Add StormForge Optimzie Live add-on

eks-anywhere-common/Addons/Partner/StormForge/external-secret.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: stormforge-external-secret
+  namespace: stormforge
+spec:
+  refreshInterval: 5m
+  secretStoreRef:
+    name: eksa-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: stormforge-auth-secret
+  data:
+  - secretKey: clientID
+    remoteRef:
+      key: stormforge-secrets
+      property: clientID
+  - secretKey: clientSecret
+    remoteRef:
+      key: stormforge-secrets
+      property: clientSecret

eks-anywhere-common/Addons/Partner/StormForge/namespace.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: stormforge
+  labels:
+    aws.conformance.vendor: stormforge
+    aws.conformance.vendor-solution: optimize-live
+    aws.conformance.vendor-solution-version: 2.16.1

eks-anywhere-common/Addons/Partner/StormForge/stormforge-agent-release.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: stormforge-agent-release
+  namespace: stormforge
+spec:
+  releaseName: stormforge-agent
+  chart:
+    spec:
+      chart: stormforge-agent
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: stormforge-charts
+        namespace: flux-system
+      version: 2.16.1
+  interval: 5m0s
+  targetNamespace: stormforge
+  valuesFrom:
+  - kind: ConfigMap
+    name: stormforge-clustername
+    valuesKey: clusterName
+    targetPath: clusterName
+  - kind: Secret
+    name: stormforge-auth-secret
+    valuesKey: clientID
+    targetPath: authorization.clientID
+  - kind: Secret
+    name: stormforge-auth-secret
+    valuesKey: clientSecret
+    targetPath: authorization.clientSecret

eks-anywhere-common/Addons/Partner/StormForge/stormforge-applier-release.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: stormforge-applier-release
+  namespace: stormforge
+spec:
+  releaseName: stormforge-applier
+  chart:
+    spec:
+      chart: stormforge-applier
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: stormforge-charts
+        namespace: flux-system
+      version: 2.6.0
+  interval: 5m0s
+  targetNamespace: stormforge

eks-anywhere-common/Addons/Partner/StormForge/stormforge-cluster-name.yaml

@@ -0,0 +1,56 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: stormforge-configmaps-admin
+  namespace: stormforge
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: stormforge-configmaps-admin
+  namespace: stormforge
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources: ["configmaps"]
+  verbs: ["*"] # full access
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: stormforge-configmaps-admin
+  namespace: stormforge
+subjects:
+  - kind: ServiceAccount
+    name: stormforge-configmaps-admin
+    namespace: stormforge
+roleRef:
+  kind: Role
+  name: stormforge-configmaps-admin
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: stormforge-cluster-name
+  namespace: stormforge
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      serviceAccountName: stormforge-configmaps-admin
+      containers:
+      - name: generate-name
+        image: bitnami/kubectl:1.31
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        command:
+        - '/bin/sh'
+        - '-c'
+        - |
+          cm_name=stormforge-clustername
+          cluster_name="eksa-test-$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 7; echo)"
+          kubectl create configmap "$cm_name" -n "$NAMESPACE" --from-literal clusterName="$cluster_name"

eks-anywhere-common/Addons/Partner/StormForge/stormforge-source.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: stormforge-charts
+  namespace: flux-system
+spec:
+  type: "oci"
+  interval: 5m0s
+  url: oci://registry.stormforge.io/library

eks-anywhere-common/Testers/StormForge/stormforge-test-job.yaml

@@ -0,0 +1,64 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: stormforge-test-job
+  namespace: stormforge
+spec:
+  template:
+    spec:
+      activeDeadlineSeconds: 1800
+      restartPolicy: Never
+      containers:
+      - name: stormforge-test-job
+        image: badouralix/curl-jq:alpine
+        env:
+        - name: CLI_VERSION
+          value: "5.1.9"
+        envFrom:
+        - secretRef:
+            name: stormforge-agent-auth
+        - secretRef:
+            name: stormforge-agent-env
+        command:
+        - '/bin/sh'
+        - '-c'
+        - |
+          # Setup: Fetch the StormForge CLI tool
+          while :; do
+            [ "$(uname -sm)" = "Linux aarch64" ] && arch=arm64 || arch=amd64
+            curl -L "https://downloads.stormforge.io/stormforge-cli/v${CLI_VERSION}/stormforge_${CLI_VERSION}_linux_${arch}.tar.gz" | tar -xz
+            if [ $? = 0 ]; then
+              chmod a+x ./stormforge
+              mv ./stormforge /usr/local/bin
+              break
+            fi
+            sleep 5
+          done
+
+          # Tidy: delete any old and inactive eksa test clusters that may still be registered
+          stormforge get clusters --state Inactive -o json \
+            | jq -r '.items[].name | select(. | test("^eksa-test-"))' \
+            | xargs --no-run-if-empty stormforge delete clusters
+
+          # Validate: when the cluster name has been registered, is not Inactive, and
+          # shows both products connected, then Optimize Live is working.
+          while :; do
+            echo "checking for stormforge-agent, stormforge-applier registration on $STORMFORGE_CLUSTER_NAME"
+            if stormforge get cluster "$STORMFORGE_CLUSTER_NAME" -o json \
+                 | jq -e 'all(.items[];
+                              (.status.phase == "Created")
+                            and
+                              all(.stormforge.products | map(.name);
+                                  any(index("stormforge-agent"))
+                                and
+                                  any(index("stormforge-applier")) ))'
+            then
+              echo "successfully connected ${STORMFORGE_CLUSTER_NAME} to StormForge backend"
+              break
+            fi
+            sleep 5
+          done
+
+          # Success! (failure is handled by spec.activeDeadlineSeconds)
+          exit 0