From 1d3c81e6bdbe900294d3ca4712aa4d05f5b011f4 Mon Sep 17 00:00:00 2001
From: Richard Hagen <richard.hagen@gmail.com>
Date: Tue, 15 Oct 2024 10:33:56 +0200
Subject: [PATCH] feat: install radix-prometheus-proxy in extmon (#2417)

* feat: install radix-prometheus-proxy in extmon

* fix helm repo

* dont use nightly or pr tags

* dont use main tags

* add ingress section

* addet ingress

* fix ingress

* use cluster cert issuer

* fix certmanager annotations
---
 clusters/monitoring/kustomization.yaml        |  2 +
 .../radix-prometheus-proxy/helmRelease.yaml   | 35 +++++++++++++++++
 clusters/monitoring/postBuild.yaml            |  1 +
 .../radix-prometheus-proxy/helmRepo.yaml      |  8 ++++
 .../radix-prometheus-proxy/imagePolicy.yaml   | 11 ++++++
 .../radix-prometheus-proxy/imageRepo.yaml     | 16 ++++++++
 .../radix-prometheus-proxy/ingress.yaml       | 39 +++++++++++++++++++
 .../radix-prometheus-proxy/kustomization.yaml |  7 ++++
 8 files changed, 119 insertions(+)
 create mode 100644 clusters/monitoring/overlay/radix-platform/radix-prometheus-proxy/helmRelease.yaml
 create mode 100644 components/radix-platform/radix-prometheus-proxy/helmRepo.yaml
 create mode 100644 components/radix-platform/radix-prometheus-proxy/imagePolicy.yaml
 create mode 100644 components/radix-platform/radix-prometheus-proxy/imageRepo.yaml
 create mode 100644 components/radix-platform/radix-prometheus-proxy/ingress.yaml
 create mode 100644 components/radix-platform/radix-prometheus-proxy/kustomization.yaml

diff --git a/clusters/monitoring/kustomization.yaml b/clusters/monitoring/kustomization.yaml
index b7a3038fc68..ee827905ca8 100644
--- a/clusters/monitoring/kustomization.yaml
+++ b/clusters/monitoring/kustomization.yaml
@@ -9,6 +9,8 @@ resources:
 - ../../components/third-party/kube-prometheus-stack
 - ../../components/third-party/prometheus-blackbox-exporter
 - ../../components/third-party/external-secrets
+- ../../components/radix-platform/radix-prometheus-proxy
+- overlay/radix-platform/radix-prometheus-proxy/helmRelease.yaml
 patches:
   - path: ./postBuild.yaml
   - path: ./helm-controller.yaml
diff --git a/clusters/monitoring/overlay/radix-platform/radix-prometheus-proxy/helmRelease.yaml b/clusters/monitoring/overlay/radix-platform/radix-prometheus-proxy/helmRelease.yaml
new file mode 100644
index 00000000000..4760022ed31
--- /dev/null
+++ b/clusters/monitoring/overlay/radix-platform/radix-prometheus-proxy/helmRelease.yaml
@@ -0,0 +1,35 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: radix-prometheus-proxy
+  namespace: monitor
+spec:
+  targetNamespace: monitor
+  interval: 5m
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  chart:
+    spec:
+      chart: radix-prometheus-proxy
+      version: ${RADIX_PROMETHEUS_PROXY_TAG}
+      sourceRef:
+        kind: HelmRepository
+        name: radix-prometheus-proxy
+        namespace: flux-system
+  values:
+    prometheusUrl: http://prometheus-operator-prometheus:9090
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+              - matchExpressions:
+                - key: kubernetes.io/os
+                  operator: In
+                  values:
+                    - linux
+                - key: kubernetes.io/arch
+                  operator: In
+                  values:
+                    - arm64
diff --git a/clusters/monitoring/postBuild.yaml b/clusters/monitoring/postBuild.yaml
index 11156f32874..6a7979637de 100644
--- a/clusters/monitoring/postBuild.yaml
+++ b/clusters/monitoring/postBuild.yaml
@@ -22,6 +22,7 @@ spec:
       KUBE_PROMETHEUS_STACK: 62.3.0 # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
       NGINX_VERSION: 4.11.1 # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
       RADIX_CACHE_REGISTRY: radixplatformcache.azurecr.io
+      RADIX_PROMETHEUS_PROXY_TAG: 1.9.1 # {"$imagepolicy": "flux-system:radix-prometheus-proxy:tag"}
       RADIX_WILDCARD_CERTIFICATE_ISSUER: letsencrypt-prod # installed by platform scripts
       RADIX_ZONE_MIGRATE: extmon
       VELERO_MI_CLIENT_ID: 069f097a-be9a-4e59-bffc-9b1e3d5cbbe9
diff --git a/components/radix-platform/radix-prometheus-proxy/helmRepo.yaml b/components/radix-platform/radix-prometheus-proxy/helmRepo.yaml
new file mode 100644
index 00000000000..27fdb4dc5b9
--- /dev/null
+++ b/components/radix-platform/radix-prometheus-proxy/helmRepo.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: radix-prometheus-proxy
+  namespace: flux-system
+spec:
+  interval: 5m
+  url: https://equinor.github.io/radix-prometheus-proxy
diff --git a/components/radix-platform/radix-prometheus-proxy/imagePolicy.yaml b/components/radix-platform/radix-prometheus-proxy/imagePolicy.yaml
new file mode 100644
index 00000000000..9ba72bb6fb3
--- /dev/null
+++ b/components/radix-platform/radix-prometheus-proxy/imagePolicy.yaml
@@ -0,0 +1,11 @@
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImagePolicy
+metadata:
+  name: radix-prometheus-proxy
+  namespace: flux-system
+spec:
+  imageRepositoryRef:
+    name: radix-prometheus-proxy
+  policy:
+    semver:
+      range: '>=1.0.0'
diff --git a/components/radix-platform/radix-prometheus-proxy/imageRepo.yaml b/components/radix-platform/radix-prometheus-proxy/imageRepo.yaml
new file mode 100644
index 00000000000..b81a88586a8
--- /dev/null
+++ b/components/radix-platform/radix-prometheus-proxy/imageRepo.yaml
@@ -0,0 +1,16 @@
+# This is a hack, since image update automation cant scan HelmRepositories
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: radix-prometheus-proxy
+  namespace: flux-system
+spec:
+  image: ghcr.io/equinor/radix-prometheus-proxy
+  interval: 1m0s
+  exclusionList:
+    - "^.*\\.sig$"
+    - "^pr.*"
+    - "^latest.*"
+    - "^main.*"
+
+
diff --git a/components/radix-platform/radix-prometheus-proxy/ingress.yaml b/components/radix-platform/radix-prometheus-proxy/ingress.yaml
new file mode 100644
index 00000000000..047dcb33f87
--- /dev/null
+++ b/components/radix-platform/radix-prometheus-proxy/ingress.yaml
@@ -0,0 +1,39 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: ${RADIX_WILDCARD_CERTIFICATE_ISSUER}
+  labels:
+    radix-app: radix-prometheus-proxy
+    radix-component: radix-prometheus-proxy
+  name: radix-prometheus-proxy
+  namespace: monitor
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: uptime.${AZ_RESOURCE_DNS:=tba}
+      http:
+        paths:
+          - path: "/"
+            pathType: Prefix
+            backend:
+              service:
+                name: monitor-radix-prometheus-proxy
+                port:
+                  number: 8000
+    - host: uptme.${clusterName:=tba}.${AZ_RESOURCE_DNS:=tba}
+      http:
+        paths:
+          - path: "/"
+            pathType: Prefix
+            backend:
+              service:
+                name: monitor-radix-prometheus-proxy
+                port:
+                  number: 8000
+  tls:
+    - hosts:
+        - uptime.${AZ_RESOURCE_DNS:=tba}
+        - uptime.${clusterName:=tba}.${AZ_RESOURCE_DNS:=tba}
+      secretName: "uptime-cert"
diff --git a/components/radix-platform/radix-prometheus-proxy/kustomization.yaml b/components/radix-platform/radix-prometheus-proxy/kustomization.yaml
new file mode 100644
index 00000000000..dfe4189a874
--- /dev/null
+++ b/components/radix-platform/radix-prometheus-proxy/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmRepo.yaml
+  - imageRepo.yaml
+  - imagePolicy.yaml
+  - ingress.yaml