From 74e50891983808eb11c86ea497691c3a1c1d8d03 Mon Sep 17 00:00:00 2001 From: Dan Fuchs Date: Mon, 28 Oct 2024 12:38:05 -0500 Subject: [PATCH] DM-47199: `idfprod` Sasquatch Provision Sasquatch services in `idfprod` to support application metrics. Services that are not needed for application metrics are not provisioned, like `mirrormaker` and the REST proxy. * Secrets are in 1Password and have been synced * IP addresses were created ephemerally when the Strimzi Kafka resource was provisioned, then I promted them to static IPs in GCP * Angelo provisioned all of the necessary DNS and TLS ACME records in Route53 --- applications/sasquatch/values-idfprod.yaml | 97 +++++++++++++++++++ .../values-idfprod.yaml | 0 applications/strimzi/values-idfprod.yaml | 9 ++ environments/values-idfprod.yaml | 3 + 4 files changed, 109 insertions(+) create mode 100644 applications/sasquatch/values-idfprod.yaml create mode 100644 applications/strimzi-access-operator/values-idfprod.yaml create mode 100644 applications/strimzi/values-idfprod.yaml diff --git a/applications/sasquatch/values-idfprod.yaml b/applications/sasquatch/values-idfprod.yaml new file mode 100644 index 0000000000..fce7457c18 --- /dev/null +++ b/applications/sasquatch/values-idfprod.yaml @@ -0,0 +1,97 @@ +strimzi-kafka: + kafka: + externalListener: + tls: + enabled: true + bootstrap: + loadBalancerIP: "34.55.132.0" + host: sasquatch-kafka-bootstrap.lsst.cloud + + brokers: + - broker: 3 + loadBalancerIP: "34.122.37.250" + host: sasquatch-kafka-3.lsst.cloud + - broker: 4 + loadBalancerIP: "34.72.131.177" + host: sasquatch-kafka-4.lsst.cloud + - broker: 5 + loadBalancerIP: "34.72.103.157" + host: sasquatch-kafka-5.lsst.cloud + users: + kafdrop: + enabled: true + telegraf: + enabled: true + kraft: + enabled: true + kafkaController: + enabled: true + resources: + requests: + memory: 8Gi + cpu: "1" + limits: + memory: 8Gi + cpu: "1" + registry: + ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/rewrite-target: /$2 + hostname: data.lsst.cloud + path: /schema-registry(/|$)(.*) + connect: + enabled: false + +influxdb: + ingress: + enabled: true + hostname: data.lsst.cloud + resources: + requests: + memory: 8Gi + cpu: 1 + limits: + memory: 8Gi + cpu: 1 + +telegraf-kafka-consumer: + enabled: true + kafkaConsumers: + example: + enabled: true + replicaCount: 1 + database: "lsst.example" + tags: | + [ "band", "instrument" ] + timestamp_format: "unix_ms" + timestamp_field: "timestamp" + topicRegexps: | + [ "lsst.example" ] +kafdrop: + ingress: + enabled: true + hostname: data.lsst.cloud + +chronograf: + ingress: + enabled: true + hostname: data.lsst.cloud + + env: + GENERIC_NAME: "OIDC" + GENERIC_AUTH_URL: https://data.lsst.cloud/auth/openid/login + GENERIC_TOKEN_URL: https://data.lsst.cloud/auth/openid/token + USE_ID_TOKEN: 1 + JWKS_URL: https://data.lsst.cloud/.well-known/jwks.json + GENERIC_API_URL: https://data.lsst.cloud/auth/openid/userinfo + GENERIC_SCOPES: openid + GENERIC_API_KEY: sub + PUBLIC_URL: https://data.lsst.cloud/ + STATUS_FEED_URL: https://raw.githubusercontent.com/lsst-sqre/rsp_broadcast/main/jsonfeeds/idfprod.json + +app-metrics: + enabled: true + apps: + - gafaelfawr + - mobu diff --git a/applications/strimzi-access-operator/values-idfprod.yaml b/applications/strimzi-access-operator/values-idfprod.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/applications/strimzi/values-idfprod.yaml b/applications/strimzi/values-idfprod.yaml new file mode 100644 index 0000000000..1abe0d7c86 --- /dev/null +++ b/applications/strimzi/values-idfprod.yaml @@ -0,0 +1,9 @@ +strimzi-kafka-operator: + resources: + limits: + memory: "1Gi" + requests: + memory: "512Mi" + watchNamespaces: + - "sasquatch" + logLevel: "INFO" diff --git a/environments/values-idfprod.yaml b/environments/values-idfprod.yaml index f0b77f439c..fcc11b5370 100644 --- a/environments/values-idfprod.yaml +++ b/environments/values-idfprod.yaml @@ -22,10 +22,13 @@ applications: mobu: true nublado: true portal: true + sasquatch: true semaphore: true sia: false siav2: false squareone: true + strimzi: true + strimzi-access-operator: true ssotap: true tap: true telegraf: true