Update from template

Template version: main (7e46fac)

Author: martini-source

.cruft.json

@@ -7,7 +7,7 @@
       "name": "icap-virusscan",
       "slug": "icap-virusscan",
       "parameter_key": "icap_virusscan",
-      "test_cases": "defaults with_squid_proxy",
+      "test_cases": "defaults with_squid_proxy monitoring",
       "add_lib": "n",
       "add_pp": "n",
       "add_golden": "y",

.github/workflows/test.yaml

@@ -34,6 +34,7 @@ jobs:
         instance:
           - defaults
           - with_squid_proxy
+          - monitoring
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -50,6 +51,7 @@ jobs:
         instance:
           - defaults
           - with_squid_proxy
+          - monitoring
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}

Makefile.vars.mk

@@ -50,4 +50,4 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= defaults
-test_instances = tests/defaults.yml tests/with_squid_proxy.yml
+test_instances = tests/defaults.yml tests/with_squid_proxy.yml tests/monitoring.yml

class/defaults.yml

@@ -15,9 +15,8 @@ parameters:
 
     monitoring:
       enabled: false
-      prometheusrules:
+      prometheusruleGroup:
         - name: monitoring
-          syn_team:
           rules:
             - alert: KubernetesReplicasetReplicasMismatch
               annotations:
@@ -26,13 +25,17 @@ parameters:
                 description: >-
                   "ReplicaSet {{ $labels.namespace }}/{{ $labels.replicaset }} replicas mismatch\n
                   VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
-              expr: kube_replicaset_spec_replicas{namespace=~"${_instance}"} > kube_replicaset_status_ready_replicas{namespace=~"${_instance}"}
+              expr: >
+                kube_replicaset_spec_replicas{namespace=~"${_instance}"} >
+                kube_replicaset_status_ready_replicas{namespace=~"${_instance}"}
               for: 2m
               keep_firing_for: 10m
               labels:
                 severity: warning
             - alert: ContainerOOMKilled
-              expr: (kube_pod_container_status_restarts_total{namespace="${_instance}"} - kube_pod_container_status_restarts_total{namespace="${_instance}"} offset 10m >= 1) and ignoring (reason) min_over_time(kube_pod_container_status_last_terminated_reason{reason="OOMKilled",namespace="${_instance}"}[10m]) == 1
+              expr: > (kube_pod_container_status_restarts_total{namespace="${_instance}"} -
+                kube_pod_container_status_restarts_total{namespace="${_instance}"} offset 10m >= 1)
+                and ignoring (reason) min_over_time(kube_pod_container_status_last_terminated_reason{reason="OOMKilled",namespace="${_instance}"}[10m]) == 1
               for: 2m
               labels:
                 severity: warning

component/main.jsonnet

@@ -1,8 +1,10 @@
 // main template for icap-virusscan
 local kap = import 'lib/kapitan.libjsonnet';
 local kube = import 'lib/kube.libjsonnet';
-local inv = kap.inventory();
+local prometheus = import 'lib/prometheus.libsonnet';
+local com = import 'lib/commodore.libjsonnet';
 local sanitizedContainerLib = import 'lib/sanitizedContainer.libsonnet';
+local inv = kap.inventory();
 local sanitizedContainer = sanitizedContainerLib.sanitizedContainer;
 
 // The hiera parameters for the component
@@ -187,9 +189,11 @@ local prometheusRule = {
     labels: selectorLabels,
   },
   spec: {
-  	groups: {
-		parameters.monitoring.prometheusrules
-	}
+  	groups: if std.objectHas( params.monitoring, 'syn_team')
+		then
+			[params.monitoring.prometheusruleGroup[0] + {labels: {syn_team: params.monitoring.syn_team}}]
+		else
+			params.monitoring.prometheusruleGroup
   }
 };
 

tests/golden/monitoring/monitoring/apps/monitoring.yaml

@@ -0,0 +1,4 @@
+spec:
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true

tests/golden/monitoring/monitoring/monitoring/00_namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations: {}
+  labels:
+    name: monitoring
+    openshift.io/cluster-monitoring: 'true'
+  name: monitoring

tests/golden/monitoring/monitoring/monitoring/01_deployment.yaml

@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: clamav-icap
+    instance: monitoring
+  name: clamav-icap
+  namespace: monitoring
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: clamav-icap
+      instance: monitoring
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: clamav-icap
+        instance: monitoring
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app: clamav-icap
+                    instance: monitoring
+                topologyKey: kubernetes.io/hostname
+              weight: 1
+      containers:
+        - env: []
+          image: ghcr.io/vshn/clamav:20260420_095651
+          livenessProbe:
+            failureThreshold: 3
+            periodSeconds: 5
+            tcpSocket:
+              port: 3310
+            timeoutSeconds: 5
+          name: clamav
+          ports:
+            - containerPort: 3310
+              name: clamav
+          readinessProbe:
+            failureThreshold: 1
+            initialDelaySeconds: 0
+            periodSeconds: 5
+            successThreshold: 1
+            tcpSocket:
+              port: 3310
+            timeoutSeconds: 3
+          resources:
+            limits:
+              cpu: 2000m
+              memory: 3072Mi
+            requests:
+              cpu: 120m
+              memory: 1280Mi
+          startupProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 0
+            periodSeconds: 5
+            tcpSocket:
+              port: 3310
+            timeoutSeconds: 5
+        - env:
+            - name: CLAMD_IP
+              value: 127.0.0.1
+            - name: CLAMD_MAXSIZE
+              value: 50m
+          image: ghcr.io/vshn/c-icap:20260420_095301
+          livenessProbe:
+            failureThreshold: 3
+            periodSeconds: 5
+            tcpSocket:
+              port: 1344
+            timeoutSeconds: 5
+          name: c-icap
+          ports:
+            - containerPort: 1344
+              name: icap
+          readinessProbe:
+            failureThreshold: 1
+            initialDelaySeconds: 0
+            periodSeconds: 5
+            successThreshold: 1
+            tcpSocket:
+              port: 1344
+            timeoutSeconds: 3
+          resources:
+            limits:
+              cpu: 500m
+              memory: 500Mi
+            requests:
+              cpu: 120m
+              memory: 200Mi
+          startupProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 0
+            periodSeconds: 5
+            tcpSocket:
+              port: 1344
+            timeoutSeconds: 5

tests/golden/monitoring/monitoring/monitoring/02_podDisruptionBudget.yaml

@@ -0,0 +1,15 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: clamav-icap
+    instance: monitoring
+  name: clamav-icap
+  namespace: monitoring
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app: clamav-icap
+      instance: monitoring
+  unhealthyPodEvictionPolicy: IfHealthyBudget

tests/golden/monitoring/monitoring/monitoring/03_service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: clamav-icap
+    instance: monitoring
+  name: icap
+  namespace: monitoring
+spec:
+  ports:
+    - name: icap
+      port: 80
+      protocol: TCP
+      targetPort: icap
+  selector:
+    app: clamav-icap
+    instance: monitoring
+  type: ClusterIP