From 9fd306952e0ff3ccf02d7ecb17e6d8b80792f8aa Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Mon, 17 Jul 2023 17:40:20 -0400 Subject: [PATCH 1/4] Add the ook application --- applications/ook/Chart.yaml | 12 ++ applications/ook/README.md | 40 +++++ applications/ook/templates/_helpers.tpl | 62 ++++++++ applications/ook/templates/configmap.yaml | 16 ++ applications/ook/templates/deployment.yaml | 139 ++++++++++++++++++ applications/ook/templates/ingress.yaml | 31 ++++ applications/ook/templates/kafkaaccess.yaml | 14 ++ .../ook/templates/kafkauser-secret.yaml | 8 + applications/ook/templates/networkpolicy.yaml | 21 +++ applications/ook/templates/service.yaml | 15 ++ .../ook/templates/serviceaccount.yaml | 12 ++ .../ook/templates/tests/test-connection.yaml | 15 ++ applications/ook/templates/vaultsecret.yaml | 9 ++ applications/ook/values-roundtable-dev.yaml | 5 + applications/ook/values.yaml | 103 +++++++++++++ docs/applications/index.rst | 1 + docs/applications/ook/index.rst | 19 +++ docs/applications/ook/values.md | 12 ++ docs/documenteer.toml | 1 + environments/README.md | 1 + environments/templates/ook-application.yaml | 37 +++++ environments/values-base.yaml | 2 + environments/values-ccin2p3.yaml | 2 + environments/values-idfdev.yaml | 2 + environments/values-idfint.yaml | 2 + environments/values-idfprod.yaml | 2 + environments/values-minikube.yaml | 2 + environments/values-roe.yaml | 2 + environments/values-roundtable-dev.yaml | 2 + environments/values-roundtable-prod.yaml | 2 + environments/values-summit.yaml | 2 + environments/values-tucson-teststand.yaml | 2 + environments/values-usdfdev.yaml | 2 + environments/values-usdfprod.yaml | 2 + environments/values.yaml | 2 + 35 files changed, 601 insertions(+) create mode 100644 applications/ook/Chart.yaml create mode 100644 applications/ook/README.md create mode 100644 applications/ook/templates/_helpers.tpl create mode 100644 applications/ook/templates/configmap.yaml create mode 100644 applications/ook/templates/deployment.yaml create mode 100644 applications/ook/templates/ingress.yaml create mode 100644 applications/ook/templates/kafkaaccess.yaml create mode 100644 applications/ook/templates/kafkauser-secret.yaml create mode 100644 applications/ook/templates/networkpolicy.yaml create mode 100644 applications/ook/templates/service.yaml create mode 100644 applications/ook/templates/serviceaccount.yaml create mode 100644 applications/ook/templates/tests/test-connection.yaml create mode 100644 applications/ook/templates/vaultsecret.yaml create mode 100644 applications/ook/values-roundtable-dev.yaml create mode 100644 applications/ook/values.yaml create mode 100644 docs/applications/ook/index.rst create mode 100644 docs/applications/ook/values.md create mode 100644 environments/templates/ook-application.yaml diff --git a/applications/ook/Chart.yaml b/applications/ook/Chart.yaml new file mode 100644 index 0000000000..35860c90cc --- /dev/null +++ b/applications/ook/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: ook +version: 1.0.0 +appVersion: "tickets-DM-39636" +description: Ook is the librarian service for Rubin Observatory. Ook indexes documentation content into the Algolia search engine that powers the Rubin Observatory documentation portal, www.lsst.io. +type: application +home: https://ook.lsst.io/ +sources: + - https://github.com/lsst-sqre/ook +maintainers: + - name: jonathansick + url: https://github.com/jonathansick diff --git a/applications/ook/README.md b/applications/ook/README.md new file mode 100644 index 0000000000..6408638015 --- /dev/null +++ b/applications/ook/README.md @@ -0,0 +1,40 @@ +# ook + +Ook is the librarian service for Rubin Observatory. Ook indexes documentation content into the Algolia search engine that powers the Rubin Observatory documentation portal, www.lsst.io. + +**Homepage:** + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| config.logLevel | string | `"INFO"` | Logging level: "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL" | +| config.registryUrl | string | `"http://sasquatch-schema-registry.sasquatch:8081"` | Cluster URL for the Confluent Schema Registry | +| config.subjectCompatibility | string | `"FORWARD"` | Schema subject compatibility. | +| config.subjectSuffix | string | `""` | Schema subject suffix. Should be empty for production but can be set to a value to create unique subjects in the Confluent Schema Registry for testing. | +| config.topics.ingest | string | `"lsst.square-events.ook.ingest"` | Kafka topic name for ingest events | +| fullnameOverride | string | `""` | Override the full name for resources (includes the release name) | +| global.baseUrl | string | Set by Argo CD | Base URL for the environment | +| global.host | string | Set by Argo CD | Host name for ingress | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.repository | string | `"ghcr.io/lsst-sqre/ook"` | Squarebot image repository | +| image.tag | string | The appVersion of the chart | Tag of the image | +| imagePullSecrets | list | `[]` | Secret names to use for all Docker pulls | +| ingress.annotations | object | `{}` | Additional annotations to add to the ingress | +| ingress.path | string | `"/ook"` | Path prefix where Squarebot is hosted | +| nameOverride | string | `""` | Override the base name for resources | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | Annotations for API and worker pods | +| replicaCount | int | `1` | Number of API pods to run | +| resources | object | `{}` | | +| service.port | int | `80` | Port of the service to create and map to the ingress | +| service.type | string | `"ClusterIP"` | Type of service to create | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | diff --git a/applications/ook/templates/_helpers.tpl b/applications/ook/templates/_helpers.tpl new file mode 100644 index 0000000000..d881f724c0 --- /dev/null +++ b/applications/ook/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ook.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ook.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ook.labels" -}} +helm.sh/chart: {{ include "ook.chart" . }} +{{ include "ook.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ook.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ook.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ook.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ook.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/applications/ook/templates/configmap.yaml b/applications/ook/templates/configmap.yaml new file mode 100644 index 0000000000..582a9ae737 --- /dev/null +++ b/applications/ook/templates/configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "ook.fullname" . }} + labels: + {{- include "ook.labels" . | nindent 4 }} +data: + SAFIR_LOG_LEVEL: {{ .Values.config.logLevel | quote }} + SAFIR_PATH_PREFIX: {{ .Values.ingress.path | quote }} + SAFIR_ENVIRONMENT_URL: {{ .Values.global.baseUrl | quote }} + SAFIR_PROFILE: "production" + OOK_REGISTRY_URL: {{ .Values.config.registryUrl | quote }} + OOK_SUBJECT_SUFFIX: {{ .Values.config.subjectSuffix | quote }} + OOK_SUBJECT_COMPATIBILITY: {{ .Values.config.subjectCompatibility | quote }} + OOK_INGEST_KAFKA_TOPIC: {{ .Values.config.topics.ingest | quote }} + ALGOLIA_DOCUMENT_INDEX: "ook_documents_test" diff --git a/applications/ook/templates/deployment.yaml b/applications/ook/templates/deployment.yaml new file mode 100644 index 0000000000..48b61523e1 --- /dev/null +++ b/applications/ook/templates/deployment.yaml @@ -0,0 +1,139 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ook.fullname" . }} + labels: + {{- include "ook.labels" . | nindent 4 }} + app.kubernetes.io/component: "server" + app.kubernetes.io/part-of: "ook" +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "ook.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "ook.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: "server" + app.kubernetes.io/part-of: "ook" + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ook.serviceAccountName" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + envFrom: + - configMapRef: + name: {{ include "ook.fullname" . }} + env: + # Writeable directory for concatenating certs. See "tmp" volume. + - name: "KAFKA_CERT_TEMP_DIR" + value: "/tmp/kafka_certs" + # From KafkaAccess + - name: "KAFKA_BOOTSTRAP_SERVERS" + valueFrom: + secretKeyRef: + name: {{ template "ook.fullname" . }}-kafka + key: "bootstrapServers" + - name: "KAFKA_SECURITY_PROTOCOL" + value: "SSL" + # From replicated KafkaUser secret + - name: "KAFKA_SSL_CLUSTER_CAFILE" + value: "/etc/kafkacluster/ca.crt" + - name: "KAFKA_SSL_CLIENT_CAFILE" + value: "/etc/kafkauser/ca.crt" + - name: "KAFKA_SSL_CLIENT_CERTFILE" + value: "/etc/kafkauser/user.crt" + - name: "KAFKA_SSL_CLIENT_KEYFILE" + value: "/etc/kafkauser/user.key" + # From Vault secrets + - name: "ALGOLIA_APP_ID" + valueFrom: + secretKeyRef: + name: {{ template "ook.fullname" . }} + key: "ALGOLIA_APP_ID" + - name: "ALGOLIA_API_KEY" + valueFrom: + secretKeyRef: + name: {{ template "ook.fullname" . }} + key: "ALGOLIA_API_KEY" + - name: "OOK_GITHUB_APP_ID" + valueFrom: + secretKeyRef: + name: {{ template "ook.fullname" . }} + key: "OOK_GITHUB_APP_ID" + - name: "OOK_GITHUB_APP_PRIVATE_KEY" + valueFrom: + secretKeyRef: + name: {{ template "ook.fullname" . }} + key: "OOK_GITHUB_APP_PRIVATE_KEY" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - name: "{{ template "ook.fullname" . }}" + mountPath: "/etc/kafkacluster/ca.crt" + subPath: "ca.crt" + - name: "kafka-user" + mountPath: "/etc/kafkauser/ca.crt" + subPath: "ca.crt" + - name: "kafka-user" + mountPath: "/etc/kafkauser/user.crt" + subPath: "user.crt" + - name: "kafka-user" + mountPath: "/etc/kafkauser/user.key" + subPath: "user.key" + - name: "tmp" + mountPath: "/tmp/kafka_certs" + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: "kafka-user" + secret: + secretName: {{ template "ook.fullname" . }}-kafka-user + - name: "{{ template "ook.fullname" . }}" + secret: + secretName: {{ template "ook.fullname" . }} + - name: "tmp" + emptyDir: {} diff --git a/applications/ook/templates/ingress.yaml b/applications/ook/templates/ingress.yaml new file mode 100644 index 0000000000..41fe9578a7 --- /dev/null +++ b/applications/ook/templates/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: gafaelfawr.lsst.io/v1alpha1 +kind: GafaelfawrIngress +metadata: + name: {{ template "ook.fullname" . }} + labels: + {{- include "ook.labels" . | nindent 4 }} +config: + baseUrl: {{ .Values.global.baseUrl | quote }} + scopes: + all: + - "exec:admin" + loginRedirect: true +template: + metadata: + name: {{ template "ook.fullname" . }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 6 }} + {{- end }} + spec: + rules: + - host: {{ required "global.host must be set" .Values.global.host | quote }} + http: + paths: + - path: {{ .Values.ingress.path | quote }} + pathType: "Prefix" + backend: + service: + name: {{ template "ook.fullname" . }} + port: + number: {{ .Values.service.port }} diff --git a/applications/ook/templates/kafkaaccess.yaml b/applications/ook/templates/kafkaaccess.yaml new file mode 100644 index 0000000000..2171625fa9 --- /dev/null +++ b/applications/ook/templates/kafkaaccess.yaml @@ -0,0 +1,14 @@ +apiVersion: access.strimzi.io/v1alpha1 +kind: KafkaAccess +metadata: + name: {{ include "ook.fullname" . }}-kafka +spec: + kafka: + name: sasquatch + namespace: sasquatch + listener: tls + user: + kind: KafkaUser + apiGroup: kafka.strimzi.io + name: ook + namespace: sasquatch diff --git a/applications/ook/templates/kafkauser-secret.yaml b/applications/ook/templates/kafkauser-secret.yaml new file mode 100644 index 0000000000..a332e645a7 --- /dev/null +++ b/applications/ook/templates/kafkauser-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ook.fullname" . }}-kafka-user + annotations: + replicator.v1.mittwald.de/replicate-from: sasquatch/ook + replicator.v1.mittwald.de/strip-labels: "true" +data: {} diff --git a/applications/ook/templates/networkpolicy.yaml b/applications/ook/templates/networkpolicy.yaml new file mode 100644 index 0000000000..914b196dc6 --- /dev/null +++ b/applications/ook/templates/networkpolicy.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ook.fullname" . }} +spec: + podSelector: + matchLabels: + {{- include "ook.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + ingress: + # Allow inbound access from pods (in any namespace) labeled + # gafaelfawr.lsst.io/ingress: true. + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + gafaelfawr.lsst.io/ingress: "true" + ports: + - protocol: "TCP" + port: 8080 diff --git a/applications/ook/templates/service.yaml b/applications/ook/templates/service.yaml new file mode 100644 index 0000000000..94e4fd5aed --- /dev/null +++ b/applications/ook/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ook.fullname" . }} + labels: + {{- include "ook.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ook.selectorLabels" . | nindent 4 }} diff --git a/applications/ook/templates/serviceaccount.yaml b/applications/ook/templates/serviceaccount.yaml new file mode 100644 index 0000000000..47ed6cc775 --- /dev/null +++ b/applications/ook/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ook.serviceAccountName" . }} + labels: + {{- include "ook.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/applications/ook/templates/tests/test-connection.yaml b/applications/ook/templates/tests/test-connection.yaml new file mode 100644 index 0000000000..b701b729d5 --- /dev/null +++ b/applications/ook/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ook.fullname" . }}-test-connection" + labels: + {{- include "ook.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "ook.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/applications/ook/templates/vaultsecret.yaml b/applications/ook/templates/vaultsecret.yaml new file mode 100644 index 0000000000..9d6d470429 --- /dev/null +++ b/applications/ook/templates/vaultsecret.yaml @@ -0,0 +1,9 @@ +apiVersion: ricoberger.de/v1alpha1 +kind: VaultSecret +metadata: + name: {{ include "ook.fullname" . }} + labels: + {{- include "ook.labels" . | nindent 4 }} +spec: + path: "{{ .Values.global.vaultSecretsPathPrefix }}/ook" + type: Opaque diff --git a/applications/ook/values-roundtable-dev.yaml b/applications/ook/values-roundtable-dev.yaml new file mode 100644 index 0000000000..91a3f6a1c6 --- /dev/null +++ b/applications/ook/values-roundtable-dev.yaml @@ -0,0 +1,5 @@ +image: + pullPolicy: Always + +config: + logLevel: "DEBUG" diff --git a/applications/ook/values.yaml b/applications/ook/values.yaml new file mode 100644 index 0000000000..f172712030 --- /dev/null +++ b/applications/ook/values.yaml @@ -0,0 +1,103 @@ +# Default values for squarebot. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +# +# Global parameters will be set by parameters injected by Argo CD and should +# not be set in the individual environment values files. +global: + # -- Base URL for the environment + # @default -- Set by Argo CD + baseUrl: "" + + # -- Host name for ingress + # @default -- Set by Argo CD + host: "" + +# -- Number of API pods to run +replicaCount: 1 + +image: + # -- Squarebot image repository + repository: ghcr.io/lsst-sqre/ook + + # -- Image pull policy + pullPolicy: IfNotPresent + + # -- Tag of the image + # @default -- The appVersion of the chart + tag: "" + +# -- Secret names to use for all Docker pulls +imagePullSecrets: [] + +# -- Override the base name for resources +nameOverride: "" + +# -- Override the full name for resources (includes the release name) +fullnameOverride: "" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + + # -- Annotations to add to the service account + annotations: {} + + # The name of the service account to use. + # @default -- Generated using the fullname template + name: "" + +# -- Annotations for API and worker pods +podAnnotations: {} + +service: + # -- Type of service to create + type: ClusterIP + + # -- Port of the service to create and map to the ingress + port: 80 + +ingress: + # -- Additional annotations to add to the ingress + annotations: {} + + # -- Path prefix where Squarebot is hosted + path: "/ook" + +resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +config: + # -- Logging level: "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL" + logLevel: "INFO" + + # -- Cluster URL for the Confluent Schema Registry + registryUrl: "http://sasquatch-schema-registry.sasquatch:8081" + + # -- Schema subject suffix. Should be empty for production but can be set + # to a value to create unique subjects in the Confluent Schema Registry + # for testing. + subjectSuffix: "" + + # -- Schema subject compatibility. + subjectCompatibility: "FORWARD" + + topics: + # -- Kafka topic name for ingest events + ingest: "lsst.square-events.ook.ingest" diff --git a/docs/applications/index.rst b/docs/applications/index.rst index 79fb4d856c..de95b55aa6 100644 --- a/docs/applications/index.rst +++ b/docs/applications/index.rst @@ -68,4 +68,5 @@ To learn how to develop applications for Phalanx, see the :doc:`/developers/inde giftless/index kubernetes-replicator/index + ook/index squarebot/index diff --git a/docs/applications/ook/index.rst b/docs/applications/ook/index.rst new file mode 100644 index 0000000000..9228055682 --- /dev/null +++ b/docs/applications/ook/index.rst @@ -0,0 +1,19 @@ +.. px-app:: ook + +############################ +ook — Documentation indexing +############################ + +Ook is the librarian service for Rubin Observatory. +Ook indexes documentation content into the Algolia search engine that powers the Rubin Observatory documentation portal, https://www.lsst.io. + +.. jinja:: ook + :file: applications/_summary.rst.jinja + +Guides +====== + +.. toctree:: + :maxdepth: 1 + + values diff --git a/docs/applications/ook/values.md b/docs/applications/ook/values.md new file mode 100644 index 0000000000..25c5b97f83 --- /dev/null +++ b/docs/applications/ook/values.md @@ -0,0 +1,12 @@ +```{px-app-values} ook +``` + +# Ook Helm values reference + +Helm values reference table for the {px-app}`ook` application. + +```{include} ../../../applications/ook/README.md +--- +start-after: "## Values" +--- +``` diff --git a/docs/documenteer.toml b/docs/documenteer.toml index 69ba7e0d65..3a72dd9d42 100644 --- a/docs/documenteer.toml +++ b/docs/documenteer.toml @@ -33,4 +33,5 @@ ignore = [ '^https://usdf-rsp-dev.slac.stanford.edu', '^https://github.com/lsst-sqre/phalanx/blob/main/applications/strimzi/values.yaml', '^https://github.com/orgs/', + '^https://ook.lsst.io/', # FIXME readd when Ook docs are published ] diff --git a/environments/README.md b/environments/README.md index 548dad9826..2a814ede11 100644 --- a/environments/README.md +++ b/environments/README.md @@ -28,6 +28,7 @@ | nublado2.enabled | bool | `false` | | | obsloctap.enabled | bool | `false` | | | onepasswordUuid | string | `"dg5afgiadsffeklfr6jykqymeu"` | UUID of the 1Password item in which to find Vault tokens | +| ook.enabled | bool | `false` | | | plot-navigator.enabled | bool | `false` | | | portal.enabled | bool | `false` | | | postgres.enabled | bool | `false` | | diff --git a/environments/templates/ook-application.yaml b/environments/templates/ook-application.yaml new file mode 100644 index 0000000000..65d244bdd3 --- /dev/null +++ b/environments/templates/ook-application.yaml @@ -0,0 +1,37 @@ +{{- if .Values.ook.enabled -}} +apiVersion: v1 +kind: Namespace +metadata: + name: "ook" +spec: + finalizers: + - "kubernetes" +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: "ook" + namespace: "argocd" + finalizers: + - "resources-finalizer.argocd.argoproj.io" +spec: + destination: + namespace: "ook" + server: "https://kubernetes.default.svc" + project: "default" + source: + path: "applications/ook" + repoURL: {{ .Values.repoURL | quote }} + targetRevision: {{ .Values.targetRevision | quote }} + helm: + parameters: + - name: "global.host" + value: {{ .Values.fqdn | quote }} + - name: "global.baseUrl" + value: "https://{{ .Values.fqdn }}" + - name: "global.vaultSecretsPathPrefix" + value: {{ .Values.vaultPathPrefix | quote }} + valueFiles: + - "values.yaml" + - "values-{{ .Values.environment }}.yaml" +{{- end -}} diff --git a/environments/values-base.yaml b/environments/values-base.yaml index 698978b072..adbc29dbc1 100644 --- a/environments/values-base.yaml +++ b/environments/values-base.yaml @@ -32,6 +32,8 @@ noteburst: enabled: false nublado: enabled: false +ook: + enabled: false nublado2: enabled: true plot-navigator: diff --git a/environments/values-ccin2p3.yaml b/environments/values-ccin2p3.yaml index 0325ad4e15..e247c46898 100644 --- a/environments/values-ccin2p3.yaml +++ b/environments/values-ccin2p3.yaml @@ -32,6 +32,8 @@ nublado: enabled: false nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-idfdev.yaml b/environments/values-idfdev.yaml index e6cb2e88f5..10479deee5 100644 --- a/environments/values-idfdev.yaml +++ b/environments/values-idfdev.yaml @@ -35,6 +35,8 @@ nublado: enabled: true nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-idfint.yaml b/environments/values-idfint.yaml index 78ee5ccde3..66436d6da3 100644 --- a/environments/values-idfint.yaml +++ b/environments/values-idfint.yaml @@ -37,6 +37,8 @@ nublado: enabled: true nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: true portal: diff --git a/environments/values-idfprod.yaml b/environments/values-idfprod.yaml index ef3df38d35..af4ec443e2 100644 --- a/environments/values-idfprod.yaml +++ b/environments/values-idfprod.yaml @@ -35,6 +35,8 @@ nublado: enabled: true nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-minikube.yaml b/environments/values-minikube.yaml index fcb75dc490..b410f0003e 100644 --- a/environments/values-minikube.yaml +++ b/environments/values-minikube.yaml @@ -34,6 +34,8 @@ nublado: enabled: false nublado2: enabled: false +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-roe.yaml b/environments/values-roe.yaml index ce1ed5c4fc..eae03f0fc3 100644 --- a/environments/values-roe.yaml +++ b/environments/values-roe.yaml @@ -34,6 +34,8 @@ nublado: enabled: false nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-roundtable-dev.yaml b/environments/values-roundtable-dev.yaml index 4325108877..50a3a008ef 100644 --- a/environments/values-roundtable-dev.yaml +++ b/environments/values-roundtable-dev.yaml @@ -36,6 +36,8 @@ nublado: enabled: false nublado2: enabled: false +ook: + enabled: true plot-navigator: enabled: false portal: diff --git a/environments/values-roundtable-prod.yaml b/environments/values-roundtable-prod.yaml index ca564b0db7..dc93d2d54f 100644 --- a/environments/values-roundtable-prod.yaml +++ b/environments/values-roundtable-prod.yaml @@ -34,6 +34,8 @@ nublado: enabled: false nublado2: enabled: false +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-summit.yaml b/environments/values-summit.yaml index 91a8766a88..06820ef15a 100644 --- a/environments/values-summit.yaml +++ b/environments/values-summit.yaml @@ -34,6 +34,8 @@ nublado: enabled: false nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-tucson-teststand.yaml b/environments/values-tucson-teststand.yaml index 910147557b..f10f8bfb14 100644 --- a/environments/values-tucson-teststand.yaml +++ b/environments/values-tucson-teststand.yaml @@ -34,6 +34,8 @@ nublado: enabled: false nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: false portal: diff --git a/environments/values-usdfdev.yaml b/environments/values-usdfdev.yaml index 26349b35f8..7510d5e056 100644 --- a/environments/values-usdfdev.yaml +++ b/environments/values-usdfdev.yaml @@ -42,6 +42,8 @@ obsloctap: enabled: true obstap: enabled: true +ook: + enabled: false plot-navigator: enabled: true portal: diff --git a/environments/values-usdfprod.yaml b/environments/values-usdfprod.yaml index 1cfcabdefa..08563410d7 100644 --- a/environments/values-usdfprod.yaml +++ b/environments/values-usdfprod.yaml @@ -38,6 +38,8 @@ nublado: enabled: false nublado2: enabled: true +ook: + enabled: false plot-navigator: enabled: true portal: diff --git a/environments/values.yaml b/environments/values.yaml index d727400ee2..de79c383d4 100644 --- a/environments/values.yaml +++ b/environments/values.yaml @@ -54,6 +54,8 @@ nublado: enabled: false nublado2: enabled: false +ook: + enabled: false obsloctap: enabled: false plot-navigator: From 8cfce0c51428087eca4dea18b7443b72980e62f4 Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Mon, 17 Jul 2023 18:13:01 -0400 Subject: [PATCH 2/4] Add Ook Kafka user and topics - Allow Ook to read from squarebot's app mentions to permit chatbot interface. --- .../square-events/templates/ook-topics.yaml | 13 ++++++ .../square-events/templates/ook-user.yaml | 45 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 applications/sasquatch/charts/square-events/templates/ook-topics.yaml create mode 100644 applications/sasquatch/charts/square-events/templates/ook-user.yaml diff --git a/applications/sasquatch/charts/square-events/templates/ook-topics.yaml b/applications/sasquatch/charts/square-events/templates/ook-topics.yaml new file mode 100644 index 0000000000..891533e26c --- /dev/null +++ b/applications/sasquatch/charts/square-events/templates/ook-topics.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: "lsst.square-events.ook.ingest" + labels: + strimzi.io/cluster: {{ .Values.cluster.name }} +spec: + partitions: 4 + replicas: 3 + config: + # http://kafka.apache.org/documentation/#topicconfigs + retention.ms: 604800000 # 1 week diff --git a/applications/sasquatch/charts/square-events/templates/ook-user.yaml b/applications/sasquatch/charts/square-events/templates/ook-user.yaml new file mode 100644 index 0000000000..0c3bb352cc --- /dev/null +++ b/applications/sasquatch/charts/square-events/templates/ook-user.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: ook + labels: + strimzi.io/cluster: {{ .Values.cluster.name }} +spec: + template: + secret: + metadata: + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + replicator.v1.mittwald.de/replication-allowed-namespaces: "ook" + authentication: + type: tls + authorization: + type: simple + acls: + - resource: + type: group + name: "ook" + patternType: literal + operations: + - "Read" + host: "*" + - resource: + type: topic + name: "lsst.square-events.ook.ingest" + patternType: literal + operations: + - "Describe" + - "Read" + - "Write" + host: "*" + - resource: + type: topic + name: "lsst.square-events.squarebot.slack.app.mention" + patternType: literal + type: allow + host: "*" + operations: + - "Read" + - "Describe" + host: "*" From a2251ef297df422491e8e7f5ea1e6513ff8fb712 Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Thu, 20 Jul 2023 14:16:36 -0400 Subject: [PATCH 3/4] Deploy Ook 0.6.0 --- applications/ook/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/ook/Chart.yaml b/applications/ook/Chart.yaml index 35860c90cc..fde58b0c4d 100644 --- a/applications/ook/Chart.yaml +++ b/applications/ook/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: ook version: 1.0.0 -appVersion: "tickets-DM-39636" +appVersion: "0.6.0" description: Ook is the librarian service for Rubin Observatory. Ook indexes documentation content into the Algolia search engine that powers the Rubin Observatory documentation portal, www.lsst.io. type: application home: https://ook.lsst.io/ From ca5b36260dca2a0582627351d4eec855a4b6c1a9 Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Thu, 20 Jul 2023 14:30:51 -0400 Subject: [PATCH 4/4] Link SQR-076 to Square Events apps --- applications/ook/Chart.yaml | 5 +++++ applications/squarebot/Chart.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/applications/ook/Chart.yaml b/applications/ook/Chart.yaml index fde58b0c4d..e2e2b5d80c 100644 --- a/applications/ook/Chart.yaml +++ b/applications/ook/Chart.yaml @@ -10,3 +10,8 @@ sources: maintainers: - name: jonathansick url: https://github.com/jonathansick +annotations: + phalanx.lsst.io/docs: | + - id: "SQR-075" + title: "Shared Pydantic schemas as the basis for Kafka/Avro messages in SQuaRE Roundtable" + url: "https://sqr-076.lsst.io/" diff --git a/applications/squarebot/Chart.yaml b/applications/squarebot/Chart.yaml index 70d23309d5..6eca1c0571 100644 --- a/applications/squarebot/Chart.yaml +++ b/applications/squarebot/Chart.yaml @@ -10,3 +10,8 @@ sources: maintainers: - name: jonathansick url: https://github.com/jonathansick +annotations: + phalanx.lsst.io/docs: | + - id: "SQR-075" + title: "Shared Pydantic schemas as the basis for Kafka/Avro messages in SQuaRE Roundtable" + url: "https://sqr-076.lsst.io/"