2022-06-14 09:54:41 -06:00
|
|
|
# Values for configuring the deployment of Grafana OnCall
|
|
|
|
|
|
|
|
|
|
# Set the domain name Grafana OnCall will be installed on.
|
|
|
|
|
# If you want to install grafana as a part of this release make sure to configure grafana.grafana.ini.server.domain too
|
|
|
|
|
base_url: example.com
|
fix a few flaky e2e tests + allow running project locally via k8s/helm (#2751)
# What this PR does
- updates the GitHub Actions workflow to move the e2e tests into a
"[reusable
workflow](https://docs.github.com/en/actions/using-workflows/reusing-workflows#creating-a-reusable-workflow)"
which are run in two scenarios:
- all tests _except_ those annotated as `@expensive` are run against
`grafana/grafana:latest` on all feature branches
- all tests _including_ `@expensive` tests are run on weekdays @ 07h00
UTC, against a matrix of 6 grafana versions. Results of these builds
will be posted to `#irm-amixr-flux` Slack channel.
- local development will now be:
```bash
make build-dev-images init-k8s start-k8s
```
- `build-dev-images` - builds the engine and UI docker images (only need
to run first time)
- `init-k8s` - creates a `kind` cluster and loads the two Docker images
onto the cluster nodes (only need to run first time)
- `start-k8s` - switches `kubectl` context to the created `kind`
cluster, and uses `helm` to deploy everything as defined in
`./dev/helm-local.yml` and `./dev/helm-local.dev.yml` (that latter file
is `.gitignored` and specific to how _you_ want your setup to look like.
Hot reloading works as before. This is the _start_ of #2381. (I've
marked these `make` commands as beta, because they've not yet been
thoroughly tested for local development).
- modifies the `helm` chart to add the concept of `oncall.devMode`,
`ui`, and ability to run oncall w/ sqlite
- `oncall.devMode` will essentially just add `volumes` and
`volumeMounts` to the various engine/migrate containers +
- `ui.enabled` + `ui.env` - create a ui container (which is needed for
hot reloading locally)
- `sqlite` - this was useful for the e2e test environments where Github
runner resources are scarce. Running `mariadb` eats up precious
resources, instead lets just use sqlite here
- fixes an issue that caused sporadic HTTP 502s from the grafana
plugin-proxy, which led to flaky tests. See [this
comment](https://github.com/grafana/oncall/pull/2751/files#diff-09040e8df192699b9c5742110ebbe8d9d5c3938cb156cc1cb99fa1c3fdee4fefR72-R77)
for more context + a link to a relevant Slack conversation. **tldr;**
there is a bug with the Grafana plugin proxy in Grafana >= v10.0.3.
Let's stop using the `latest`/`main` docker tags in our test and pin to
`10.0.2` for now
- ~~re-enables the e2e test which validates a phone number via SMS, and
asserts that we can receive an alert escalation via SMS (new Mailslurp
API Key has been added as a repo secret)~~ update: this is still blocked
by procurement, will be done in a future PR
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
2023-08-22 19:03:29 +02:00
|
|
|
base_url_protocol: https
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2023-06-12 09:34:36 +06:00
|
|
|
## Optionally specify an array of imagePullSecrets.
|
|
|
|
|
## Secrets must be manually created in the namespace.
|
|
|
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
|
|
|
## e.g:
|
|
|
|
|
## imagePullSecrets:
|
|
|
|
|
## - name: myRegistryKeySecretName
|
|
|
|
|
imagePullSecrets: []
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
image:
|
|
|
|
|
# Grafana OnCall docker image repository
|
|
|
|
|
repository: grafana/oncall
|
|
|
|
|
tag:
|
2022-12-02 13:27:37 +01:00
|
|
|
pullPolicy: Always
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Whether to create additional service for external connections
|
|
|
|
|
# ClusterIP service is always created
|
|
|
|
|
service:
|
|
|
|
|
enabled: false
|
|
|
|
|
type: LoadBalancer
|
|
|
|
|
port: 8080
|
2022-07-19 13:34:17 +08:00
|
|
|
annotations: {}
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Engine pods configuration
|
|
|
|
|
engine:
|
|
|
|
|
replicaCount: 1
|
2023-08-03 08:35:08 +02:00
|
|
|
resources:
|
|
|
|
|
{}
|
2022-06-14 09:54:41 -06:00
|
|
|
# limits:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# requests:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
|
2022-12-20 12:59:19 +00:00
|
|
|
## Deployment update strategy
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
|
|
|
updateStrategy:
|
|
|
|
|
rollingUpdate:
|
|
|
|
|
maxSurge: 25%
|
|
|
|
|
maxUnavailable: 0
|
|
|
|
|
type: RollingUpdate
|
|
|
|
|
|
2022-10-04 16:48:33 +08:00
|
|
|
## Affinity for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
|
|
## Node labels for pod assignment
|
2022-08-08 23:25:00 +02:00
|
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
2022-10-04 16:48:33 +08:00
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
|
|
## Tolerations for pod assignment
|
2022-08-08 23:25:00 +02:00
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
2022-10-04 16:48:33 +08:00
|
|
|
tolerations: []
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2023-07-31 18:12:19 +10:00
|
|
|
## Topology spread constraints for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
|
|
|
|
|
topologySpreadConstraints: []
|
|
|
|
|
|
|
|
|
|
## Priority class for the pods
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
|
|
|
|
|
priorityClassName: ""
|
|
|
|
|
|
2023-07-31 16:28:08 +02:00
|
|
|
# Extra containers which runs as sidecar
|
|
|
|
|
extraContainers: ""
|
|
|
|
|
# extraContainers: |
|
|
|
|
|
# - name: cloud-sql-proxy
|
|
|
|
|
# image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.1.2
|
|
|
|
|
# args:
|
|
|
|
|
# - --private-ip
|
|
|
|
|
# - --port=5432
|
|
|
|
|
# - example:europe-west3:grafana-oncall-db
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# Celery workers pods configuration
|
|
|
|
|
celery:
|
|
|
|
|
replicaCount: 1
|
2022-10-07 10:30:45 +08:00
|
|
|
worker_queue: "default,critical,long,slack,telegram,webhook,celery"
|
|
|
|
|
worker_concurrency: "1"
|
|
|
|
|
worker_max_tasks_per_child: "100"
|
|
|
|
|
worker_beat_enabled: "True"
|
2022-10-07 10:32:57 +08:00
|
|
|
## Restart of the celery workers once in a given interval as an additional precaution to the probes
|
2022-10-07 10:30:45 +08:00
|
|
|
## If this setting is enabled TERM signal will be sent to celery workers
|
|
|
|
|
## It will lead to warm shutdown (waiting for the tasks to complete) and restart the container
|
|
|
|
|
## If this setting is set numbers of pod restarts will increase
|
|
|
|
|
## Comment this line out if you want to remove restarts
|
2022-10-07 10:32:57 +08:00
|
|
|
worker_shutdown_interval: "65m"
|
2022-10-05 11:11:08 +03:00
|
|
|
livenessProbe:
|
2022-10-05 11:23:25 +03:00
|
|
|
enabled: true
|
2022-10-05 11:11:08 +03:00
|
|
|
initialDelaySeconds: 30
|
|
|
|
|
periodSeconds: 300
|
|
|
|
|
timeoutSeconds: 10
|
2023-08-03 08:35:08 +02:00
|
|
|
resources:
|
|
|
|
|
{}
|
2022-06-14 09:54:41 -06:00
|
|
|
# limits:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# requests:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
|
2023-07-11 16:20:28 +08:00
|
|
|
## Affinity for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
|
|
## Node labels for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
|
|
## Tolerations for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
|
|
|
tolerations: []
|
|
|
|
|
|
2023-07-31 18:12:19 +10:00
|
|
|
## Topology spread constraints for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
|
|
|
|
|
topologySpreadConstraints: []
|
|
|
|
|
|
|
|
|
|
## Priority class for the pods
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
|
|
|
|
|
priorityClassName: ""
|
|
|
|
|
|
2023-07-31 16:28:08 +02:00
|
|
|
# Extra containers which runs as sidecar
|
|
|
|
|
extraContainers: ""
|
|
|
|
|
# extraContainers: |
|
|
|
|
|
# - name: cloud-sql-proxy
|
|
|
|
|
# image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.1.2
|
|
|
|
|
# args:
|
|
|
|
|
# - --private-ip
|
|
|
|
|
# - --port=5432
|
|
|
|
|
# - example:europe-west3:grafana-oncall-db
|
|
|
|
|
|
2022-09-05 17:12:18 +03:00
|
|
|
oncall:
|
fix a few flaky e2e tests + allow running project locally via k8s/helm (#2751)
# What this PR does
- updates the GitHub Actions workflow to move the e2e tests into a
"[reusable
workflow](https://docs.github.com/en/actions/using-workflows/reusing-workflows#creating-a-reusable-workflow)"
which are run in two scenarios:
- all tests _except_ those annotated as `@expensive` are run against
`grafana/grafana:latest` on all feature branches
- all tests _including_ `@expensive` tests are run on weekdays @ 07h00
UTC, against a matrix of 6 grafana versions. Results of these builds
will be posted to `#irm-amixr-flux` Slack channel.
- local development will now be:
```bash
make build-dev-images init-k8s start-k8s
```
- `build-dev-images` - builds the engine and UI docker images (only need
to run first time)
- `init-k8s` - creates a `kind` cluster and loads the two Docker images
onto the cluster nodes (only need to run first time)
- `start-k8s` - switches `kubectl` context to the created `kind`
cluster, and uses `helm` to deploy everything as defined in
`./dev/helm-local.yml` and `./dev/helm-local.dev.yml` (that latter file
is `.gitignored` and specific to how _you_ want your setup to look like.
Hot reloading works as before. This is the _start_ of #2381. (I've
marked these `make` commands as beta, because they've not yet been
thoroughly tested for local development).
- modifies the `helm` chart to add the concept of `oncall.devMode`,
`ui`, and ability to run oncall w/ sqlite
- `oncall.devMode` will essentially just add `volumes` and
`volumeMounts` to the various engine/migrate containers +
- `ui.enabled` + `ui.env` - create a ui container (which is needed for
hot reloading locally)
- `sqlite` - this was useful for the e2e test environments where Github
runner resources are scarce. Running `mariadb` eats up precious
resources, instead lets just use sqlite here
- fixes an issue that caused sporadic HTTP 502s from the grafana
plugin-proxy, which led to flaky tests. See [this
comment](https://github.com/grafana/oncall/pull/2751/files#diff-09040e8df192699b9c5742110ebbe8d9d5c3938cb156cc1cb99fa1c3fdee4fefR72-R77)
for more context + a link to a relevant Slack conversation. **tldr;**
there is a bug with the Grafana plugin proxy in Grafana >= v10.0.3.
Let's stop using the `latest`/`main` docker tags in our test and pin to
`10.0.2` for now
- ~~re-enables the e2e test which validates a phone number via SMS, and
asserts that we can receive an alert escalation via SMS (new Mailslurp
API Key has been added as a repo secret)~~ update: this is still blocked
by procurement, will be done in a future PR
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
2023-08-22 19:03:29 +02:00
|
|
|
# this is intended to be used for local development. In short, it will mount the ./engine dir into
|
|
|
|
|
# any backend related containers, to allow hot-reloading + also run the containers with slightly modified
|
|
|
|
|
# startup commands (which configures the hot-reloading)
|
|
|
|
|
devMode: false
|
|
|
|
|
|
2022-11-20 11:22:14 +07:00
|
|
|
# Override default MIRAGE_CIPHER_IV (must be 16 bytes long)
|
|
|
|
|
# For existing installation, this should not be changed.
|
|
|
|
|
# mirageCipherIV: 1234567890abcdef
|
|
|
|
|
# oncall secrets
|
|
|
|
|
secrets:
|
|
|
|
|
# Use existing secret. (secretKey and mirageSecretKey is required)
|
|
|
|
|
existingSecret: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing secret key
|
2022-11-20 11:22:14 +07:00
|
|
|
secretKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing mirage secret key
|
2022-11-20 11:22:14 +07:00
|
|
|
mirageSecretKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# Slack configures the Grafana Oncall Slack ChatOps integration.
|
2022-09-05 17:12:18 +03:00
|
|
|
slack:
|
2023-06-22 22:43:05 -07:00
|
|
|
# Enable the Slack ChatOps integration for the Oncall Engine.
|
2022-09-05 17:12:18 +03:00
|
|
|
enabled: false
|
2023-06-22 22:43:05 -07:00
|
|
|
# Sets the Slack bot slash-command
|
2023-01-12 02:03:33 -05:00
|
|
|
commandName: oncall
|
2022-10-19 09:13:35 +02:00
|
|
|
# clientId configures the Slack app OAuth2 client ID.
|
|
|
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Client ID
|
2022-09-05 17:12:18 +03:00
|
|
|
clientId: ~
|
2022-10-19 09:13:35 +02:00
|
|
|
# clientSecret configures the Slack app OAuth2 client secret.
|
|
|
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Client Secret
|
2022-09-05 17:12:18 +03:00
|
|
|
clientSecret: ~
|
2023-06-22 22:43:05 -07:00
|
|
|
# signingSecret - configures the Slack app signature secret used to sign
|
2022-10-19 09:13:35 +02:00
|
|
|
# requests comming from Slack.
|
|
|
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Signing Secret
|
|
|
|
|
signingSecret: ~
|
2022-11-20 11:22:14 +07:00
|
|
|
# Use existing secret for clientId, clientSecret and signingSecret.
|
|
|
|
|
# clientIdKey, clientSecretKey and signingSecretKey are required
|
|
|
|
|
existingSecret: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing OAuth2 client ID
|
2022-11-20 11:22:14 +07:00
|
|
|
clientIdKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing OAuth2 client secret
|
2022-11-20 11:22:14 +07:00
|
|
|
clientSecretKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing the Slack app signature secret
|
2022-11-20 11:22:14 +07:00
|
|
|
signingSecretKey: ""
|
2022-11-02 11:32:05 +02:00
|
|
|
# OnCall external URL
|
|
|
|
|
redirectHost: ~
|
2022-09-05 17:12:18 +03:00
|
|
|
telegram:
|
|
|
|
|
enabled: false
|
|
|
|
|
token: ~
|
|
|
|
|
webhookUrl: ~
|
2023-06-22 22:43:05 -07:00
|
|
|
# Use existing secret. (tokenKey is required)
|
2022-11-20 11:22:14 +07:00
|
|
|
existingSecret: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing Telegram token
|
2022-11-20 11:22:14 +07:00
|
|
|
tokenKey: ""
|
2022-10-19 14:19:22 +02:00
|
|
|
smtp:
|
|
|
|
|
enabled: false
|
|
|
|
|
host: ~
|
|
|
|
|
port: ~
|
|
|
|
|
username: ~
|
|
|
|
|
password: ~
|
|
|
|
|
tls: ~
|
2022-10-19 14:40:44 +02:00
|
|
|
fromEmail: ~
|
2023-06-12 10:04:07 -03:00
|
|
|
exporter:
|
|
|
|
|
enabled: false
|
|
|
|
|
authToken: ~
|
2022-11-02 11:32:05 +02:00
|
|
|
twilio:
|
|
|
|
|
# Twilio account SID/username to allow OnCall to send SMSes and make phone calls
|
|
|
|
|
accountSid: ""
|
|
|
|
|
# Twilio password to allow OnCall to send SMSes and make calls
|
|
|
|
|
authToken: ""
|
2023-08-03 08:35:08 +02:00
|
|
|
# Number from which you will receive calls and SMS
|
|
|
|
|
# (NOTE: must be quoted, otherwise would be rendered as float value)
|
2022-11-02 11:32:05 +02:00
|
|
|
phoneNumber: ""
|
|
|
|
|
# SID of Twilio service for number verification. You can create a service in Twilio web interface.
|
|
|
|
|
# twilio.com -> verify -> create new service
|
|
|
|
|
verifySid: ""
|
|
|
|
|
# Twilio API key SID/username to allow OnCall to send SMSes and make phone calls
|
|
|
|
|
apiKeySid: ""
|
|
|
|
|
# Twilio API key secret/password to allow OnCall to send SMSes and make phone calls
|
|
|
|
|
apiKeySecret: ""
|
2023-04-21 15:21:06 +01:00
|
|
|
# Use existing secret for authToken, phoneNumber, verifySid, apiKeySid and apiKeySecret.
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# Twilio password to allow OnCall to send SMSes and make calls
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing the auth token
|
2023-04-21 15:21:06 +01:00
|
|
|
authTokenKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing the phone number
|
2023-04-21 15:21:06 +01:00
|
|
|
phoneNumberKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing verify service sid
|
2023-04-21 15:21:06 +01:00
|
|
|
verifySidKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing api key sid
|
2023-04-21 15:21:06 +01:00
|
|
|
apiKeySidKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing the api key secret
|
2023-04-21 15:21:06 +01:00
|
|
|
apiKeySecretKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# Phone notifications limit (the only non-secret value).
|
|
|
|
|
# TODO: rename to phoneNotificationLimit
|
|
|
|
|
limitPhone:
|
2022-09-05 17:12:18 +03:00
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# Whether to run django database migrations automatically
|
|
|
|
|
migrate:
|
|
|
|
|
enabled: true
|
2022-12-07 10:10:10 +02:00
|
|
|
# TTL can be unset by setting ttlSecondsAfterFinished: ""
|
|
|
|
|
ttlSecondsAfterFinished: 20
|
2023-04-17 12:22:05 +02:00
|
|
|
# use a helm hook to manage the migration job
|
|
|
|
|
useHook: false
|
2023-07-26 01:51:49 +10:00
|
|
|
annotations: {}
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2023-07-11 16:20:28 +08:00
|
|
|
## Affinity for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
|
|
## Node labels for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
|
|
## Tolerations for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
|
|
|
tolerations: []
|
|
|
|
|
|
2023-07-31 16:28:08 +02:00
|
|
|
# Extra containers which runs as sidecar
|
|
|
|
|
extraContainers: ""
|
|
|
|
|
# extraContainers: |
|
|
|
|
|
# - name: cloud-sql-proxy
|
|
|
|
|
# image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.1.2
|
|
|
|
|
# args:
|
|
|
|
|
# - --private-ip
|
|
|
|
|
# - --port=5432
|
|
|
|
|
# - example:europe-west3:grafana-oncall-db
|
fix a few flaky e2e tests + allow running project locally via k8s/helm (#2751)
# What this PR does
- updates the GitHub Actions workflow to move the e2e tests into a
"[reusable
workflow](https://docs.github.com/en/actions/using-workflows/reusing-workflows#creating-a-reusable-workflow)"
which are run in two scenarios:
- all tests _except_ those annotated as `@expensive` are run against
`grafana/grafana:latest` on all feature branches
- all tests _including_ `@expensive` tests are run on weekdays @ 07h00
UTC, against a matrix of 6 grafana versions. Results of these builds
will be posted to `#irm-amixr-flux` Slack channel.
- local development will now be:
```bash
make build-dev-images init-k8s start-k8s
```
- `build-dev-images` - builds the engine and UI docker images (only need
to run first time)
- `init-k8s` - creates a `kind` cluster and loads the two Docker images
onto the cluster nodes (only need to run first time)
- `start-k8s` - switches `kubectl` context to the created `kind`
cluster, and uses `helm` to deploy everything as defined in
`./dev/helm-local.yml` and `./dev/helm-local.dev.yml` (that latter file
is `.gitignored` and specific to how _you_ want your setup to look like.
Hot reloading works as before. This is the _start_ of #2381. (I've
marked these `make` commands as beta, because they've not yet been
thoroughly tested for local development).
- modifies the `helm` chart to add the concept of `oncall.devMode`,
`ui`, and ability to run oncall w/ sqlite
- `oncall.devMode` will essentially just add `volumes` and
`volumeMounts` to the various engine/migrate containers +
- `ui.enabled` + `ui.env` - create a ui container (which is needed for
hot reloading locally)
- `sqlite` - this was useful for the e2e test environments where Github
runner resources are scarce. Running `mariadb` eats up precious
resources, instead lets just use sqlite here
- fixes an issue that caused sporadic HTTP 502s from the grafana
plugin-proxy, which led to flaky tests. See [this
comment](https://github.com/grafana/oncall/pull/2751/files#diff-09040e8df192699b9c5742110ebbe8d9d5c3938cb156cc1cb99fa1c3fdee4fefR72-R77)
for more context + a link to a relevant Slack conversation. **tldr;**
there is a bug with the Grafana plugin proxy in Grafana >= v10.0.3.
Let's stop using the `latest`/`main` docker tags in our test and pin to
`10.0.2` for now
- ~~re-enables the e2e test which validates a phone number via SMS, and
asserts that we can receive an alert escalation via SMS (new Mailslurp
API Key has been added as a repo secret)~~ update: this is still blocked
by procurement, will be done in a future PR
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
2023-08-22 19:03:29 +02:00
|
|
|
resources:
|
|
|
|
|
{}
|
|
|
|
|
# limits:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# requests:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
2023-07-11 16:20:28 +08:00
|
|
|
|
2023-08-03 08:35:08 +02:00
|
|
|
# Sets environment variables with name capitalized and prefixed with UWSGI_,
|
|
|
|
|
# and dashes are substituted with underscores.
|
2023-05-29 23:35:43 +06:00
|
|
|
# see more: https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html#environment-variables
|
|
|
|
|
# Set null to disable all UWSGI environment variables
|
|
|
|
|
uwsgi:
|
|
|
|
|
listen: 1024
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# Additional env variables to add to deployments
|
2022-11-02 11:32:05 +02:00
|
|
|
env: {}
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Enable ingress object for external access to the resources
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
2022-12-02 13:27:37 +01:00
|
|
|
# className: ""
|
2022-06-14 09:54:41 -06:00
|
|
|
annotations:
|
|
|
|
|
kubernetes.io/ingress.class: "nginx"
|
|
|
|
|
cert-manager.io/issuer: "letsencrypt-prod"
|
2022-11-02 08:34:41 +01:00
|
|
|
tls:
|
2022-07-29 12:38:25 -07:00
|
|
|
- hosts:
|
|
|
|
|
- "{{ .Values.base_url }}"
|
|
|
|
|
secretName: certificate-tls
|
2022-12-02 13:27:37 +01:00
|
|
|
# Extra paths to prepend to the host configuration. If using something
|
|
|
|
|
# like an ALB ingress controller, you may want to configure SSL redirects
|
2022-07-29 12:50:57 -07:00
|
|
|
extraPaths: []
|
|
|
|
|
# - path: /*
|
|
|
|
|
# backend:
|
|
|
|
|
# serviceName: ssl-redirect
|
|
|
|
|
# servicePort: use-annotation
|
|
|
|
|
## Or for k8s > 1.19
|
|
|
|
|
# - path: /*
|
|
|
|
|
# pathType: Prefix
|
|
|
|
|
# backend:
|
|
|
|
|
# service:
|
|
|
|
|
# name: ssl-redirect
|
|
|
|
|
# port:
|
|
|
|
|
# name: use-annotation
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Whether to install ingress controller
|
2022-06-18 15:40:58 +02:00
|
|
|
ingress-nginx:
|
2022-06-14 09:54:41 -06:00
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
# Install cert-manager as a part of the release
|
|
|
|
|
cert-manager:
|
|
|
|
|
enabled: true
|
|
|
|
|
# Instal CRD resources
|
|
|
|
|
installCRDs: true
|
|
|
|
|
webhook:
|
|
|
|
|
timeoutSeconds: 30
|
|
|
|
|
# cert-manager tries to use the already used port, changing to another one
|
|
|
|
|
# https://github.com/cert-manager/cert-manager/issues/3237
|
|
|
|
|
# https://cert-manager.io/docs/installation/compatibility/
|
|
|
|
|
securePort: 10260
|
|
|
|
|
# Fix self-checks https://github.com/jetstack/cert-manager/issues/4286
|
|
|
|
|
podDnsPolicy: None
|
|
|
|
|
podDnsConfig:
|
|
|
|
|
nameservers:
|
|
|
|
|
- 8.8.8.8
|
|
|
|
|
- 1.1.1.1
|
|
|
|
|
|
2022-11-02 08:34:41 +01:00
|
|
|
database:
|
|
|
|
|
# can be either mysql or postgresql
|
|
|
|
|
type: mysql
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# MySQL is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
|
|
|
|
# Set mariadb.enabled = false and configure externalMysql
|
|
|
|
|
mariadb:
|
|
|
|
|
enabled: true
|
|
|
|
|
auth:
|
|
|
|
|
database: oncall
|
2023-06-22 22:43:05 -07:00
|
|
|
existingSecret:
|
2022-06-14 09:54:41 -06:00
|
|
|
primary:
|
|
|
|
|
extraEnvVars:
|
2022-12-02 13:27:37 +01:00
|
|
|
- name: MARIADB_COLLATE
|
|
|
|
|
value: utf8mb4_unicode_ci
|
|
|
|
|
- name: MARIADB_CHARACTER_SET
|
|
|
|
|
value: utf8mb4
|
2022-06-14 09:54:41 -06:00
|
|
|
secondary:
|
|
|
|
|
extraEnvVars:
|
2022-12-02 13:27:37 +01:00
|
|
|
- name: MARIADB_COLLATE
|
|
|
|
|
value: utf8mb4_unicode_ci
|
|
|
|
|
- name: MARIADB_CHARACTER_SET
|
|
|
|
|
value: utf8mb4
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Make sure to create the database with the following parameters:
|
|
|
|
|
# CREATE DATABASE oncall CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
|
|
|
|
|
externalMysql:
|
|
|
|
|
host:
|
|
|
|
|
port:
|
|
|
|
|
db_name:
|
|
|
|
|
user:
|
|
|
|
|
password:
|
2023-06-22 22:43:05 -07:00
|
|
|
# Use an existing secret for the mysql password.
|
|
|
|
|
existingSecret:
|
|
|
|
|
# The key in the secret containing the mysql username
|
2023-06-13 08:42:22 +03:00
|
|
|
usernameKey:
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing the mysql password
|
2023-06-13 08:42:22 +03:00
|
|
|
passwordKey:
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-11-02 08:34:41 +01:00
|
|
|
# PostgreSQL is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
|
|
|
|
# Set postgresql.enabled = false and configure externalPostgresql
|
|
|
|
|
postgresql:
|
|
|
|
|
enabled: false
|
|
|
|
|
auth:
|
|
|
|
|
database: oncall
|
2023-06-22 22:43:05 -07:00
|
|
|
existingSecret:
|
2022-11-02 08:34:41 +01:00
|
|
|
|
|
|
|
|
# Make sure to create the database with the following parameters:
|
2023-05-26 19:50:24 +06:00
|
|
|
# CREATE DATABASE oncall WITH ENCODING UTF8;
|
2022-11-02 08:34:41 +01:00
|
|
|
externalPostgresql:
|
|
|
|
|
host:
|
|
|
|
|
port:
|
|
|
|
|
db_name:
|
|
|
|
|
user:
|
|
|
|
|
password:
|
2023-06-22 22:43:05 -07:00
|
|
|
# Use an existing secret for the database password
|
|
|
|
|
existingSecret:
|
|
|
|
|
# The key in the secret containing the database password
|
2022-11-08 17:10:26 +08:00
|
|
|
passwordKey:
|
2022-11-02 08:34:41 +01:00
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# RabbitMQ is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
|
|
|
|
# Set rabbitmq.enabled = false and configure externalRabbitmq
|
|
|
|
|
rabbitmq:
|
|
|
|
|
enabled: true
|
2023-06-22 22:43:05 -07:00
|
|
|
auth:
|
|
|
|
|
existingPasswordSecret:
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-11-02 17:37:41 +08:00
|
|
|
broker:
|
|
|
|
|
type: rabbitmq
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
externalRabbitmq:
|
|
|
|
|
host:
|
|
|
|
|
port:
|
|
|
|
|
user:
|
|
|
|
|
password:
|
2022-06-29 09:02:19 -04:00
|
|
|
protocol:
|
2022-07-17 17:18:06 +03:00
|
|
|
vhost:
|
2023-06-22 22:43:05 -07:00
|
|
|
# Use an existing secret for the rabbitmq password
|
|
|
|
|
existingSecret:
|
|
|
|
|
# The key in the secret containing the rabbitmq password
|
2023-06-16 06:14:36 +03:00
|
|
|
passwordKey: ""
|
2023-06-22 22:43:05 -07:00
|
|
|
# The key in the secret containing the rabbitmq username
|
2022-11-03 08:31:00 +01:00
|
|
|
usernameKey: username
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-06-21 20:27:20 +03:00
|
|
|
# Redis is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
2022-06-14 09:54:41 -06:00
|
|
|
redis:
|
|
|
|
|
enabled: true
|
2023-06-22 22:43:05 -07:00
|
|
|
auth:
|
|
|
|
|
existingSecret:
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-06-16 11:39:13 +04:00
|
|
|
externalRedis:
|
2022-06-14 09:54:41 -06:00
|
|
|
host:
|
|
|
|
|
password:
|
2023-06-22 22:43:05 -07:00
|
|
|
# Use an existing secret for the redis password
|
|
|
|
|
existingSecret:
|
|
|
|
|
# The key in the secret containing the redis password
|
2023-06-13 08:42:22 +03:00
|
|
|
passwordKey:
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-06-21 20:27:20 +03:00
|
|
|
# Grafana is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
2022-06-14 09:54:41 -06:00
|
|
|
grafana:
|
|
|
|
|
enabled: true
|
|
|
|
|
grafana.ini:
|
|
|
|
|
server:
|
|
|
|
|
domain: example.com
|
|
|
|
|
root_url: "%(protocol)s://%(domain)s/grafana"
|
|
|
|
|
serve_from_sub_path: true
|
|
|
|
|
persistence:
|
|
|
|
|
enabled: true
|
2023-06-09 15:16:51 +08:00
|
|
|
# Disable psp as PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
|
|
|
|
|
rbac:
|
|
|
|
|
pspEnabled: false
|
2022-06-14 09:54:41 -06:00
|
|
|
plugins:
|
|
|
|
|
- grafana-oncall-app
|
|
|
|
|
|
2022-11-21 16:26:00 +01:00
|
|
|
externalGrafana:
|
2023-06-22 22:43:05 -07:00
|
|
|
# Example: https://grafana.mydomain.com
|
2022-11-21 16:26:00 +01:00
|
|
|
url:
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
nameOverride: ""
|
|
|
|
|
fullnameOverride: ""
|
|
|
|
|
|
|
|
|
|
serviceAccount:
|
|
|
|
|
# Specifies whether a service account should be created
|
|
|
|
|
create: true
|
|
|
|
|
# Annotations to add to the service account
|
|
|
|
|
annotations: {}
|
|
|
|
|
# The name of the service account to use.
|
|
|
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
|
|
|
name: ""
|
|
|
|
|
|
|
|
|
|
podAnnotations: {}
|
|
|
|
|
|
2023-08-03 08:35:08 +02:00
|
|
|
podSecurityContext:
|
|
|
|
|
{}
|
2022-06-14 09:54:41 -06:00
|
|
|
# fsGroup: 2000
|
|
|
|
|
|
2023-08-03 08:35:08 +02:00
|
|
|
securityContext:
|
|
|
|
|
{}
|
2022-06-14 09:54:41 -06:00
|
|
|
# capabilities:
|
|
|
|
|
# drop:
|
|
|
|
|
# - ALL
|
|
|
|
|
# readOnlyRootFilesystem: true
|
|
|
|
|
# runAsNonRoot: true
|
|
|
|
|
# runAsUser: 1000
|
2022-06-16 17:52:29 +04:00
|
|
|
|
|
|
|
|
init:
|
2023-08-03 08:35:08 +02:00
|
|
|
securityContext:
|
|
|
|
|
{}
|
2022-06-16 17:52:29 +04:00
|
|
|
# allowPrivilegeEscalation: false
|
|
|
|
|
# capabilities:
|
|
|
|
|
# drop:
|
|
|
|
|
# - ALL
|
|
|
|
|
# privileged: false
|
|
|
|
|
# readOnlyRootFilesystem: true
|
|
|
|
|
# runAsGroup: 1337
|
|
|
|
|
# runAsNonRoot: true
|
|
|
|
|
# runAsUser: 1337
|
2023-08-03 08:35:08 +02:00
|
|
|
resources:
|
|
|
|
|
{}
|
|
|
|
|
# limits:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# requests:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
fix a few flaky e2e tests + allow running project locally via k8s/helm (#2751)
# What this PR does
- updates the GitHub Actions workflow to move the e2e tests into a
"[reusable
workflow](https://docs.github.com/en/actions/using-workflows/reusing-workflows#creating-a-reusable-workflow)"
which are run in two scenarios:
- all tests _except_ those annotated as `@expensive` are run against
`grafana/grafana:latest` on all feature branches
- all tests _including_ `@expensive` tests are run on weekdays @ 07h00
UTC, against a matrix of 6 grafana versions. Results of these builds
will be posted to `#irm-amixr-flux` Slack channel.
- local development will now be:
```bash
make build-dev-images init-k8s start-k8s
```
- `build-dev-images` - builds the engine and UI docker images (only need
to run first time)
- `init-k8s` - creates a `kind` cluster and loads the two Docker images
onto the cluster nodes (only need to run first time)
- `start-k8s` - switches `kubectl` context to the created `kind`
cluster, and uses `helm` to deploy everything as defined in
`./dev/helm-local.yml` and `./dev/helm-local.dev.yml` (that latter file
is `.gitignored` and specific to how _you_ want your setup to look like.
Hot reloading works as before. This is the _start_ of #2381. (I've
marked these `make` commands as beta, because they've not yet been
thoroughly tested for local development).
- modifies the `helm` chart to add the concept of `oncall.devMode`,
`ui`, and ability to run oncall w/ sqlite
- `oncall.devMode` will essentially just add `volumes` and
`volumeMounts` to the various engine/migrate containers +
- `ui.enabled` + `ui.env` - create a ui container (which is needed for
hot reloading locally)
- `sqlite` - this was useful for the e2e test environments where Github
runner resources are scarce. Running `mariadb` eats up precious
resources, instead lets just use sqlite here
- fixes an issue that caused sporadic HTTP 502s from the grafana
plugin-proxy, which led to flaky tests. See [this
comment](https://github.com/grafana/oncall/pull/2751/files#diff-09040e8df192699b9c5742110ebbe8d9d5c3938cb156cc1cb99fa1c3fdee4fefR72-R77)
for more context + a link to a relevant Slack conversation. **tldr;**
there is a bug with the Grafana plugin proxy in Grafana >= v10.0.3.
Let's stop using the `latest`/`main` docker tags in our test and pin to
`10.0.2` for now
- ~~re-enables the e2e test which validates a phone number via SMS, and
asserts that we can receive an alert escalation via SMS (new Mailslurp
API Key has been added as a repo secret)~~ update: this is still blocked
by procurement, will be done in a future PR
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
2023-08-22 19:03:29 +02:00
|
|
|
|
|
|
|
|
ui:
|
|
|
|
|
# this is intended to be used for local development. In short, it will spin up an additional container
|
|
|
|
|
# running the plugin frontend, such that hot reloading can be enabled
|
|
|
|
|
enabled: false
|
|
|
|
|
# Additional env vars for the ui container
|
|
|
|
|
env: {}
|