feat: ✨ add observatorium deployment

Author: mathieulaude

.gitignore

@@ -10,3 +10,6 @@ node_modules
 .venv/
 .vscode/
 pyvenv.cfg
+
+**/Chart.lock
+**/charts/*

roles/gitops/rendering-apps-files/tasks/main.yml

@@ -10,3 +10,4 @@
         apps:
           - argocd_app: keycloak
           - argocd_app: sonarqube
+          - argocd_app: observability

roles/gitops/rendering-apps-files/templates/observability/Chart.yaml.j2

@@ -0,0 +1,6 @@
+---
+apiVersion: v2
+name: observability
+type: application
+version: 1.0.0
+

roles/gitops/rendering-apps-files/templates/observability/templates/observatorium-app.yaml.j2

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: observatorium
+  namespace: infra-argo
+spec:
+  destination:
+    namespace: {{ dsc.observatorium.namespace }}
+    server: https://kubernetes.default.svc
+  project: default
+  sources:
+  - helm:
+      valueFiles:
+      - ./values.yaml
+      - $tenants/helm/values.yaml
+    chart: observatorium
+    repoURL: {{ dsc.observatorium.helmRepoUrl }}
+    targetRevision: {{ dsc.observatorium.chartVersion }}
+  - ref: tenants
+    repoURL: "https://{{ gitlab_domain }}/{{ dsc.global.projectsRootDir | join('/') }}/observability/observability.git"
+    targetRevision: main
+  syncPolicy:
+    automated: {}

roles/gitops/rendering-apps-files/templates/observability/values/values.j2

@@ -0,0 +1,47 @@
+observatorium:
+  ingress:
+    enabled: true
+    ingressClassName: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.ingressClassName}>
+    hosts:
+      - host: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.domain}>
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls:
+      - hosts:
+          - <path:forge-dso/data/env/{{ dsc_name }}/apps/common/values#domain | jsonPath {.observatorium}>
+        secretName: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.domain}>-tls
+
+  api:
+    loglevel: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#api | jsonPath {.loglevel}>
+    config:
+      # Default tenant config
+      id: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#api | jsonPath {.config.id}>
+      name: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#api | jsonPath {.config.name}>
+      groups: [/admin]
+      # Default oidc config
+      clientID: "account"
+      issuerURL: <path:forge-dso/data/env/{{ dsc_name }}/apps/keycloak/values#domain | jsonPath {.keycloak}>/realms/dso
+      usernameClaim: "preferred_username"
+      groupClaim: "groups"
+  logs:
+    enabled: true
+    read:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+    tail:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+    write:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+    rules:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+  metrics:
+    enabled: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.enabled}>
+    tenantHeader: 'X-Scope-OrgId'
+    read:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"
+    alertmanager:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"
+    write:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"
+    rules:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"

roles/gitops/vault-secrets/defaults/main.yaml

@@ -12,6 +12,7 @@ envs:
           domain:
             keycloak: "{{ keycloak_domain }}"
             console: "{{ console_domain }}"
+            observatorium: "{{ observatorium_domain }}"
             sonarqube: "{{ sonar_domain }}"
           proxy:
             httpProxy: "{{ dsc.proxy.http_proxy | default('') }}"
@@ -36,6 +37,21 @@ envs:
             adminPassword: "{{ lookup('ansible.builtin.password', '/dev/null', length=24, chars=['ascii_letters', 'digits']) }}"
           initcontainers:
             pluginDownloadUrl: "{{ dsc.keycloak.pluginDownloadUrl }}"
+      - argocd_app: "observatorium"
+        vault_values:
+          ingress:
+            ingressClassName: "{{ dsc.ingress.className }}"
+          api:
+            loglevel: info
+            config:
+              id: "prod-infra"
+              name: "prod-infra"
+          logs:
+            enabled: "{{ dsc.global.logs.enabled }}"
+            endpoint: "{{ dsc.global.logs.endpoint }}"
+          metrics:
+            enabled: "{{ dsc.global.metrics.enabled }}"
+            endpoint: "{{ dsc.global.metrics.endpoint }}"
       - argocd_app: "sonarqube"
         vault_values:
           auth:

roles/socle-config/files/config.yaml

@@ -120,6 +120,11 @@ spec:
     helmRepoUrl: https://kyverno.github.io/kyverno
     forcedInstall: false
     values: {}
+  observatorium:
+    namespace: dso-observatorium
+    subDomain: observatorium
+    helmRepoUrl: https://cloud-pi-native.github.io/helm-charts
+    values: {}
   nexus:
     namespace: dso-nexus
     subDomain: nexus

roles/socle-config/files/cr-conf-dso-default.yaml

@@ -21,6 +21,7 @@ spec:
     projectsRootDir:
       - forge
     rootDomain: .example.com
+    logs: {}
     metrics: {}
     alerting: {}
     backup:
@@ -86,6 +87,8 @@ spec:
       mode: primary
   kyverno: {}
   nexus: {}
+  observatorium:
+    enabled: false
   prometheus:
     crd:
       type: external

roles/socle-config/files/crd-conf-dso.yaml

@@ -562,13 +562,26 @@ spec:
                       type: string
                       default: .example.com
                       pattern: "^\\..*$"
+                    logs:
+                      description: Configuration for logs feature.
+                      properties:
+                        enabled:
+                          default: false
+                          description: Specifies whether logs collection should be enabled.
+                          type: boolean
+                        endpoint:
+                          description: Endpoint where logs are aggregated for this environment.
+                          type: string
                     metrics:
                       description: Configuration for metrics feature.
                       properties:
                         enabled:
                           default: false
                           description: Specifies whether metrics should be enabled.
                           type: boolean
+                        endpoint:
+                          description: Endpoint where metrics are aggregated for this environment.
+                          type: string
                         additionalLabels:
                           description: Adds additional labels if needed, when metrics are enabled.
                           type: object
@@ -1274,6 +1287,26 @@ spec:
                           type: string
                       type: object
                   type: object
+                observatorium:
+                  description: Configuration for Observatorium.
+                  properties:
+                    enabled:
+                      default: false
+                      description: Enable or disable Observatorium.
+                      type: boolean
+                    namespace:
+                      description: The namespace for Observatorium.
+                      type: string
+                    subDomain:
+                      description: The subdomain for Observatorium.
+                      type: string
+                    helmRepoUrl:
+                      description: Observatorium helm repository url.
+                      type: string
+                    chartVersion:
+                      description: Observatorium helm chart version (e.g., "0.25.0").
+                      type: string
+                  type: object
                 proxy:
                   description: Proxy configuration for tools.
                   properties:

roles/socle-config/files/releases.yaml

@@ -55,6 +55,9 @@ spec:
   nexus:
     # https://hub.docker.com/r/sonatype/nexus3/
     imageTag: 3.76.0
+  observatorium:
+    # https://github.com/cloud-pi-native/helm-charts/tags
+    chartVersion: 0.5.2
   sonarqube:
     # https://artifacthub.io/packages/helm/sonarqube/sonarqube
     chartVersion: 10.8.1