feat: Split Sentry configuration for individual services (#355)

cristiangauma · web-flow · commit cabfd43601c1 · 2023-09-21T21:21:51.000+02:00
* feat: Split Sentry configuration per service - bump chart version to 1.16.1

---------

Signed-off-by: Cristian Gauxachs Marin &lt;cristian@gauxachs.com&gt;
diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml
@@ -4,7 +4,7 @@ description: Chainloop is an open source software supply chain control plane, a
 
 type: application
 # Bump the patch (not minor, not major) version on each change in the Chart Source code
-version: 1.16.0
+version: 1.16.1
 # Do not update appVersion, this is handled automatically by the release process
 appVersion: v0.18.0
 
diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md
diff --git a/deployment/chainloop/templates/_helpers.tpl b/deployment/chainloop/templates/_helpers.tpl
@@ -274,6 +274,13 @@ null
 {{- end -}}
 {{- end -}}
 
+{{- define "chainloop.sentry" -}}
+observability:
+  sentry:
+    dsn: {{ required "Sentry DSN required" .dsn | quote }}
+    environment: {{ required "Sentry environment required" .environment | quote }}
+{{- end -}}
+
 {{/*
 ##############################################################################
 sql-proxy helpers
diff --git a/deployment/chainloop/templates/cas/config.secret.yaml b/deployment/chainloop/templates/cas/config.secret.yaml
@@ -6,12 +6,9 @@ metadata:
     {{- include "chainloop.cas.labels" . | nindent 4 }}
 type: Opaque
 stringData:
-  {{- if and .Values.sentry .Values.sentry.enabled }}
+  {{- if and .Values.cas.sentry .Values.cas.sentry.enabled }}
   config.observability.yaml: |
-    observability:
-      sentry:
-        dsn: {{ required "Sentry DSN required" .Values.sentry.dsn | quote }}
-        environment: {{ required "Sentry environment required" .Values.sentry.environment | quote }}
+    {{- include "chainloop.sentry" .Values.cas.sentry | nindent 4 }}
   {{- end }}
   config.secret.yaml: |
     credentials_service: {{- include "chainloop.credentials_service_settings" . | indent 6 }}
diff --git a/deployment/chainloop/templates/controlplane/config.secret.yaml b/deployment/chainloop/templates/controlplane/config.secret.yaml
@@ -11,11 +11,11 @@ data:
   generated_jws_hmac_secret: {{ $hmacpass }}
 stringData:
   {{- if and .Values.sentry .Values.sentry.enabled }}
+    {{- fail "configuring sentry at the top level is no longer supported. Add the configuration to the controlplane section in the values.yaml file" }}
+  {{- end -}}
+  {{- if and .Values.controlplane.sentry .Values.controlplane.sentry.enabled }}
   config.observability.yaml: |
-    observability:
-      sentry:
-        dsn: {{ required "Sentry DSN required" .Values.sentry.dsn | quote }}
-        environment: {{ required "Sentry environment required" .Values.sentry.environment | quote }}
+    {{- include "chainloop.sentry" .Values.controlplane.sentry | nindent 4 }}
   {{- end }}
   config.secret.yaml: |
     data:
diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml
@@ -17,20 +17,12 @@ development: false
 GKEMonitoring:
   enabled: false
 
-## @param sentry.enabled Enable sentry.io alerting
-## @param sentry.dsn DSN endpoint https://docs.sentry.io/product/sentry-basics/dsn-explainer/
-## @param sentry.environment Environment tag
-sentry:
-  enabled: false
-  dsn: ""
-  environment: production
-
 ## @section Secrets Backend
 ##
 
 ## Location where to store sensitive data. If development.true? and no overrides provided, the setup will connect to a development instance of Vault
 secretsBackend:
-  ## @param secretsBackend.backend Secrets backend type ("vault", "awsSecretManager" or "gcpSecretManager") 
+  ## @param secretsBackend.backend Secrets backend type ("vault", "awsSecretManager" or "gcpSecretManager")
   ##
   backend: "vault" # "awsSecretManager"
   ## @param secretsBackend.secretPrefix Prefix that will be pre-pended to all secrets in the storage backend
@@ -90,7 +82,7 @@ casJWTPublicKey: ""
 
 ## @section Control Plane
 ###################################
-##          CONTROL PLANE         #    
+##          CONTROL PLANE         #
 ###################################
 controlplane:
   ## @param controlplane.replicaCount Number of replicas
@@ -103,7 +95,7 @@ controlplane:
     # Overrides the image tag whose default is the chart appVersion.
     # tag: latest
 
-  ## @param controlplane.secret.name name of a secret containing TLS certificate to be used by the controlplane grpc server.
+  ## @param controlplane.tlsConfig.secret.name name of a secret containing TLS certificate to be used by the controlplane grpc server.
   tlsConfig:
     secret:
       # the secret must contains 2 keys: tls.crt and tls.key respectively containing the certificate and private key.
@@ -151,7 +143,7 @@ controlplane:
   sqlProxy:
     ## @param controlplane.sqlProxy.enabled Enable sidecar to connect to DB via Google Cloud SQL proxy
     enabled: false
-    ## @param controlplane.sqlProxy.connectionName Google Cloud SQL connection name 
+    ## @param controlplane.sqlProxy.connectionName Google Cloud SQL connection name
     connectionName: ""
     ## @param controlplane.sqlProxy.resources Sidecar container resources
     resources: {}
@@ -169,7 +161,7 @@ controlplane:
       url: ""
       clientID: ""
       clientSecret: ""
- 
+
   ## @section Control Plane Networking
   service:
     ## @param controlplane.service.type Service type
@@ -181,7 +173,8 @@ controlplane:
     ## @extra controlplane.service.nodePorts.http Node port for HTTP. NOTE: choose port between <30000-32767>
     # nodePorts:
     #   http: "30800"
-    annotations: {}
+    annotations:
+      {}
       ## @skip controlplane.service.annotations
 
   serviceAPI:
@@ -332,7 +325,7 @@ controlplane:
       ## @skip controlplane.ingressAPI.annotations.nginx.ingress.kubernetes.io/backend-protocol
       ## Tell Nginx Ingress Controller to expect gRPC traffic
       nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
-    
+
     ## @param controlplane.ingressAPI.tls Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter
     ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.controlplane.ingress.hostname }}`
     ## You can:
@@ -433,10 +426,18 @@ controlplane:
     maxReplicas: 100
     targetCPUUtilizationPercentage: 80
     targetMemoryUtilizationPercentage: 80
- 
+
+  ## @param controlplane.sentry.enabled Enable sentry.io alerting
+  ## @param controlplane.sentry.dsn DSN endpoint https://docs.sentry.io/product/sentry-basics/dsn-explainer/
+  ## @param controlplane.sentry.environment Environment tag
+  sentry:
+    enabled: false
+    dsn: ""
+    environment: production
+
 ## @section Artifact Content Addressable (CAS) API
 ##################################
-#         Artifacts CAS          #    
+#         Artifacts CAS          #
 ##################################
 cas:
   ## @param cas.replicaCount Number of replicas
@@ -476,7 +477,8 @@ cas:
     ## @extra cas.service.nodePorts.http Node port for HTTP. NOTE: choose port between <30000-32767>
     # nodePorts:
     #   http: "30800"
-    annotations: {}
+    annotations:
+      {}
       ## @skip cas.service.annotations
 
   serviceAPI:
@@ -626,13 +628,13 @@ cas:
     annotations:
       # Nginx Ingress settings
       ## @skip cas.ingressAPI.annotations.nginx.ingress.kubernetes.io/proxy-body-size
-      # Limit file uploads/downloads to 100MB. Alternatively you can disable this limitation by setting it to 0 
+      # Limit file uploads/downloads to 100MB. Alternatively you can disable this limitation by setting it to 0
       # Even though we send data in chunks of 1MB, this size refers to all the data sent during the whole streaming session
       nginx.ingress.kubernetes.io/proxy-body-size: "100m"
       ## @skip cas.ingressAPI.annotations.nginx.ingress.kubernetes.io/backend-protocol
       ## Tell Nginx Ingress Controller to expect gRPC traffic
       nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
-    
+
     ## @param cas.ingressAPI.tls Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter
     ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.controlplane.ingress.hostname }}`
     ## You can:
@@ -733,10 +735,18 @@ cas:
     targetCPUUtilizationPercentage: 80
     targetMemoryUtilizationPercentage: 80
 
-## @section Dependencies 
-# ##################################
-# #          Dependencies          #   
+  ## @param cas.sentry.enabled Enable sentry.io alerting
+  ## @param cas.sentry.dsn DSN endpoint https://docs.sentry.io/product/sentry-basics/dsn-explainer/
+  ## @param cas.sentry.environment Environment tag
+  sentry:
+    enabled: false
+    dsn: ""
+    environment: production
+
+## @section Dependencies
 # ##################################
+# #          Dependencies          #
+##################################
 
 ## PostgreSQL chart configuration
 ## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
@@ -755,7 +765,6 @@ postgresql:
     database: "chainloop-cp"
     existingSecret: ""
 
-
 # Vault server running in development mode --set development=true
 # IMPORTANT: This is not meant to run in production
 
