diff --git a/applications/nublado/Chart.yaml b/applications/nublado/Chart.yaml index 321000b3dd..65c1c64b07 100644 --- a/applications/nublado/Chart.yaml +++ b/applications/nublado/Chart.yaml @@ -5,7 +5,7 @@ description: JupyterHub and custom spawner for the Rubin Science Platform sources: - https://github.com/lsst-sqre/nublado home: https://nublado.lsst.io/ -appVersion: 8.3.0 +appVersion: 8.4.0 dependencies: - name: jupyterhub diff --git a/applications/nublado/README.md b/applications/nublado/README.md index 1bf658ad5f..878ab436db 100644 --- a/applications/nublado/README.md +++ b/applications/nublado/README.md @@ -74,6 +74,11 @@ JupyterHub and custom spawner for the Rubin Science Platform | controller.config.lab.volumeMounts | list | `[]` | Volumes that should be mounted in lab pods. | | controller.config.lab.volumes | list | `[]` | Volumes that will be in lab pods or init containers. This supports NFS, HostPath, and PVC volume types (differentiated in source.type). | | controller.config.logLevel | string | `"INFO"` | Level of Python logging | +| controller.config.metrics.application | string | `"nublado"` | Name under which to log metrics. Generally there is no reason to change this. | +| controller.config.metrics.enabled | bool | `false` | Whether to enable sending metrics | +| controller.config.metrics.events.topicPrefix | string | `"lsst.square.metrics.events"` | Topic prefix for events. It may sometimes be useful to change this in development environments. | +| controller.config.metrics.schemaManager.registryUrl | string | Sasquatch in the local cluster | URL of the Confluent-compatible schema registry server | +| controller.config.metrics.schemaManager.suffix | string | `""` | Suffix to add to all registered subjects. This is sometimes useful for experimentation during development. | | controller.config.pathPrefix | string | `"/nublado"` | Path prefix that will be routed to the controller | | controller.googleServiceAccount | string | None, must be set when using Google Artifact Registry | If Google Artifact Registry is used as the image source, the Google service account that has an IAM binding to the `nublado-controller` Kubernetes service account and has the Artifact Registry reader role | | controller.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the controller image | @@ -110,7 +115,7 @@ JupyterHub and custom spawner for the Rubin Science Platform | jupyterhub.hub.extraVolumeMounts | list | `hub-config` and the Gafaelfawr token | Additional volume mounts for JupyterHub | | jupyterhub.hub.extraVolumes | list | The `hub-config` `ConfigMap` and the Gafaelfawr token | Additional volumes to make available to JupyterHub | | jupyterhub.hub.image.name | string | `"ghcr.io/lsst-sqre/nublado-jupyterhub"` | Image to use for JupyterHub | -| jupyterhub.hub.image.tag | string | `"8.3.0"` | Tag of image to use for JupyterHub | +| jupyterhub.hub.image.tag | string | `"8.4.0"` | Tag of image to use for JupyterHub | | jupyterhub.hub.loadRoles.server.scopes | list | `["self"]` | Default scopes for the user's lab, overridden to allow the lab to delete itself (which we use for our added menu items) | | jupyterhub.hub.networkPolicy.enabled | bool | `false` | Whether to enable the default `NetworkPolicy` (currently, the upstream one does not work correctly) | | jupyterhub.hub.resources | object | See `values.yaml` | Resource limits and requests | diff --git a/applications/nublado/templates/controller-deployment.yaml b/applications/nublado/templates/controller-deployment.yaml index e232218bac..d108e1e75b 100644 --- a/applications/nublado/templates/controller-deployment.yaml +++ b/applications/nublado/templates/controller-deployment.yaml @@ -38,6 +38,24 @@ spec: env: - name: EXTERNAL_INSTANCE_URL value: {{ .Values.global.baseUrl | quote }} + {{- if .Values.controller.config.metrics.enabled }} + - name: "KAFKA_BOOTSTRAP_SERVERS" + valueFrom: + secretKeyRef: + name: "nublado-kafka" + key: "bootstrapServers" + - name: "KAFKA_SECURITY_PROTOCOL" + valueFrom: + secretKeyRef: + name: "nublado-kafka" + key: "securityProtocol" + - name: "KAFKA_CLIENT_CERT_PATH" + value: "/etc/nublado-kafka/user.crt" + - name: "KAFKA_CLIENT_KEY_PATH" + value: "/etc/nublado-kafka/user.key" + - name: "KAFKA_CLUSTER_CA_PATH" + value: "/etc/nublado-kafka/ca.crt" + {{- end }} {{- if .Values.controller.slackAlerts }} - name: "NUBLADO_SLACK_WEBHOOK" valueFrom: @@ -66,6 +84,20 @@ spec: mountPath: "/etc/secrets" readOnly: true {{- end }} + {{- if .Values.controller.config.metrics.enabled }} + - name: "kafka" + mountPath: "/etc/nublado-kafka/ca.crt" + readOnly: true + subPath: "ssl.truststore.crt" + - name: "kafka" + mountPath: "/etc/nublado-kafka/user.crt" + readOnly: true + subPath: "ssl.keystore.crt" + - name: "kafka" + mountPath: "/etc/nublado-kafka/user.key" + readOnly: true + subPath: "ssl.keystore.key" + {{- end }} - name: "podinfo" mountPath: "/etc/podinfo" {{- with .Values.controller.nodeSelector }} @@ -82,14 +114,19 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: + - name: "config" + configMap: + name: "nublado-controller-config" {{- if eq "docker" .Values.controller.config.images.source.type }} - name: "docker-creds" secret: secretName: "pull-secret" {{- end }} - - name: "config" - configMap: - name: "nublado-controller-config" + {{- if .Values.controller.config.metrics.enabled }} + - name: "kafka" + secret: + secretName: "nublado-kafka" + {{- end }} - name: "podinfo" downwardAPI: items: diff --git a/applications/nublado/templates/kafka-access.yaml b/applications/nublado/templates/kafka-access.yaml new file mode 100644 index 0000000000..f8e9edef30 --- /dev/null +++ b/applications/nublado/templates/kafka-access.yaml @@ -0,0 +1,16 @@ +{{- if .Values.controller.config.metrics.enabled -}} +apiVersion: access.strimzi.io/v1alpha1 +kind: KafkaAccess +metadata: + name: "nublado-kafka" +spec: + kafka: + name: "sasquatch" + namespace: "sasquatch" + listener: "tls" + user: + kind: "KafkaUser" + apiGroup: "kafka.strimzi.io" + name: "app-metrics-nublado" + namespace: "sasquatch" +{{- end }} diff --git a/applications/nublado/values-base.yaml b/applications/nublado/values-base.yaml index 163384cd96..8ee37c5145 100644 --- a/applications/nublado/values-base.yaml +++ b/applications/nublado/values-base.yaml @@ -32,7 +32,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-idfdemo.yaml b/applications/nublado/values-idfdemo.yaml index 0aa7344b2d..0b8cbcde57 100644 --- a/applications/nublado/values-idfdemo.yaml +++ b/applications/nublado/values-idfdemo.yaml @@ -28,7 +28,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-idfdev.yaml b/applications/nublado/values-idfdev.yaml index dbb5dd4a6d..c0756135bb 100644 --- a/applications/nublado/values-idfdev.yaml +++ b/applications/nublado/values-idfdev.yaml @@ -34,7 +34,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" @@ -77,6 +77,8 @@ controller: volumeName: "project" - containerPath: "/scratch" volumeName: "scratch" + metrics: + enabled: true jupyterhub: hub: db: diff --git a/applications/nublado/values-idfint.yaml b/applications/nublado/values-idfint.yaml index d0e2162997..1aaaed8844 100644 --- a/applications/nublado/values-idfint.yaml +++ b/applications/nublado/values-idfint.yaml @@ -44,7 +44,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-idfprod.yaml b/applications/nublado/values-idfprod.yaml index 53b088f5ab..359bf555df 100644 --- a/applications/nublado/values-idfprod.yaml +++ b/applications/nublado/values-idfprod.yaml @@ -23,7 +23,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-roe.yaml b/applications/nublado/values-roe.yaml index 49831122e2..bbfa69193e 100644 --- a/applications/nublado/values-roe.yaml +++ b/applications/nublado/values-roe.yaml @@ -14,7 +14,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-summit.yaml b/applications/nublado/values-summit.yaml index 36de100f9a..ce01066b63 100644 --- a/applications/nublado/values-summit.yaml +++ b/applications/nublado/values-summit.yaml @@ -25,7 +25,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-tucson-teststand.yaml b/applications/nublado/values-tucson-teststand.yaml index 0995a39262..2b8319bbba 100644 --- a/applications/nublado/values-tucson-teststand.yaml +++ b/applications/nublado/values-tucson-teststand.yaml @@ -29,7 +29,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "8.3.0" + tag: "8.4.0" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values.yaml b/applications/nublado/values.yaml index 66b6551d0d..6d85d8639f 100644 --- a/applications/nublado/values.yaml +++ b/applications/nublado/values.yaml @@ -371,6 +371,28 @@ controller: # readOnly: true # volumeName: "project" + metrics: + # -- Whether to enable sending metrics + enabled: false + + # -- Name under which to log metrics. Generally there is no reason to + # change this. + application: "nublado" + + events: + # -- Topic prefix for events. It may sometimes be useful to change this + # in development environments. + topicPrefix: "lsst.square.metrics.events" + + schemaManager: + # -- URL of the Confluent-compatible schema registry server + # @default -- Sasquatch in the local cluster + registryUrl: "http://sasquatch-schema-registry.sasquatch.svc.cluster.local:8081" + + # -- Suffix to add to all registered subjects. This is sometimes useful + # for experimentation during development. + suffix: "" + # JupyterHub configuration handled directly by this chart rather than by Zero # to JupyterHub. hub: @@ -435,7 +457,7 @@ jupyterhub: name: "ghcr.io/lsst-sqre/nublado-jupyterhub" # -- Tag of image to use for JupyterHub - tag: "8.3.0" + tag: "8.4.0" # -- Resource limits and requests # @default -- See `values.yaml` diff --git a/applications/sasquatch/charts/app-metrics/values.yaml b/applications/sasquatch/charts/app-metrics/values.yaml index a25f46bf14..dc1b0b4321 100644 --- a/applications/sasquatch/charts/app-metrics/values.yaml +++ b/applications/sasquatch/charts/app-metrics/values.yaml @@ -20,6 +20,9 @@ globalAppConfig: - "username" - "notebook" - "repo" + nublado: + influxTags: + - "username" wobbly: influxTags: - "service" diff --git a/applications/sasquatch/values-idfdev.yaml b/applications/sasquatch/values-idfdev.yaml index 360d5744f1..e447c4a607 100644 --- a/applications/sasquatch/values-idfdev.yaml +++ b/applications/sasquatch/values-idfdev.yaml @@ -159,6 +159,7 @@ app-metrics: apps: - gafaelfawr - mobu + - nublado - wobbly backup: