Add graphql schema for service context proj (#2302)

Author: michaeljguarino

assets/src/generated/graphql.ts

@@ -1141,6 +1141,8 @@ export type Cluster = {
   nodeStatistics?: Maybe<Array<Maybe<NodeStatistic>>>;
   /** list cached nodes for a cluster, this can be stale up to 5m */
   nodes?: Maybe<Array<Maybe<Node>>>;
+  /** A pod-level set of utilization metrics exceeding our noisy threshold */
+  noisyNeighbors?: Maybe<UtilizationHeatMap>;
   /** the object store connection bound to this cluster for backup/restore */
   objectStore?: Maybe<ObjectStore>;
   /** a high level description of the setup of common resources in a cluster */
@@ -9156,13 +9158,17 @@ export type ServiceContext = {
   id: Scalars['ID']['output'];
   insertedAt?: Maybe<Scalars['DateTime']['output']>;
   name: Scalars['String']['output'];
+  /** the project this context belongs to */
+  project?: Maybe<Project>;
   secrets?: Maybe<Array<Maybe<ServiceConfiguration>>>;
   updatedAt?: Maybe<Scalars['DateTime']['output']>;
 };
 
 /** A reusable configuration context, useful for plumbing data from external tools like terraform/pulumi/etc */
 export type ServiceContextAttributes = {
   configuration?: InputMaybe<Scalars['Json']['input']>;
+  /** the project this context belongs to */
+  projectId?: InputMaybe<Scalars['ID']['input']>;
   secrets?: InputMaybe<Array<InputMaybe<ConfigAttributes>>>;
 };
 

charts/controller/crds/deployments.plural.sh_servicecontexts.yaml

@@ -53,6 +53,51 @@ spec:
                 description: the name of this service, if not provided ServiceContext's
                   own name from ServiceContext.ObjectMeta will be used.
                 type: string
+              projectRef:
+                description: |-
+                  ProjectRef references project this service context belongs to.
+                  If not provided, it will use the default project.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: |-
+                      If referring to a piece of an object instead of an entire object, this string
+                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within a pod, this would take on a value like:
+                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]" (container with
+                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                      referencing a part of an object.
+                    type: string
+                  kind:
+                    description: |-
+                      Kind of the referent.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                    type: string
+                  name:
+                    description: |-
+                      Name of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                  namespace:
+                    description: |-
+                      Namespace of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                    type: string
+                  resourceVersion:
+                    description: |-
+                      Specific resourceVersion to which this reference is made, if any.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                    type: string
+                  uid:
+                    description: |-
+                      UID of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
             type: object
           status:
             properties:

go/client/models_gen.go

@@ -1,6 +1,7 @@
 package v1alpha1
 
 import (
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -14,6 +15,11 @@ type ServiceContextSpec struct {
 
 	// A reusable configuration context, useful for plumbing data from external tools like terraform, pulumi, etc.
 	Configuration runtime.RawExtension `json:"configuration,omitempty"`
+
+	// ProjectRef references project this service context belongs to.
+	// If not provided, it will use the default project.
+	// +kubebuilder:validation:Optional
+	ProjectRef *v1.ObjectReference `json:"projectRef,omitempty"`
 }
 
 //+kubebuilder:object:root=true
@@ -57,6 +63,18 @@ func (s *ServiceContext) GetName() string {
 	return s.Name
 }
 
+func (p *ServiceContext) ProjectName() string {
+	if p.Spec.ProjectRef == nil {
+		return ""
+	}
+
+	return p.Spec.ProjectRef.Name
+}
+
+func (p *ServiceContext) HasProjectRef() bool {
+	return p.Spec.ProjectRef != nil
+}
+
 func (s *ServiceContext) Diff(hasher Hasher) (changed bool, sha string, err error) {
 	currentSha, err := hasher(s.Spec)
 	if err != nil {

go/controller/api/v1alpha1/servicecontext_types.go

@@ -53,6 +53,51 @@ spec:
                 description: the name of this service, if not provided ServiceContext's
                   own name from ServiceContext.ObjectMeta will be used.
                 type: string
+              projectRef:
+                description: |-
+                  ProjectRef references project this service context belongs to.
+                  If not provided, it will use the default project.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: |-
+                      If referring to a piece of an object instead of an entire object, this string
+                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within a pod, this would take on a value like:
+                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]" (container with
+                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                      referencing a part of an object.
+                    type: string
+                  kind:
+                    description: |-
+                      Kind of the referent.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                    type: string
+                  name:
+                    description: |-
+                      Name of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                  namespace:
+                    description: |-
+                      Namespace of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                    type: string
+                  resourceVersion:
+                    description: |-
+                      Specific resourceVersion to which this reference is made, if any.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                    type: string
+                  uid:
+                    description: |-
+                      UID of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
             type: object
           status:
             properties:

go/controller/api/v1alpha1/zz_generated.deepcopy.go

@@ -92,7 +92,13 @@ func (r *ServiceContextReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		utils.MarkCondition(serviceContext.SetCondition, v1alpha1.SynchronizedConditionType, v1.ConditionFalse, v1alpha1.SynchronizedConditionReasonError, err.Error())
 		return ctrl.Result{}, err
 	}
-	apiServiceContext, err := r.sync(serviceContext)
+
+	project, result, err := GetProject(ctx, r.Client, r.Scheme, serviceContext)
+	if result != nil || err != nil {
+		return handleRequeue(result, err, serviceContext.SetCondition)
+	}
+
+	apiServiceContext, err := r.sync(serviceContext, project)
 	if err != nil {
 		logger.Error(err, "unable to create or update sa")
 		utils.MarkCondition(serviceContext.SetCondition, v1alpha1.SynchronizedConditionType, v1.ConditionFalse, v1alpha1.SynchronizedConditionReasonError, err.Error())
@@ -108,13 +114,17 @@ func (r *ServiceContextReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	return ctrl.Result{}, nil
 }
 
-func (r *ServiceContextReconciler) sync(sc *v1alpha1.ServiceContext) (*console.ServiceContextFragment, error) {
+func (r *ServiceContextReconciler) sync(sc *v1alpha1.ServiceContext, project *v1alpha1.Project) (*console.ServiceContextFragment, error) {
 	attributes := console.ServiceContextAttributes{}
 	attributes.Configuration = lo.ToPtr("{}")
 	if sc.Spec.Configuration.Raw != nil {
 		attributes.Configuration = lo.ToPtr(string(sc.Spec.Configuration.Raw))
 	}
 
+	if project != nil {
+		attributes.ProjectID = project.Status.ID
+	}
+
 	return r.ConsoleClient.SaveServiceContext(sc.GetName(), attributes)
 }
 

go/controller/config/crd/bases/deployments.plural.sh_servicecontexts.yaml

@@ -60,6 +60,13 @@ defmodule Console do
     end
   end
 
+  def vmetrics_creds() do
+    case {Console.conf(:vmetrics_url), Console.conf(:vmetrics_tenant)} do
+      {url, tenant} when is_binary(url) and is_binary(tenant) -> {:ok, url, tenant}
+      _ -> :error
+    end
+  end
+
   def truncate(str, len) when byte_size(str) > len,
     do: "#{String.slice(str, 0, len - 3)}..."
   def truncate(str, _), do: str

go/controller/internal/controller/servicecontext_controller.go

@@ -6,7 +6,7 @@ defmodule Console.Deployments.Init do
   alias Console.Services.Users
   alias Console.Schema.{AccessToken, Cluster, Group, User}
   alias Kube.Utils
-  alias Console.Deployments.{Clusters, Git, Settings, Global}
+  alias Console.Deployments.{Clusters, Git, Settings, Services}
 
   @secret_name "console-auth-token"
 
@@ -56,10 +56,10 @@ defmodule Console.Deployments.Init do
         artifact_repository_id: arepo.id,
         deployer_repository_id: drepo.id,
       })
-      |> maybe_es()
+      |> maybe_observability()
       |> Settings.create()
     end)
-    |> add_operation(:logstash, fn %{artifacts_repo: arepo} -> maybe_setup_logstash(arepo, bot) end)
+    |> add_operation(:context, fn _ -> maybe_setup_context(bot) end)
     |> add_operation(:secret, fn _ -> ensure_secret(Console.cloud?()) end)
     |> execute()
   end
@@ -112,10 +112,11 @@ defmodule Console.Deployments.Init do
     end
   end
 
-  defp maybe_es(attrs) do
+  defp maybe_observability(attrs) do
     with true <- Console.cloud?(),
          inst when is_binary(inst) <- Console.cloud_instance(),
-         {:ok, url, pass} <- Console.es_creds() do
+         {:ok, url, pass} <- Console.es_creds(),
+         {:ok, vurl, vtenant} <- Console.vmetrics_creds() do
         es_creds = %{
           host: url,
           user: "plrl-#{inst}",
@@ -129,30 +130,32 @@ defmodule Console.Deployments.Init do
           driver: :elastic,
           elastic: es_creds
         })
-        |> put_in([:ai, :vector_store], %{enabled: true, vector_store: :elastic, elastic: es_creds})
+        |> Map.put(:prometheus_connection, %{
+          host: "#{vurl}/select/#{vtenant}/prometheus",
+          user: "plrl-#{inst}",
+          password: pass
+        })
+        |> put_in([:ai, :vector_store], %{
+          enabled: true,
+          vector_store: :elastic,
+          elastic: es_creds
+        })
     else
       _ -> attrs
     end
   end
 
-  defp maybe_setup_logstash(repo, bot) do
+  defp maybe_setup_context(bot) do
     with true <- Console.cloud?(),
          inst when is_binary(inst) <- Console.cloud_instance(),
-         {:ok, url, pass} <- Console.es_creds() do
-      Global.create(%{
-        name: "logstash",
-        template: %{
-          name: "logstash",
-          namespace: "elastic",
-          configuration: [
-            %{name: "username", value: "plrl-#{inst}"},
-            %{name: "password", value: pass},
-            %{name: "esUrl", value: url}
-          ],
-          repository_id: repo.id,
-          git: %{ref: "main", folder: "cloud/logstash"}
+         {:ok, url, pass} <- Console.es_creds(),
+         {:ok, vurl, vtenant} <- Console.vmetrics_creds() do
+      Services.save_context(%{
+        configuration: %{
+          elastic: %{url: url, user: "plrl-#{inst}", password: pass},
+          vmetrics: %{url: "#{vurl}/insert/#{vtenant}/prometheus/api/v1/write", user: "plrl-#{inst}", password: pass}
         }
-      }, bot)
+      }, "plrl/cloud/observability", bot)
     else
       _ -> {:ok, %{}}
     end

lib/console.ex

@@ -22,6 +22,8 @@ defmodule Console.Deployments.Observability do
   @cache Console.conf(:cache_adapter)
   @ttl :timer.minutes(30)
 
+  @noisy_threshold 3
+
   require Logger
 
   @type error :: Console.error
@@ -189,6 +191,22 @@ defmodule Console.Deployments.Observability do
 
   def heat_map(_, flavor), do: {:error, "cannot aggregate utilization by #{flavor} for that resource"}
 
+  @doc """
+  Queries memory usage by pod for a given cluster and filters those that don't exceed a significant threshold
+  """
+  @spec noisy_neighbors(Cluster.t) :: {:ok, map} | error
+  def noisy_neighbors(%Cluster{handle: cluster}) do
+    queries(:noisy)
+    |> bulk_query(%{cluster: cluster})
+    |> case do
+      {:ok, %{cpu: %Prometheus.Data{result: cpu} = cpu_res, memory: %Prometheus.Data{result: memory} = mem_res}} ->
+        cpu    = Enum.filter(cpu, & &1.value > @noisy_threshold)
+        memory = Enum.filter(memory, & &1.value > @noisy_threshold)
+        {:ok, %{cpu: %{cpu_res | result: cpu}, memory: %{mem_res | result: memory}}}
+      err -> err
+    end
+  end
+
   @doc """
   Queries opinionated metrics for a set of different, relevant scopes
   """

lib/console/deployments/init.ex

@@ -45,9 +45,16 @@ defmodule Console.Deployments.Observability.Metrics do
     memory: ~s|sum(container_memory_working_set_bytes{cluster="$cluster"$filter,image!="",container!=""$filter}) by (node)|
   ])
 
+  @noisy post_process([
+    cpu: ~s|sum(rate(container_cpu_usage_seconds_total{container!="",cluster="$cluster"}[5m])) / sum(kube_pod_container_resource_requests_cpu_cores{cluster="$cluster") by (pod)|,
+    memory: ~s|sum(container_memory_working_set_bytes{cluster="$cluster",image!="",container!=""}) / sum(kube_pod_container_resource_requests_memory_bytes{cluster="$cluster"}) by (pod)|
+  ])
+
   def queries(:cluster), do: @cluster
   def queries(:node), do: @node
   def queries(:component), do: @component
+  def queries(:noisy), do: @noisy
+
   def queries(:heat, :pod), do: @heat
   def queries(:heat, :namespace), do: @heat_ns
   def queries(:heat, :node), do: @heat_node