NationTech/harmony
6
0
Fork 1
Code Issues 35 Pull Requests 7 Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: NationTech:82119076cffbeee10539b61ac8d635f2bf40ec58
Branches Tags
NationTech:master
NationTech:fix/pxe_install
NationTech:feat/cluster_monitoring
NationTech:feat/kube_convert_dynamic_resource
NationTech:feat/install_opnsense_node_exporter
NationTech:doc/clone
NationTech:doc/worker-flag
NationTech:feat/webappdns
NationTech:switch-client
NationTech:okd_enable_user_workload_monitoring
NationTech:configure-switch
NationTech:fix/clippy
NationTech:feat/gen-ca-cert
NationTech:feat/okd_default_ingress_class
NationTech:fix/add_routes_to_domain
NationTech:secrets-prompt-editor
NationTech:feat/multisiteApplication
NationTech:feat/ceph-install-score
NationTech:feat/ceph-osd-score
NationTech:feat/ceph_validate_health
NationTech:better-indicatif-progress-grouped
NationTech:feat/crd-alertmanager-configs
NationTech:better-cli
NationTech:opnsense_upgrade
NationTech:feat/monitoring-application-feature
NationTech:dev/postgres
NationTech:feat/cd/localdeploymentdemo
NationTech:feat/webhook_receiver
NationTech:feat/kube-prometheus
NationTech:feat/init_k8s_tenant
NationTech:feat/discord-webhook-receiver
NationTech:feat/kube-prometheus-monitor
NationTech:feat/tenantScore
NationTech:feat/teams-integration
NationTech:feat/slack-notifs
NationTech:monitoring
NationTech:runtime-profiles
NationTech:snapshot-latest
..
compare: NationTech:3eecc2f5901beaea484d78c383a13116a84cab80
Branches Tags
NationTech:fix/pxe_install
NationTech:feat/cluster_monitoring
NationTech:feat/kube_convert_dynamic_resource
NationTech:feat/install_opnsense_node_exporter
NationTech:master
NationTech:doc/clone
NationTech:doc/worker-flag
NationTech:feat/webappdns
NationTech:switch-client
NationTech:okd_enable_user_workload_monitoring
NationTech:configure-switch
NationTech:fix/clippy
NationTech:feat/gen-ca-cert
NationTech:feat/okd_default_ingress_class
NationTech:fix/add_routes_to_domain
NationTech:secrets-prompt-editor
NationTech:feat/multisiteApplication
NationTech:feat/ceph-install-score
NationTech:feat/ceph-osd-score
NationTech:feat/ceph_validate_health
NationTech:better-indicatif-progress-grouped
NationTech:feat/crd-alertmanager-configs
NationTech:better-cli
NationTech:opnsense_upgrade
NationTech:feat/monitoring-application-feature
NationTech:dev/postgres
NationTech:feat/cd/localdeploymentdemo
NationTech:feat/webhook_receiver
NationTech:feat/kube-prometheus
NationTech:feat/init_k8s_tenant
NationTech:feat/discord-webhook-receiver
NationTech:feat/kube-prometheus-monitor
NationTech:feat/tenantScore
NationTech:feat/teams-integration
NationTech:feat/slack-notifs
NationTech:monitoring
NationTech:runtime-profiles
NationTech:snapshot-latest

5 Commits
82119076cf ... 3eecc2f590

Author SHA1 Message Date
Willem
3eecc2f590 fix: K8sTenantManager is responsible for concrete implementation. K8sAnywhere should delegate
All checks were successful
Run Check Script / check (pull_request) Successful in 4s
Details
2025-07-02 15:51:30 -04:00
Willem
3959c07261 Merge remote-tracking branch 'origin/master' into refactor/ns 2025-07-02 15:13:13 -04:00
Jean-Gabriel Gill-Couture
e50c01c0b3 fix: Forgotten file 🙈
Some checks failed
Run Check Script / check (push) Failing after -28s
Details
Compile and package harmony_composer / package_harmony_composer (push) Successful in 3m15s
Details
2025-07-02 15:11:03 -04:00
wjro
286460d59e Merge pull request 'feat: added default resource limit and request to k8s tenant' (#75) from feat/tenant_limit_range into master
Some checks failed
Run Check Script / check (push) Failing after 38s
Details
Compile and package harmony_composer / package_harmony_composer (push) Successful in 3m0s
Details 
Reviewed-on: https://git.nationtech.io/NationTech/harmony/pulls/75
Reviewed-by: taha <taha@noreply.git.nationtech.io>
 2025-07-02 18:55:04 +00:00
Willem
4baa3ae707 feat: added default resource limit and request to k8s tenant
Some checks failed
Run Check Script / check (pull_request) Failing after 35s
Details
2025-07-02 14:06:08 -04:00
10 changed files with 155 additions and 27 deletions
Show Stats Expand all files Collapse all files

8
examples/monitoring/src/main.rs
View File

@ -7,7 +7,13 @@ use harmony::{
monitoring::{ monitoring::{
alert_channel::discord_alert_channel::DiscordWebhook, alert_channel::discord_alert_channel::DiscordWebhook,
alert_rule::prometheus_alert_rule::AlertManagerRuleGroup, alert_rule::prometheus_alert_rule::AlertManagerRuleGroup,
kube_prometheus::helm_prometheus_alert_score::HelmPrometheusAlertingScore, kube_prometheus::{
helm_prometheus_alert_score::HelmPrometheusAlertingScore,
types::{
HTTPScheme, MatchExpression, Operator, Selector, ServiceMonitor,
ServiceMonitorEndpoint,
},
},
}, },
prometheus::alerts::{ prometheus::alerts::{
infra::dell_server::{ infra::dell_server::{

32
examples/monitoring_with_tenant/src/main.rs
View File

@ -1,3 +1,5 @@
use std::collections::HashMap;
use harmony::{ use harmony::{
data::Id, data::Id,
inventory::Inventory, inventory::Inventory,
@ -6,7 +8,13 @@ use harmony::{
monitoring::{ monitoring::{
alert_channel::discord_alert_channel::DiscordWebhook, alert_channel::discord_alert_channel::DiscordWebhook,
alert_rule::prometheus_alert_rule::AlertManagerRuleGroup, alert_rule::prometheus_alert_rule::AlertManagerRuleGroup,
kube_prometheus::helm_prometheus_alert_score::HelmPrometheusAlertingScore, kube_prometheus::{
helm_prometheus_alert_score::HelmPrometheusAlertingScore,
types::{
HTTPScheme, MatchExpression, Operator, Selector, ServiceMonitor,
ServiceMonitorEndpoint,
},
},
}, },
prometheus::alerts::k8s::pvc::high_pvc_fill_rate_over_two_days, prometheus::alerts::k8s::pvc::high_pvc_fill_rate_over_two_days,
tenant::TenantScore, tenant::TenantScore,
@ -44,9 +52,31 @@ async fn main() {
let additional_rules = let additional_rules =
AlertManagerRuleGroup::new("pvc-alerts", vec![high_pvc_fill_rate_over_two_days_alert]); AlertManagerRuleGroup::new("pvc-alerts", vec![high_pvc_fill_rate_over_two_days_alert]);
let service_monitor_endpoint = ServiceMonitorEndpoint {
port: Some("80".to_string()),
path: "/metrics".to_string(),
scheme: HTTPScheme::HTTP,
..Default::default()
};
let service_monitor = ServiceMonitor {
name: "test-service-monitor".to_string(),
selector: Selector {
match_labels: HashMap::new(),
match_expressions: vec![MatchExpression {
key: "test".to_string(),
operator: Operator::In,
values: vec!["test-service".to_string()],
}],
},
endpoints: vec![service_monitor_endpoint],
..Default::default()
};
let alerting_score = HelmPrometheusAlertingScore { let alerting_score = HelmPrometheusAlertingScore {
receivers: vec![Box::new(discord_receiver)], receivers: vec![Box::new(discord_receiver)],
rules: vec![Box::new(additional_rules)], rules: vec![Box::new(additional_rules)],
service_monitors: vec![service_monitor],
}; };
let mut maestro = Maestro::<K8sAnywhereTopology>::initialize( let mut maestro = Maestro::<K8sAnywhereTopology>::initialize(
Inventory::autoload(), Inventory::autoload(),

2
harmony/src/domain/topology/installable.rs
View File

@ -4,7 +4,7 @@ use crate::{interpret::InterpretError, inventory::Inventory};
#[async_trait] #[async_trait]
pub trait Installable<T>: Send + Sync { pub trait Installable<T>: Send + Sync {
fn configure(&self, inventory: &Inventory, topology: &T) -> Result<(), InterpretError>; async fn configure(&self, inventory: &Inventory, topology: &T) -> Result<(), InterpretError>;
async fn ensure_installed( async fn ensure_installed(
&self, &self,

19
harmony/src/domain/topology/k8s_anywhere.rs
View File

@ -39,7 +39,6 @@ pub struct K8sAnywhereTopology {
k8s_state: Arc<OnceCell<Option<K8sState>>>, k8s_state: Arc<OnceCell<Option<K8sState>>>,
tenant_manager: Arc<OnceCell<K8sTenantManager>>, tenant_manager: Arc<OnceCell<K8sTenantManager>>,
config: Arc<K8sAnywhereConfig>, config: Arc<K8sAnywhereConfig>,
tenant_manager_config: OnceCell<TenantConfig>,
} }
#[async_trait] #[async_trait]
@ -74,7 +73,6 @@ impl K8sAnywhereTopology {
k8s_state: Arc::new(OnceCell::new()), k8s_state: Arc::new(OnceCell::new()),
tenant_manager: Arc::new(OnceCell::new()), tenant_manager: Arc::new(OnceCell::new()),
config: Arc::new(K8sAnywhereConfig::from_env()), config: Arc::new(K8sAnywhereConfig::from_env()),
tenant_manager_config: OnceCell::new(),
} }
} }
@ -83,7 +81,6 @@ impl K8sAnywhereTopology {
k8s_state: Arc::new(OnceCell::new()), k8s_state: Arc::new(OnceCell::new()),
tenant_manager: Arc::new(OnceCell::new()), tenant_manager: Arc::new(OnceCell::new()),
config: Arc::new(config), config: Arc::new(config),
tenant_manager_config: OnceCell::new(),
} }
} }
@ -199,16 +196,10 @@ impl K8sAnywhereTopology {
let k8s_client = self.k8s_client().await?; let k8s_client = self.k8s_client().await?;
Ok(K8sTenantManager::new(k8s_client)) Ok(K8sTenantManager::new(k8s_client))
}) })
.await .await?;
.unwrap();
Ok(()) Ok(())
} }
async fn store_tenant_config(&self, config: TenantConfig) {
self.tenant_manager_config
.get_or_init(|| async { config })
.await;
}
fn get_k8s_tenant_manager(&self) -> Result<&K8sTenantManager, ExecutorError> { fn get_k8s_tenant_manager(&self) -> Result<&K8sTenantManager, ExecutorError> {
match self.tenant_manager.get() { match self.tenant_manager.get() {
@ -289,13 +280,15 @@ impl HelmCommand for K8sAnywhereTopology {}
#[async_trait] #[async_trait]
impl TenantManager for K8sAnywhereTopology { impl TenantManager for K8sAnywhereTopology {
async fn provision_tenant(&self, config: &TenantConfig) -> Result<(), ExecutorError> { async fn provision_tenant(&self, config: &TenantConfig) -> Result<(), ExecutorError> {
self.store_tenant_config(config.clone()).await;
self.get_k8s_tenant_manager()? self.get_k8s_tenant_manager()?
.provision_tenant(config) .provision_tenant(config)
.await .await
} }
fn get_tenant_config(&self) -> Option<TenantConfig> { async fn get_tenant_config(&self) -> Option<TenantConfig> {
self.tenant_manager_config.get().cloned() self.get_k8s_tenant_manager()
.ok()?
.get_tenant_config()
.await
} }
} }

2
harmony/src/domain/topology/oberservability/monitoring.rs
View File

@ -27,7 +27,7 @@ impl<S: AlertSender + Installable<T>, T: Topology> Interpret<T> for AlertingInte
inventory: &Inventory, inventory: &Inventory,
topology: &T, topology: &T,
) -> Result<Outcome, InterpretError> { ) -> Result<Outcome, InterpretError> {
self.sender.configure(inventory, topology)?; self.sender.configure(inventory, topology).await?;
for receiver in self.receivers.iter() { for receiver in self.receivers.iter() {
receiver.install(&self.sender).await?; receiver.install(&self.sender).await?;
} }

65
harmony/src/domain/topology/tenant/k8s.rs
View File

@ -5,10 +5,9 @@ use crate::{
topology::k8s::{ApplyStrategy, K8sClient}, topology::k8s::{ApplyStrategy, K8sClient},
}; };
use async_trait::async_trait; use async_trait::async_trait;
use derive_new::new;
use k8s_openapi::{ use k8s_openapi::{
api::{ api::{
core::v1::{Namespace, ResourceQuota}, core::v1::{LimitRange, Namespace, ResourceQuota},
networking::v1::{ networking::v1::{
NetworkPolicy, NetworkPolicyEgressRule, NetworkPolicyIngressRule, NetworkPolicyPort, NetworkPolicy, NetworkPolicyEgressRule, NetworkPolicyIngressRule, NetworkPolicyPort,
}, },
@ -19,12 +18,23 @@ use kube::Resource;
use log::{debug, info, warn}; use log::{debug, info, warn};
use serde::de::DeserializeOwned; use serde::de::DeserializeOwned;
use serde_json::json; use serde_json::json;
use tokio::sync::OnceCell;
use super::{TenantConfig, TenantManager}; use super::{TenantConfig, TenantManager};
#[derive(new, Clone, Debug)] #[derive(Clone, Debug)]
pub struct K8sTenantManager { pub struct K8sTenantManager {
k8s_client: Arc<K8sClient>, k8s_client: Arc<K8sClient>,
k8s_tenant_config: Arc<OnceCell<TenantConfig>>,
}
impl K8sTenantManager {
pub fn new(client: Arc<K8sClient>) -> Self {
Self {
k8s_client: client,
k8s_tenant_config: Arc::new(OnceCell::new()),
}
}
} }
impl K8sTenantManager { impl K8sTenantManager {
@ -132,6 +142,43 @@ impl K8sTenantManager {
}) })
} }
fn build_limit_range(&self, config: &TenantConfig) -> Result<LimitRange, ExecutorError> {
let limit_range = json!({
"apiVersion": "v1",
"kind": "LimitRange",
"metadata": {
"name": format!("{}-defaults", config.name),
"labels": {
"harmony.nationtech.io/tenant.id": config.id.to_string(),
"harmony.nationtech.io/tenant.name": config.name,
},
"namespace": self.get_namespace_name(config),
},
"spec": {
"limits": [
{
"type": "Container",
"default": {
"cpu": "500m",
"memory": "500Mi"
},
"defaultRequest": {
"cpu": "100m",
"memory": "100Mi"
},
}
]
}
});
serde_json::from_value(limit_range).map_err(|e| {
ExecutorError::ConfigurationError(format!(
"Could not build TenantManager LimitRange. {}",
e
))
})
}
fn build_network_policy(&self, config: &TenantConfig) -> Result<NetworkPolicy, ExecutorError> { fn build_network_policy(&self, config: &TenantConfig) -> Result<NetworkPolicy, ExecutorError> {
let network_policy = json!({ let network_policy = json!({
"apiVersion": "networking.k8s.io/v1", "apiVersion": "networking.k8s.io/v1",
@ -354,6 +401,9 @@ impl K8sTenantManager {
Ok(network_policy) Ok(network_policy)
} }
fn store_config(&self, config: &TenantConfig) {
let _ = self.k8s_tenant_config.set(config.clone());
}
} }
#[async_trait] #[async_trait]
@ -362,6 +412,7 @@ impl TenantManager for K8sTenantManager {
let namespace = self.build_namespace(config)?; let namespace = self.build_namespace(config)?;
let resource_quota = self.build_resource_quota(config)?; let resource_quota = self.build_resource_quota(config)?;
let network_policy = self.build_network_policy(config)?; let network_policy = self.build_network_policy(config)?;
let resource_limit_range = self.build_limit_range(config)?;
self.ensure_constraints(&namespace)?; self.ensure_constraints(&namespace)?;
@ -371,6 +422,9 @@ impl TenantManager for K8sTenantManager {
debug!("Creating resource_quota for tenant {}", config.name); debug!("Creating resource_quota for tenant {}", config.name);
self.apply_resource(resource_quota, config).await?; self.apply_resource(resource_quota, config).await?;
debug!("Creating limit_range for tenant {}", config.name);
self.apply_resource(resource_limit_range, config).await?;
debug!("Creating network_policy for tenant {}", config.name); debug!("Creating network_policy for tenant {}", config.name);
self.apply_resource(network_policy, config).await?; self.apply_resource(network_policy, config).await?;
@ -378,9 +432,10 @@ impl TenantManager for K8sTenantManager {
"Success provisionning K8s tenant id {} name {}", "Success provisionning K8s tenant id {} name {}",
config.id, config.name config.id, config.name
); );
self.store_config(config);
Ok(()) Ok(())
} }
fn get_tenant_config(&self) -> Option<TenantConfig> { async fn get_tenant_config(&self) -> Option<TenantConfig> {
todo!() self.k8s_tenant_config.get().cloned()
} }
} }

2
harmony/src/domain/topology/tenant/manager.rs
View File

@ -16,5 +16,5 @@ pub trait TenantManager {
/// * `config`: The desired configuration for the new tenant. /// * `config`: The desired configuration for the new tenant.
async fn provision_tenant(&self, config: &TenantConfig) -> Result<(), ExecutorError>; async fn provision_tenant(&self, config: &TenantConfig) -> Result<(), ExecutorError>;
fn get_tenant_config(&self) -> Option<TenantConfig>; async fn get_tenant_config(&self) -> Option<TenantConfig>;
} }

41
harmony/src/modules/application/feature.rs Normal file
View File

@ -0,0 +1,41 @@
use async_trait::async_trait;
use serde::Serialize;
use crate::topology::Topology;
/// An ApplicationFeature provided by harmony, such as Backups, Monitoring, MultisiteAvailability,
/// ContinuousIntegration, ContinuousDelivery
#[async_trait]
pub trait ApplicationFeature<T: Topology>:
std::fmt::Debug + Send + Sync + ApplicationFeatureClone<T>
{
async fn ensure_installed(&self, topology: &T) -> Result<(), String>;
fn name(&self) -> String;
}
trait ApplicationFeatureClone<T: Topology> {
fn clone_box(&self) -> Box<dyn ApplicationFeature<T>>;
}
impl<A, T: Topology> ApplicationFeatureClone<T> for A
where
A: ApplicationFeature<T> + Clone + 'static,
{
fn clone_box(&self) -> Box<dyn ApplicationFeature<T>> {
Box::new(self.clone())
}
}
impl<T: Topology> Serialize for Box<dyn ApplicationFeature<T>> {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: serde::Serializer,
{
todo!()
}
}
impl<T: Topology> Clone for Box<dyn ApplicationFeature<T>> {
fn clone(&self) -> Self {
self.clone_box()
}
}

4
harmony/src/modules/monitoring/kube_prometheus/helm/kube_prometheus_helm_chart.rs
View File

@ -11,7 +11,9 @@ use std::{
use crate::modules::{ use crate::modules::{
helm::chart::HelmChartScore, helm::chart::HelmChartScore,
monitoring::kube_prometheus::types::{ monitoring::kube_prometheus::types::{
AlertGroup, AlertManager, AlertManagerAdditionalPromRules, AlertManagerConfig, AlertManagerRoute, AlertManagerSpec, AlertManagerValues, ConfigReloader, Limits, PrometheusConfig, Requests, Resources AlertGroup, AlertManager, AlertManagerAdditionalPromRules, AlertManagerConfig,
AlertManagerRoute, AlertManagerSpec, AlertManagerValues, ConfigReloader, Limits,
PrometheusConfig, Requests, Resources,
}, },
}; };

7
harmony/src/modules/monitoring/kube_prometheus/prometheus.rs
View File

@ -35,8 +35,8 @@ impl AlertSender for Prometheus {
#[async_trait] #[async_trait]
impl<T: Topology + HelmCommand + TenantManager> Installable<T> for Prometheus { impl<T: Topology + HelmCommand + TenantManager> Installable<T> for Prometheus {
fn configure(&self, _inventory: &Inventory, topology: &T) -> Result<(), InterpretError> { async fn configure(&self, _inventory: &Inventory, topology: &T) -> Result<(), InterpretError> {
self.configure_with_topology(topology); self.configure_with_topology(topology).await;
Ok(()) Ok(())
} }
@ -62,9 +62,10 @@ impl Prometheus {
} }
} }
pub fn configure_with_topology<T: TenantManager>(&self, topology: &T) { pub async fn configure_with_topology<T: TenantManager>(&self, topology: &T) {
let ns = topology let ns = topology
.get_tenant_config() .get_tenant_config()
.await
.map(|cfg| cfg.name.clone()) .map(|cfg| cfg.name.clone())
.unwrap_or_else(|| "monitoring".to_string()); .unwrap_or_else(|| "monitoring".to_string());
error!("This must be refactored, see comments in pr #74"); error!("This must be refactored, see comments in pr #74");