Create go configuration rhobs

go.mod

@@ -1,12 +1,17 @@
 module github.com/rhobs/configuration
 
-go 1.19
+go 1.21
+
+toolchain go1.21.1
 
 require (
-	github.com/bwplotka/mimic v0.1.1-0.20220621130344-a6338e3b8238
-	github.com/observatorium/api v0.1.3-0.20220621123450-69c5f2661d01
+	github.com/bwplotka/mimic v0.2.1-0.20230303101552-f705cca2f4a4
+	github.com/observatorium/api v0.1.3-0.20230711132510-96e8799ade44
+	github.com/observatorium/observatorium v0.0.0-00010101000000-000000000000
+	github.com/openshift/api v3.9.0+incompatible
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.68.0
 	github.com/pyrra-dev/pyrra v0.7.0
+	k8s.io/api v0.28.2
 	k8s.io/apimachinery v0.28.2
 )
 
@@ -50,6 +55,7 @@ require (
 	github.com/prometheus/prometheus v1.8.2-0.20220211202545-56e14463bccf // indirect
 	github.com/rodaine/hclencoder v0.0.1 // indirect
 	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/thanos-io/thanos v0.32.2 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/goleak v1.2.1 // indirect
 	go.uber.org/zap v1.26.0 // indirect
@@ -67,7 +73,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.28.2 // indirect
 	k8s.io/apiextensions-apiserver v0.28.2 // indirect
 	k8s.io/client-go v0.28.2 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
@@ -78,3 +83,5 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
+
+replace github.com/observatorium/observatorium => github.com/thibaultmg/observatorium v0.0.0-20230922090626-0f7a82fd0910

mimic.go

@@ -3,6 +3,7 @@ package main
 import (
 	"github.com/bwplotka/mimic"
 	cfgobservatorium "github.com/rhobs/configuration/configuration/observatorium"
+	services "github.com/rhobs/configuration/services_go"
 )
 
 func main() {
@@ -13,4 +14,8 @@ func main() {
 	cfgobservatorium.GenSLO(gen.With("observability", "prometheusrules", "pyrra"), gen.With("observability", "prometheusrules"))
 
 	cfgobservatorium.GenerateRBAC(gen.With(".tmp", "tenants"))
+
+	// Generate the manifests for all observatorium instances.
+	services.Generate(gen.With("services"))
+
 }

resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-template.yaml

@@ -0,0 +1,299 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  creationTimestamp: null
+  name: observatorium-metrics-compact
+objects:
+- apiVersion: v1
+  data:
+    session_secret: c2VjcmV0
+  kind: Secret
+  metadata:
+    creationTimestamp: null
+    labels:
+      app.kubernetes.io/component: database-compactor
+      app.kubernetes.io/instance: observatorium
+      app.kubernetes.io/name: thanos-compact
+      app.kubernetes.io/part-of: observatorium
+      app.kubernetes.io/version: v0.32.3
+    name: compact-proxy
+    namespace: rhobs
+- apiVersion: v1
+  kind: Service
+  metadata:
+    annotations:
+      service.alpha.openshift.io/serving-cert-secret-name: compact-tls
+    creationTimestamp: null
+    labels:
+      app.kubernetes.io/component: database-compactor
+      app.kubernetes.io/instance: observatorium
+      app.kubernetes.io/name: thanos-compact
+      app.kubernetes.io/part-of: observatorium
+      app.kubernetes.io/version: v0.32.3
+    name: observatorium-thanos-compact
+    namespace: rhobs
+  spec:
+    ports:
+    - name: http
+      port: 10902
+      protocol: TCP
+      targetPort: 10902
+    - name: https
+      port: 8443
+      protocol: TCP
+      targetPort: 8443
+    selector:
+      app.kubernetes.io/component: database-compactor
+      app.kubernetes.io/instance: observatorium
+      app.kubernetes.io/name: thanos-compact
+      app.kubernetes.io/part-of: observatorium
+  status:
+    loadBalancer: {}
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    creationTimestamp: null
+    labels:
+      app.kubernetes.io/component: database-compactor
+      app.kubernetes.io/instance: observatorium
+      app.kubernetes.io/name: thanos-compact
+      app.kubernetes.io/part-of: observatorium
+      app.kubernetes.io/version: v0.32.3
+    name: observatorium-thanos-compact
+    namespace: rhobs
+- apiVersion: monitoring.coreos.com/v1
+  kind: ServiceMonitor
+  metadata:
+    creationTimestamp: null
+    labels:
+      app.kubernetes.io/component: database-compactor
+      app.kubernetes.io/instance: observatorium
+      app.kubernetes.io/name: thanos-compact
+      app.kubernetes.io/part-of: observatorium
+      app.kubernetes.io/version: v0.32.3
+      prometheus: app-sre
+    name: observatorium-thanos-compact
+    namespace: openshift-customer-monitoring
+  spec:
+    endpoints:
+    - port: http
+      relabelings:
+      - action: replace
+        separator: /
+        sourceLabels:
+        - namespace
+        - pod
+        targetLabel: instance
+    namespaceSelector:
+      matchNames:
+      - rhobs
+    selector:
+      matchLabels:
+        app.kubernetes.io/component: database-compactor
+        app.kubernetes.io/instance: observatorium
+        app.kubernetes.io/name: thanos-compact
+        app.kubernetes.io/part-of: observatorium
+- apiVersion: apps/v1
+  kind: StatefulSet
+  metadata:
+    creationTimestamp: null
+    labels:
+      app.kubernetes.io/component: database-compactor
+      app.kubernetes.io/instance: observatorium
+      app.kubernetes.io/name: thanos-compact
+      app.kubernetes.io/part-of: observatorium
+      app.kubernetes.io/version: v0.32.3
+    name: observatorium-thanos-compact
+    namespace: rhobs
+  spec:
+    replicas: 1
+    selector:
+      matchLabels:
+        app.kubernetes.io/component: database-compactor
+        app.kubernetes.io/instance: observatorium
+        app.kubernetes.io/name: thanos-compact
+        app.kubernetes.io/part-of: observatorium
+    serviceName: observatorium-thanos-compact
+    template:
+      metadata:
+        creationTimestamp: null
+        labels:
+          app.kubernetes.io/component: database-compactor
+          app.kubernetes.io/instance: observatorium
+          app.kubernetes.io/name: thanos-compact
+          app.kubernetes.io/part-of: observatorium
+          app.kubernetes.io/version: v0.32.3
+        namespace: rhobs
+      spec:
+        affinity:
+          podAntiAffinity:
+            preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                  - key: app.kubernetes.io/name
+                    operator: In
+                    values:
+                    - thanos-compact
+                  - key: app.kubernetes.io/instance
+                    operator: In
+                    values:
+                    - observatorium
+                topologyKey: kubernetes.io/hostname
+              weight: 100
+        containers:
+        - args:
+          - compact
+          - --compact.concurrency=1
+          - --data-dir=/var/thanos/compactor
+          - --deduplication.replica-label=replica
+          - --delete-delay=24h0m0s
+          - --downsample.concurrency=1
+          - --log.format=logfmt
+          - --log.level=info
+          - --objstore.config=$(OBJSTORE_CONFIG)
+          - --retention.resolution-1h=8760h0m0s
+          - --retention.resolution-5m=8760h0m0s
+          - --retention.resolution-raw=8760h0m0s
+          - --wait
+          - --debug.max-compaction-level=3
+          env:
+          - name: AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                key: aws_access_key_id
+                name: rhobs-thanos-s3
+          - name: AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                key: aws_secret_access_key
+                name: rhobs-thanos-s3
+          - name: OBJSTORE_CONFIG
+            valueFrom:
+              secretKeyRef:
+                key: thanos.yaml
+                name: rhobs-thanos-objectstorage
+          image: quay.io/thanos/thanos:v0.32.3
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 4
+            httpGet:
+              path: /-/healthy
+              port: 10902
+            periodSeconds: 30
+          name: thanos
+          ports:
+          - containerPort: 10902
+            name: http
+            protocol: TCP
+          readinessProbe:
+            failureThreshold: 20
+            httpGet:
+              path: /-/ready
+              port: 10902
+            periodSeconds: 5
+          resources:
+            limits:
+              memory: 5Gi
+            requests:
+              cpu: 200m
+              memory: 1Gi
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+          - mountPath: /var/thanos/compactor
+            name: data
+        - args:
+          - -provider=openshift
+          - -https-address=:8443
+          - -http-address=
+          - -email-domain=*
+          - -upstream=http://localhost:10902
+          - -openshift-service-account=observatorium-thanos-compact
+          - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs",
+            "namespace": "rhobs"}'
+          - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get",
+            "name": "rhobs", "namespace": "rhobs"}}'
+          - -tls-cert=/etc/tls/private/tls.crt
+          - -tls-key=/etc/tls/private/tls.key
+          - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
+          - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET}
+          - -cookie-secret-file=/etc/proxy/secrets/session_secret
+          - -openshift-ca=/etc/pki/tls/cert.pem
+          - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          image: quay.io/openshift/origin-oauth-proxy:v4.13.0
+          name: oauth-proxy
+          ports:
+          - containerPort: 8443
+            name: https
+            protocol: TCP
+          resources:
+            limits:
+              cpu: 200m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 100Mi
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+          - mountPath: /etc/tls/private
+            name: compact-tls
+            readOnly: true
+          - mountPath: /etc/proxy/secrets
+            name: compact-proxy
+            readOnly: true
+        nodeSelector:
+          kubernetes.io/os: linux
+        securityContext:
+          fsGroup: 65534
+          runAsUser: 65534
+        serviceAccountName: observatorium-thanos-compact
+        terminationGracePeriodSeconds: 120
+        volumes:
+        - name: compact-tls
+          secret:
+            secretName: compact-tls
+        - name: compact-proxy
+          secret:
+            secretName: compact-proxy
+    updateStrategy: {}
+    volumeClaimTemplates:
+    - metadata:
+        creationTimestamp: null
+        labels:
+          app.kubernetes.io/component: database-compactor
+          app.kubernetes.io/instance: observatorium
+          app.kubernetes.io/name: thanos-compact
+          app.kubernetes.io/part-of: observatorium
+          app.kubernetes.io/version: v0.32.3
+        name: data
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 500Gi
+        storageClassName: gp2
+      status: {}
+- apiVersion: policy/v1
+  kind: PodDisruptionBudget
+  metadata:
+    creationTimestamp: null
+    labels:
+      app.kubernetes.io/component: database-compactor
+      app.kubernetes.io/instance: observatorium
+      app.kubernetes.io/name: thanos-compact
+      app.kubernetes.io/part-of: observatorium
+    name: observatorium-thanos-compact
+    namespace: rhobs
+  spec:
+    maxUnavailable: 1
+    selector:
+      matchLabels:
+        app.kubernetes.io/component: database-compactor
+        app.kubernetes.io/instance: observatorium
+        app.kubernetes.io/name: thanos-compact
+        app.kubernetes.io/part-of: observatorium
+parameters:
+- from: '[a-zA-Z0-9]{40}'
+  generate: expression
+  name: OAUTH_PROXY_COOKIE_SECRET