grafana: convert to kustomize based deployment

github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml

@@ -628,8 +628,7 @@ postsubmits:
         securityContext:
           runAsUser: 0
         containers:
-        - image: quay.io/kubevirtci/bootstrap:v20241213-57bd934
-          command:
+        - command:
             - "/usr/local/bin/runner.sh"
             - "/bin/bash"
             - "-c"
@@ -641,13 +640,20 @@ postsubmits:
               source ./hack/manage-secrets.sh
               decrypt_secrets
               extract_secret 'kubeconfig' ~/.kube/config
-              extract_secret 'grafanaUser' github/ci/services/grafana/secrets/kubevirt-prow-control-plane/grafana/admin-user
-              extract_secret 'grafanaPassword' github/ci/services/grafana/secrets/kubevirt-prow-control-plane/grafana/admin-password
-              extract_secret 'grafanaPromToken' github/ci/services/grafana/secrets/kubevirt-prow-control-plane/grafana/prom_bearer_token
-              extract_secret 'grafanaClientID' github/ci/services/grafana/secrets/kubevirt-prow-control-plane/grafana/client-id
-              extract_secret 'grafanaClientSecret' github/ci/services/grafana/secrets/kubevirt-prow-control-plane/grafana/client-secret
 
-              ./github/ci/services/grafana/hack/deploy.sh kubevirt-prow-control-plane
+              environment='kubevirt-prow-control-plane'
+              overlaySecretsDirectory="github/ci/services/grafana/deploy/overlays/kubevirt-prow-control-plane/secrets/grafana"
+              extract_secret 'grafanaUser' "${overlaySecretsDirectory}/admin-user"
+              extract_secret 'grafanaPassword' "${overlaySecretsDirectory}/admin-password"
+              extract_secret 'grafanaPromToken' "${overlaySecretsDirectory}/prom_bearer_token"
+              extract_secret 'grafanaClientID' "${overlaySecretsDirectory}/client-id"
+              extract_secret 'grafanaClientSecret' "${overlaySecretsDirectory}/client-secret"
+
+              ./github/ci/services/grafana/hack/deploy.sh "${environment}"
+          env:
+          - name: GIMME_GO_VERSION
+            value: "1.21.6"
+          image: quay.io/kubevirtci/golang:v20241213-57bd934
           resources:
             requests:
               memory: "8Gi"

github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-presubmits.yaml

@@ -572,22 +572,32 @@ presubmits:
       base_ref: main
     spec:
       containers:
-        - image: quay.io/kubevirtci/bootstrap:v20241213-57bd934
-          command:
+        - command:
             - "/usr/local/bin/runner.sh"
             - "/bin/bash"
-            - "-c"
+            - "-ce"
             - |
-              dnf install -y helm 
+              # install kind
+              curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64
+              chmod +x ./kind && mv ./kind /usr/local/bin/kind
+
+              # create test cluster
+              kind create cluster --image quay.io/kubevirtci/kindest-node:v1.30.0
+              kubectl cluster-info --context kind-kind
+
               ./github/ci/services/grafana/hack/test.sh
-          securityContext:
-            privileged: true
-            runAsUser: 0
+          env:
+          - name: GIMME_GO_VERSION
+            value: "1.21.6"
+          image: quay.io/kubevirtci/golang:v20241213-57bd934
           resources:
             requests:
               memory: "29Gi"
             limits:
               memory: "29Gi"
+          securityContext:
+            privileged: true
+            runAsUser: 0
   - name: pull-project-infra-check-testgrid-config
     run_if_changed: '^github/ci/prow-deploy/files/jobs/.*$|^github/ci/testgrid/gen-config\.yaml$|^github/ci/testgrid/default\.yaml$'
     decorate: true

github/ci/services/common/k8s/pkg/check/check.go

@@ -4,16 +4,14 @@ import (
 	"bufio"
 	"context"
 	"fmt"
-	"net/http"
-	"strings"
-
 	. "github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
-
 	"kubevirt.io/project-infra/github/ci/services/common/k8s/pkg/client"
 	"kubevirt.io/project-infra/github/ci/services/common/k8s/pkg/portforwarder"
 	"kubevirt.io/project-infra/github/ci/services/common/k8s/pkg/wait"
+	"net/http"
+	"strings"
 )
 
 var (

github/ci/services/common/k8s/pkg/wait/wait.go

@@ -2,7 +2,6 @@ package wait
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"log"
 	"net"
@@ -184,7 +183,7 @@ func ForPortOpen(host, port string) error {
 	for {
 		select {
 		case <-timeout:
-			return errors.New(fmt.Sprintf("Port %s was not open in time", port))
+			return fmt.Errorf("port %s was not open in time", port)
 		case <-tick:
 			conn, err := net.DialTimeout("tcp", net.JoinHostPort(host, port), time.Second)
 			if err != nil {

github/ci/services/grafana/deploy/README.md

@@ -0,0 +1,5 @@
+# grafana deployment directory
+
+This directory holds the actual definition of the grafana instance.
+
+i.e. here go Grafana, Datasource and Dashboards.  

github/ci/services/grafana/manifests/grafana.yaml → github/ci/services/grafana/deploy/base/grafana.yaml

@@ -6,7 +6,7 @@ metadata:
     dashboards: grafana
     folders: grafana
   name: grafana
-  namespace: monitoring
+  namespace: default
 spec:
   config:
     auth:
@@ -54,7 +54,7 @@ kind: GrafanaDatasource
 metadata:
   annotations: {}
   name: prometheus-grafanadatasource
-  namespace: monitoring
+  namespace: default
 spec:
   valuesFrom:
     - targetPath: "secureJsonData.httpHeaderValue1"
@@ -86,7 +86,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: grafana-dashboards-default
-  namespace: monitoring
+  namespace: default
   labels:
     dashboard-provider: default
   annotations:

github/ci/services/grafana/deploy/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- grafana.yaml

github/ci/services/grafana/deploy/overlays/kubevirt-prow-control-plane/kustomization.yaml

@@ -0,0 +1,17 @@
+namespace: monitoring
+
+resources:
+- ../../base
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+- name: grafana
+  namespace: monitoring
+  files:
+  - ./secrets/grafana/admin-password
+  - ./secrets/grafana/admin-user
+  - ./secrets/grafana/client-id
+  - ./secrets/grafana/client-secret
+  - ./secrets/grafana/prom_bearer_token

github/ci/services/grafana/deploy/overlays/testing/kustomization.yaml

@@ -0,0 +1,17 @@
+namespace: monitoring
+
+resources:
+- ../../base
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+- name: grafana
+  namespace: monitoring
+  files:
+  - ./secrets/grafana/admin-password
+  - ./secrets/grafana/admin-user
+  - ./secrets/grafana/client-id
+  - ./secrets/grafana/client-secret
+  - ./secrets/grafana/prom_bearer_token

github/ci/services/grafana/e2e/e2e_test.go

@@ -19,10 +19,7 @@ func TestPrometheusStackDeployment(t *testing.T) {
 }
 
 var _ = Describe("grafana deployment", func() {
-	DescribeTable("should deploy HTTP services",
-		func(svcPort, labelSelector, expectedContent, urlPath string) {
-			check.HTTPService(testNamespace, svcPort, labelSelector, expectedContent, urlPath)
-		},
-		Entry("grafana service", "3000", "app=grafana", "<title>Grafana</title>", ""),
-	)
+	It("should deploy HTTP services", func() {
+		check.HTTPService(testNamespace, "3000", "app=grafana", "<title>Grafana</title>", "")
+	})
 })

github/ci/services/grafana/hack/deploy.sh

@@ -1,20 +1,64 @@
-#!/bin/bash
+#!/usr/bin/env bash
+#
+# This file is part of the KubeVirt project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Copyright the KubeVirt Authors.
+#
+#
 
-set -eo pipefail
+set -e
+set -u
+set -o pipefail
 
-main() {
-	local environment=${1}
+set -x
 
-	bazelisk run //github/ci/services/grafana:$environment.apply
 
-	bazelisk run //github/ci/services/common/k8s/cmd/wait -- -namespace monitoring -selector grafana-deployment -kind deployment
-
-	kubectl wait --timeout 60s --for=jsonpath='{.status.stage}'=complete -n monitoring grafana grafana
-
-	if [ "$environment" != "testing" ]; then
-		kubectl apply -n monitoring -f ./github/ci/services/grafana/manifests/ingress.yaml
-	fi
+WORK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+BASE_DIR="$(cd "${WORK_DIR}/../deploy" && pwd)"
 
+function usage {
+    cat <<EOF
+usage: $0 [-d] <environment>
+EOF
 }
 
-main "${@}"
+dry_run=false
+while getopts "d" opt; do
+    case "${opt}" in
+        d )
+            dry_run="true"
+            shift
+            ;;
+        \? )
+            usage
+            exit 1
+            ;;
+    esac
+done
+
+environment="${1}"
+[ -d "${BASE_DIR}/overlays/${environment}" ] || exit 1
+
+cd "${BASE_DIR}"
+
+if [ "$dry_run" = "true" ]; then
+    kubectl kustomize "./overlays/${environment}"
+    exit 0
+fi
+
+kubectl apply -k "./overlays/${environment}"
+
+kubectl wait --timeout 60s --for=jsonpath='{.status.stage}'=complete -n monitoring grafana grafana
+kubectl rollout status -w deployment grafana-deployment -n monitoring

github/ci/services/grafana/hack/download-grafana-manifests.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+#
+# This file is part of the KubeVirt project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Copyright the KubeVirt Authors.
+#
+#
+# see https://grafana.github.io/grafana-operator/docs/installation/kustomize/
+
+GRAFANA_OPERATOR_VERSION="${GRAFANA_OPERATOR_VERSION:-v5.4.1}"
+GRAFANA_KUSTOMIZE_DIR="/tmp/grafana-operator"
+
+mkdir -p "${GRAFANA_KUSTOMIZE_DIR}"
+flux pull artifact "oci://ghcr.io/grafana/kustomize/grafana-operator:${GRAFANA_OPERATOR_VERSION}" --output "${GRAFANA_KUSTOMIZE_DIR}"
+

github/ci/services/grafana/hack/install.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+#
+# This file is part of the KubeVirt project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Copyright the KubeVirt Authors.
+#
+#
+
+set -e
+set -u
+set -o pipefail
+
+set -x
+
+
+WORK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+BASE_DIR="$(cd "${WORK_DIR}/.." && pwd)"
+KUSTOMIZE_DIR="$(cd "${WORK_DIR}/../install" && pwd)"
+
+function usage {
+    cat <<EOF
+usage: $0 [-d] <environment>
+EOF
+}
+
+dry_run=false
+while getopts "d" opt; do
+    case "${opt}" in
+        d )
+            dry_run="true"
+            shift
+            ;;
+        \? )
+            usage
+            exit 1
+            ;;
+    esac
+done
+
+environment="${1}"
+[ -d "${KUSTOMIZE_DIR}/overlays/${environment}" ] || exit 1
+
+cd "${KUSTOMIZE_DIR}"
+
+if [ "$dry_run" = "true" ]; then
+    kubectl kustomize "./overlays/${environment}"
+    exit 0
+fi
+
+kubectl create -k "./overlays/${environment}"
+
+kubectl rollout status -w deployment grafana-operator-controller-manager -n monitoring