From ba953875e5e1e256dbde69652cbb3e8008acbb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20Br=C3=A4uer?= Date: Fri, 7 Feb 2025 08:15:27 +0100 Subject: [PATCH] New App Onboarding: simplenodeservice-team02-preprod --- .../argohookjobs.yml | 231 ++++++++++++++++++ .../backstagetemplates/catalog-info.yaml | 47 ++++ .../docs/index.md | 13 + .../ingress.yml | 26 ++ .../monaco/configure-dt/owners/appteam.json | 33 +++ .../monaco/configure-dt/owners/owners.yml | 24 ++ .../monaco/configure-dt/slos/slos.json | 15 ++ .../monaco/configure-dt/slos/slos.yml | 14 ++ .../synthetic-monitor/health-check-http.json | 113 +++++++++ .../synthetic-monitor/monitors.yml | 14 ++ .../monaco/manifest.yml | 26 ++ .../namespace.yml | 9 + .../rolebinding.yml | 24 ++ .../rollout.yml | 58 +++++ .../securityScanJob.yml | 61 +++++ .../service.yml | 16 ++ .../workflow-post-sync-apply-monaco.yml | 49 ++++ 17 files changed, 773 insertions(+) create mode 100644 customer-apps/simplenodeservice-team02-preprod/argohookjobs.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/backstagetemplates/catalog-info.yaml create mode 100644 customer-apps/simplenodeservice-team02-preprod/docs/index.md create mode 100644 customer-apps/simplenodeservice-team02-preprod/ingress.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/appteam.json create mode 100644 customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/owners.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.json create mode 100644 customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/health-check-http.json create mode 100644 customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/monitors.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/monaco/manifest.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/namespace.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/rolebinding.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/rollout.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/securityScanJob.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/service.yml create mode 100644 customer-apps/simplenodeservice-team02-preprod/workflow-post-sync-apply-monaco.yml diff --git a/customer-apps/simplenodeservice-team02-preprod/argohookjobs.yml b/customer-apps/simplenodeservice-team02-preprod/argohookjobs.yml new file mode 100644 index 00000000..d75ec8f9 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/argohookjobs.yml @@ -0,0 +1,231 @@ +apiVersion: batch/v1 +kind: Job +metadata: + namespace: dynatrace + generateName: dynatrace-presync-notification- + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/hook-delete-policy: HookSucceeded +spec: + template: + spec: + restartPolicy: Never + containers: + - name: bizevent-pusher + image: ghcr.io/dynatrace-oss/bizevent-pusher:v1.1.1 + args: [ + "--debug", "true", + "--tenant", + "$(TENANT_URL)", + "--oauth-client-id", + "$(OAUTH_CLIENT_ID)", + "--oauth-client-secret", + "$(OAUTH_CLIENT_SECRET)", + "--account_urn", + "$(ACCOUNT_URN)", + "--payload", + "{ \"event.provider\": \"argocd\", \"event.type\": \"sync.prepare\", + \"app_name\": \"simplenodeservice-team02\", + \"proj_name\": \"simplenodeservice\", + \"stage\": \"preprod\", + \"owner\":\"team02\", + \"git\" : \"https://github.com/johannes-b/platform-engineering-demo.git\", + \"argocd\" : \"https://expert-space-meme-4497r557x2qj45-30100.app.github.dev/applications/argocd/simplenodeservice-team02-preprod\", + \"result\": \"success\" + }" + ] + env: + - name: TENANT_URL + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: dtTenant + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientID + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientSecret + - name: ACCOUNT_URN + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: accountURN +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: dynatrace + generateName: dynatrace-sync-notification- + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded +spec: + template: + spec: + restartPolicy: Never + containers: + - name: bizevent-pusher + image: ghcr.io/dynatrace-oss/bizevent-pusher:v1.1.1 + args: [ + "--debug", "true", + "--tenant", + "$(TENANT_URL)", + "--oauth-client-id", + "$(OAUTH_CLIENT_ID)", + "--oauth-client-secret", + "$(OAUTH_CLIENT_SECRET)", + "--account_urn", + "$(ACCOUNT_URN)", + "--payload", + "{ \"event.provider\": \"argocd\", \"event.type\": \"sync.started\", + \"app_name\": \"simplenodeservice-team02\", + \"proj_name\": \"simplenodeservice\", + \"stage\": \"preprod\", + \"owner\":\"team02\", + \"git\" : \"https://github.com/johannes-b/platform-engineering-demo.git\", + \"argocd\" : \"https://expert-space-meme-4497r557x2qj45-30100.app.github.dev/applications/argocd/simplenodeservice-team02-preprod\", + \"result\": \"success\" + }" + ] + env: + - name: TENANT_URL + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: dtTenant + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientID + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientSecret + - name: ACCOUNT_URN + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: accountURN +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: dynatrace + generateName: dynatrace-postsync-notification- + annotations: + argocd.argoproj.io/hook: PostSync + argocd.argoproj.io/hook-delete-policy: HookSucceeded +spec: + template: + spec: + restartPolicy: Never + containers: + - name: bizevent-pusher + image: ghcr.io/dynatrace-oss/bizevent-pusher:v1.1.1 + args: [ + "--debug", "true", + "--tenant", + "$(TENANT_URL)", + "--oauth-client-id", + "$(OAUTH_CLIENT_ID)", + "--oauth-client-secret", + "$(OAUTH_CLIENT_SECRET)", + "--account_urn", + "$(ACCOUNT_URN)", + "--payload", + "{ \"event.provider\": \"argocd\", \"event.type\": \"sync.finished\", + \"app_name\": \"simplenodeservice-team02\", + \"proj_name\": \"simplenodeservice\", + \"stage\": \"preprod\", + \"owner\":\"team02\", + \"git\" : \"https://github.com/johannes-b/platform-engineering-demo.git\", + \"argocd\" : \"https://expert-space-meme-4497r557x2qj45-30100.app.github.dev/applications/argocd/simplenodeservice-team02-preprod\", + \"result\": \"success\" + }" + ] + env: + - name: TENANT_URL + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: dtTenant + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientID + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientSecret + - name: ACCOUNT_URN + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: accountURN +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: dynatrace + generateName: dynatrace-postsync-notification- + annotations: + argocd.argoproj.io/hook: SyncFail + argocd.argoproj.io/hook-delete-policy: HookSucceeded +spec: + template: + spec: + restartPolicy: Never + containers: + - name: bizevent-pusher + image: ghcr.io/dynatrace-oss/bizevent-pusher:v1.1.1 + args: [ + "--debug", "true", + "--tenant", + "$(TENANT_URL)", + "--oauth-client-id", + "$(OAUTH_CLIENT_ID)", + "--oauth-client-secret", + "$(OAUTH_CLIENT_SECRET)", + "--account_urn", + "$(ACCOUNT_URN)", + "--payload", + "{ \"event.provider\": \"argocd\", \"event.type\": \"sync.finished\", + \"app_name\": \"simplenodeservice-team02\", + \"proj_name\": \"simplenodeservice\", + \"stage\": \"preprod\", + \"owner\":\"team02\", + \"git\" : \"https://github.com/johannes-b/platform-engineering-demo.git\", + \"argocd\" : \"https://expert-space-meme-4497r557x2qj45-30100.app.github.dev/applications/argocd/simplenodeservice-team02-preprod\", + \"result\": \"failed\" + }" + ] + env: + - name: TENANT_URL + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: dtTenant + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientID + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: oAuthClientSecret + - name: ACCOUNT_URN + valueFrom: + secretKeyRef: + name: dt-bizevent-oauth-details + key: accountURN diff --git a/customer-apps/simplenodeservice-team02-preprod/backstagetemplates/catalog-info.yaml b/customer-apps/simplenodeservice-team02-preprod/backstagetemplates/catalog-info.yaml new file mode 100644 index 00000000..54fa6bda --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/backstagetemplates/catalog-info.yaml @@ -0,0 +1,47 @@ +apiVersion: backstage.io/v1alpha1 +kind: Component +metadata: + name: "simplenodeservice-team02-preprod" + title: "simplenodeservice-team02-preprod" + description: "Template for the simplenodeservice owned and operated by team02 in environment preprod" + annotations: + backstage.io/techdocs-ref: dir:. + # Not working + 'backstage.io/kubernetes-label-selector': 'app.kubernetes.io/name=userinterface' + 'backstage.io/kubernetes-namespace': 'simplenodeservice-team02-preprod' + argocd/app-name: simplenodeservice-team02-preprod + links: + - url: https://github.com/johannes-b/platform-engineering-demo.git + title: Github Repo + icon: github + - url: https://expert-space-meme-4497r557x2qj45-80.app.github.dev/simplenodeservice-team02-preprod + title: "Browse Application" + icon: subject + - title: View in ArgoCD + icon: catalog + url: https://expert-space-meme-4497r557x2qj45-30100.app.github.dev/applications/argocd/simplenodeservice-team02-preprod + - title: View in Dynatrace + icon: catalog + url: https://pgg27996.dev.apps.dynatracelabs.com + - url: https://community.dynatrace.com + title: Dynatrace community + icon: dashboard +spec: + type: website + owner: team02 + lifecycle: preprod +--- +apiVersion: backstage.io/v1alpha1 +kind: Group +metadata: + name: "team02" + description: Group for application team team02 +spec: + type: business-unit + profile: + displayName: Team 02 + email: team02@example.com + picture: https://example.com/staff/jenny-with-party-hat.jpeg + parent: applications + children: [] +# members: [jdoe] diff --git a/customer-apps/simplenodeservice-team02-preprod/docs/index.md b/customer-apps/simplenodeservice-team02-preprod/docs/index.md new file mode 100644 index 00000000..a02b60a4 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/docs/index.md @@ -0,0 +1,13 @@ +# Docs for simplenodeservice in environment preprod + +Managed by: team02 +Environment: preprod + +## ArgoCD Status + +[![](https://CODESPACE_NAME_PLACEHOLDER-ARGOCD_PORT_NUMBER_PLACEHOLDER.GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN_PLACEHOLDER/api/badge?name=simplenodeservice-team02-preprod)](https://CODESPACE_NAME_PLACEHOLDER-ARGOCD_PORT_NUMBER_PLACEHOLDER.GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN_PLACEHOLDER/applications/argocd/simplenodeservice-team02-preprod) + +## Monitored by Dynatrace +๐Ÿ“ˆClick the logo to view your dashboard ๐Ÿ“ˆ + +[![](https://raw.githubusercontent.com/GITHUB_REPOSITORY_PLACEHOLDER/main/dtlogo.svg)](DT_TENANT_APPS_PLACEHOLDER/ui/apps/dynatrace.dashboards/) \ No newline at end of file diff --git a/customer-apps/simplenodeservice-team02-preprod/ingress.yml b/customer-apps/simplenodeservice-team02-preprod/ingress.yml new file mode 100644 index 00000000..46d4065f --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/ingress.yml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: "simplenodeservice-team02" + namespace: "simplenodeservice-team02-preprod" + labels: + dt.owner: "team02" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 +spec: + rules: + - http: + paths: + - path: /simplenodeservice-team02-preprod(/)*(.*) + #- path: "/simplenodeservice-team02-preprod" + pathType: ImplementationSpecific + backend: + service: + name: "simplenodeservice-team02" + port: + number: 80 diff --git a/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/appteam.json b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/appteam.json new file mode 100644 index 00000000..fe076b0a --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/appteam.json @@ -0,0 +1,33 @@ +{ + "name":"{{ .name }}", + "description":"{{ .descr }}", + "identifier":"{{ .team_id }}", + "responsibilities": + { + "development": {{ .development }}, + "security":{{ .security }}, + "operations":{{ .operations }}, + "infrastructure":{{ .infrastructure }}, + "lineOfBusiness":{{ .lineOfBusiness }} + }, + "contactDetails": [ + { + "integrationType":"SLACK", + "slackChannel":"{{ .slackChannel }}", + "url":"{{ .slackURL }}" + }, + { + "integrationType":"EMAIL", + "email":"{{ .email }}" + } + ], + "links":[], + "additionalInformation": + [ + { + "key":"{{ .addInfoKey }}", + "value":"{{ .addInfoValue }}", + "url":"{{ .addInfoUrl }}" + } + ] +} \ No newline at end of file diff --git a/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/owners.yml b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/owners.yml new file mode 100644 index 00000000..977398e9 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/owners/owners.yml @@ -0,0 +1,24 @@ +configs: +- id: team02 + type: + settings: + schema: builtin:ownership.teams + scope: environment + config: + name: team02 + template: appteam.json + parameters: + descr: Team 02 + team_id: team02 + development: true + security: false + operations: true + infrastructure: false + lineOfBusiness: false + slackChannel: somewhere + slackURL: https://somewhere.slack.com/archives/team02 + email: team02@example.com + addInfoKey: costcode + addInfoValue: team02 + addInfoUrl: https://example.com/team02 + skip: false diff --git a/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.json b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.json new file mode 100644 index 00000000..5cb931c4 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.json @@ -0,0 +1,15 @@ +{ + "enabled": true, + "name": "{{ .name }}", + "metricName": "{{ .metricName }}", + "metricExpression": "{{ .metricExpression }}", + "evaluationType": "AGGREGATE", + "filter": "{{ .filter }}", + "evaluationWindow": "-1w", + "targetSuccess": {{ .thresholdTarget }}, + "targetWarning": {{ .thresholdWarning }}, + "errorBudgetBurnRate": { + "burnRateVisualizationEnabled": true, + "fastBurnThreshold": 10 + } +} \ No newline at end of file diff --git a/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.yml b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.yml new file mode 100644 index 00000000..8378f06c --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/slos/slos.yml @@ -0,0 +1,14 @@ +configs: +- id: simplenodeservice-team02-preprod_slo + config: + name: "simplenodeservice-team02-preprod Availability" + parameters: + metricName: "simplenodeservice_team02_preprod_availability" + metricExpression: "(100)*(builtin:service.errors.server.successCount:splitBy()):value:default(0)/(builtin:service.requestCount.server:splitBy()):value:default(0)" + filter: "type(SERVICE), tag([KUBERNETES]app.kubernetes.io/part-of:simplenodeservice-team02),tag([KUBERNETES]dynatrace-release-stage:preprod)" + thresholdTarget: "99.98" + thresholdWarning: "99.99" + template: slos.json + skip: false + type: + api: slo diff --git a/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/health-check-http.json b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/health-check-http.json new file mode 100644 index 00000000..5f9a3296 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/health-check-http.json @@ -0,0 +1,113 @@ +{ + "anomalyDetection": { + "loadingTimeThresholds": { + "enabled": true, + "thresholds": [] + }, + "outageHandling": { + "globalOutage": true, + "globalOutagePolicy": { + "consecutiveRuns": 1 + }, + "localOutage": false, + "localOutagePolicy": { + "affectedLocations": null, + "consecutiveRuns": null + } + } + }, + "automaticallyAssignedApps": [], + "enabled": {{ .enabled }}, + "frequencyMin": {{ .frequencyMin }}, + "locations": [ + "{{ .geoLocation }}" + ], + "managementZones": [], + "manuallyAssignedApps": [], + "name": "{{.name}}", + "requests": [ + { + "name": "Homepage", + "sequenceNumber": 1 + }, + { + "name": "Test Echo", + "sequenceNumber": 2 + }, + { + "name": "Test Invoke", + "sequenceNumber": 3 + } + ], + "script": { + "requests": [ + { + "configuration": { + "acceptAnyCertificate": true, + "followRedirects": true, + "shouldNotPersistSensitiveData": false + }, + "description": "Homepage", + "method": "GET", + "url": "{{ .baseUrl }}", + "validation": { + "rules": [ + { + "passIfFound": false, + "type": "httpStatusesList", + "value": "\u003e=400" + } + ] + } + }, + { + "configuration": { + "acceptAnyCertificate": true, + "followRedirects": true, + "shouldNotPersistSensitiveData": false + }, + "description": "Test Echo", + "method": "GET", + "url": "{{ .baseUrl }}/api/echo?text=Hello", + "validation": { + "rules": [ + { + "passIfFound": false, + "type": "httpStatusesList", + "value": "\u003e=400" + } + ] + } + }, + { + "configuration": { + "acceptAnyCertificate": true, + "followRedirects": true, + "shouldNotPersistSensitiveData": false + }, + "description": "Test Invoke", + "method": "GET", + "url": "{{ .baseUrl }}/api/invoke?url=https://www.example.com\u0026sleep=1000", + "validation": { + "rules": [ + { + "passIfFound": false, + "type": "httpStatusesList", + "value": "\u003e=400" + } + ] + } + } + ], + "version": "1.0" + }, + "tags": [ + { + "context": "CONTEXTLESS", + "key": "owner", + "source": "USER", + "value": "{{ .teamIdentifier }}" + } + ], + "type": "HTTP" +} \ No newline at end of file diff --git a/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/monitors.yml b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/monitors.yml new file mode 100644 index 00000000..f03c0c13 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/monaco/configure-dt/synthetic-monitor/monitors.yml @@ -0,0 +1,14 @@ +configs: +- id: simplenodeservice-team02-preprod_synthetic + config: + name: "Healthcheck simplenodeservice-team02-preprod" + parameters: + baseUrl: "https://expert-space-meme-4497r557x2qj45-80.app.github.dev/simplenodeservice-team02-preprod" + frequencyMin: "1" + enabled: "true" + geoLocation: "GEOLOCATION-0A41430434C388A9" + teamIdentifier: "team02" + template: health-check-http.json + skip: false + type: + api: synthetic-monitor diff --git a/customer-apps/simplenodeservice-team02-preprod/monaco/manifest.yml b/customer-apps/simplenodeservice-team02-preprod/monaco/manifest.yml new file mode 100644 index 00000000..179a66dd --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/monaco/manifest.yml @@ -0,0 +1,26 @@ +manifestVersion: 1.0 +projects: + - name: configure-dt + path: configure-dt +environmentGroups: + - name: development + environments: + - name: prod-api-token-only + # .live. when using API token only + # .apps. when using API + oAuth or just oAuth + url: + value: "https://pgg27996.dev.dynatracelabs.com" + auth: + token: + name: "monacoToken" + # - name: prod-api-and-oauth + # url: + # value: "https://abc12345.apps.dynatracelabs.com" + # auth: + # token: + # name: "monacoToken" + # oAuth: + # clientId: + # name: MONACO_OAUTH_CLIENT_ID + # clientSecret: + # name: MONACO_OAUTH_CLIENT_SECRET diff --git a/customer-apps/simplenodeservice-team02-preprod/namespace.yml b/customer-apps/simplenodeservice-team02-preprod/namespace.yml new file mode 100644 index 00000000..26faae11 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/namespace.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: "simplenodeservice-team02-preprod" + labels: + dt.owner: "team02" + annotations: + keptn.sh/lifecycle-toolkit: "enabled" diff --git a/customer-apps/simplenodeservice-team02-preprod/rolebinding.yml b/customer-apps/simplenodeservice-team02-preprod/rolebinding.yml new file mode 100644 index 00000000..ecfe9685 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/rolebinding.yml @@ -0,0 +1,24 @@ +# dynatrace-oneagent-metadata-viewer.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-metadata-viewer + namespace: "simplenodeservice-team02-preprod" +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-metadata-viewer-binding + namespace: "simplenodeservice-team02-preprod" +subjects: +- kind: ServiceAccount + name: default + apiGroup: "" +roleRef: + kind: Role + name: dynatrace-oneagent-metadata-viewer + apiGroup: "" diff --git a/customer-apps/simplenodeservice-team02-preprod/rollout.yml b/customer-apps/simplenodeservice-team02-preprod/rollout.yml new file mode 100644 index 00000000..274ed3d7 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/rollout.yml @@ -0,0 +1,58 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Rollout +metadata: + name: "simplenodeservice-team02" + namespace: "simplenodeservice-team02-preprod" + labels: + dt.owner: "team02" +spec: + replicas: 2 + strategy: + canary: + steps: + - setWeight: 50 + - pause: {duration: 5s} + - setWeight: 100 + revisionHistoryLimit: 0 + selector: + matchLabels: + app.kubernetes.io/name: userinterface + template: + metadata: + labels: + dt.owner: "team02" + app.kubernetes.io/name: userinterface + app.kubernetes.io/part-of: "simplenodeservice-team02" + app.kubernetes.io/version: "1.0.2" + dynatrace-release-stage: "preprod" + backstage.io/component: "default.simplenodeservice-team02-preprod" + spec: + containers: + - name: rollouts-demo + image: grabnerandi/simplenodeservice:1.0.2 + env: + - name: DT_RELEASE_VERSION + valueFrom: + fieldRef: + fieldPath: metadata.labels['app.kubernetes.io/version'] + - name: DT_RELEASE_PRODUCT + valueFrom: + fieldRef: + fieldPath: metadata.labels['app.kubernetes.io/part-of'] + - name: DT_RELEASE_STAGE + valueFrom: + fieldRef: + fieldPath: metadata.labels['dynatrace-release-stage'] + - name: DT_CUSTOM_PROP + value: "owner=team02 project=simplenodeservice stage=preprod" + - name: DT_TAGS + value: "dt.owner=team02" + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: + requests: + memory: 3Mi + cpu: 5m diff --git a/customer-apps/simplenodeservice-team02-preprod/securityScanJob.yml b/customer-apps/simplenodeservice-team02-preprod/securityScanJob.yml new file mode 100644 index 00000000..20a0c360 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/securityScanJob.yml @@ -0,0 +1,61 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeaudit + namespace: "simplenodeservice-team02-preprod" +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kubeaudit-namespaces-simplenodeservice-team02-preprod +subjects: + - kind: ServiceAccount + name: kubeaudit + namespace: "simplenodeservice-team02-preprod" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeaudit-namespaces +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kubeaudit + namespace: "simplenodeservice-team02-preprod" +subjects: + - kind: ServiceAccount + name: kubeaudit + namespace: "simplenodeservice-team02-preprod" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeaudit +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kubeaudit + namespace: "simplenodeservice-team02-preprod" + annotations: + argocd.argoproj.io/hook: PostSync + #argocd.argoproj.io/hook-delete-policy: HookSucceeded +spec: + template: + spec: + serviceAccountName: kubeaudit + restartPolicy: OnFailure + securityContext: + seccompProfile: + type: RuntimeDefault + containers: + - name: kubeaudit + image: shopify/kubeaudit:v0.11 + args: ["all", "--exitcode", "0", "--namespace", "simplenodeservice-team02-preprod"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true \ No newline at end of file diff --git a/customer-apps/simplenodeservice-team02-preprod/service.yml b/customer-apps/simplenodeservice-team02-preprod/service.yml new file mode 100644 index 00000000..4bec72eb --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/service.yml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: "simplenodeservice-team02" + namespace: "simplenodeservice-team02-preprod" + labels: + dt.owner: "team02" +spec: + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: "userinterface" diff --git a/customer-apps/simplenodeservice-team02-preprod/workflow-post-sync-apply-monaco.yml b/customer-apps/simplenodeservice-team02-preprod/workflow-post-sync-apply-monaco.yml new file mode 100644 index 00000000..e8334199 --- /dev/null +++ b/customer-apps/simplenodeservice-team02-preprod/workflow-post-sync-apply-monaco.yml @@ -0,0 +1,49 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: wf-apply-monaco- + namespace: "monaco" # Job must run in monaco namespace as `monaco-secret` and `srg-oauth-details` secrets are available here + labels: + workflows.argoproj.io/archive-strategy: "false" + annotations: + workflows.argoproj.io/description: | + "This workflow runs DT Monaco for simplenodeservice-team02-preprod" + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/hook-delete-policy: HookSucceeded +spec: + entrypoint: git-clone + templates: + - name: git-clone + inputs: + artifacts: + - name: git-files + path: /src + git: + repo: "https://github.com/johannes-b/platform-engineering-demo.git" + container: + image: dynatrace/dynatrace-configuration-as-code:latest + args: [ + "deploy", + "/src/customer-apps/simplenodeservice-team02-preprod/monaco/manifest.yml", + "--environment", + "prod-api-token-only", + "--project", + "configure-dt" + ] + env: + - name: monacoToken + valueFrom: + secretKeyRef: + name: monaco-secret + key: monacoToken + # - name: MONACO_OAUTH_CLIENT_ID + # valueFrom: + # secretKeyRef: + # name: srg-oauth-details + # key: oAuthClientID + # - name: MONACO_OAUTH_CLIENT_SECRET + # valueFrom: + # secretKeyRef: + # name: srg-oauth-details + # key: oAuthClientSecret + # workingDir: /src