Skip to content

Commit

Permalink
feat(insights): use separate deployment for Insights (#962)
Browse files Browse the repository at this point in the history
  • Loading branch information
ebaron authored Oct 15, 2024
1 parent af55876 commit c950764
Show file tree
Hide file tree
Showing 17 changed files with 376 additions and 53 deletions.
27 changes: 18 additions & 9 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ CERT_MANAGER_VERSION ?= 1.11.5
CERT_MANAGER_MANIFEST ?= \
https://github.com/cert-manager/cert-manager/releases/download/v$(CERT_MANAGER_VERSION)/cert-manager.yaml

KUSTOMIZE_VERSION ?= 3.8.7
KUSTOMIZE_VERSION ?= 4.5.7
CONTROLLER_TOOLS_VERSION ?= 0.14.0
GOLICENSE_VERSION ?= 1.29.0
OPM_VERSION ?= 1.23.0
Expand Down Expand Up @@ -142,17 +142,23 @@ ifneq ("$(wildcard $(GINKGO))","")
GO_TEST="$(GINKGO)" -cover -output-dir=.
endif

KUSTOMIZE_DIR ?= config/default
# Optional Red Hat Insights integration
ENABLE_INSIGHTS ?= false
ifeq ($(ENABLE_INSIGHTS), true)
KUSTOMIZE_DIR ?= config/insights
INSIGHTS_PROXY_NAMESPACE ?= quay.io/3scale
INSIGHTS_PROXY_NAME ?= apicast
INSIGHTS_PROXY_VERSION ?= insights-01
KUSTOMIZE_BUNDLE_DIR ?= config/overlays/insights
INSIGHTS_PROXY_NAMESPACE ?= registry.redhat.io/3scale-amp2
INSIGHTS_PROXY_NAME ?= apicast-gateway-rhel8
INSIGHTS_PROXY_VERSION ?= 3scale2.14
export INSIGHTS_PROXY_IMG ?= $(INSIGHTS_PROXY_NAMESPACE)/$(INSIGHTS_PROXY_NAME):$(INSIGHTS_PROXY_VERSION)
export INSIGHTS_BACKEND ?= console.redhat.com
RUNTIMES_INVENTORY_NAMESPACE ?= registry.redhat.io/insights-runtimes-tech-preview
RUNTIMES_INVENTORY_NAME ?= runtimes-inventory-rhel8-operator
RUNTIMES_INVENTORY_VERSION ?= latest
RUNTIMES_INVENTORY_IMG ?= $(RUNTIMES_INVENTORY_NAMESPACE)/$(RUNTIMES_INVENTORY_NAME):$(RUNTIMES_INVENTORY_VERSION)
BUNDLE_GEN_FLAGS += --extra-service-accounts cryostat-operator-insights
else
KUSTOMIZE_DIR ?= config/default
KUSTOMIZE_BUNDLE_DIR ?= config/manifests
endif

# Specify which scorecard tests/suites to run
Expand Down Expand Up @@ -329,10 +335,13 @@ catalog-build: opm ## Build a catalog image.
bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
$(OPERATOR_SDK) generate kustomize manifests -q
cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMG)
ifeq ($(ENABLE_INSIGHTS), true)
cd config/insights && $(KUSTOMIZE) edit set image insights=$(RUNTIMES_INVENTORY_IMG)
endif
ifeq ($(BUNDLE_MODE), ocp)
cd config/manifests && $(KUSTOMIZE) edit add base ../openshift
cd $(KUSTOMIZE_BUNDLE_DIR) && $(KUSTOMIZE) edit add base ../openshift
endif
$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
$(KUSTOMIZE) build $(KUSTOMIZE_BUNDLE_DIR) | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
# Workaround for: https://issues.redhat.com/browse/OCPBUGS-34901
yq -i '.spec.customresourcedefinitions.owned |= reverse' bundle/manifests/cryostat-operator.clusterserviceversion.yaml
$(OPERATOR_SDK) bundle validate ./bundle
Expand All @@ -349,7 +358,7 @@ manifests: controller-gen ## Generate manifests e.g. CRD, RBAC, etc.
envsubst < hack/image_tag_patch.yaml.in > config/default/image_tag_patch.yaml
envsubst < hack/image_pull_patch.yaml.in > config/default/image_pull_patch.yaml
ifeq ($(ENABLE_INSIGHTS), true)
envsubst < hack/insights_patch.yaml.in > config/insights/insights_patch.yaml
envsubst < hack/insights_patch.yaml.in > config/overlays/insights/insights_patch.yaml
endif

.PHONY: fmt
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ metadata:
capabilities: Seamless Upgrades
categories: Monitoring, Developer Tools
containerImage: quay.io/cryostat/cryostat-operator:4.0.0-dev
createdAt: "2024-10-04T18:55:09Z"
createdAt: "2024-10-10T18:16:26Z"
description: JVM monitoring and profiling tool
operatorframework.io/initialization-resource: |-
{
Expand Down Expand Up @@ -1024,10 +1024,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/cryostat/cryostat-operator:4.0.0-dev
imagePullPolicy: Always
livenessProbe:
Expand Down
67 changes: 67 additions & 0 deletions config/insights/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: insights
namespace: system
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: controller-manager
annotations:
kubectl.kubernetes.io/default-container: insights
spec:
serviceAccountName: insights
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: insights
args:
- "--health-probe-bind-address=:8081"
- "--metrics-bind-address=0" # Metrics disabled
- "--leader-elect"
image: registry.redhat.io/insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
env:
- name: WATCH_NAMESPACE
value: ""
- name: OPERATOR_NAME
value: placeholder
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSIGHTS_ENABLED
value: "true"
resources:
limits:
cpu: 1000m
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
terminationGracePeriodSeconds: 10
17 changes: 0 additions & 17 deletions config/insights/insights_patch.yaml

This file was deleted.

42 changes: 39 additions & 3 deletions config/insights/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,41 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

# Adds namespace to all resources.
namespace: cryostat-operator-system

# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: cryostat-operator-

# Labels to add to all resources and selectors.
commonLabels:
app.kubernetes.io/name: cryostat-operator-insights

resources:
- ../default
- deployment.yaml
- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml

replacements:
- source:
fieldPath: metadata.name
kind: Deployment
name: insights
targets:
- fieldPaths:
- spec.template.spec.containers.[name=insights].env.[name=OPERATOR_NAME].value
select:
kind: Deployment
name: insights

patchesStrategicMerge:
- insights_patch.yaml
images:
- name: insights
newName: registry.redhat.io/insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator
newTag: latest
44 changes: 44 additions & 0 deletions config/insights/leader_election_role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: role
app.kubernetes.io/instance: insights-leader-election-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: runtimes-inventory-operator
app.kubernetes.io/part-of: runtimes-inventory-operator
app.kubernetes.io/managed-by: kustomize
name: insights-leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
18 changes: 18 additions & 0 deletions config/insights/leader_election_role_binding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: rolebinding
app.kubernetes.io/instance: insights-leader-election-rolebinding
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: runtimes-inventory-operator
app.kubernetes.io/part-of: runtimes-inventory-operator
app.kubernetes.io/managed-by: kustomize
name: insights-leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: insights-leader-election-role
subjects:
- kind: ServiceAccount
name: insights
65 changes: 65 additions & 0 deletions config/insights/role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: insights-role
rules:
- apiGroups:
- ""
resourceNames:
- pull-secret
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- config.openshift.io
resources:
- clusterversions
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: insights-role
namespace: system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/finalizers
- secrets
- services
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
verbs:
- create
- get
- list
- update
- watch
39 changes: 39 additions & 0 deletions config/insights/role_binding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/instance: insights-rolebinding
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: runtimes-inventory-operator
app.kubernetes.io/part-of: runtimes-inventory-operator
app.kubernetes.io/managed-by: kustomize
name: insights-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: insights-role
subjects:
- kind: ServiceAccount
name: insights
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: rolebinding
app.kubernetes.io/instance: insights-rolebinding
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: runtimes-inventory-operator
app.kubernetes.io/part-of: runtimes-inventory-operator
app.kubernetes.io/managed-by: kustomize
name: insights-rolebinding
namespace: system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: insights-role
subjects:
- kind: ServiceAccount
name: insights
5 changes: 5 additions & 0 deletions config/insights/service_account.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: insights
Loading

0 comments on commit c950764

Please sign in to comment.