Feature/ccv2 common branch (#80)

* increase prometheus PVC size to 100 Gi

* reduce prometheus retention period to 1d only

* increase prometheus resource preset to xlarge

* increase prometheus resource preset to 2xlarge

* Adding code for ms

* netbird client invocation

* Removing haproxy

* debug

* adding default config

* add cloudwatch_exporter_role_arn

* increase mimir retension period to 30 days

* update playbooks to use first bastion host

* update bastion host ref

* refactor cck8s bastion netbird clients

* use stdout

* add trim

* rm spaces and add trim

* add quote

* nebrid command

* order bastion executions in playbook roles

* bastion

* Use sort func to correctly pick first bastion host

---------

Co-authored-by: muzammil360 <muzammil360@gmail.com>
Co-authored-by: Josphat Mutai <josphatkmutai@gmail.com>
Co-authored-by: David Fry <david.fry@modusbox.com>

mojaloop/iac/playbooks/argoeks_cluster_deploy.yaml

@@ -2,12 +2,16 @@
   become: true
   roles:
     - mojaloop.iac.bastion_common
-    - mojaloop.iac.netclient
-    - mojaloop.iac.haproxy
+    - mojaloop.iac.netbird_client
+    #- mojaloop.iac.eks_cleanup
+
+- hosts: "{{ groups['bastion'] | sort | first }}"
+  become: true
+  roles:
     - mojaloop.iac.eks_util
     - geerlingguy.k8s.helm
     - mojaloop.iac.argocd
-    - mojaloop.iac.eks_cleanup
+    #- mojaloop.iac.eks_cleanup
 
 - name: Create Test Harness
   import_playbook: test_harness_deploy.yaml

mojaloop/iac/playbooks/argoeks_cluster_destroy.yaml

@@ -5,4 +5,4 @@
   vars:
     teardown: true
   roles:
-    - mojaloop.iac.netclient
+    - mojaloop.iac.netbird_client

mojaloop/iac/playbooks/argok3s_cluster_deploy.yaml

@@ -2,7 +2,7 @@
   become: true
   roles:
     - mojaloop.iac.bastion_common
-    - mojaloop.iac.netclient
+    - mojaloop.iac.netbird_client
     - mojaloop.iac.haproxy
 
 - hosts: master

mojaloop/iac/playbooks/argok3s_cluster_destroy.yaml

@@ -6,4 +6,4 @@
   vars:
     teardown: true
   roles:
-    - mojaloop.iac.netclient
+    - mojaloop.iac.netbird_client

mojaloop/iac/playbooks/ccmicrok8s_cluster_deploy.yaml

@@ -60,7 +60,7 @@
         microk8s_group_HA: "master"
         microk8s_group_WORKERS: "agent"
 
-- hosts: bastion
+- hosts: "{{ groups['bastion'] | sort | first }}"
   become: true
   roles:
     - role: geerlingguy.k8s.helm
@@ -70,6 +70,14 @@
       vars:
         helm_version: "3.14.0"
 
+- hosts: bastion
+  become: true
+  roles:
+    - role: mojaloop.iac.netbird_client
+      vars:
+        netbird_api_host: "{{ hostvars[groups['bastion'][0]]['fact_netbird_management_url'] }}"
+        netbird_setup_key: "{{ hostvars[groups['bastion'][0]]['fact_bastion_netbird_setup_key'] }}"
+
 - hosts: master
   become: true
   tasks:
@@ -79,9 +87,9 @@
         tasks_from: configure-oidc
       vars:
         kubernetes_oidc_enabled: true
-        kubernetes_oidc_issuer: "{{ hostvars['bastion']['kubernetes_oidc_issuer'] }}"
-        kubernetes_oidc_client_id: "{{ hostvars['bastion']['kubernetes_oidc_client_id'] }}"
-        kubernetes_oidc_groups_claim: "{{ hostvars['bastion']['kubernetes_oidc_groups_claim'] }}"
-        kubernetes_oidc_groups_prefix: "{{ hostvars['bastion']['kubernetes_oidc_groups_prefix'] }}"
-        kubernetes_oidc_username_prefix: "{{ hostvars['bastion']['kubernetes_oidc_username_prefix'] }}"
-        kubernetes_oidc_username_claim: "{{ hostvars['bastion']['kubernetes_oidc_username_claim'] }}"
+        kubernetes_oidc_issuer: "{{ hostvars[groups['bastion'][0]]['kubernetes_oidc_issuer'] }}"
+        kubernetes_oidc_client_id: "{{ hostvars[groups['bastion'][0]]['kubernetes_oidc_client_id'] }}"
+        kubernetes_oidc_groups_claim: "{{ hostvars[groups['bastion'][0]]['kubernetes_oidc_groups_claim'] }}"
+        kubernetes_oidc_groups_prefix: "{{ hostvars[groups['bastion'][0]]['kubernetes_oidc_groups_prefix'] }}"
+        kubernetes_oidc_username_prefix: "{{ hostvars[groups['bastion'][0]]['kubernetes_oidc_username_prefix'] }}"
+        kubernetes_oidc_username_claim: "{{ hostvars[groups['bastion'][0]]['kubernetes_oidc_username_claim'] }}"

mojaloop/iac/playbooks/managed_services_deploy.yaml

@@ -2,4 +2,4 @@
   become: true
   roles:
     - mojaloop.iac.bastion_common
-    - mojaloop.iac.netclient
+    - mojaloop.iac.netbird_client

mojaloop/iac/roles/cc_k8s/defaults/main.yaml

@@ -312,25 +312,25 @@ argocd_default:
           praefect_postgres_proxy_replicas: "'1'"
           praefect_postgres_storage_size: "10Gi"
           praefect_pgdb_helm_version: "2.4.0"
-          git_lfs_max_objects: "'1000'"
+          git_lfs_max_objects: "'1000000'"
           git_lfs_storage_size: "10Gi"
-          gitlab_artifacts_max_objects: "'1000'"
+          gitlab_artifacts_max_objects: "'1000000'"
           gitlab_artifacts_storage_size: "10Gi"
-          gitlab_uploads_max_objects: "'1000'"
+          gitlab_uploads_max_objects: "'1000000'"
           gitlab_uploads_storage_size: "10Gi"
-          gitlab_packages_max_objects: "'1000'"
+          gitlab_packages_max_objects: "'1000000'"
           gitlab_packages_storage_size: "10Gi"
-          gitlab_mrdiffs_max_objects: "'1000'"
+          gitlab_mrdiffs_max_objects: "'1000000'"
           gitlab_mrdiffs_storage_size: "10Gi"
-          gitlab_tfstate_max_objects: "'1000'"
+          gitlab_tfstate_max_objects: "'1000000'"
           gitlab_tfstate_storage_size: "10Gi"
-          gitlab_cisecurefiles_max_objects: "'1000'"
+          gitlab_cisecurefiles_max_objects: "'1000000'"
           gitlab_cisecurefiles_storage_size: "10Gi"
-          gitlab_dep_proxy_max_objects: "'1000'"
+          gitlab_dep_proxy_max_objects: "'1000000'"
           gitlab_dep_proxy_storage_size: "10Gi"
-          gitlab_registry_max_objects: "'1000'"
+          gitlab_registry_max_objects: "'1000000'"
           gitlab_registry_storage_size: "10Gi"
-          gitlab_runner_cache_max_objects: "'1000'"
+          gitlab_runner_cache_max_objects: "'1000000'"
           gitlab_runner_cache_storage_size: "10Gi"
         post_config:
           app_name: "gitlab-post-config"
@@ -396,7 +396,7 @@ argocd_default:
           mimir_max_global_series_per_user: "'1000000'"
           mimir_ingestion_rate: "'200000'"
           mimir_ingestion_burst_size: "'500000'"
-          mimir_retention_period: "10d" # TODO: increase after testing that limit works
+          mimir_retention_period: "30d" # TODO: increase after testing that limit works
           ctrl_cntr_loki_helm_version: "2.13.0"
           ctrl_cntr_loki_retention_period: "3d" #TODO: increase after testing that limit works
           ctrl_cntr_loki_ingester_max_chunk_age: "2h"
@@ -409,6 +409,7 @@ argocd_default:
           alertmanager_enabled: "false"
           namespace: "monitoring"
           sync_wave: "'-9'" #after rook is done
+          cloudwatch_exporter_role_arn: "arn:aws:iam::<project_id>:role/<role_name>"
         grafana:
           public_ingress_access_domain: "false"
           image_version: "10.2.3"

mojaloop/iac/roles/cc_k8s/tasks/install.yaml

@@ -51,10 +51,19 @@
   args:
     executable: /bin/bash
 
-- name: join bastion to netbird
+- name: get bastion netbird setup key
+  shell: |
+    export KUBECONFIG={{ kubeconfig_location }}/kubeconfig
+    kubectl -n {{ fact_netbird_namespace }} get secret {{ fact_netbird_setup_key_secret_name }} -o jsonpath="{.data.{{ fact_netbird_gw_setup_key_secret_key }}}" | base64 -d
+  register: bastion_netbird_setup_key
+
+- name: set bastion netbird setup key fact
+  set_fact:
+    fact_bastion_netbird_setup_key: "{{ bastion_netbird_setup_key.stdout | trim }}"
+
+- name: save build server setup key to temp
   shell: |
     export KUBECONFIG={{ kubeconfig_location }}/kubeconfig
-    netbird up -m https://netbird.{{ fact_dns_public_subdomain }}:443 -k $(kubectl -n {{ fact_netbird_namespace }} get secret {{ fact_netbird_setup_key_secret_name }} -o jsonpath="{.data.{{ fact_netbird_gw_setup_key_secret_key }}}" | base64 -d)
     kubectl -n {{ fact_netbird_namespace }} get secret {{ fact_netbird_setup_key_secret_name }} -o jsonpath="{.data.{{ fact_netbird_build_setup_key_secret_key }}}" | base64 -d > /tmp/build-server-setup-key
 
 - name: fetch build server setup key

mojaloop/iac/roles/cc_k8s/tasks/setup.yaml

@@ -25,6 +25,7 @@
     fact_gitlab_token_secret_name: "{{ fact_argo_merged_config.apps['gitlab'].sub_apps['gitlab'].root_token_secret_name }}"
     fact_gitlab_token_secret_key: "{{ fact_argo_merged_config.apps['gitlab'].sub_apps['gitlab'].root_token_secret_key }}"
     fact_kubernetes_oidc_groups_claim: "{{ fact_argo_merged_config.apps['security'].sub_apps['zitadel'].zitadel_grant_prefix }}"
+    fact_netbird_management_url: "https://netbird.{{ fact_argo_merged_config.apps['dns_utils'].sub_apps['cr_config'].dns_public_subdomain }}:443"
 
 - name: set gitlab domain to public
   set_fact:

mojaloop/iac/roles/cc_k8s/templates/argocd/env-application-set.yaml.j2

@@ -88,7 +88,13 @@ spec:
             - name: "domain"
               value: "{{ '{{' }} .domain {{ '}}'}}"
             - name: "env_cidr"
-              value: "{{ '{{' }} .vpc_cidr {{ '}}'}}"      
+              value: "{{ '{{' }} .vpc_cidr {{ '}}'}}"
+            - name: "managed_services_env_cidr"
+              value: "{{ '{{' }} .managed_vpc_cidr {{ '}}'}}"
+            - name: "managed_svc_enabled"
+              value: "{{ '{{' }} .managed_svc_enabled {{ '}}'}}"     
+            - name: "k8s_cluster_type"
+              value: "{{ '{{' }} .k8s_cluster_type {{ '}}'}}"   
             - name: "argocd_namespace"
               value: "argocd"
             - name: k8s_admin_rbac_group

mojaloop/iac/roles/netbird_client/tasks/install.yaml

@@ -14,7 +14,5 @@
     name:
       - netbird={{ netbird_version }}
 
-
 - name: join the node to netbird
-  shell: |
-    netbird up -m {{ netbird_api_host }} -k {{ netbird_setup_key }}     
+  command:  netbird up -k {{ netbird_setup_key }} -m {{ netbird_api_host }}