From 11835ba5f1f73b1efb6456a218ad19f0280e85ee Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Fri, 25 Oct 2024 15:42:45 +0200 Subject: [PATCH 1/2] feat: custom res for teams --- .../templates/tekton-tasks/buildpacks.yaml | 6 ++ .../templates/tekton-tasks/git-clone.yaml | 6 ++ .../team-ns/templates/tekton-tasks/grype.yaml | 6 ++ .../templates/tekton-tasks/kaniko.yaml | 6 ++ helmfile.d/helmfile-60.teams.yaml | 43 +++++++++++++ values-schema.yaml | 62 ++++++++++++++++++- .../prometheus-operator-team.gotmpl | 27 -------- .../tekton-dashboard-teams.gotmpl | 3 +- 8 files changed, 127 insertions(+), 32 deletions(-) diff --git a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml index b9a80b4f34..1b2b28df02 100644 --- a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml +++ b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values | merge (dict) }} +{{- $custom := dig "resources" "buildpacksTask" "enabled" false $v }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -86,12 +88,16 @@ spec: - name: CNB_PLATFORM_API value: "0.9" computeResources: + {{- if $custom }} + {{- $v.resources.buildpacksTask.resources | toYaml | nindent 6 }} + {{- else }} limits: cpu: "2" memory: 2Gi requests: cpu: 500m memory: 512Mi + {{- end }} steps: - name: prepare computeResources: {} diff --git a/charts/team-ns/templates/tekton-tasks/git-clone.yaml b/charts/team-ns/templates/tekton-tasks/git-clone.yaml index 9e8f1c5a8f..beb3eeeae5 100644 --- a/charts/team-ns/templates/tekton-tasks/git-clone.yaml +++ b/charts/team-ns/templates/tekton-tasks/git-clone.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values | merge (dict) }} +{{- $custom := dig "resources" "gitcloneTask" "enabled" false $v }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -13,12 +15,16 @@ metadata: spec: stepTemplate: computeResources: + {{- if $custom }} + {{- $v.resources.gitcloneTask.resources | toYaml | nindent 6 }} + {{- else }} limits: cpu: "2" memory: 2Gi requests: cpu: 500m memory: 512Mi + {{- end }} description: >- These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. diff --git a/charts/team-ns/templates/tekton-tasks/grype.yaml b/charts/team-ns/templates/tekton-tasks/grype.yaml index 2284b5985f..5ed1ee8aae 100644 --- a/charts/team-ns/templates/tekton-tasks/grype.yaml +++ b/charts/team-ns/templates/tekton-tasks/grype.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values | merge (dict) }} +{{- $custom := dig "resources" "grypeTask" "enabled" false $v }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -13,12 +15,16 @@ metadata: spec: stepTemplate: computeResources: + {{- if $custom }} + {{- $v.resources.grypeTask.resources | toYaml | nindent 6 }} + {{- else }} limits: cpu: "2" memory: 2Gi requests: cpu: 500m memory: 512Mi + {{- end }} description: >- A vulnerability scanner for container images and filesystems. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems. diff --git a/charts/team-ns/templates/tekton-tasks/kaniko.yaml b/charts/team-ns/templates/tekton-tasks/kaniko.yaml index dd9d3cfa68..972c5ae4d9 100644 --- a/charts/team-ns/templates/tekton-tasks/kaniko.yaml +++ b/charts/team-ns/templates/tekton-tasks/kaniko.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values | merge (dict) }} +{{- $custom := dig "resources" "kanikoTask" "enabled" false $v }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -13,12 +15,16 @@ metadata: spec: stepTemplate: computeResources: + {{- if $custom }} + {{- $v.resources.grypeTask.resources | toYaml | nindent 6 }} + {{- else }} limits: cpu: "2" memory: 2Gi requests: cpu: 500m memory: 512Mi + {{- end }} description: >- This Task builds a simple Dockerfile with kaniko and pushes to a registry. This Task stores the image name and digest as results, allowing Tekton Chains to pick up diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index c367018036..6eb8d4cc1a 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -29,6 +29,10 @@ releases: {{- $prometheusDomain := printf "prometheus-%s.%s" $teamId $domain }} {{- $grafanaDomain := printf "grafana-%s.%s" $teamId $domain }} {{- $azure := $team | get "azure" dict }} + {{- $customTektonDashboardResources := ($team | get "resources.tektonDashboard.enabled" false) }} + {{- $customAlertmanagerResources := ($team | get "resources.alertmanager.enabled" false) }} + {{- $customGrafanaResources := ($team | get "resources.grafana.enabled" false) }} + {{- $customGrafanaSidecarResources := ($team | get "resources.grafanaSidecar.enabled" false) }} - name: tekton-dashboard-{{ $teamId }} installed: true namespace: team-{{ $teamId }} @@ -39,6 +43,12 @@ releases: pipeline: otomi-task-teams values: - ../values/tekton-dashboard/tekton-dashboard-teams.gotmpl + - resources: + {{- if $customTektonDashboardResources }} + {{- $team.resources.tektonDashboard.resources | toYaml | nindent 10 }} + {{- else }} + {{- $v.apps.tekton.resources.dashboard | toYaml | nindent 10 }} + {{- end }} - name: prometheus-{{ $teamId }} installed: {{ or ($team | get "managedMonitoring.grafana" false) ($team | get "managedMonitoring.alertmanager" false) }} namespace: team-{{ $teamId }} @@ -62,6 +72,17 @@ releases: sidecar.istio.io/inject: "true" labels: prometheus: system + resources: + {{- if $customAlertmanagerResources }} + {{- $team.resources.alertmanager.resources | toYaml | nindent 14 }} + {{- else }} + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 200m + memory: 256Mi + {{- end }} # to do: load slackTpl and opsgenieTpl only if alerts.receicers = true config: {{- tpl (readFile "../helmfile.d/snippets/alertmanager-teams.gotmpl") (dict "instance" $team "root" $v "slackTpl" $slackTpl "opsgenieTpl" $opsgenieTpl) | nindent 12 }} defaultRules: @@ -74,6 +95,17 @@ releases: prometheusSpec: {} grafana: enabled: {{ $team | get "managedMonitoring.grafana" false }} + resources: + {{- if $customGrafanaResources }} + {{- $team.resources.grafana.resources | toYaml | nindent 12 }} + {{- else }} + requests: + cpu: 10m + memory: 128Mi + limits: + cpu: "1" + memory: 1Gi + {{- end }} namespaceOverride: null # team-{{ $teamId }} nameOverride: {{ $teamId }}-po-grafana fullnameOverride: {{ $teamId }}-po-grafana @@ -89,6 +121,17 @@ releases: enabled: true label: release labelValue: grafana-dashboards-{{ $teamId }} + resources: + {{- if $customGrafanaSidecarResources }} + {{- $team.resources.grafanaSidecar.resources | toYaml | nindent 14 }} + {{- else }} + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + {{- end }} additionalDataSources: - name: Prometheus-platform editable: false diff --git a/values-schema.yaml b/values-schema.yaml index 27fc79e340..10336bc3b1 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -1118,6 +1118,65 @@ definitions: resourceQuota: description: 'List of kubernetes resource quota. Should adhere to the "spec.hard" format as described here: https://kubernetes.io/docs/concepts/policy/resource-quotas/. Not validated as there is no schema published. Change at your own risk.' type: object + resources: + additionalProperties: false + properties: + alertmanager: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' + grafana: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' + grafanaSidecar: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' + buildpacksTask: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' + gitcloneTask: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' + grypeTask: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' + kanikoTask: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' + tektonDashboard: + properties: + enabled: + type: boolean + default: false + resources: + $ref: '#/definitions/resources' selfService: $ref: '#/definitions/teamSelfService' services: @@ -1133,9 +1192,6 @@ definitions: description: Activate managed Grafana, Prometheus or Alertmanager instances properties: grafana: - type: boolean - default: true - prometheus: type: boolean default: false alertmanager: diff --git a/values/prometheus-operator/prometheus-operator-team.gotmpl b/values/prometheus-operator/prometheus-operator-team.gotmpl index a45ee96967..be53937fcc 100644 --- a/values/prometheus-operator/prometheus-operator-team.gotmpl +++ b/values/prometheus-operator/prometheus-operator-team.gotmpl @@ -1,7 +1,3 @@ -{{- $v := .Values }} -{{- $a := $v.apps | get "alertmanager" }} -{{- $g := $v.apps | get "grafana" }} - kubeApiServer: enabled: false coreDns: @@ -59,33 +55,10 @@ grafana: enabled: false defaultDashboardsEnabled: false plugins: [] - resources: - requests: - cpu: 10m - memory: 128Mi - limits: - cpu: "1" - memory: 1Gi - sidecar: - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 128Mi alertmanager: serviceMonitor: selfMonitor: false - alertmanagerSpec: - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 200m - memory: 256Mi prometheus: thanosService: diff --git a/values/tekton-dashboard/tekton-dashboard-teams.gotmpl b/values/tekton-dashboard/tekton-dashboard-teams.gotmpl index 5b58683648..0d6e5d3003 100644 --- a/values/tekton-dashboard/tekton-dashboard-teams.gotmpl +++ b/values/tekton-dashboard/tekton-dashboard-teams.gotmpl @@ -1,8 +1,7 @@ {{- $teamId := .Release.Labels.team }} {{- $v := .Values }} {{- $t := $v.apps.tekton }} - -resources: {{- $t.resources.dashboard | toYaml | nindent 2 }} +{{- $custom := dig "resources" "tektonDashboard" "enabled" false $v }} teamId: {{ $teamId }} From 382ca43d358277911b4bbf425bf04366191a65bc Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Wed, 30 Oct 2024 14:11:23 +0100 Subject: [PATCH 2/2] fix: kaniko res --- charts/team-ns/templates/tekton-tasks/kaniko.yaml | 2 +- values-schema.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/team-ns/templates/tekton-tasks/kaniko.yaml b/charts/team-ns/templates/tekton-tasks/kaniko.yaml index 972c5ae4d9..da6d67bd35 100644 --- a/charts/team-ns/templates/tekton-tasks/kaniko.yaml +++ b/charts/team-ns/templates/tekton-tasks/kaniko.yaml @@ -16,7 +16,7 @@ spec: stepTemplate: computeResources: {{- if $custom }} - {{- $v.resources.grypeTask.resources | toYaml | nindent 6 }} + {{- $v.resources.kanikoTask.resources | toYaml | nindent 6 }} {{- else }} limits: cpu: "2" diff --git a/values-schema.yaml b/values-schema.yaml index 10336bc3b1..21d3b3d5e4 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -1189,7 +1189,7 @@ definitions: type: array managedMonitoring: title: Managed monitoring - description: Activate managed Grafana, Prometheus or Alertmanager instances + description: Activate managed Grafana and/or Alertmanager properties: grafana: type: boolean