workloadmonitor (#563)

- upd redis
- update kubernetes app to use workloadmonitors
- upd kubernetes
- fix version


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Added `WorkloadMonitor` resources for various components including
Kubernetes clusters, Redis, Sentinel, and SeaweedFS.
- Introduced monitoring capabilities for `alerta`, `alertmanager`,
`grafana`, and `vlogs` services.
- Enhanced RBAC configurations to support new monitoring resources
across multiple API groups.

- **Improvements**
	- Updated metadata and labeling for virtual machine templates.
	- Added dynamic resource naming based on release and group names.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

packages/apps/kubernetes/templates/cluster.yaml

@@ -29,6 +29,7 @@ spec:
             {{- range .group.roles }}
             node-role.kubernetes.io/{{ . }}: ""
             {{- end }}
+            cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ .groupName }}
         spec:
           domain:
             {{- if and .group.resources .group.resources.cpu }}
@@ -126,6 +127,21 @@ spec:
   replicas: 2
   version: 1.30.1
 ---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: kubernetes
+  type: control-plane
+  selector:
+    kamaji.clastix.io/component: deployment
+    kamaji.clastix.io/name: {{ .Release.Name }}
+  version: {{ $.Chart.Version }}
+---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtCluster
 metadata:
@@ -172,6 +188,7 @@ spec:
 ---
 {{- $context := deepCopy $ }}
 {{- $_ := set $context "group" $group }}
+{{- $_ := set $context "groupName" $groupName }}
 {{- $kubevirtmachinetemplate := include "kubevirtmachinetemplate" $context }}
 {{- $kubevirtmachinetemplateHash := $kubevirtmachinetemplate | sha256sum | trunc 6 }}
 {{- $kubevirtmachinetemplateName := printf "%s-%s-%s" $.Release.Name $groupName $kubevirtmachinetemplateHash }}
@@ -255,6 +272,21 @@ spec:
   - type: Ready
     status: "False"
     timeout: 300s
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-{{ $groupName }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  minReplicas: {{ $group.minReplicas }}
+  kind: kubernetes
+  type: worker
+  selector:
+    cluster.x-k8s.io/cluster-name: {{ $.Release.Name }}
+    cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ $groupName }}
+    cluster.x-k8s.io/role: worker
+  version: {{ $.Chart.Version }}
 {{- end }}
 ---
 {{- /*

packages/apps/kubernetes/templates/dashboard-resourcemap.yaml

@@ -24,3 +24,13 @@ rules:
   resourceNames:
   - {{ .Release.Name }}
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  {{- range $groupName, $group := .Values.nodeGroups }}
+  - {{ $.Release.Name }}-{{ $groupName }}
+  {{- end }}
+  verbs: ["get", "list", "watch"]

packages/apps/postgres/templates/dashboard-resourcemap.yaml

@@ -19,3 +19,10 @@ rules:
   resourceNames:
   - {{ .Release.Name }}-credentials
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/postgres/templates/db.yaml

@@ -29,3 +29,17 @@ spec:
   inheritedMetadata:
     labels:
       policy.cozystack.io/allow-to-apiserver: "true"
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: postgres
+  type: postgres
+  selector:
+    cnpg.io/cluster: {{ .Release.Name }}
+    cnpg.io/podRole: instance
+  version: {{ $.Chart.Version }}

packages/apps/redis/templates/dashboard-resourcemap.yaml

@@ -20,3 +20,11 @@ rules:
   resourceNames:
   - "{{ .Release.Name }}-auth"
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}-redis
+  - {{ .Release.Name }}-sentinel
+  verbs: ["get", "list", "watch"]

packages/apps/redis/templates/redisfailover.yaml

@@ -73,3 +73,34 @@ spec:
   auth:
     secretPath: {{ .Release.Name }}-auth
   {{- end }}
+
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-redis
+  namespace: {{ $.Release.Namespace }}
+spec:
+  minReplicas: 1
+  replicas: {{ .Values.replicas }}
+  kind: redis
+  type: redis
+  selector:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+  version: {{ $.Chart.Version }}
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-sentinel
+  namespace: {{ $.Release.Namespace }}
+spec:
+  minReplicas: 2
+  replicas: 3
+  kind: redis
+  type: sentinel
+  selector:
+    app.kubernetes.io/component: sentinel
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+  version: {{ $.Chart.Version }}

packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: 1
+  minReplicas: 1
+  kind: virtual-machine
+  type: virtual-machine
+  selector:
+    vm.kubevirt.io/name: {{ .Release.Name }}
+  version: {{ $.Chart.Version }}

packages/apps/vm-instance/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  replicas: 1
+  minReplicas: 1
+  kind: virtual-machine
+  type: virtual-machine
+  selector:
+    vm.kubevirt.io/name: {{ $.Release.Name }}
+  version: {{ $.Chart.Version }}

packages/extra/etcd/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - etcd
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -193,3 +193,19 @@ spec:
   issuerRef:
     name: etcd-issuer
     kind: Issuer
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: {{ div .Values.replicas 2 | add1 }}
+  kind: etcd
+  type: etcd
+  selector:
+    app.kubernetes.io/instance: etcd
+    app.kubernetes.io/managed-by: etcd-operator
+    app.kubernetes.io/name: etcd
+  version: {{ $.Chart.Version }}

packages/extra/ingress/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ trimPrefix "tenant-" .Release.Namespace }}-ingress-controller
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/extra/ingress/templates/workloadmonitor.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: {{ div .Values.replicas 2 | add1 }}
+  kind: ingress
+  type: controller
+  selector:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx-system
+    app.kubernetes.io/name: ingress-nginx
+  version: {{ $.Chart.Version }}

packages/extra/monitoring/templates/alerta/alerta-db.yaml

@@ -14,3 +14,17 @@ spec:
   inheritedMetadata:
     labels:
       policy.cozystack.io/allow-to-apiserver: "true"
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: alerta-db
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: monitoring
+  type: postgres
+  selector:
+    cnpg.io/cluster: alerta-db
+    cnpg.io/podRole: instance
+  version: {{ $.Chart.Version }}

packages/extra/monitoring/templates/alerta/alerta.yaml

@@ -170,6 +170,20 @@ spec:
                 port:
                   name: http
 ---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: alerta
+spec:
+  replicas: 1
+  minReplicas: 1
+  kind: monitoring
+  type: alerta
+  selector:
+    app: alerta
+    release: alerta
+  version: {{ $.Chart.Version }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -217,3 +231,17 @@ spec:
   podMetadata:
     labels:
       policy.cozystack.io/allow-to-apiserver: "true"
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: alertmanager
+spec:
+  replicas: 3
+  minReplicas: 2
+  kind: monitoring
+  type: alertmanager
+  selector:
+    app.kubernetes.io/instance: alertmanager
+    app.kubernetes.io/name: vmalertmanager
+  version: {{ $.Chart.Version }}

packages/extra/monitoring/templates/dashboard-resourcemap.yaml

@@ -26,3 +26,28 @@ rules:
   - grafana-service
   - alerta
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - alerta
+  - grafana
+  - grafana-db
+  - alerta-db
+  - alermanager
+  {{- range .Values.metricsStorages }}
+  - {{ .name }}-vmstorage
+  - {{ .name }}-vmselect
+  - {{ .name }}-vminsert
+  {{- end }}
+  {{- range .Values.logsStorages }}
+  - {{ $.Release.Name }}-vlogs-{{ .name }}
+  {{- end }}
+  {{- range .Values.metricsStorages }}
+  - vmalert-{{ .name }}
+  {{- break }}
+  {{- end }}
+  verbs: ["get", "list", "watch"]
+
+

packages/extra/monitoring/templates/grafana/db.yaml

@@ -10,3 +10,17 @@ spec:
   inheritedMetadata:
     labels:
       policy.cozystack.io/allow-to-apiserver: "true"
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: grafana-db
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: monitoring
+  type: postgres
+  selector:
+    cnpg.io/cluster: grafana-db
+    cnpg.io/podRole: instance
+  version: {{ $.Chart.Version }}

packages/extra/monitoring/templates/grafana/grafana.yaml

@@ -114,3 +114,16 @@ spec:
       - hosts:
         - "{{ printf "grafana.%s" (.Values.host | default $host) }}"
         secretName: grafana-ingress-tls
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: grafana
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: monitoring
+  type: grafana
+  selector:
+    app: grafana
+  version: {{ $.Chart.Version }}

packages/extra/monitoring/templates/vlogs/vlogs.yaml

@@ -12,4 +12,19 @@ spec:
     accessModes: [ReadWriteOnce]
   retentionPeriod: "{{ .retentionPeriod }}"
   removePvcAfterDelete: true
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: vlogs-{{ .name }}
+spec:
+  replicas: 1
+  minReplicas: 1
+  kind: monitoring
+  type: vlogs
+  selector:
+    app.kubernetes.io/component: monitoring
+    app.kubernetes.io/instance: {{ .name }}
+    app.kubernetes.io/name: vlogs
+  version: {{ $.Chart.Version }}
 {{- end }}

packages/extra/monitoring/templates/vm/vmalert.yaml

@@ -18,5 +18,19 @@ spec:
     url: http://vminsert-{{ .name }}.{{ $.Release.Namespace }}.svc:8480/insert/0/prometheus/api/v1/write
   resources: {}
   selectAllByDefault: true
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: vmalert-{{ .name }}
+spec:
+  replicas: 1
+  minReplicas: 1
+  kind: monitoring
+  type: vmalert
+  selector:
+    app.kubernetes.io/instance: vmalert-{{ .name }}
+    app.kubernetes.io/name: vmalert
+  version: {{ $.Chart.Version }}
 {{- break }}
 {{- end }}

packages/extra/monitoring/templates/vm/vmcluster.yaml

@@ -67,4 +67,49 @@ spec:
             requests:
               storage: {{ .storage }}
     storageDataPath: /vm-data
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ .name }}-vmstorage
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: monitoring
+  type: vmstorage
+  selector:
+    app.kubernetes.io/component: monitoring
+    app.kubernetes.io/instance: {{ .name }}
+    app.kubernetes.io/name: vmstorage
+  version: {{ $.Chart.Version }}
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ .name }}-vmselect
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: monitoring
+  type: vmselect
+  selector:
+    app.kubernetes.io/component: monitoring
+    app.kubernetes.io/instance: {{ .name }}
+    app.kubernetes.io/name: vmselect
+  version: {{ $.Chart.Version }}
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ .name }}-vminsert
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: monitoring
+  type: vminsert
+  selector:
+    app.kubernetes.io/component: monitoring
+    app.kubernetes.io/instance: {{ .name }}
+    app.kubernetes.io/name: vminsert
+  version: {{ $.Chart.Version }}
 {{- end }}

packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ $.Release.Name }}-s3
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  resourceNames:
+  - ingress-{{ $.Release.Name }}-s3
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ $.Release.Name }}-master
+  - {{ $.Release.Name }}-filer
+  - {{ $.Release.Name }}-volume
+  - {{ $.Release.Name }}-db
+  verbs: ["get", "list", "watch"]

packages/extra/seaweedfs/templates/seaweedfs.yaml

@@ -60,3 +60,59 @@ spec:
       cosi:
         driverName: "{{ .Release.Namespace }}.seaweedfs.objectstorage.k8s.io"
         bucketClassName: "{{ .Release.Namespace }}"
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-master
+spec:
+  replicas: 3
+  minReplicas: 2
+  kind: seaweedfs
+  type: master
+  selector:
+    app.kubernetes.io/component: master
+    app.kubernetes.io/name: seaweedfs
+  version: {{ $.Chart.Version }}
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-filer
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: seaweedfs
+  type: filer
+  selector:
+    app.kubernetes.io/component: filer
+    app.kubernetes.io/name: seaweedfs
+  version: {{ $.Chart.Version }}
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-volume
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: {{ div .Values.replicas 2 | add1 }}
+  kind: seaweedfs
+  type: volume
+  selector:
+    app.kubernetes.io/component: volume
+    app.kubernetes.io/name: seaweedfs
+  version: {{ $.Chart.Version }}
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-db
+spec:
+  replicas: 2
+  minReplicas: 1
+  kind: seaweedfs
+  type: postgres
+  selector:
+    cnpg.io/cluster: seaweedfs-db
+    cnpg.io/podRole: instance
+  version: {{ $.Chart.Version }}