Merge pull request #43 from defenseunicorns/prometheus-integration

CODEOWNERS

@@ -1 +1,2 @@
-* @defenseunicorns/uds
+# This repository is owned by the Defense Unicorns UDS-Marketplace Team
+/* @defenseunicorns/uds-marketplace

chart/templates/uds-package.yaml

@@ -6,11 +6,20 @@ metadata:
 spec:
   {{- if .Values.sso.enabled }}
   sso:
-    - name: Jenkins SSO
+    - name: Jenkins Login
       clientId: uds-package-jenkins
       redirectUris:
         - "https://jenkins.{{ .Values.domain }}/securityRealm/finishLogin"
   {{- end }}
+
+  monitor:
+    - selector:
+        app.kubernetes.io/name: jenkins
+      targetPort: 8080
+      portName: http
+      path: /prometheus/
+      description: Metrics
+
   network:
     expose:
       - service: jenkins
@@ -22,18 +31,39 @@ spec:
     allow:
       - direction: Ingress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
         podLabels:
           app.kubernetes.io/name: jenkins
         port: 443
         description: "Jenkins-plugins & SSO"
+
       - direction: Egress
         podLabels:
           jenkins/label: jenkins-jenkins-agent
         port: 443
         description: "Jenkins-jobs phone home"
+
       - direction: Egress
-        # todo: this is over permissive, need to scope it down
+        podLabels:
+          app.kubernetes.io/name: jenkins
         remoteGenerated: KubeAPI
+
+      # Custom rules for unanticipated scenarios
+      {{- range .Values.customNetworkPolicies }}
+      - direction: {{ .direction }}
+        selector:
+          {{ .selector | toYaml | nindent 10 }}
+        {{- if not .remoteGenerated }}
+        remoteNamespace: {{ .remoteNamespace }}
+        remoteSelector:
+          {{ .remoteSelector | toYaml | nindent 10 }}
+        port: {{ .port }}
+        {{- else }}
+        remoteGenerated: {{ .remoteGenerated }}
+        {{- end }}
+        description: {{ .description }}
+      {{- end }}

chart/values.yaml

@@ -1,3 +1,21 @@
 domain: "###ZARF_VAR_DOMAIN###"
+
 sso:
   enabled: true
+
+# customNetworkPolicies:
+#    # Notice no `remoteGenerated` field here on custom internal rule
+#   - direction: Ingress
+#     selector:
+#       app: jenkins
+#     remoteNamespace: jenkins
+#     remoteSelector:
+#       app: jenkins
+#     port: 8180
+#     description: "Ingress from Jenkins"
+#   # No `remoteNamespace`, `remoteSelector`, or `port` fields on rule to `remoteGenerated`
+#   - direction: Egress
+#     selector:
+#       app: webservice
+#     remoteGenerated: Anywhere
+#     description: "Egress from Mattermost"

tasks.yaml

@@ -15,6 +15,13 @@ tasks:
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
 
+  - name: default-full
+    description: Create K3D Cluster with UDS-Core + Jenkins
+    actions:
+      - task: create-test-bundle
+      - task: setup:k3d-full-cluster
+      - task: deploy:test-bundle
+
   - name: create-package
     description: Create UDS Jenkins Package
     actions:

values/common.yaml

@@ -21,6 +21,8 @@ controller:
     - git:5.2.2
     - configuration-as-code:1810.v9b_c30a_249a_4c
     - oic-auth:4.269.va_7526f34f306
+    - prometheus:773.v3b_62d8178eec
+    - cloudbees-disk-usage-simple:203.v3f46a_7462b_1a_
   overwritePlugins: true
   JCasC:
     defaultConfig: true