feat: Add aoi helm chart (#209)

Merging in the AOI chart to keep chart infrastructure in one place

---------

Co-authored-by: Thor Anker Kvisgård Lange <[email protected]>

.github/scripts/helm-repos.sh

@@ -5,3 +5,4 @@ helm repo add vector https://helm.vector.dev
 helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
 helm repo add cert-manager https://charts.jetstack.io
 helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts
+helm repo add victoria-metrics https://victoriametrics.github.io/helm-charts

.github/workflows/cd.yaml

@@ -22,7 +22,7 @@ jobs:
       #
       - uses: actions/setup-go@v2
         with:
-          go-version: '1.17.2'
+          go-version: '1.23.0'
 
       - name: Install extra tooling
         run: |
@@ -56,7 +56,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v1
         with:
-          version: v3.7.2
+          version: v3.15.3
 
       - name: Add dependency chart repos
         run: ./.github/scripts/helm-repos.sh

.github/workflows/ci.yaml

@@ -31,7 +31,7 @@ jobs:
 
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.17.2"
+          go-version: '1.23.0'
 
       - name: Install extra tooling
         run: |
@@ -57,7 +57,7 @@ jobs:
       - name: Set up Helm
         uses: azure/setup-helm@v3
         with:
-          version: v3.12.1
+          version: v3.15.3
 
       - uses: actions/setup-python@v2
         with:
@@ -69,7 +69,7 @@ jobs:
       - name: Setup polaris
         uses: fairwindsops/polaris/.github/actions/setup-polaris@master
         with:
-          version: 8.2.4
+          version: 9.2.1
 
       - name: Run chart-testing (lint)
         run: |
@@ -79,7 +79,7 @@ jobs:
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed --target-branch main)
+          changed=$(ct list-changed --target-branch main --excluded-charts aoi)
           if [[ -n "$changed" ]]; then
             echo "changed=true" >> $GITHUB_OUTPUT
           fi
@@ -110,4 +110,4 @@ jobs:
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Run chart-testing (install)
-        run: ct install --config ct.yaml
+        run: ct install --config ct.yaml --excluded-charts aoi

charts/aoi/.gitignore

@@ -0,0 +1,2 @@
+# Ignore dependencies downloaded by helm
+charts/

charts/aoi/.helmignore

@@ -0,0 +1,2 @@
+.gitignore
+CHANGELOG.md

charts/aoi/CHANGELOG.MD

@@ -0,0 +1 @@
+# WiP

charts/aoi/Chart.lock

@@ -0,0 +1,15 @@
+dependencies:
+- name: grafana
+  repository: https://grafana.github.io/helm-charts
+  version: 7.3.7
+- name: victoria-metrics-single
+  repository: https://victoriametrics.github.io/helm-charts/
+  version: 0.9.17
+- name: victoria-metrics-single
+  repository: https://victoriametrics.github.io/helm-charts/
+  version: 0.9.17
+- name: victoria-metrics-alert
+  repository: https://victoriametrics.github.io/helm-charts/
+  version: 0.9.4
+digest: sha256:63740c51ac34e8d7d64616b5e8e47f3b6cfc14383a445f8ac51ff8e7b9fbb71f
+generated: "2024-09-04T09:41:39.608788+02:00"

charts/aoi/Chart.yaml

@@ -0,0 +1,32 @@
+apiVersion: v2
+name: aoi
+description: A Helm chart for Netic application operations infrastructure
+type: application
+version: 0.1.20
+home: https://github.com/neticdk/k8s-oaas-observability
+sources:
+  - https://github.com/neticdk/k8s-oaas-observability
+maintainers:
+  - name: alex5517
+    email: [email protected]
+  - name: mathiasfm
+    email: [email protected]
+dependencies:
+  - name: grafana
+    version: 7.3.7
+    repository: https://grafana.github.io/helm-charts
+    condition: grafana.enabled
+  - name: victoria-metrics-single
+    alias: victoria-metrics-single-1
+    version: 0.9.17
+    repository: https://victoriametrics.github.io/helm-charts/
+    condition: global.tsdb.enabled
+  - name: victoria-metrics-single
+    alias: victoria-metrics-single-2
+    version: 0.9.17
+    repository: https://victoriametrics.github.io/helm-charts/
+    condition: global.tsdb.high_availability.enabled
+  - name: victoria-metrics-alert
+    version: 0.9.4
+    repository: https://victoriametrics.github.io/helm-charts/
+    condition: alerting.enabled

charts/aoi/ci/default-values.yaml

@@ -0,0 +1,6 @@
+global:
+  priorityClassName: "secure-cloud-stack-tenant-namespace-application-critical"
+
+victoria-metrics-single-1:
+  server:
+    priorityClassName: "secure-cloud-stack-tenant-namespace-application-critical"

charts/aoi/templates/_helpers.tpl

@@ -0,0 +1,114 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "aoi.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "aoi.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "aoi.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "aoi.labels" -}}
+helm.sh/chart: {{ include "aoi.chart" . }}
+{{ include "aoi.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "aoi.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "aoi.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "aoi.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "aoi.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the hostname for the read path to tsdb.
+*/}}
+{{- define "aoi.readHost" -}}
+{{- if .Values.global.tsdb.high_availability.enabled }}
+{{- printf "promxy" }}
+{{- else }}
+{{- printf "victoria-metrics-single-1-server" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the port for the read path to tsdb.
+*/}}
+{{- define "aoi.readPort" -}}
+{{- if .Values.global.tsdb.high_availability.enabled }}
+{{- printf "8082" }}
+{{- else }}
+{{- printf "8428" }}
+{{- end }}
+{{- end }}
+
+{{/*
+metrics read url 
+*/}}
+{{- define "aoi.readUrl" -}}
+{{- printf "http://%s-%s.%s.svc.%s:%s" (include "aoi.name" . ) (include "aoi.readHost" . ) .Release.Namespace .Values.global.clusterDomain (include "aoi.readPort" . ) }} 
+{{- end }}
+
+
+{{/*
+metrics read url for grafana
+*/}}
+{{- define "aoi.grafanaReadUrl" -}}
+{{- if .Values.authProxy.enabled }}
+{{- printf "http://%s-auth-proxy.%s.svc.%s:8080" (include "aoi.name" . )   .Release.Namespace .Values.global.clusterDomain }}
+{{- else }}
+{{- printf "http://%s-%s.%s.svc.%s:%s" (include "aoi.name" . ) (include "aoi.readHost" . ) .Release.Namespace .Values.global.clusterDomain (include "aoi.readPort" . ) }} 
+{{- end }}
+{{- end }}
+
+{{/*
+Create the lable value for victoria-metrics kubernetes/name lable.
+*/}}
+{{- define "aoi.vmLableName" -}}
+{{- if .Values.global.tsdb.high_availability.enabled }}
+{{- printf "promxy" }}
+{{- else }}
+{{- printf "victoria-metrics-single-1" }}
+{{- end }}
+{{- end }}

charts/aoi/templates/application-operations-alerting/HelmRelease.yaml

@@ -0,0 +1,125 @@
+{{- if .Values.alerting.enabled }}
+{{- range $i, $namespace := (include "aoi.alerting.namespaces" . | fromJsonArray) }}
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: victoria-metrics-alert
+  namespace: {{ $namespace }}
+spec:
+  chart:
+    spec:
+      chart: victoria-metrics-alert
+      version: {{ include "aoi.alerting.chartVersion" $ }}
+      sourceRef:
+        kind: HelmRepository
+        name: victoria-metrics
+      interval: 5m
+  interval: 5m
+  timeout: 15m
+  values:
+    serviceAccount:
+      create: false
+      name: victoria-metrics-alert-config-reloader
+    rbac:
+      create: false
+    server:
+      {{- include "aoi.serverPriorityClassName" $ | nindent 6 }}
+      image:
+        repository: "{{ $.Values.alerting.helmRelease.values.server.image.registry }}/{{ $.Values.alerting.helmRelease.values.server.image.repository }}"
+        pullPolicy: {{ $.Values.alerting.helmRelease.values.server.image.pullPolicy }}
+      podLabels:
+        netic.dk/allow-prometheus-scraping: "true"
+      resources:
+        {{- toYaml $.Values.alerting.helmRelease.values.server.resources | nindent 8 }}
+      extraArgs:
+        rule: '/tmp/rules/*.yaml'
+      extraVolumes:
+        - name: alert-rules
+          emptyDir: {}
+      extraVolumeMounts:
+        - name: alert-rules
+          mountPath: /tmp/rules
+      datasource:
+        {{- if eq $namespace $.Values.alerting.clusterWideNamespace.name }}
+        url: "{{ include "aoi.readUrl" $ }}"
+        {{- else }}
+        url: "{{ include "aoi.readUrl" $ }}?extra_label=namespace_id={{ $.Values.alerting.clusterId }}_{{ $namespace }}"
+        {{- end }}
+      securityContext:
+        {{- toYaml $.Values.alerting.helmRelease.values.server.securityContext | nindent 8 }}
+      extraContainers:
+        - name: config-reloader
+          image: "{{ $.Values.alerting.helmRelease.values.server.configReloader.image.registry }}/{{ $.Values.alerting.helmRelease.values.server.configReloader.image.repository }}:{{ $.Values.alerting.helmRelease.values.server.configReloader.image.tag }}"
+          imagePullPolicy: {{ $.Values.alerting.helmRelease.values.server.configReloader.image.pullPolicy }}
+          resources:
+            {{- toYaml $.Values.alerting.helmRelease.values.server.configReloader.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml $.Values.alerting.helmRelease.values.server.configReloader.securityContext | nindent 12 }}
+          env:
+            - name: IGNORE_ALREADY_PROCESSED
+              value: "true"
+            - name: METHOD
+              value: WATCH
+            - name: LABEL
+              value: application-operations-alerting
+            - name: FOLDER
+              value: /tmp/rules
+            - name: RESOURCE
+              value: configmap
+            - name: REQ_URL
+              value: http://localhost:8880/-/reload
+            - name: REQ_METHOD
+              value: GET
+          volumeMounts:
+            - name: alert-rules
+              mountPath: /tmp/rules
+      podSecurityContext:
+        {{- toYaml $.Values.alerting.helmRelease.values.server.podSecurityContext | nindent 8 }}
+    alertmanager:
+      enabled: true
+      {{- include "aoi.alertmanagerPriorityClassName" $ | nindent 6 }}
+      image: "{{ $.Values.alerting.helmRelease.values.alertmanager.image.registry }}/{{ $.Values.alerting.helmRelease.values.alertmanager.image.repository }}"
+      tag: "{{ $.Values.alerting.helmRelease.values.alertmanager.image.tag }}"
+      resources:
+        {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.resources | nindent 8 }}
+      configMap: "alertmanager-config"
+      securityContext:
+        {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.securityContext | nindent 8 }}
+      podSecurityContext:
+        {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.podSecurityContext | nindent 8 }}
+      extraContainers:
+        - name: config-reloader
+          image: "{{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.registry }}/{{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.repository }}:{{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.tag }}"
+          imagePullPolicy: {{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.pullPolicy }}
+          resources:
+            {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.configReloader.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.configReloader.securityContext | nindent 12 }}
+          env:
+            - name: WATCH_PATHS
+              value: /tmp/config
+            - name: REQ_URL
+              value: http://localhost:9093/-/reload
+            - name: REQ_METHOD
+              value: POST
+          volumeMounts:
+            - name: config
+              mountPath: /tmp/config
+      {{- if $.Values.alerting.helmRelease.values.alertmanager.emailPasswordMount }}
+      extraVolumeMounts:
+        - name: email-password
+          readOnly: true
+          mountPath: /etc/email-password
+      extraVolumes:
+        - name: email-password
+          secret: 
+            optional: true
+            secretName: aoi-alertmanager-email-password
+      {{- end }}
+    serviceMonitor:
+      enabled: true
+      extraLabels:
+        netic.dk/monitoring: "true"
+{{- end }}
+{{- end }}

charts/aoi/templates/application-operations-alerting/HelmRepository.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.alerting.enabled }}
+{{- range $i, $namespace := (include "aoi.alerting.namespaces" . | fromJsonArray) }}
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: victoria-metrics
+  namespace: {{ $namespace }}
+spec:
+  interval: 30m0s
+  url: {{ include "aoi.alerting.helmRepository" $ }}
+  type: {{ include "aoi.alerting.helmRepository.type" $ }}
+{{- end }}
+{{- end }}