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Patrick.Sy/ipcei-petclinic/src/branch/main' + + steps: + - id: fetch-code # get the latest upstream code + name: Fetch Code + action: fetch:plain + input: + # url: https://github.com/spring-projects/spring-petclinic/tree/main + url: ${{ parameters.upstreamurl }} + + - id: fetch-overrides # Apply specific overrides to add features and make modifications for compatibility + name: Fetch Overrides + action: fetch:template + input: + # url: ./skeleton/.github/workflows + # targetPath: ./.github/workflows + url: ./skeleton/ + targetPath: ./ + replace: true + values: + name: ${{ parameters.name }} + namespace: ${{ parameters.name }} + + - id: publish + name: Publish to Gitea + action: publish:gitea + input: + repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} + description: This is the repository for ${{ parameters.name }} + sourcePath: ./ + defaultBranch: main + + - id: create-argocd-app + name: Create ArgoCD App + action: cnoe:create-argocd-app + input: + appName: ${{parameters.name}} + appNamespace: ${{parameters.name}} + argoInstance: in-cluster + projectName: default + # necessary until we generate our own cert + repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} + path: "k8s" + + - id: register + name: Register in Catalog + action: catalog:register + input: + repoContentsUrl: ${{ steps['publish'].output.repoContentsUrl }} + catalogInfoPath: 'catalog-info.yaml' + + output: + links: + - title: Repository + url: ${{ steps['publish'].output.remoteUrl }} + - title: Open in Catalog + icon: catalog + entityRef: ${{ steps['register'].output.entityRef }} + diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index bd65421..b46fbd4 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -114,6 +114,8 @@ data: host: gitea.{{{ .Env.DOMAIN }}} username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} + - baseUrl: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live + host: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live # github: # - host: github.com # apps: diff --git a/template/stacks/ref-implementation/external-secrets/manifests/role.yaml b/template/stacks/ref-implementation/external-secrets/manifests/role.yaml new file mode 100644 index 0000000..53be85c --- /dev/null +++ b/template/stacks/ref-implementation/external-secrets/manifests/role.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: openbao + name: external-secrets-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] \ No newline at end of file diff --git a/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml b/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml new file mode 100644 index 0000000..7baa725 --- /dev/null +++ b/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: external-secrets-rolebinding + namespace: openbao +subjects: + - kind: ServiceAccount + name: external-secrets + namespace: external-secrets +roleRef: + kind: Role + name: external-secrets-role + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml b/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml new file mode 100644 index 0000000..c3fa8e7 --- /dev/null +++ b/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml @@ -0,0 +1,20 @@ +# cluster-store.yaml +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore #Kubernetes resource type +metadata: + name: bao-backend #resource name + namespace: openbao +spec: + provider: + vault: #specifies vault as the provider + # server: "http://10.244.0.28:8200" # how to map it dynamically? + server: "http://openbao.openbao.svc.cluster.local:8200" + path: "data" #path for accessing the secrets + version: "v1" #Vault API version + auth: + tokenSecretRef: + name: "vault-token" #Use a secret called vault-token + key: "token" #THIS REFERENCES THE INITIAL TOKEN NOW SAVED AS A K8 SECRET + +# openbao-0.openbao.pod.cluster.local +# 10.96.59.250:8200 \ No newline at end of file diff --git a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml b/template/stacks/ref-implementation/fibonacci-app/ingress.yaml new file mode 100644 index 0000000..159c56f --- /dev/null +++ b/template/stacks/ref-implementation/fibonacci-app/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: fibonacci-service + namespace: fibonacci-app +spec: + ingressClassName: nginx + rules: + - host: {{{ .Env.DOMAIN }}} + http: + paths: + - backend: + service: + name: fibonacci-service + port: + number: 9090 + path: /fibonacci + pathType: Prefix \ No newline at end of file diff --git a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml b/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml new file mode 100644 index 0000000..a595e0f --- /dev/null +++ b/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress-localhost + namespace: keycloak + annotations: + argocd.argoproj.io/sync-wave: "100" +spec: + ingressClassName: "nginx" + rules: + - host: localhost + http: + paths: + - path: /keycloak + pathType: ImplementationSpecific + backend: + service: + name: keycloak + port: + name: http + - host: {{{ .Env.DOMAIN }}} + http: + paths: + - path: /keycloak + pathType: ImplementationSpecific + backend: + service: + name: keycloak + port: + name: http diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 7fecb1d..0ff72cf 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,6 +1,17 @@ server: - dev: - enabled: true - + postStart: + - sh + - -c + - | + sleep 10 + bao operator init >> /tmp/init.txt + cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} + echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt + echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt + echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt + echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt + echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt + echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt + rm /tmp/init.txt ui: - enabled: true \ No newline at end of file + enabled: true From 22d74c4626850cc25870140cfa9baf61d4769bb8 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Tue, 17 Dec 2024 20:16:55 +0100 Subject: [PATCH 22/24] merge step 2 --- .../argo-workflows/manifests/dev/ingress.yaml | 31 ------------------- 1 file changed, 31 deletions(-) delete mode 100644 template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml deleted file mode 100644 index 358bf6b..0000000 --- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: argo-workflows-ingress - namespace: argo - annotations: - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/rewrite-target: /$2 -spec: - ingressClassName: "nginx" - rules: - - host: localhost - http: - paths: - - path: /argo-workflows(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: argo-server - port: - name: web - - host: {{{ .Env.DOMAIN }}} - http: - paths: - - path: /argo-workflows(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: argo-server - port: - name: web From 9e8ae4cbbd9f8063b26d4b060ac3b24d33486793 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Tue, 17 Dec 2024 20:19:30 +0100 Subject: [PATCH 23/24] merge step 2 --- .../fibonacci-app/ingress.yaml | 18 ----------- .../keycloak/manifests/ingress.yaml | 30 ------------------- 2 files changed, 48 deletions(-) delete mode 100644 template/stacks/ref-implementation/fibonacci-app/ingress.yaml delete mode 100644 template/stacks/ref-implementation/keycloak/manifests/ingress.yaml diff --git a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml b/template/stacks/ref-implementation/fibonacci-app/ingress.yaml deleted file mode 100644 index 159c56f..0000000 --- a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: fibonacci-service - namespace: fibonacci-app -spec: - ingressClassName: nginx - rules: - - host: {{{ .Env.DOMAIN }}} - http: - paths: - - backend: - service: - name: fibonacci-service - port: - number: 9090 - path: /fibonacci - pathType: Prefix \ No newline at end of file diff --git a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml b/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml deleted file mode 100644 index a595e0f..0000000 --- a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: keycloak-ingress-localhost - namespace: keycloak - annotations: - argocd.argoproj.io/sync-wave: "100" -spec: - ingressClassName: "nginx" - rules: - - host: localhost - http: - paths: - - path: /keycloak - pathType: ImplementationSpecific - backend: - service: - name: keycloak - port: - name: http - - host: {{{ .Env.DOMAIN }}} - http: - paths: - - path: /keycloak - pathType: ImplementationSpecific - backend: - service: - name: keycloak - port: - name: http From e85b2a14d529391a54aa6eb43c22876475ee7953 Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Tue, 17 Dec 2024 20:47:40 +0100 Subject: [PATCH 24/24] Fixed double minio ingress --- template/stacks/local-backup/minio/helm/values.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/template/stacks/local-backup/minio/helm/values.yaml b/template/stacks/local-backup/minio/helm/values.yaml index a5c9aed..eff14f0 100644 --- a/template/stacks/local-backup/minio/helm/values.yaml +++ b/template/stacks/local-backup/minio/helm/values.yaml @@ -14,10 +14,4 @@ persistence: buckets: - name: edfbuilder-backups -consoleIngress: - enabled: true - ingressClassName: nginx - hosts: - - minio-backup.{{{ .Env.DOMAIN }}} - existingSecret: root-creds