feat: ✨ add observatorium deployment

Author: mathieulaude

.gitignore

@@ -10,3 +10,6 @@ node_modules
 .venv/
 .vscode/
 pyvenv.cfg
+
+**/Chart.lock
+**/charts/*

roles/gitops/rendering-apps-files/tasks/main.yml

@@ -9,3 +9,4 @@
       - name: "{{ dsc_name }}"
         apps:
           - argocd_app: keycloak
+          - argocd_app: observability

roles/gitops/rendering-apps-files/templates/observability/Chart.yaml.j2

@@ -0,0 +1,6 @@
+---
+apiVersion: v2
+name: observability
+type: application
+version: 1.0.0
+

roles/gitops/rendering-apps-files/templates/observability/templates/observatorium-app.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: observatorium
+  namespace: infra-argo
+spec:
+  destination:
+    namespace: {{ dsc.observatorium.namespace }}
+    server: https://kubernetes.default.svc
+  project: default
+  sources:
+  - helm:
+      valueFiles:
+      - ./values.yaml
+      - $tenants/helm/values.yaml
+    chart: observatorium
+    repoURL: {{ dsc.observatorium.helmRepoUrl }}
+    targetRevision: {{ dsc.observatorium.chartVersion }}
+  - ref: tenants
+    repoURL: "https://{{ gitlab_domain }}/{{ dsc.global.projectsRootDir | join('/') }}/observability/observability.git"
+    targetRevision: main
+  syncPolicy:
+    automated: {}

roles/gitops/rendering-apps-files/templates/observability/values/values.j2

@@ -0,0 +1,47 @@
+observatorium:
+  ingress:
+    enabled: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.enabled}>
+    ingressClassName: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.ingressClassName}>
+    hosts:
+      - host: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.domain}>
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls:
+      - hosts:
+          - <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.domain}>
+        secretName: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#ingress | jsonPath {.domain}>-tls
+
+  api:
+    loglevel: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#api | jsonPath {.loglevel}>
+    config:
+      # Default tenant config
+      id: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#api | jsonPath {.config.id}>
+      name: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#api | jsonPath {.config.name}>
+      groups: [/admin]
+      # Default oidc config
+      clientID: "account"
+      issuerURL: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#api | jsonPath {.config.issuerURL}>
+      usernameClaim: "preferred_username"
+      groupClaim: "groups"
+  logs:
+    enabled: true
+    read:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+    tail:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+    write:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+    rules:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#logs | jsonPath {.endpoint}>"
+  metrics:
+    enabled: <path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.enabled}>
+    tenantHeader: 'X-Scope-OrgId'
+    read:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"
+    alertmanager:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"
+    write:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"
+    rules:
+      endpoint: "<path:forge-dso/data/env/{{ dsc_name }}/apps/observatorium/values#metrics | jsonPath {.endpoint}>"

roles/gitops/vault-secrets/vars/main.yaml

@@ -34,3 +34,32 @@ envs:
             adminPassword: "{{ lookup('ansible.builtin.password', '/dev/null', length=24, chars=['ascii_letters', 'digits']) }}"
           initcontainers:
             pluginDownloadUrl: "{{ dsc.keycloak.pluginDownloadUrl }}"
+          ingress:
+            hostname: "{{ keycloak_domain }}"
+      - argocd_app: "observatorium"
+        vault_values:
+          ingress:
+            enabled: true
+            ingressClassName: nginx
+            domain: "{{ observatorium_domain }}"
+          api:
+            loglevel: debug
+            config:
+              id: "prod-infra"
+              name: "prod-infra"
+              issuerURL: "https://{{ keycloak_domain }}/realms/dso"
+          logs:
+            enabled: true
+            endpoint: "https://loki.cpin.numerique-interieur.com"
+          metrics:
+            enabled: true
+            endpoint: "https://mimir.cpin.numerique-interieur.com"
+      - argocd_app: "vault"
+        vault_values:
+          global:
+            image:
+              repository: "{{ dsc.global.registry | default('docker.io') }}"
+          server:
+            ha:
+              apiAddr: "https://{{ vault_domain }}"
+

roles/socle-config/files/config.yaml

@@ -121,6 +121,11 @@ spec:
     helmRepoUrl: https://kyverno.github.io/kyverno
     forcedInstall: false
     values: {}
+  observatorium:
+    namespace: dso-observatorium
+    subDomain: observatorium
+    helmRepoUrl: https://cloud-pi-native.github.io/helm-charts
+    values: {}
   nexus:
     namespace: dso-nexus
     subDomain: nexus

roles/socle-config/files/cr-conf-dso-default.yaml

@@ -86,6 +86,8 @@ spec:
       mode: primary
   kyverno: {}
   nexus: {}
+  observatorium:
+    enabled: false
   prometheus:
     crd:
       type: external

roles/socle-config/files/crd-conf-dso.yaml

@@ -1284,6 +1284,26 @@ spec:
                           type: string
                       type: object
                   type: object
+                observatorium:
+                  description: Configuration for Observatorium.
+                  properties:
+                    enabled:
+                      default: false
+                      description: Enable or disable Observatorium.
+                      type: boolean
+                    namespace:
+                      description: The namespace for Observatorium.
+                      type: string
+                    subDomain:
+                      description: The subdomain for Observatorium.
+                      type: string
+                    helmRepoUrl:
+                      description: Observatorium helm repository url.
+                      type: string
+                    chartVersion:
+                      description: Observatorium helm chart version (e.g., "0.25.0").
+                      type: string
+                  type: object
                 proxy:
                   description: Proxy configuration for tools.
                   properties:

roles/socle-config/files/releases.yaml

@@ -55,6 +55,9 @@ spec:
   nexus:
     # https://hub.docker.com/r/sonatype/nexus3/
     imageTag: 3.76.0
+  observatorium:
+    # https://github.com/cloud-pi-native/helm-charts/tags
+    chartVersion: 0.5.2
   sonarqube:
     # https://artifacthub.io/packages/helm/sonarqube/sonarqube
     chartVersion: 10.8.1