From 7c3c9f331e15e213cffef87a625b0f4f620bcbc0 Mon Sep 17 00:00:00 2001 From: greg pereira Date: Sun, 8 Dec 2024 10:18:13 -0800 Subject: [PATCH] saving full work --- .devcontainer/Containerfile | 31 +++++- .devcontainer/devcontainer.json | 12 ++- .devcontainer/install-kind.sh | 10 ++ .devcontainer/install-kubectl.sh | 23 +++++ .devcontainer/install-kubeseal.sh | 30 ++++++ Makefile | 96 ++++++++++++++++--- ...y-umami-openshift-env-secret-conversion.sh | 60 ++++++++++++ deploy/k8s/overlays/kind/kind.yaml | 2 + .../overlays/kind/umami/kustomization.yaml | 6 ++ .../overlays/kind/umami/umami-ingress.yaml | 20 ++++ .../kind/umami/umami-secret.template.yaml | 15 +++ .../k8s/overlays/kind/umami/umami-secret.yaml | 13 +++ .../openshift/umami/kustomization.yaml | 7 ++ .../umami/umami-secret.sealedsecret.yaml | 25 +++++ .../openshift/umami/umami-secret.yaml | 13 +++ docs/metrics.md | 0 16 files changed, 347 insertions(+), 16 deletions(-) create mode 100755 .devcontainer/install-kind.sh create mode 100755 .devcontainer/install-kubectl.sh create mode 100755 .devcontainer/install-kubeseal.sh create mode 100755 deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh create mode 100644 deploy/k8s/overlays/kind/umami/kustomization.yaml create mode 100644 deploy/k8s/overlays/kind/umami/umami-ingress.yaml create mode 100644 deploy/k8s/overlays/kind/umami/umami-secret.template.yaml create mode 100644 deploy/k8s/overlays/kind/umami/umami-secret.yaml create mode 100644 deploy/k8s/overlays/openshift/umami/kustomization.yaml create mode 100644 deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml create mode 100644 deploy/k8s/overlays/openshift/umami/umami-secret.yaml create mode 100644 docs/metrics.md diff --git a/.devcontainer/Containerfile b/.devcontainer/Containerfile index b5d208d0..731746b1 100644 --- a/.devcontainer/Containerfile +++ b/.devcontainer/Containerfile @@ -1,5 +1,7 @@ FROM registry.access.redhat.com/ubi9/nodejs-22:9.5-1730543890 +WORKDIR /opt/app-root/src + ARG USERNAME=default ARG NPM_GLOBAL=/usr/local/share/npm-global @@ -10,13 +12,40 @@ USER root RUN umask 0002 +# install zsh and oh-my-zsh +RUN dnf install -y zsh && \ + bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" + RUN groupadd npm && \ usermod -a -G npm ${USERNAME} && \ bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) && \ chown -R ${USERNAME}:npm /usr/local/ && \ mkdir -p /opt/app-root/src/.npm && chown -R ${USERNAME}:npm /opt/app-root/src/ && \ - dnf install -y vim + dnf install -y vim jq + +# install kubectl +ADD install-kubectl.sh /tmp +RUN /tmp/install-kubectl.sh; \ + rm /tmp/install-kubectl.sh + +# install kubseal +ADD install-kubeseal.sh /tmp +RUN /tmp/install-kubeseal.sh; \ + rm /tmp/install-kubeseal.sh + +# install docker as a dependency of kind +# only need the CLI and runtime, binding to host docker socket for access to host docker context +RUN dnf -y install dnf-plugins-core; \ + dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo; \ + dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + +# install kind +ADD install-kind.sh /tmp +RUN /tmp/install-kind.sh; \ + rm /tmp/install-kind.sh +# symlink oc because cannot install stable stream without RH auth +RUN ln -sf /usr/local/bin/kubectl /usr/local/bin/oc USER default diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b0d2203e..e8e3463a 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -11,16 +11,20 @@ "dbaeumer.vscode-eslint", "esbenp.prettier-vscode", "DavidAnson.vscode-markdownlint", - "ms-vscode-remote.remote-containers" + "ms-vscode-remote.remote-containers", + "foxundermoon.shell-format", + "timonwong.shellcheck" ], "settings": { - "terminal.integrated.shell.linux": "/bin/bash" + "terminal.integrated.shell.linux": "/bin/zsh" } } }, - "forwardPorts": [3000], + "forwardPorts": [3000, 6443], "mounts": [ - "type=bind,source=${localWorkspaceFolder}/.env,target=/workspace/ui/.env,consistency=cached" + "type=bind,source=${localWorkspaceFolder}/.env,target=/workspace/ui/.env,consistency=cached", + "source=${env:HOME}/.kube,target=/opt/app-root/src/.kube,type=bind,consistency=cached", + "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ], "runArgs": ["-p", "3000:3000"] } diff --git a/.devcontainer/install-kind.sh b/.devcontainer/install-kind.sh new file mode 100755 index 00000000..46a1aa75 --- /dev/null +++ b/.devcontainer/install-kind.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*- + +# Install the kind binary + +[ $(uname -m) = x86_64 ] && curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.25.0/kind-linux-amd64 +[ $(uname -m) = aarch64 ] && curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.25.0/kind-linux-arm64 +chmod +x /tmp/kind +mv /tmp/kind /usr/local/bin/kind +kind completion zsh > ~/.oh-my-zsh/cache/completions/_kind diff --git a/.devcontainer/install-kubectl.sh b/.devcontainer/install-kubectl.sh new file mode 100755 index 00000000..648372ab --- /dev/null +++ b/.devcontainer/install-kubectl.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*- + +# Install the kubectl binary + +ARCH=$(uname -m) +if [ "$ARCH" == "x86_64" ] || [ "$ARCH" == "amd64" ]; then + ARCH="amd64" +elif [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "arm64" ]; then + ARCH="arm64" +else + echo "Unsupported architecture: $ARCH" + exit 1 +fi + +KUBECTL_VERSION=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt) +echo "Installing kubectl version $KUBECTL_VERSION for $ARCH..." +curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" +chmod +x kubectl +mv kubectl /usr/local/bin/ +kubectl completion zsh > $ZSH/cache/completions/_kubectl + +curl -sLO https://access.cdn.redhat.com/content/origin/files/sha256/99/99f0ecb5477ed1a038e7279252971b4c5d50fa9a877f78610b7d4e4ee02e0589/openshift-client-linux-amd64-rhel9-4.17.6.tar.gz diff --git a/.devcontainer/install-kubeseal.sh b/.devcontainer/install-kubeseal.sh new file mode 100755 index 00000000..b38688e7 --- /dev/null +++ b/.devcontainer/install-kubeseal.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*- + +# Install the kubeseal binary + +set -x +set -e +set -o pipefail + +# Determine architecture +ARCH=$(uname -m) +if [ "$ARCH" == "x86_64" ] || [ "$ARCH" == "amd64" ]; then + ARCH="amd64" +elif [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "arm64" ]; then + ARCH="arm64" +else + echo "Unsupported architecture: $ARCH" + exit 1 +fi + +KUBESEAL_VERSION=$(curl -s https://api.github.com/repos/bitnami-labs/sealed-secrets/tags | jq -r '.[0].name' | cut -c 2-) +if [ -z "$KUBESEAL_VERSION" ]; then + echo "Failed to fetch the latest KUBESEAL_VERSION" + exit 1 +fi + +curl -OL "https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION}/kubeseal-${KUBESEAL_VERSION}-linux-${ARCH}.tar.gz" +tar -xvzf kubeseal-${KUBESEAL_VERSION}-linux-${ARCH}.tar.gz kubeseal +install -m 755 kubeseal /usr/local/bin/kubeseal +kubeseal completion zsh > ~/.oh-my-zsh/cache/completions/_kubeseal diff --git a/Makefile b/Makefile index d812a972..418af895 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,8 @@ ILAB_KUBE_CONTEXT?=kind-instructlab-ui ILAB_KUBE_NAMESPACE?=instructlab ILAB_KUBE_CLUSTER_NAME?=instructlab-ui CONTAINER_ENGINE?=docker -DEVCONTAINER_BINARY_EXISTS ?= $(shell command -v devcontainer) +DEVCONTAINER_BINARY_EXISTS?=$(shell command -v devcontainer) +DEVCONTAINER_DEFAULT_SHELL?=zsh TAG=$(shell git rev-parse HEAD) ##@ Development - Helper commands for development .PHONY: md-lint @@ -111,9 +112,20 @@ check-kubectl: exit 1 ; \ fi +.PHONY: check-kubeseal +check-kubeseal: + $(CMD_PREFIX) if [ -z "$(shell which kubeseal)" ]; then \ + echo "Please install kubeseal" ; \ + echo "https://github.com/bitnami-labs/sealed-secrets?tab=readme-ov-file#kubeseal" ; \ + exit 1 ; \ + fi + .PHONY: load-images load-images: ## Load images onto Kind cluster + $(CMD_PREFIX) docker pull ghcr.io/instructlab/ui/ui:main $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image ghcr.io/instructlab/ui/ui:main + $(CMD_PREFIX) docker pull registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 + $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 .PHONY: stop-dev-kind stop-dev-kind: check-kind ## Stop the Kind cluster to destroy the development environment @@ -130,8 +142,8 @@ wait-for-readiness: # Wait for operators to be ready $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n ingress-nginx rollout restart deployment ingress-nginx-controller $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n ingress-nginx rollout status deployment ingress-nginx-controller --timeout=10m -.PHONY: deploy -deploy: wait-for-readiness ## Deploy a InstructLab UI development stack onto a kubernetes cluster +.PHONY: deploy-kind +deploy-kind: wait-for-readiness ## Deploy a InstructLab UI development stack onto a kubernetes cluster $(CMD_PREFIX) if [ ! -f .env ]; then \ echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ @@ -140,20 +152,42 @@ deploy: wait-for-readiness ## Deploy a InstructLab UI development stack onto a k $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m -.PHONY: redeploy -redeploy: ui-image load-images ## Redeploy the InstructLab UI stack onto a kubernetes cluster +.PHONY: redeploy-kind +redeploy-kind: ui-image load-images ## Redeploy the InstructLab UI stack onto a kubernetes cluster $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice -.PHONY: undeploy -undeploy: ## Undeploy the InstructLab UI stack from a kubernetes cluster +.PHONY: undeploy-kind +undeploy-kind: ## Undeploy the InstructLab UI stack from a kubernetes cluster $(CMD_PREFIX) if [ -f ./deploy/k8s/overlays/kind/.env ]; then \ rm ./deploy/k8s/overlays/kind/.env ; \ fi $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(ILAB_KUBE_NAMESPACE) +.PHONY: deploy-umami-kind +deploy-umami-kind: wait-for-readiness load-images + $(CMD_PREFIX) if [ ! -f .env ]; then \ + echo "Please create a .env file in the root of the project." ; \ + exit 1 ; \ + fi + $(CMD_PREFIX) bash -c "source .env && \ + deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh KIND $(UMAMI_KUBE_NAMESPACE)" + + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + $(CMD_PREFIX) kubectl create -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind/umami + + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) port-forward -n $(UMAMI_KUBE_NAMESPACE) service/umami 3001:3001 + +.PHONY: undeploy-umami-kind +undeploy-umami-kind: + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -k ./deploy/k8s/overlays/kind/umami + .PHONY: start-dev-kind ## Run the development environment on Kind cluster -start-dev-kind: setup-kind deploy ## Setup a Kind cluster and deploy InstructLab UI on it +start-dev-kind: setup-kind load-images deploy-kind ## Setup a Kind cluster and deploy InstructLab UI on it ##@ OpenShift - UI prod and qa deployment on OpenShift .PHONY: deploy-qa-openshift @@ -162,7 +196,6 @@ deploy-qa-openshift: ## Deploy QA stack of the InstructLab UI on OpenShift echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi - $(CMD_PREFIX) yes | cp -rf .env ./deploy/k8s/overlays/openshift/qa/.env $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/qa $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m @@ -172,7 +205,6 @@ redeploy-qa-openshift: ## Redeploy QA stack of the InstructLab UI on OpenShift $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice - .PHONY: undeploy-qa-openshift undeploy-qa-openshift: ## Undeploy QA stack of the InstructLab UI on OpenShift $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/qa @@ -180,6 +212,26 @@ undeploy-qa-openshift: ## Undeploy QA stack of the InstructLab UI on OpenShift rm ./deploy/k8s/overlays/openshift/qa/.env ; \ fi +.PHONY: deploy-umami-qa-openshift +deploy-umami-qa-openshift: + $(CMD_PREFIX) if [ ! -f .env ]; then \ + echo "Please create a .env file in the root of the project." ; \ + exit 1 ; \ + fi + $(CMD_PREFIX) source .env && \ + deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh OPENSHIFT $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - + $(CMD_PREFIX) oc apply -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml + + $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/umami + $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + +.PHONY: undeploy-umami-qa-openshift +undeploy-umami-qa-openshift: + $(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml + $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami + .PHONY: deploy-prod-openshift deploy-prod-openshift: ## Deploy production stack of the InstructLab UI on OpenShift $(CMD_PREFIX) if [ ! -f .env ]; then \ @@ -204,6 +256,28 @@ undeploy-prod-openshift: ## Undeploy production stack of the InstructLab UI on O rm ./deploy/k8s/overlays/openshift/prod/.env ; \ fi +.PHONY: deploy-umami-prod-openshift +deploy-umami-prod-openshift: check-kubeseal + $(CMD_PREFIX) if [ ! -f .env ]; then \ + echo "Please create a .env file in the root of the project." ; \ + exit 1 ; \ + fi + $(CMD_PREFIX) source .env && \ + deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh "OPENSHIFT" $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) cat deploy/k8s/overlays/openshift/umami/umami-secret.yaml | kubeseal \ + --controller-name=sealed-secrets-controller \ + --controller-namespace=kube-system \ + --format yaml > ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - + $(CMD_PREFIX) oc apply -f deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) oc apply -k deploy/k8s/overlays/openshift/umami + +.PHONY: undeploy-umami-prod-openshift +undeploy-umami-prod-openshift: + $(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami + .PHONY: check-dev-container-installed check-dev-container-installed: @if [ -z "${DEVCONTAINER_BINARY_EXISTS}" ]; then \ @@ -224,7 +298,7 @@ start-dev-container: .PHONY: enter-dev-container enter-dev-container: $(MAKE) check-dev-container-installed - devcontainer exec --workspace-folder=./ --docker-path=${CONTAINER_ENGINE} bash + devcontainer exec --workspace-folder=./ --docker-path=${CONTAINER_ENGINE} ${DEVCONTAINER_DEFAULT_SHELL} .PHONY: cycle-dev-container cycle-dev-container: diff --git a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh new file mode 100755 index 00000000..5d761d2c --- /dev/null +++ b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh @@ -0,0 +1,60 @@ +#!/bin/bash +# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*- + +# Helper script to filter out `.env`` values related to umami deployment, and generate the secret manifest from that + +source .env + +if [ "$#" -ne 2 ]; then + echo "USAGE: $0 TARGET NAMESPACE + TARGET: The deployment target. Options: [\"OPENSHIFT\", \"KIND\"] + NAMESPACE: The namespace where you want to deploy the umami-secret." 1>&2 + exit 1 +fi + +TARGET="$1" +NAMESPACE="$2" + + +if [ "${TARGET}" == "OPENSHIFT" ]; then + UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/openshift/umami/umami-secret.yaml" +elif [ "${TARGET}" == "KIND" ]; then + UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/kind/umami/umami-secret.yaml" +else + echo "Error, \$TARGET ${TARGET} not recongnized. + TARGET options: [\"OPENSHIFT\", \"KIND\"]" + exit 1 +fi + +required_vars=("DATABASE_TYPE" "POSTGRESQL_DATABASE" "POSTGRESQL_USER" "POSTGRESQL_PASSWORD" "UMAMI_APP_SECRET" "DATABASE_URL") + +missing_vars=() + +for var in "${required_vars[@]}"; do + if [[ -z "${!var}" ]]; then + missing_vars+=("$var") + fi +done + +if [[ ${#missing_vars[@]} -gt 0 ]]; then + echo "The following environment variables are missing:" + for var in "${missing_vars[@]}"; do + echo " - $var" + done + echo "Please add these variables to your .env file." + exit 1 +fi + +# Note: `.env` value UMAMI_APP_SECRET is re-routed to APP_SECRET intentionally +kubectl create secret generic umami-secret \ + --from-literal DATABASE_TYPE=${DATABASE_TYPE} \ + --from-literal POSTGRESQL_DATABASE=${POSTGRESQL_DATABASE} \ + --from-literal POSTGRESQL_USER=${POSTGRESQL_USER} \ + --from-literal POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD} \ + --from-literal APP_SECRET=${UMAMI_APP_SECRET} \ + --from-literal DATABASE_URL=${DATABASE_URL} \ + --namespace ${NAMESPACE} \ + --dry-run=client \ + -o yaml > ${UMAMI_SECRET_FILE_PATH} + +echo "Secret manifest has been created: ${UMAMI_SECRET_FILE_PATH}." diff --git a/deploy/k8s/overlays/kind/kind.yaml b/deploy/k8s/overlays/kind/kind.yaml index 7afee7f2..4580a1d6 100644 --- a/deploy/k8s/overlays/kind/kind.yaml +++ b/deploy/k8s/overlays/kind/kind.yaml @@ -24,3 +24,5 @@ nodes: image: kindest/node:v1.30.0 - role: worker image: kindest/node:v1.30.0 +networking: + apiServerPort: 6443 diff --git a/deploy/k8s/overlays/kind/umami/kustomization.yaml b/deploy/k8s/overlays/kind/umami/kustomization.yaml new file mode 100644 index 00000000..4f6bce68 --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: umami +resources: + - ../../../base/umami + - umami-ingress.yaml diff --git a/deploy/k8s/overlays/kind/umami/umami-ingress.yaml b/deploy/k8s/overlays/kind/umami/umami-ingress.yaml new file mode 100644 index 00000000..c6b2da28 --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/umami-ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: umami-ingress + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: nginx + rules: + - host: umami.localhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: umami + port: + number: 3001 diff --git a/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml b/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml new file mode 100644 index 00000000..6276f29c --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: umami-secret + labels: + app: umami +type: Opaque +stringData: + DATABASE_TYPE: postgresql # Options: ["postgresql", "mysql"] + POSTGRESQL_DATABASE: db-name + POSTGRESQL_USER: db-user + POSTGRESQL_PASSWORD: db-pass + APP_SECRET: app_secret # Functions as hash_salt, see: https://github.com/umami-software/umami/commit/7bbed0e12bb36b410ca03261757465167828b09b#diff-65e615806187cb0aef26259e5f071afc5271919039bc05c57cea796f5d56b4eeL7 + DATABASE_URL: postgresql://umami:umami@umami-db:5432/umami + # ://:@:5432/ diff --git a/deploy/k8s/overlays/kind/umami/umami-secret.yaml b/deploy/k8s/overlays/kind/umami/umami-secret.yaml new file mode 100644 index 00000000..52cb9c05 --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/umami-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + APP_SECRET: YXBwLXNlY3JldA== + DATABASE_TYPE: cG9zdGdyZXNxbA== + DATABASE_URL: cG9zdGdyZXNxbDovL3VtYW1pOnVtYW1pQHVtYW1pLWRiOjU0MzIvdW1hbWk= + POSTGRESQL_DATABASE: dW1hbWk= + POSTGRESQL_PASSWORD: dW1hbWk= + POSTGRESQL_USER: dW1hbWk= +kind: Secret +metadata: + creationTimestamp: null + name: umami-secret + namespace: umami diff --git a/deploy/k8s/overlays/openshift/umami/kustomization.yaml b/deploy/k8s/overlays/openshift/umami/kustomization.yaml new file mode 100644 index 00000000..584f4cd3 --- /dev/null +++ b/deploy/k8s/overlays/openshift/umami/kustomization.yaml @@ -0,0 +1,7 @@ +# Umami will be deployed on the QA cluster but host metrics for both prod and QA +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: umami +resources: + - ../../../base/umami + - umami-route.yaml diff --git a/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml new file mode 100644 index 00000000..f7a8df9d --- /dev/null +++ b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml @@ -0,0 +1,25 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: umami-secret + namespace: umami +spec: + encryptedData: + ADMIN_PASSWORD: AgCKiqvuCtrkZW/NjwU+bNcnYGmSoLkqRB/Y+JUJA+HLUuJdBep4yi2z2eSOWbjOhPfE20g2LmCG2DcRi8+RgTbJIihHkLfmIQsnM9K3XIWj6EGke5Qjh/GfWiF1p2idJM63YD6eInCBm2HimjdDkTr8v6JQ2aU918sSntgFGs5g6RVtZ8BC1EB+hvFW00CIDRWExdGTfBqIgR8Z5bVMK3cVT1HdZj6AklUBp2iR2aCWN4KCsAWVh2jmzkXdmg0Id2c9phsfI11GxLFIWwou3VcfdbCCRnN3n+jU+CkCfJ3dDYUGFbQTQPcNI47joiLN3bAT4UNG8XhSBMq7ZmOBOK6vKy6bDfa0+KN8IKwGajZd+cGZ3jgTuQ9bmpwqztdnpgSaVx8bTSUo9yMfgcuMHlGezxzwGQdnOfRlAryq3NTqGuUJkgyxEyM2w1iGaTFOvD9j0W1tIl5JbExz0Jp5ObNYDeSrnjWA+O7zthE5oKaNsPPfU4y6IGGyWYV40X3wuZpBtJkdPu3nFLVqZUCKoiB7pT554/fqtqgGip/1dD+Q0eCkRszS9G140ZTGv9wjel3yvfR1C0jxM1gpeI4NMZArvd2Fzn6iNoCharzfqVnIAAqmeKkpGU/YEmgTxqoLIT3R6+okWIdt8QgcJpU3oKIxmoo1BNSBtJe+46jO290W87oEvOYlASNi4b0jpSQJroso/hIWJzDEvYrdxaQpknVP8mErBDbWmG1Cl+KuJw== + APP_SECRET: AgCIg+JyWbM5O0oB/4h3/KVdVlLYU7HnbRz6WsCnriPAVlhs2rRwObNVPHuWxYrKbng6ihCZftxgdIKQhrY73v0cYKyEQlK3zmpeIktT+YXctLhLqrVYPU8pc34hh5DvFvYDzvRwYg8rBAR6gasPlnHQ/u3vL+wsRmb9Rf5Oeu1NQz0NdGv7wU4ZkRB0ZfZ0vBwYYJHRgXA6YKbNKzZVKbjQZdjL6i5ZmgiJ9goKnoE1kKdM6HcLhiOjQFyzlMu3ZG6om3hU+7FUCarakuRkaMqFl5OIi/rfFd3YY9b6E+lLsOhKqKgLnxS3w1uYXZrDDPAjadns0neLzHRmN7ACgzt9sync3f8tw9qUMAC0/nmZbHUcSltiEYfu3ZEiR1o69+MvjA7xwa17XnuCjsZvx0hp+I/vumsh3smiyiiYWAvOdbE66mh3NCENBBQIcWBFxpGBIhswJL1SWsvw2yb4rzTBm0hiL7weha6tqm11ioauWBDK2bznzBVh/qU+1yAV1XrIcPeKgosDlECOWYHWs4tmPOnOwyINgAnZtyHLOgT+Oh5F+qkh6U1pXMTAkVRIJNTAYTPGf1p026NfiGnglVSk5XfeRxsi0m9qaPSb4ULjDcPKJl+jxNbxTR2veiiAP6RwLqM1WpRE8rWaaqmZiH5JWFnOtkamuRwh2MVqpmB1gj1OzoywvuAN9uouLFg/T5853gm1FHt5z1wB5X9w + DATABASE_TYPE: AgARB8z2qrRjbj+oK9f5povXhCW4pvivcH4L9qfLN0KEobSIT8Eh2aGimvTvX5tMQ5Sr12og8x5oe1x7Xs3mwZvZLNKaS3gAGKPEjiJSXmb8Fm0Sjm6XQ0IgX4PMfnwqGaVA7CMRpGwOjOxHur91TnIffQsZYDXVxD9Qw3WkW6lvtMAxnIXp0fuKlWVcNkuEPY9dsk6s00pjA+/VN/5pjJemZkc0czcO5jZQ8pN606gSuhFdg4KZO9fPs286NHHbU/oMLFkxzLAGISvnQrLnVMrqnW7XV9J6Weo+4rB9ok5a3iodoQ9JBQBlvNipto35VEUpRQNDyMRxkzQUtK8kro9OmW1wTTGZsTffKsxHN0Jge3dw2/qOi0MBjX8QViN9/Mv2uyDB2Wa07i7hnEjrba4tgqoABoskittk18DJ1uctMIXFml14P9nKsQ9NN8E1Oyo8X6cVzBi5KIwDJhFx8SQzKklFRD284eP/trzjKHcqY4F+P0WylAYflcpwL0BshEi3VPIiZyAfQczaesGClMeglPnCJ8zFE7OPXvn633sIwo2TByO3r7RLl0ZRBzmy19+/UKAMyFXacolKclvsC9wUP1tzcRxPyzRzMlEDV+6cn0MBNoWgNpw9Rr7JJoEMlWRyHErq3Xy5bJRuzfuDmtIXzgckpWoPg9hTimE91E9xf2N1g9ovlrws+tYpkTFQkzuxsNHXd+1k21YxmA== + DATABASE_URL: AgCexLYEJnWkklIhAJX35KrrBH/OT+vi4hJBpQv/mOxoK7iCUllRKK1y3iNGmggvL9PBvDFH9YJRQ+/Yd9ufhrpc/a8/BI+oSrjtLNuwF4QFaQFBqz1DoN2jX/wbuJAgn87DJ81RRugPgwvrub8OF1OA9g4vdja+0RvUl9m3TwfaAyHnOq5IMwVMgUGu9h6WWhMvhmt3ROEDoASSAfLNGkeOoYbxboX2gllgBis3sU5jBJ2d+iddkUpniD/lGlmLqDUUm44l2BovwaJ4M2i13RmZC12e4kY83tQFVEqDqT+P63FmIVBd1nLpdBujN2E1Krrac0fLa+H1GX2k1XQ0ao6d+72pJHL5f9882RDD/y448L+6fTN6CCkDqfVT1VQy08jNyHHZP3MMN3Q9psn4Ey+CKKt/t+1Puyo1IEXBspO4dAa4qHEjLJYJO1eMCfpez2E2XysdJvFJ/FqFXnT9EJAyRwUK16HNK6dbFR8sHU2jQhoRqmyjy5DXu0LS+eCPMHyLwtVkBn0TZJqnYv3HHgJQVI5al8QWwRJq7fYU8NMWe/8HF3aBUmVDY/ACVqgoLKFrfls9pcr8ENKG+HRy6gwhqISbFDhQjl1uyEJDZ+OqnaP1q9B+nzujCystaDTd1x7Y0NbN/jdWEY8SlGhee6+jH9fQSCvQQbdAdcoik4HlxpOr+mWT5bVJvgoPrrNSCR9sI64Vl9n6cUctzCjDKWqlNxCO1gaNuQp8QPJ/Lpj3GidL6sssGl+xV+IVAlR9 + HASH_SALT: AgCGet4Cbyhhh56K3a32s8XGTQa8LZiJFEdXMON+NqknJXXcMlYBeeM26I/Id1frRKZyQ0CrhJVXmvHi9UcB9GeGmJqMsIsZ19rH3CCMDgRXf98h0ickhkJyyGKXb4pxSGQuHJ6KNwKuhWLGX6BHP9ZyeFm6P698ThUa4RFireugKTpHcdGl/MFVXwDNgBi8761Ku0FCU+zTfXwsZCTRqC0NGa9lahrTDiW47VSRg+YE6xfRH9ib5UXUBTQwrFXb/zpsHe+4WAt9Ffe2xj3Lg1Ug33e5ukkRuYyqSXN6nX80u+9uavE+ugW/DRGrFSVyyb7vptQcQ76KU31wRyG+D7UnqkMKFY3Dze+cwvOYtwGdBbwJIL6xm5piuKMGQY12dEvf3u+XRgCMKjx4G9tBqfnd4LeQ/CCN034r0A94bt9ClvYpMogEyNMRk5g27ubGRFOT69akIUaQF7toD/otM+5AquvuUhvFdt1M9q6MaAq1bOqhanRy2It4iLsnGOliAJKqAJi67o77RFM0zIeDUBCBWzj3x4uS/BSBNfTh5Blf3Pr06mbhx/zaHJCKBXIVBNIvV5lSvDBfG5zYAvJszWSuv48AbeN0JlqhCfJ1IBWwK/IoyUbHYDPkHHlaJ8ViQi2RZXHk9jZG72mgetSARZ+HuMr/kX0Z3jQBF+zKov+/pNLiJmhVgQznR64bvU+5td4KU2NbluGbhEgg2x4= + POSTGRESQL_DATABASE: AgBnyQJFdd2JRibSUnOLx3DxQUI5LLnpropRC1CygcI43vZ/mwCa82xW8e4XCKuxoWweFVjadDHZ8VZCEMdmoUHRttgVzwY1JqvlwjnbnAilPUjqgppdBc7zp1cv7eIpywapXNCjd8Axnp9vCITFR9R0chAXmf//NB69oDJZOUvS1U0TDvG6QVkhMuwQfy+iQ/WWzOUP3msr8Klnepdvg5lyE5Dtibl567dJ+TLCs8lJCD4Q8/IXQhonGBekBlkm2AZCSkvWbRH2cruvHM35qBtN1HZxiEqbCOr0SAjD2vsvPPBPjyIVg1aORPiO6A2pzfp7UJx7R/4HCCLQw8TYuOfloqC0qm4Mu2JT/o/qVQkNBBElz4+x+YWiU/eNF+P6u9xOfLaaIxkSgZC+uYLSv8D76lI3moSZBxKPbvHO85r7kZfzApc0+R3VhcX+cTHmOjfC7dOsB8Af+tSR1cEMHX1HDIcLOsViA3k9BvA+tNwmxu/vRCSuS9WaPnnyVMUye/e4duEjrYcDr9F2Aj28mPDo1ty76n+XTg15bypK5dfl+HwXclinj7FSCwWXuRpFC50qQn4Zng2wBygccNm5XlM2P41Hs2oRKd2EwVe/FuQZxN9cLswKIRfucsNv4BH6i0BXP4nNyq969VBM3E7baPvtg71MeCOf9GGpt3fxYNH48tpgJpS1ma4JpLm+F14nS+k/4Wubcw== + POSTGRESQL_PASSWORD: AgB3KVdEMngd+Ztm3htZvcUsO3a+KqtO/LEX1b8NOymtbTBr6oWM1y1h6v2Le+CK7M2ExghnMPmDdQOXeWgWeSY1cNMoTDIS8EzbAd9XzNr3gYpWXCTopLFXTbPst0gEgP2dUcJS59jxC6r0JIYbzxP8G+wAPtFym1T7D4Ik6bf6LrQ9kQHGtnZHBz4q/fRuSk4hbIjHZ4OXNyjJ4ZKffOXcmdGsv0+dhLUzNS+c2/yQRx+m0NFJZkP49v/yIgkGw5GaqwtYswfVlhsjI+Biw/0H9wZUM9WMkuX1BwIBp/f5942rga9rv+whZmAT2MS4h7UJAwoyCbiV/PG/NOXXKiJA7nC6HZKZqxu/NBHrLKFVLX1ZXVKd6T0zMHmhFnpqvMJkKPPBduU0nn9nIdzldj+QOl263WCLjCcdUXe82UFC5Lzc4zmJL2sBc0j+pyuWJYYqUI8v1x0qxcsbZFbEeDbazj3GY7eixs/mFQX4YC6ZJKUlXUXK9mV3FvyDjC7hp8YNSrw85w4xnmaY37TdiQT5jxsTzZSgY7mLRaB7RU0AahC3ZCAe0kCKmsM2JJdtXwARJ1RDSV4t7zmXsXTpZHu2hwkPBiENswJ7DvcLdjfmUKc3rQGKI7PiK5h7/csLfEN6Q4c1oSW3d5pYJpMvquRdr1PsBctDBPwTIKevOkyEsM/ueC6r3d7S1LSJhVkXEuFLeG7TSw== + POSTGRESQL_USER: AgCaanMEfhIe8LtCi01R6GSPT+A1lOaoDaLaZ5JS/8Ar7vmCUbrT+pG20Q+DKsUOcP/ke8r29Zpr1ZBl8lLKWFp8PaC9jw1KP3s/zcukKuLwEhNs73ldu4U757g6xLwB8+zYcgCWQA9J6flKq+9HLREki7CORtJT9BPo75TxIOBH8Ya/kT8u/+nlYqvDxAWsPeWCBljzeiKUtoLkXySCl5qhRwwyvUsuffMTHIouOtY/Y1OEuIhSvCi01A1kL5/vddAUtJYxvp+Kh2TuEU//g0kjXTUo8sCbnoj36I/trFplSZTe9680k1rhYK4H2Cca98t0JzPuwHUlg4akm5JORZ/BxQMKDCcuaESZIn4bC4Yoq7LUPrDhJpGqgiZSHFlqLs46UPg/534sc1HacmVr2qprHWNEqkwVHoej28YqWTJlP4XEqTnPQK645wMBvyhCKXrwod6pUmAaQZS7KA7giFCAlZxyVJXpp2bvTpG36H9BG/5FwzC8jIZKzZj9yFmkdKiI6CyMDuDrVA7qbpvVprmtqE2kRRgxOTEazgThMYMnLt9hdJiRIAv4JE+rwk8n07W+cOsfxAXLwaAGcQvZPOhQKnB2Rb2hWa7SYmJt3GJV64LrkUpYtRWQ204xhY8DIYVzXGQ8GY6ziFkrZe0TCdVeWbxLdB01rXWKXnb1chfCB2GVD0ZUuUmVL250a9MOwhTy31zzOw== + template: + metadata: + creationTimestamp: null + labels: + app: umami + name: umami-secret + namespace: umami + type: Opaque + diff --git a/deploy/k8s/overlays/openshift/umami/umami-secret.yaml b/deploy/k8s/overlays/openshift/umami/umami-secret.yaml new file mode 100644 index 00000000..52cb9c05 --- /dev/null +++ b/deploy/k8s/overlays/openshift/umami/umami-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + APP_SECRET: YXBwLXNlY3JldA== + DATABASE_TYPE: cG9zdGdyZXNxbA== + DATABASE_URL: cG9zdGdyZXNxbDovL3VtYW1pOnVtYW1pQHVtYW1pLWRiOjU0MzIvdW1hbWk= + POSTGRESQL_DATABASE: dW1hbWk= + POSTGRESQL_PASSWORD: dW1hbWk= + POSTGRESQL_USER: dW1hbWk= +kind: Secret +metadata: + creationTimestamp: null + name: umami-secret + namespace: umami diff --git a/docs/metrics.md b/docs/metrics.md new file mode 100644 index 00000000..e69de29b