Upgrades to AI Telemetry to zookeeper-operator and solr-operator (#824)

* Add Kafka support to AI Telemetry

This is used for event driven messaging from other microservices and
tasks that take a long time, like bare metal fulfillment.

* Replace bitnami zookeeper with zookeeper-operator

Because bitnami images are now proprietary, we are migrating to the open
source zookeeper-operator in OpenShift instead.

* Migrate from bitnami solr to solr-operator

Because bitnami images are now proprietary, we are migrating to the open
source solr-operator on OpenShift instead. Because the solr-operator
upstream does not support OpenShift yet, it is pointed to my fork where
I have contributed OpenShift support to solr-operator pull request [1].

[1] apache/solr-operator#706

* Adding setup jobs for ai-telemetry for solr migration

Because we are migrating to the solr-operator, there is a solr setup job
and db-to-solr-sync job that are run to migrate the persistent data in
the database to be cached in the Solr search engine which is used by the
AI Telemetry JSON REST API.

* Updating the prom-keycloak-proxy to 2.3.0

This resolves and import error for handling null metrics results.  Also
fixes the PROXY_PROMETHEUS_CA_CERT and PROXY_PROMETHEUS_TLS_CERT
environment variables.

Author: computate

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/configmaps/configmap-cloud-setup-defaults.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aitelemetry-setup-defaults
+  namespace: aitelemetry
+data:
+  main.yaml: |
+    # The namespace in OpenShift where Solr will run.
+    SOLR_NAMESPACE: "solr"
+    # Whether to use SSL when connecting to Solr.
+    SOLR_SSL: "false"
+    # The host name to connect to Solr in OpenShift.
+    SOLR_HOST_NAME: "solr-solrcloud-common.solr.svc"
+    # The default port that Solr runs.
+    SOLR_PORT: "80"
+    # The solr collection to use for the site.
+    SOLR_COLLECTION: "aitelemetry"
+    # The solr configset to use for the site.
+    SOLR_CONFIGSET: "computate"
+    # The Solr admin username
+    SOLR_USERNAME: "admin"
+    # The Solr admin password
+    SOLR_PASSWORD: "{{ query('kubernetes.core.k8s', kind='Secret', resource_name='solr-solrcloud-security-bootstrap', namespace=SOLR_NAMESPACE)[0].data['admin'] | b64decode }}"

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/configmaps/configmap-cloud-setup-playbook.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aitelemetry-setup-playbook
+  namespace: aitelemetry
+data:
+  aitelemetry-setup.yaml: |
+    ---
+    - name: aitelemetry-setup
+      hosts: localhost
+      connection: local
+      gather_facts: false
+      roles:
+        - aitelemetry-setup

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/configmaps/configmap-cloud-setup-tasks.yaml

@@ -0,0 +1,58 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aitelemetry-setup-tasks
+  namespace: aitelemetry
+data:
+  main.yaml: |
+    # Create default computate Solr configset
+    - name: "Download computate configset: curl -k https://raw.githubusercontent.com/computate-org/computate/refs/heads/main/config/solr/computate-configset.zip -o /tmp/computate-configset.zip"
+      kubernetes.core.k8s_exec:
+        namespace: solr
+        pod: solr-solrcloud-0
+        command: >-
+          curl -k https://raw.githubusercontent.com/computate-org/computate/refs/heads/main/config/solr/computate-configset.zip -o /tmp/computate-configset.zip
+    - name: >-
+        Upload default computate configset:
+        curl -k -X POST
+          -H "Content-Type:application/octet-stream"
+          --data-binary @/tmp/computate-configset.zip
+          "https://solr.apps-crc.testing/solr/admin/configs?action=UPLOAD&name=computate&overwrite=true"
+      kubernetes.core.k8s_exec:
+        namespace: solr
+        pod: solr-solrcloud-0
+        command: >-
+          bash -c '
+          curl -k -X POST
+          -H "Content-Type:application/octet-stream"
+          --data-binary @/tmp/computate-configset.zip
+          "http://localhost:8983/solr/admin/configs?action=UPLOAD&name=computate&overwrite=true"
+          '
+      register: upload_computate_configset
+    - name: Debug upload_computate_configset
+      debug:
+        var: upload_computate_configset
+
+    # Create aitelemetry Solr collection
+    - name: >-
+        Create {{ SOLR_COLLECTION }} collection:
+        SOLR_AUTH_TYPE=basic
+        /opt/solr/bin/solr create_collection --solr-url http://localhost:8983 -c {{ SOLR_COLLECTION }} -n computate'
+      kubernetes.core.k8s_exec:
+        namespace: solr
+        pod: solr-solrcloud-0
+        command: >-
+          bash -c '
+          SOLR_AUTH_TYPE=basic
+          SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:{{ SOLR_PASSWORD }}"
+          /opt/solr/bin/solr create_collection --solr-url http://localhost:8983 -c {{ SOLR_COLLECTION }} -n computate
+          '
+      register: create_collection
+      ignore_errors: true
+    - name: Debug create_collection
+      debug:
+        var: create_collection
+    - name: Test create {{ SOLR_COLLECTION }} collection success
+      fail:
+        msg: "{{ command_status }}"
+      when: create_collection.failed and create_collection is not search("already exists")

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/configmaps/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- configmap-cloud-setup-playbook.yaml
+- configmap-cloud-setup-defaults.yaml
+- configmap-cloud-setup-tasks.yaml

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/jobs/aitelemetry-setup.yaml

@@ -0,0 +1,51 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: aitelemetry-setup
+  namespace: aitelemetry
+spec:
+  backoffLimit: 1000
+  template:
+    spec:
+      restartPolicy: OnFailure
+      serviceAccountName: aitelemetry-setup
+      volumes:
+        - name: aitelemetry-setup-playbook
+          configMap:
+            name: aitelemetry-setup-playbook
+        - name: aitelemetry-setup-defaults
+          configMap:
+            name: aitelemetry-setup-defaults
+        - name: aitelemetry-setup-tasks
+          configMap:
+            name: aitelemetry-setup-tasks
+        - name: home
+          emptyDir: {}
+        - name: ansible-tmp
+          emptyDir: {}
+      containers:
+        - name: aitelemetry-setup
+          image: quay.io/nerc-images/keycloak-ansible:ansible-collection-upgrade
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: aitelemetry-setup-playbook
+              mountPath: /home/ansible/.ansible/playbooks/
+            - name: aitelemetry-setup-tasks
+              mountPath: /home/ansible/.ansible/roles/aitelemetry-setup/tasks/
+            - name: aitelemetry-setup-defaults
+              mountPath: /home/ansible/.ansible/roles/aitelemetry-setup/defaults/
+            - name: home
+              mountPath: /home/ansible
+            - name: ansible-tmp
+              mountPath: /home/ansible/.ansible/tmp/
+          env:
+            - name: ANSIBLE_ROLES_PATH
+              value: /home/ansible/.ansible/roles
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          command: ["/bin/bash", "-c", "--"]
+          args:
+            - |
+                ansible-playbook /home/ansible/.ansible/playbooks/aitelemetry-setup.yaml

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/jobs/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+  - pairs:
+      job: aitelemetry-setup
+    includeSelectors: true
+resources:
+- aitelemetry-setup.yaml

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - serviceaccounts/
+  - rolebindings/
+  - configmaps/
+  - jobs/

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/rolebindings/aitelemetry-setup/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - rolebinding.yaml

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/rolebindings/aitelemetry-setup/rolebinding.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: solr
+  name: solr-aitelemetry-setup-aitelemetry-exec
+rules:
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["get", "create"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: solr
+  name: solr-aitelemetry-setup-aitelemetry-exec
+subjects:
+- kind: ServiceAccount
+  name: aitelemetry-setup
+  namespace: aitelemetry
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: solr-aitelemetry-setup-aitelemetry-exec
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: solr
+  name: aitelemetry-aitelemetry-setup-solr-secrets
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: solr
+  name: aitelemetry-aitelemetry-setup-solr-secrets
+subjects:
+- kind: ServiceAccount
+  name: aitelemetry-setup
+  namespace: aitelemetry
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: aitelemetry-aitelemetry-setup-solr-secrets

ai-telemetry/base/aitelemetry/jobs/aitelemetry-setup/rolebindings/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - aitelemetry-setup/