nmachine-io
diff --git a/‎platform-kama/Pipfile.lock
Lines changed: 15 additions & 15 deletions b/‎platform-kama/Pipfile.lock
Lines changed: 15 additions & 15 deletions
diff --git a/‎platform-kama/configs/misc/inspections/resources-in-sync-inspections.yaml
Lines changed: 94 additions & 10 deletions b/‎platform-kama/configs/misc/inspections/resources-in-sync-inspections.yaml
Lines changed: 94 additions & 10 deletions
diff --git a/‎platform-kama/configs/misc/predicates.yaml
Lines changed: 17 additions & 11 deletions b/‎platform-kama/configs/misc/predicates.yaml
Lines changed: 17 additions & 11 deletions
diff --git a/‎platform-kama/configs/variables/ingress_vars.yaml
Lines changed: 12 additions & 7 deletions b/‎platform-kama/configs/variables/ingress_vars.yaml
Lines changed: 12 additions & 7 deletions
diff --git a/‎platform-kama/configs/variables/preset.yaml
Lines changed: 6 additions & 6 deletions b/‎platform-kama/configs/variables/preset.yaml
Lines changed: 6 additions & 6 deletions
diff --git a/‎platform-kama/configs/variables/publisher_frontend_variables.yaml
Lines changed: 83 additions & 0 deletions b/‎platform-kama/configs/variables/publisher_frontend_variables.yaml
Lines changed: 83 additions & 0 deletions
@@ -1,20 +1,104 @@
-kind: MultiPredicate
+
+kind: HealthScout
+model_matcher:
+  kind: ManifestVariable
+  id: variable.template.ingress_route_path
+optimistic_predicates:
+  - predicate.ingress_enabled_resource_in_sync
+pessimistic_predicates:
+  - bar
+
+---
+
+kind: HealthScout
+model_match:
+  kind: Concern
+  identity:
+    res_kind: Pod
+pessimistic_predicates:
+  - maybe get alerts from prometheus?
+  - check that restarts < N
+  - check that events with "warning" < N
+  - check that ternary_status = positive
+
+---
+
+kind: Predicate
 id: predicate.ingress_enabled_resource_in_sync
 title: Ingress enabled variable/resource in Sync?
+info: "Ensure resource exists if and only if variable set to true"
 reason: "The variable 'ingress.enabled' and the Kubernetes resource
 are out of sync: the variable is set to 'false' but the resource
 exists. This is a normal occurrence when you change the 'ingress.enabled'
 variable directly instead of running the operation."
-operator: and
+
+challenge:
+  kind: ResourcesSupplier
+  selector: {res_kind: Ingress}
+  output: ". | length"
+
+check_against:
+  kind: IfThenElse
+  source:
+    kind: Predicate
+    challenge: get::kind::MergedVariablesSupplier->.ingress.enabled
+    operator: truthy
+  if_true: 1
+  if_false: 0
+
+---
+
+kind: Predicate
+id: predicate.publisher_frontend_enabled_resource_in_sync
+title: Publisher Frontend enabled variable/resource in Sync?
+info: "Ensure resources exists if and only if variable set to true"
+reason: "The variable 'publisher_frontend.enabled' and the Kubernetes resource
+are out of sync: the variable is set to 'false' but the resource
+exists. This is a normal occurrence when you change the 'publisher_frontend.enabled'
+variable directly instead of running the operation."
+
+challenge:
+  kind: ResourcesSupplier
+  selector:
+    res_kind: Deployment
+    name: publisher-frontend
+  output: ". | length"
+
+check_against:
+  kind: IfThenElse
+  source:
+    kind: Predicate
+    challenge: get::kind::MergedVariablesSupplier->.publisher_frontend.enabled
+    operator: truthy
+  if_true: 1
+  if_false: 0
+
+---
+
+kind: MultiPredicate
+id: predicate.publisher_frontend.redundant_exposure
+title: Service type matches Ingress config
+info: "Ensure ingress does not make service type redundant"
+reason: "The service type is made redundant by your ingress configuration.
+If you wish to expose your service via Ingress, the service type should
+be trivial, that is 'ClusterIP', otherwise, you might be unintentionally
+double-serving this service."
+
+ingress_enabled: get::kind::MergedVariablesSupplier->.ingress.enabled
+routed: get::kind::MergedVariablesSupplier->.ingress.routes.publisher_frontend.host
+svc_type: get::kind::MergedVariablesSupplier->.publisher_frontend.service_type
+has_ingress_intent:
+  kind: MultiPredicate
+  predicates: [get::self>>ingress_enabled, get::self>>routed]
+is_external_svc:
+  kind: Predicate
+  operator: in
+  challenge: get::self>>svc_type
+  check_against: [NodePort, LoadBalancer]
+predicates:
+  - get::self>>has_ingress_intent
+  - get::self>>is_external_svc
 negate: true
-source:
-  - kind: Predicate
-    challenge: get::kind::ConfigVarsSupplier->.ingress.enabled
-    operator: falsy
-  - kind: ResourceCountPredicate
-    res_kind: Ingress
-    operator: greater-than
-    check_against: 0
 
 ---
 
 
@@ -1,3 +1,20 @@
+kind: Predicate
+id: predicate.status-computer
+info: Just checks whether all pods are running
+labels:
+  role: status-computer
+challenge:
+  kind: ResourcesSupplier
+  selector:
+    res_kind: Pod
+    label_selector: {app: nmachine}
+  output: ternary_status
+  serializer: legacy
+operator: contains-only
+check_against: ['positive', 'pending']
+
+---
+
 kind: ResourceCountPredicate
 id: predicate.db-creds-exists
 title: Database credentials secret exists
@@ -36,14 +53,3 @@ cached:
     many: false
     serializer: legacy
 source: get::self>>res=>decoded_data
-
----
-#
-#kind: Predicate
-#res:
-#  kind: ResourcesSupplier
-#  selector:
-#    res_kind: Secret
-#    name: db-creds
-#  many: false
-#challenge: get::self>>res=>data->.db_user=>__count__
 
@@ -39,9 +39,8 @@ title: Application Ingress Toggle
 info: "If enabled, Ingress resource is provisioned to route out-of-cluster
 traffic to the application's various services. Note that you must have
 a DNS solution"
-input:
-  kind: OnOffInput
-correctness_predicates:
+input: {kind: OnOffInput}
+health_predicates:
   - id::predicate.ingress_enabled_resource_in_sync
 
 ---
@@ -50,8 +49,8 @@ kind: ManifestVariable
 id: ingress.routes.publisher_frontend.host
 inherit: variable.template.ingress_route_host
 casual_name: Publisher Dashboard
-correctness_predicates:
-  - kind::FalsePredicate
+health_predicates:
+  - id::predicate.publisher_frontend.redundant_exposure
 
 ---
 
@@ -74,6 +73,13 @@ id: ingress.routes.backend.host
 inherit: variable.template.ingress_route_host
 casual_name: Backend
 
+---
+
+kind: ManifestVariable
+id: ingress.class
+title: Ingress controller class
+info: "Name of Ingress controller for consuming ingress resources. It
+must exist in your Kubernetes cluster; it will not be created otherwise"
 
 
 ################## DEPENDENCIES ###################
@@ -85,8 +91,7 @@ kind: ManifestVariableDependency
 id: variable-dependency.when-ingress-is-disabled
 title: Value ignored when ingress.enabled is false
 from: [id::ingress.enabled]
-to:
-  id: [ingress.class, ingress.routes.*]
+to: {id: [ingress.class, ingress.routes.*]}
 active:
   kind: Predicate
   challenge: get::self>>from_variable>>current_value
 
@@ -1,18 +1,18 @@
 kind: ConfigurationPreset
 id: provider.presets.default
-title: Absolute Default
-info: Bare minimum defaults set by the publisher.
+title: Base Configuration Only
+info: "Ships with an INSECURE database, no authentication provider,
+no automation."
 default: true
-variables:
-  kind: ConfigSupplier
-  field_key: default_vars
+variables: get::kind::DefaultVariablesSupplier
 
 ---
 
 kind: ConfigurationPreset
 id: provider.presets.high-limits
 title: Starter pack
-info: Insecure database, no authentication provider.
+info: "Insecure database, no authentication provider."
+requires_further_config: true
 variables:
   kind: PresetAssignmentsSupplier
   source: unsafe-database
@@ -0,0 +1,83 @@
+kind: ManifestVariable
+id: publisher_frontend.enabled
+title: Publisher Frontend Enabled?
+info: "Toggle for enabling/disabling the publisher frontend web app."
+input: {kind: OnOffInput}
+health_predicates:
+  - "id::predicate.publisher_frontend_enabled_resource_in_sync"
+
+---
+
+kind: ManifestVariable
+id: publisher_frontend.replicas
+title: Publisher Frontend Replicas
+info: "Fixed replica count for the publisher frontend web application"
+input:
+  kind: SliderIpnut
+
+---
+
+kind: ManifestVariable
+id: publisher_frontend.image
+title: Publisher frontend application image
+info: "Fully qualified image name for the web app. Should never be
+set manually."
+owner: publisher
+
+---
+
+kind: ManifestVariable
+id: publisher_frontend.hpa.enabled
+title: Publisher frontend HPA enabled?
+info: "Desired state of the Horizontal Pod Auto-scaling for the
+publisher frontend"
+input: {kind: OnOffInput}
+
+---
+
+kind: ManifestVariable
+id: publisher_frontend.hpa.min
+title: Minimum publisher frontend HPA replicas
+info: "Never let the replica count fall below this amount for
+the publisher frontend web app. "
+input:
+  kind: SliderInput
+
+---
+
+kind: ManifestVariable
+id: publisher_frontend.service_type
+title: Publisher frontend networking service type
+info: "Kubernetes service type for deciding how microservice
+is exposed inside and outside the cluster."
+health_predicates:
+  - id::predicate.publisher_frontend.redundant_exposure
+input:
+  kind: SelectInput
+  options: [ClusterIP, NodePort, LoadBalancer]
+owner: publisher
+
+
+---
+
+kind: ManifestVariableDependency
+id: variable-dependency.when-hpa-is-enabled
+title: Value ignored when publisher_frontend.hpa.enabled is true
+from: [id::publisher_frontend.hpa.enabled]
+to: {id: [publisher_frontend.replicas]}
+active:
+  kind: Predicate
+  challenge: get::self>>from_variable>>current_value
+  operator: truthy
+
+---
+
+kind: ManifestVariableDependency
+id: variable-dependency.when-hpa-is-disabled
+title: Value ignored when publisher_frontend.hpa.enabled is false
+from: [id::publisher_frontend.hpa.enabled]
+to: {id: [publisher_frontend.hpa.min, publisher_frontend.hpa.max]}
+active:
+  kind: Predicate
+  challenge: get::self>>from_variable>>current_value
+  operator: falsy