Add etcd configuration

tegridy-io · Mar 9, 2024 · 12bf809 · 12bf809
2 parents accf38c + bd62506
commit 12bf809
Show file tree

Hide file tree

Showing 29 changed files with 399 additions and 23 deletions.
diff --git a/package/sink.yml b/package/sink.yml
@@ -1,16 +1,74 @@
 applications:
-  - sentry-operators
+  - grafana-operator
+  - etcd as insight-etcd
 
 parameters:
   components:
-    sentry-operators:
-      url: https://github.com/tegridy-io/component-sentry-operators.git
+    grafana-operator:
+      url: https://github.com/tegridy-io/component-grafana-operator.git
       version: master
+    etcd:
+      url: https://github.com/projectsyn/component-etcd.git
+      version: v0.1.0
 
-  sentry_operators:
+  # --- Grafana Operator -------------------------------------------------------
+
+  grafana_operator:
     namespace:
-      name: efk-operator-sentry
+      name: efk-operator-grafana
 
     operator:
       grafana:
         enabled: true
+
+  # --- Etcd -------------------------------------------------------------------
+
+  insight_etcd:
+    namespace: efk-insight-etcd
+    secrets:
+      etcd-root-auth:
+        stringData:
+          password: '?{vaultkv:${cluster:tenant}/${cluster:name}/insight/etcd/rootPassword}'
+      etcd-token-private-key:
+        stringData:
+          jwt-token.pem: '?{vaultkv:${cluster:tenant}/${cluster:name}/insight/etcd/tokenPrivkey}'
+
+    helm_values:
+      fullnameOverride: etcd
+      # podSecurityContext:
+      #   fsGroup: null
+      # containerSecurityContext:
+      #   runAsUser: null
+      autoCompactionMode: periodic
+      autoCompactionRetention: 12h
+
+      replicaCount: 3
+
+      resources:
+        requests:
+          cpu: 100m
+          memory: 400Mi
+        limits:
+          memory: 800Mi
+
+      auth:
+        rbac:
+          allowNoneAuthentication: false
+          existingSecret: etcd-root-auth
+        client:
+          secureTransport: true
+          useAutoTLS: true
+          # existingSecret: etcd-client-auth
+          existingSecret: ''
+        peer:
+          secureTransport: true
+          useAutoTLS: true
+          # existingSecret: etcd-peer-auth
+          existingSecret: ''
+        token:
+          privateKey:
+            existingSecret: etcd-token-private-key
+
+      persistence:
+        storageClass: ceph-block
+        size: 2Gi
diff --git a/package/sprout.yml b/package/sprout.yml
@@ -1,15 +1,15 @@
 applications:
-  - sentry-operators
+  - grafana-operator
 
 parameters:
   components:
-    sentry-operators:
-      url: https://github.com/tegridy-io/component-sentry-operators.git
+    grafana-operator:
+      url: https://github.com/tegridy-io/component-grafana-operator.git
       version: master
 
-  sentry_operators:
+  grafana_operator:
     namespace:
-      name: efk-operator-sentry
+      name: efk-operator-grafana
 
     operator:
       agent:

diff --git a/tests/defaults.yml b/tests/defaults.yml
@@ -1,18 +1,65 @@
 applications:
-  - sentry-operators
+  - grafana-operator
+  - etcd as insight-etcd
 
 parameters:
   components:
-    sentry-operators:
-      url: https://github.com/tegridy-io/component-sentry-operators.git
+    grafana-operator:
+      url: https://github.com/tegridy-io/component-grafana-operator.git
+      version: master
+    etcd:
+      url: https://github.com/projectsyn/component-etcd.git
       version: master
 
-  sentry_operators:
+  grafana_operator:
     namespace:
-      name: efk-operator-sentry
+      name: efk-operator-grafana
 
     operator:
       grafana:
         enabled: true
       agent:
         enabled: true
+
+  # --- Etcd -------------------------------------------------------------------
+
+  insight_etcd:
+    namespace: efk-insight-etcd
+    secrets:
+      etcd-root-auth:
+        stringData:
+          password: '?{vaultkv:${cluster:tenant}/${cluster:name}/insight/etcd/rootPassword}'
+      etcd-token-private-key:
+        stringData:
+          jwt-token.pem: '?{vaultkv:${cluster:tenant}/${cluster:name}/insight/etcd/tokenPrivkey}'
+
+    helm_values:
+      fullnameOverride: etcd
+      # podSecurityContext:
+      #   fsGroup: null
+      # containerSecurityContext:
+      #   runAsUser: null
+      autoCompactionMode: periodic
+      autoCompactionRetention: 12h
+
+      replicaCount: 3
+
+      auth:
+        rbac:
+          allowNoneAuthentication: false
+          existingSecret: etcd-root-auth
+        client:
+          secureTransport: true
+          useAutoTLS: true
+          existingSecret: ''
+        peer:
+          secureTransport: true
+          useAutoTLS: true
+          existingSecret: ''
+        token:
+          privateKey:
+            existingSecret: etcd-token-private-key
+
+      persistence:
+        storageClass: ceph-block
+        size: 2Gi
diff --git a/...ntry-operators/apps/sentry-operators.yaml → ...afana-operator/apps/grafana-operator.yaml b/...ntry-operators/apps/sentry-operators.yaml → ...afana-operator/apps/grafana-operator.yaml
diff --git a/...rators/sentry-operators/00_namespace.yaml → ...erator/grafana-operator/00_namespace.yaml b/...rators/sentry-operators/00_namespace.yaml → ...erator/grafana-operator/00_namespace.yaml
@@ -3,9 +3,9 @@ kind: Namespace
 metadata:
   labels:
     app.kubernetes.io/managed-by: commodore
-    app.kubernetes.io/name: efk-operator-sentry
+    app.kubernetes.io/name: efk-operator-grafana
     app.kubernetes.io/part-of: insights
     pod-security.kubernetes.io/audit: restricted
     pod-security.kubernetes.io/enforce: baseline
     pod-security.kubernetes.io/warn: restricted
-  name: efk-operator-sentry
+  name: efk-operator-grafana
diff --git a/...monitoring.grafana.com_grafanaagents.yaml → ...monitoring.grafana.com_grafanaagents.yaml b/...monitoring.grafana.com_grafanaagents.yaml → ...monitoring.grafana.com_grafanaagents.yaml
diff --git a/.../monitoring.grafana.com_integrations.yaml → .../monitoring.grafana.com_integrations.yaml b/.../monitoring.grafana.com_integrations.yaml → .../monitoring.grafana.com_integrations.yaml
diff --git a/...monitoring.grafana.com_logsinstances.yaml → ...monitoring.grafana.com_logsinstances.yaml b/...monitoring.grafana.com_logsinstances.yaml → ...monitoring.grafana.com_logsinstances.yaml
diff --git a/...itoring.grafana.com_metricsinstances.yaml → ...itoring.grafana.com_metricsinstances.yaml b/...itoring.grafana.com_metricsinstances.yaml → ...itoring.grafana.com_metricsinstances.yaml
diff --git a/.../crds/monitoring.grafana.com_podlogs.yaml → .../crds/monitoring.grafana.com_podlogs.yaml b/.../crds/monitoring.grafana.com_podlogs.yaml → .../crds/monitoring.grafana.com_podlogs.yaml
diff --git a/...rator/templates/operator-clusterrole.yaml → ...rator/templates/operator-clusterrole.yaml b/...rator/templates/operator-clusterrole.yaml → ...rator/templates/operator-clusterrole.yaml
diff --git a/...emplates/operator-clusterrolebinding.yaml → ...emplates/operator-clusterrolebinding.yaml b/...emplates/operator-clusterrolebinding.yaml → ...emplates/operator-clusterrolebinding.yaml
@@ -16,4 +16,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: agent-operator
-    namespace: efk-operator-sentry
+    namespace: efk-operator-grafana
diff --git a/...erator/templates/operator-deployment.yaml → ...erator/templates/operator-deployment.yaml b/...erator/templates/operator-deployment.yaml → ...erator/templates/operator-deployment.yaml
diff --git a/...or/templates/operator-serviceaccount.yaml → ...or/templates/operator-serviceaccount.yaml b/...or/templates/operator-serviceaccount.yaml → ...or/templates/operator-serviceaccount.yaml
@@ -9,4 +9,4 @@ metadata:
     app.kubernetes.io/version: 0.40.1
     helm.sh/chart: grafana-agent-operator-0.3.17
   name: agent-operator
-  namespace: efk-operator-sentry
+  namespace: efk-operator-grafana
diff --git a/...na.integreatly.org_grafanadashboards.yaml → ...na.integreatly.org_grafanadashboards.yaml b/...na.integreatly.org_grafanadashboards.yaml → ...na.integreatly.org_grafanadashboards.yaml
diff --git a/...a.integreatly.org_grafanadatasources.yaml → ...a.integreatly.org_grafanadatasources.yaml b/...a.integreatly.org_grafanadatasources.yaml → ...a.integreatly.org_grafanadatasources.yaml
diff --git a/...afana.integreatly.org_grafanafolders.yaml → ...afana.integreatly.org_grafanafolders.yaml b/...afana.integreatly.org_grafanafolders.yaml → ...afana.integreatly.org_grafanafolders.yaml
diff --git a/...rds/grafana.integreatly.org_grafanas.yaml → ...rds/grafana.integreatly.org_grafanas.yaml b/...rds/grafana.integreatly.org_grafanas.yaml → ...rds/grafana.integreatly.org_grafanas.yaml
diff --git a/...rafana-operator/templates/deployment.yaml → ...rafana-operator/templates/deployment.yaml b/...rafana-operator/templates/deployment.yaml → ...rafana-operator/templates/deployment.yaml
@@ -8,7 +8,7 @@ metadata:
     app.kubernetes.io/version: v5.6.3
     helm.sh/chart: grafana-operator-0.1.3
   name: grafana-operator
-  namespace: efk-operator-sentry
+  namespace: efk-operator-grafana
 spec:
   replicas: 1
   selector:

diff --git a/...hart/grafana-operator/templates/rbac.yaml → ...hart/grafana-operator/templates/rbac.yaml b/...hart/grafana-operator/templates/rbac.yaml → ...hart/grafana-operator/templates/rbac.yaml
@@ -212,4 +212,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: grafana-operator
-    namespace: efk-operator-sentry
+    namespace: efk-operator-grafana
diff --git a/...t/grafana-operator/templates/service.yaml → ...t/grafana-operator/templates/service.yaml b/...t/grafana-operator/templates/service.yaml → ...t/grafana-operator/templates/service.yaml
@@ -8,7 +8,7 @@ metadata:
     app.kubernetes.io/version: v5.6.3
     helm.sh/chart: grafana-operator-0.1.3
   name: grafana-operator-metrics-service
-  namespace: efk-operator-sentry
+  namespace: efk-operator-grafana
 spec:
   ports:
     - name: metrics

diff --git a/...na-operator/templates/serviceaccount.yaml → ...na-operator/templates/serviceaccount.yaml b/...na-operator/templates/serviceaccount.yaml → ...na-operator/templates/serviceaccount.yaml
@@ -9,4 +9,4 @@ metadata:
     app.kubernetes.io/version: v5.6.3
     helm.sh/chart: grafana-operator-0.1.3
   name: grafana-operator
-  namespace: efk-operator-sentry
+  namespace: efk-operator-grafana
diff --git a/tests/golden/defaults/insight-etcd/apps/insight-etcd.yaml b/tests/golden/defaults/insight-etcd/apps/insight-etcd.yaml
diff --git a/tests/golden/defaults/insight-etcd/insight-etcd/00_namespace.yaml b/tests/golden/defaults/insight-etcd/insight-etcd/00_namespace.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations: {}
+  labels:
+    name: efk-insight-etcd
+  name: efk-insight-etcd
diff --git a/tests/golden/defaults/insight-etcd/insight-etcd/01_secrets.yaml b/tests/golden/defaults/insight-etcd/insight-etcd/01_secrets.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+data: {}
+kind: Secret
+metadata:
+  annotations: {}
+  labels:
+    name: etcd-root-auth
+  name: etcd-root-auth
+  namespace: efk-insight-etcd
+stringData:
+  password: ?{vaultkv:t-silent-test-1234/c-green-test-1234/insight/etcd/rootPassword:3ce3866a}
+type: Opaque
+---
+apiVersion: v1
+data: {}
+kind: Secret
+metadata:
+  annotations: {}
+  labels:
+    name: etcd-token-private-key
+  name: etcd-token-private-key
+  namespace: efk-insight-etcd
+stringData:
+  jwt-token.pem: ?{vaultkv:t-silent-test-1234/c-green-test-1234/insight/etcd/tokenPrivkey:1fadb16d}
+type: Opaque
diff --git a/tests/golden/defaults/insight-etcd/insight-etcd/10_chart/etcd/templates/pdb.yaml b/tests/golden/defaults/insight-etcd/insight-etcd/10_chart/etcd/templates/pdb.yaml
@@ -0,0 +1,17 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/instance: insight-etcd
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: etcd
+    helm.sh/chart: etcd-9.1.0
+  name: etcd
+  namespace: efk-insight-etcd
+spec:
+  minAvailable: 51%
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: etcd
+      app.kubernetes.io/instance: insight-etcd
+      app.kubernetes.io/name: etcd