Prepwork for self-hosted release

OpsLevel · Dec 6, 2024 · b53184d · b53184d
1 parent db139e3
commit b53184d
Show file tree

Hide file tree

Showing 24 changed files with 115 additions and 191 deletions.
diff --git a/.changes/unreleased/Bugfix-20241206-121113.yaml b/.changes/unreleased/Bugfix-20241206-121113.yaml
@@ -0,0 +1,4 @@
+kind: Bugfix
+body: 'BREAKING CHANGE: Fix opslevel self-hosted chart certification configuration
+  to work like other secret configurtion and actually inject the cert'
+time: 2024-12-06T12:11:13.20789-06:00
diff --git a/.changes/unreleased/Bugfix-20241206-121238.yaml b/.changes/unreleased/Bugfix-20241206-121238.yaml
@@ -0,0 +1,4 @@
+kind: Bugfix
+body: Fix opslevel self-hosted chart to properly account for external eq false and
+  create flags when generating secret resources
+time: 2024-12-06T12:12:38.726022-06:00
diff --git a/.changes/unreleased/Feature-20241206-120933.yaml b/.changes/unreleased/Feature-20241206-120933.yaml
@@ -0,0 +1,3 @@
+kind: Feature
+body: Give opslevel self-hosted chart the ability to configure pod annotations
+time: 2024-12-06T12:09:33.288069-06:00
diff --git a/.changes/unreleased/Feature-20241206-120948.yaml b/.changes/unreleased/Feature-20241206-120948.yaml
@@ -0,0 +1,3 @@
+kind: Feature
+body: Give opslevel self-hosted chart the ability to configure service account annotations
+time: 2024-12-06T12:09:48.694907-06:00
diff --git a/.changes/unreleased/Feature-20241206-121002.yaml b/.changes/unreleased/Feature-20241206-121002.yaml
@@ -0,0 +1,3 @@
+kind: Feature
+body: Give opslevel self-hosted chart the ability to configure service annotations
+time: 2024-12-06T12:10:02.809246-06:00
diff --git a/.changes/unreleased/Feature-20241206-121017.yaml b/.changes/unreleased/Feature-20241206-121017.yaml
@@ -0,0 +1,3 @@
+kind: Feature
+body: Give opslevel self-hosted chart the ability to configure an ingress resource
+time: 2024-12-06T12:10:17.886563-06:00
diff --git a/.changes/unreleased/Feature-20241206-121145.yaml b/.changes/unreleased/Feature-20241206-121145.yaml
@@ -0,0 +1,3 @@
+kind: Feature
+body: Give opslevel self-hosted chart ability to configure certificate key
+time: 2024-12-06T12:11:45.26424-06:00
diff --git a/.changes/unreleased/Feature-20241206-121318.yaml b/.changes/unreleased/Feature-20241206-121318.yaml
@@ -0,0 +1,4 @@
+kind: Feature
+body: Update opslevel self-hosted chart to remove all migrations init containers in
+  favor of /bin/run script
+time: 2024-12-06T12:13:18.357076-06:00
diff --git a/.changes/unreleased/Feature-20241206-121413.yaml b/.changes/unreleased/Feature-20241206-121413.yaml
@@ -0,0 +1,4 @@
+kind: Feature
+body: Change opslevel self-hosted chart to use explict sidekiq queue list instead
+  of hardcoded files - similar to SAAS
+time: 2024-12-06T12:14:13.290775-06:00
diff --git a/charts/opslevel/Chart.lock b/charts/opslevel/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: replicated
   repository: oci://registry.replicated.com/library
-  version: 1.0.0-beta.20
-digest: sha256:e204abb218418ec5a838017eadae64d5c882c140861707ce0f6db306a86c9018
-generated: "2024-06-03T20:36:33.447884-05:00"
+  version: 1.0.0-beta.31
+digest: sha256:6d6190e56b76a579495d63a8d757870ddb449edb0ed239b1afe33a6ea363883b
+generated: "2024-12-06T12:07:52.829619-06:00"
diff --git a/charts/opslevel/Chart.yaml b/charts/opslevel/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: "v2"
 name: "opslevel"
 type: "application"
-version: "2024.10.17"
+version: "2024.12.5"
 appVersion: "2024.10.15"
 description: "The OpsLevel internal developer portal helps your team ship fast without risking your software standards."
 home: "https://www.opslevel.com/"
@@ -12,4 +12,4 @@ maintainers:
 dependencies:
   - name: 'replicated'
     repository: 'oci://registry.replicated.com/library'
-    version: '1.0.0-beta.20'
+    version: '1.0.0-beta.31'
diff --git a/charts/opslevel/charts/replicated-1.0.0-beta.20.tgz b/charts/opslevel/charts/replicated-1.0.0-beta.20.tgz
diff --git a/charts/opslevel/charts/replicated-1.0.0-beta.31.tgz b/charts/opslevel/charts/replicated-1.0.0-beta.31.tgz
diff --git a/charts/opslevel/templates/opslevel/ingress.yaml b/charts/opslevel/templates/opslevel/ingress.yaml
@@ -11,12 +11,20 @@ spec:
 {{- if .Values.opslevel.ingress.ingressClassName }}
   ingressClassName: {{ .Values.opslevel.ingress.ingressClassName}}
 {{- end }}
-{{- with .Values.opslevel.ingress.tls }}
+{{- if .Values.opslevel.ingress.tls }}
   tls:
-{{ toYaml . | indent 6 }}
+    - hosts:
+        - '{{ .Values.opslevel.subdomain }}.{{ .Values.opslevel.domain }}'
 {{- end }}
-{{- with .Values.opslevel.ingress.rules }}
   rules:
-{{ toYaml . | indent 6 }}
-{{- end }}
+    - host: '{{ .Values.opslevel.subdomain }}.{{ .Values.opslevel.domain }}'
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Values.opslevel.service.name }}
+                port:
+                  name: http
 {{- end }}
diff --git a/charts/opslevel/templates/opslevel/scheduler.yaml b/charts/opslevel/templates/opslevel/scheduler.yaml
@@ -60,10 +60,6 @@ spec:
               value: "1"
             - name: SIDEKIQ_SCHEDULER
               value: "true"
-            - name: DD_AGENT_HOST
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
           envFrom: &envFrom
             - configMapRef:
                 name: 'opslevel'
@@ -88,8 +84,7 @@ spec:
           image: "{{ template "opslevel.image" . }}"
           imagePullPolicy: IfNotPresent
           args:
-            - bundle
-            - exec
+            - ./bin/run
             - sidekiq
           envFrom: *envFrom
           env: *env

diff --git a/charts/opslevel/templates/opslevel/web.yaml b/charts/opslevel/templates/opslevel/web.yaml
@@ -41,8 +41,8 @@ spec:
             matchLabels:
               app.kuberntes.io/component: web
               app.kubernetes.io/part-of: opslevel
+      {{- if .Values.certificate.enabled }}
       initContainers:
-        {{- if .Values.certificate.enabled }}
         - name: init-certs
           image: "{{ template "opslevel.image" . }}"
           imagePullPolicy: IfNotPresent
@@ -58,42 +58,23 @@ spec:
             - name: ca
               mountPath: /data
               readOnly: false
-        {{- end }}
-        - name: migrations
+      {{- end }}
+      containers:
+        - name: web
           image: "{{ template "opslevel.image" . }}"
           imagePullPolicy: IfNotPresent
           args:
-            - bundle
-            - exec
-            - rake
-            - db:abort_if_pending_migrations
-          envFrom: &envFrom
+            - ./bin/run
+            - puma
+            - -C ./config/puma.rb
+          envFrom:
             - configMapRef:
                 name: 'opslevel'
             - secretRef:
                 name: 'opslevel'
             - secretRef:
                 name: '{{ .Values.redis.secret.name }}'
             {{- template "opslevel.integration.secrets" . }}
-          {{- if .Values.certificate.enabled }}
-          volumeMounts:
-            - name: certificate
-              mountPath: /usr/local/share/ca-certificates/custom-cert.crt
-              subPath: custom-cert.crt
-              readOnly: false
-            - name: ca
-              mountPath: /etc/ssl/certs
-          {{- end }}
-      containers:
-        - name: web
-          image: "{{ template "opslevel.image" . }}"
-          imagePullPolicy: IfNotPresent
-          args:
-            - bundle
-            - exec
-            - puma
-            - -C ./config/puma.rb
-          envFrom: *envFrom
           ports:
             - name: http
               containerPort: 3000

diff --git a/charts/opslevel/templates/opslevel/worker-faktory.yaml b/charts/opslevel/templates/opslevel/worker-faktory.yaml
@@ -33,8 +33,8 @@ spec:
       {{- template "global.nodeSelector" . }}
       priorityClassName: opslevel-normal
       terminationGracePeriodSeconds: 300
+      {{- if .Values.certificate.enabled }}
       initContainers:
-        {{- if .Values.certificate.enabled }}
         - name: init-certs
           image: "{{ template "opslevel.image" . }}"
           imagePullPolicy: IfNotPresent
@@ -50,44 +50,23 @@ spec:
             - name: ca
               mountPath: /data
               readOnly: false
-        {{- end }}
-        - name: migrations
+      {{- end }}
+      containers:
+        - name: worker-faktory
           image: "{{ template "opslevel.image" . }}"
+          imagePullPolicy: IfNotPresent
           args:
-            - bundle
-            - exec
-            - rake
-            - db:abort_if_pending_migrations
-          envFrom: &envFrom
+            - ./bin/run
+            - faktory-worker
+            - -C config/faktory.yml
+          envFrom:
             - configMapRef:
                 name: 'opslevel'
             - secretRef:
                 name: 'opslevel'
             - secretRef:
                 name: '{{ .Values.redis.secret.name }}'
             {{- template "opslevel.integration.secrets" . }}
-          {{- if .Values.certificate.enabled }}
-          volumeMounts:
-            - name: certificate
-              mountPath: /usr/local/share/ca-certificates/custom-cert.crt
-              subPath: custom-cert.crt
-              readOnly: false
-            - name: ca
-              mountPath: /etc/ssl/certs
-          {{- end }}
-      containers:
-        - name: worker-faktory
-          image: "{{ template "opslevel.image" . }}"
-          imagePullPolicy: IfNotPresent
-          args:
-            - bundle
-            - exec
-            - faktory-worker
-            - -C config/faktory.yml
-          envFrom: *envFrom
-          env:
-            - name: SIDEKIQ_CONCURRENCY
-              value: "3"
           {{- with .Values.opslevel.workerLow.resources }}
           resources:
             {{- toYaml . | nindent 12 }}

diff --git a/charts/opslevel/templates/opslevel/worker-high.yaml b/charts/opslevel/templates/opslevel/worker-high.yaml
@@ -33,8 +33,8 @@ spec:
       {{- template "global.nodeSelector" . }}
       priorityClassName: opslevel-normal
       terminationGracePeriodSeconds: 300
+      {{- if .Values.certificate.enabled }}
       initContainers:
-        {{- if .Values.certificate.enabled }}
         - name: init-certs
           image: "{{ template "opslevel.image" . }}"
           imagePullPolicy: IfNotPresent
@@ -50,44 +50,31 @@ spec:
             - name: ca
               mountPath: /data
               readOnly: false
-        {{- end }}
-        - name: migrations
+      {{- end }}
+      containers:
+        - name: high-priority
           image: "{{ template "opslevel.image" . }}"
+          imagePullPolicy: IfNotPresent
           args:
-            - bundle
-            - exec
-            - rake
-            - db:abort_if_pending_migrations
-          envFrom: &envFrom
+            - ./bin/run
+            - sidekiq
+            - --concurrency 5
+            - --timeout 290
+            - --queue mailers,3
+            - --queue alert_sources_sync_HIGH,1
+            - --queue documents_HIGH,1
+            - --queue custom_actions_HIGH,1
+            - --queue integration_data_sync_HIGH,1
+            - --queue checks,1
+            - --queue runners,1
+          envFrom:
             - configMapRef:
                 name: 'opslevel'
             - secretRef:
                 name: 'opslevel'
             - secretRef:
                 name: '{{ .Values.redis.secret.name }}'
             {{- template "opslevel.integration.secrets" . }}
-          {{- if .Values.certificate.enabled }}
-          volumeMounts:
-            - name: certificate
-              mountPath: /usr/local/share/ca-certificates/custom-cert.crt
-              subPath: custom-cert.crt
-              readOnly: false
-            - name: ca
-              mountPath: /etc/ssl/certs
-          {{- end }}
-      containers:
-        - name: high-priority
-          image: "{{ template "opslevel.image" . }}"
-          imagePullPolicy: IfNotPresent
-          args:
-            - bundle
-            - exec
-            - sidekiq
-            - -C ./config/high-priority-sidekiq.yml
-          env:
-            - name: SIDEKIQ_CONCURRENCY
-              value: "3"
-          envFrom: *envFrom
           {{- with .Values.opslevel.workerHigh.resources }}
           resources:
             {{- toYaml . | nindent 12 }}

diff --git a/charts/opslevel/templates/opslevel/worker-low.yaml b/charts/opslevel/templates/opslevel/worker-low.yaml
@@ -33,8 +33,8 @@ spec:
       {{- template "global.nodeSelector" . }}
       priorityClassName: opslevel-normal
       terminationGracePeriodSeconds: 300
+      {{- if .Values.certificate.enabled }}
       initContainers:
-        {{- if .Values.certificate.enabled }}
         - name: init-certs
           image: "{{ template "opslevel.image" . }}"
           imagePullPolicy: IfNotPresent
@@ -50,44 +50,30 @@ spec:
             - name: ca
               mountPath: /data
               readOnly: false
-        {{- end }}
-        - name: migrations
+      {{- end }}
+      containers:
+        - name: low-priority
           image: "{{ template "opslevel.image" . }}"
+          imagePullPolicy: IfNotPresent
           args:
-            - bundle
-            - exec
-            - rake
-            - db:abort_if_pending_migrations
-          envFrom: &envFrom
+            - ./bin/run
+            - sidekiq
+            - --concurrency 5
+            - --timeout 290
+            - --queue checks_LOW,2
+            - --queue alert_sources_sync,1
+            - --queue documents,1
+            - --queue scheduler_LOW,1
+            - --queue integration_data_sync_LOW,1
+            - --queue default,1
+          envFrom:
             - configMapRef:
                 name: 'opslevel'
             - secretRef:
                 name: 'opslevel'
             - secretRef:
                 name: '{{ .Values.redis.secret.name }}'
             {{- template "opslevel.integration.secrets" . }}
-          {{- if .Values.certificate.enabled }}
-          volumeMounts:
-            - name: certificate
-              mountPath: /usr/local/share/ca-certificates/custom-cert.crt
-              subPath: custom-cert.crt
-              readOnly: false
-            - name: ca
-              mountPath: /etc/ssl/certs
-          {{- end }}
-      containers:
-        - name: low-priority
-          image: "{{ template "opslevel.image" . }}"
-          imagePullPolicy: IfNotPresent
-          args:
-            - bundle
-            - exec
-            - sidekiq
-            - -C ./config/low-priority-sidekiq.yml
-          env:
-            - name: SIDEKIQ_CONCURRENCY
-              value: "3"
-          envFrom: *envFrom
           {{- with .Values.opslevel.workerLow.resources }}
           resources:
             {{- toYaml . | nindent 12 }}