feat(ops): adds scheduler helm chart

ops/helm-charts/scheduler/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: scheduler
+description: Deploys the scheduler workers and cronjobs
+
+type: application
+version: 0.1.1

ops/helm-charts/scheduler/lint-only-values.yaml

@@ -0,0 +1,13 @@
+# To use this make sure you have the following in your helm config for vscode:
+# "helm-intellisense.customValueFileNames": [
+#     "prod-values.yaml",
+#     "dev-values.yaml",
+#     "values.yaml"
+# ]
+
+app:
+  name: "oso" 
+  command: ["python"]
+  args: []
+  queues:
+    - name: "run_requests"

ops/helm-charts/scheduler/templates/_helpers.tpl

@@ -0,0 +1,91 @@
+{{/*
+Expand the name of the chart.
+*/}}
+
+# Disable the pgisready check due to our use of cloudsql proxy injected into the
+pod.
+{{- define "app.logging.config" }}
+# Default log configuration for a python service. This can be
+# used by uvicorn Thanks to:
+# https://gist.github.com/liviaerxin/d320e33cbcddcc5df76dd92948e5be3b for a
+# starting point.
+version: 1
+disable_existing_loggers: False
+formatters:
+  default:
+    # "()": uvicorn.logging.DefaultFormatter
+    format: '{{ .Values.app.logging.format }}'
+  access:
+    # "()": uvicorn.logging.AccessFormatter
+    format: '{{ .Values.app.logging.format }}'
+handlers:
+  default:
+    formatter: default
+    class: logging.StreamHandler
+    stream: ext://sys.stderr
+  access:
+    formatter: access
+    class: logging.StreamHandler
+    stream: ext://sys.stdout
+loggers:
+  uvicorn.error:
+    level: {{ .Values.app.logging.uvicorn.level }}
+    handlers:
+      - default
+    propagate: no
+  uvicorn.access:
+    level: {{ .Values.app.logging.uvicorn.level }}
+    handlers:
+      - access
+    propagate: no
+  {{ .Values.app.logging.appRoot.loggerName }}:
+    level: {{ .Values.app.logging.appRoot.level }}
+    handlers:
+      - default
+    propagate: no
+root:
+  level: {{ .Values.app.logging.root.level }}
+  handlers:
+    - default
+  propagate: no
+{{- end }}
+
+{{/* 
+This is copied due to some kind of error with helm and flux when overriding
+portions of this
+*/}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "app.fullname" -}}
+{{- if .Values.global.fullnameOverride -}}
+{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := "app" -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.labels" -}}
+app.kubernetes.io/name: {{ include "app.fullname" . }}
+{{- end -}}
+
+{{- define "app.selectorLabels" -}}
+{{ include "app.labels" . }}
+component: {{ required "app component name is required" .Values.app.name }}
+{{- end -}}
+
+{{- define "app.serviceAccountName" -}}
+{{- if .Values.global.serviceAccountNameOverride -}}
+{{ .Values.global.serviceAccountNameOverride }}
+{{- else -}}
+{{ include "app.fullname" . }}
+{{- end -}}
+{{- end -}}

ops/helm-charts/scheduler/templates/cluster-role-binding.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.app.roles.enableClusterRoleBinding -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "app.fullname" . }}-cluster-role-binding
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "app.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "app.fullname" . }}-cluster-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}

ops/helm-charts/scheduler/templates/cluster-role.yaml

@@ -0,0 +1,10 @@
+{{ if .Values.app.roles.clusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "app.fullname" . }}-cluster-role
+rules:
+{{ with .Values.app.roles.clusterRoles }}
+  {{- toYaml . | nindent 2 }}
+{{ end }}
+{{ end }}

ops/helm-charts/scheduler/templates/cronjob.yaml

@@ -0,0 +1,79 @@
+{{ range .Values.app.crons }}
+{{ $resources := .resources | default $.Values.app.resources }}
+{{ $tolerations := .tolerations | default $.Values.app.tolerations }}
+{{ $nodeSelector := .nodeSelector | default $.Values.app.nodeSelector }}
+{{ $affinity := .affinity | default $.Values.app.affinity }}
+{{ $name := required "Cron name is required" .name }}
+{{ $volumeMounts := .volumeMounts | default $.Values.app.volumeMounts }}
+{{ $volumes := .volumes | default $.Values.app.volumes }}
+{{ $nodeSelector := .nodeSelector | default $.Values.app.nodeSelector }}
+{{ $image := .image | default $.Values.app.image }}
+{{ $extraEnvVars := .envVars | default dict }}
+{{ $args := required "Cron args are required" .args }}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "app.fullname" $ }}-{{ $name | replace "_" "-" }}
+  labels:
+    {{- include "app.labels" $ | nindent 4 }}
+spec:
+  # Run the main cron every hour
+  schedule: "0 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            cron: {{ $name }}
+            {{- include "app.selectorLabels" $ | nindent 12 }}
+        spec:
+          restartPolicy: OnFailure
+          {{- if .serviceAccountName }}
+          serviceAccountName: {{ .serviceAccountName }}
+          {{- else }}
+          serviceAccountName: {{ include "app.serviceAccountName" $ }}
+          {{- end }}
+          {{- with $affinity }}
+          affinity:
+            {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with $nodeSelector }}
+          nodeSelector:
+            {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with $tolerations }}
+          tolerations:
+            {{ toYaml . | nindent 12 }}
+          {{- end }}
+          containers:
+          - name: {{ $.Values.app.name }}
+            image: {{ $image.repo }}:{{ $image.tag }}
+            {{- if .command -}}
+            command: {{ toYaml .command | nindent 12 }}
+            {{- else -}}
+            command: ["uv"]
+            {{- end }}
+            args: {{ toYaml $args | nindent 12 }}
+            imagePullPolicy: Always
+            {{- with $resources }}
+            resources:
+              {{ toYaml . | nindent 14 }}
+            {{- end }}
+            {{- with $volumeMounts }}
+            volumeMounts:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            env:
+              {{- range $key, $value := $.Values.app.envVars }}
+              - name: {{ $key }}
+                value: {{ $value | quote }}
+              {{- end }}
+              {{- range $.Values.app.rawEnvVars }}
+                {{- toYaml . | nindent 14 }}
+              {{- end }}
+          {{- with $volumes }}
+          volumes:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+{{- end -}}

ops/helm-charts/scheduler/templates/deployment.yaml

@@ -0,0 +1,95 @@
+{{- range .Values.app.queues -}}
+{{ $resources := .resources | default $.Values.app.resources }}
+{{ $tolerations := .tolerations | default $.Values.app.tolerations }}
+{{ $nodeSelector := .nodeSelector | default $.Values.app.nodeSelector }}
+{{ $affinity := .affinity | default $.Values.app.affinity }}
+{{ $name := required "Queue name is required" .name }}
+{{ $volumeMounts := .volumeMounts | default $.Values.app.volumeMounts }}
+{{ $volumes := .volumes | default $.Values.app.volumes }}
+{{ $nodeSelector := .nodeSelector | default $.Values.app.nodeSelector }}
+{{ $image := .image | default $.Values.app.image }}
+{{ $extraEnvVars := .envVars | default dict }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "app.fullname" $ }}-{{ $name | replace "_" "-" }}
+  labels:
+    {{- include "app.labels" $ | nindent 4 }}
+spec:
+  # for now this application is a single process + thread
+  replicas: 1
+  selector:
+    matchLabels:
+      component: {{ $.Values.app.name }}
+      queue: {{ $name }}
+  template:
+    metadata:
+      labels:
+        queue: {{ $name }}
+        {{- include "app.selectorLabels" $ | nindent 8 }}
+    spec:
+      {{- if .serviceAccountName }}
+      serviceAccountName: {{ .serviceAccountName }}
+      {{- else }}
+      serviceAccountName: {{ include "app.serviceAccountName" $ }}
+      {{- end }}
+      {{- with $affinity }}
+      affinity:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $tolerations }}
+      tolerations:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ $.Values.app.name }}
+        image: {{ $image.repo }}:{{ $image.tag }}
+        {{ if .command -}}
+        command: {{ toYaml .command | nindent 10 }}
+        {{- else -}}
+        command: ["uv"]
+        {{- end }}
+        {{- if .args -}}
+        args: {{ toYaml .args | nindent 10 }}
+        {{- else }}
+        args: 
+          - run
+          - --directory
+          - warehouse/scheduler
+          - scheduler
+          - run
+          - "{{ $name }}"
+        {{- end }}
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 8000
+        {{- with $resources }}
+        resources:
+          {{ toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with $volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        env:
+          {{- range $key, $value := $.Values.app.envVars }}
+          - name: {{ $key }}
+            value: {{ $value | quote }}
+          {{- end }}
+          {{- range $key, $value := $extraEnvVars }}
+          - name: {{ $key }}
+            value: {{ $value | quote }}
+          {{- end }}
+          {{- range $.Values.app.rawEnvVars }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with $volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}

ops/helm-charts/scheduler/templates/service-account.yaml

@@ -0,0 +1,6 @@
+{{- if .Values.app.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "app.serviceAccountName" . }}
+{{- end -}}

ops/helm-charts/scheduler/values.yaml

@@ -0,0 +1,39 @@
+global:
+  fullnameOverride: ""
+  serviceAccountNameOverride: ""
+app:
+  queues: []
+  crons: []
+  # name: "oso" # This must be set
+  # command: []
+  # args: []
+  # By default we enable json logs via the OSO_ENABLE_JSON_LOGS env var
+  serviceAccount:
+    create: true
+  enableJsonLogs: true
+  image:
+    repo: ghcr.io/opensource-observer/oso
+    tag: latest
+  logging:
+    format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+    root:
+      level: "ERROR"
+    oso_mcp:
+      level: "DEBUG"
+    uvicorn:
+      level: "INFO"
+  affinity: {}
+  nodeSelector: {}
+  tolerations: []
+  resources: {}
+  envVars: {}
+  # if you want to set env vars in a raw format but this makes it harder to
+  # extend with flux
+  rawEnvVars: [] 
+  volumes: []
+  volumeMounts: []
+  livenessProbe: {}
+  roles:
+    clusterRoles: []
+    enableClusterRoleBinding: false
+

ops/k8s-apps/base/scheduler/scheduler.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   chart:
     spec:
-      chart: ./ops/helm-charts/generic
+      chart: ./ops/helm-charts/scheduler
       sourceRef:
         kind: GitRepository
         name: flux-system

ops/k8s-apps/production/kustomization.yaml

@@ -15,6 +15,4 @@ resources:
   - ./agent
   - ./open-policy-agent
   - ./podinfo
-  - ./scheduler-data-ingestion
-  - ./scheduler-data-model
-  - ./scheduler-query
+  - ./scheduler