diff --git a/Makefile b/Makefile index eb2efaccaf..b654467025 100644 --- a/Makefile +++ b/Makefile @@ -128,16 +128,11 @@ migrate-vendor: .PHONY: manifests manifests: migrate-vendor format $(JSONNET_VENDOR_DIR) -manifests: resources/services/telemeter-template.yaml resources/services/rhelemeter-template.yaml resources/services/jaeger-template.yaml resources/services/parca-template.yaml tests/deploy/manifests/minio-template.yaml tests/deploy/manifests/dex-template.yaml +manifests: resources/services/telemeter-template.yaml resources/services/rhelemeter-template.yaml resources/services/jaeger-template.yaml tests/deploy/manifests/minio-template.yaml tests/deploy/manifests/dex-template.yaml manifests: resources/services/observatorium-template.yaml resources/services/observatorium-metrics-template.yaml resources/services/observatorium-logs-template.yaml resources/services/observatorium-traces-subscriptions-template.yaml resources/services/observatorium-traces-template.yaml resources/crds/observatorium-logs-crds-template.yaml manifests: resources/services/metric-federation-rule-template.yaml $(MAKE) clean -resources/services/parca-template.yaml: $(JSONNET) $(GOJSONTOYAML) $(JSONNETFMT) -resources/services/parca-template.yaml: $(wildcard services/parca-*) - @echo ">>>>> Running parca-template" - $(JSONNET) -J "$(JSONNET_VENDOR_DIR)" -m resources/services services/parca-template.jsonnet | $(XARGS) -I{} sh -c 'cat {} | $(GOJSONTOYAML) > {}.yaml' -- {} - resources/services/jaeger-template.yaml: $(wildcard services/jaeger-*) $(JSONNET) $(GOJSONTOYAML) $(JSONNETFMT) @echo ">>>>> Running jaeger-template" $(JSONNET) -J "$(JSONNET_VENDOR_DIR)" services/jaeger-template.jsonnet | $(GOJSONTOYAML) > $@ diff --git a/jsonnetfile.json b/jsonnetfile.json index 86eb4673d6..dcae8fc536 100644 --- a/jsonnetfile.json +++ b/jsonnetfile.json @@ -112,15 +112,6 @@ }, "version": "master" }, - { - "source": { - "git": { - "remote": "https://github.com/parca-dev/parca.git", - "subdir": "deploy/lib/parca" - } - }, - "version": "main" - }, { "source": { "git": { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 55799a80d0..0883ed86da 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -306,16 +306,6 @@ "version": "76213272326b432a504dd59db593b94890541342", "sum": "h+pIb5Vnc+Dcpu1awzb9HLTHa+Hv1q6OAoIqbgxgHsk=" }, - { - "source": { - "git": { - "remote": "https://github.com/parca-dev/parca.git", - "subdir": "deploy/lib/parca" - } - }, - "version": "bc35eaf54ea6b9d7ea46b6c0fe2194084962765b", - "sum": "aK56fC0SsHbSg0WZfRiDTntO72QJqftVgORDae2ilyg=" - }, { "source": { "git": { diff --git a/resources/services/parca-observatorium-remote-ns-rbac-template.yaml b/resources/services/parca-observatorium-remote-ns-rbac-template.yaml deleted file mode 100644 index 91c4f3dd19..0000000000 --- a/resources/services/parca-observatorium-remote-ns-rbac-template.yaml +++ /dev/null @@ -1,215 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: parca-observatorium-rbac -objects: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${NAMESPACE} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${NAMESPACE} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: parca - subjects: - - kind: ServiceAccount - name: ${SERVICE_ACCOUNT_NAME} - namespace: ${NAMESPACE} -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${OBSERVATORIUM_METRICS_NAMESPACE} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${OBSERVATORIUM_METRICS_NAMESPACE} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: parca - subjects: - - kind: ServiceAccount - name: ${SERVICE_ACCOUNT_NAME} - namespace: ${NAMESPACE} -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${OBSERVATORIUM_MST_NAMESPACE} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${OBSERVATORIUM_MST_NAMESPACE} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: parca - subjects: - - kind: ServiceAccount - name: ${SERVICE_ACCOUNT_NAME} - namespace: ${NAMESPACE} -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${OBSERVATORIUM_LOGS_NAMESPACE} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${OBSERVATORIUM_LOGS_NAMESPACE} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: parca - subjects: - - kind: ServiceAccount - name: ${SERVICE_ACCOUNT_NAME} - namespace: ${NAMESPACE} -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${TELEMETER_NAMESPACE} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${TELEMETER_NAMESPACE} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: parca - subjects: - - kind: ServiceAccount - name: ${SERVICE_ACCOUNT_NAME} - namespace: ${NAMESPACE} -parameters: -- name: IMAGE_TAG - value: v0.15.0 -- name: NAMESPACE - value: observatorium -- name: OBSERVATORIUM_METRICS_NAMESPACE - value: observatorium-metrics -- name: OBSERVATORIUM_MST_NAMESPACE - value: observatorium-mst -- name: OBSERVATORIUM_LOGS_NAMESPACE - value: observatorium-logs -- name: TELEMETER_NAMESPACE - value: telemeter -- name: SERVICE_ACCOUNT_NAME - value: observatorium diff --git a/resources/services/parca-template.yaml b/resources/services/parca-template.yaml deleted file mode 100644 index 0d47e6628b..0000000000 --- a/resources/services/parca-template.yaml +++ /dev/null @@ -1,335 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -metadata: - name: parca -objects: -- apiVersion: v1 - data: - parca.yaml: |- - "object_storage": - "bucket": - "config": - "directory": "/parca" - "type": "FILESYSTEM" - "scrape_configs": - - "job_name": "parca" - "scrape_interval": "30s" - "scrape_timeout": "1m" - "static_configs": - - "labels": - "instance": "parca" - "job": "parca" - "targets": - - "localhost:7070" - - "job_name": "rhobs" - "kubernetes_sd_configs": - - "namespaces": - "names": - - "${NAMESPACE}" - - "${OBSERVATORIUM_METRICS_NAMESPACE}" - - "${OBSERVATORIUM_MST_NAMESPACE}" - "role": "pod" - "relabel_configs": - - "action": "drop" - "regex": "gubernator" - "source_labels": - - "__meta_kubernetes_pod_container_name" - - "action": "keep" - "regex": "observatorium-.+" - "source_labels": - - "__meta_kubernetes_pod_name" - - "action": "keep" - "regex": "http" - "source_labels": - - "__meta_kubernetes_pod_container_port_name" - - "source_labels": - - "__meta_kubernetes_namespace" - "target_label": "namespace" - - "source_labels": - - "__meta_kubernetes_pod_name" - "target_label": "pod" - - "source_labels": - - "__meta_kubernetes_pod_container_name" - "target_label": "container" - "scrape_interval": "30s" - "scrape_timeout": "1m" - - "job_name": "telemeter" - "kubernetes_sd_configs": - - "namespaces": - "names": - - "${TELEMETER_NAMESPACE}" - "role": "pod" - "relabel_configs": - - "action": "keep" - "regex": "telemeter-server.+" - "source_labels": - - "__meta_kubernetes_pod_name" - - "action": "keep" - "regex": "internal" - "source_labels": - - "__meta_kubernetes_pod_container_port_name" - - "source_labels": - - "__meta_kubernetes_namespace" - "target_label": "namespace" - - "source_labels": - - "__meta_kubernetes_pod_name" - "target_label": "pod" - - "source_labels": - - "__meta_kubernetes_pod_container_name" - "target_label": "container" - "scheme": "https" - "scrape_interval": "30s" - "scrape_timeout": "1m" - "tls_config": - "insecure_skip_verify": true - kind: ConfigMap - metadata: - annotations: - qontract.recycle: "true" - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca -- apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - template: - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - spec: - containers: - - args: - - /parca - - --http-address=:7070 - - --config-path=/etc/parca/parca.yaml - - --log-level=info - - --debug-infod-upstream-servers=https://debuginfod.systemtap.org - - --debug-infod-http-request-timeout=5m - - --storage-active-memory=${STORAGE_ACTIVE_MEMORY} - image: ${IMAGE}:${IMAGE_TAG} - livenessProbe: - exec: - command: - - /grpc_health_probe - - -v - - -addr=:7070 - initialDelaySeconds: 5 - name: parca - ports: - - containerPort: 7070 - name: http - readinessProbe: - exec: - command: - - /grpc_health_probe - - -v - - -addr=:7070 - initialDelaySeconds: 10 - resources: - limits: - cpu: ${PARCA_CPU_LIMITS} - memory: ${PARCA_MEMORY_LIMITS} - requests: - cpu: ${PARCA_CPU_REQUEST} - memory: ${PARCA_MEMORY_REQUEST} - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/parca - name: config - - mountPath: /var/lib/parca - name: data - - args: - - -provider=openshift - - -https-address=:10902 - - -http-address= - - -email-domain=* - - -upstream=http://localhost:7070 - - -openshift-service-account=${SERVICE_ACCOUNT_NAME} - - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "${NAMESPACE}", "namespace": "${NAMESPACE}"}' - - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "name": "${NAMESPACE}", "namespace": "${NAMESPACE}"}}' - - -tls-cert=/etc/tls/private/tls.crt - - -tls-key=/etc/tls/private/tls.key - - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - - -cookie-secret-file=/etc/proxy/secrets/session_secret - - -openshift-ca=/etc/pki/tls/cert.pem - - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - image: ${OAUTH_PROXY_IMAGE}:${OAUTH_PROXY_IMAGE_TAG} - name: proxy - ports: - - containerPort: 10902 - name: https - resources: - limits: - cpu: ${PARCA_PROXY_CPU_LIMITS} - memory: ${PARCA_PROXY_MEMORY_LIMITS} - requests: - cpu: ${PARCA_PROXY_CPU_REQUEST} - memory: ${PARCA_PROXY_MEMORY_REQUEST} - volumeMounts: - - mountPath: /etc/tls/private - name: secret-parca-tls - readOnly: false - - mountPath: /etc/proxy/secrets - name: secret-parca-proxy - readOnly: false - nodeSelector: - kubernetes.io/os: linux - securityContext: null - serviceAccountName: ${SERVICE_ACCOUNT_NAME} - terminationGracePeriodSeconds: 120 - volumes: - - configMap: - name: parca - name: config - - emptyDir: {} - name: data - - name: secret-parca-tls - secret: - secretName: conprof-tls - - name: secret-parca-proxy - secret: - secretName: conprof-proxy -- apiVersion: v1 - kind: Service - metadata: - annotations: - service.alpha.openshift.io/serving-cert-secret-name: conprof-tls - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - spec: - ports: - - name: https - port: 10902 - targetPort: 10902 - - name: http - port: 8443 - targetPort: 7070 - selector: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: parca - subjects: - - kind: ServiceAccount - name: ${SERVICE_ACCOUNT_NAME} - namespace: ${NAMESPACE} -- apiVersion: monitoring.coreos.com/v1 - kind: ServiceMonitor - metadata: - labels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca - app.kubernetes.io/version: ${IMAGE_TAG} - name: parca - namespace: ${NAMESPACE} - spec: - endpoints: - - port: http - relabelings: - - separator: / - sourceLabels: - - namespace - - pod - targetLabel: instance - selector: - matchLabels: - app.kubernetes.io/component: observability - app.kubernetes.io/instance: parca - app.kubernetes.io/name: parca -parameters: -- name: NAMESPACE - value: observatorium -- name: OBSERVATORIUM_METRICS_NAMESPACE - value: observatorium-metrics -- name: OBSERVATORIUM_MST_NAMESPACE - value: observatorium-mst -- name: OBSERVATORIUM_LOGS_NAMESPACE - value: observatorium-logs -- name: TELEMETER_NAMESPACE - value: telemeter -- name: IMAGE - value: ghcr.io/parca-dev/parca -- name: IMAGE_TAG - value: v0.15.0 -- name: PARCA_REPLICAS - value: "1" -- name: PARCA_CPU_REQUEST - value: "1" -- name: PARCA_MEMORY_REQUEST - value: 4Gi -- name: PARCA_CPU_LIMITS - value: "2" -- name: PARCA_MEMORY_LIMITS - value: 8Gi -- name: OAUTH_PROXY_IMAGE - value: quay.io/openshift/origin-oauth-proxy -- name: OAUTH_PROXY_IMAGE_TAG - value: 4.13.0 -- name: PARCA_PROXY_CPU_REQUEST - value: 100m -- name: PARCA_PROXY_MEMORY_REQUEST - value: 100Mi -- name: PARCA_PROXY_CPU_LIMITS - value: 200m -- name: PARCA_PROXY_MEMORY_LIMITS - value: 200Mi -- name: SERVICE_ACCOUNT_NAME - value: observatorium -- name: STORAGE_ACTIVE_MEMORY - value: "7000000000" diff --git a/services/parca-template.jsonnet b/services/parca-template.jsonnet deleted file mode 100644 index e837ed4faf..0000000000 --- a/services/parca-template.jsonnet +++ /dev/null @@ -1,330 +0,0 @@ -local p = import 'github.com/parca-dev/parca/deploy/lib/parca/parca.libsonnet'; - - -local config = { - name: 'parca', - namespace: '${NAMESPACE}', // Target namespace to deploy Parca. - image: '${IMAGE}:${IMAGE_TAG}', - version: '${IMAGE_TAG}', - replicas: 1, // RUNTIME ERROR: parca replicas has to be number >= 0 - - portTLS: 10902, - serviceAccountName: '${SERVICE_ACCOUNT_NAME}', - serviceMonitor: true, - - - namespaces: { - default: '${NAMESPACE}', - metrics: '${OBSERVATORIUM_METRICS_NAMESPACE}', - mst: '${OBSERVATORIUM_MST_NAMESPACE}', - logs: '${OBSERVATORIUM_LOGS_NAMESPACE}', - telemeter: '${TELEMETER_NAMESPACE}', - }, - - rawconfig+:: { - object_storage: { - bucket: { - config: { - directory: '/parca', - }, - type: 'FILESYSTEM', - }, - }, - scrape_configs: [ - { - job_name: 'parca', - scrape_interval: '30s', - scrape_timeout: '1m', - static_configs: [ - { - targets: ['localhost:7070'], - labels: { - instance: 'parca', - job: 'parca', - }, - }, - ], - }, - { - job_name: 'rhobs', - kubernetes_sd_configs: [{ - namespaces: { names: [ - config.namespaces.default, - config.namespaces.metrics, - config.namespaces.mst, - ] }, - role: 'pod', - }], - relabel_configs: [ - // gubernator does not appear to expose pprof endpoints - { - action: 'drop', - regex: 'gubernator', - source_labels: ['__meta_kubernetes_pod_container_name'], - }, - { - action: 'keep', - regex: 'observatorium-.+', - source_labels: ['__meta_kubernetes_pod_name'], - }, - { - action: 'keep', - regex: 'http', - source_labels: ['__meta_kubernetes_pod_container_port_name'], - }, - { - source_labels: ['__meta_kubernetes_namespace'], - target_label: 'namespace', - }, - { - source_labels: ['__meta_kubernetes_pod_name'], - target_label: 'pod', - }, - { - source_labels: ['__meta_kubernetes_pod_container_name'], - target_label: 'container', - }, - ], - scrape_interval: '30s', - scrape_timeout: '1m', - }, - { - job_name: 'telemeter', - kubernetes_sd_configs: [{ - namespaces: { names: [config.namespaces.telemeter] }, - role: 'pod', - }], - relabel_configs: [ - { - action: 'keep', - regex: 'telemeter-server.+', - source_labels: ['__meta_kubernetes_pod_name'], - }, - { - action: 'keep', - regex: 'internal', - source_labels: ['__meta_kubernetes_pod_container_port_name'], - }, - { - source_labels: ['__meta_kubernetes_namespace'], - target_label: 'namespace', - }, - { - source_labels: ['__meta_kubernetes_pod_name'], - target_label: 'pod', - }, - { - source_labels: ['__meta_kubernetes_pod_container_name'], - target_label: 'container', - }, - ], - scrape_interval: '30s', - scrape_timeout: '1m', - scheme: 'https', - tls_config: { - insecure_skip_verify: true, - }, - }, - ], - }, -}; - -local parca = p(config); - -local ourRole = parca.role { - rules: [{ - apiGroups: [''], - resources: ['services', 'endpoints', 'pods'], - verbs: ['get', 'list', 'watch'], - }], -}; - -local ourRoleBinding = parca.roleBinding { - subjects: [{ - kind: 'ServiceAccount', - name: config.serviceAccountName, - namespace: config.namespaces.default, - }], -}; - -local proxyContainer = { - name: 'proxy', - image: '${OAUTH_PROXY_IMAGE}:${OAUTH_PROXY_IMAGE_TAG}', - args: [ - '-provider=openshift', - '-https-address=:%d' % config.portTLS, - '-http-address=', - '-email-domain=*', - '-upstream=http://localhost:%d' % parca.config.port, - '-openshift-service-account=' + config.serviceAccountName, - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "${NAMESPACE}", "namespace": "${NAMESPACE}"}', - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "name": "${NAMESPACE}", "namespace": "${NAMESPACE}"}}', - '-tls-cert=/etc/tls/private/tls.crt', - '-tls-key=/etc/tls/private/tls.key', - '-client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token', - '-cookie-secret-file=/etc/proxy/secrets/session_secret', - '-openshift-ca=/etc/pki/tls/cert.pem', - '-openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - ], - ports: [ - { name: 'https', containerPort: config.portTLS }, - ], - volumeMounts: [ - { name: 'secret-parca-tls', mountPath: '/etc/tls/private', readOnly: false }, - { name: 'secret-parca-proxy', mountPath: '/etc/proxy/secrets', readOnly: false }, - ], - resources: { - requests: { - cpu: '${PARCA_PROXY_CPU_REQUEST}', - memory: '${PARCA_PROXY_MEMORY_REQUEST}', - }, - limits: { - cpu: '${PARCA_PROXY_CPU_LIMITS}', - memory: '${PARCA_PROXY_MEMORY_LIMITS}', - }, - }, -}; - -{ - 'parca-template': { - apiVersion: 'template.openshift.io/v1', - kind: 'Template', - metadata: { - name: 'parca', - }, - objects: [ - parca.configMap { - metadata+: { - namespace:: 'hidden', - annotations+: { - 'qontract.recycle': 'true', - }, - }, - data: { - 'parca.yaml': std.manifestYamlDoc(config.rawconfig), - }, - }, - parca.deployment { - metadata+: { namespace:: 'hidden' }, - spec+: { - template+: { - spec+: { - securityContext: null, - serviceAccountName: config.serviceAccountName, - containers: [ - super.containers[0] { - args+: ['--storage-active-memory=${STORAGE_ACTIVE_MEMORY}'], - resources: { - requests: { - cpu: '${PARCA_CPU_REQUEST}', - memory: '${PARCA_MEMORY_REQUEST}', - }, - limits: { - cpu: '${PARCA_CPU_LIMITS}', - memory: '${PARCA_MEMORY_LIMITS}', - }, - }, - }, - ] + [proxyContainer], - volumes+: [ - { name: 'secret-parca-tls', secret: { secretName: 'conprof-tls' } }, - { name: 'secret-parca-proxy', secret: { secretName: 'conprof-proxy' } }, - ], - }, - }, - }, - }, - parca.service { - metadata+: { - namespace:: 'hidden', - annotations+: { - 'service.alpha.openshift.io/serving-cert-secret-name': 'conprof-tls', - }, - }, - spec+: { - ports: [ - { name: 'https', port: 10902, targetPort: config.portTLS }, - { name: 'http', port: 8443, targetPort: parca.config.port }, - ], - }, - }, - ourRole { - metadata+: { namespace:: 'hidden' }, - }, - ourRoleBinding { - metadata+: { namespace:: 'hidden' }, - }, - parca.serviceMonitor, - ], - parameters: [ - { name: 'NAMESPACE', value: 'observatorium' }, - { name: 'OBSERVATORIUM_METRICS_NAMESPACE', value: 'observatorium-metrics' }, - { name: 'OBSERVATORIUM_MST_NAMESPACE', value: 'observatorium-mst' }, - { name: 'OBSERVATORIUM_LOGS_NAMESPACE', value: 'observatorium-logs' }, - { name: 'TELEMETER_NAMESPACE', value: 'telemeter' }, - { name: 'IMAGE', value: 'ghcr.io/parca-dev/parca' }, - { name: 'IMAGE_TAG', value: 'v0.15.0' }, - { name: 'PARCA_REPLICAS', value: '1' }, - { name: 'PARCA_CPU_REQUEST', value: '1' }, - { name: 'PARCA_MEMORY_REQUEST', value: '4Gi' }, - { name: 'PARCA_CPU_LIMITS', value: '2' }, - { name: 'PARCA_MEMORY_LIMITS', value: '8Gi' }, - { name: 'OAUTH_PROXY_IMAGE', value: 'quay.io/openshift/origin-oauth-proxy' }, - { name: 'OAUTH_PROXY_IMAGE_TAG', value: '4.13.0' }, - { name: 'PARCA_PROXY_CPU_REQUEST', value: '100m' }, - { name: 'PARCA_PROXY_MEMORY_REQUEST', value: '100Mi' }, - { name: 'PARCA_PROXY_CPU_LIMITS', value: '200m' }, - { name: 'PARCA_PROXY_MEMORY_LIMITS', value: '200Mi' }, - { name: 'SERVICE_ACCOUNT_NAME', value: 'observatorium' }, - { name: 'STORAGE_ACTIVE_MEMORY', value: '7000000000' }, - ], - }, - 'parca-observatorium-remote-ns-rbac-template': { - apiVersion: 'template.openshift.io/v1', - kind: 'Template', - metadata: { - name: 'parca-observatorium-rbac', - }, - objects: [ - ourRole { - metadata+: { namespace: '${NAMESPACE}' }, - }, - ourRoleBinding { - metadata+: { namespace: '${NAMESPACE}' }, - }, - ourRole { - metadata+: { namespace: '${OBSERVATORIUM_METRICS_NAMESPACE}' }, - }, - ourRoleBinding { - metadata+: { namespace: '${OBSERVATORIUM_METRICS_NAMESPACE}' }, - }, - ourRole { - metadata+: { namespace: '${OBSERVATORIUM_MST_NAMESPACE}' }, - }, - ourRoleBinding { - metadata+: { namespace: '${OBSERVATORIUM_MST_NAMESPACE}' }, - }, - ourRole { - metadata+: { namespace: '${OBSERVATORIUM_LOGS_NAMESPACE}' }, - }, - ourRoleBinding { - metadata+: { namespace: '${OBSERVATORIUM_LOGS_NAMESPACE}' }, - }, - ourRole { - metadata+: { namespace: '${TELEMETER_NAMESPACE}' }, - }, - ourRoleBinding { - metadata+: { namespace: '${TELEMETER_NAMESPACE}' }, - }, - ], - parameters: [ - { name: 'IMAGE_TAG', value: 'v0.15.0' }, - { name: 'NAMESPACE', value: 'observatorium' }, - { name: 'OBSERVATORIUM_METRICS_NAMESPACE', value: 'observatorium-metrics' }, - { name: 'OBSERVATORIUM_MST_NAMESPACE', value: 'observatorium-mst' }, - { name: 'OBSERVATORIUM_LOGS_NAMESPACE', value: 'observatorium-logs' }, - { name: 'TELEMETER_NAMESPACE', value: 'telemeter' }, - { name: 'SERVICE_ACCOUNT_NAME', value: 'observatorium' }, - ], - }, -} diff --git a/tests/deploy/env/observatorium-parca.test.env b/tests/deploy/env/observatorium-parca.test.env index 9c1f1aacac..7eb92273ec 100644 --- a/tests/deploy/env/observatorium-parca.test.env +++ b/tests/deploy/env/observatorium-parca.test.env @@ -1,11 +1,11 @@ -PARCA_REPLICAS=1 - +IMAGE=ghcr.io/parca-dev/parca PARCA_CPU_REQUEST=100m PARCA_MEMORY_REQUEST=500Mi PARCA_CPU_LIMITS=200m PARCA_MEMORY_LIMITS=1Gi -PARCA_PROXY_CPU_REQUEST=100m -PARCA_PROXY_MEMORY_REQUEST=100Mi -PARCA_PROXY_CPU_LIMITS=200m -PARCA_PROXY_MEMORY_LIMITS=200Mi -STORAGE_ACTIVE_MEMORY=536870912 +ACCESS_KEY_ID=minio +SECRET_ACCESS_KEY=minio123 +S3_BUCKET_NAME=parca +S3_BUCKET_ENDPOINT=minio.minio.svc.cluster.local:9000 +S3_BUCKET_REGION=eu-central-1 +SD_NAMESPACE_LIST='["observatorium-metrics"]' diff --git a/tests/deploy/launch.sh b/tests/deploy/launch.sh index 4da68b01c0..6cfe8193b0 100755 --- a/tests/deploy/launch.sh +++ b/tests/deploy/launch.sh @@ -31,6 +31,8 @@ observatorium_tools(){ oc create ns observatorium-tools || true oc apply --namespace observatorium-tools -f manifests/observatorium-tools-network-policy.yaml oc process --param-file=env/logging.test.env -f ../../resources/services/meta-monitoring/logging-template.yaml | oc apply --namespace observatorium-tools -f - + oc process --param-file=env/observatorium-parca.test.env -f ../../resources/services/meta-monitoring/profiling-template.yaml | oc apply --namespace observatorium-tools -f - + } logging(){ @@ -58,10 +60,7 @@ observatorium() { oc apply -f manifests/observatorium-rules-objstore-secret.yaml --namespace observatorium oc apply -f manifests/observatorium-rhobs-tenant-secret.yaml --namespace observatorium oc apply --namespace observatorium -f manifests/observatorium-service-account.yaml - oc apply -f manifests/observatorium-parca-secret.yaml --namespace observatorium - rbac oc process --param-file=env/observatorium.test.env -f ../../resources/services/observatorium-template.yaml | oc apply --namespace observatorium -f - - oc process --param-file=env/observatorium-parca.test.env -f ../../resources/services/parca-template.yaml | oc apply --namespace observatorium -f - oc process --param-file=env/observatorium-jaeger.test.env -f ../../resources/services/jaeger-template.yaml | oc apply --namespace observatorium -f - } @@ -98,11 +97,6 @@ teardown() { oc delete ns openshift-operators-redhat || true } -rbac(){ - # The below namespaces are just created for parca-observatorium-remote-ns-rbac-template. These can be removed once logging/tracing is deployed - oc create ns observatorium-mst || true - oc process -f ../../resources/services/parca-observatorium-remote-ns-rbac-template.yaml | oc apply -f - -} case $1 in deploy) minio