make smol-k8s-lab more async for federated apps and add new experimental apps

[jessebot]

Changes

• updated the argocd appset secret vars plugin to no longer require restarts which shaves a few miliseconds off of updates to the appset plugin, resulting in maybe a 10 second time saver depending on the slowness of the nodes in your cluster

• new docs updates for new apps and an important deprecation notice to the prometheus stack!

• updated netmaker to the latest at the cost of losing oidc :( Started to add restore capabilities, but it's not done.

• slowly making all of smol-k8s-lab async starting with setup_federated_apps which does most of the oidc/federated apps all at once.

• More tidying of the grafana_stack (restores enabled but not tested)

  grafana_stack_example.yaml

   apps:
     grafana_stack:
       description: |
         Full monitoring stack with:
          - [link=https://grafana.com.com/oss/mimir]Alloy[/link] - for collecting metrics and logs
          - [link=https://grafana.com.com/oss/mimir/]Mimir[/link] - for aggregating metrics and storign them in S3
          - [link=https://grafana.com/oss/loki/]Loki[/link] - for aggregating logs and storing them in S3
          - [link=https://prometheus.io/docs/alerting/latest/alertmanager/]Alert Manager[/link] - for sending alerts to matrix
          - [link=https://grafana.com/oss/grafana/]Grafana[/link] - for querying metrics/logs and displaying dashboards
  
         smol-k8s-lab supports initialization by setting up your ingress hostnames. It will also setup Oauth2 for Grafana directly by creating an app in Zitadel for you.
  
         For Alert Manager, we use vouch-proxy via Ingress resource annotations to forward users to Zitadel for auth, so the frontend is not insecure.
       enabled: false
  
       init:
         # if init is enabled, we'll set up an app in Zitadel for using Oauth2 with Grafana
         enabled: true
         restore:
           enabled: false
           restic_snapshot_ids:
             seaweedfs_volume: latest
             seaweedfs_filer: latest
  
       backups:
         # cronjob syntax schedule to run grafana stack pvc backups
         pvc_schedule: 10 0 * * *
         s3:
           # these are for pushing remote backups of your local s3 storage, for speed and cost optimization
           endpoint: ""
           bucket: ""
           region: ""
           secret_access_key:
             value_from:
               env: GRAFANA_STACK_S3_BACKUP_SECRET_KEY
           access_key_id:
             value_from:
               env: GRAFANA_STACK_S3_BACKUP_ACCESS_ID
         restic_repo_password:
           value_from:
             env: GRAFANA_STACK_RESTIC_REPO_PASSWORD
  
       argo:
         # secrets keys to make available to Argo CD ApplicationSets
         secret_keys:
           ## you can delete these if you're not using tolerations/affinity
           # toleration_key: ""
           # toleration_operator: ""
           # toleration_value: ""
           # toleration_effect: ""
           ## these are for node affinity, delete if not in use
           # affinity_key: ""
           # affinity_value: ""
           # FQDN to use for Thanos web interface
           thanos_hostname: ""
           # FQDN to use for Grafana
           grafana_hostname: ""
           # FQDN to use for the Loki UI
           loki_hostname: ""
           # FQDN to use for Alert Manager web interface
           alert_manager_hostname: ""
           # set the local s3 provider for the loki/mimir S3 backups. can be minio or seaweedfs
           s3_provider: seaweedfs
           # local s3 endpoint for loki/mimir S3 backups, backed up constantly
           s3_endpoint: ""
           # capacity for the PVC backing your local s3 instance
           s3_pvc_capacity: 100Gi
  
         # git repo to install the Argo CD app from
         repo: https://github.com/small-hack/argocd-apps
         # path in the argo repo to point to. Trailing slash very important! This
         # is an app of apps. Change to "monitoring/kube-prometheus-stack/" to
         # only install kube-prometheus-stack (foregoing loki and push gateway)
         path: grafana_stack/app_of_apps/
         # either the branch or tag to point at in the argo repo above
         revision: main
         # kubernetes cluster to install the k8s app into, defaults to Argo CD default
         cluster: https://kubernetes.default.svc
         # namespace to install the k8s app in
         namespace: "monitoring"
         # recurse directories in the provided git repo
         directory_recursion: false
         # source repos for Argo CD App Project (in addition to argo.repo)
         project:
           name: monitoring
           source_repos:
             - registry-1.docker.io
             - https://grafana.github.io/helm-charts
             - ghcr.io/grafana/helm-charts
             - https://github.com/prometheus-community/helm-charts.git
             - https://prometheus-community.github.io/helm-charts
             - https://seaweedfs.github.io/seaweedfs/helm
           destination:
             # automatically includes the app's namespace and argocd's namespace
             namespaces:
               - kube-system

• We also added experimental apps for:

  • Grafana Tempo (alpha - actively testing)

    tempo-example.yaml

    apps:
     tempo:
       description: |
         [magenta]⚠️ Experimental[/magenta]
         [link=https://grafana.com.com/oss/tempo]Tempo[/link]
       enabled: true
       init:
         # if init is enabled, we'll set up an app in Zitadel for using Oauth2 with Grafana
         enabled: true
         # restore:
         #   enabled: false
         #   restic_snapshot_ids:
         #     seaweedfs_volume: latest
         #     seaweedfs_filer: latest
       # backups:
       #   # cronjob syntax schedule to run forgejo pvc backups
       #   pvc_schedule: 10 0 * * *
       #   s3:
       #     # these are for pushing remote backups of your local s3 storage, for speed and cost optimization
       #     endpoint: ''
       #     bucket: ''
       #     region: ''
       #     secret_access_key:
       #       value_from:
       #         env: TEMPO_S3_BACKUP_SECRET_KEY
       #     access_key_id:
       #       value_from:
       #         env: TEMPO_S3_BACKUP_ACCESS_ID
       #   restic_repo_password:
       #     value_from:
       #       env: TEMPO_RESTIC_REPO_PASSWORD
    
       argo:
         # secrets keys to make available to Argo CD ApplicationSets
         # toleration affinity
         # toleration_key: dedicated
         # toleration_operator: Equal
         # toleration_value: example
         # toleration_effect: NoSchedule
         # affinity_key: dedicated
         # affinity_value: example
         secret_keys:
           hostname: tempo.example.com
           # local s3 endpoint for tempo S3, backed up constantly
           # make this the same as your grafana_stack if you're using that
           s3_endpoint: ""
         # git repo to install the Argo CD app from
         repo: https://github.com/small-hack/argocd-apps
         # path in the argo repo to point to
         path: tempo/app_of_apps/
         # either the branch or tag to point at in the argo repo above
         revision: main
         # kubernetes cluster to install the k8s app into, defaults to Argo CD default
         cluster: https://kubernetes.default.svc
         # namespace to install the k8s app in
         namespace: monitoring
         # recurse directories in the provided git repo
         directory_recursion: false
         # source repos for Argo CD App Project (in addition to argo.repo)
         project:
           name: monitoring
           source_repos:
           - registry-1.docker.io
           - ghcr.io/grafana/helm-charts
           - https://seaweedfs.github.io/seaweedfs/helm
           - https://github.github.io/helm-charts
           destination:
             # automatically includes the app's namespace and argocd's namespace
             namespaces: []

  • OPA Gatekeeper (experimental - not tested yet)

    opa_gatekeeper_example.yaml

    apps:
      opa:
        enabled: true
        description: |
          [magenta]⚠️ Experimental[/magenta]
          [link=https://open-policy-agent.github.io/gatekeeper/website/]OPA (Open Policy Agent) Gatekeeper[/link] is a customizable cloud native policy controller that helps enforce policies and strengthen governance. Put simply, it lets you set up policies for security requirements in Kubernetes.
        init:
          enabled: true
        argo:
          # secrets keys to make available to Argo CD ApplicationSets
          secret_keys: []
          # git repo to install the Argo CD app from
          repo: https://github.com/small-hack/argocd-apps
          # path in the argo repo to point to
          path: opa/app_of_apps/
          # either the branch or tag to point at in the argo repo above
          revision: main
          # kubernetes cluster to install the k8s app into, defaults to Argo CD default
          cluster: https://kubernetes.default.svc
          # namespace to install the k8s app in
          namespace: gatekeeper-system
          # recurse directories in the provided git repo
          # if set to false, we will not deploy the CSI driver
          directory_recursion: false
          # source repos for Argo CD App Project (in addition to argo.repo)
          project:
            name: opa
            source_repos:
              - https://open-policy-agent.github.io/gatekeeper/charts
            destination:
              # automatically includes the app's namespace and argocd's namespace
              namespaces: []

• fixed a bug where you couldn't add more than 1 label to a node via the TUI

Thanks to @cloudymax for all their help on this pre-release! :D