Merge pull request #1 from duplocloud/aos-chart

Initial commit for aos chart

Author: srikarduplo

.github/workflows/release-charts.yml

@@ -0,0 +1,27 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$srikar"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

charts/aos/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: aos
+description: Custom Helm chart for OpenTelemetry stack resources
+type: application
+version: 0.1.0
+appVersion: "1.0.0" 

charts/aos/templates/cronjobs.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.observabilityCollector.enabled }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: otel-observability-collector
+  namespace: {{ .Values.global.tenantName }}
+spec:
+  schedule: {{ .Values.observabilityCollector.schedule | quote }}
+  concurrencyPolicy: Forbid
+  failedJobsHistoryLimit: 3
+  successfulJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: duplo-observability
+              image: "{{ .Values.observabilityCollector.image }}:{{ .Values.observabilityCollector.imageTag }}"
+              env:
+                - name: PROMETHEUS_URL
+                  value: "http://duplo-metrics-nginx:80/prometheus"
+                - name: LOKI_URL
+                  value: "https://logs.prod-apps.duplocloud.net"
+                - name: CLUSTER
+                  value: {{ .Values.global.tenantInfraName | quote }}
+                - name: NAMESPACE
+                  value: {{ .Values.global.tenantName | quote }}
+                - name: CUSTOMER
+                  value: {{ .Values.global.customerName | quote }}
+                - name: ENVIRONMENT
+                  value: {{ .Values.global.environment | quote }}
+                - name: DUPLO_URL
+                  value: {{ .Values.global.duploAuthUrl | quote }}
+                - name: GPG_PASSPHRASE
+                  valueFrom:
+                    secretKeyRef:
+                      name: gpg-passphrase
+                      key: gpg_passphrase
+                - name: JOB_VERSION
+                  value: {{ .Values.observabilityCollector.jobVersion | quote }}
+          restartPolicy: OnFailure
+{{- end }} 

charts/aos/templates/deployments.yaml

@@ -0,0 +1,138 @@
+{{- if .Values.grafanaUI.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana-ui
+  namespace: {{ .Values.global.tenantName }}
+spec:
+  replicas: {{ .Values.grafanaUI.replicas }}
+  selector:
+    matchLabels:
+      app: grafana-ui
+  template:
+    metadata:
+      labels:
+        app: grafana-ui
+      annotations:
+        k8s_grafana_com_scrape: "true"
+        k8s_grafana_com_job: "grafana-metrics"
+        k8s_grafana_com_metrics_path: "/metrics"
+        k8s_grafana_com_metrics_portNumber: "3000"
+    spec:
+      containers:
+        - name: grafana-ui
+          image: "{{ .Values.grafanaUI.image }}:{{ .Values.grafanaUI.imageTag }}"
+          ports:
+            - containerPort: 3000
+          env:
+            - name: GF_INSTALL_PLUGINS
+              value: {{ .Values.grafanaUI.plugins | quote }}
+            - name: GF_SERVER_ROOT_URL
+              value: "https://grafana-proxy-{{ .Values.global.tenantName }}.{{ .Values.global.dnsSuffix }}/"
+            - name: GF_SECURITY_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: grafanaui
+                  key: username
+            - name: GF_SECURITY_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafanaui
+                  key: password
+          resources:
+            {{- toYaml .Values.grafanaUI.resources | nindent 12 }}
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/grafana
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: grafana-ui-data
+---
+{{- end }}
+{{- if .Values.duploAutomation.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: duplo-automation
+  namespace: {{ .Values.global.tenantName }}
+spec:
+  replicas: {{ .Values.duploAutomation.replicas }}
+  selector:
+    matchLabels:
+      app: duplo-automation
+  template:
+    metadata:
+      labels:
+        app: duplo-automation
+    spec:
+      containers:
+        - name: duplo-automation
+          image: "{{ .Values.duploAutomation.image }}:{{ .Values.duploAutomation.imageTag }}"
+          ports:
+            - containerPort: 5000
+          env:
+            - name: GRR_GRAFANA_URL
+              value: "http://grafana-ui:3000"
+            - name: GRR_GRAFANA_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: grafanaui
+                  key: password
+            - name: GRR_GRAFANA_USER
+              valueFrom:
+                secretKeyRef:
+                  name: grafanaui
+                  key: username
+            - name: GRR_MIMIR_ADDRESS
+              value: "http://duplo-metrics-ruler:8080"
+            - name: GRR_MIMIR_TENANT_ID
+              value: "anonymous"
+            - name: GRR_TARGETS
+              value: "Datasource,DashboardFolder,LibraryElement,Dashboard,AlertRuleGroup,AlertNotificationPolicy,AlertContactPoint,PrometheusRuleGroup"
+            - name: GRR_OUTPUT_FORMAT
+              value: "yaml"
+            - name: GRR_ONLY_SPEC
+              value: "false"
+            - name: GRIZZLY_HTTP_TIMEOUT
+              value: "60"
+          volumeMounts:
+            - name: data
+              mountPath: /app/data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: duplo-automation-data
+---
+{{- end }}
+{{- if .Values.grafanaProxy.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana-proxy
+  namespace: {{ .Values.global.tenantName }}
+spec:
+  replicas: {{ .Values.grafanaProxy.replicas }}
+  selector:
+    matchLabels:
+      app: grafana-proxy
+  template:
+    metadata:
+      labels:
+        app: grafana-proxy
+    spec:
+      containers:
+        - name: grafana-proxy
+          image: "{{ .Values.grafanaProxy.image }}:{{ .Values.grafanaProxy.imageTag }}"
+          ports:
+            - containerPort: 80
+          env:
+            - name: DUPLO_AUTH_URL
+              value: {{ .Values.global.duploAuthUrl | quote }}
+            - name: BACKEND_URL
+              value: "http://grafana-ui:3000"
+            - name: CUSTOM_HEADER_ADD
+              value: "proxy_set_header X-WEBAUTH-USER duplocloud;"
+          resources:
+            {{- toYaml .Values.grafanaProxy.resources | nindent 12 }}
+{{- end }} 

charts/aos/templates/jobs.yaml

@@ -0,0 +1,86 @@
+{{- if .Values.integrationJob.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: integration-duplo
+  namespace: {{ .Values.global.tenantName }}
+spec:
+  backoffLimit: 0
+  template:
+    spec:
+      containers:
+        - name: init-duplo
+          image: "{{ .Values.integrationJob.image }}:{{ .Values.integrationJob.imageTag }}"
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "Waiting for $DUPLO_AUTOMATION_DEPLOYMENT_NAME to be ready..."
+              until curl --silent --fail --output /dev/null $DUPLO_AUTOMATION_ENDPOINT; do
+                echo "Waiting for $DUPLO_AUTOMATION_ENDPOINT to be ready..."
+                sleep 10
+              done
+              echo "Waiting for $GRAFANA_UI to be ready..."
+              until curl --silent --fail --output /dev/null $GRAFANA_UI; do
+                echo "Waiting for $GRAFANA_UI to be ready..."
+                sleep 10
+              done
+              echo "Waiting for $MIMIR_RULER to be ready..."
+              until curl --silent --fail --output /dev/null $MIMIR_RULER; do
+                echo "Waiting for $MIMIR_RULER to be ready..."
+                sleep 10
+              done
+              echo "Waiting for $MIMIR_ALERTMANAGER to be ready..."
+              until curl --silent --fail --output /dev/null $MIMIR_ALERTMANAGER; do
+                echo "Waiting for $MIMIR_ALERTMANAGER to be ready..."
+                sleep 10
+              done
+              echo "installing mimirtool"
+              ARCH=$(uname -m)
+              PLATFORM=$( [[ "$ARCH" == "x86_64" ]] && echo "linux-amd64" || ([[ "$ARCH" == "aarch64" ]] && echo "linux-arm64" || echo "linux-armv7"))
+              curl -fLo mimirtool "https://github.com/grafana/mimir/releases/latest/download/mimirtool-${PLATFORM}"
+              chmod +x mimirtool
+              apk add --no-cache git
+              git clone --depth=1 https://github.com/duplocloud/opentelemetry-release.git
+              sed -i 's/<<SlackChannelName>>/duplo-otel-alerting/g' opentelemetry-release/integrations/integration-duplo/duplo-default-config.yaml
+              sed -i "s/<<region>>/$REGION/g" opentelemetry-release/integrations/integration-duplo/datasource-duplo-aws.yaml
+              sed -i 's|<<SlackWebhook>>|https://hooks.slack.com/services/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|g' opentelemetry-release/integrations/integration-duplo/duplo-default-config.yaml
+              sed -i 's|<<GrafanaURL>>|grafana-proxy-{{ .Values.global.tenantName }}.{{ .Values.global.dnsSuffix }}|g' opentelemetry-release/integrations/integration-duplo/duplo_templates.tpl
+              sed -i "s|<<DuploPortalName>>|$DUPLO_PORTAL_NAME|g" opentelemetry-release/integrations/integration-duplo/duplo_templates.tpl
+              cp opentelemetry-release/integrations/integration-duplo/datasource-duplo-aws.yaml opentelemetry-release/integrations/integration-duplo/provisioning/datasource-duplo-aws.yaml
+              ./mimirtool alertmanager load opentelemetry-release/integrations/integration-duplo/duplo-default-config.yaml opentelemetry-release/integrations/integration-duplo/duplo_templates.tpl
+              echo "Triggering Duplo automation integration..."
+              INTEGRATIONS="apm linuxnode kubernetes slo aws-cloudwatch mimir loki tempo"
+              for i in $INTEGRATIONS; do
+                echo "Enabling $i"
+                curl --fail --silent --show-error --location "$DUPLO_AUTOMATION_ENDPOINT/enable-integration" \
+                  --header 'Content-Type:application/json' \
+                  --data-raw "{\"integration_name\":\"$i\",\"context_name\":\"duplo-otel\"}" || { echo "❌ Failed to enable $i"; exit 1; }
+              done
+              echo "Enabling duplo"
+              curl --fail --silent --show-error --location "$DUPLO_AUTOMATION_ENDPOINT/enable-integration" \
+                --header 'Content-Type:application/json' \
+                --data '{"integration_name":"duplo","context_name":"duplo-otel"}' || { echo "❌ Failed to enable duplo"; exit 1; }
+              echo "✅ Duplo default provisioning completed successfully."
+          env:
+            - name: DUPLO_AUTOMATION_DEPLOYMENT_NAME
+              value: "duplo-automation"
+            - name: DUPLO_AUTOMATION_ENDPOINT
+              value: "http://duplo-automation:5000"
+            - name: GRAFANA_UI
+              value: "http://grafana-ui:3000"
+            - name: MIMIR_RULER
+              value: "http://duplo-metrics-ruler:8080"
+            - name: MIMIR_ADDRESS
+              value: "http://duplo-metrics-nginx"
+            - name: MIMIR_ALERTMANAGER
+              value: "http://duplo-metrics-alertmanager:8080"
+            - name: DUPLO_PORTAL_NAME
+              value: "{{ .Values.global.customerName }}-{{ .Values.global.environment }}"
+            - name: MIMIR_TENANT_ID
+              value: "anonymous"
+            - name: REGION
+              value: {{ .Values.global.awsRegion | quote }}
+      serviceAccountName: {{ .Values.global.tenantName }}-edit-user
+      restartPolicy: Never
+{{- end }} 

charts/aos/templates/pvc.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.grafanaUI.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana-ui-data
+  namespace: {{ .Values.global.tenantName }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.grafanaUI.volume.size }}
+---
+{{- end }}
+{{- if .Values.duploAutomation.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: duplo-automation-data
+  namespace: {{ .Values.global.tenantName }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.duploAutomation.volume.size }}
+{{- end }} 

charts/aos/templates/secrets.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.secrets.grafanaUI }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafanaui
+  namespace: {{ .Values.global.tenantName }}
+type: kubernetes.io/basic-auth
+data:
+  username: {{ .Values.secrets.grafanaUI.username | b64enc }}
+  password: {{ .Values.secrets.grafanaUI.password | b64enc }}
+---
+{{- end }}
+{{- if .Values.secrets.gpgPassphrase }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gpg-passphrase
+  namespace: {{ .Values.global.tenantName }}
+type: Opaque
+data:
+  gpg_passphrase: {{ .Values.secrets.gpgPassphrase | b64enc }}
+{{- end }}