Skip to content

Commit

Permalink
add mce clc-state-metrics
Browse files Browse the repository at this point in the history
  • Loading branch information
tony-schndr committed Dec 23, 2024
1 parent 8c6eacd commit e889b04
Show file tree
Hide file tree
Showing 17 changed files with 335 additions and 0 deletions.
7 changes: 7 additions & 0 deletions acm/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ REGISTRY ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io
MCE_OPERATOR_BUNDLE_FILE = mce-operator-bundle.tgz
HELM_BASE_DIR = deploy/helm
MCE_CHART_DIR = ${HELM_BASE_DIR}/multicluster-engine
CLC_CHART_DIR = ${HELM_BASE_DIR}/clc-state-metrics
MCE_CONFIG_DIR = ${HELM_BASE_DIR}/multicluster-engine-config
MCE_NS = multicluster-engine
POLICY_HELM_REPO = https://github.com/stolostron/mce-install-kube.git
Expand All @@ -24,6 +25,12 @@ deploy:
mce-config ${MCE_CONFIG_DIR} \
--namespace ${MCE_NS} \
--set global.registryOverride=${REGISTRY}
helm upgrade --install \
clc-state-metrics ${CLC_CHART_DIR} \
--namespace ${MCE_NS} \
--set global.imageOverrides.clusterlifecycle_state_metrics=${REGISTRY}/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:${CLC_STATE_METRICS_IMAGE_DIGEST} \
--set global.namespace=${MCE_NS}


helm-chart:
@podman pull --arch amd64 ${MCE_OPERATOR_BUNDLE_IMAGE}
Expand Down
1 change: 1 addition & 0 deletions acm/config.tmpl.mk
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
ARO_HCP_IMAGE_ACR ?= {{ .svcAcrName }}
CLC_STATE_METRICS_IMAGE_DIGEST ?= {{ .mce.clcStateMetrics.imageDigest }}
7 changes: 7 additions & 0 deletions acm/deploy/helm/clc-state-metrics/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Original source https://github.com/stolostron/mce-install-kube/tree/main/clc-state-metrics
# TODO: Remove this chart and enable via MCE once MCE 2.8.0 is released (Feb 2025)
apiVersion: v2
name: clusterlifecycle-state-metrics
description: A Helm chart for clusterlifecycle-state-metrics
version: 2.7.0
appVersion: 2.7.0
12 changes: 12 additions & 0 deletions acm/deploy/helm/clc-state-metrics/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{- define "installNamespace" }}
{{- if .Values.global.namespace }}
{{- printf "%s" .Values.global.namespace }}
{{- else }}
{{- printf "multicluster-engine" }}
{{- end }}
{{- end }}

{{- define "commonCN" }}
{{- printf "clusterlifecycle-state-metrics-v2.%s.svc" .Values.global.namespace }}
{{- end }}

17 changes: 17 additions & 0 deletions acm/deploy/helm/clc-state-metrics/templates/cert-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: clusterlifecycle-state-metrics-certs
namespace: {{ .Values.global.namespace }}
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "0"
type: kubernetes.io/tls
{{- if .Release.IsUpgrade }}
data: {{ (lookup "v1" "Secret" (include "installNamespace" .) "clusterlifecycle-state-metrics-certs").data }}
{{ else }}
{{ $ca := genCA (include "commonCN" .) 365 -}}
data:
tls.crt: {{ $ca.Cert | b64enc }}
tls.key: {{ $ca.Key | b64enc }}
{{- end }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: azmonitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: clusterlifecycle-state-metrics-v2
namespace: {{ .Values.global.namespace }}
labels:
clc-app: clusterlifecycle-state-metrics-v2
spec:
selector:
matchLabels:
clc-app: clusterlifecycle-state-metrics-v2
namespaceSelector:
matchNames:
- {{ .Values.global.namespace }}
endpoints:
- port: https
scheme: https
tlsConfig:
insecureSkipVerify: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Copyright Contributors to the Open Cluster Management project

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2
rules:
# Allow hub to manage configmap for leader selection
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- get
- delete
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
# Allow hub to monitor and update status of csr
- apiGroups: ["hive.openshift.io"]
resources: ["clusterdeployments"]
verbs: ["get"]
- apiGroups: ["internal.open-cluster-management.io"]
resources: ["managedclusterinfos"]
verbs: ["get","list","watch"]
- apiGroups: ["cluster.open-cluster-management.io"]
resources: ["managedclusters"]
verbs: ["get","list","watch"]
# Allow to query the CVO on the Hub Cluster to get the ClusterId
- apiGroups: ["config.openshift.io"]
resources: ["clusterversions"]
verbs: ["get"]
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
- apiGroups: [""]
resources: ["pods","services","endpoints"]
verbs: ["get","list","watch"]
- apiGroups: ["authorization.k8s.io"]
resources: ["subjectaccessreviews"]
verbs: ["create"]
# Allow hub to monitor add-ons & manifestworks
- apiGroups: ["addon.open-cluster-management.io"]
resources: ["managedclusteraddons"]
verbs: ["get","list","watch"]
- apiGroups: ["work.open-cluster-management.io"]
resources: ["manifestworks"]
verbs: ["get","list","watch"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Copyright Contributors to the Open Cluster Management project

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.org }}:cluster-lifecycle:clusterlifecycle-state-metrics-v2
subjects:
- kind: ServiceAccount
name: clusterlifecycle-state-metrics-v2
namespace: {{ .Values.global.namespace }}
128 changes: 128 additions & 0 deletions acm/deploy/helm/clc-state-metrics/templates/metrics-deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
# Copyright Contributors to the Open Cluster Management project

kind: Deployment
apiVersion: apps/v1
metadata:
name: clusterlifecycle-state-metrics-v2
namespace: {{ .Values.global.namespace }}
spec:
replicas: 2
selector:
matchLabels:
app: clusterlifecycle-state-metrics-v2
template:
metadata:
labels:
app: clusterlifecycle-state-metrics-v2
ocm-antiaffinity-selector: "clusterlifecycle-state-metrics-v2"
spec:
{{- if .Values.global.pullSecret }}
imagePullSecrets:
- name: {{ .Values.global.pullSecret }}
{{- end }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: ocm-antiaffinity-selector
operator: In
values:
- clusterlifecycle-state-metrics-v2
topologyKey: topology.kubernetes.io/zone
weight: 70
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: ocm-antiaffinity-selector
operator: In
values:
- clusterlifecycle-state-metrics-v2
topologyKey: kubernetes.io/hostname
weight: 35
serviceAccountName: clusterlifecycle-state-metrics-v2
containers:
- name: clusterlifecycle-state-metrics
image: "{{ .Values.global.imageOverrides.clusterlifecycle_state_metrics }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
resources:
requests:
memory: "32Mi"
cpu: "25m"
limits:
memory: "2Gi"
cpu: "500m"
args:
- "--http-port=8080"
- "--http-telemetry-port=8081"
- "--https-port=8443"
- "--https-telemetry-port=8444"
- "--tls-crt-file=/var/run/clusterlifecycle-state-metrics/tls.crt"
- "--tls-key-file=/var/run/clusterlifecycle-state-metrics/tls.key"
{{- if .Values.hubconfig.hubType }}
- "--hub-type={{ .Values.hubconfig.hubType }}"
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: GOMEMLIMIT
value: "1892MiB"
{{- if .Values.hubconfig.proxyConfigs }}
- name: HTTP_PROXY
value: {{ .Values.hubconfig.proxyConfigs.HTTP_PROXY }}
- name: HTTPS_PROXY
value: {{ .Values.hubconfig.proxyConfigs.HTTPS_PROXY }}
- name: NO_PROXY
value: {{ .Values.hubconfig.proxyConfigs.NO_PROXY }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 5
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 5
volumeMounts:
- mountPath: "/var/run/clusterlifecycle-state-metrics"
name: certs
readOnly: true
securityContext:
{{- if .Values.global.deployOnOCP }}
{{- if semverCompare ">=4.11.0" .Values.hubconfig.ocpVersion }}
seccompProfile:
type: RuntimeDefault
{{- end }}
{{- end }}
volumes:
- name: certs
secret:
secretName: clusterlifecycle-state-metrics-certs
{{- with .Values.hubconfig.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.hubconfig.tolerations }}
tolerations:
{{- range . }}
- {{ if .Key }} key: {{ .Key }} {{- end }}
{{ if .Operator }} operator: {{ .Operator }} {{- end }}
{{ if .Value }} value: {{ .Value }} {{- end }}
{{ if .Effect }} effect: {{ .Effect }} {{- end }}
{{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }}
{{- end }}
{{- end }}
20 changes: 20 additions & 0 deletions acm/deploy/helm/clc-state-metrics/templates/metrics-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Copyright Contributors to the Open Cluster Management project

apiVersion: v1
kind: Service
metadata:
name: clusterlifecycle-state-metrics-v2
namespace: {{ .Values.global.namespace }}
labels:
clc-app: clusterlifecycle-state-metrics-v2
annotations:
service.beta.openshift.io/serving-cert-secret-name: clusterlifecycle-state-metrics-certs
spec:
type: ClusterIP
ports:
- name: https
port: 8443
targetPort: 8443
protocol: TCP
selector:
app: clusterlifecycle-state-metrics-v2
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Copyright Contributors to the Open Cluster Management project

apiVersion: v1
kind: ServiceAccount
metadata:
name: clusterlifecycle-state-metrics-v2
namespace: {{ .Values.global.namespace }}
15 changes: 15 additions & 0 deletions acm/deploy/helm/clc-state-metrics/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
global:
imageOverrides:
clusterlifecycle_state_metrics: ""
templateOverrides: {}
pullSecret: ""
namespace: multicluster-engine
hubSize: Small
deployOnOCP: "false"
hubconfig:
nodeSelector: {}
proxyConfigs: {}
replicaCount: 1
tolerations: []
ocpVersion: "4.17.0"
org: open-cluster-management
13 changes: 13 additions & 0 deletions config/config.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,19 @@
"restrictIstioIngress"
]
},
"mce": {
"type": "object",
"properties": {
"clcStateMetrics": {
"type": "object",
"properties": {
"imageDigest": {
"type": "string"
}
}
}
}
},
"mgmt": {
"type": "object",
"properties": {
Expand Down
5 changes: 5 additions & 0 deletions config/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,11 @@ defaults:
private: false
softDelete: false

# MCE
mce:
clcStateMetrics:
imageDigest: bf5bb514e4d8af5e38317c3727d4cd9f90c22b293fe3e2367f9f0e179e0ee0c7

serviceKeyVault:
name: arohcp-svc-{{ .ctx.regionShort }}
rg: hcp-underlay-{{ .ctx.regionShort }}
Expand Down
5 changes: 5 additions & 0 deletions config/public-cloud-cs-pr.json
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,11 @@
"restrictIstioIngress": false,
"serverMqttClientName": "maestro-server-cspr-cs"
},
"mce": {
"clcStateMetrics": {
"imageDigest": "bf5bb514e4d8af5e38317c3727d4cd9f90c22b293fe3e2367f9f0e179e0ee0c7"
}
},
"mgmt": {
"clusterServiceResourceId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourcegroups/hcp-underlay-cspr-svc/providers/Microsoft.ManagedIdentity/userAssignedIdentities/clusters-service",
"etcd": {
Expand Down
5 changes: 5 additions & 0 deletions config/public-cloud-dev.json
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,11 @@
"restrictIstioIngress": true,
"serverMqttClientName": "maestro-server-dev-dev"
},
"mce": {
"clcStateMetrics": {
"imageDigest": "bf5bb514e4d8af5e38317c3727d4cd9f90c22b293fe3e2367f9f0e179e0ee0c7"
}
},
"mgmt": {
"clusterServiceResourceId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourcegroups/hcp-underlay-dev-svc/providers/Microsoft.ManagedIdentity/userAssignedIdentities/clusters-service",
"etcd": {
Expand Down
5 changes: 5 additions & 0 deletions config/public-cloud-personal-dev.json
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,11 @@
"restrictIstioIngress": true,
"serverMqttClientName": "maestro-server-usw3tst"
},
"mce": {
"clcStateMetrics": {
"imageDigest": "bf5bb514e4d8af5e38317c3727d4cd9f90c22b293fe3e2367f9f0e179e0ee0c7"
}
},
"mgmt": {
"clusterServiceResourceId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourcegroups/hcp-underlay-usw3tst-svc/providers/Microsoft.ManagedIdentity/userAssignedIdentities/clusters-service",
"etcd": {
Expand Down

0 comments on commit e889b04

Please sign in to comment.