Merge pull request #730 from Dynatrace/feature/edge_connect

Feature/edge connect

user-skel/ansible_collections/ace_box/ace_box/roles/app-easytrade/Readme.md

@@ -12,7 +12,7 @@ This role depends on the following roles to be deployed beforehand:
 
 ```yaml
 - include_role:
-    name: k3s
+    name: microk8s
 ```
 
 > Note: we highly recommend to use k3s, but it is also possible to use microk8s. More information below
@@ -75,15 +75,6 @@ To enable monaco:
 
 ```
 
-### (Alternative) microk8s
-
-If for some reason you are facing issues with k3s as the prerequisite, you can also deploy microk8s:
-
-```yaml
-- include_role:
-    name: microk8s
-```
-
 ### Add to ACE Dashboard
 To add references to the ACE dashboard, set the following vars:
 

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/Readme.md

@@ -0,0 +1,76 @@
+# dt-edge-connect
+
+This currated role can be used to deploy the Dynatrace [Edge Connect](https://docs.dynatrace.com/docs/setup-and-configuration/edgeconnect) component in your k8s cluster.
+
+## Using the role
+
+### Role Requirements
+This role depends on the following roles to be deployed beforehand:
+
+```yaml
+- include_role:
+    name: k3s
+```
+
+```yaml
+- include_role:
+    name: dt-operator
+```
+
+### Deploying dt-edge-connect
+
+`dt-edge-connect` gets installed along with the Dynatrace Operator. In order to deploy `dt-edge-connect`, add the following variable to the dt-operator role:
+
+```yaml
+- include_role:
+    name: dt-edge-connect
+```
+
+Once the role is completed, the following variables are available:
+- `k8s_cluster_uid`
+- `edge_connect_token`
+
+In order to use dt-edge-connect in a [Kubernetes Workflow Action](https://docs.dynatrace.com/docs/analyze-explore-automate/workflows/actions/kubernetes-automation/kubernetes-workflow-actions), a connection setting is needed. The `dt-edge-connect` role will automatically create a connection for you that you can use in a Kubernetes Workflow Action.
+
+If you want to automatically provision a Kubernetes Workflow Action via monaco, then you need also the connection as-code, in order to reference one configuration with the other. Then you need to store the variables as environment variables, in order to call them from the monaco configuration file. Check the files under `dt-edge-connect/files/monaco/k8s-connector` as an example:
+
+```yaml
+configs:
+- id: k8s_connector
+  config:
+    parameters:
+        k8sToken:
+          type: environment
+          name: k8s_cluster_uid
+        k8sUid:
+          type: environment
+          name: edge_connect_token
+    template: k8s-connector.json
+    skip: true
+  type:
+    settings:
+      schema: app:dynatrace.kubernetes.connector:connection
+      schemaVersion: 0.1.8
+      scope: environment
+```
+
+If you are running monaco from Gitlab, this is how you can create enviroment variables:
+
+```yaml
+- name: Gitlab - Additional Environment Variables
+  include_role:
+    name: gitlab
+    tasks_from: ensure-group-var
+  vars:
+    gitlab_var_key: "{{ item.key }}"
+    gitlab_var_value: "{{ item.value }}"
+  loop:
+    - {
+        key: "k8s_cluster_uid",
+        value: "{{k8s_cluster_uid}}",
+      }
+    - {
+        key: "edge_connect_token",
+        value: "{{edge_connect_token}}",
+      }
+```

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/defaults/main.yml

@@ -0,0 +1,18 @@
+# Copyright 2024 Dynatrace LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+cluster_ip: "{{hostvars[inventory_hostname]['ansible_default_ipv4']['address']}}"
+edge_connect_name: "edge-connect-k8s-hot"
+dynatrace_api_version: v1alpha1

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/files/monaco/k8s-connection/config.yaml

@@ -0,0 +1,17 @@
+configs:
+- id: k8s_connector
+  config:
+    parameters:
+        k8sToken:
+          type: environment
+          name: K8S_TOKEN
+        k8sUid:
+          type: environment
+          name: K8S_UID
+    template: k8s-connector.json
+    skip: true
+  type:
+    settings:
+      schema: app:dynatrace.kubernetes.connector:connection
+      schemaVersion: 0.1.8
+      scope: environment

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/files/monaco/k8s-connection/k8s-connector.json

@@ -0,0 +1,6 @@
+{
+    "name": "edge-connect-k8s-hot",
+    "namespace": "dynatrace",
+    "uid": "{{.k8sUid}}",
+    "token": "{{.k8sToken}}"
+  }

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/tasks/generate-credentials.yaml

@@ -0,0 +1,42 @@
+
+- name: Get k8s cluster info
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Namespace
+    name: kube-system
+  register: k8s_cluster_uid
+
+- name: Set variable for k8s cluster id
+  set_fact:
+    k8s_cluster_uid: "{{k8s_cluster_uid.resources[0].metadata.uid}}"
+
+- name: Generate token workflow connection
+  shell: |
+    echo dt0e01.`openssl rand -out /dev/stdout 15 | base32 | tr '[:lower:]' '[:upper:]'`.`openssl rand -out /dev/stdout 40 | base32 | tr '[:lower:]' '[:upper:]'`
+  register: edge_connect_token
+
+- name: Generate variable for token
+  set_fact:
+    edge_connect_token: "{{edge_connect_token.stdout}}"
+
+- include_role:
+    name: dt-access-token
+  vars:
+    access_token_var_name: "k8s_settings_token"
+    access_token_scope: ["settings.write", "settings.read"]
+
+# - name: Generate random number for an auxiliar connection to the monaco (optional) one
+#   set_fact:
+#      r: "{{ 1000 | random }}"
+
+# - name: Configure k8s workflow action connector setting
+#   uri:
+#     url: "{{ dynatrace_tenant_url }}/api/v2/settings/objects?validateOnly=false"
+#     method: POST
+#     body: "[{\"schemaId\": \"app:dynatrace.kubernetes.connector:connection\",\"schemaVersion\": \"0.1.5\",\"scope\": \"environment\",\"value\": {\"name\": \"edge-connect-{{r}}\",\"uid\": \"{{ k8s_cluster_uid }}\",\"namespace\": \"dynatrace\",\"token\": \"{{edge_connect_token}}\"}}]"
+#     body_format: json
+#     headers:
+#       Authorization: 'Api-Token {{ k8s_settings_token }}'
+#       Content-Type: 'application/json; charset=utf-8'
+#       accept: application/json
+#   register: post_output

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/tasks/main.yaml

@@ -0,0 +1,56 @@
+- name: edge connect service account
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ role_path }}/templates/edgeconnect-serviceaccount.yaml"
+
+- name: edge connect role
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ role_path }}/templates/edgeconnect-role.yaml"
+
+- name: edge connect role binding
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ role_path }}/templates/edgeconnect-rolebinding.yaml"
+
+- set_fact:
+    dt_tenant_gen3_no_protocol: "{{ extra_vars.dt_environment_url_gen3 | regex_search('[^\/\/]*$') }}"
+
+- name: Template secret for edge connect
+  ansible.builtin.template:
+    src: "edgeconnect-oauth-secret.yaml.j2"
+    dest: "{{ role_path }}/templates/edgeconnect-oauth-secret.yaml"
+    owner: "{{ ace_box_user }}"
+    group: "{{ ace_box_user }}"
+    mode: "0644"
+
+- name: Apply secret for edge connect
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ role_path }}/templates/edgeconnect-oauth-secret.yaml"
+  delay: 5
+
+- set_fact:
+    tenant_id: "{{ dt_tenant_gen3_no_protocol | split('.') }}"
+
+- name: Print response
+  debug: "msg='{{ tenant_id[0] }}'"
+
+- name: Template edge connect
+  ansible.builtin.template:
+    src: "edgeconnect.yaml.j2"
+    dest: "{{ role_path }}/templates/edgeconnect.yaml"
+    owner: "{{ ace_box_user }}"
+    group: "{{ ace_box_user }}"
+    mode: "0644"
+
+- name: Apply edge connect
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ role_path }}/templates/edgeconnect.yaml"
+  delay: 5
+
+- name: Generate credentials
+  include_role:
+    name: edge-connect
+    tasks_from: generate-credentials

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/templates/edgeconnect-oauth-secret.yaml.j2

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: edgeconnect-oauth
+  namespace: dynatrace
+data:
+  oauth-client-id: {{ extra_vars.dt_oauth_client_id | b64encode }}
+  oauth-client-secret: {{ extra_vars.dt_oauth_client_secret | b64encode }}

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/templates/edgeconnect-role.yaml

@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: edgeconnect-deployment-rollout-restart
+  namespace: default
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "patch"]

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/templates/edgeconnect-rolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: edgeconnect-deployment-rollout-restart
+  namespace: default
+roleRef:
+  kind: Role
+  name: edgeconnect-deployment-rollout-restart
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+  name: edgeconnect-deployment-rollout-restarter
+  namespace: dynatrace

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/templates/edgeconnect-serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: edgeconnect-deployment-rollout-restarter
+  namespace: dynatrace

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/templates/edgeconnect.yaml.j2

@@ -0,0 +1,15 @@
+apiVersion: dynatrace.com/{{dynatrace_api_version}}
+kind: EdgeConnect
+metadata:
+  name: {{edge_connect_name}}
+  namespace: dynatrace
+spec:
+  apiServer: {{dt_tenant_gen3_no_protocol}}
+  serviceAccountName: edgeconnect-deployment-rollout-restarter
+  oauth:
+    provisioner: true
+    clientSecret: edgeconnect-oauth
+    endpoint: {{ extra_vars.dt_oauth_sso_endpoint }}
+    resource: urn:dtenvironment:{{tenant_id}}
+  kubernetesAutomation:
+    enabled: true

user-skel/ansible_collections/ace_box/ace_box/roles/dt-edge-connect/templates/new-edgeconnect-dt-config.json.j2

@@ -0,0 +1,7 @@
+{
+  "name": "k8s-hot",
+  "hostPatterns": [
+    "{{ cluster_ip }}"
+  ],
+  "oauthClientId": "{{ extra_vars.dt_oauth_client_id }}"
+}