Skip to content

Commit

Permalink
chore(oncall): use CNPG instead of RDS
Browse files Browse the repository at this point in the history
  • Loading branch information
SmaineTF1 committed Dec 2, 2024
1 parent 6d60ad4 commit 381711c
Show file tree
Hide file tree
Showing 14 changed files with 67 additions and 53 deletions.
6 changes: 3 additions & 3 deletions dagger/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,17 @@ toolchain go1.23.2
require github.com/aws/aws-sdk-go v1.55.5

require (
github.com/99designs/gqlgen v0.17.56
github.com/99designs/gqlgen v0.17.57
github.com/Khan/genqlient v0.7.0
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/sosodev/duration v1.3.1 // indirect
github.com/vektah/gqlparser/v2 v2.5.19
github.com/vektah/gqlparser/v2 v2.5.20
go.opentelemetry.io/otel v1.32.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0
Expand Down
16 changes: 8 additions & 8 deletions dagger/go.sum
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
github.com/99designs/gqlgen v0.17.56 h1:+J42ARAHvnysH6klO9Wq+tCsGF32cpAgU3SyF0VRJtI=
github.com/99designs/gqlgen v0.17.56/go.mod h1:rmB6vLvtL8uf9F9w0/irJ5alBkD8DJvj35ET31BKbtY=
github.com/99designs/gqlgen v0.17.57 h1:Ak4p60BRq6QibxY0lEc0JnQhDurfhxA67sp02lMjmPc=
github.com/99designs/gqlgen v0.17.57/go.mod h1:Jx61hzOSTcR4VJy/HFIgXiQ5rJ0Ypw8DxWLjbYDAUw0=
github.com/Khan/genqlient v0.7.0 h1:GZ1meyRnzcDTK48EjqB8t3bcfYvHArCUUvgOwpz1D4w=
github.com/Khan/genqlient v0.7.0/go.mod h1:HNyy3wZvuYwmW3Y7mkoQLZsa/R5n5yIRajS1kPBvSFM=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
Expand All @@ -22,8 +22,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
Expand All @@ -39,10 +39,10 @@ github.com/sosodev/duration v1.3.1 h1:qtHBDMQ6lvMQsL15g4aopM4HEfOaYuhWBw3NPTtlqq
github.com/sosodev/duration v1.3.1/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/vektah/gqlparser/v2 v2.5.19 h1:bhCPCX1D4WWzCDvkPl4+TP1N8/kLrWnp43egplt7iSg=
github.com/vektah/gqlparser/v2 v2.5.19/go.mod h1:y7kvl5bBlDeuWIvLtA9849ncyvx6/lj06RsMrEjVy3U=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/vektah/gqlparser/v2 v2.5.20 h1:kPaWbhBntxoZPaNdBaIPT1Kh0i1b/onb5kXgEdP5JCo=
github.com/vektah/gqlparser/v2 v2.5.20/go.mod h1:xMl+ta8a5M1Yo1A1Iwt/k7gSpscwSnHZdw7tfhEGfTM=
go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.0.0-20240518090000-14441aefdf88 h1:oM0GTNKGlc5qHctWeIGTVyda4iFFalOzMZ3Ehj5rwB4=
Expand Down
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: oncall-sqlinstance-password
name: xplane-oncall-cnpg-oncall
spec:
dataFrom:
- extract:
conversionStrategy: Default
key: observability/grafana/oncall-sqlinstance
key: cnpg/xplane-oncall/oncall
refreshInterval: 20m
secretStoreRef:
kind: ClusterSecretStore
name: clustersecretstore
target:
creationPolicy: Owner
deletionPolicy: Retain
name: oncall-pg-masterpassword
name: xplane-oncall-cnpg-oncall
12 changes: 5 additions & 7 deletions observability/base/grafana-oncall/helmrelease-oncall.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ spec:
kind: HelmRepository
name: grafana
namespace: observability
version: "1.11.5"
version: "1.13.5"
interval: 5m0s
timeout: 15m
install:
Expand All @@ -28,8 +28,8 @@ spec:
replicaCount: 1
resources:
limits:
cpu: 200m
memory: 256Mi
cpu: 500m
memory: 768Mi

celery:
replicaCount: 1
Expand Down Expand Up @@ -66,14 +66,12 @@ spec:
enabled: false

externalPostgresql:
host: xplane-oncall-rds-service
host: xplane-oncall-cnpg-cluster-rw
port: 5432
db_name: "oncall"
user: "oncall"
existingSecret: "xplane-oncall-owner-oncall"
existingSecret: "xplane-oncall-cnpg-oncall"
passwordKey: "password"
options: >-
sslmode=require

rabbitmq:
enabled: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ spec:
kind: HelmRepository
name: bitnami
namespace: flux-system
version: "15.0.3"
version: "15.0.6"
interval: 5m0s
timeout: 15m
install:
Expand Down
2 changes: 1 addition & 1 deletion observability/base/grafana-oncall/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ namespace: observability

resources:
- externalsecret-admin.yaml
- externalsecret-cnpg-oncall.yaml
- externalsecret-rabbitmq.yaml
- externalsecret-slackapp.yaml
- externalsecret-sqlinstance-password.yaml
- externalsecret-valkey.yaml
- helmrelease-oncall.yaml
- helmrelease-rabbitmq.yaml
Expand Down
28 changes: 11 additions & 17 deletions observability/base/grafana-oncall/sqlinstance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,15 @@ apiVersion: cloud.ogenki.io/v1alpha1
kind: SQLInstance
metadata:
name: xplane-oncall
namespace: tooling
namespace: "observability"
spec:
parameters:
engine: postgres
engineVersion: "16"
size: small
storageGB: 20
databases:
- owner: oncall
name: oncall
passwordSecretRef:
namespace: tooling
name: oncall-pg-masterpassword
key: password
compositionRef:
name: xsqlinstances.cloud.ogenki.io
writeConnectionSecretToRef:
name: xplane-oncall-rds
size: "small"
storageGB: 20
databases:
- owner: "oncall"
name: "oncall"
cnpg:
instances: 1
backup:
schedule: "0 0 * * *"
bucketName: "eu-west-3-ogenki-cnpg-backups"
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ spec:
external:
url: http://victoria-metrics-k8s-stack-grafana
adminPassword:
name: victoria-metrics-k8s-stack-grafana-admin
key: admin-password
name: victoria-metrics-k8s-stack-grafana-envvars
key: GF_SECURITY_ADMIN_PASSWORD
adminUser:
name: victoria-metrics-k8s-stack-grafana-admin
key: admin-user
name: victoria-metrics-k8s-stack-grafana-envvars
key: GF_SECURITY_ADMIN_USER
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: victoria-metrics-k8s-stack-grafana-admin
name: victoria-metrics-k8s-stack-grafana-envvars
namespace: observability
spec:
dataFrom:
- extract:
conversionStrategy: Default
key: observability/victoria-metrics-k8s-stack/grafana-admin
key: observability/victoria-metrics-k8s-stack/grafana-envvars
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: clustersecretstore
target:
creationPolicy: Owner
deletionPolicy: Retain
name: victoria-metrics-k8s-stack-grafana-admin
name: victoria-metrics-k8s-stack-grafana-envvars
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ kind: Kustomization

resources:
- externalsecret-alertmanager-slack-app.yaml
- externalsecret-grafana-admin.yaml
- externalsecret-grafana-envvars.yaml

# HttpRoutes
- httproute-grafana.yaml
Expand All @@ -15,7 +15,9 @@ resources:
- vmservicecrapes
- vmrules

# Common Helm values for both single and cluster
- vm-common-helm-values-configmap.yaml

# Choose between single or cluster helm release

# VM Single
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,6 @@ data:
url: "{{ .CommonAnnotations.link_url }}"
grafana:
admin:
existingSecret: "victoria-metrics-k8s-stack-grafana-admin"
sidecar:
datasources:
enabled: true
Expand All @@ -93,6 +91,29 @@ data:
apiVersion: 1
providers: []
dashboards: {}
plugins:
- "grafana-oncall-app"
"grafana.ini":
feature_toggles:
enable: externalServiceAccounts
accessControlOnCall: 'false'
server:
root_url: "https://grafana.priv.${domain_name}"
domain: "grafana.priv.${domain_name}"
auth.generic_oauth:
enabled: true
name: "SSO"
allow_sign_up: true
scopes: "openid profile email"
auth_url: "https://auth.${domain_name}/oauth/v2/authorize"
token_url: "https://auth.${domain_name}/oauth/v2/token"
api_url: "https://auth.${domain_name}/oidc/v1/userinfo"
role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
admin:
existingSecret: "victoria-metrics-k8s-stack-grafana-envvars"
userKey: "GF_SECURITY_ADMIN_USER"
passwordKey: "GF_SECURITY_ADMIN_PASSWORD"
envFromSecret: "victoria-metrics-k8s-stack-grafana-envvars"
extraInitContainers:
- name: "load-vm-ds-plugin"
image: "curlimages/curl:8.11.0"
Expand Down
2 changes: 1 addition & 1 deletion security/base/cert-manager/openbao-clusterissuer.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
auth:
appRole:
path: approle
roleId: f52c783d-0259-86a4-c80d-2380a9cc443f # !! This value changes each time I recreate the whole platform
roleId: 653dbe0d-ca95-3b27-d362-9b10cc2c0251 # !! This value changes each time I recreate the whole platform
secretRef:
name: cert-manager-openbao-approle
key: secret_id
2 changes: 1 addition & 1 deletion security/base/zitadel/sqlinstance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
createSuperuser: true
objectStoreRecovery:
bucketName: "eu-west-3-ogenki-cnpg-backups"
path: "zitadel-20241116"
path: "zitadel-20241201"
backup:
schedule: "0 0 * * *"
bucketName: "eu-west-3-ogenki-cnpg-backups"
Expand Down
1 change: 0 additions & 1 deletion tooling/mycluster-0/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,5 @@ kind: Kustomization
resources:
- ../base/harbor
- ../base/headlamp
# Uncomment the following resources to include them in the kustomization
# - ../base/dagger-engine
# - ../base/gha-runners

0 comments on commit 381711c

Please sign in to comment.