templates

package
v0.0.0-...-a14639f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ProviderOSDSizeInTiB = 4
)

Variables

View Source 
var (
	KubeRBACProxyPortNumber             int    = 9339
	PrometheusServingCertSecretName     string = "prometheus-serving-cert-secret"
	PrometheusKubeRBACPoxyConfigMapName string = "prometheus-kube-rbac-proxy-config"
)
View Source 
var AlertmanagerConfigTemplate = promv1a1.AlertmanagerConfig{
	Spec: promv1a1.AlertmanagerConfigSpec{
		Route: &promv1a1.Route{
			Receiver: "null",
			Routes: []apiextensionsv1.JSON{
				convertToApiExtV1JSON(promv1a1.Route{
					GroupBy:        []string{"alertname"},
					GroupWait:      "30s",
					GroupInterval:  "5m",
					RepeatInterval: "12h",
					Matchers:       []promv1a1.Matcher{{Name: "alertname", Value: getRegexMatcher(smtpAlerts), MatchType: promv1a1.MatchRegexp}},
					Receiver:       "SendGrid",
				},
				),
				convertToApiExtV1JSON(promv1a1.Route{
					GroupBy:        []string{"alertname"},
					GroupWait:      "30s",
					GroupInterval:  "5m",
					RepeatInterval: "12h",
					Matchers:       []promv1a1.Matcher{{Name: "alertname", Value: getRegexMatcher(pagerdutyAlerts), MatchType: promv1a1.MatchRegexp}},
					Receiver:       "pagerduty",
				},
				),
				convertToApiExtV1JSON(promv1a1.Route{
					GroupBy:        []string{"alertname"},
					GroupWait:      "30s",
					GroupInterval:  "5m",
					RepeatInterval: "5m",
					Matchers:       []promv1a1.Matcher{{Name: "alertname", Value: "DeadMansSnitch", MatchType: promv1a1.MatchEqual}},
					Receiver:       "DeadMansSnitch",
				},
				),
			},
		},
		Receivers: []promv1a1.Receiver{{
			Name: "null",
		}, {
			Name: "pagerduty",
			PagerDutyConfigs: []promv1a1.PagerDutyConfig{{
				ServiceKey: &corev1.SecretKeySelector{Key: "", LocalObjectReference: corev1.LocalObjectReference{Name: ""}},
				Details:    []promv1a1.KeyValue{{Key: "", Value: ""}},
			}},
		}, {
			Name:           "DeadMansSnitch",
			WebhookConfigs: []promv1a1.WebhookConfig{{}},
		}, {
			Name: "SendGrid",
			EmailConfigs: []promv1a1.EmailConfig{{
				SendResolved: &_false,
				Smarthost:    "",
				From:         "",
				To:           "",
				AuthUsername: "",
				AuthPassword: &corev1.SecretKeySelector{Key: "", LocalObjectReference: corev1.LocalObjectReference{Name: ""}},
				Headers: []promv1a1.KeyValue{{
					Key:   "subject",
					Value: `OpenShift Data Foundation Managed Service notification, Action required on your managed OpenShift cluster!`,
				}},
			},
			},
		},
		},
	},
}
View Source 
var AlertmanagerTemplate = promv1.Alertmanager{
	Spec: promv1.AlertmanagerSpec{
		Replicas:  &_1,
		Resources: utils.GetResourceRequirements("alertmanager"),
	},
}
View Source 
var CephNetworkPolicyTemplate = netv1.NetworkPolicy{
	Spec: netv1.NetworkPolicySpec{
		Ingress: []netv1.NetworkPolicyIngressRule{
			{
				From: []netv1.NetworkPolicyPeer{
					{
						NamespaceSelector: &metav1.LabelSelector{
							MatchLabels: map[string]string{
								"policy-group.network.openshift.io/host-network": "",
							},
						},
					},
				},
			},
		},
		PolicyTypes: []netv1.PolicyType{
			netv1.PolicyTypeIngress,
		},
		PodSelector: metav1.LabelSelector{
			MatchExpressions: []metav1.LabelSelectorRequirement{
				{
					Key:      "app",
					Operator: metav1.LabelSelectorOpIn,
					Values: []string{
						"rook-ceph-mds",
						"rook-ceph-osd",
						"rook-ceph-mgr",
						"rook-ceph-mon",
						"rook-ceph-crashcollector",
					},
				},
			},
		},
	},
}
View Source 
var ConsumerStorageClusterTemplate = ocsv1.StorageCluster{
	Spec: ocsv1.StorageClusterSpec{
		ExternalStorage: ocsv1.ExternalStorageClusterSpec{
			Enable:                  true,
			StorageProviderKind:     ocsv1.KindOCS,
			StorageProviderEndpoint: "",
			OnboardingTicket:        "",
			RequestedCapacity:       &resource.Quantity{},
		},
		MultiCloudGateway: &ocsv1.MultiCloudGatewaySpec{
			ReconcileStrategy: "ignore",
		},
	},
}
View Source 
var ConvergedStorageClusterTemplate = ocsv1.StorageCluster{
	Spec: ocsv1.StorageClusterSpec{

		LabelSelector: &metav1.LabelSelector{
			MatchExpressions: []metav1.LabelSelectorRequirement{{
				Key:      "node-role.kubernetes.io/worker",
				Operator: metav1.LabelSelectorOpExists,
			}, {
				Key:      "node-role.kubernetes.io/infra",
				Operator: metav1.LabelSelectorOpDoesNotExist,
			}},
		},
		ManageNodes: false,
		MonPVCTemplate: &corev1.PersistentVolumeClaim{
			Spec: corev1.PersistentVolumeClaimSpec{
				StorageClassName: &gp2,
				AccessModes: []corev1.PersistentVolumeAccessMode{
					corev1.ReadWriteOnce,
				},
			},
		},
		Resources: map[string]corev1.ResourceRequirements{
			"mds":            utils.GetResourceRequirements("mds"),
			"mgr":            utils.GetResourceRequirements("mgr"),
			"mon":            utils.GetResourceRequirements("mon"),
			"crashcollector": utils.GetResourceRequirements("crashcollector"),
		},
		StorageDeviceSets: []ocsv1.StorageDeviceSet{{
			Name:  "default",
			Count: 1,
			DataPVCTemplate: corev1.PersistentVolumeClaim{
				Spec: corev1.PersistentVolumeClaimSpec{
					StorageClassName: &gp2,
					AccessModes: []corev1.PersistentVolumeAccessMode{
						corev1.ReadWriteOnce,
					},
					VolumeMode: &volumeModeBlock,
					Resources: corev1.ResourceRequirements{
						Requests: corev1.ResourceList{
							"storage": resource.MustParse("1Ti"),
						},
					},
				},
			},
			Placement: rook.Placement{},
			Portable:  true,
			Replica:   3,
			Resources: utils.GetResourceRequirements("sds"),
		}},
		MultiCloudGateway: &ocsv1.MultiCloudGatewaySpec{
			ReconcileStrategy: "ignore",
		},
	},
}
View Source 
var DMSPrometheusRuleTemplate = promv1.PrometheusRule{
	Spec: promv1.PrometheusRuleSpec{
		Groups: []promv1.RuleGroup{
			{
				Name: "snitch-alert",
				Rules: []promv1.Rule{
					{
						Alert: "DeadMansSnitch",
						Expr: intstr.IntOrString{
							Type:   intstr.String,
							StrVal: "vector(1)",
						},
						Labels: map[string]string{
							"alertname": "DeadMansSnitch",
						},
					},
				},
			},
		},
	},
}

This prometheus rule ensures that a DMS alert occurs during every prometheus scrape.

View Source 
var EgressFirewallTemplate = ovnv1.EgressFirewall{
	Spec: ovnv1.EgressFirewallSpec{
		Egress: []ovnv1.EgressFirewallRule{
			{
				To: ovnv1.EgressFirewallDestination{
					DNSName: "events.pagerduty.com",
				},
				Type: ovnv1.EgressFirewallRuleAllow,
			},
			{
				To: ovnv1.EgressFirewallDestination{
					CIDRSelector: "100.64.0.0/16",
				},
				Type: ovnv1.EgressFirewallRuleAllow,
			},
			{
				To: ovnv1.EgressFirewallDestination{
					CIDRSelector: "0.0.0.0/0",
				},
				Type: ovnv1.EgressFirewallRuleDeny,
			},
		},
	},
}
View Source 
var EgressNetworkPolicyTemplate = openshiftv1.EgressNetworkPolicy{
	Spec: openshiftv1.EgressNetworkPolicySpec{
		Egress: []openshiftv1.EgressNetworkPolicyRule{
			{
				To: openshiftv1.EgressNetworkPolicyPeer{
					DNSName: "events.pagerduty.com",
				},
				Type: openshiftv1.EgressNetworkPolicyRuleAllow,
			},
			{
				To: openshiftv1.EgressNetworkPolicyPeer{
					CIDRSelector: "100.64.0.0/16",
				},
				Type: openshiftv1.EgressNetworkPolicyRuleAllow,
			},
			{
				To: openshiftv1.EgressNetworkPolicyPeer{
					CIDRSelector: "0.0.0.0/0",
				},
				Type: openshiftv1.EgressNetworkPolicyRuleDeny,
			},
		},
	},
}
View Source 
var K8sMetricsServiceMonitorTemplate = promv1.ServiceMonitor{
	Spec: promv1.ServiceMonitorSpec{
		Endpoints: []promv1.Endpoint{
			{
				Port:          "web",
				Path:          "/federate",
				Scheme:        "https",
				ScrapeTimeout: "1m",
				Interval:      "2m",
				HonorLabels:   true,
				MetricRelabelConfigs: []*promv1.RelabelConfig{
					{
						Action: "labeldrop",
						Regex:  "prometheus_replica",
					},
				},
				RelabelConfigs: []*promv1.RelabelConfig{
					{
						Action:      "replace",
						Regex:       "prometheus-k8s-.*",
						Replacement: "",
						SourceLabels: []string{
							"pod",
						},
						TargetLabel: "pod",
					},
				},
				TLSConfig: &promv1.TLSConfig{
					SafeTLSConfig: promv1.SafeTLSConfig{
						InsecureSkipVerify: true,
					},
				},
				Params:          params,
				BearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token",
			},
		},
		NamespaceSelector: promv1.NamespaceSelector{
			MatchNames: []string{"openshift-monitoring"},
		},
		Selector: metav1.LabelSelector{
			MatchLabels: map[string]string{
				"app.kubernetes.io/component": "prometheus",
			},
		},
	},
}
View Source 
var KubeRBACProxyConfigMap = corev1.ConfigMap{
	Data: map[string]string{
		"config-file.json": (func() string {
			config := struct {
				Authorization struct {
					Static [2]struct {
						Path            string `json:"path"`
						ResourceRequest bool   `json:"resourceRequest"`
						Verb            string `json:"verb"`
					} `json:"static"`
				} `json:"authorization"`
			}{}

			item := &config.Authorization.Static[0]
			item.Verb = "get"
			item.Path = "/metrics"
			item.ResourceRequest = false

			item = &config.Authorization.Static[1]
			item.Verb = "get"
			item.Path = "/federate"
			item.ResourceRequest = false

			raw, _ := json.Marshal(config)
			return string(raw)
		})(),
	},
}
View Source 
var NetworkPolicyTemplate = netv1.NetworkPolicy{
	Spec: netv1.NetworkPolicySpec{
		Ingress: []netv1.NetworkPolicyIngressRule{
			{
				From: []netv1.NetworkPolicyPeer{
					{
						PodSelector: &metav1.LabelSelector{},
					},
				},
			},
		},
		PolicyTypes: []netv1.PolicyType{
			netv1.PolicyTypeIngress,
		},
		PodSelector: metav1.LabelSelector{},
	},
}
View Source 
var PrometheusProxyNetworkPolicyTemplate = netv1.NetworkPolicy{
	Spec: netv1.NetworkPolicySpec{
		Ingress: []netv1.NetworkPolicyIngressRule{
			{
				Ports: []netv1.NetworkPolicyPort{
					{
						Port:     &prometheusProxyPort,
						Protocol: &prometheusProxyProtocol,
					},
				},
			},
		},
		PolicyTypes: []netv1.PolicyType{
			netv1.PolicyTypeIngress,
		},
		PodSelector: metav1.LabelSelector{
			MatchExpressions: []metav1.LabelSelectorRequirement{
				{
					Key:      "prometheus",
					Operator: metav1.LabelSelectorOpIn,
					Values: []string{
						"managed-ocs-prometheus",
					},
				},
			},
		},
	},
}
View Source 
var PrometheusTemplate = promv1.Prometheus{
	Spec: promv1.PrometheusSpec{
		ExternalLabels:         map[string]string{},
		ServiceAccountName:     "prometheus-k8s",
		ServiceMonitorSelector: &resourceSelector,
		PodMonitorSelector:     &resourceSelector,
		RuleSelector:           &resourceSelector,
		EnableAdminAPI:         false,
		Alerting: &promv1.AlertingSpec{
			Alertmanagers: []promv1.AlertmanagerEndpoints{{
				Namespace: "",
				Name:      "alertmanager-operated",
				Port:      intstr.FromString("web"),
			}},
		},
		Resources:   utils.GetResourceRequirements("prometheus"),
		ListenLocal: true,
		Containers: []corev1.Container{{
			Name: "kube-rbac-proxy",
			Args: []string{
				fmt.Sprintf("--secure-listen-address=0.0.0.0:%d", KubeRBACProxyPortNumber),
				"--upstream=http://127.0.0.1:9090/",
				"--logtostderr=true",
				"--v=10",
				"--tls-cert-file=/etc/tls-secret/tls.crt",
				"--tls-private-key-file=/etc/tls-secret/tls.key",
				"--client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt",
				"--config-file=/etc/kube-rbac-config/config-file.json",
			},
			Ports: []corev1.ContainerPort{{
				Name:          "https",
				ContainerPort: int32(KubeRBACProxyPortNumber),
			}},
			VolumeMounts: []corev1.VolumeMount{
				{
					Name:      "serving-cert",
					MountPath: "/etc/tls-secret",
				},
				{
					Name:      "kube-rbac-config",
					MountPath: "/etc/kube-rbac-config",
				},
			},
			Resources: utils.GetResourceRequirements("kube-rbac-proxy"),
		}},
		Volumes: []corev1.Volume{
			{
				Name: "serving-cert",
				VolumeSource: corev1.VolumeSource{
					Secret: &corev1.SecretVolumeSource{
						SecretName: PrometheusServingCertSecretName,
					},
				},
			},
			{
				Name: "kube-rbac-config",
				VolumeSource: corev1.VolumeSource{
					ConfigMap: &corev1.ConfigMapVolumeSource{
						LocalObjectReference: corev1.LocalObjectReference{
							Name: PrometheusKubeRBACPoxyConfigMapName,
						},
					},
				},
			},
		},
		RemoteWrite: []promv1.RemoteWriteSpec{
			{
				OAuth2: &promv1.OAuth2{
					ClientSecret: corev1.SecretKeySelector{
						LocalObjectReference: corev1.LocalObjectReference{},
					},
					ClientID: promv1.SecretOrConfigMap{
						Secret: &corev1.SecretKeySelector{
							LocalObjectReference: corev1.LocalObjectReference{},
						},
					},
					EndpointParams: map[string]string{},
				},
				WriteRelabelConfigs: []promv1.RelabelConfig{
					{
						SourceLabels: []string{"__name__", "alertname"},
						Regex:        getRelableRegex(alerts, metrics),
						Action:       "keep",
					},
				},
			},
		},
	},
}
View Source 
var ProviderApiServerNetworkPolicyTemplate = netv1.NetworkPolicy{
	Spec: netv1.NetworkPolicySpec{
		Ingress: []netv1.NetworkPolicyIngressRule{
			{
				Ports: []netv1.NetworkPolicyPort{
					{
						Port:     &ProviderApiServerPort,
						Protocol: &ProviderApiServerProtocol,
					},
				},
			},
		},
		PolicyTypes: []netv1.PolicyType{
			netv1.PolicyTypeIngress,
		},
		PodSelector: metav1.LabelSelector{
			MatchExpressions: []metav1.LabelSelectorRequirement{
				{
					Key:      "app",
					Operator: metav1.LabelSelectorOpIn,
					Values: []string{
						"ocsProviderApiServer",
					},
				},
			},
		},
	},
}
View Source 
var ProviderApiServerPort = intstr.FromInt(50051)
View Source 
var ProviderApiServerProtocol = corev1.ProtocolTCP
View Source 
var ProviderStorageClusterTemplate = ocsv1.StorageCluster{
	Spec: ocsv1.StorageClusterSpec{

		LabelSelector: &metav1.LabelSelector{
			MatchExpressions: []metav1.LabelSelectorRequirement{{
				Key:      "node-role.kubernetes.io/worker",
				Operator: metav1.LabelSelectorOpExists,
			}, {
				Key:      "node-role.kubernetes.io/infra",
				Operator: metav1.LabelSelectorOpDoesNotExist,
			}},
		},
		ManageNodes: false,
		MonPVCTemplate: &corev1.PersistentVolumeClaim{
			Spec: corev1.PersistentVolumeClaimSpec{
				StorageClassName: &gp2,
				Resources: corev1.ResourceRequirements{
					Requests: corev1.ResourceList{
						"storage": resource.MustParse("50Gi"),
					},
				},
				AccessModes: []corev1.PersistentVolumeAccessMode{
					corev1.ReadWriteOnce,
				},
			},
		},
		Resources: map[string]corev1.ResourceRequirements{
			"mds":            utils.GetResourceRequirements("mds"),
			"mgr":            utils.GetResourceRequirements("mgr"),
			"mon":            utils.GetResourceRequirements("mon"),
			"crashcollector": utils.GetResourceRequirements("crashcollector"),
		},
		StorageDeviceSets: []ocsv1.StorageDeviceSet{{
			Name:  "default",
			Count: 1,
			DataPVCTemplate: corev1.PersistentVolumeClaim{
				Spec: corev1.PersistentVolumeClaimSpec{
					StorageClassName: &gp2,
					AccessModes: []corev1.PersistentVolumeAccessMode{
						corev1.ReadWriteOnce,
					},
					VolumeMode: &volumeModeBlock,
					Resources: corev1.ResourceRequirements{
						Requests: corev1.ResourceList{
							"storage": resource.MustParse(fmt.Sprintf("%dTi", ProviderOSDSizeInTiB)),
						},
					},
				},
			},
			Placement: rook.Placement{
				TopologySpreadConstraints: []corev1.TopologySpreadConstraint{
					commonTSC,
				},
			},
			PreparePlacement: rook.Placement{
				TopologySpreadConstraints: []corev1.TopologySpreadConstraint{
					commonTSC,
					preparePlacementTSC,
				},
			},
			Portable:  true,
			Replica:   3,
			Resources: utils.GetResourceRequirements("sds"),
		}},
		MultiCloudGateway: &ocsv1.MultiCloudGatewaySpec{
			ReconcileStrategy: "ignore",
		},
		HostNetwork:                 true,
		AllowRemoteStorageConsumers: true,
		ManagedResources: ocsv1.ManagedResourcesSpec{
			CephBlockPools: ocsv1.ManageCephBlockPools{
				ReconcileStrategy:    "ignore",
				DisableStorageClass:  true,
				DisableSnapshotClass: true,
			},
			CephFilesystems: ocsv1.ManageCephFilesystems{
				DisableStorageClass:  true,
				DisableSnapshotClass: true,
			},
		},
	},
}

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.