keptn · thschue · Oct 20, 2022 · Oct 18, 2022 · Oct 18, 2022 · Oct 18, 2022
@@ -134,17 +134,30 @@ Furthermore, there will be a description on what CRD they monitor and a general
 
 ### Webhook
 
-The mutating webhook works only on resources that have Keptn annotations.
-The mutation consists in changing the scheduler used for the deployment with the Keptn Scheduler.
-The webhook should be as fast as possible and should not create/change any resource.
+Annotating a namespace subjects it to the effects of the mutating webhook:
 
-When the webhook receives a request for a new pod, it will look for the following annotations:
+```
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: podtato-kubectl
+  annotations:
+    keptn.sh/lifecycle-controller: "enabled"  # this lines tells the webhook to handle the namespace
+```
+However, the mutating webhook will modify only resources in the annotated namespace that have Keptn annotations.
+When the webhook receives a request for a new pod, it will look for the workload annotations:
 
 ```
-keptn.sh/app
 keptn.sh/workload
 ```
+The mutation consists in changing the scheduler used for the deployment with the Keptn Scheduler. Webhook then creates a workload and app resource per annotated resource. 
+You can also specify a custom app definition with the annotation:
 
+```
+keptn.sh/app
+```
+In this case the webhook will not generate an app, but it will expect that the user will provide one.
+The webhook should be as fast as possible and should not create/change any resource.
 Additionally, it will compute a version string, using a hash function that takes certain properties of the pod as parameters
 (e.g. the images of its containers).
 Next, it will look for an existing instance of a `Workload CRD` for the given workload name:
@@ -161,6 +174,10 @@ the specification of the pre/post deployment checks that should be executed for
   - `keptn.sh/pre-deployment-tasks: task1,task2`
   - `keptn.sh/post-deployment-tasks: task1,task2`
 
+and for the Evaluations:
+
+  - `keptn.sh/pre-deployment-evaluations: my-evaluation-definition`
+  - `keptn.sh/post-deployment-evaluations: my-eval-definition`
 
 After either one of those actions has been taken, the webhook will set the scheduler of the pod and allow the pod to be scheduled.
 
@@ -174,7 +191,27 @@ For each pod, at the very end of the scheduling cycle, the plugin verifies wheth
 
 ### Keptn App
 
-tbd
+An App contains information about all workloads and checks associated with an application.
+It will use the following structure for the specification of the pre/post deployment and pre/post evaluations checks that should be executed at app level:
+
+```
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnApp
+metadata:
+name: podtato-head
+namespace: podtato-kubectl
+spec:
+version: "1.3"
+workloads:
+- name: podtato-head-left-arm
+version: 0.1.0
+- name: podtato-head-left-leg
+postDeploymentTasks:
+- post-deployment-hello
+preDeploymentEvaluations:    
+- my-prometheus-definition
+```
+While changes in the workload version will affect only workload checks,  a change in the app version will also cause a new execution of app level checks.
 
 ### Keptn Workload
 
@@ -283,11 +320,11 @@ spec:
   source: prometheus
   objectives:
     - name: query-1
-       query: "xxxx"
-       evaluationTarget: <20
+      query: "xxxx"
+      evaluationTarget: <20
     - name: query-2
-       query: "yyyy"
-       evaluationTarget: >4
+      query: "yyyy"
+      evaluationTarget: >4
 ```
 
 

@@ -3,7 +3,7 @@ LFC_NAMESPACE ?= keptn-lifecycle-controller-system
 PODTATO_NAMESPACE ?= podtato-kubectl
 
 .PHONY: install
-install:
+install:undeploy-podtatohead
 	@echo "-----------------------------------"
 	@echo "Create Namespace and install Jaeger"
 	@echo "-----------------------------------"
@@ -14,11 +14,11 @@ install:
 
 	@echo ""
 	@echo "------------------"
-	@echo "Install Prometheus"
+	@echo "Configure Prometheus"
 	@echo "------------------"
 	kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f -
 	kubectl apply --server-side -f config/prometheus/setup
-	kubectl apply -f config/prometheus/
+	kubectl wait --for=condition=Established --all CustomResourceDefinition --namespace=monitoring
 
 	@echo ""
 	@echo "-------------------------------"
@@ -31,11 +31,7 @@ install:
 	@echo "Wait for Resources to get ready"
 	@echo "-------------------------------"
 	kubectl wait --for=condition=available deployment/jaeger -n "$(LFC_NAMESPACE)" --timeout=120s
-	kubectl wait --for=condition=available deployment/prometheus-operator -n monitoring --timeout=120s
-	kubectl wait --for=condition=available deployment/prometheus-adapter -n monitoring --timeout=120s
-	kubectl wait --for=condition=available deployment/kube-state-metrics -n monitoring --timeout=120s
 	kubectl wait --for=condition=available deployment/otel-collector -n "$(LFC_NAMESPACE)" --timeout=120s
-	kubectl wait --for=condition=available deployment/grafana -n monitoring --timeout=120s
 
 	@echo ""
 	@echo "----------------------------------"
@@ -46,6 +42,18 @@ install:
 	kubectl rollout restart deployment -n "$(LFC_NAMESPACE)" keptn-scheduler -n keptn-lifecycle-controller-system
 	kubectl rollout status deployment -n "$(LFC_NAMESPACE)" keptn-scheduler --watch
 
+
+	@echo ""
+	@echo "------------------"
+	@echo "Install Prometheus"
+	@echo "------------------"
+	kubectl apply -f config/prometheus/
+	kubectl wait --for=condition=available deployment/prometheus-operator -n monitoring --timeout=120s
+	kubectl wait --for=condition=available deployment/prometheus-adapter -n monitoring --timeout=120s
+	kubectl wait --for=condition=available deployment/kube-state-metrics -n monitoring --timeout=120s
+	kubectl wait --for=condition=available deployment/grafana -n monitoring --timeout=120s
+
+
 	@echo ""
 	@echo "#######################################################"
 	@echo "Observability Demo installed"
@@ -91,7 +99,7 @@ uninstall:
 deploy-podtatohead:
 	kubectl create namespace "$(PODTATO_NAMESPACE)" --dry-run=client -o yaml | kubectl apply -f -
 	kubectl annotate namespace "$(PODTATO_NAMESPACE)" keptn.sh/lifecycle-controller=enabled --overwrite
-	kubectl apply -f ../podtatohead-deployment/.
+	kubectl apply -f ./assets/podtatohead-deployment-evaluation/.
 	kubectl wait --for=condition=available deployment/podtato-head-entry -n podtato-kubectl --timeout=120s
 	@echo "Watch Workload Deployment Progress: kubectl get keptnworkloadinstances -n podtato-kubectl -w"
 

@@ -2,6 +2,7 @@
 
 In this example, we will show you an example configuration for enabling the operator to send OpenTelemetry traces and metrics to the [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector).
 The Collector will then be used to forward the gathered data to [Jaeger](https://www.jaegertracing.io) and [Prometheus](https://prometheus.io).
+The application deployed uses an example of pre-Deployment Evaluation based on prometheus metrics.
 
 # TL;DR
 * You can install the whole demo using: `make install`
@@ -73,7 +74,9 @@ kubectl rollout restart deployment -n keptn-lifecycle-controller-system keptn-sc
 ## Seeing the OpenTelemetry Collector in action
 
 After everything has been set up, use the lifecycle operator to deploy a workload (e.g. using the `single-service` or `podtato-head` example in the `examples` folder).
-Once either of these examples have been deployed, you can view the generated traces in Jaeger. To do so, please create a port-forward for the `jaeger-query` service:
+To showcase pre-Evaluation checks we created a new version of podtato-head app in assets/podtetohead-deployment-evaluation.
+You can run ``make deploy-podtatohead`` to check pre-Evaluations of prometheus metrics both at app and workload instance level.
+Once an example has been deployed, you can view the generated traces in Jaeger. To do so, please create a port-forward for the `jaeger-query` service:
 
 ```sh
 kubectl port-forward -n keptn-lifecycle-controller-system svc/jaeger-query 16686 

@@ -0,0 +1,24 @@
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnApp
+metadata:
+  name: podtato-head
+  namespace: podtato-kubectl
+spec:
+  version: "1.3"
+  workloads:
+    - name: podtato-head-left-arm
+      version: 0.1.0
+    - name: podtato-head-left-leg
+      version: 0.1.0
+    - name: podtato-head-entry
+      version: 0.1.0
+    - name: podtato-head-right-arm
+      version: 0.1.0
+    - name: podtato-head-left-arm
+      version: 0.1.0
+    - name: podtato-head-hat
+      version: 0.1.0
+  postDeploymentTasks:
+    - post-deployment-hello
+  preDeploymentEvaluations:     #Comment out this two lines if you do not have a prometheus installation
+    - my-prometheus-definition
@@ -0,0 +1,12 @@
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnTaskDefinition
+metadata:
+  name: check-entry-service
+  namespace: podtato-kubectl
+spec:
+  function:
+    httpRef:
+      url: https://raw.githubusercontent.com/keptn-sandbox/lifecycle-controller/main/functions-runtime/samples/ts/http.ts
+    parameters:
+      map:
+        url: http://podtato-head-entry.podtato-kubectl.svc.cluster.local:9000
@@ -0,0 +1,15 @@
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnEvaluationDefinition
+metadata:
+  name: my-prometheus-definition
+  namespace: podtato-kubectl
+spec:
+  source: prometheus
+  objectives:
+    - name: available-cpus
+      query: "sum(kube_pod_container_resource_limits{resource='cpu'}) - sum(kube_node_status_capacity{resource='cpu'})"
+      evaluationTarget: ">1" #string: can only be starting with < or >
+    - name: consumed-memory
+      query: "sum(kube_node_status_capacity{resource='memory'})"
+      evaluationTarget: "<1000000000000" #string: can only be starting with < or >
+
@@ -0,0 +1,7 @@
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnEvaluationProvider
+metadata:
+  name: prometheus
+  namespace: podtato-kubectl
+spec:
+  targetServer: "http://prometheus-k8s.monitoring.svc.cluster.local:9090" #string