Merge pull request #222 from vshn/feature/minio

Add composition minio

.cruft.json

@@ -1,13 +1,13 @@
 {
   "template": "https://github.com/projectsyn/commodore-component-template.git",
-  "commit": "1062a6134febddc4e4b5479b41afe4ab0f6face0",
+  "commit": "f3e9e403454f4f46a18608d0e4d2c2c96b593d3b",
   "checkout": "main",
   "context": {
     "cookiecutter": {
       "name": "AppCat",
       "slug": "appcat",
       "parameter_key": "appcat",
-      "test_cases": "defaults exoscale cloudscale openshift vshn apiserver controllers",
+      "test_cases": "defaults exoscale cloudscale openshift vshn apiserver controllers minio",
       "add_lib": "n",
       "add_pp": "n",
       "add_golden": "y",

.github/workflows/test.yaml

@@ -39,6 +39,7 @@ jobs:
           - vshn
           - apiserver
           - controllers
+          - minio
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -60,6 +61,7 @@ jobs:
           - vshn
           - apiserver
           - controllers
+          - minio
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}

Makefile.vars.mk

@@ -46,4 +46,4 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= defaults
-test_instances = tests/defaults.yml tests/exoscale.yml tests/cloudscale.yml tests/openshift.yml tests/vshn.yml tests/apiserver.yml tests/controllers.yml
+test_instances = tests/defaults.yml tests/exoscale.yml tests/cloudscale.yml tests/openshift.yml tests/vshn.yml tests/apiserver.yml tests/controllers.yml tests/minio.yml

class/appcat.yml

@@ -58,6 +58,7 @@ parameters:
           - ${_base_directory}/component/vshn_postgres.jsonnet
           - ${_base_directory}/component/vshn_postgres.jsonnet
           - ${_base_directory}/component/vshn_redis.jsonnet
+          - ${_base_directory}/component/vshn_minio.jsonnet
           - ${_base_directory}/component/vshn_services.jsonnet
           - ${_base_directory}/component/statefuleset-resize-controller.jsonnet
         input_type: jsonnet

class/defaults.yml

@@ -4,6 +4,9 @@ parameters:
       redis:
         source: https://charts.bitnami.com/bitnami
         version: 17.7.1
+      minio:
+        source: https://charts.min.io
+        version: 5.0.13
     images:
       provider-kubernetes:
         registry: xpkg.upbound.io
@@ -36,7 +39,7 @@ parameters:
       appcat:
         registry: ghcr.io
         repository: vshn/appcat
-        tag: v4.23.1
+        tag: v4.25.0
 
     =_crd_version: ${appcat:images:appcat:tag}
 
@@ -304,6 +307,21 @@ parameters:
                 cpu: "2"
                 memory: "8Gi"
                 disk: 16Gi
+        minio:
+          enabled: false
+          enableNetworkPolicy: true
+          secretNamespace: ${appcat:services:vshn:secretNamespace}
+          helmChartVersion: ${appcat:charts:minio:version}
+          grpcEndpoint: ${appcat:grpcEndpoint}
+          defaultPlan: standard-1
+          plans:
+            standard-1:
+              size:
+                enabled: true
+                cpu: "1"
+                memory: "1Gi"
+                disk: 50Gi
+
 
       # Config for exoscale composites
       exoscale:

component/common.libsonnet

@@ -42,20 +42,27 @@ local vshnMetaDBaaSExoscale(dbname) = {
   },
 };
 
-local vshnMetaVshn(dbname, flavor, offered, plans) = {
+local vshnMetaVshn(servicename, flavor, offered, plans) = {
   metadata+: {
     annotations+: {
-      'metadata.appcat.vshn.io/displayname': dbname + ' by VSHN',
-      'metadata.appcat.vshn.io/description': dbname + ' instances by VSHN',
-      'metadata.appcat.vshn.io/end-user-docs-url': 'https://vs.hn/vshn-' + std.asciiLower(dbname),
-      'metadata.appcat.vshn.io/zone': facts.region,
+      'metadata.appcat.vshn.io/displayname': servicename + ' by VSHN',
+      'metadata.appcat.vshn.io/description': servicename + ' instances by VSHN',
+      'metadata.appcat.vshn.io/end-user-docs-url': 'https://vs.hn/vshn-' + std.asciiLower(servicename),
       'metadata.appcat.vshn.io/flavor': flavor,
-      'metadata.appcat.vshn.io/product-description': 'https://products.docs.vshn.ch/products/appcat/' + std.asciiLower(dbname) + '.html',
       'metadata.appcat.vshn.io/plans': std.manifestJsonMinified(plans),
+      'metadata.appcat.vshn.io/product-description': 'https://products.docs.vshn.ch/products/appcat/' + std.asciiLower(servicename) + '.html',
     },
     labels+: {
       'metadata.appcat.vshn.io/offered': offered,
-      'metadata.appcat.vshn.io/serviceID': 'vshn-' + std.asciiLower(dbname),
+      'metadata.appcat.vshn.io/serviceID': 'vshn-' + std.asciiLower(servicename),
+    },
+  },
+};
+
+local vshnMetaVshnDBaas(dbname, flavor, offered, plans) = vshnMetaVshn(dbname, flavor, offered, plans) + {
+  metadata+: {
+    annotations+: {
+      'metadata.appcat.vshn.io/zone': facts.region,
     },
   },
 };
@@ -152,8 +159,10 @@ local promRuleSLA(value, service) = kube._Object('monitoring.coreos.com/v1', 'Pr
     vshnMetaObjectStorage(provider),
   MergeArgs(args, additional):
     mergeArgs(args, additional),
-  VshnMetaVshn(dbname, flavor, offered='true', plans):
-    vshnMetaVshn(dbname, flavor, offered, plans),
+  VshnMetaVshn(servicename, flavor, offered='true', plans):
+    vshnMetaVshn(servicename, flavor, offered, plans),
+  vshnMetaVshnDBaas(dbname, flavor, offered='true', plans):
+    vshnMetaVshnDBaas(dbname, flavor, offered, plans),
   FilterDisabledParams(params):
     filterDisabledParams(params),
   OpenShiftTemplate(name, displayName, description, iconClass, tags, message, provider, docs):

component/provider.jsonnet

@@ -258,19 +258,24 @@ local controllerConfigRef(config) =
         },
         {
           apiGroups: [ '' ],
-          resources: [ 'namespaces', 'serviceaccounts', 'services' ],
+          resources: [ 'namespaces', 'serviceaccounts', 'services', 'persistentvolumeclaims' ],
           verbs: [ 'get', 'list', 'watch', 'create', 'watch', 'patch', 'update', 'delete' ],
         },
         {
           apiGroups: [ 'apps' ],
-          resources: [ 'statefulsets' ],
+          resources: [ 'statefulsets', 'deployments' ],
           verbs: [ 'get', 'list', 'watch', 'create', 'watch', 'patch', 'update', 'delete' ],
         },
         {
           apiGroups: [ 'networking.k8s.io' ],
           resources: [ 'networkpolicies' ],
           verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
         },
+        {
+          apiGroups: [ 'batch' ],
+          resources: [ 'jobs' ],
+          verbs: [ 'get', 'list', 'watch', 'create', 'delete' ],
+        },
       ],
     };
     local rolebinding = kube.ClusterRoleBinding('crossplane:provider:provider-helm:system:custom') {

component/vshn_minio.jsonnet

@@ -0,0 +1,78 @@
+local com = import 'lib/commodore.libjsonnet';
+local kap = import 'lib/kapitan.libjsonnet';
+local kube = import 'lib/kube.libjsonnet';
+
+local comp = import 'lib/appcat-compositions.libsonnet';
+local crossplane = import 'lib/crossplane.libsonnet';
+
+local common = import 'common.libsonnet';
+local xrds = import 'xrds.libsonnet';
+
+local inv = kap.inventory();
+local params = inv.parameters.appcat;
+local minioParams = params.services.vshn.minio;
+
+local serviceNameLabelKey = 'appcat.vshn.io/servicename';
+local serviceNamespaceLabelKey = 'appcat.vshn.io/claim-namespace';
+
+local connectionSecretKeys = [
+  'MINIO_URL',
+  'MINIO_USERNAME',
+  'MINIO_PASSWORD',
+];
+
+local minioPlans = common.FilterDisabledParams(minioParams.plans);
+
+local xrd = xrds.XRDFromCRD(
+  'xvshnminios.vshn.appcat.vshn.io',
+  xrds.LoadCRD('vshn.appcat.vshn.io_vshnminios.yaml', params.images.appcat.tag),
+  defaultComposition='vshnminio.vshn.appcat.vshn.io',
+  connectionSecretKeys=connectionSecretKeys,
+) + xrds.WithPlanDefaults(minioPlans, minioParams.defaultPlan);
+
+local composition =
+  kube._Object('apiextensions.crossplane.io/v1', 'Composition', 'vshnminio.vshn.appcat.vshn.io') +
+  common.SyncOptions +
+  common.VshnMetaVshn('Minio', 'distributed', 'true', minioPlans) +
+  {
+    spec: {
+      compositeTypeRef: comp.CompositeRef(xrd),
+      writeConnectionSecretsToNamespace: minioParams.secretNamespace,
+      functions:
+        [
+          {
+            name: 'minio-func',
+            type: 'Container',
+            config: kube.ConfigMap('xfn-config') + {
+              metadata: {
+                labels: {
+                  name: 'xfn-config',
+                },
+                name: 'xfn-config',
+              },
+              data: {
+                imageTag: common.GetAppCatImageTag(),
+                minioChartRepository: params.charts.minio.source,
+                minioChartVersion: params.charts.minio.version,
+                plans: std.toString(minioPlans),
+                defaultPlan: minioParams.defaultPlan,
+              },
+            },
+            container: {
+              image: 'minio',
+              imagePullPolicy: 'IfNotPresent',
+              timeout: '20s',
+              runner: {
+                endpoint: minioParams.grpcEndpoint,
+              },
+            },
+          },
+        ],
+    },
+  };
+
+if params.services.vshn.enabled && minioParams.enabled then {
+  '20_xrd_vshn_minio': xrd,
+  '20_rbac_vshn_minio': xrds.CompositeClusterRoles(xrd),
+  '21_composition_vshn_minio': composition,
+} else {}

component/vshn_postgres.jsonnet

@@ -888,7 +888,7 @@ local podMonitor = {
 
 local composition(restore=false) =
 
-  local metadata = if restore then common.VshnMetaVshn('PostgreSQLRestore', 'standalone', 'false', pgPlans) else common.VshnMetaVshn('PostgreSQL', 'standalone', 'true', pgPlans);
+  local metadata = if restore then common.vshnMetaVshnDBaas('PostgreSQLRestore', 'standalone', 'false', pgPlans) else common.vshnMetaVshnDBaas('PostgreSQL', 'standalone', 'true', pgPlans);
   local compositionName = if restore then 'vshnpostgresrestore.vshn.appcat.vshn.io' else 'vshnpostgres.vshn.appcat.vshn.io';
   local copyJobFunction(restore) = if restore then [ copyJob ] else [];
 

component/vshn_redis.jsonnet

@@ -444,7 +444,7 @@ local composition =
 
   kube._Object('apiextensions.crossplane.io/v1', 'Composition', 'vshnredis.vshn.appcat.vshn.io') +
   common.SyncOptions +
-  common.VshnMetaVshn('Redis', 'standalone', 'true', redisPlans) +
+  common.vshnMetaVshnDBaas('Redis', 'standalone', 'true', redisPlans) +
   {
     spec: {
       compositeTypeRef: comp.CompositeRef(xrd),

tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml

@@ -32,7 +32,7 @@ spec:
           envFrom:
             - configMapRef:
                 name: apiserver-envs
-          image: ghcr.io/vshn/appcat:v4.23.1
+          image: ghcr.io/vshn/appcat:v4.25.0
           name: apiserver
           resources:
             limits:

tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml

@@ -23,7 +23,7 @@ spec:
           env:
             - name: PLANS_NAMESPACE
               value: syn-appcat
-          image: ghcr.io/vshn/appcat:v4.23.1
+          image: ghcr.io/vshn/appcat:v4.25.0
           livenessProbe:
             httpGet:
               path: /healthz

tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml

@@ -28,7 +28,7 @@ spec:
           value: "false"
         - name: APPCAT_SLI_VSHNREDIS
           value: "false"
-        image: ghcr.io/vshn/appcat:v4.23.1
+        image: ghcr.io/vshn/appcat:v4.25.0
         livenessProbe:
           httpGet:
             path: /healthz

tests/golden/minio/appcat/appcat/10_appcat_namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations: {}
+  labels:
+    name: syn-appcat
+    openshift.io/cluster-monitoring: 'true'
+  name: syn-appcat

tests/golden/minio/appcat/appcat/10_appcat_recording_rule.yaml

@@ -0,0 +1,85 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  annotations: {}
+  labels:
+    name: appcat-billing
+  name: appcat-billing
+  namespace: syn-appcat
+spec:
+  groups:
+    - name: appcat-billing
+      rules:
+        - expr: |
+            sum by (label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla,product,provider,architecture, category, claim_namespace,tenant_id) (
+            # Sum values over one hour and get mean
+            sum_over_time(
+              # Udpate label product: $product:$provider:$tenant_id:$claim_namespace:$architecture
+              label_join(
+                # Add label category: $provider:$claim_namespace
+                label_join(
+                  # Add label architecture: $SLA, where $SLA is the content of label appcat.vshn.io/sla
+                  label_replace(
+                    # Add label provider: vshn
+                    label_replace(
+                      # Add label product: postgres
+                      label_replace(
+                        # Default appcat.vshn.io/sla to besteffort if it is not set
+                        label_replace(
+                          # Copy label appcat.vshn.io/namespace to label claim_namespace
+                          label_replace(
+                            # Populate tenant_id
+                            label_replace(
+                              # Fetch all namespaces with label label_appuio_io_billing_name=~"appcat-.+"
+                              kube_namespace_labels{ label_appuio_io_billing_name=~"appcat-.+"} *
+                              on (namespace) group_right(label_appuio_io_organization,label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla, label_appuio_io_billing_name)
+                              kube_pod_info{created_by_kind!="Job"},
+                              "tenant_id",
+            "t-silent-test-1234",
+            "",
+            ""
+
+                            ),
+                            "claim_namespace",
+                            "$1",
+                            "label_appcat_vshn_io_claim_namespace",
+                            "(.*)"
+                          ),
+                          "label_appcat_vshn_io_sla",
+                          "besteffort",
+                          "label_appcat_vshn_io_sla",
+                          "^$"
+                        ),
+                        "product",
+                        "appcat_$1",
+                        "label_appuio_io_billing_name",
+                        "appcat-(.+)"
+                      ),
+                      "provider",
+                      "vshn",
+                      "",
+                      ""
+                    ),
+                    "sla",
+                    "$1",
+                    "label_appcat_vshn_io_sla",
+                    "(.*)"
+                  ),
+                  "category",
+                  ":",
+                  "provider",
+                  "claim_namespace"
+                ),
+                "product",
+                ":",
+                "product",
+                "provider",
+                "tenant_id",
+                "claim_namespace",
+                "sla"
+              # other billing queries have [59m:1m] here. This is due to some
+              # obscure discrepancies between how the cloud-reporting evaluates the query
+              # and how the GUI/recording rules evaluate the query.
+              )[60m:1m]
+            )/60 )
+          record: appcat:billing