feat: add resource configuration for apps to teams (#1819)

Co-authored-by: jeho <[email protected]>

Author: CasLubbers

charts/team-ns/templates/tekton-tasks/buildpacks.yaml

@@ -1,3 +1,4 @@
+{{- $t := .Values.teamApps.tekton }}
 apiVersion: tekton.dev/v1
 kind: Task
 metadata:
@@ -86,12 +87,7 @@ spec:
       - name: CNB_PLATFORM_API
         value: "0.9"
     computeResources:
-      limits:
-        cpu: "2"
-        memory: 2Gi
-      requests:
-        cpu: 500m
-        memory: 512Mi
+    {{- $t.resources.buildpacksTask | toYaml | nindent 6 }}
   steps:
     - name: prepare
       computeResources: {}
@@ -201,4 +197,4 @@ spec:
     - name: empty-dir
       emptyDir: {}
     - name: layers-dir
-      emptyDir: {}
+      emptyDir: {}

charts/team-ns/templates/tekton-tasks/git-clone.yaml

@@ -1,3 +1,4 @@
+{{- $t := .Values.teamApps.tekton }}
 apiVersion: tekton.dev/v1
 kind: Task
 metadata:
@@ -13,12 +14,7 @@ metadata:
 spec:
   stepTemplate:
     computeResources:
-      limits:
-        cpu: "2"
-        memory: 2Gi
-      requests:
-        cpu: 500m
-        memory: 512Mi
+    {{- $t.resources.gitCloneTask | toYaml | nindent 6 }}
   description: >-
     These Tasks are Git tasks to work with repositories used by other tasks
     in your Pipeline.
@@ -259,4 +255,4 @@ spec:
         RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
         printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
         printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
-        printf "%s" "${PARAM_URL}" > "$(results.url.path)"
+        printf "%s" "${PARAM_URL}" > "$(results.url.path)"

charts/team-ns/templates/tekton-tasks/grype.yaml

@@ -1,3 +1,4 @@
+{{- $t := .Values.teamApps.tekton }}
 apiVersion: tekton.dev/v1
 kind: Task
 metadata:
@@ -13,12 +14,7 @@ metadata:
 spec:
   stepTemplate:
     computeResources:
-      limits:
-        cpu: "2"
-        memory: 2Gi
-      requests:
-        cpu: 500m
-        memory: 512Mi
+    {{- $t.resources.grypeTask | toYaml | nindent 6 }}
   description: >-
     A vulnerability scanner for container images and filesystems.
     Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.

charts/team-ns/templates/tekton-tasks/kaniko.yaml

@@ -1,3 +1,4 @@
+{{- $t := .Values.teamApps.tekton }}
 apiVersion: tekton.dev/v1
 kind: Task
 metadata:
@@ -13,12 +14,7 @@ metadata:
 spec:
   stepTemplate:
     computeResources:
-      limits:
-        cpu: "2"
-        memory: 2Gi
-      requests:
-        cpu: 500m
-        memory: 512Mi
+    {{- $t.resources.kanikoTask | toYaml | nindent 6 }}
   description: >-
     This Task builds a simple Dockerfile with kaniko and pushes to a registry.
     This Task stores the image name and digest as results, allowing Tekton Chains to pick up
@@ -79,4 +75,4 @@ spec:
       script: |
         set -e
         image="$(params.IMAGE)"
-        echo -n "${image}" | tee "$(results.IMAGE_URL.path)"
+        echo -n "${image}" | tee "$(results.IMAGE_URL.path)"

helmfile.d/helmfile-15.ingress-core.yaml

@@ -1,6 +1,9 @@
 bases:
   - snippets/defaults.yaml
 ---
+bases:
+  - snippets/defaults.gotmpl
+---
 bases:
   - snippets/env.gotmpl
 ---
@@ -43,6 +46,7 @@ releases:
         teamId: admin
         _derived: {{- toYaml $v._derived | nindent 10 }}
         teamIds: {{- toYaml (keys $v.teamConfig) | nindent 10 }}
+        teamApps: {{- $tca.apps | toYaml | nindent 10 }}
         apps: {{- $a | toYaml | nindent 10 }}
         oidc: {{- $v.oidc | toYaml | nindent 10 }}
         cluster: {{- $v.cluster | toYaml | nindent 10 }}

helmfile.d/helmfile-60.teams.yaml

@@ -1,6 +1,9 @@
 bases:
   - snippets/defaults.yaml
 ---
+bases:
+  - snippets/defaults.gotmpl
+---
 bases:
   - snippets/env.gotmpl
 ---
@@ -29,6 +32,7 @@ releases:
   {{- $prometheusDomain := printf "prometheus-%s.%s" $teamId $domain }}
   {{- $grafanaDomain := printf "grafana-%s.%s" $teamId $domain }}
   {{- $azure := $team | get "azure" dict }}
+  {{- $teamApps := index $tc $teamId "apps" | default dict }}
   - name: tekton-dashboard-{{ $teamId }}
     installed: true
     namespace: team-{{ $teamId }}
@@ -39,6 +43,8 @@ releases:
       pipeline: otomi-task-teams
     values:
       - ../values/tekton-dashboard/tekton-dashboard-teams.gotmpl
+      - resources:
+          {{- $teamApps.tekton.resources.dashboard | toYaml | nindent 10 }}
   - name: prometheus-{{ $teamId }}
     installed: {{ or ($team | get "managedMonitoring.grafana" false) ($team | get "managedMonitoring.alertmanager" false) }}
     namespace: team-{{ $teamId }}
@@ -62,6 +68,8 @@ releases:
                 sidecar.istio.io/inject: "true"
               labels:
                 prometheus: system
+            resources:
+              {{- $teamApps.alertmanager.resources | toYaml | nindent 14 }}
           # to do: load slackTpl and opsgenieTpl only if alerts.receicers = true
           config: {{- tpl (readFile "../helmfile.d/snippets/alertmanager-teams.gotmpl") (dict "instance" $team "root" $v "slackTpl" $slackTpl "opsgenieTpl" $opsgenieTpl) | nindent 12 }}
         defaultRules:
@@ -74,6 +82,8 @@ releases:
           prometheusSpec: {}
         grafana:
           enabled: {{ $team | get "managedMonitoring.grafana" false }}
+          resources:
+            {{- $teamApps.grafana.resources.grafana | toYaml | nindent 12 }}
           namespaceOverride: null # team-{{ $teamId }}
           nameOverride: {{ $teamId }}-po-grafana
           fullnameOverride: {{ $teamId }}-po-grafana
@@ -96,6 +106,8 @@ releases:
               enabled: true
               label: release
               labelValue: grafana-dashboards-{{ $teamId }}
+            resources:
+              {{- $teamApps.grafana.resources.sidecar | toYaml | nindent 14 }}
           additionalDataSources:
             - name: Prometheus-platform
               editable: false
@@ -242,11 +254,12 @@ releases:
           tlsSecretName: {{ $v._derived.tlsSecretName }}
       - {{- omit $team "apps" | toYaml | nindent 8 }}
         teamId: {{ $teamId }}
+        teamApps: {{- toYaml $teamApps | nindent 10 }}
         teamIds: {{- toYaml (keys $v.teamConfig) | nindent 10 }}
       - services: {{- concat $coreTeamServices $teamServices | toYaml | nindent 10 }}
   {{- if (gt (len $teamServices) 0) }}
       - name: blackbox
         svc: prometheus-blackbox-exporter
         port: 9115
   {{- end }}
-{{- end }}
+{{- end }}

helmfile.d/snippets/defaults.gotmpl

@@ -0,0 +1,78 @@
+{{- /* Only dynamic defauts */}}
+{{- $ENV_DIR := env "ENV_DIR" | default "../env" }}
+{{- $t := readFile (print $ENV_DIR "/env/teams.yaml") | fromYaml }}
+{{- if not (hasKey $t "teamConfig") }}{{ $_ := set $t "teamConfig" dict }}{{ end }}
+{{- $teams := keys $t.teamConfig}}
+
+environments:
+  default:
+    values:
+    - teamConfig:
+    {{- range $team := $teams }}
+        {{ $team }}:
+          apps:
+            alertmanager:
+              resources:
+                limits:
+                  cpu: 200m
+                  memory: 256Mi
+                requests:
+                  cpu: 10m
+                  memory: 64Mi
+            grafana:
+              resources:
+                grafana:
+                  limits:
+                    cpu: "1"
+                    memory: 1Gi
+                  requests:
+                    cpu: 10m
+                    memory: 128Mi
+                sidecar:
+                  limits:
+                    cpu: 500m
+                    memory: 256Mi
+                  requests:
+                    cpu: 10m
+                    memory: 128Mi
+            tekton:
+              resources:
+                dashboard:
+                  limits:
+                    cpu: 100m
+                    memory: 128Mi
+                  requests:
+                    cpu: 10m
+                    memory: 64Mi
+                buildpacksTask:
+                  limits:
+                    cpu: "2"
+                    memory: 2Gi
+                  requests:
+                    cpu: 500m
+                    memory: 512Mi
+                gitCloneTask:
+                  limits:
+                    cpu: "2"
+                    memory: 2Gi
+                  requests:
+                    cpu: 500m
+                    memory: 512Mi
+                grypeTask:
+                  limits:
+                    cpu: "2"
+                    memory: 2Gi
+                  requests:
+                    cpu: 500m
+                    memory: 512Mi
+                kanikoTask:
+                  limits:
+                    cpu: "2"
+                    memory: 2Gi
+                  requests:
+                    cpu: 500m
+                    memory: 512Mi
+          managedMonitoring:
+            grafana: true
+            alertmanager: false
+    {{- end }}

helmfile.d/snippets/env.gotmpl

@@ -44,7 +44,7 @@ environments:
       - {{ $database }}
 {{- end }}{{ end }}
 {{- range $team := $teams }}
-  {{- range $type := list "services" "netpols" "jobs" "workloads" "backups" "builds" "policies" "sealedsecrets"}}
+  {{- range $type := list "services" "netpols" "jobs" "workloads" "backups" "builds" "policies" "sealedsecrets" "apps"}}
     {{- if eq (exec "bash" (list "-c" (printf "( test -f $ENV_DIR/env/teams/%s.%s.yaml && echo 'true' ) || echo 'false'" $type $team)) | trim) "true" }}
       - {{ $ENV_DIR }}/env/teams/{{ $type }}.{{ $team }}.yaml
     {{- end }}
@@ -63,4 +63,4 @@ environments:
 {{- end }}
 {{- range $app := $appsSecret }}{{ if ne $app "" }}{{ $file := $app | replace (print $ENV_DIR "/env/apps/") "" }}
       - {{ $ENV_DIR }}/env/apps/{{ $file }}{{ $ext }}
-{{- end }}{{ end }}
+{{- end }}{{ end }}

helmfile.tpl/helmfile-dump-all.yaml

@@ -2,6 +2,9 @@
 bases:
   - ../helmfile.d/snippets/defaults.yaml
 ---
+bases:
+  - ../helmfile.d/snippets/defaults.gotmpl
+---
 bases:
   - ../helmfile.d/snippets/env.gotmpl
 ---

helmfile.tpl/helmfile-dump-defaults.yaml

@@ -2,6 +2,9 @@
 bases:
   - ../helmfile.d/snippets/defaults.yaml
 ---
+bases:
+  - ../helmfile.d/snippets/defaults.gotmpl
+---
 bases:
   - ../helmfile.d/snippets/env.gotmpl
 ---

tests/bootstrap/input.yaml

@@ -15,3 +15,76 @@ users:
     isPlatformAdmin: false
     isTeamAdmin: false
     teams: ['demo']
+teamConfig:
+  demo:
+    password: somesecretvalue
+    id: demo
+    selfService:
+      service:
+        - ingress
+    networkPolicy:
+      egressPublic: true
+      ingressPrivate: true
+    builds:
+      - name: nodejs-hello-world
+        tag: v0.0.1
+        trigger: false
+        mode:
+          docker:
+            repoUrl: https://github.com/redkubes/nodejs-helloworld
+            revision: HEAD
+            path: ./Docker
+          type: docker
+      - name: demo-java-maven
+        tag: v0.0.1
+        trigger: false
+        mode:
+          buildpacks:
+            repoUrl: https://github.com/buildpacks/samples
+            revision: HEAD
+            path: apps/java-maven
+          type: buildpacks
+      - name: demo-java-trigger
+        tag: v_0_0_1
+        trigger: true
+        mode:
+          docker:
+            repoUrl: https://github.com/buildpacks/samples
+            revision: HEAD
+            path: ./Docker
+          type: docker
+    services:
+      - headers:
+          response:
+            set: []
+        id: 78595314-cdaf-4b60-acc2-3b1a7f80fe2b
+        ingressClassName: platform
+        name: httpbin
+        ownHost: true
+        port: 80
+        type: public
+      - id: a106eb22-8c06-41b6-ab15-97aafb0888b5
+        ingressClassName: platform
+        name: nginx-deployment
+        ownHost: true
+        paths: []
+        port: 80
+        type: public
+      - id: 91f6af98-ad8e-4111-b916-cf1b5bdcafb0
+        ingressClassName: platform
+        ksvc:
+          predeployed: true
+        name: nginx-ksvc
+        ownHost: true
+        paths: []
+        port: 80
+        type: public
+    workloads:
+      - name: nodejs-helloworld
+        url: https://github.com/redkubes/nodejs-helloworld.git
+        path: ./
+        revision: HEAD
+      - name: httpbin
+        path: charts/httpbin
+        revision: HEAD
+        url: https://github.com/linode/apl-core.git