Adapt datasource crds for manila and cinder bundles

Author: PhilippMatthes

helm/bundles/cortex-cinder/templates/datasources.yaml

@@ -0,0 +1,92 @@
+---
+apiVersion: knowledge.cortex/v1alpha1
+kind: Datasource
+metadata:
+  name: netapp-aggr-labels-cinder
+spec:
+  operator: cortex-cinder
+  databaseSecretRef:
+    name: cortex-cinder-postgres
+    namespace: {{ .Release.Namespace }}
+  {{- if .Values.datasources.prometheus.sso.enabled }}
+  ssoSecretRef:
+    name: cortex-cinder-prometheus-sso
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  type: prometheus
+  prometheus:
+    secretRef:
+      name: cortex-cinder-prometheus
+      namespace: {{ .Release.Namespace }}
+    alias: netapp_aggr_labels
+    query: netapp_aggr_labels
+    type: netapp_aggregate_labels_metric
+---
+apiVersion: knowledge.cortex/v1alpha1
+kind: Datasource
+metadata:
+  name: netapp-node-cpu-busy-cinder
+spec:
+  operator: cortex-cinder
+  databaseSecretRef:
+    name: cortex-cinder-postgres
+    namespace: {{ .Release.Namespace }}
+  {{- if .Values.datasources.prometheus.sso.enabled }}
+  ssoSecretRef:
+    name: cortex-cinder-prometheus-sso
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  type: prometheus
+  prometheus:
+    secretRef:
+      name: cortex-cinder-prometheus
+      namespace: {{ .Release.Namespace }}
+    alias: netapp_node_cpu_busy
+    query: netapp_node_cpu_busy
+    type: netapp_node_metric
+---
+apiVersion: knowledge.cortex/v1alpha1
+kind: Datasource
+metadata:
+  name: netapp-volume-aggr-labels
+spec:
+  operator: cortex-cinder
+  databaseSecretRef:
+    name: cortex-cinder-postgres
+    namespace: {{ .Release.Namespace }}
+  {{- if .Values.datasources.prometheus.sso.enabled }}
+  ssoSecretRef:
+    name: cortex-cinder-prometheus-sso
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  type: prometheus
+  prometheus:
+    secretRef:
+      name: cortex-cinder-prometheus
+      namespace: {{ .Release.Namespace }}
+    alias: netapp_volume_aggr_labels
+    query: netapp_volume_aggr_labels
+    type: netapp_volume_aggregate_labels_metric
+---
+apiVersion: knowledge.cortex/v1alpha1
+kind: Datasource
+metadata:
+  name: cinder-storage-pools
+spec:
+  operator: cortex-cinder
+  databaseSecretRef:
+    name: cortex-cinder-postgres
+    namespace: {{ .Release.Namespace }}
+  {{- if .Values.datasources.openstack.sso.enabled }}
+  ssoSecretRef:
+    name: cortex-cinder-openstack-sso
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  type: openstack
+  openstack:
+    secretRef:
+      name: cortex-cinder-openstack-keystone
+      namespace: {{ .Release.Namespace }}
+    type: cinder
+    cinder:
+      type: storagePools

helm/bundles/cortex-cinder/templates/rbac.yaml

@@ -0,0 +1,22 @@
+apiVersion: rbac.authorization.k8s.io/v1
+# Cluster level access is required as the controller manager has no default namespace set.
+kind: ClusterRole
+metadata:
+  name: cortex-cinder-knowledge-secret-reader
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cortex-cinder-knowledge-secret-reader-binding
+subjects:
+  - kind: ServiceAccount
+    name: cortex-cinder-knowledge-controller-manager
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: cortex-cinder-knowledge-secret-reader
+  apiGroup: rbac.authorization.k8s.io

helm/bundles/cortex-cinder/templates/secrets.yaml

@@ -0,0 +1,53 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cortex-cinder-postgres
+data:
+  host: {{ .Values.postgres.host | b64enc | quote }}
+  user: {{ .Values.postgres.user | b64enc | quote }}
+  password: {{ .Values.postgres.password | b64enc | quote }}
+  database: {{ .Values.postgres.database | b64enc | quote }}
+  port: {{ .Values.postgres.port | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cortex-cinder-prometheus
+data:
+  url: {{ .Values.datasources.prometheus.url | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cortex-cinder-openstack-keystone
+data:
+  url: {{ .Values.datasources.openstack.url | b64enc | quote }}
+  availability: {{ .Values.datasources.openstack.availability | b64enc | quote }}
+  username: {{ .Values.datasources.openstack.username | b64enc | quote }}
+  password: {{ .Values.datasources.openstack.password | b64enc | quote }}
+  projectName: {{ .Values.datasources.openstack.projectName | b64enc | quote }}
+  userDomainName: {{ .Values.datasources.openstack.userDomainName | b64enc | quote }}
+  projectDomainName: {{ .Values.datasources.openstack.projectDomainName | b64enc | quote }}
+{{- if .Values.datasources.prometheus.sso.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cortex-cinder-prometheus-sso
+data:
+  cert: {{ .Values.datasources.prometheus.sso.cert | b64enc | quote }}
+  key: {{ .Values.datasources.prometheus.sso.key | b64enc | quote }}
+  selfSigned: {{ .Values.datasources.prometheus.sso.selfSigned | b64enc | quote }}
+{{- end }}
+{{- if .Values.datasources.openstack.sso.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cortex-cinder-openstack-sso
+data:
+  cert: {{ .Values.datasources.openstack.sso.cert | b64enc | quote }}
+  key: {{ .Values.datasources.openstack.sso.key | b64enc | quote }}
+  selfSigned: {{ .Values.datasources.openstack.sso.selfSigned | b64enc | quote }}
+{{- end }}

helm/bundles/cortex-cinder/values.yaml

@@ -15,6 +15,47 @@ alerts:
   enabled: true
   prometheus: openstack
 
+# SSO certificate to use.
+sharedSSOCert: &sharedSSOCert
+  # Certificate "public key". (Optional, remove this key if not needed)
+  cert: |
+    -----BEGIN CERTIFICATE-----
+    Your certificate here
+    -----END CERTIFICATE-----
+  # Certificate private key. (Optional, remove this key if not needed)
+  key: |
+    -----BEGIN PRIVATE KEY-----
+    Your private key here
+    -----END PRIVATE KEY
+  # Whether the certificate is self-signed.
+  # If true, the certificate is not verified.
+  selfSigned: "false"
+
+postgres:
+  host: cortex-cinder-postgresql
+  user: postgres
+  password: secret
+  database: postgres
+  port: "5432"
+
+datasources:
+  prometheus:
+    url: "https://path-to-your-prometheus"
+    sso:
+      enabled: false
+      <<: *sharedSSOCert
+  openstack:
+    url: "https://path-to-keystone/v3"
+    availability: public
+    username: openstack-user-with-all-project-read-access
+    password: openstack-user-password
+    projectName: openstack-project-of-user
+    userDomainName: openstack-domain-of-user
+    projectDomainName: openstack-domain-of-project-scoped-to
+    sso:
+      enabled: false
+      <<: *sharedSSOCert
+
 # Values accessible to all subcharts.
 global:
   # Values passed to the service through a configmap.
@@ -55,8 +96,6 @@ cortex-kpis:
   conf:
     kpis:
       # Configuration of KPIs that should be extracted from the synced data.
-      # Each KPI can specify its own dependencies on other extractors and
-      # synced data.
       #
       # The `name` should correspond to a known KPI extractor plugin.
       plugins: []
@@ -67,34 +106,8 @@ cortex-knowledge-operator:
   # Use this to unambiguate multiple cortex deployments in the same cluster.
   namePrefix: cortex-cinder
   conf:
-    datasources:
-      prometheus:
-        # Prometheus metrics to sync into the database.
-        # Each metric can be synced from a different Prometheus instance.
-        # The `type` parameter should map to a known metric model in the database.
-        metrics:
-          # NetApp harvest exporter metrics for Cinder storage pools.
-        - alias: netapp_aggr_labels
-          query: netapp_aggr_labels
-          type: netapp_aggregate_labels_metric
-        - alias: netapp_node_cpu_busy
-          query: netapp_node_cpu_busy
-          type: netapp_node_metric
-        - alias: netapp_volume_aggr_labels
-          query: netapp_volume_aggr_labels
-          type: netapp_volume_aggregate_labels_metric
-
-      openstack:
-        cinder:
-          # One of admin, public, or internal
-          availability: public
-          types:
-            - storage_pools
-
     extractor:
       # Configuration of features that should be extracted from the synced data.
-      # Each extractor can specify its own dependencies on other extractors or
-      # synced data.
       #
       # The `name` should correspond to a known feature extractor plugin.
       # Note that the order defined here will also be the order in which the
@@ -104,12 +117,6 @@ cortex-knowledge-operator:
         # NetApp-specific extractors.
         - name: netapp_storage_pool_cpu_usage_extractor
           recencySeconds: 60 # 1 minute
-          dependencies:
-            datasources:
-              prometheus:
-                metrics:
-                  - alias: netapp_node_cpu_busy
-                  - alias: netapp_aggr_labels
 
 cortex-scheduler:
   fullnameOverride: cortex-cinder-scheduler
@@ -127,8 +134,6 @@ cortex-scheduler:
           # Note: there needs to be at least one pipeline with the name "default".
           - name: default
             # Configuration of scheduler steps that modify the Cinder scheduler weights.
-            # Each scheduler step can specify its own dependencies on extractors and
-            # synced data.
             #
             # The `name` should correspond to a known scheduler plugin.
             plugins: []

helm/bundles/cortex-manila/templates/datasources.yaml

@@ -0,0 +1,69 @@
+---
+apiVersion: knowledge.cortex/v1alpha1
+kind: Datasource
+metadata:
+  name: netapp-aggr-labels-manila
+spec:
+  operator: cortex-manila
+  databaseSecretRef:
+    name: cortex-manila-postgres
+    namespace: {{ .Release.Namespace }}
+  {{- if .Values.datasources.prometheus.sso.enabled }}
+  ssoSecretRef:
+    name: cortex-manila-prometheus-sso
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  type: prometheus
+  prometheus:
+    secretRef:
+      name: cortex-manila-prometheus
+      namespace: {{ .Release.Namespace }}
+    alias: netapp_aggr_labels
+    query: netapp_aggr_labels
+    type: netapp_aggregate_labels_metric
+---
+apiVersion: knowledge.cortex/v1alpha1
+kind: Datasource
+metadata:
+  name: netapp-node-cpu-busy-manila
+spec:
+  operator: cortex-manila
+  databaseSecretRef:
+    name: cortex-manila-postgres
+    namespace: {{ .Release.Namespace }}
+  {{- if .Values.datasources.prometheus.sso.enabled }}
+  ssoSecretRef:
+    name: cortex-manila-prometheus-sso
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  type: prometheus
+  prometheus:
+    secretRef:
+      name: cortex-manila-prometheus
+      namespace: {{ .Release.Namespace }}
+    alias: netapp_node_cpu_busy
+    query: netapp_node_cpu_busy
+    type: netapp_node_metric
+---
+apiVersion: knowledge.cortex/v1alpha1
+kind: Datasource
+metadata:
+  name: manila-storage-pools
+spec:
+  operator: cortex-manila
+  databaseSecretRef:
+    name: cortex-manila-postgres
+    namespace: {{ .Release.Namespace }}
+  {{- if .Values.datasources.openstack.sso.enabled }}
+  ssoSecretRef:
+    name: cortex-manila-openstack-sso
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  type: openstack
+  openstack:
+    secretRef:
+      name: cortex-manila-openstack-keystone
+      namespace: {{ .Release.Namespace }}
+    type: manila
+    manila:
+      type: storagePools

helm/bundles/cortex-manila/templates/rbac.yaml

@@ -0,0 +1,22 @@
+apiVersion: rbac.authorization.k8s.io/v1
+# Cluster level access is required as the controller manager has no default namespace set.
+kind: ClusterRole
+metadata:
+  name: cortex-manila-knowledge-secret-reader
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cortex-manila-knowledge-secret-reader-binding
+subjects:
+  - kind: ServiceAccount
+    name: cortex-manila-knowledge-controller-manager
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: cortex-manila-knowledge-secret-reader
+  apiGroup: rbac.authorization.k8s.io