feat(oncall): first deployment

clusters/mycluster-0/flux-system/gotk-sync.yaml

@@ -0,0 +1,27 @@
+# This manifest was generated by flux. DO NOT EDIT.
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  ref:
+    branch: feat/oncall
+  secretRef:
+    name: flux-system
+  url: https://github.com/Smana/cloud-native-ref.git
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./clusters/mycluster-0
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system

clusters/mycluster-0/flux-system/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- gotk-components.yaml
+- gotk-sync.yaml

crds/base/kustomization-rabbitmq-cluster-operator.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: crds-rabbitmq-cluster-operator
+  namespace: infrastructure
+spec:
+  interval: 10m
+  targetNamespace: infrastructure
+  sourceRef:
+    kind: GitRepository
+    name: rabbitmq-cluster-operator
+  path: "./config/crd/bases"
+  prune: true
+  timeout: 1m

crds/base/kustomization.yaml

@@ -10,4 +10,5 @@ resources:
   - kustomization-grafana-operator.yaml
   - kustomization-kyverno.yaml
   - kustomization-cloudnative-pg.yaml
+  - kustomization-rabbitmq-cluster-operator.yaml
   - kustomization-victoria-metrics-operator.yaml

flux/sources/gitrepo-rabbitmq-cluster-operator.yaml

@@ -0,0 +1,10 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: rabbitmq-cluster-operator
+  namespace: infrastructure
+spec:
+  interval: 5m0s
+  url: https://github.com/rabbitmq/cluster-operator
+  ref:
+    tag: v2.10.0

infrastructure/base/rabbitmq-cluster-operator/helmrelease.yaml

@@ -0,0 +1,33 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: rabbitmq-operator
+spec:
+  releaseName: rabbitmq-cluster-operator
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: rabbitmq-cluster-operator
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+      version: "4.3.24"
+  interval: 3m0s
+  install:
+    crds: "Skip"
+    remediation:
+      retries: 3
+  values:
+    clusterOperator:
+      metrics:
+        serviceMonitor:
+          enabled: true
+
+    msgTopologyOperator:
+      metrics:
+        serviceMonitor:
+          enabled: true
+
+    useCertManager: true

infrastructure/base/rabbitmq-cluster-operator/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - helmrelease.yaml

infrastructure/mycluster-0/kustomization.yaml

@@ -7,3 +7,4 @@ resources:
   - ../base/cloudnative-pg
   - ../base/external-dns
   - ../base/gapi
+  - ../base/rabbitmq-cluster-operator

observability/base/grafana-oncall/externalsecret-admin.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-admin
+  namespace: observability
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        key: observability/grafana/oncall-admin
+  refreshInterval: 20m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: grafana-oncall

observability/base/grafana-oncall/externalsecret-rabbitmq.yaml

@@ -0,0 +1,31 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-rabbitmq
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  refreshInterval: 1h
+  target:
+    name: oncall-rabbitmq
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    template:
+      engineVersion: v2
+      type: Opaque
+      data: # We can create kubernetes secrets with the desired format.
+        default_user.conf: |
+          default_user = "{{ .username }}"
+          default_pass = "{{ .password }}"
+        username: "{{ .username }}"
+        password: "{{ .password }}"
+  data:
+    - secretKey: username
+      remoteRef:
+        key: observability/grafana/oncall-rabbitmq
+        property: username
+    - secretKey: password
+      remoteRef:
+        key: observability/grafana/oncall-rabbitmq
+        property: password

observability/base/grafana-oncall/externalsecret-slackapp.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-slack-app
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        key: observabliity/grafana/oncall-slackapp
+  refreshInterval: 20m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: oncall-slack-app

observability/base/grafana-oncall/externalsecret-sqlinstance-password.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-sqlinstance-password
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        key: observability/grafana/oncall-sqlinstance
+  refreshInterval: 20m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: oncall-pg-masterpassword

observability/base/grafana-oncall/externalsecret-valkey.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oncall-valkey
+  namespace: observability
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        key: observability/grafana/oncall-valkey
+  refreshInterval: 20m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: clustersecretstore
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: oncall-valkey

observability/base/grafana-oncall/helmrelease-oncall.yaml

@@ -0,0 +1,102 @@
+# Based on https://grafana.com/docs/grafana-oncall/latest/setup/install/helm/install-scalable/
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: oncall
+spec:
+  releaseName: oncall
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: oncall
+      sourceRef:
+        kind: HelmRepository
+        name: grafana
+        namespace: observability
+      version: "1.11.5"
+  interval: 5m0s
+  timeout: 15m
+  install:
+    remediation:
+      retries: 3
+  values:
+    base_url: oncall.priv.${domain_name}
+    base_url_protocol: https
+
+    engine:
+      replicaCount: 1
+      resources:
+        limits:
+          cpu: 200m
+          memory: 256Mi
+
+    celery:
+      replicaCount: 1
+      resources:
+        limits:
+          cpu: 300m
+          memory: 516Mi
+
+    oncall:
+      secrets:
+        existingSecret: "grafana-oncall"
+        secretKey: "secret_key"
+        mirageSecretKey: "mirage_secret_key"
+      slack:
+        enabled: true
+        existingSecret: "oncall-slack-app"
+        clientIdKey: "client_id"
+        clientSecretKey: "client_secret"
+        signingSecretKey: "signing_secret"
+
+    ingress:
+      enabled: false
+
+    ingress-nginx:
+      enabled: false
+
+    cert-manager:
+      enabled: false
+
+    database:
+      type: postgresql
+
+    mariadb:
+      enabled: false
+
+    externalPostgresql:
+      host: xplane-oncall-rds-service
+      port: 5432
+      db_name: "oncall"
+      user: "oncall"
+      existingSecret: "xplane-oncall-owner-oncall"
+      passwordKey: "password"
+      options: >-
+        sslmode=require
+
+    rabbitmq:
+      enabled: false
+
+    externalRabbitmq:
+      host: oncall-rabbitmq
+      port: 5672
+      existingSecret: oncall-rabbitmq
+      passwordKey: "password"
+      usernameKey: "username"
+
+    redis:
+      enabled: false
+
+    externalRedis:
+      host: oncall-valkey-master
+      port: 6379
+      username: user
+      existingSecret: "oncall-valkey"
+      passwordKey: password
+
+    externalGrafana:
+      url: https://grafana.priv.${domain_name}
+
+    networkPolicy:
+      enabled: false

observability/base/grafana-oncall/helmrelease-valkey.yaml

@@ -0,0 +1,51 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: oncall-valkey
+  namespace: tooling
+spec:
+  releaseName: oncall-valkey
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: valkey
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+      version: "1.0.2"
+  interval: 10m0s
+  install:
+    remediation:
+      retries: 3
+  values:
+    auth:
+      existingSecret: "oncall-valkey"
+      existingSecretPasswordKey: "password"
+
+    master:
+      ## Valkey master resource requests and limits
+      ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+      ## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
+      ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+      ##
+      resourcesPreset: "nano"
+      persistence:
+        size: 4Gi
+
+    replica:
+      resourcesPreset: "nano"
+      persistence:
+        size: 4Gi
+
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+
+    useExternalDNS:
+      enabled: true
+      suffix: "priv.${domain_name}"
+      additionalAnnotations:
+        ttl: 10

observability/base/grafana-oncall/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: observability
+
+resources:
+  - externalsecret-admin.yaml
+  - externalsecret-rabbitmq.yaml
+  - externalsecret-slackapp.yaml
+  - externalsecret-sqlinstance-password.yaml
+  - externalsecret-valkey.yaml
+  - helmrelease-oncall.yaml
+  - helmrelease-valkey.yaml
+  - rabbitmq.yaml
+  - sqlinstance.yaml

observability/base/grafana-oncall/rabbitmq.yaml

@@ -0,0 +1,9 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: RabbitmqCluster
+metadata:
+  name: oncall-rabbitmq
+spec:
+  replicas: 1
+  secretBackend:
+    externalSecret:
+      name: "oncall-rabbitmq"