feat: add elasticcloud promise

Author: aclevername

Diff for: .circleci/config.yml

@@ -0,0 +1,114 @@
+version: 2.1
+
+orbs:
+  k8s: circleci/[email protected]
+  retry: kimh/[email protected]
+
+executors:
+  machine-medium:
+    machine: true
+    resource_class: medium
+    working_directory: ~/repo
+  machine-large:
+    machine: true
+    resource_class: large
+    working_directory: ~/repo
+
+commands:
+  install_software:
+    steps:
+      - k8s/install
+      - run:
+          name: Install tools and deps
+          command: |
+            if [ ! -f ~/bin/kind ]; then
+              curl -L https://github.com/kubernetes-sigs/kind/releases/download/v0.14.0/kind-linux-amd64 -o ~/bin/kind
+              chmod +x ~/bin/kind
+            fi
+
+            curl -L https://github.com/syntasso/kratix/releases/download/v0.0.1/worker-resource-builder-v0.0.0-1-linux-amd64 -o ~/bin/worker-resource-builder
+            chmod +x ~/bin/worker-resource-builder
+      - run:
+          name: Install Kratix
+          command: |
+            kind create cluster --name platform
+            kubectl apply --filename https://raw.githubusercontent.com/syntasso/kratix/main/distribution/single-cluster/install-all-in-one.yaml
+            sleep 5
+            kubectl apply --filename https://raw.githubusercontent.com/syntasso/kratix/main/distribution/single-cluster/config-all-in-one.yaml
+            sleep 5
+      - attach_workspace:
+          at: .
+
+jobs:
+  test-and-push:
+    parameters:
+      promise:
+        type: string
+    executor:
+      name: machine-large
+    steps:
+      - install_software
+      - checkout
+      - run:
+          name: Validate no pending changes
+          command: |
+            ./internal/scripts/inject-wcr
+
+            if ! git diff --exit-code .; then
+              echo ""
+              echo "Changes in the WCR were detected"
+              echo "Injection of WCR via CI is not supported. Please commit and push them manually."
+              exit 1
+            fi
+      - run:
+          name: Install Promise
+          command: |
+            kubectl create --filename promise.yaml
+            ./internal/scripts/pipeline-image build load
+      - retry/run-with-retry:
+          command: ./internal/scripts/test promise
+          # 5 minutes total retry (3 sec * 100 times = 300 sec)
+          sleep: 3
+          retry-count: 100
+      - run:
+          name: Apply resource-request
+          command: |
+            if test -f "resource-request.yaml"; then
+              kubectl apply --filename resource-request.yaml
+            fi
+      - retry/run-with-retry:
+          command: ./internal/scripts/test resource-request
+          # 5 minutes total retry (3 sec * 100 times = 300 sec)
+          sleep: 3
+          retry-count: 100
+      - when:
+          condition:
+            equal: [main, << pipeline.git.branch >>]
+          steps:
+            - run:
+                name: GHCR Push
+                command: |
+                  echo "$GITHUB_TOKEN" | docker login ghcr.io -u syntassodev --password-stdin
+                  ./internal/scripts/pipeline-image push
+            - run:
+                name: Verify package is public
+                command: |
+                  if test -f "internal/request-pipeline/Dockerfile"; then
+                    visibility=$(curl -sL \
+                      -H "Accept: application/vnd.github+json"\
+                      -H "Authorization: Bearer $GITHUB_TOKEN" \
+                      -H "X-GitHub-Api-Version: 2022-11-28" \
+                      "https://api.github.com/orgs/syntasso/packages?package_type=container" |
+                    jq -r '.[] | select(.name | contains ("<< parameters.promise >>")) | .visibility')
+
+                    test "${visibility}" = "public"
+                  fi
+
+workflows:
+  promises:
+    jobs:
+      - test-and-push:
+          matrix:
+            parameters:
+              promise:
+                - elasticcloud

Diff for: .envrc

@@ -0,0 +1 @@
+export PATH="$(pwd)/internal/scripts:$PATH"

Diff for: README.md

@@ -0,0 +1,64 @@
+# Elasitc Cloud on Kubernetes
+
+This Promise deploys an Elasticsearch and a Kibana instance, using [Elastic Cloud on
+Kubernetes
+(ECK)](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-overview.html). The
+promise has a single field:
+* `spec.env`
+
+Check the CRD documentation for more information.
+
+To install, run the following command while targeting your Platform cluster:
+```
+kubectl create -f https://raw.githubusercontent.com/syntasso/promise-elasticcloud/main/promise.yaml
+```
+
+This will start the Elastic Operator on Worker Cluster. To verify the installation, run the following
+command while targeting the Worker cluster (it may take a couple of minutes):
+
+```shell-session
+$ kubectl get all --namespace elastic-system
+NAME                     READY   STATUS    RESTARTS   AGE
+pod/elastic-operator-0   1/1     Running   0          49s
+
+NAME                             TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
+service/elastic-webhook-server   ClusterIP   10.96.99.51   <none>        443/TCP   49s
+
+NAME                                READY   AGE
+statefulset.apps/elastic-operator   1/1     49s
+```
+
+To create an instance of Elastic Search with Kibana, run the following command while targeting the Platform cluster:
+```
+kubectl apply -f https://raw.githubusercontent.com/syntasso/promise-elasticcloud/main/resource-request.yaml
+```
+
+To verify that the Elastic Stack is created, run the following command while targeting the Worker cluster:
+```shell-session
+$ kubectl get elasticsearches.elasticsearch.k8s.elastic.co
+NAME      HEALTH   NODES   VERSION   PHASE   AGE
+example   yellow   1       8.5.3     Ready   4m15s
+```
+## Accessing Kibana
+
+A ClusterIP Service is automatically created for Kibana:
+
+```
+kubectl get service example-kb-http
+```
+
+Use kubectl port-forward to access Kibana from your local workstation:
+
+```
+kubectl port-forward service/example-kb-http 5601
+```
+
+Open https://localhost:5601 in your browser. Login as the `elastic` user. The password can be obtained with the following command:
+
+```
+kubectl get secret quickstart-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode
+```
+
+## Development
+
+For development see [README.md](./internal/README.md)

Diff for: internal/README.md

@@ -0,0 +1,49 @@
+# Development
+
+## Build promise.yaml
+The `promise.yaml` is generated by interpolating the contents of `resources/` into
+the `workerClusterResources`.
+
+These resources were downloaded using `./scripts/fetch-crds`.
+
+
+To build run:
+
+```
+./scripts/inject-wcr
+```
+
+## Pipeline image
+
+The resources used in the pipeline were downloaded using `./scripts/fetch-pipeline-resources`.
+
+
+To build the image:
+```
+./scripts/pipeline-image build
+```
+
+To load the image to the local kind platform cluster:
+```
+./scripts/pipeline-image load
+```
+
+To push the image to ghcr.io:
+```
+./scripts/pipeline-image push
+```
+
+## Testing
+To test the promise install kratix, and then:
+```
+kubectl apply -f promise.yaml
+./scripts/test promise
+```
+
+This asserts the Promise is installed correctly.
+
+To test the resource request:
+```
+kubectl apply -f resource-request.yaml
+./scripts/test resource-request
+```

Diff for: internal/request-pipeline/Dockerfile

@@ -0,0 +1,13 @@
+FROM "alpine"
+
+LABEL org.opencontainers.image.authors "[email protected]"
+LABEL org.opencontainers.image.source https://github.com/syntasso/kratix-marketplace
+
+RUN [ "mkdir", "/tmp/transfer" ]
+RUN apk update && apk add --no-cache yq
+
+ADD resources/* /tmp/transfer/
+ADD execute-pipeline execute-pipeline
+
+CMD [ "sh", "-c", "./execute-pipeline" ]
+ENTRYPOINT []

Diff for: internal/request-pipeline/execute-pipeline

@@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+set -ex
+
+name="$(yq eval '.metadata.name' /input/object.yaml)"
+env_type="$(yq eval '.spec.env // "dev"' /input/object.yaml)"
+
+sed "s/TBDNAME/${name}/g" /tmp/transfer/baseline-resources.yaml > /output/baseline-resources.yaml
+if [ $env_type = "prod" ]; then
+    sed "s/TBDNAME/${name}/g" /tmp/transfer/autoscaling.yaml > /output/autoscaling.yaml
+fi

Diff for: internal/request-pipeline/resources/autoscaling.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: autoscaling.k8s.elastic.co/v1alpha1
+kind: ElasticsearchAutoscaler
+metadata:
+  name: TBDNAME
+  namespace: default
+spec:
+  elasticsearchRef:
+    name: TBDNAME
+  policies:
+    - name: data-ingest
+      roles: ["data", "ingest" , "transform"]
+      resources:
+        nodeCount: {min: 1, max: 3}
+        cpu: {min: 1, max: 2}
+        memory: {min: 2Gi, max: 3Gi}
+        storage: {min: 1Gi, max: 5Gi}
+    - name: ml
+      roles:
+        - ml
+      resources:
+        nodeCount: {min: 1, max: 3}
+        cpu: {min: 1, max: 2}
+        memory: {min: 2Gi, max: 3Gi}
+        storage: {min: 1Gi, max: 5Gi}
+---
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: TBDNAME
+  namespace: default
+spec:
+  scaleTargetRef:
+    apiVersion: kibana.k8s.elastic.co/v1
+    kind: Kibana
+    name: TBDNAME
+  minReplicas: 1
+  maxReplicas: 4
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 50

Diff for: internal/request-pipeline/resources/baseline-resources.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: TBDNAME
+  namespace: default
+spec:
+  version: 8.5.3
+  nodeSets:
+  - name: default
+    count: 1
+    config:
+      node.store.allow_mmap: false
+---
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+  name: TBDNAME
+  namespace: default
+spec:
+  version: 8.5.3
+  count: 1
+  elasticsearchRef:
+    name: TBDNAME
+---
+apiVersion: beat.k8s.elastic.co/v1beta1
+kind: Beat
+metadata:
+  name: TBDNAME
+  namespace: default
+spec:
+  type: filebeat
+  version: 8.5.3
+  elasticsearchRef:
+    name: TBDNAME
+  config:
+    filebeat.inputs:
+    - type: container
+      paths:
+      - /var/log/containers/*.log
+  daemonSet:
+    podTemplate:
+      spec:
+        dnsPolicy: ClusterFirstWithHostNet
+        hostNetwork: true
+        securityContext:
+          runAsUser: 0
+        containers:
+        - name: filebeat
+          volumeMounts:
+          - name: varlogcontainers
+            mountPath: /var/log/containers
+          - name: varlogpods
+            mountPath: /var/log/pods
+          - name: varlibdockercontainers
+            mountPath: /var/lib/docker/containers
+        volumes:
+        - name: varlogcontainers
+          hostPath:
+            path: /var/log/containers
+        - name: varlogpods
+          hostPath:
+            path: /var/log/pods
+        - name: varlibdockercontainers
+          hostPath:
+            path: /var/lib/docker/containers