Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add StormForge add-on #323

Merged
merged 3 commits into from
Dec 12, 2024
Merged

Add StormForge add-on #323

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
236c833
Add StormForge Optimzie Live add-on
reidmv Dec 10, 2024
53803f4
Change StormForge test from Job to CronJob
reidmv Dec 11, 2024
192b1ca
Add resources to StormForge test job
reidmv Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions eks-anywhere-common/Addons/Partner/StormForge/external-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: stormforge-external-secret
namespace: stormforge
spec:
refreshInterval: 5m
secretStoreRef:
name: eksa-secret-store
kind: ClusterSecretStore
target:
name: stormforge-auth-secret
data:
- secretKey: clientID
remoteRef:
key: stormforge-secrets
property: clientID
- secretKey: clientSecret
remoteRef:
key: stormforge-secrets
property: clientSecret
9 changes: 9 additions & 0 deletions eks-anywhere-common/Addons/Partner/StormForge/namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: stormforge
labels:
aws.conformance.vendor: stormforge
aws.conformance.vendor-solution: optimize-live
aws.conformance.vendor-solution-version: 2.16.1
32 changes: 32 additions & 0 deletions eks-anywhere-common/Addons/Partner/StormForge/stormforge-agent-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: stormforge-agent-release
namespace: stormforge
spec:
releaseName: stormforge-agent
chart:
spec:
chart: stormforge-agent
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: stormforge-charts
namespace: flux-system
version: 2.16.1
interval: 5m0s
targetNamespace: stormforge
valuesFrom:
- kind: ConfigMap
name: stormforge-clustername
valuesKey: clusterName
targetPath: clusterName
- kind: Secret
name: stormforge-auth-secret
valuesKey: clientID
targetPath: authorization.clientID
- kind: Secret
name: stormforge-auth-secret
valuesKey: clientSecret
targetPath: authorization.clientSecret
19 changes: 19 additions & 0 deletions eks-anywhere-common/Addons/Partner/StormForge/stormforge-applier-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: stormforge-applier-release
namespace: stormforge
spec:
releaseName: stormforge-applier
chart:
spec:
chart: stormforge-applier
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: stormforge-charts
namespace: flux-system
version: 2.6.0
interval: 5m0s
targetNamespace: stormforge
56 changes: 56 additions & 0 deletions eks-anywhere-common/Addons/Partner/StormForge/stormforge-cluster-name.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: stormforge-configmaps-admin
namespace: stormforge
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: stormforge-configmaps-admin
namespace: stormforge
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps"]
verbs: ["*"] # full access
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: stormforge-configmaps-admin
namespace: stormforge
subjects:
- kind: ServiceAccount
name: stormforge-configmaps-admin
namespace: stormforge
roleRef:
kind: Role
name: stormforge-configmaps-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: stormforge-cluster-name
namespace: stormforge
spec:
template:
spec:
restartPolicy: Never
serviceAccountName: stormforge-configmaps-admin
containers:
- name: generate-name
image: bitnami/kubectl:1.31
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
command:
- '/bin/sh'
- '-c'
- |
cm_name=stormforge-clustername
cluster_name="eksa-test-$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 7; echo)"
kubectl create configmap "$cm_name" -n "$NAMESPACE" --from-literal clusterName="$cluster_name"
10 changes: 10 additions & 0 deletions eks-anywhere-common/Addons/Partner/StormForge/stormforge-source.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: stormforge-charts
namespace: flux-system
spec:
type: "oci"
interval: 5m0s
url: oci://registry.stormforge.io/library
64 changes: 64 additions & 0 deletions eks-anywhere-common/Testers/StormForge/stormforge-test-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
apiVersion: batch/v1
kind: Job
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please replace this with a CronJob which runs on schedule each day.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adjustment made.

It didn't look like there was a particular convention for what the schedule should be, so I just picked something (every 6 hours, at half-past). Let me know if there's a preferred schedule and I can use that instead.

metadata:
name: stormforge-test-job
namespace: stormforge
spec:
template:
spec:
activeDeadlineSeconds: 1800
restartPolicy: Never
containers:
- name: stormforge-test-job
image: badouralix/curl-jq:alpine
env:
- name: CLI_VERSION
value: "5.1.9"
envFrom:
- secretRef:
name: stormforge-agent-auth
- secretRef:
name: stormforge-agent-env
command:
- '/bin/sh'
- '-c'
- |
# Setup: Fetch the StormForge CLI tool
while :; do
[ "$(uname -sm)" = "Linux aarch64" ] && arch=arm64 || arch=amd64
curl -L "https://downloads.stormforge.io/stormforge-cli/v${CLI_VERSION}/stormforge_${CLI_VERSION}_linux_${arch}.tar.gz" | tar -xz
if [ $? = 0 ]; then
chmod a+x ./stormforge
mv ./stormforge /usr/local/bin
break
fi
sleep 5
done

# Tidy: delete any old and inactive eksa test clusters that may still be registered
stormforge get clusters --state Inactive -o json \
| jq -r '.items[].name | select(. | test("^eksa-test-"))' \
| xargs --no-run-if-empty stormforge delete clusters

# Validate: when the cluster name has been registered, is not Inactive, and
# shows both products connected, then Optimize Live is working.
while :; do
echo "checking for stormforge-agent, stormforge-applier registration on $STORMFORGE_CLUSTER_NAME"
if stormforge get cluster "$STORMFORGE_CLUSTER_NAME" -o json \
| jq -e 'all(.items[];
(.status.phase == "Created")
and
all(.stormforge.products | map(.name);
any(index("stormforge-agent"))
and
any(index("stormforge-applier")) ))'
then
echo "successfully connected ${STORMFORGE_CLUSTER_NAME} to StormForge backend"
break
fi
sleep 5
done

# Success! (failure is handled by spec.activeDeadlineSeconds)
exit 0
Loading