Merge pull request #578 from vshn/fix/vshnservices-aletrs-exoscale-cl…

…usters

Fix/vshnservices aletrs exoscale clusters

Makefile.vars.mk

@@ -46,7 +46,7 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= defaults
-test_instances = tests/defaults.yml tests/vshn-cloud.yml tests/vshn-managed.yml tests/control-plane.yml tests/service-cluster.yml tests/dev.yml
+test_instances = tests/defaults.yml tests/vshn-cloud.yml tests/vshn-managed.yml tests/control-plane.yml tests/service-cluster.yml tests/dev.yml tests/exodev.yaml
 
 YAMLLINT_ARGS   ?= --no-warnings
 YAMLLINT_CONFIG ?= .yamllint.yml

component/config/vars.jsonnet

@@ -15,6 +15,7 @@ local isServiceCluster = !cms.controlPlaneCluster && cms.serviceCluster;
   isCMSValid: cms.controlPlaneCluster || cms.serviceCluster,
   isSingleOrControlPlaneCluster: isSingleCluster || isControlPlane,
   isSingleOrServiceCluster: isSingleCluster || isServiceCluster,
+  isExoscale: inv.parameters.facts.cloud == 'exoscale',
   assert (cms.controlPlaneKubeconfig == '' && isSingleCluster) || !isSingleCluster : 'clusterManagementSystem.controlPlaneKubeconfig should be empty for converged clusters',
   assert (cms.controlPlaneKubeconfig != '' && isServiceCluster) || (isSingleCluster || isControlPlane) : 'clusterManagementSystem.controlPlaneKubeconfig should not be empty for service clusters',
 }

component/vshn_appcat_services.jsonnet

@@ -192,7 +192,7 @@ local vshn_appcat_service(name, serviceParams) =
      [if isOpenshift && std.objectHas(serviceParams, 'openshiftTemplate') then '21_openshift_template_%s_vshn' % name]: osTemplate,
 
    } else {})
-  + if vars.isSingleOrServiceCluster then {
+  + if vars.isSingleOrServiceCluster && !vars.isExoscale then {
     ['22_prom_rule_sla_%s' % name]: promRuleSLA,
     [if params.services.vshn.enabled && serviceParams.enabled then 'sli_exporter/70_slo_vshn_%s' % name]: slos.Get('vshn-' + name),
     [if params.services.vshn.enabled && serviceParams.enabled then 'sli_exporter/80_slo_vshn_%s_ha' % name]: slos.Get('vshn-' + name + '-ha'),

component/vshn_postgres.jsonnet

@@ -315,7 +315,7 @@ local plansCM = kube.ConfigMap('vshnpostgresqlplans') + {
      [if isOpenshift then '11_stackgres_openshift_operator']: std.prune(stackgresOperator),
      [if isOpenshift then '12_stackgres_openshift_operator_netpol']: stackgresNetworkPolicy,
    } else {})
-+ if vars.isSingleOrServiceCluster then {
++ if vars.isSingleOrServiceCluster && !vars.isExoscale then {
   '22_prom_rule_sla_postgres': promRulePostgresSLA,
   [if params.slos.enabled && params.services.vshn.enabled && params.services.vshn.postgres.enabled then 'sli_exporter/70_slo_vshn_postgresql']: slos.Get('vshn-postgresql'),
   [if params.slos.enabled && params.services.vshn.enabled && params.services.vshn.postgres.enabled then 'sli_exporter/80_slo_vshn_postgresql_ha']: slos.Get('vshn-postgresql-ha'),

component/vshn_redis.jsonnet

@@ -572,7 +572,7 @@ local plansCM = kube.ConfigMap('vshnredisplans') + {
    '21_composition_vshn_redis': composition,
    [if isOpenshift then '21_openshift_template_redis_vshn']: osTemplate,
  } else {})
-+ if vars.isSingleOrServiceCluster then {
++ if vars.isSingleOrServiceCluster && !vars.isExoscale then {
   '22_prom_rule_sla_redis': promRuleRedisSLA,
   [if params.services.vshn.enabled && params.services.vshn.redis.enabled then 'sli_exporter/70_slo_vshn_redis']: slos.Get('vshn-redis'),
   [if params.services.vshn.enabled && params.services.vshn.redis.enabled then 'sli_exporter/80_slo_vshn_redis_ha']: slos.Get('vshn-redis-ha'),

tests/exodev.yml

@@ -0,0 +1,102 @@
+parameters:
+  kapitan:
+    dependencies:
+      - type: https
+        source: https://raw.githubusercontent.com/projectsyn/component-crossplane/v2.3.0/lib/crossplane.libsonnet
+        output_path: vendor/lib/crossplane.libsonnet
+      - type: https
+        source: https://raw.githubusercontent.com/appuio/component-openshift4-operators/v1.4.0/lib/openshift4-operators.libsonnet
+        output_path: vendor/lib/openshift4-operators.libsonnet
+
+  facts:
+    cloud: exoscale #important, do not change, to test cloudscale use dev.yaml instead
+    sales_order: "10431"
+    appcat_dev: true
+    service_level: "zero"
+    #service_level: "guaranteed_availability"
+
+  global:
+    appuio_metered_billing_zone_label_map:
+      c-green-test-1234: 'Kind - Local Test 0'
+
+  crossplane:
+    namespace: syn-crossplane
+
+  appcat:
+    grpcEndpoint: host.docker.internal:9443
+    proxyFunction: false
+
+    quotasEnabled: false
+    appuioManaged: false
+    billing:
+      salesOrder: ST10120
+      vshn:
+        enableCronjobs: false
+        meteringRules: false
+      enableMockOrgInfo: true
+      instanceUOM: uom_uom_45_1e112771
+      network_policies:
+        target_namespaces:
+          vshn-appuio-mimir: false
+      prometheus:
+        url: http://prometheus-operated.prometheus-system:9090/prometheus
+      cloudZone: ${global:appuio_metered_billing_zone_label_map:${cluster:name}}
+
+    slos:
+      enabled: false
+      alertsEnabled: false
+      sli_exporter:
+        enableMaintenceObserver: false
+      sla_reporter:
+        enabled: true
+        slo_mimir_svc: kube-prometheus-kube-prome-prometheus
+        slo_mimir_namespace: prometheus-system
+    controller:
+      enabled: true
+      postgres:
+        enabled: false
+    providers:
+      exoscale:
+        enabled: true
+      cloudscale:
+        enabled: false
+      kubernetes:
+        enabled: true
+      helm:
+        enabled: true
+      minio:
+        enabled: false
+
+    apiserver:
+      enabled: true
+
+    services:
+      emailAlerting:
+        enabled: false
+      vshn:
+        enabled: false
+        mariadb:
+          enabled: false
+        keycloak:
+          enabled: false
+        nextcloud:
+          enabled: false
+        postgres:
+          enabled: false
+        redis:
+          enabled: false
+        minio:
+          enabled: false
+
+      generic:
+        objectstorage:
+          enabled: true
+
+          defaultComposition: exoscale
+          compositions:
+            exoscale:
+              enabled: true
+            cloudscale:
+              enabled: false
+            minio:
+              enabled: false

tests/golden/exodev/appcat/appcat/10_appcat_backup_monitoring.yaml

@@ -0,0 +1,23 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: appcat-backup
+  namespace: syn-appcat
+spec:
+  groups:
+    - name: appcat-backup
+      rules:
+        - alert: AppCatBackupJobError
+          annotations:
+            description: The backup job {{ $labels.job_name }} in namespace {{ $labels.namespace
+              }} has failed.
+            runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/AppCatBackupJobError.html
+            summary: AppCat service backup failed.
+          expr: kube_job_failed{job_name=~".*backup.*", namespace=~"vshn-()-.*"} >
+            0
+          for: 1m
+          labels:
+            severity: warning
+            syn: 'true'
+            syn_component: appcat
+            syn_team: schedar

tests/golden/exodev/appcat/appcat/10_appcat_ha_monitoring.yaml

@@ -0,0 +1,34 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: appcat-ha
+  namespace: syn-appcat
+spec:
+  groups:
+    - name: appcat-ha
+      rules:
+        - alert: AppCatHighAvailableDeploymentWarning
+          annotations:
+            description: The deployment {{ $labels.deployment }} in namespace {{ $labels.namespace
+              }} has less replicas than expected.
+            runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/vshn/AppCatHighAvailableDeploymentWarning.html
+            summary: AppCat service instance has unavailable pods.
+          expr: kube_deployment_status_replicas{namespace=~"vshn-()-.*"} > 1 AND kube_deployment_status_replicas{namespace=~"vshn-()-.*"}
+            - kube_deployment_status_replicas_ready{namespace=~"vshn-()-.*"} > 0
+          for: 1m
+          labels:
+            severity: warning
+            syn_team: schedar
+        - alert: AppCatHighAvailableStatefulsetWarning
+          annotations:
+            description: The statefulset {{ $labels.statefulset }} in namespace {{
+              $labels.namespace }} has less replicas than expected.
+            runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/vshn/AppCatHighAvailableStatefulsetWarning.html
+            summary: AppCat service instance has unavailable pods.
+          expr: kube_statefulset_status_replicas{namespace=~"vshn-()-.*"} > 1 AND
+            kube_statefulset_status_replicas{namespace=~"vshn-()-.*"} - kube_statefulset_status_replicas_ready{namespace=~"vshn-()-.*"}
+            > 0
+          for: 1m
+          labels:
+            severity: warning
+            syn_team: schedar

tests/golden/exodev/appcat/appcat/10_appcat_namespace.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: '-100'
+    openshift.io/node-selector: node-role.kubernetes.io/infra=
+    resourcequota.appuio.io/organization-objects.jobs: '300'
+  labels:
+    name: syn-appcat
+    openshift.io/cluster-monitoring: 'true'
+  name: syn-appcat

tests/golden/exodev/appcat/appcat/10_clusterrole_services_read.yaml

@@ -0,0 +1,45 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: '-100'
+  labels:
+    name: appcat-services-read
+  name: appcat:services:read
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - pods
+      - pods/log
+      - pods/status
+      - events
+      - services
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - pods/portforward
+    verbs:
+      - get
+      - list
+      - create
+  - apiGroups:
+      - ''
+      - project.openshift.io
+    resources:
+      - projects
+    verbs:
+      - get

tests/golden/exodev/appcat/appcat/10_clusterrole_view.yaml

@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: '-100'
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: 'true'
+    rbac.authorization.k8s.io/aggregate-to-edit: 'true'
+    rbac.authorization.k8s.io/aggregate-to-view: 'true'
+  name: appcat:browse
+rules:
+  - apiGroups:
+      - apiextensions.crossplane.io
+    resources:
+      - compositions
+      - compositionrevisions
+      - compositeresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch

tests/golden/exodev/appcat/appcat/10_function_appcat.yaml

@@ -0,0 +1,11 @@
+apiVersion: pkg.crossplane.io/v1beta1
+kind: Function
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: '-40'
+  name: function-appcat
+spec:
+  package: ghcr.io/vshn/appcat:v4.118.2-func
+  runtimeConfigRef:
+    name: function-appcat

tests/golden/exodev/appcat/appcat/10_function_patch_and_transform.yaml

@@ -0,0 +1,11 @@
+apiVersion: pkg.crossplane.io/v1beta1
+kind: Function
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: '-40'
+  name: function-patch-and-transform
+spec:
+  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  runtimeConfigRef:
+    name: function-patch-and-transform

tests/golden/exodev/appcat/appcat/10_mock_org_info.yaml

@@ -0,0 +1,22 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  annotations: {}
+  labels:
+    name: mock-org-info
+  name: mock-org-info
+  namespace: syn-appcat
+spec:
+  groups:
+    - name: mock-org-info
+      rules:
+        - expr: '1'
+          labels:
+            organization: awesomekorp
+            sales_order: ST10120
+          record: appuio_control_organization_info
+        - expr: '1'
+          labels:
+            organization: notvshn
+            sales_order: invalid
+          record: appuio_control_organization_info

tests/golden/exodev/appcat/appcat/10_namespace_vshn_control.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: '-100'
+  labels:
+    name: syn-appcat-control
+  name: syn-appcat-control