first draft merge of dev2.3 after reverted PR (#397)

* first draft merge of dev2.3 after reverted PR

* missed changes

* add mojaloop-observability-overview.drawio

* add back rook-ceph exporter

* fix: pass app config

* Revert "fix: pass app config"

This reverts commit 1c8d320.

* set reposerver.enable.git.submodule: "false"

* set applicationsetcontroller.enable.git.submodule: "false"

* remove replace -

* fix: whitelist issue when secret contains list

* fix: whitelist issue when secret contains list

* first draft add vault token pipeline trigger

* add default flag

* try to remove - removal (#398)

* support multiple extra disk volumes

* support multiple extra disk volumes

* support multiple extra disk attachements

* Feat/add vault token trigger (#400)

* fix pipeline

* remove tr_trigger_enabled var

* vautl env token ttl

* 32d ttl default

* token ttl 14d

---------

Co-authored-by: muzammil360 <muzammil360@gmail.com>
Co-authored-by: Kalin Krustev <kalin.krustev@gmail.com>
Co-authored-by: Josphat Mutai <josphatkmutai@gmail.com>
Co-authored-by: Sijo George <87609749+sijo5722-2021@users.noreply.github.com>

gitops/applications/base/base-monitoring/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://raw.githubusercontent.com/grafana/grafana-operator/v${ARGOCD_ENV_grafana_crd_version_tag}/deploy/kustomize/base/crds.yaml
+  - namespace.yaml
+helmCharts:
+  - name: prometheus-operator-crds
+    releaseName: prometheus-operator-crds
+    version: ${ARGOCD_ENV_prometheus_crd_version}
+    repo: https://prometheus-community.github.io/helm-charts/
+  - name: grafana-operator
+    releaseName: grafana
+    version: ${ARGOCD_ENV_grafana_operator_version}
+    repo: https://charts.bitnami.com/bitnami
+    valuesFile: values-grafana-operator.yaml
+    namespace: ${ARGOCD_ENV_monitoring_namespace}

gitops/applications/base/base-monitoring/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${ARGOCD_ENV_monitoring_namespace}

gitops/applications/base/deploy-env-onboard/env-onboard-xplane-terraform.yaml

@@ -182,4 +182,21 @@ spec:
         base_url = "https://${ARGOCD_ENV_gitlab_fqdn}"
       }
 
-      provider "time" {}
+      provider "time" {}
+---
+apiVersion: apiextensions.crossplane.io/v1alpha1
+kind: Usage
+metadata:
+  name: ${ARGOCD_ENV_deploy_env_onboard_app_name}
+  namespace: ${ARGOCD_ENV_deploy_env_onboard_app_namespace}
+spec:
+  of:
+    apiVersion: tf.upbound.io/v1beta1
+    kind: ProviderConfig
+    resourceRef:
+      name: ${ARGOCD_ENV_deploy_env_onboard_app_name}
+  by:
+    apiVersion: tf.upbound.io/v1beta1
+    kind: Workspace
+    resourceRef:
+      name: ${ARGOCD_ENV_deploy_env_onboard_app_name}

gitops/applications/base/deploy-env/env-config-xplane-terraform.yaml

@@ -30,6 +30,8 @@ spec:
         value: ${ARGOCD_ENV_ceph_max_size}
       - key: netbird_version
         value: "${ARGOCD_ENV_netbird_version}"
+      - key: netbird_client_version
+        value: "${ARGOCD_ENV_netbird_client_version}"
       - key: netbird_api_host
         value: "netbird.${ARGOCD_ENV_netbird_dns_subdomain}"
       - key: argocd_namespace
@@ -38,6 +40,8 @@ spec:
         value: ${ARGOCD_ENV_kubernetes_oidc_groups_claim}
       - key: cc_cidr_block
         value: ${ARGOCD_ENV_cc_cidr_block}
+      - key: env_token_ttl
+        value: ${ARGOCD_ENV_env_token_ttl}
   # All Terraform outputs are written to the connection secret.
   providerConfigRef:
     name: env-config

gitops/applications/base/dns-utils-pre/dns-cred-secrets.yaml

@@ -11,7 +11,6 @@ spec:
     stringData:
       access_key: "{{ .creds.access_key }}"
       secret_key: "{{ .creds.secret_key }}"
-      security_token: "{{ .creds.security_token }}"
     type: Opaque
     annotations:
       reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
@@ -25,7 +24,7 @@ spec:
         serviceAccount:
           name: default
       name: creds
-      path: cc-cloud-provider/creds/dns-access
+      path: "${ARGOCD_ENV_dns_backend_path}/creds/${ARGOCD_ENV_cert_manager_access_role}"
       requestType: GET
 ---
 apiVersion: redhatcop.redhat.io/v1alpha1
@@ -38,9 +37,11 @@ spec:
   output:
     name: ${ARGOCD_ENV_external_dns_credentials_secret}
     stringData:
-      access_key: "{{ .creds.access_key }}"
-      secret_key: "{{ .creds.secret_key }}"
-      security_token: "{{ .creds.security_token }}"
+      credentials: |
+        [default]
+        aws_access_key_id = {{ .creds.access_key  | toString }}
+        aws_secret_access_key = {{ .creds.secret_key  | toString }}
+        aws_session_token = {{ .creds.security_token  | toString }}
     type: Opaque
     annotations:
       reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
@@ -54,5 +55,5 @@ spec:
         serviceAccount:
           name: default
       name: creds
-      path: cc-cloud-provider/creds/dns-access
+      path: "${ARGOCD_ENV_dns_backend_path}/creds/${ARGOCD_ENV_dns_access_role}"
       requestType: GET

gitops/applications/base/gitlab-pre/kustomization.yaml

@@ -7,20 +7,6 @@ resources:
   - gitlab-oidc-xplane-terraform.yaml
 
 helmCharts:
-- name: pg-db
-  releaseName: ${ARGOCD_ENV_gitlab_app_name}
-  version: ${ARGOCD_ENV_pgdb_helm_version}
-  repo: https://percona.github.io/percona-helm-charts/
-  valuesFile: gitlab-db-values.yaml
-  namespace: ${ARGOCD_ENV_gitlab_namespace}
-
-- name: pg-db
-  releaseName: praefect
-  version: ${ARGOCD_ENV_pgdb_helm_version}
-  repo: https://percona.github.io/percona-helm-charts/
-  valuesFile: praefect-db-values.yaml
-  namespace: ${ARGOCD_ENV_gitlab_namespace}  
-
 - name: redis
   releaseName: redis
   version: ${ARGOCD_ENV_redis_helm_version}

gitops/applications/base/gitlab/gitlab-values.yaml

@@ -138,13 +138,13 @@ global:
     tcpUserTimeout:
     password:
       useSecret: true
-      secret: "gitlab-postgresql-credentials"
+      secret: "${ARGOCD_ENV_gitlab_db_secret}"
       key: password
       # file:
-    host: gitlab-pg-db-pgbouncer.gitlab.svc
+    host: ${ARGOCD_ENV_gitlab_externalservice_name}.${ARGOCD_ENV_gitlab_namespace}.svc
     port: 5432
-    username: gitlab
-    database: gitlab
+    username: ${ARGOCD_ENV_gitlab_db_username}
+    database: ${ARGOCD_ENV_gitlab_db_name}
     applicationName: gitlab
     # preparedStatements: false
     # databaseTasks: true
@@ -216,17 +216,17 @@ global:
     authToken: {}
     autoMigrate: true
     dbSecret:
-      secret: praefect-postgresql-credentials
+      secret: ${ARGOCD_ENV_praefect_db_secret}
       key: password
     virtualStorages:
       - name: default
         gitalyReplicas: 3
         maxUnavailable: 1
     psql:
-      host: praefect-pg-db-pgbouncer.gitlab.svc
+      host: ${ARGOCD_ENV_praefect_externalservice_name}.${ARGOCD_ENV_gitlab_namespace}.svc
       port: 5432
-      user: praefect
-      dbName: praefect
+      user: ${ARGOCD_ENV_praefect_db_username}
+      dbName: ${ARGOCD_ENV_praefect_db_name}
       sslMode: require
     # serviceName:
     service:

gitops/applications/base/gitlab/kustomization.yaml

@@ -14,6 +14,20 @@ helmCharts:
     namespace: ${ARGOCD_ENV_gitlab_namespace}
 
 patches:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: gitlab-gitlab-runner
+    patch: |
+      - op: add
+        path: /spec/template/spec/dnsConfig
+        value: 
+          options:
+            - name: ndots
+              value: "3"
+            - name: attempts
+              value: "5"
   - target:
       group: apps
       version: v1

gitops/applications/base/monitoring-post-config/argocd-service-monitors.yaml

@@ -0,0 +1,58 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-metrics
+spec:
+  namespaceSelector:
+    any: true
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-metrics
+  endpoints:
+    - port: http-metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-server-metrics
+spec:
+  namespaceSelector:
+    any: true
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-server-metrics
+  endpoints:
+    - port: http-metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-repo-server-metrics
+spec:
+  namespaceSelector:
+    any: true
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-repo-server-metrics
+  endpoints:
+    - port: http-metrics
+---
+# apiVersion: monitoring.coreos.com/v1
+# kind: ServiceMonitor
+# metadata:
+#   name: argocd-metrics-2
+# spec:
+#   namespaceSelector:
+#     any: true
+#   selector:
+#     matchExpressions:
+#     - key: app.kubernetes.io/name
+#       operator: In
+#       values: 
+#       - argocd-metrics
+#       - argocd-server-metrics
+#       - argocd-repo-server-metrics
+#   endpoints:
+#     - port: http-metrics
+
+# https://github.com/adinhodovic/argo-cd-mixin/tree/main/dashboards_out

gitops/applications/base/monitoring-post-config/dashboards-default.yaml

@@ -9,6 +9,19 @@ spec:
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
+metadata:
+  name: node-exporter
+spec:
+  folder: default
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+  grafanaCom:
+    id: 1860
+    revision: 37
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
 metadata:
   name: mysql-exporter-quickstart
 spec:

gitops/applications/base/monitoring-post-config/dashboards-infra.yaml

@@ -0,0 +1,37 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaFolder
+metadata:
+  name: infra
+spec:
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: argocd-overview
+spec:
+  folder: infra
+  datasources:
+    - inputName: "DS_PROMETHEUS"
+      datasourceName: "${ARGOCD_ENV_dashboard_datasource_name}" 
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+  url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/tags/v2.12.6/examples/dashboard.json"
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: "argocd-operational-overview"
+spec:
+  folder: infra
+  datasources:
+    - inputName: "DS_PROMETHEUS"
+      datasourceName: "${ARGOCD_ENV_dashboard_datasource_name}" 
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+  url: "https://raw.githubusercontent.com/adinhodovic/argo-cd-mixin/refs/heads/main/dashboards_out/argo-cd-operational-overview.json"
+---

gitops/applications/base/monitoring-post-config/dashboards-rook-ceph.yaml

@@ -54,19 +54,4 @@ spec:
   grafanaCom:
     id: 5342
     revision: 9
----
-apiVersion: grafana.integreatly.org/v1beta1
-kind: GrafanaDashboard
-metadata:
-  name: ceph-objectstore
-spec:
-  folder: storage
-  instanceSelector:
-    matchLabels:
-      dashboards: "grafana"
-  datasources:
-    - inputName: "DS_PROMETHEUS"
-      datasourceName: "${ARGOCD_ENV_dashboard_datasource_name}"
-  url: "https://raw.githubusercontent.com/mojaloop/iac-modules/${ARGOCD_ENV_monitoring_application_gitrepo_tag}/assets/grafana-dashboards/ceph-objectstore.json"
-
 ---

gitops/applications/base/monitoring-post-config/kustomization.yaml

@@ -1,12 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - argocd-service-monitors.yaml
   - grafana-crs.yaml
   - virtual-service.yaml
   - vault-secrets.yaml
   - grafana-oidc-xplane-terraform.yaml
   # - dashboards-aws-managed-svs.yaml
   - dashboards-default.yaml
+  - dashboards-infra.yaml
   - dashboards-k8s.yaml
   - dashboards-kafka.yaml
   - dashboards-loki.yaml
@@ -15,4 +17,5 @@ resources:
   - dashboards-mojaloop.yaml
   - dashboards-prometheus.yaml
   - dashboards-rook-ceph.yaml
-  - istio-crs.yaml
+  - istio-crs.yaml
+  - rook-ceph-objectstore-exporter.yaml

gitops/applications/base/monitoring-post-config/rook-ceph-objectstore-exporter.yaml

@@ -0,0 +1,12 @@
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStoreUser
+metadata:
+  name: ceph-objectstore-exporter-user
+spec:
+  store: us-east-1
+  displayName: ceph-objectstore-exporter-user
+  capabilities:
+    bucket: read
+    metadata: read
+    usage: read
+    user: read

gitops/applications/base/monitoring-pre/kustomization.yaml

@@ -1,16 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - https://raw.githubusercontent.com/grafana/grafana-operator/v${ARGOCD_ENV_grafana_crd_version_tag}/deploy/kustomize/base/crds.yaml
   - object-storage.yaml
-helmCharts:
-  - name: prometheus-operator-crds
-    releaseName: prometheus-operator-crds
-    version: ${ARGOCD_ENV_prometheus_crd_version}
-    repo: https://prometheus-community.github.io/helm-charts/
-  - name: grafana-operator
-    releaseName: grafana
-    version: ${ARGOCD_ENV_grafana_operator_version}
-    repo: https://charts.bitnami.com/bitnami
-    valuesFile: values-grafana-operator.yaml
-    namespace: ${ARGOCD_ENV_monitoring_namespace}

gitops/applications/base/monitoring-pre/object-storage.yaml

@@ -20,4 +20,4 @@ spec:
   storageClassName: ceph-bucket
   additionalConfig:
     maxObjects: "${ARGOCD_ENV_ctrl_cntr_loki_bucket_max_objects}"
-    maxSize: "${ARGOCD_ENV_ctrl_cntr_loki_bucket_storage_size}"
+    maxSize: "${ARGOCD_ENV_ctrl_cntr_loki_bucket_storage_size}"

gitops/applications/base/monitoring/values-kube-prometheus.yaml

@@ -46,6 +46,12 @@ node-exporter:
     relabelings:
       - sourceLabels: [__meta_kubernetes_pod_node_name]
         targetLabel: nodename
+      - sourceLabels: [nodename]
+        separator: ;
+        regex: (.*)
+        targetLabel: instance
+        replacement: "${1}"
+        action: replace
   tolerations:
     - operator: "Exists"
 blackboxExporter: