Merge branch 'main' into vault-integration

.github/workflows/kustomize-prometheus-postgres-exporter.yaml

@@ -0,0 +1,33 @@
+name: Kustomize GitHub Actions for Prometheus PostgresSQL exporter
+
+on:
+  pull_request:
+    paths:
+      - kustomize/prometheus-postgres-exporter/**
+      - .github/workflows/kustomize-prometheus-postgres-exporter.yaml
+jobs:
+  kustomize:
+    name: Kustomize
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: azure/setup-helm@v3
+        with:
+          version: latest
+          token: "${{ secrets.GITHUB_TOKEN }}"
+        id: helm
+      - name: Kustomize Install
+        working-directory: /usr/local/bin/
+        run: |
+          if [ ! -f /usr/local/bin/kustomize ]; then
+            curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | sudo bash
+          fi
+      - name: Run Kustomize Build
+        run: |
+          kustomize build kustomize/prometheus-postgres-exporter/ --enable-helm --helm-command ${{ steps.helm.outputs.helm-path }} > /tmp/rendered.yaml
+      - name: Return Kustomize Build
+        uses: actions/upload-artifact@v2
+        with:
+          name: kustomize-prometheus-postgres-exporter-artifact
+          path: /tmp/rendered.yaml

.github/workflows/kustomize-sealed-secrets.yaml

@@ -0,0 +1,37 @@
+name: Kustomize GitHub Actions for sealed-secrets
+
+on:
+  pull_request:
+    paths:
+      - kustomize/sealed-secrets/**
+      - .github/workflows/kustomize-sealed-secrets.yaml
+jobs:
+  kustomize:
+    strategy:
+      matrix:
+        overlays:
+          - base
+    name: Kustomize
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: azure/setup-helm@v3
+        with:
+          version: latest
+          token: "${{ secrets.GITHUB_TOKEN }}"
+        id: helm
+      - name: Kustomize Install
+        working-directory: /usr/local/bin/
+        run: |
+          if [ ! -f /usr/local/bin/kustomize ]; then
+            curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | sudo bash
+          fi
+      - name: Run Kustomize Build
+        run: |
+          kustomize build kustomize/sealed-secrets/${{ matrix.overlays }} --enable-helm --helm-command ${{ steps.helm.outputs.helm-path }} > /tmp/rendered.yaml
+      - name: Return Kustomize Build
+        uses: actions/upload-artifact@v2
+        with:
+          name: kustomize-sealed-secrets-artifact-${{ matrix.overlays }}
+          path: /tmp/rendered.yaml

.gitignore

@@ -103,7 +103,7 @@ target/
 .env
 
 # virtualenv
-venv/
+*venv/
 ENV/
 
 # molecule

.gitmodules

@@ -13,3 +13,6 @@
 [submodule "submodules/openstack-exporter"]
 	path = submodules/openstack-exporter
 	url = https://github.com/openstack-exporter/helm-charts
+[submodule "submodules/nginx-gateway-fabric"]
+	path = submodules/nginx-gateway-fabric
+	url = https://github.com/nginxinc/nginx-gateway-fabric.git

dev-requirements.txt

@@ -1,7 +1,7 @@
 ansible-compat==4.1.11
 ansible-lint==24.2.0
 attrs==23.2.0
-black==24.1.1
+black==24.3.0
 bracex==2.4
 click==8.1.7
 filelock==3.13.1

docs/examples/alertmanager-encore.md → docs/alertmanager-encore.md

@@ -1,9 +1,10 @@
+# Encore Alerts
 
 The following example describes configuration options to send alerts via alertmanager to
 Rackspace encore, the `Encore UUID` is derived by account where the secret `SECRET KEY` is
 used per application submitting webhooks:
 
-```yaml
+``` yaml
 global:
   resolve_timeout: 5m
 receivers:

docs/examples/alertmanager-slack.md → docs/alertmanager-slack.md

@@ -1,8 +1,9 @@
+# Slack Alerts
 
 The following example describes configuration options to send alerts via alertmanager to slack
 using a slack hook.
 
-```yaml
+``` yaml
 alertmanager:
   alertmanagerSpec:
     image:

docs/genestack-getting-started.md

@@ -2,11 +2,11 @@
 
 # What is Genestack?
 
-Genestack is a complete operations and deployment ecosystem for Kubernetes and OpenStack. The purpose is of
+Genestack is a complete operations and deployment ecosystem for Kubernetes and OpenStack. The purpose of
 this project is to allow hobbyists, operators, and cloud service providers the ability to build, scale, and
 leverage Open-Infrastructure in new and exciting ways.
 
-Genestack’s inner workings are a blend dark magic — crafted with [Kustomize](https://kustomize.io) and
+Genestack’s inner workings are a blend of dark magic — crafted with [Kustomize](https://kustomize.io) and
 [Helm](https://helm.sh). It’s like cooking with cloud. Want to spice things up? Tweak the
 `kustomization.yaml` files or add those extra 'toppings' using Helm's style overrides. However, the
 platform is ready to go with batteries included.
@@ -18,7 +18,7 @@ to manage cloud infrastructure in the way you need it.
 
 ## Getting Started
 
-Before you can do anything we need to get the code. Because we've sold our soul to the submodule devil, you're going to need to recursively clone the repo into your location.
+Before you can do anything, you need to get the code. Because we've sold our soul to the submodule devil, you're going to need to recursively clone the repo into your location.
 
 !!! info
 

docs/genestack-upgrade.md

@@ -31,3 +31,28 @@ An update is generally the same as an install. Many of the Genestack application
 
 * When needing to run an upgrade for the infrastructure operators, consult the operator documentation to validate the steps required.
 * When needing to run an upgrade for the OpenStack components, simply re-run the `helm` charts as documented in the Genestack installation process.
+
+## Kubernetes Upgrade Notes
+
+Over the course of normal operations it's likely that a CRD will change versions, names, or something else. In these cases, should an operator or helm chart not gracefully handle an full upgrade, the `kubectl convert` plugin can be used to make some adjustments where needed.
+
+!!! example "Converting mmontes CRDs to mariadb official ones"
+
+    ``` shell
+    kubectl get --namespace openstack crd.namespace -o yaml value > /tmp/value.crd.namespace.yaml
+    kubectl convert -f /tmp/value.crd.namespace.yaml --output-version new-namespace/VERSION
+    ```
+
+## Kubernetes Finalizers
+
+When processing an upgrade there may come a time when a finalizer is stuck, typically something that happens when an operator or an api reference is changed. If this happens one way to resolve the issue is to patch the Finalizers.
+
+!!! warning
+
+    Patching Finalizers could leave orphaned resources. Before patching a finalizer be sure your "ready."
+
+!!! example "Patching Finalizers"
+
+    ``` shell
+    kubectl patch $@ --type='json' -p='[{"op": "remove", "path": "/metadata/finalizers"}]'
+    ```

docs/grafana.md

@@ -0,0 +1,153 @@
+# Grafana
+
+---
+
+!!! note
+    This deployment makes a few assumption:
+
+    * assumes you are using OAuth using Azure
+    * assumes you are using tls/ssl
+    * assumes you are using ingress
+
+    If this does not apply to your deployment adjust the overrides.yaml file and skip over any unneeded sections here
+
+## Create secret client file
+
+In order to avoid putting sensative information on the cli, it is recommended to create and use a secret file instead.
+
+You can base64 encode your `client_id` and `client_secret` by using the echo and base64 command:
+
+``` shell
+echo -n "YOUR CLIENT ID OR SECRET" | base64
+```
+
+This example file is located at `/opt/genestack/kustomize/grafana/base`
+example secret file:
+
+``` yaml
+apiversion: v1
+data:
+  client_id: base64_encoded_client_id
+  client_secret: base64_encoded_client_secret
+kind: secret
+metadata:
+  name: azure-client
+  namespace: grafana
+type: opaque
+```
+
+---
+
+## Create your ssl files
+
+If you are configuring grafana to use tls/ssl, you should create a file for your certificate and a file for your key.  After the deployment, these files can be deleted if desired since the cert and key will now be in a Kubernetes secret.
+
+Your cert and key files should look something like the following (cert and key example taken from [VMware Docs](https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-BBC4804F-AC54-4DD2-BF6B-ECD2F60083F6.html "VMware Docs")).
+
+These example files are located in `/opt/genestack/kustomize/grafana/base`
+
+??? example
+
+    === "Cert file (example-cert.pem)"
+        ```
+        -----BEGIN CERTIFICATE-----
+        MIID0DCCARIGAWIBAGIBATANBGKQHKIG9W0BAQUFADB/MQSWCQYDVQQGEWJGUJET
+        MBEGA1UECAWKU29TZS1TDGF0ZTEOMAWGA1UEBWWFUGFYAXMXDTALBGNVBAOMBERP
+        BWKXDTALBGNVBASMBE5TQLUXEDAOBGNVBAMMB0RPBWKGQ0EXGZAZBGKQHKIG9W0B
+        CQEWDGRPBWLAZGLTAS5MCJAEFW0XNDAXMJGYMDM2NTVAFW0YNDAXMJYYMDM2NTVA
+        MFSXCZAJBGNVBAYTAKZSMRMWEQYDVQQIDAPTB21LLVN0YXRLMSEWHWYDVQQKDBHJ
+        BNRLCM5LDCBXAWRNAXRZIFB0ESBMDGQXFDASBGNVBAMMC3D3DY5KAW1PLMZYMIIB
+        IJANBGKQHKIG9W0BAQEFAAOCAQ8AMIIBCGKCAQEAVPNAPKLIKDVX98KW68LZ8PGA
+        RRCYERSNGQPJPIFMVJJE8LUCOXGPU0HEPNNTUJPSHBNYNKCVRTWHN+HAKBSP+QWX
+        SXITRW99HBFAL1MDQYWCUKOEB9CW6INCTVUN4IRVKN9T8E6Q174RBCNWA/7YTC7P
+        1NCVW+6B/AAN9L1G2PQXGRDYC/+G6O1IZEHTWHQZE97NY5QKNUUVD0V09DC5CDYB
+        AKJQETWWV6DFK/GRDOSED/6BW+20Z0QSHPA3YNW6QSP+X5PYYMDRZRIR03OS6DAU
+        ZKCHSRYC/WHVURX6O85D6QPZYWO8XWNALZHXTQPGCIA5SU9ZIYTV9LH2E+LSWWID
+        AQABO3SWETAJBGNVHRMEAJAAMCWGCWCGSAGG+EIBDQQFFH1PCGVUU1NMIEDLBMVY
+        YXRLZCBDZXJ0AWZPY2F0ZTADBGNVHQ4EFGQU+TUGFTYN+CXE1WXUQEA7X+YS3BGW
+        HWYDVR0JBBGWFOAUHMWQKBBRGP87HXFVWGPNLGGVR64WDQYJKOZIHVCNAQEFBQAD
+        GGEBAIEEMQQHEZEXZ4CKHE5UM9VCKZKJ5IV9TFS/A9CCQUEPZPLT7YVMEVBFNOC0
+        +1ZYR4TXGI4+5MHGZHYCIVVHO4HKQYM+J+O5MWQINF1QOAHUO7CLD3WNA1SKCVUV
+        VEPIXC/1AHZRG+DPEEHT0MDFFOW13YDUC2FH6AQEDCEL4AV5PXQ2EYR8HR4ZKBC1
+        FBTUQUSVA8NWSIYZQ16FYGVE+ANF6VXVUIZYVWDRPRV/KFVLNA3ZPNLMMXU98MVH
+        PXY3PKB8++6U4Y3VDK2NI2WYYLILS8YQBM4327IKMKDC2TIMS8U60CT47MKU7ADY
+        CBTV5RDKRLAYWM5YQLTIGLVCV7O=
+        -----END CERTIFICATE-----
+        ```
+
+    === "Key file (example-key.pem)"
+        ```
+        -----BEGIN RSA PRIVATE KEY-----
+        MIIEOWIBAAKCAQEAVPNAPKLIKDVX98KW68LZ8PGARRCYERSNGQPJPIFMVJJE8LUC
+        OXGPU0HEPNNTUJPSHBNYNKCVRTWHN+HAKBSP+QWXSXITRW99HBFAL1MDQYWCUKOE
+        B9CW6INCTVUN4IRVKN9T8E6Q174RBCNWA/7YTC7P1NCVW+6B/AAN9L1G2PQXGRDY
+        C/+G6O1IZEHTWHQZE97NY5QKNUUVD0V09DC5CDYBAKJQETWWV6DFK/GRDOSED/6B
+        W+20Z0QSHPA3YNW6QSP+X5PYYMDRZRIR03OS6DAUZKCHSRYC/WHVURX6O85D6QPZ
+        YWO8XWNALZHXTQPGCIA5SU9ZIYTV9LH2E+LSWWIDAQABAOIBAFML8CD9A5PMQLW3
+        F9BTTQZ1SRL4FVP7CMHSXHVJSJEHWHHCKEE0OBKWTRSGKTSM1XLU5W8IITNHN0+1
+        INR+78EB+RRGNGDAXH8DIODKEY+8/CEE8TFI3JYUTKDRLXMBWIKSOUVVIUMOQ3FX
+        OGQYWQ0Z2L/PVCWY/Y82FFQ3YSC5GAJSBBYSCRG14BQO44ULRELE4SDWS5HCJKYB
+        EI2B8COMUCQZSOTXG9NILN/JE2BO/I2HGSAWIBGCODBMS8K6TVSSRZMR3KJ5O6J+
+        77LGWKH37BRVGBVYVBQ6NWPL0XLG7DUV+7LWEO5QQAPY6AXB/ZBCKQLQU6/EJOVE
+        YDG5JQECGYEA9KKFTZD/WEVAREA0DZFEJRU8VLNWOAGL7CJAODXQXOS4MCR5MPDT
+        KBWGFKLFFH/AYUNPBLK6BCJP1XK67B13ETUA3I9Q5T1WUZEOBIKKBLFM9DDQJT43
+        UKZWJXBKFGSVFRYPTGZST719MZVCPCT2CZPJEGN3HLPT6FYW3EORNOECGYEAXIOU
+        JWXCOMUGAB7+OW2TR0PGEZBVVLEGDKAJ6TC/HOKM1A8R2U4HLTEJJCRLLTFW++4I
+        DDHE2DLER4Q7O58SFLPHWGPMLDEZN7WRLGR7VYFUV7VMAHJGUC3GV9AGNHWDLA2Q
+        GBG9/R9OVFL0DC7CGJGLEUTITCYC31BGT3YHV0MCGYEA4K3DG4L+RN4PXDPHVK9I
+        PA1JXAJHEIFEHNAW1D3VWKBSKVJMGVF+9U5VEV+OWRHN1QZPZV4SURI6M/8LK8RA
+        GR4UNM4AQK4K/QKY4G05LKRIK9EV2CGQSLQDRA7CJQ+JN3NB50QG6HFNFPAFN+J7
+        7JUWLN08WFYV4ATPDD+9XQECGYBXIZKZFL+9IQKFOCONVWAZGO+DQ1N0L3J4ITIK
+        W56CKWXYJ88D4QB4EUU3YJ4UB4S9MIAW/ELEWKZIBWPUPFAN0DB7I6H3ZMP5ZL8Q
+        QS3NQCB9DULMU2/TU641ERUKAMIOKA1G9SNDKAZUWO+O6FDKIB1RGOBK9XNN8R4R
+        PSV+AQKBGB+CICEXR30VYCV5BNZN9EFLIXNKAEMJURYCXCRQNVRNUIUBVAO8+JAE
+        CDLYGS5RTGOLZIB0IVERQWSP3EI1ACGULTS0VQ9GFLQGAN1SAMS40C9KVNS1MLDU
+        LHIHYPJ8USCVT5SNWO2N+M+6ANH5TPWDQNEK6ZILH4TRBUZAIHGB
+        -----END RSA PRIVATE KEY-----
+        ```
+
+---
+
+## Update datasources.yaml
+
+The datasource.yaml file is located at `/opt/genestack/kustomize/grafana/base`
+
+If you have specific datasources that should be populated when grafana deploys, update the datasource.yaml to use your values.  The example below shows one way to configure prometheus and loki datasources.
+
+example datasources.yaml file:
+
+``` yaml
+datasources:
+  datasources.yaml:
+    apiversion: 1
+    datasources:
+    - name: prometheus
+      type: prometheus
+      access: proxy
+      url: http://kube-prometheus-stack-prometheus.prometheus.svc.cluster.local:9090
+      isdefault: true
+    - name: loki
+      type: loki
+      access: proxy
+      url: http://loki-gateway.{{ $.Release.Namespace }}.svc.cluster.local:80
+      editable: false
+```
+
+---
+
+## Update grafana-values.yaml
+
+The grafana-values.yaml file is located at `/opt/genestack/kustomize/grafana/base`
+
+You must edit this file to include your specific url and azure tenant id
+
+---
+
+## Create the tls secret and install
+
+``` shell
+kubectl -n grafana create secret tls grafana-tls-public --cert=/opt/genestack/kustomize/grafana/base/cert.pem --key=/opt/genestack/kustomize/grafana/base/key.pem
+
+kubectl kustomize --enable-helm /opt/genestack/kustomize/grafana/base | \
+  kubectl -n grafana -f -
+```