feat(oncall): first deployment

README.md

@@ -89,7 +89,7 @@ Additionally, I have put a constraint on the resources the controllers can manag
 The Harbor installation follows best practices for high availability. It leverages recent Crossplane features such as `Composition functions`:
 
 - External RDS database
-- Redis cluster using the Bitnami Helm chart
+- Valkey cluster using the Bitnami Helm chart
 - Storing artifacts in S3
 
 🏷️ Related blog post: [Going Further with Crossplane: Compositions and Functions](https://blog.ogenki.io/post/crossplane_composition_functions/)

crds/base/kustomization-rabbitmq-cluster-operator.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: crds-rabbitmq-cluster-operator
+  namespace: infrastructure
+spec:
+  interval: 10m
+  targetNamespace: infrastructure
+  sourceRef:
+    kind: GitRepository
+    name: rabbitmq-cluster-operator
+  path: "./config/crd/bases"
+  prune: true
+  timeout: 1m

crds/base/kustomization.yaml

@@ -9,4 +9,5 @@ resources:
   - kustomization-gateway-api.yaml
   - kustomization-grafana-operator.yaml
   - kustomization-kyverno.yaml
+  - kustomization-rabbitmq-cluster-operator.yaml
   - kustomization-victoria-metrics-operator.yaml

flux/sources/gitrepo-rabbitmq-cluster-operator.yaml

@@ -0,0 +1,10 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: rabbitmq-cluster-operator
+  namespace: infrastructure
+spec:
+  interval: 5m0s
+  url: https://github.com/rabbitmq/cluster-operator
+  ref:
+    tag: v2.10.0

infrastructure/base/rabbitmq-cluster-operator/helmrelease.yaml

@@ -0,0 +1,33 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: rabbitmq-operator
+spec:
+  releaseName: rabbitmq-cluster-operator
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: rabbitmq-cluster-operator
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+      version: "4.3.24"
+  interval: 3m0s
+  install:
+    crds: "Skip"
+    remediation:
+      retries: 3
+  values:
+    clusterOperator:
+      metrics:
+        serviceMonitor:
+          enabled: true
+
+    msgTopologyOperator:
+      metrics:
+        serviceMonitor:
+          enabled: true
+
+    useCertManager: true

infrastructure/base/rabbitmq-cluster-operator/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - helmrelease.yaml

infrastructure/mycluster-0/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - ../base/cilium
   - ../base/external-dns
   - ../base/gapi
+  - ../base/rabbitmq-cluster-operator

observability/base/grafana-oncall/externalsecret-rabbitmq.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-rabbitmq
+  namespace: observability
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        key: observability/oncall/rabbitmq
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: oncall-rabbitmq

observability/base/grafana-oncall/externalsecret-slackapp.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-slack-app
+  namespace: tooling
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        key: observabliity/grafana/oncall-slackapp
+  refreshInterval: 20m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: oncall-slack-app

observability/base/grafana-oncall/externalsecret-valkey.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-valkey
+  namespace: tooling
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        key: observability/oncall/valkey
+  refreshInterval: 20m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: oncall-valkey

observability/base/grafana-oncall/helmrelease-oncall.yaml

@@ -0,0 +1,89 @@
+# Based on https://grafana.com/docs/grafana-oncall/latest/setup/install/helm/install-scalable/
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: grafana-oncall
+spec:
+  releaseName: grafana-oncall
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: oncall
+      sourceRef:
+        kind: HelmRepository
+        name: grafana
+        namespace: observability
+      version: "1.9.29"
+  interval: 4m0s
+  timeout: 10m
+  install:
+    remediation:
+      retries: 3
+  values:
+    base_url: oncall.priv.${domain_name}
+    base_url_protocol: https
+
+    engine:
+      replicaCount: 1
+      resources:
+        limits:
+          cpu: 100m
+          memory: 128Mi
+
+    celery:
+      replicaCount: 1
+      resources:
+        limits:
+          cpu: 100m
+          memory: 128Mi
+
+    oncall:
+      slack:
+        enabled: true
+        existingSecret: "oncall-slack-app"
+
+    ingress:
+      enabled: false
+
+    ingress-nginx:
+      enabled: false
+
+    cert-manager:
+      enabled: false
+
+    database:
+      type: postgresql
+
+    externalPostgresql:
+      host: sqlinstance-xplane-oncall
+      port: 5432
+      db_name: "oncall"
+      user: "oncall"
+      existingSecret: "sql-role-oncall"
+      passwordKey: "password"
+      options: >-
+        sslmode=require
+
+    rabbitmq:
+      enabled: false
+
+    externalRabbitmq:
+      host: oncall-rabbitmq
+      port: 5672
+      existingSecret: oncall-rabbitmq
+      passwordKey: "password"
+      usernameKey: "username"
+
+    redis:
+      enabled: false
+
+    externalRedis:
+      host: harbor-valkey-master
+      port: 6379
+      username: user
+      existingSecret: "oncall-valkey"
+      passwordKey: password
+
+    externalGrafana:
+      url: https://grafana.priv.${domain_name}

observability/base/grafana-oncall/helmrelease-valkey.yaml

@@ -0,0 +1,51 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: oncall-valkey
+  namespace: tooling
+spec:
+  releaseName: oncall-valkey
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: valkey
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+      version: "1.0.2"
+  interval: 10m0s
+  install:
+    remediation:
+      retries: 3
+  values:
+    auth:
+      existingSecret: "oncall-valkey"
+      existingSecretPasswordKey: "password"
+
+    master:
+      ## Valkey master resource requests and limits
+      ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+      ## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
+      ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+      ##
+      resourcesPreset: "nano"
+      persistence:
+        size: 4Gi
+
+    replica:
+      resourcesPreset: "nano"
+      persistence:
+        size: 4Gi
+
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+
+    useExternalDNS:
+      enabled: true
+      suffix: "priv.${domain_name}"
+      additionalAnnotations:
+        ttl: 10

observability/base/grafana-oncall/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: observability
+
+resources:
+  - external-secret-rabbitmq.yaml
+  - external-secret-slackapp.yaml
+  - external-secret-valkey.yaml
+  - helmrelease-oncall.yaml
+  - helmrelease-valkey.yaml
+  - rabbitmq.yaml
+  - sqlinstance.yaml

observability/base/grafana-oncall/rabbitmq.yaml

@@ -0,0 +1,9 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: RabbitmqCluster
+metadata:
+  name: oncall
+spec:
+  replicas: 1
+  secretBackend:
+    externalSecret:
+      name: "oncall-rabbitmq"

observability/base/grafana-oncall/sqlinstance.yaml

@@ -0,0 +1,22 @@
+apiVersion: cloud.ogenki.io/v1alpha1
+kind: SQLInstance
+metadata:
+  name: xplane-oncall
+  namespace: tooling
+spec:
+  parameters:
+    engine: postgres
+    engineVersion: "15"
+    size: small
+    storageGB: 20
+    databases:
+      - owner: oncall
+        name: oncall
+    passwordSecretRef:
+      namespace: tooling
+      name: oncall-pg-masterpassword
+      key: password
+  compositionRef:
+    name: xsqlinstances.cloud.ogenki.io
+  writeConnectionSecretToRef:
+    name: xplane-oncall-rds

tooling/mycluster-0/kustomization.yaml

@@ -3,7 +3,6 @@ kind: Kustomization
 
 resources:
   - ../base/headlamp
-  - ../base/harbor
   # Uncomment the following resources to include them in the kustomization
   # - ../base/dagger-engine
   # - ../base/gha-runners