From cd73da469fe4487d09efcf8ce0c0c3eed317e7cd Mon Sep 17 00:00:00 2001
From: Jimmy Ungerman <jimmy@defenseunicorns.com>
Date: Mon, 29 Apr 2024 17:51:28 +0000
Subject: [PATCH] Resolve "Add Loki Cluster tags to Monitoring if Loki is
enabled"
---
chart/templates/loki/values.yaml | 2 +
chart/templates/monitoring/values.yaml | 77 ++++++++++++++++++++++----
chart/values.schema.json | 3 +
chart/values.yaml | 6 +-
4 files changed, 77 insertions(+), 11 deletions(-)
diff --git a/chart/templates/loki/values.yaml b/chart/templates/loki/values.yaml
index f683977b83..9bdfdb475b 100644
--- a/chart/templates/loki/values.yaml
+++ b/chart/templates/loki/values.yaml
@@ -5,6 +5,8 @@
{{- define "bigbang.defaults.loki" -}}
hostname: {{ .Values.hostname }}
+clusterName: ""
+
openshift: {{ .Values.openshift }}
istio:
diff --git a/chart/templates/monitoring/values.yaml b/chart/templates/monitoring/values.yaml
index a02fadd4e6..75fa2460c8 100644
--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -13,6 +13,8 @@ domain: {{ $domainName }}
{{- $authserviceRedisEnabled := (and (dig "values" "redis" "enabled" false .Values.addons.authservice) .Values.addons.authservice.enabled) }}
{{- $redisDatasource := (or $gitlabRedis .Values.addons.argocd.enabled $authserviceRedisEnabled) }}
{{- $thanosEnabled := (.Values.addons.thanos.enabled) }}
+{{- $lokiEnabled := (.Values.loki.enabled) }}
+{{- $clusterName := ( default "logging-loki" .Values.loki.clusterName ) }}
flux:
enabled: true
@@ -86,13 +88,20 @@ alertmanager:
{{- end }}
prometheus:
- # Note: We need to change the portName in order for istio to correctly detect TCP is being used
- # for the headless service
+ {{- if $lokiEnabled }}
+ monitor:
+ relabelings:
+ - action: replace
+ replacement: {{ $clusterName }}
+ targetLabel: cluster
+ {{- end }}
{{- if $thanosEnabled }}
thanosService:
enabled: true
-
+
+ # Note: We need to change the portName in order for istio to correctly detect TCP is being used
+ # for the headless service
{{- if $istioInjection }}
portName: "tcp-grpc"
{{- end }}
@@ -304,6 +313,7 @@ prometheus:
name: istio-certs
{{- end }}
+
anchore:
enabled: {{ .Values.addons.anchore.enabled }}
@@ -339,17 +349,31 @@ prometheus-node-exporter:
imagePullSecrets:
- name: private-registry
- {{- if $istioInjection }}
- podAnnotations:
- {{ include "istioAnnotation" . }}
+
+ {{- if or (eq $lokiEnabled true) (eq $istioInjection true) }}
prometheus:
monitor:
+ {{- if $lokiEnabled }}
+ relabelings:
+ - action: replace
+ replacement: {{ $clusterName }}
+ targetLabel: cluster
+ - targetLabel: "instance"
+ sourceLabels:
+ - "__meta_kubernetes_pod_node_name"
+ {{- end }}
+ {{- if $istioInjection }}
scheme: https
tlsConfig:
caFile: /etc/prom-certs/root-cert.pem
certFile: /etc/prom-certs/cert-chain.pem
keyFile: /etc/prom-certs/key.pem
insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ {{- end }}
+ {{- if $istioInjection }}
+ podAnnotations:
+ {{ include "istioAnnotation" . }}
+ {{- end }}
{{- end }}
{{- if .Values.openshift }}
@@ -358,23 +382,56 @@ prometheus-node-exporter:
port: 9102
{{- end }}
+{{- if $lokiEnabled }}
+kubelet:
+ serviceMonitor:
+ cAdvisorRelabelings:
+ - action: replace
+ replacement: {{ $clusterName }}
+ targetLabel: cluster
+ - targetLabel: metrics_path
+ sourceLabels:
+ - "__metrics_path__"
+ - targetLabel: "instance"
+ sourceLabels:
+ - "node"
+{{- end }}
+
+{{- if $lokiEnabled }}
+defaultRules:
+ additionalRuleLabels:
+ cluster: {{ $clusterName }}
+{{- end }}
+
kube-state-metrics:
image:
pullPolicy: {{ .Values.imagePullPolicy }}
imagePullSecrets:
- name: private-registry
-
- {{- if $istioInjection }}
- podAnnotations:
- {{ include "istioAnnotation" . }}
+ {{- if or (eq $lokiEnabled true) (eq $istioInjection true) }}
prometheus:
monitor:
+ {{- if $lokiEnabled }}
+ relabelings:
+ - action: replace
+ replacement: {{ $clusterName }}
+ targetLabel: cluster
+ - targetLabel: "instance"
+ sourceLabels:
+ - "__meta_kubernetes_pod_node_name"
+ {{- end }}
+ {{- if $istioInjection }}
scheme: https
tlsConfig:
caFile: /etc/prom-certs/root-cert.pem
certFile: /etc/prom-certs/cert-chain.pem
keyFile: /etc/prom-certs/key.pem
insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+ {{- end }}
+ {{- if $istioInjection }}
+ podAnnotations:
+ {{ include "istioAnnotation" . }}
+ {{- end }}
{{- end }}
prometheusOperator:
diff --git a/chart/values.schema.json b/chart/values.schema.json
index 6aac62b6ba..d0137227a2 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -523,6 +523,9 @@
],
"properties": {
"enabled": true,
+ "clusterName": {
+ "type": "string"
+ },
"sourceType": true,
"git": true,
"helmRepo": true,
diff --git a/chart/values.yaml b/chart/values.yaml
index 99636c222f..824c5a11b6 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -707,6 +707,10 @@ loki:
# -- Loki architecture. Options are monolith and scalable
strategy: monolith
+
+ # -- Loki clusterName identifier for Promtail and Dashboards
+ clusterName: ""
+
objectStorage:
# -- S3 compatible endpoint to use for connection information.
@@ -1968,7 +1972,7 @@ addons:
sso:
# -- Toggle SSO for Holocron on and off
enabled: false
-
+
# -- Holocron SSO group roles: https://repo1.dso.mil/groups/big-bang/apps/sandbox/holocron/-/wikis/Administrator-Guide
groups:
admin: ""
--
GitLab