feat(charts): fold eval-runtime + operator-slo into the operator chart (0.2.0)#34
Merged
Merged
Conversation
…t behind toggles (0.2.0)
Brings the operator's own runtime into its Helm chart so the product ships its own eval +
observability, instead of a separate gitops overlay deploying them. eks-gitops deploys the
chart; this is the chart side of consolidating eks-agent-platform/gitops.
eval-runtime (evalRuntime.*, default on) — the Argo Workflows runtime the operator submits
EvalSuite runs to. templates/eval-runtime/{namespace,serviceaccount,rbac}.yaml are templated
with the chart label helpers; the SA name/namespace stay byte-pinned to eval-runner/eval-runner
(the terraform/components/eval-runtime IRSA trust) and the role ARN is injected per-cluster
(empty in the chart — it embeds the account id). workflowtemplate/analysistemplate are thin
.Files.Get wrappers over files/eval-runtime/* so the Argo mustache ({{workflow.parameters}},
{{inputs.parameters}}, {{args.*}}) is emitted verbatim — only the bucket / gateway-url / namespace
literals are substituted. The AnalysisTemplate is gated behind evalRuntime.rollouts.enabled (off —
needs the Argo Rollouts CRD).
operator SLO (slo.*, default on; alerting off) — namespace templated; prometheusrule/
alertmanagerconfig/customresourcestatemetrics are .Files.Get wrappers preserving the Prometheus
({{ $labels }}, {{ $value | humanize* }}) and Alertmanager ({{ template }}, {{ range .Alerts }})
mustache. The PromQL namespace selectors map to slo.operatorNamespace. AlertmanagerConfig is gated
behind slo.alerting.enabled (off — its receivers need six external Secrets). The CR-state ConfigMap
is inert until kube-state-metrics mounts it (--custom-resource-state-config-file, owned by the
eks-gitops KSM addon) — noted in NOTES + README.
Chart 0.1.1 → 0.2.0 (appVersion unchanged — the operator binary is untouched). values.yaml gains
the evalRuntime + slo blocks; README + NOTES document the toggles, the IRSA injection, and the two
external prereqs. .gitignore ignores the local .plans/ working dir.
Verified: helm lint clean; default render emits the WorkflowTemplate + PrometheusRule + CR-state
ConfigMap and omits the gated AnalysisTemplate + AlertmanagerConfig; full-toggle render keeps all
Argo/Prometheus/Alertmanager mustache literal, substitutes the bucket, and passes kubeconform.
Refs #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The chart side of consolidating
eks-agent-platform/gitops/into the single eks-gitops catalog (#33). Brings the operator's own runtime — the eval-runtime and SLO — intocharts/operatorbehind values toggles, so the product ships its own runtime and eks-gitops just deploys the chart.eval-runtime (
evalRuntime.*, default on)The Argo Workflows runtime the operator submits EvalSuite runs to.
templates/eval-runtime/{namespace,serviceaccount,rbac}.yaml— templated with the chart label helpers. SA name/namespace stay byte-pinned toeval-runner/eval-runner(theterraform/components/eval-runtimeIRSA trust); role ARN injected per-cluster (empty in chart — embeds the account id).templates/eval-runtime/{workflowtemplate,analysistemplate}.yaml— thin.Files.Getwrappers overfiles/eval-runtime/*, so the Argo mustache ({{workflow.parameters}},{{args.*}}) is emitted verbatim; only the bucket / gateway-url / namespace literals are substituted. AnalysisTemplate gated behindevalRuntime.rollouts.enabled(off — needs the Rollouts CRD).operator SLO (
slo.*, default on;alertingoff).Files.Getwrappers for PrometheusRule / AlertmanagerConfig / CR-state ConfigMap preserving the Prometheus + Alertmanager mustache. PromQL namespace selectors →slo.operatorNamespace.alertingoff by default (receivers need six external Secrets). The CR-state ConfigMap is inert until kube-state-metrics mounts it (eks-gitops KSM addon) — noted in NOTES + README.Chart
0.1.1 → 0.2.0(appVersion unchanged — operator binary untouched).Verification
helm lintclean; default render emits WorkflowTemplate + PrometheusRule + CR-state ConfigMap, omits the gated AnalysisTemplate + AlertmanagerConfig.{{workflow.parameters}}×12,{{ $labels }}×8,{{args}}×3), bucket substituted,REPLACE_BY_APPLICATIONSETgone, kubeconform clean (13 valid, 0 invalid).Merge order (part of the #33 consolidation)
PR-2. eks-gitops sources
charts/operatorfrom gitmain, so on merge the operator picks up the default-on eval/slo templates. PR-3 (eks-gitops) then enables them per-env + injects the eval IRSA;gitops/is deleted last (PR-6). Blueprint:.plans/gitops-consolidation.md(local).Refs #33